mirror of
http://192.168.0.88:13333/lywsvip/openclaw-zero-token.git
synced 2026-06-20 04:07:54 +08:00
571e14a236
Major upgrade from e26988a38 to upstream v2026.3.28 (f9b107928).
Key changes:
- Upstream src/, ui/, extensions/ (89 bundled extensions)
- Zero-token web providers preserved in src/zero-token/
- AskOnce plugin restored and registered as CLI command
- Added missing packages: @anthropic-ai/vertex-sdk, @modelcontextprotocol/sdk
- Fixed tsconfig rootDir, skipLibCheck for plugin-sdk DTS build
- Added askonce to bundled plugin metadata and package.json exports
- Fixed AskOnce CLI command registration (missing commands metadata)
- Restored AskOnce adapter imports (correct 5-level relative paths)
- Removed stale migration artifacts from root directory
98 lines
2.7 KiB
TypeScript
98 lines
2.7 KiB
TypeScript
import {
|
|
isDangerousHostEnvOverrideVarName,
|
|
isDangerousHostEnvVarName,
|
|
normalizeEnvVarKey,
|
|
} from "../infra/host-env-security.js";
|
|
import { containsEnvVarReference } from "./env-substitution.js";
|
|
import type { OpenClawConfig } from "./types.js";
|
|
|
|
function isBlockedConfigEnvVar(key: string): boolean {
|
|
return isDangerousHostEnvVarName(key) || isDangerousHostEnvOverrideVarName(key);
|
|
}
|
|
|
|
function collectConfigEnvVarsByTarget(cfg?: OpenClawConfig): Record<string, string> {
|
|
const envConfig = cfg?.env;
|
|
if (!envConfig) {
|
|
return {};
|
|
}
|
|
|
|
const entries: Record<string, string> = {};
|
|
|
|
if (envConfig.vars) {
|
|
for (const [rawKey, value] of Object.entries(envConfig.vars)) {
|
|
if (!value) {
|
|
continue;
|
|
}
|
|
const key = normalizeEnvVarKey(rawKey, { portable: true });
|
|
if (!key) {
|
|
continue;
|
|
}
|
|
if (isBlockedConfigEnvVar(key)) {
|
|
continue;
|
|
}
|
|
entries[key] = value;
|
|
}
|
|
}
|
|
|
|
for (const [rawKey, value] of Object.entries(envConfig)) {
|
|
if (rawKey === "shellEnv" || rawKey === "vars") {
|
|
continue;
|
|
}
|
|
if (typeof value !== "string" || !value.trim()) {
|
|
continue;
|
|
}
|
|
const key = normalizeEnvVarKey(rawKey, { portable: true });
|
|
if (!key) {
|
|
continue;
|
|
}
|
|
if (isBlockedConfigEnvVar(key)) {
|
|
continue;
|
|
}
|
|
entries[key] = value;
|
|
}
|
|
|
|
return entries;
|
|
}
|
|
|
|
export function collectConfigRuntimeEnvVars(cfg?: OpenClawConfig): Record<string, string> {
|
|
return collectConfigEnvVarsByTarget(cfg);
|
|
}
|
|
|
|
export function collectConfigServiceEnvVars(cfg?: OpenClawConfig): Record<string, string> {
|
|
return collectConfigEnvVarsByTarget(cfg);
|
|
}
|
|
|
|
/** @deprecated Use `collectConfigRuntimeEnvVars` or `collectConfigServiceEnvVars`. */
|
|
export function collectConfigEnvVars(cfg?: OpenClawConfig): Record<string, string> {
|
|
return collectConfigRuntimeEnvVars(cfg);
|
|
}
|
|
|
|
export function createConfigRuntimeEnv(
|
|
cfg: OpenClawConfig,
|
|
baseEnv: NodeJS.ProcessEnv = process.env,
|
|
): NodeJS.ProcessEnv {
|
|
const env = { ...baseEnv };
|
|
applyConfigEnvVars(cfg, env);
|
|
return env;
|
|
}
|
|
|
|
export function applyConfigEnvVars(
|
|
cfg: OpenClawConfig,
|
|
env: NodeJS.ProcessEnv = process.env,
|
|
): void {
|
|
const entries = collectConfigRuntimeEnvVars(cfg);
|
|
for (const [key, value] of Object.entries(entries)) {
|
|
if (env[key]?.trim()) {
|
|
continue;
|
|
}
|
|
// Skip values containing unresolved ${VAR} references — applyConfigEnvVars runs
|
|
// before env substitution, so these would pollute process.env with literal placeholders
|
|
// (e.g. process.env.OPENCLAW_GATEWAY_TOKEN = "${VAULT_TOKEN}") which downstream auth
|
|
// resolution would accept as valid credentials.
|
|
if (containsEnvVarReference(value)) {
|
|
continue;
|
|
}
|
|
env[key] = value;
|
|
}
|
|
}
|