Unify secret injection contract for OpenClaw, Hermes, and Judging Claw runners #10

New issue

Open

opened 2026-05-29 00:56:28 +02:00 by codex · 1 comment

codex commented

2026-05-29 00:56:28 +02:00

Collaborator

Problem

VPS1000 currently has more than one secret delivery shape:

OpenClaw user services render /run/user/1000/openclaw/runtime.env through /home/openclaw/.local/bin/openclaw-infisical-render.sh and Infisical Universal Auth.
Hermes uses /opt/hermes-agency/.env with OLLAMA_API_KEY already present.
A plain openclaw shell has no interactive infisical login, so infisical secrets get ... fails even though Universal Auth can read the same paths.
Judging Claw now has its own bridge for dry-run receipts, but that should not become a third permanent convention.

Risk

Batch runners can work in one service context and fail at 03:00 in another. Agents may also accidentally grow different env-key names for the same provider secret (OLLAMA_CLOUD_API_KEY vs OLLAMA_API_KEY) or assume interactive CLI state that is not present in systemd.

Acceptance criteria

Document one supported unattended secret contract for OpenClaw-family batch runners.
Keep Universal Auth / systemd-compatible operation; no dependency on interactive infisical login.
Define canonical source paths and process-local env mappings, especially OLLAMA_CLOUD_API_KEY -> OLLAMA_API_KEY.
Ensure artifacts log only presence booleans, key names, statuses, and run IDs; never secret values.
Decide whether Hermes .env, OpenClaw runtime.env, and Judging Claw bridge should converge or remain intentionally separate.

Current mitigation

Judging Claw dry-run now has a local bridge that reads OpenClaw's Universal Auth shape, maps only the needed runtime variables, and keeps deterministic receipt fallback. This issue tracks the broader cleanup so the one-off bridge does not become invisible infrastructure debt.

## Problem VPS1000 currently has more than one secret delivery shape: - OpenClaw user services render `/run/user/1000/openclaw/runtime.env` through `/home/openclaw/.local/bin/openclaw-infisical-render.sh` and Infisical Universal Auth. - Hermes uses `/opt/hermes-agency/.env` with `OLLAMA_API_KEY` already present. - A plain `openclaw` shell has no interactive `infisical login`, so `infisical secrets get ...` fails even though Universal Auth can read the same paths. - Judging Claw now has its own bridge for dry-run receipts, but that should not become a third permanent convention. ## Risk Batch runners can work in one service context and fail at 03:00 in another. Agents may also accidentally grow different env-key names for the same provider secret (`OLLAMA_CLOUD_API_KEY` vs `OLLAMA_API_KEY`) or assume interactive CLI state that is not present in systemd. ## Acceptance criteria - Document one supported unattended secret contract for OpenClaw-family batch runners. - Keep Universal Auth / systemd-compatible operation; no dependency on interactive `infisical login`. - Define canonical source paths and process-local env mappings, especially `OLLAMA_CLOUD_API_KEY -> OLLAMA_API_KEY`. - Ensure artifacts log only presence booleans, key names, statuses, and run IDs; never secret values. - Decide whether Hermes `.env`, OpenClaw `runtime.env`, and Judging Claw bridge should converge or remain intentionally separate. ## Current mitigation Judging Claw dry-run now has a local bridge that reads OpenClaw's Universal Auth shape, maps only the needed runtime variables, and keeps deterministic receipt fallback. This issue tracks the broader cleanup so the one-off bridge does not become invisible infrastructure debt.

Iskra commented

2026-05-29 08:57:46 +02:00

Collaborator

{
"confidence": 5,
"effort_hint": "medium",
"escalation": {
"kind": "none",
"reason": ""
},
"evidence_refs": [
{
"note": "Issue requests a unified unattended secret contract for OpenClaw-family batch runners.",
"type": "forgejo",
"value": "issue-title-body-labels-and-target-snapshot"
},
{
"note": "Body identifies divergent secret delivery shapes across OpenClaw, Hermes, and Judging Claw.",
"type": "forgejo",
"value": "issue-body-problem-and-risk"
},
{
"note": "Acceptance asks to document one supported unattended contract and avoid a third permanent convention.",
"type": "forgejo",
"value": "issue-body-acceptance"
}
],
"impact": 5,
"judge_actor": {
"name": "iskra",
"runtime": "openclaw"
},
"judged_at": "2026-05-29T06:57:00Z",
"labels_to_apply": [
"judge/p1",
"judge/codex-candidate"
],
"piotr_fit": "high",
"priority": "p1",
"rationale_summary": "Unifying unattended secret injection is high leverage because it prevents batch runners from passing in one service context and failing in another.",
"reach": 5,
"recommended_next_action": "codex_candidate",
"rerun_reason": "no_prior_judgment",
"schema": "openclaw.judge.v0",
"target": {
"kind": "issue",
"number": 10,
"repo": "pdurlej/judging-claw"
},
"target_snapshot": {
"body_hash": "sha256:2a6834153e6a962498943902ebd7d462c2a8643d438cd228bafd25feef8c3f88",
"commit_count": null,
"evidence_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"head_sha": null,
"labels": [],
"labels_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"state": "open",
"title_hash": "sha256:1670d88a26fa3e856ffa538557c54fb170dd3f8f2f30e92426fcd8a64bbd4dfe",
"updated_at": "2026-05-29T00:56:28+02:00"
},
"top_caveat": "The contract must avoid exposing secrets and must not rely on interactive CLI login state."
}

{ "confidence": 5, "effort_hint": "medium", "escalation": { "kind": "none", "reason": "" }, "evidence_refs": [ { "note": "Issue requests a unified unattended secret contract for OpenClaw-family batch runners.", "type": "forgejo", "value": "issue-title-body-labels-and-target-snapshot" }, { "note": "Body identifies divergent secret delivery shapes across OpenClaw, Hermes, and Judging Claw.", "type": "forgejo", "value": "issue-body-problem-and-risk" }, { "note": "Acceptance asks to document one supported unattended contract and avoid a third permanent convention.", "type": "forgejo", "value": "issue-body-acceptance" } ], "impact": 5, "judge_actor": { "name": "iskra", "runtime": "openclaw" }, "judged_at": "2026-05-29T06:57:00Z", "labels_to_apply": [ "judge/p1", "judge/codex-candidate" ], "piotr_fit": "high", "priority": "p1", "rationale_summary": "Unifying unattended secret injection is high leverage because it prevents batch runners from passing in one service context and failing in another.", "reach": 5, "recommended_next_action": "codex_candidate", "rerun_reason": "no_prior_judgment", "schema": "openclaw.judge.v0", "target": { "kind": "issue", "number": 10, "repo": "pdurlej/judging-claw" }, "target_snapshot": { "body_hash": "sha256:2a6834153e6a962498943902ebd7d462c2a8643d438cd228bafd25feef8c3f88", "commit_count": null, "evidence_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "head_sha": null, "labels": [], "labels_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "state": "open", "title_hash": "sha256:1670d88a26fa3e856ffa538557c54fb170dd3f8f2f30e92426fcd8a64bbd4dfe", "updated_at": "2026-05-29T00:56:28+02:00" }, "top_caveat": "The contract must avoid exposing secrets and must not rely on interactive CLI login state." }

Iskra added the

judge/codex-candidate

judge/p1

labels

2026-05-29 08:57:46 +02:00

codex referenced this issue

2026-05-29 19:26:22 +02:00

Define schema openclaw.judge.v0 #1

codex referenced this issue

2026-05-29 19:26:26 +02:00

Implement Forgejo read-only export #2

codex referenced this issue