Files
codex-oauth-plus-onboarding…/references/env-file-and-5sim-notes.md
T

2.4 KiB

Codex OAuth env handling notes

Session-derived operational notes for codex-oauth-plus-onboarding.

Sensitive template cleanup workflow

If BOSS temporarily writes real values into the skill template at:

~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example

use this sequence:

  1. Copy the current template to the real local env file:
    mkdir -p ~/.hermes/env
    chmod 700 ~/.hermes/env
    cp -p ~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example \
      ~/.hermes/env/codex_oauth_onboarding.env
    chmod 600 ~/.hermes/env/codex_oauth_onboarding.env
    
  2. Back up the original filled template to a private workspace backup before sanitizing:
    TS=$(date '+%Y%m%d_%H%M%S')
    mkdir -p ~/.Hermes/workspace/codex-oauth/env-backups
    cp -p ~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example \
      ~/.Hermes/workspace/codex-oauth/env-backups/codex_oauth_onboarding.env.example.with-values_$TS
    chmod 600 ~/.Hermes/workspace/codex-oauth/env-backups/codex_oauth_onboarding.env.example.with-values_$TS
    
  3. Sanitize the template back to placeholders/defaults. Remove real target URLs, API keys, passwords, proxy server, phone numbers, ClawEmail UID, and account password. Keep only safe defaults such as Chrome path, browser profile root, booleans/timeouts, record-file paths, and example comments.
  4. Verify no obvious sensitive residues remain:
    grep -nE '\*\*\*|\.\.\.|=[0-9]+\||chickliu|135601|192\.168\.2\.|socks5://[^h]|eyJhbGci|admin|password|token|key' \
      ~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example || true
    
    Review matches manually; example comments like socks5://host:port are OK.

5sim field mapping

When BOSS provides 5sim config in JSON/camelCase form, map it into env keys as:

fiveSimApiKey       -> FIVE_SIM_API_KEY
fiveSimBaseUrl      -> FIVE_SIM_BASE_URL
fiveSimCountryOrder -> FIVE_SIM_COUNTRY_ORDER=argentina,netherlands,indonesia
fiveSimOperator     -> FIVE_SIM_OPERATOR=any
fiveSimProduct      -> FIVE_SIM_PRODUCT=openai

For compatibility with older extension naming, also set:

FIVE_SIM_SERVICE=openai

Do not echo the full JWT/API key in final replies; show only [REDACTED] or a short prefix/suffix if verification needs it.