github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 01:18:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secrets: keep read-only runtime sync in-memory

Browse Source
This commit is contained in:
joshavant
2026-02-24 15:01:36 -06:00
committed by Peter Steinberger
parent 8e33ebe471
commit 45ec5aaf2b
4 changed files with 174 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/agents/auth-profiles/store.ts
View File

@@ -383,13 +383,11 @@ function loadAuthProfileStoreForAgent(
const authPath = resolveAuthStorePath(agentDir);
const asStore = loadCoercedStoreWithExternalSync(authPath);
if (asStore) {
// Runtime secret activation must remain read-only.
if (!readOnly) {
// Sync from external CLI tools on every load
const synced = syncExternalCliCredentials(asStore);
if (synced) {
saveJsonFile(authPath, asStore);
}
// Runtime secret activation must remain read-only:
// sync external CLI credentials in-memory, but never persist while readOnly.
const synced = syncExternalCliCredentials(asStore);
if (synced && !readOnly) {
saveJsonFile(authPath, asStore);
}
return asStore;
}
@@ -418,7 +416,8 @@ function loadAuthProfileStoreForAgent(
}
const mergedOAuth = mergeOAuthFileIntoStore(store);
const syncedCli = readOnly ? false : syncExternalCliCredentials(store);
// Keep external CLI credentials visible in runtime even during read-only loads.
const syncedCli = syncExternalCliCredentials(store);
const shouldWrite = !readOnly && (legacy !== null || mergedOAuth || syncedCli);
if (shouldWrite) {
saveJsonFile(authPath, store);