From 6f08f17e60296fb7d2b8ecbde1b46f9526b9c911 Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Wed, 29 Apr 2026 23:16:26 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@6662dcf2099265b55cb35b7d70111c15e222a60e --- .openclaw-sync/source.json | 4 ++-- docs/plugins/manifest.md | 39 ++++++++++++++++++++++++++++++++------ 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 42fc32bef..5f6b7a5f4 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "4cba08df01ea6691d68046fb3f3297d152ae0219", - "syncedAt": "2026-04-29T23:05:10.892Z" + "sha": "6662dcf2099265b55cb35b7d70111c15e222a60e", + "syncedAt": "2026-04-29T23:14:47.570Z" } diff --git a/docs/plugins/manifest.md b/docs/plugins/manifest.md index 579202c31..eff5ed14b 100644 --- a/docs/plugins/manifest.md +++ b/docs/plugins/manifest.md @@ -357,7 +357,16 @@ before runtime loads. { "id": "openai", "authMethods": ["api-key"], - "envVars": ["OPENAI_API_KEY"] + "envVars": ["OPENAI_API_KEY"], + "authEvidence": [ + { + "type": "local-file-with-env", + "fileEnvVar": "OPENAI_CREDENTIALS_FILE", + "requiresAllEnv": ["OPENAI_PROJECT"], + "credentialMarker": "openai-local-credentials", + "source": "openai local credentials" + } + ] } ], "cliBackends": ["openai-cli"], @@ -408,11 +417,29 @@ registration. These diagnostics are additive and do not reject legacy plugins. ### setup.providers reference -| Field | Required | Type | What it means | -| ------------- | -------- | ---------- | ------------------------------------------------------------------------------------ | -| `id` | Yes | `string` | Provider id exposed during setup or onboarding. Keep normalized ids globally unique. | -| `authMethods` | No | `string[]` | Setup/auth method ids this provider supports without loading full runtime. | -| `envVars` | No | `string[]` | Env vars that generic setup/status surfaces can check before plugin runtime loads. | +| Field | Required | Type | What it means | +| -------------- | -------- | ---------- | ------------------------------------------------------------------------------------------------ | +| `id` | Yes | `string` | Provider id exposed during setup or onboarding. Keep normalized ids globally unique. | +| `authMethods` | No | `string[]` | Setup/auth method ids this provider supports without loading full runtime. | +| `envVars` | No | `string[]` | Env vars that generic setup/status surfaces can check before plugin runtime loads. | +| `authEvidence` | No | `object[]` | Cheap local auth evidence checks for providers that can authenticate through non-secret markers. | + +`authEvidence` is for provider-owned local credential markers that can be +verified without loading runtime code. These checks must stay cheap and local: +no network calls, no keychain or secret-manager reads, no shell commands, and no +provider API probes. + +Supported evidence entries: + +| Field | Required | Type | What it means | +| ------------------ | -------- | ---------- | --------------------------------------------------------------------------------------------- | +| `type` | Yes | `string` | Currently `local-file-with-env`. | +| `fileEnvVar` | No | `string` | Env var containing an explicit credential file path. | +| `fallbackPaths` | No | `string[]` | Local credential file paths checked when `fileEnvVar` is absent or empty. Supports `${HOME}`. | +| `requiresAnyEnv` | No | `string[]` | At least one listed env var must be non-empty before the evidence is valid. | +| `requiresAllEnv` | No | `string[]` | Every listed env var must be non-empty before the evidence is valid. | +| `credentialMarker` | Yes | `string` | Non-secret marker returned when the evidence is present. | +| `source` | No | `string` | User-facing source label for auth/status output. | ### setup fields