mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-15 03:01:02 +00:00
467 lines
15 KiB
TypeScript
467 lines
15 KiB
TypeScript
import { loadPluginManifestRegistry } from "../plugins/manifest-registry.js";
|
|
import { loadBundledChannelSecretContractApi } from "./channel-contract-api.js";
|
|
import type { SecretTargetRegistryEntry } from "./target-registry-types.js";
|
|
|
|
const SECRET_INPUT_SHAPE = "secret_input"; // pragma: allowlist secret
|
|
const SIBLING_REF_SHAPE = "sibling_ref"; // pragma: allowlist secret
|
|
|
|
function listChannelSecretTargetRegistryEntries(): SecretTargetRegistryEntry[] {
|
|
const entries: SecretTargetRegistryEntry[] = [];
|
|
|
|
for (const record of loadPluginManifestRegistry({}).plugins) {
|
|
if (record.origin !== "bundled") {
|
|
continue;
|
|
}
|
|
const channelIds = record.channels;
|
|
if (channelIds.length === 0) {
|
|
continue;
|
|
}
|
|
try {
|
|
const contractApi = loadBundledChannelSecretContractApi(record.id);
|
|
entries.push(...(contractApi?.secretTargetRegistryEntries ?? []));
|
|
} catch {
|
|
// Ignore bundled channels that do not expose a usable secret contract artifact.
|
|
}
|
|
}
|
|
return entries;
|
|
}
|
|
|
|
const CORE_SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [
|
|
{
|
|
id: "auth-profiles.api_key.key",
|
|
targetType: "auth-profiles.api_key.key",
|
|
configFile: "auth-profiles.json",
|
|
pathPattern: "profiles.*.key",
|
|
refPathPattern: "profiles.*.keyRef",
|
|
secretShape: SIBLING_REF_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
authProfileType: "api_key",
|
|
},
|
|
{
|
|
id: "auth-profiles.token.token",
|
|
targetType: "auth-profiles.token.token",
|
|
configFile: "auth-profiles.json",
|
|
pathPattern: "profiles.*.token",
|
|
refPathPattern: "profiles.*.tokenRef",
|
|
secretShape: SIBLING_REF_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
authProfileType: "token",
|
|
},
|
|
{
|
|
id: "agents.defaults.memorySearch.remote.apiKey",
|
|
targetType: "agents.defaults.memorySearch.remote.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "agents.defaults.memorySearch.remote.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "agents.list[].memorySearch.remote.apiKey",
|
|
targetType: "agents.list[].memorySearch.remote.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "agents.list[].memorySearch.remote.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "cron.webhookToken",
|
|
targetType: "cron.webhookToken",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "cron.webhookToken",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.auth.token",
|
|
targetType: "gateway.auth.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.auth.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.auth.password",
|
|
targetType: "gateway.auth.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.auth.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.remote.password",
|
|
targetType: "gateway.remote.password",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.remote.password",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "gateway.remote.token",
|
|
targetType: "gateway.remote.token",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "gateway.remote.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "messages.tts.providers.*.apiKey",
|
|
targetType: "messages.tts.providers.*.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "messages.tts.providers.*.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 3,
|
|
},
|
|
{
|
|
id: "models.providers.*.apiKey",
|
|
targetType: "models.providers.apiKey",
|
|
targetTypeAliases: ["models.providers.*.apiKey"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
trackProviderShadowing: true,
|
|
},
|
|
{
|
|
id: "models.providers.*.headers.*",
|
|
targetType: "models.providers.headers",
|
|
targetTypeAliases: ["models.providers.*.headers.*"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.headers.*",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.headers.*",
|
|
targetType: "models.providers.request.headers",
|
|
targetTypeAliases: ["models.providers.*.request.headers.*"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.headers.*",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.auth.token",
|
|
targetType: "models.providers.request.auth.token",
|
|
targetTypeAliases: ["models.providers.*.request.auth.token"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.auth.token",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.auth.value",
|
|
targetType: "models.providers.request.auth.value",
|
|
targetTypeAliases: ["models.providers.*.request.auth.value"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.auth.value",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.proxy.tls.ca",
|
|
targetType: "models.providers.request.proxy.tls.ca",
|
|
targetTypeAliases: ["models.providers.*.request.proxy.tls.ca"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.proxy.tls.ca",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.proxy.tls.cert",
