github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-30 17:11:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(secrets): resolve web tool SecretRefs atomically at runtime

Browse Source
This commit is contained in:
Josh Avant
2026-03-09 22:57:03 -05:00
committed by GitHub
parent 93c44e3dad
commit f0eb67923c
28 changed files with 2059 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/reference/secretref-credential-surface.md
View File

@@ -31,6 +31,7 @@ Scope intent:
- `talk.providers.*.apiKey`
- `messages.tts.elevenlabs.apiKey`
- `messages.tts.openai.apiKey`
- `tools.web.fetch.firecrawl.apiKey`
- `tools.web.search.apiKey`
- `tools.web.search.gemini.apiKey`
- `tools.web.search.grok.apiKey`
@@ -102,7 +103,8 @@ Notes:
- For SecretRef-managed model providers, generated `agents/*/agent/models.json` entries persist non-secret markers (not resolved secret values) for `apiKey`/header surfaces.
- For web search:
- In explicit provider mode (`tools.web.search.provider` set), only the selected provider key is active.
- In auto mode (`tools.web.search.provider` unset), `tools.web.search.apiKey` and provider-specific keys are active.
- In auto mode (`tools.web.search.provider` unset), only the first provider key that resolves by precedence is active.
- In auto mode, non-selected provider refs are treated as inactive until selected.
## Unsupported credentials