mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 22:20:42 +00:00
081da17090
* fix(codex): exclude codex-app-server synthetic apiKey from secrets audit The Codex extension uses the literal string "codex-app-server" as a hardcoded placeholder apiKey in provider.ts, since the real authentication is managed by the app-server transport itself. The secrets audit currently reports this as a real plaintext leak (PLAINTEXT_FOUND), producing a false positive for any user who has configured the Codex harness. Declare it as a plugin-owned non-secret marker in the Codex plugin manifest, so it flows through the standard `listKnownNonSecretApiKeyMarkers()` path alongside `ollama-local`, `lmstudio-local`, `gcp-vertex-credentials`, and `minimax-oauth`. Also extends the existing `model auth markers` unit tests to lock in the behavior. Fixes #69511 * ci: retrigger checks (no-op)