LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-05-21 21:56:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8d63b8bd07eefacbc1ba70ad229cb95d241f47a
moltbot/src/secrets/credential-matrix.ts
Peter Steinberger 1584acb124 fix(secrets): stabilize credential matrix docs
2026-05-03 12:25:08 +01:00

58 lines
2.3 KiB
TypeScript
Raw Blame History

import { getSourceSecretTargetRegistry } from "./target-registry-data.js";
import { getUnsupportedSecretRefSurfacePatterns } from "./unsupported-surface-policy.js";
type CredentialMatrixEntry = {
id: string;
configFile: "openclaw.json" | "auth-profiles.json";
path: string;
refPath?: string;
when?: { type: "api_key" | "token" };
secretShape: "secret_input" | "sibling_ref"; // pragma: allowlist secret
optIn: true;
notes?: string;
};
export type SecretRefCredentialMatrixDocument = {
version: 1;
matrixId: "strictly-user-supplied-credentials";
pathSyntax: 'Dot path with "*" for map keys and "[]" for arrays.';
scope: "Credentials that are strictly user-supplied and not minted/rotated by OpenClaw runtime.";
excludedMutableOrRuntimeManaged: string[];
entries: CredentialMatrixEntry[];
};
export function buildSecretRefCredentialMatrix(): SecretRefCredentialMatrixDocument {
const entries: CredentialMatrixEntry[] = getSourceSecretTargetRegistry()
.map((entry) => {
const isCanonicalFirecrawlWebFetchEntry =
entry.id === "plugins.entries.firecrawl.config.webFetch.apiKey";
const canonicalId = isCanonicalFirecrawlWebFetchEntry
? "tools.web.fetch.firecrawl.apiKey"
: entry.id;
const canonicalPath = isCanonicalFirecrawlWebFetchEntry
? "tools.web.fetch.firecrawl.apiKey"
: entry.pathPattern;
return Object.assign(
{ id: canonicalId, configFile: entry.configFile, path: canonicalPath },
entry.refPathPattern ? { refPath: entry.refPathPattern } : {},
entry.authProfileType ? { when: { type: entry.authProfileType } } : {},
{ secretShape: entry.secretShape, optIn: true as const },
entry.secretShape === `sibling_ref` && entry.refPathPattern
? { notes: `Compatibility exception: sibling ref field remains canonical.` }
: {},
);
})
.toSorted((a, b) => a.id.localeCompare(b.id));
return {
version: 1,
matrixId: "strictly-user-supplied-credentials",
pathSyntax: 'Dot path with "*" for map keys and "[]" for arrays.',
scope:
"Credentials that are strictly user-supplied and not minted/rotated by OpenClaw runtime.",
excludedMutableOrRuntimeManaged: getUnsupportedSecretRefSurfacePatterns(),
entries,
};
}
Reference in New Issue View Git Blame Copy Permalink