Re-review of the previous CLI-config fix batch (4fc8948) surfaced three
regressions introduced by that batch itself, plus two sinks the secret
redaction still missed:
- dotenv.ts: quoting a value that needed escaping (contains #, quotes, or
leading/trailing whitespace) injected \\ and \" escapes that the real
`dotenv` package (used by gemini-cli to read the file back) never
unescapes — it only re-expands \n/\r inside double-quoted values. This
silently corrupted Windows-style paths (doubled backslashes) and any
value containing a literal double quote. Fixed by preferring a
single-quoted value (read back 100% literally) whenever it has no
embedded single quote, and only escaping \n/\r in the double-quote
fallback.
- redact.ts: the value-matching regex stopped at the first embedded
apostrophe in a double-quoted value, or at an already-broken/empty
quoted pair, leaving the real secret exposed as an unredacted trailing
fragment in both cases. Fixed by matching the rest of the source line
(smol-toml embeds raw source lines verbatim in its own error messages)
instead of a single quoted token.
- Centralized secret redaction inside parseTomlOrThrow/parseJsonOrThrow
themselves (instead of only at the two call sites that remembered to
wrap it), closing two previously-unredacted sinks:
validateCliConfigDraftForWrite (manual config-text editing) and
draftUpdater.ts's direct parse calls.
- Added missing assertCliConfigCredentials coverage for the
missing-base-URL branches of OpenCode/Qwen/Kimi (only the missing-API-key
branch had a test before).
Every fix has a regression test verified to fail without it; the dotenv
and redact tests exercise the real `dotenv`/`smol-toml` packages directly
rather than hand-crafted strings, to catch this class of drift going
forward.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Signed-off-by: eeee0717 <chentao020717Work@outlook.com>
Addresses a local code review of the CLI-config subsystem covering 18 findings
across 2 CRITICAL, 9 IMPORTANT, and 7 SUGGESTION items:
- Distinguish missing-file from read-error in readExternal/snapshotFile so a
transient read failure (EACCES/EBUSY) no longer gets misread as "file
doesn't exist," which previously caused the build path to wipe unmanaged
config keys and the rollback path to trash real user config files.
- Stop using the MANAGED (full-wipe) key set on incremental build paths for
Gemini/Qwen/Kimi, which was silently deleting fields Cherry has no UI for.
- Quote dotenv values containing `#` or leading/trailing whitespace so
Gemini's .env file survives round-tripping through external parsers.
- Fail closed (instead of silently defaulting) when OpenCode provider
resolution fails, and when Claude Code is enabled without an API key.
- Restore the custom OpenClaw gateway port preference and fix an initial-load
race in the config draft controller that could misclassify a foreign
config as managed before apiKeys finished loading.
- Redact likely secrets (including multiline TOML triple-quoted values and
Bearer tokens) from parser error messages before they reach logs/UI.
- Write CLI config files with 0600 permissions instead of the platform
default, since they contain credentials.
- Avoid a Codex provider display-name collision with the literal "OpenAI"
sentinel used to encode remoteCompaction.
- Remove the dead Codex "Write Common Config" toggle and its dead OpenClaw
IPC routes (check_health/get_channels/check_update/perform_update), which
had no consumers.
- Harden rollback error logging (don't mask the original write error with a
restore error) and null out empty-shell connection objects instead of
treating them as valid foreign configs.
Each fix ships with a regression test verified to fail without its
corresponding change.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Signed-off-by: eeee0717 <chentao020717Work@outlook.com>
Introduce a new renderer-side CLI config subsystem (src/renderer/pages/code/cliConfig/*) with draft editing, parsing, builders, injection, and clearing logic plus UI (CliConfigEditor, config panel integration). Move/refactor CLI page hooks/constants and tests to use the new module. Remove Hermes-specific code and config writers (hermesConfig + tests), drop Hermes from presets/i18n/CodeCli enums and paths. Add openclaw.sync_config IPC handler and adapt CodeCliService to delegate OpenClaw config sync to OpenClawService. Update preference/types to allow optional modelId and adjust related tests.