github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 16:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secrets: harden SecretRef-safe models.json persistence (#38955)

Browse Source
This commit is contained in:
Josh Avant
2026-03-07 11:28:39 -06:00
committed by GitHub
parent b08337b902
commit 8e20dd22d8
66 changed files with 2713 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/agents/models-config.providers.normalize-keys.test.ts
View File

@@ -3,6 +3,7 @@ import os from "node:os";
import path from "node:path";
import { describe, expect, it } from "vitest";
import type { OpenClawConfig } from "../config/config.js";
import { NON_ENV_SECRETREF_MARKER } from "./model-auth-markers.js";
import { normalizeProviders } from "./models-config.providers.js";
describe("normalizeProviders", () => {
@@ -73,4 +74,30 @@ describe("normalizeProviders", () => {
await fs.rm(agentDir, { recursive: true, force: true });
}
});
it("normalizes SecretRef-backed provider headers to non-secret marker values", async () => {
const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-agent-"));
try {
const providers: NonNullable<NonNullable<OpenClawConfig["models"]>["providers"]> = {
openai: {
baseUrl: "https://api.openai.com/v1",
api: "openai-completions",
headers: {
Authorization: { source: "env", provider: "default", id: "OPENAI_HEADER_TOKEN" },
"X-Tenant-Token": { source: "file", provider: "vault", id: "/openai/token" },
},
models: [],
},
};
const normalized = normalizeProviders({
providers,
agentDir,
});
expect(normalized?.openai?.headers?.Authorization).toBe("secretref-env:OPENAI_HEADER_TOKEN");
expect(normalized?.openai?.headers?.["X-Tenant-Token"]).toBe(NON_ENV_SECRETREF_MARKER);
} finally {
await fs.rm(agentDir, { recursive: true, force: true });
}
});
});