58 lines
2.4 KiB
Markdown
58 lines
2.4 KiB
Markdown
# Codex OAuth env handling notes
|
|
|
|
Session-derived operational notes for `codex-oauth-plus-onboarding`.
|
|
|
|
## Sensitive template cleanup workflow
|
|
|
|
If BOSS temporarily writes real values into the skill template at:
|
|
|
|
```text
|
|
~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example
|
|
```
|
|
|
|
use this sequence:
|
|
|
|
1. Copy the current template to the real local env file:
|
|
```bash
|
|
mkdir -p ~/.hermes/env
|
|
chmod 700 ~/.hermes/env
|
|
cp -p ~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example \
|
|
~/.hermes/env/codex_oauth_onboarding.env
|
|
chmod 600 ~/.hermes/env/codex_oauth_onboarding.env
|
|
```
|
|
2. Back up the original filled template to a private workspace backup before sanitizing:
|
|
```bash
|
|
TS=$(date '+%Y%m%d_%H%M%S')
|
|
mkdir -p ~/.Hermes/workspace/codex-oauth/env-backups
|
|
cp -p ~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example \
|
|
~/.Hermes/workspace/codex-oauth/env-backups/codex_oauth_onboarding.env.example.with-values_$TS
|
|
chmod 600 ~/.Hermes/workspace/codex-oauth/env-backups/codex_oauth_onboarding.env.example.with-values_$TS
|
|
```
|
|
3. Sanitize the template back to placeholders/defaults. Remove real target URLs, API keys, passwords, proxy server, phone numbers, ClawEmail UID, and account password. Keep only safe defaults such as Chrome path, browser profile root, booleans/timeouts, record-file paths, and example comments.
|
|
4. Verify no obvious sensitive residues remain:
|
|
```bash
|
|
grep -nE '\*\*\*|\.\.\.|=[0-9]+\||chickliu|135601|192\.168\.2\.|socks5://[^h]|eyJhbGci|admin|password|token|key' \
|
|
~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example || true
|
|
```
|
|
Review matches manually; example comments like `socks5://host:port` are OK.
|
|
|
|
## 5sim field mapping
|
|
|
|
When BOSS provides 5sim config in JSON/camelCase form, map it into env keys as:
|
|
|
|
```bash
|
|
fiveSimApiKey -> FIVE_SIM_API_KEY
|
|
fiveSimBaseUrl -> FIVE_SIM_BASE_URL
|
|
fiveSimCountryOrder -> FIVE_SIM_COUNTRY_ORDER=argentina,netherlands,indonesia
|
|
fiveSimOperator -> FIVE_SIM_OPERATOR=any
|
|
fiveSimProduct -> FIVE_SIM_PRODUCT=openai
|
|
```
|
|
|
|
For compatibility with older extension naming, also set:
|
|
|
|
```bash
|
|
FIVE_SIM_SERVICE=openai
|
|
```
|
|
|
|
Do not echo the full JWT/API key in final replies; show only `[REDACTED]` or a short prefix/suffix if verification needs it.
|