mirror of https://github.com/openclaw/openclaw.git
49 lines
1.4 KiB
TypeScript
49 lines
1.4 KiB
TypeScript
import { z } from "zod";
|
|
import { ENV_SECRET_REF_ID_RE } from "../config/types.secrets.js";
|
|
import {
|
|
formatExecSecretRefIdValidationMessage,
|
|
isValidExecSecretRefId,
|
|
isValidFileSecretRefId,
|
|
SECRET_PROVIDER_ALIAS_PATTERN,
|
|
} from "../secrets/ref-contract.js";
|
|
|
|
export function buildSecretInputSchema() {
|
|
const providerSchema = z
|
|
.string()
|
|
.regex(
|
|
SECRET_PROVIDER_ALIAS_PATTERN,
|
|
'Secret reference provider must match /^[a-z][a-z0-9_-]{0,63}$/ (example: "default").',
|
|
);
|
|
|
|
return z.union([
|
|
z.string(),
|
|
z.discriminatedUnion("source", [
|
|
z.object({
|
|
source: z.literal("env"),
|
|
provider: providerSchema,
|
|
id: z
|
|
.string()
|
|
.regex(
|
|
ENV_SECRET_REF_ID_RE,
|
|
'Env secret reference id must match /^[A-Z][A-Z0-9_]{0,127}$/ (example: "OPENAI_API_KEY").',
|
|
),
|
|
}),
|
|
z.object({
|
|
source: z.literal("file"),
|
|
provider: providerSchema,
|
|
id: z
|
|
.string()
|
|
.refine(
|
|
isValidFileSecretRefId,
|
|
'File secret reference id must be an absolute JSON pointer (example: "/providers/openai/apiKey"), or "value" for singleValue mode.',
|
|
),
|
|
}),
|
|
z.object({
|
|
source: z.literal("exec"),
|
|
provider: providerSchema,
|
|
id: z.string().refine(isValidExecSecretRefId, formatExecSecretRefIdValidationMessage()),
|
|
}),
|
|
]),
|
|
]);
|
|
}
|