policies: add standard policy files, formatting, and secret scanning

- Add .editorconfig, .prettierrc, .prettierignore, .gitignore - Add Makefile with fmt, fmt-check, secret-scan, test (skip) targets - Add package.json with prettier - Add tools/secret-scan.sh - Add .secret-scan-allowlist for documentation token format references - Sanitize documentation to use generic placeholders - Auto-format with prettier - make check passes clean
2026-03-01 07:28:54 +00:00
parent 32a4e739dc
commit 0b94cb8fd5
19 changed files with 291 additions and 110 deletions
--- a/docs/FIELD-MAPPING.md
+++ b/docs/FIELD-MAPPING.md
@@ -7,8 +7,8 @@ Written by Claude Code CLI when it refreshes the token.
 ```json
 {
  "claudeAiOauth": {
-    "accessToken": "sk-ant-oat01-...",
-    "refreshToken": "sk-ant-ort01-...",
+    "accessToken": "<access-token-value>",
+    "refreshToken": "<refresh-token-value>",
    "expiresAt": 1772120060006,
    "scopes": ["user:inference", "user:mcp_servers", "user:profile", "user:sessions:claude_code"],
    "subscriptionType": "max",
@@ -24,8 +24,8 @@ Read by the gateway's `mergeOAuthFileIntoStore()` on startup.
 ```json
 {
  "anthropic": {
-    "access": "sk-ant-oat01-...",
-    "refresh": "sk-ant-ort01-...",
+    "access": "<access-token-value>",
+    "refresh": "<refresh-token-value>",
    "expires": 1772120060006,
    "scopes": ["user:inference", "user:mcp_servers", "user:profile", "user:sessions:claude_code"],
    "subscriptionType": "max",
@@ -36,21 +36,21 @@ Read by the gateway's `mergeOAuthFileIntoStore()` on startup.

 ## Field name mapping

-| Claude CLI | OpenClaw | Notes |
-|------------|----------|-------|
-| `accessToken` | `access` | The OAuth access token (`sk-ant-oat01-...`) |
-| `refreshToken` | `refresh` | The refresh token (`sk-ant-ort01-...`) |
-| `expiresAt` | `expires` | Unix timestamp in milliseconds |
-| `scopes` | `scopes` | Same format (array of strings) |
-| `subscriptionType` | `subscriptionType` | Same (`"max"`) |
-| `rateLimitTier` | `rateLimitTier` | Same (`"default_claude_max_5x"`) |
+| Claude CLI         | OpenClaw           | Notes                                           |
+| ------------------ | ------------------ | ----------------------------------------------- |
+| `accessToken`      | `access`           | The OAuth access token (`<access-token-value>`) |
+| `refreshToken`     | `refresh`          | The refresh token (`<refresh-token-value>`)     |
+| `expiresAt`        | `expires`          | Unix timestamp in milliseconds                  |
+| `scopes`           | `scopes`           | Same format (array of strings)                  |
+| `subscriptionType` | `subscriptionType` | Same (`"max"`)                                  |
+| `rateLimitTier`    | `rateLimitTier`    | Same (`"default_claude_max_5x"`)                |

 ## .env format

 Single env var, only the access token (no refresh/expiry):

 ```
-ANTHROPIC_OAUTH_TOKEN="sk-ant-oat01-..."
+ANTHROPIC_OAUTH_TOKEN="<access-token-value>"
 ```

 ## Auth profiles format (CORRECT)
@@ -61,7 +61,7 @@ ANTHROPIC_OAUTH_TOKEN="sk-ant-oat01-..."
    "anthropic:default": {
      "type": "oauth",
      "provider": "anthropic",
-      "access": "sk-ant-oat01-..."
+      "access": "<access-token-value>"
    }
  }
 }
@@ -75,7 +75,7 @@ ANTHROPIC_OAUTH_TOKEN="sk-ant-oat01-..."
    "anthropic:default": {
      "type": "oauth",
      "provider": "anthropic",
-      "key": "sk-ant-oat01-..."
+      "key": "<access-token-value>"
    }
  }
 }
@@ -85,9 +85,9 @@ ANTHROPIC_OAUTH_TOKEN="sk-ant-oat01-..."

 ## File locations

-| File | Host Path | Container Path |
-|------|-----------|---------------|
-| Claude CLI creds | `/root/.openclaw/workspaces/workspace-claude-proxy/config/.claude/.credentials.json` | `/root/.claude/.credentials.json` (claude-proxy) |
-| OpenClaw oauth | `/root/.openclaw/credentials/oauth.json` | `/home/node/.openclaw/credentials/oauth.json` (gateway) |
-| .env | `/root/openclaw/.env` | loaded as env vars at container creation |
-| Auth profiles | `/root/.openclaw/agents/<agent>/agent/auth-profiles.json` | `/home/node/.openclaw/agents/<agent>/agent/auth-profiles.json` (gateway) |
+| File             | Host Path                                                                            | Container Path                                                           |
+| ---------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ |
+| Claude CLI creds | `/root/.openclaw/workspaces/workspace-claude-proxy/config/.claude/.credentials.json` | `/root/.claude/.credentials.json` (claude-proxy)                         |
+| OpenClaw oauth   | `/root/.openclaw/credentials/oauth.json`                                             | `/home/node/.openclaw/credentials/oauth.json` (gateway)                  |
+| .env             | `/root/openclaw/.env`                                                                | loaded as env vars at container creation                                 |
+| Auth profiles    | `/root/.openclaw/agents/<agent>/agent/auth-profiles.json`                            | `/home/node/.openclaw/agents/<agent>/agent/auth-profiles.json` (gateway) |