feat(secrets): egress-time credential injection with process-local sentinels (#102009)

* feat(secrets): resolve SecretRef model credentials at egress via process-local sentinels

SecretRef-managed model-provider credentials now travel as opaque
oc-sent-v1 sentinels through auth storage, stream options, and SDK
config; the guarded model fetch injects real values into headers and
URLs immediately before the SSRF-guarded send and fails closed on
unknown sentinels. packages/ai adapters converge on the host guarded
fetch where the SDK supports custom fetch and unwrap at construction
where it does not. Resolved values (and their percent-encoded forms)
register for exact-value log redaction. Kill switch:
OPENCLAW_SECRET_SENTINELS=off. Also fixes a pre-existing unhandled
rejection race in capNonOkResponseBodyLazily (pipeThrough writer leak).

* test(plugin-sdk): update public surface budget
This commit is contained in:
Peter Steinberger 2026-07-08 12:56:41 +01:00 committed by GitHub
parent 83ebbcb3ac
commit 4bf70be01a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
67 changed files with 2959 additions and 234 deletions

View file

@ -3710,6 +3710,7 @@ Do not edit it by hand; run `pnpm docs:map:gen`.
- Route: /gateway/secrets
- Headings:
- H2: Runtime model
- H2: Egress-time injection (sentinels)
- H2: Agent-access boundary
- H2: Active-surface filtering
- H2: Gateway auth surface diagnostics