mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-13 19:10:39 +00:00
8525fd94ea
## Summary - Problem: `src/secrets/target-registry.test.ts` fails on latest `main` because the runtime registry includes Feishu `encryptKey` paths that the docs matrix and surface reference omit. - Why it matters: the docs/runtime sync guard currently blocks prep and merge work for unrelated PRs, including `#25558`. - What changed: regenerated the secretref credential matrix and updated the surface reference to include both Feishu `encryptKey` paths. - What did NOT change (scope boundary): no runtime registry behavior, config semantics, or channel handling changed. ## Change Type (select all) - [x] Bug fix - [ ] Feature - [ ] Refactor - [x] Docs - [ ] Security hardening - [ ] Chore/infra ## Scope (select all touched areas) - [ ] Gateway / orchestration - [ ] Skills / tool execution - [ ] Auth / tokens - [ ] Memory / storage - [x] Integrations - [ ] API / contracts - [ ] UI / DX - [ ] CI/CD / infra ## Linked Issue/PR - Closes # - Related #25558 ## User-visible / Behavior Changes None. ## Security Impact (required) - New permissions/capabilities? `No` - Secrets/tokens handling changed? `No` - New/changed network calls? `No` - Command/tool execution surface changed? `No` - Data access scope changed? `No` - If any `Yes`, explain risk + mitigation: ## Repro + Verification ### Environment - OS: macOS - Runtime/container: Node.js repo checkout - Model/provider: N/A - Integration/channel (if any): Feishu docs/runtime registry sync - Relevant config (redacted): none ### Steps 1. Check out latest `main` before this change. 2. Run `./node_modules/.bin/vitest run --config vitest.unit.config.ts src/secrets/target-registry.test.ts`. 3. Apply this docs-only sync change and rerun the same command. ### Expected - The target registry stays in sync with the generated docs matrix and the test passes. ### Actual - Before this change, the test failed because `channels.feishu.encryptKey` and `channels.feishu.accounts.*.encryptKey` were missing from the docs artifacts. ## Evidence Attach at least one: - [x] Failing test/log before + passing after - [ ] Trace/log snippets - [ ] Screenshot/recording - [ ] Perf numbers (if relevant) ## Human Verification (required) What you personally verified (not just CI), and how: - Verified scenarios: confirmed the failure on plain latest `main`, applied only these docs entries in a clean bootstrapped worktree, and reran `./node_modules/.bin/vitest run --config vitest.unit.config.ts src/secrets/target-registry.test.ts` to green. - Edge cases checked: verified both top-level Feishu `encryptKey` and account-scoped `encryptKey` paths are present in the matrix and surface reference. - What you did **not** verify: full repo test suite and CI beyond the targeted regression. ## Review Conversations - [x] I replied to or resolved every bot review conversation I addressed in this PR. - [x] I left unresolved only the conversations that still need reviewer or maintainer judgment. If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers. ## Compatibility / Migration - Backward compatible? `Yes` - Config/env changes? `No` - Migration needed? `No` - If yes, exact upgrade steps: ## Failure Recovery (if this breaks) - How to disable/revert this change quickly: revert this commit. - Files/config to restore: `docs/reference/secretref-user-supplied-credentials-matrix.json` and `docs/reference/secretref-credential-surface.md` - Known bad symptoms reviewers should watch for: the target-registry docs sync test failing again for missing Feishu `encryptKey` entries. ## Risks and Mitigations - Risk: the markdown surface reference could drift from the generated matrix again in a later credential-shape change. - Mitigation: `src/secrets/target-registry.test.ts` continues to guard docs/runtime sync.
515 lines
15 KiB
JSON
515 lines
15 KiB
JSON
{
|
|
"version": 1,
|
|
"matrixId": "strictly-user-supplied-credentials",
|
|
"pathSyntax": "Dot path with \"*\" for map keys and \"[]\" for arrays.",
|
|
"scope": "Credentials that are strictly user-supplied and not minted/rotated by OpenClaw runtime.",
|
|
"excludedMutableOrRuntimeManaged": [
|
|
"commands.ownerDisplaySecret",
|
|
"channels.matrix.accessToken",
|
|
"channels.matrix.accounts.*.accessToken",
|
|
"hooks.token",
|
|
"hooks.gmail.pushToken",
|
|
"hooks.mappings[].sessionKey",
|
|
"auth-profiles.oauth.*",
|
|
"discord.threadBindings.*.webhookToken",
|
|
"whatsapp.creds.json"
|
|
],
|
|
"entries": [
|
|
{
|
|
"id": "agents.defaults.memorySearch.remote.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "agents.defaults.memorySearch.remote.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "agents.list[].memorySearch.remote.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "agents.list[].memorySearch.remote.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "auth-profiles.api_key.key",
|
|
"configFile": "auth-profiles.json",
|
|
"path": "profiles.*.key",
|
|
"refPath": "profiles.*.keyRef",
|
|
"when": {
|
|
"type": "api_key"
|
|
},
|
|
"secretShape": "sibling_ref",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "auth-profiles.token.token",
|
|
"configFile": "auth-profiles.json",
|
|
"path": "profiles.*.token",
|
|
"refPath": "profiles.*.tokenRef",
|
|
"when": {
|
|
"type": "token"
|
|
},
|
|
"secretShape": "sibling_ref",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.bluebubbles.accounts.*.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.bluebubbles.accounts.*.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.bluebubbles.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.bluebubbles.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.accounts.*.pluralkit.token",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.accounts.*.pluralkit.token",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.accounts.*.token",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.accounts.*.token",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.accounts.*.voice.tts.openai.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.accounts.*.voice.tts.openai.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.pluralkit.token",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.pluralkit.token",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.token",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.token",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.voice.tts.elevenlabs.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.voice.tts.elevenlabs.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.discord.voice.tts.openai.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.discord.voice.tts.openai.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.feishu.accounts.*.appSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.feishu.accounts.*.appSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.feishu.accounts.*.encryptKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.feishu.accounts.*.encryptKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.feishu.accounts.*.verificationToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.feishu.accounts.*.verificationToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.feishu.appSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.feishu.appSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.feishu.encryptKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.feishu.encryptKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.feishu.verificationToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.feishu.verificationToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.googlechat.accounts.*.serviceAccount",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.googlechat.accounts.*.serviceAccount",
|
|
"refPath": "channels.googlechat.accounts.*.serviceAccountRef",
|
|
"secretShape": "sibling_ref",
|
|
"optIn": true,
|
|
"notes": "Google Chat compatibility exception: sibling ref field remains canonical."
