vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-11 17:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fc9648b6201b80909fbec5054c95d31fb18f77df
openclaw/src/secrets/credential-matrix.ts
Peter Steinberger 1e6e685347 fix: unblock cli startup metadata
2026-04-04 02:35:36 +01:00

61 lines
2.3 KiB
TypeScript
Raw Blame History

import { listSecretTargetRegistryEntries } from "./target-registry.js";
import { getUnsupportedSecretRefSurfacePatterns } from "./unsupported-surface-policy.js";
type CredentialMatrixEntry = {
id: string;
configFile: "openclaw.json" | "auth-profiles.json";
path: string;
refPath?: string;
when?: { type: "api_key" | "token" };
secretShape: "secret_input" | "sibling_ref"; // pragma: allowlist secret
optIn: true;
notes?: string;
};
export type SecretRefCredentialMatrixDocument = {
version: 1;
matrixId: "strictly-user-supplied-credentials";
pathSyntax: 'Dot path with "*" for map keys and "[]" for arrays.';
scope: "Credentials that are strictly user-supplied and not minted/rotated by OpenClaw runtime.";
excludedMutableOrRuntimeManaged: string[];
entries: CredentialMatrixEntry[];
};
export function buildSecretRefCredentialMatrix(): SecretRefCredentialMatrixDocument {
const entries: CredentialMatrixEntry[] = listSecretTargetRegistryEntries()
.map((entry) => {
const isCanonicalFirecrawlWebFetchEntry =
entry.id === "plugins.entries.firecrawl.config.webFetch.apiKey";
const canonicalId = isCanonicalFirecrawlWebFetchEntry
? "tools.web.fetch.firecrawl.apiKey"
: entry.id;
const canonicalPath = isCanonicalFirecrawlWebFetchEntry
? "tools.web.fetch.firecrawl.apiKey"
: entry.pathPattern;
return {
id: canonicalId,
configFile: entry.configFile,
path: canonicalPath,
...(entry.refPathPattern ? { refPath: entry.refPathPattern } : {}),
...(entry.authProfileType ? { when: { type: entry.authProfileType } } : {}),
secretShape: entry.secretShape,
optIn: true as const,
...(entry.secretShape === "sibling_ref" && entry.refPathPattern
? { notes: "Compatibility exception: sibling ref field remains canonical." }
: {}),
};
})
.toSorted((a, b) => a.id.localeCompare(b.id));
return {
version: 1,
matrixId: "strictly-user-supplied-credentials",
pathSyntax: 'Dot path with "*" for map keys and "[]" for arrays.',
scope:
"Credentials that are strictly user-supplied and not minted/rotated by OpenClaw runtime.",
excludedMutableOrRuntimeManaged: getUnsupportedSecretRefSurfacePatterns(),
entries,
};
}
Reference in New Issue View Git Blame Copy Permalink