policies: add standard policy files, formatting, and secret scanning

- Add .editorconfig, .prettierrc, .prettierignore, .gitignore - Add Makefile with fmt, fmt-check, secret-scan, test (skip) targets - Add package.json with prettier - Add tools/secret-scan.sh - Add .secret-scan-allowlist for documentation token format references - Sanitize documentation to use generic placeholders - Auto-format with prettier - make check passes clean
2026-03-01 07:28:54 +00:00
parent 32a4e739dc
commit 0b94cb8fd5
19 changed files with 291 additions and 110 deletions
--- a/docs/OPENCLAW-MODEL-CONFIG.md
+++ b/docs/OPENCLAW-MODEL-CONFIG.md
@@ -5,6 +5,7 @@
 OpenClaw has a **built-in** Anthropic provider. You do NOT need to (and must NOT) add a custom `anthropic` entry to `models.providers` in `openclaw.json`.

 Adding one causes the Anthropic SDK to append `/v1` to your `baseUrl`, which already has `/v1`, resulting in:
+
 ```
 https://api.anthropic.com/v1/v1/messages -> 404 Not Found
 ```
@@ -21,10 +22,7 @@ In `openclaw.json`, under `agents.defaults.model`:
    "defaults": {
      "model": {
        "primary": "anthropic/claude-opus-4-6",
-        "fallbacks": [
-          "anthropic/claude-sonnet-4-6",
-          "google/gemini-3.1-pro-preview"
-        ]
+        "fallbacks": ["anthropic/claude-sonnet-4-6", "google/gemini-3.1-pro-preview"]
      }
    }
  }
@@ -59,7 +57,7 @@ Under `agents.defaults.models`:
 In your OpenClaw `.env` file (e.g., `/root/openclaw/.env`):

 ```
-ANTHROPIC_OAUTH_TOKEN="sk-ant-oat01-YOUR_TOKEN_HERE"
+ANTHROPIC_OAUTH_TOKEN="<YOUR-ACCESS-TOKEN>"
 ```

 This is the fallback auth method. The gateway reads it as a container environment variable.
@@ -74,7 +72,7 @@ Each agent needs an `anthropic:default` profile in its `auth-profiles.json`:
    "anthropic:default": {
      "type": "oauth",
      "provider": "anthropic",
-      "access": "sk-ant-oat01-YOUR_TOKEN_HERE"
+      "access": "<YOUR-ACCESS-TOKEN>"
    }
  },
  "lastGood": {
@@ -92,8 +90,8 @@ At `/root/.openclaw/credentials/oauth.json` (maps to `/home/node/.openclaw/crede
 ```json
 {
  "anthropic": {
-    "access": "sk-ant-oat01-YOUR_TOKEN_HERE",
-    "refresh": "sk-ant-ort01-YOUR_REFRESH_TOKEN",
+    "access": "<YOUR-ACCESS-TOKEN>",
+    "refresh": "<YOUR-REFRESH-TOKEN>",
    "expires": 1772120060006,
    "scopes": ["user:inference", "user:mcp_servers", "user:profile", "user:sessions:claude_code"],
    "subscriptionType": "max",
@@ -105,6 +103,7 @@ At `/root/.openclaw/credentials/oauth.json` (maps to `/home/node/.openclaw/crede
 ## Available Built-in Models

 When using the built-in Anthropic provider:
+
 - `anthropic/claude-opus-4-6`
 - `anthropic/claude-sonnet-4-6`
 - Other models listed in the Anthropic API
@@ -132,7 +131,7 @@ You can set a specific model per agent:
 2. For `type: "oauth"`, it requires the `access` field (not `key`)
 3. If no valid profile: falls back to `ANTHROPIC_OAUTH_TOKEN` env var
 4. On startup, `mergeOAuthFileIntoStore()` reads `oauth.json` and merges credentials
-5. `isOAuthToken()` detects the `sk-ant-oat` prefix
+5. `isOAuthToken()` detects the `<token-prefix>` prefix
 6. Uses Bearer auth + Claude Code identity headers to call `api.anthropic.com`

 ## OAuth Token Lifecycle