mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-07 00:32:52 +00:00
00d8d7ead0
Extract shared normalization/coercion helpers into private @openclaw/normalization-core workspace package while preserving existing plugin SDK helper subpaths.\n\nAlso keeps direct normalization-core imports internal, wires UI/build/loader resolution, and replaces the slow PR network CodeQL lane with a fast added-line boundary scan while retaining full CodeQL for scheduled/manual runs.\n\nVerification: local moved tests, plugin SDK boundary tests, extension loader tests, agents-support shard, UI build/test, build artifacts, lint, workflow guards, autoreview, and GitHub CI passed on PR head 963d893715.
156 lines
4.3 KiB
TypeScript
156 lines
4.3 KiB
TypeScript
import { normalizeOptionalString } from "@openclaw/normalization-core/string-coerce";
|
|
import type { OpenClawConfig } from "../config/types.openclaw.js";
|
|
import { resolveGatewayCredentialsWithSecretInputs } from "./credentials-secret-inputs.js";
|
|
import {
|
|
type ExplicitGatewayAuth,
|
|
isGatewaySecretRefUnavailableError,
|
|
resolveGatewayProbeCredentialsFromConfig,
|
|
} from "./credentials.js";
|
|
export { resolveGatewayProbeTarget } from "./probe-target.js";
|
|
export type { GatewayProbeTargetResolution } from "./probe-target.js";
|
|
|
|
function buildGatewayProbeCredentialPolicy(params: {
|
|
cfg: OpenClawConfig;
|
|
mode: "local" | "remote";
|
|
env?: NodeJS.ProcessEnv;
|
|
explicitAuth?: ExplicitGatewayAuth;
|
|
}) {
|
|
const cfg = resolveGatewayProbeCredentialConfig(params);
|
|
return {
|
|
config: cfg,
|
|
cfg,
|
|
env: params.env,
|
|
explicitAuth: params.explicitAuth,
|
|
modeOverride: params.mode,
|
|
mode: params.mode,
|
|
remoteTokenFallback: "remote-only" as const,
|
|
};
|
|
}
|
|
|
|
function resolveGatewayProbeCredentialConfig(params: {
|
|
cfg: OpenClawConfig;
|
|
mode: "local" | "remote";
|
|
}): OpenClawConfig {
|
|
if (params.mode !== "local") {
|
|
return params.cfg;
|
|
}
|
|
|
|
const remote = params.cfg.gateway?.remote;
|
|
if (!remote || (remote.token === undefined && remote.password === undefined)) {
|
|
return params.cfg;
|
|
}
|
|
|
|
const remoteWithoutAuth = { ...remote };
|
|
delete remoteWithoutAuth.token;
|
|
delete remoteWithoutAuth.password;
|
|
return {
|
|
...params.cfg,
|
|
gateway: {
|
|
...params.cfg.gateway,
|
|
remote: remoteWithoutAuth,
|
|
},
|
|
};
|
|
}
|
|
|
|
function resolveExplicitProbeAuth(explicitAuth?: ExplicitGatewayAuth): {
|
|
token?: string;
|
|
password?: string;
|
|
} {
|
|
const token = normalizeOptionalString(explicitAuth?.token);
|
|
const password = normalizeOptionalString(explicitAuth?.password);
|
|
return { token, password };
|
|
}
|
|
|
|
function hasExplicitProbeAuth(auth: { token?: string; password?: string }): boolean {
|
|
return Boolean(auth.token || auth.password);
|
|
}
|
|
|
|
function buildUnresolvedProbeAuthWarning(path: string): string {
|
|
return `${path} SecretRef is unresolved in this command path; probing without configured auth credentials.`;
|
|
}
|
|
|
|
function resolveGatewayProbeWarning(error: unknown): string | undefined {
|
|
if (!isGatewaySecretRefUnavailableError(error)) {
|
|
throw error;
|
|
}
|
|
return buildUnresolvedProbeAuthWarning(error.path);
|
|
}
|
|
|
|
export function resolveGatewayProbeAuth(params: {
|
|
cfg: OpenClawConfig;
|
|
mode: "local" | "remote";
|
|
env?: NodeJS.ProcessEnv;
|
|
}): { token?: string; password?: string } {
|
|
const policy = buildGatewayProbeCredentialPolicy(params);
|
|
return resolveGatewayProbeCredentialsFromConfig(policy);
|
|
}
|
|
|
|
export async function resolveGatewayProbeAuthWithSecretInputs(params: {
|
|
cfg: OpenClawConfig;
|
|
mode: "local" | "remote";
|
|
env?: NodeJS.ProcessEnv;
|
|
explicitAuth?: ExplicitGatewayAuth;
|
|
}): Promise<{ token?: string; password?: string }> {
|
|
const policy = buildGatewayProbeCredentialPolicy(params);
|
|
return await resolveGatewayCredentialsWithSecretInputs({
|
|
config: policy.config,
|
|
env: policy.env,
|
|
explicitAuth: policy.explicitAuth,
|
|
modeOverride: policy.modeOverride,
|
|
remoteTokenFallback: policy.remoteTokenFallback,
|
|
});
|
|
}
|
|
|
|
export async function resolveGatewayProbeAuthSafeWithSecretInputs(params: {
|
|
cfg: OpenClawConfig;
|
|
mode: "local" | "remote";
|
|
env?: NodeJS.ProcessEnv;
|
|
explicitAuth?: ExplicitGatewayAuth;
|
|
}): Promise<{
|
|
auth: { token?: string; password?: string };
|
|
warning?: string;
|
|
}> {
|
|
const explicitAuth = resolveExplicitProbeAuth(params.explicitAuth);
|
|
if (hasExplicitProbeAuth(explicitAuth)) {
|
|
return {
|
|
auth: explicitAuth,
|
|
};
|
|
}
|
|
|
|
try {
|
|
const auth = await resolveGatewayProbeAuthWithSecretInputs(params);
|
|
return { auth };
|
|
} catch (error) {
|
|
return {
|
|
auth: {},
|
|
warning: resolveGatewayProbeWarning(error),
|
|
};
|
|
}
|
|
}
|
|
|
|
export function resolveGatewayProbeAuthSafe(params: {
|
|
cfg: OpenClawConfig;
|
|
mode: "local" | "remote";
|
|
env?: NodeJS.ProcessEnv;
|
|
explicitAuth?: ExplicitGatewayAuth;
|
|
}): {
|
|
auth: { token?: string; password?: string };
|
|
warning?: string;
|
|
} {
|
|
const explicitAuth = resolveExplicitProbeAuth(params.explicitAuth);
|
|
if (hasExplicitProbeAuth(explicitAuth)) {
|
|
return {
|
|
auth: explicitAuth,
|
|
};
|
|
}
|
|
|
|
try {
|
|
return { auth: resolveGatewayProbeAuth(params) };
|
|
} catch (error) {
|
|
return {
|
|
auth: {},
|
|
warning: resolveGatewayProbeWarning(error),
|
|
};
|
|
}
|
|
}
|