github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 02:54:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secrets: harden SecretRef-safe models.json persistence (#38955)

Browse Source
This commit is contained in:
Josh Avant
2026-03-07 11:28:39 -06:00
committed by GitHub
parent b08337b902
commit 8e20dd22d8
66 changed files with 2713 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/agents/model-auth-markers.test.ts Normal file
View File

@@ -0,0 +1,26 @@
import { describe, expect, it } from "vitest";
import { listKnownProviderEnvApiKeyNames } from "./model-auth-env-vars.js";
import { isNonSecretApiKeyMarker, NON_ENV_SECRETREF_MARKER } from "./model-auth-markers.js";
describe("model auth markers", () => {
it("recognizes explicit non-secret markers", () => {
expect(isNonSecretApiKeyMarker(NON_ENV_SECRETREF_MARKER)).toBe(true);
expect(isNonSecretApiKeyMarker("qwen-oauth")).toBe(true);
expect(isNonSecretApiKeyMarker("ollama-local")).toBe(true);
});
it("recognizes known env marker names but not arbitrary all-caps keys", () => {
expect(isNonSecretApiKeyMarker("OPENAI_API_KEY")).toBe(true);
expect(isNonSecretApiKeyMarker("ALLCAPS_EXAMPLE")).toBe(false);
});
it("recognizes all built-in provider env marker names", () => {
for (const envVarName of listKnownProviderEnvApiKeyNames()) {
expect(isNonSecretApiKeyMarker(envVarName)).toBe(true);
}
});
it("can exclude env marker-name interpretation for display-only paths", () => {
expect(isNonSecretApiKeyMarker("OPENAI_API_KEY", { includeEnvVarName: false })).toBe(false);
});
});