|
|
},
|
|
{
|
|
"id": "channels.googlechat.serviceAccount",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.googlechat.serviceAccount",
|
|
"refPath": "channels.googlechat.serviceAccountRef",
|
|
"secretShape": "sibling_ref",
|
|
"optIn": true,
|
|
"notes": "Google Chat compatibility exception: sibling ref field remains canonical."
|
|
},
|
|
{
|
|
"id": "channels.irc.accounts.*.nickserv.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.irc.accounts.*.nickserv.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.irc.accounts.*.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.irc.accounts.*.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.irc.nickserv.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.irc.nickserv.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.irc.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.irc.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.matrix.accounts.*.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.matrix.accounts.*.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.matrix.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.matrix.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.mattermost.accounts.*.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.mattermost.accounts.*.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.mattermost.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.mattermost.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.msteams.appPassword",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.msteams.appPassword",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.nextcloud-talk.accounts.*.apiPassword",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.nextcloud-talk.accounts.*.apiPassword",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.nextcloud-talk.accounts.*.botSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.nextcloud-talk.accounts.*.botSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.nextcloud-talk.apiPassword",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.nextcloud-talk.apiPassword",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.nextcloud-talk.botSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.nextcloud-talk.botSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.accounts.*.appToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.accounts.*.appToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.accounts.*.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.accounts.*.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.accounts.*.signingSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.accounts.*.signingSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.accounts.*.userToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.accounts.*.userToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.appToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.appToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.signingSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.signingSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.slack.userToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.slack.userToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.telegram.accounts.*.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.telegram.accounts.*.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.telegram.accounts.*.webhookSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.telegram.accounts.*.webhookSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.telegram.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.telegram.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.telegram.webhookSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.telegram.webhookSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.zalo.accounts.*.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.zalo.accounts.*.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.zalo.accounts.*.webhookSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.zalo.accounts.*.webhookSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.zalo.botToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.zalo.botToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "channels.zalo.webhookSecret",
|
|
"configFile": "openclaw.json",
|
|
"path": "channels.zalo.webhookSecret",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "cron.webhookToken",
|
|
"configFile": "openclaw.json",
|
|
"path": "cron.webhookToken",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "gateway.auth.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "gateway.auth.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "gateway.auth.token",
|
|
"configFile": "openclaw.json",
|
|
"path": "gateway.auth.token",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "gateway.remote.password",
|
|
"configFile": "openclaw.json",
|
|
"path": "gateway.remote.password",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "gateway.remote.token",
|
|
"configFile": "openclaw.json",
|
|
"path": "gateway.remote.token",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "messages.tts.elevenlabs.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "messages.tts.elevenlabs.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "messages.tts.openai.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "messages.tts.openai.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "models.providers.*.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "models.providers.*.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "models.providers.*.headers.*",
|
|
"configFile": "openclaw.json",
|
|
"path": "models.providers.*.headers.*",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "skills.entries.*.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "skills.entries.*.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "talk.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "talk.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "talk.providers.*.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "talk.providers.*.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "tools.web.fetch.firecrawl.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "tools.web.fetch.firecrawl.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "tools.web.search.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "tools.web.search.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "tools.web.search.gemini.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "tools.web.search.gemini.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "tools.web.search.grok.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "tools.web.search.grok.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "tools.web.search.kimi.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "tools.web.search.kimi.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
},
|
|
{
|
|
"id": "tools.web.search.perplexity.apiKey",
|
|
"configFile": "openclaw.json",
|
|
"path": "tools.web.search.perplexity.apiKey",
|
|
"secretShape": "secret_input",
|
|
"optIn": true
|
|
}
|
|
]
|
|
}
|