mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-31 20:11:43 +00:00
00067563a6
Handle exec-backed Gateway SecretRefs in doctor, lint, and health probing without executing providers by default. - Add `openclaw doctor --allow-exec` for explicit SecretRef execution during lint/doctor checks. - Skip only the active exec-backed gateway probe path and avoid local service diagnostics for remote-only skipped health. - Keep env-winning and dormant fallback credentials probeable, stabilize related tests, and remove a stale live-shard fixture left by the moving base. Verification: - `node scripts/run-vitest.mjs src/commands/doctor-gateway-auth-token.test.ts src/commands/doctor.warns-state-directory-is-missing.e2e.test.ts src/gateway/credentials.test.ts src/gateway/probe-auth.test.ts src/commands/doctor-gateway-daemon-flow.test.ts test/scripts/test-live-shard.test.ts --reporter=verbose` - `mise x node@24.13.0 -- pnpm prompt:snapshots:check` - `pnpm tsgo:prod` - `pnpm build` - `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main` - Crabbox AWS live config proof: `run_f44a4d9dae4e` - GitHub CI: green on final head `88d24abdbf9529a59d75d1d5e04eac74bbbbc267` after rerunning a stale in-progress Security High workflow. Co-authored-by: Merlin <258679497+funmerlin@users.noreply.github.com>