|
|
targetType: "models.providers.request.proxy.tls.cert",
|
|
targetTypeAliases: ["models.providers.*.request.proxy.tls.cert"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.proxy.tls.cert",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.proxy.tls.key",
|
|
targetType: "models.providers.request.proxy.tls.key",
|
|
targetTypeAliases: ["models.providers.*.request.proxy.tls.key"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.proxy.tls.key",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.proxy.tls.passphrase",
|
|
targetType: "models.providers.request.proxy.tls.passphrase",
|
|
targetTypeAliases: ["models.providers.*.request.proxy.tls.passphrase"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.proxy.tls.passphrase",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.tls.ca",
|
|
targetType: "models.providers.request.tls.ca",
|
|
targetTypeAliases: ["models.providers.*.request.tls.ca"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.tls.ca",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.tls.cert",
|
|
targetType: "models.providers.request.tls.cert",
|
|
targetTypeAliases: ["models.providers.*.request.tls.cert"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.tls.cert",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.tls.key",
|
|
targetType: "models.providers.request.tls.key",
|
|
targetTypeAliases: ["models.providers.*.request.tls.key"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.tls.key",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "models.providers.*.request.tls.passphrase",
|
|
targetType: "models.providers.request.tls.passphrase",
|
|
targetTypeAliases: ["models.providers.*.request.tls.passphrase"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "models.providers.*.request.tls.passphrase",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "skills.entries.*.apiKey",
|
|
targetType: "skills.entries.apiKey",
|
|
targetTypeAliases: ["skills.entries.*.apiKey"],
|
|
configFile: "openclaw.json",
|
|
pathPattern: "skills.entries.*.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "talk.providers.*.apiKey",
|
|
targetType: "talk.providers.*.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "talk.providers.*.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
providerIdPathSegmentIndex: 2,
|
|
},
|
|
{
|
|
id: "tools.web.search.apiKey",
|
|
targetType: "tools.web.search.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "tools.web.search.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.brave.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.brave.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.brave.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.google.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.google.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.google.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.xai.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.xai.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.xai.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.moonshot.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.moonshot.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.moonshot.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.perplexity.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.perplexity.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.perplexity.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.firecrawl.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.firecrawl.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.firecrawl.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.firecrawl.config.webFetch.apiKey",
|
|
targetType: "plugins.entries.firecrawl.config.webFetch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.firecrawl.config.webFetch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.tavily.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.tavily.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.tavily.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
{
|
|
id: "plugins.entries.minimax.config.webSearch.apiKey",
|
|
targetType: "plugins.entries.minimax.config.webSearch.apiKey",
|
|
configFile: "openclaw.json",
|
|
pathPattern: "plugins.entries.minimax.config.webSearch.apiKey",
|
|
secretShape: SECRET_INPUT_SHAPE,
|
|
expectedResolvedValue: "string",
|
|
includeInPlan: true,
|
|
includeInConfigure: true,
|
|
includeInAudit: true,
|
|
},
|
|
];
|
|
|
|
let cachedSecretTargetRegistry: SecretTargetRegistryEntry[] | null = null;
|
|
|
|
export function getCoreSecretTargetRegistry(): SecretTargetRegistryEntry[] {
|
|
return CORE_SECRET_TARGET_REGISTRY;
|
|
}
|
|
|
|
export function getSecretTargetRegistry(): SecretTargetRegistryEntry[] {
|
|
if (cachedSecretTargetRegistry) {
|
|
return cachedSecretTargetRegistry;
|
|
}
|
|
cachedSecretTargetRegistry = [
|
|
...CORE_SECRET_TARGET_REGISTRY,
|
|
...listChannelSecretTargetRegistryEntries(),
|
|
];
|
|
return cachedSecretTargetRegistry;
|
|
}
|