amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(chaos): finalized absolute tangle paths via concat and INSTALL_DIR

Browse Source
This commit is contained in:
Amr Gharbeia
2026-04-28 18:22:49 -04:00
parent a2d6c5ae38
commit 357efbdb59
35 changed files with 641 additions and 641 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
skills/org-skill-credentials-vault.org
View File

@@ -1,4 +1,4 @@
#+PROPERTY: header-args:lisp :tangle (concat (getenv "INSTALL_DIR") "/skills/org-skill-credentials-vault.lisp" (expand-file-name ""))
#+PROPERTY: header-args:lisp :tangle (concat (identity (getenv "INSTALL_DIR")) "/skills/org-skill-credentials-vault.lisp")" )
:PROPERTIES:
:ID: credentials-vault-skill
:CREATED: [2026-04-09 Thu]
@@ -36,10 +36,10 @@ The vault provides a secure lookup table in RAM, backed by the persistent Memory
** 2. Semantic Interfaces
#+begin_src lisp
(defun vault-get-secret (provider &key type)
"Retrieves a secret (api-key or session) for a provider.")
"Retrieves a secret (api-key or session) for a provider.
(defun vault-set-secret (provider secret &key type)
"Securely stores a secret and triggers a Merkle snapshot.")
"Securely stores a secret and triggers a Merkle snapshot.
#+end_src
* Phase C: Success (QUALITY)
@@ -54,7 +54,7 @@ The vault provides a secure lookup table in RAM, backed by the persistent Memory
- [ ] *Onboarding Verification:* The cookie handshake successfully hydrates the vault.
** 2. TDD Plan
Tests in `tests/vault-tests.lisp` will verify:
Tests in `vault-tests.lisp` will verify:
1. Retrieval of keys from both `.env` (fallback) and Vault (primary).
2. Redaction of keys in log strings.
3. Successful version increment in the Memory after `vault-set-secret`.
@@ -70,7 +70,7 @@ We maintain an in-memory hash table for secrets, which is hydrated from and pers
#+begin_src lisp
(defvar opencortex::*vault-memory* (make-hash-table :test 'equal)
"In-memory cache of sensitive credentials.")
"In-memory cache of sensitive credentials.
#+end_src
** Helper: Secret Masking
@@ -81,7 +81,7 @@ The `vault-mask-string` function ensures that diagnostic output never contains t
"Returns a masked version of a sensitive string."
(if (and str (> (length str) 8))
(format nil "~a...~a" (subseq str 0 4) (subseq str (- (length str) 4)))
"[REDACTED]"))
"[REDACTED])
#+end_src
** Retrieval (vault-get-secret)
@@ -96,15 +96,15 @@ This function is the secure getter for all system secrets. It prioritizes the Va
val
;; Fallback to environment
(let ((env-var (case provider
((:gemini :gemini-api) "GEMINI_API_KEY")
(:openai "OPENAI_API_KEY")
(:anthropic "ANTHROPIC_API_KEY")
(:groq "GROQ_API_KEY")
(:openrouter "OPENROUTER_API_KEY")
(:telegram "TELEGRAM_BOT_TOKEN")
(:signal "SIGNAL_ACCOUNT_NUMBER")
(:matrix-homeserver "MATRIX_HOMESERVER")
(:matrix-token "MATRIX_ACCESS_TOKEN")
((:gemini :gemini-api) "GEMINI_API_KEY
(:openai "OPENAI_API_KEY
(:anthropic "ANTHROPIC_API_KEY
(:groq "GROQ_API_KEY
(:openrouter "OPENROUTER_API_KEY
(:telegram "TELEGRAM_BOT_TOKEN
(:signal "SIGNAL_ACCOUNT_NUMBER
(:matrix-homeserver "MATRIX_HOMESERVER
(:matrix-token "MATRIX_ACCESS_TOKEN
(t nil))))
(when (and env-var (eq type :api-key))
(getenv env-var))))))
@@ -129,11 +129,11 @@ Retained from the legacy Google skill, this provides the instructions for the au
#+begin_src lisp
(defun vault-onboard-gemini-web ()
"Instructions for the Autonomous Cookie Handshake."
(harness-log "--- GEMINI WEB ONBOARDING ---")
(harness-log "1. Visit gemini.google.com")
(harness-log "2. Run the 'Get Gemini Cookies' Bookmarklet.")
(harness-log " CODE: javascript:(function(){const c=document.cookie.split('; ').reduce((r,v)=>{const [n,val]=v.split('=');r[n]=val;return r},{});const target=['__Secure-1PSID','__Secure-1PSIDTS'];const out=target.map(n=>({name:n,value:c[n]}));prompt('Copy JSON:',JSON.stringify(out));})();")
(harness-log "PLATFORM GUIDE: Chrome/Firefox/Safari all support Bookmarklets via 'Add Page' or 'New Bookmark'.")
(harness-log "--- GEMINI WEB ONBOARDING ---
(harness-log "1. Visit gemini.google.com
(harness-log "2. Run the 'Get Gemini Cookies' Bookmarklet.
(harness-log " CODE: javascript:(function(){const c=document.cookie.split('; ').reduce((r,v)=>{const [n,val]=v.split('=');r[n]=val;return r},{});const target=['__Secure-1PSID','__Secure-1PSIDTS'];const out=target.map(n=>({name:n,value:c[n]}));prompt('Copy JSON:',JSON.stringify(out));})();
(harness-log "PLATFORM GUIDE: Chrome/Firefox/Safari all support Bookmarklets via 'Add Page' or 'New Bookmark'.
t)
#+end_src
@@ -154,23 +154,23 @@ Retained from the legacy Google skill, this provides the instructions for the au
Note: Tests disabled in jail load.
** 1. Unit Tests (FiveAM)
#+begin_src lisp :tangle (concat (getenv "INSTALL_DIR") "/skills/org-skill-credentials-vault.lisp" (expand-file-name ""))
#+begin_src lisp :tangle (concat (identity (getenv "INSTALL_DIR")) "/skills/org-skill-credentials-vault.lisp")" )
#|
(defpackage :opencortex-vault-tests
(:use :cl :fiveam :opencortex))
(in-package :opencortex-vault-tests)
(def-suite vault-suite :description "Tests for the Credentials Vault.")
(def-suite vault-suite :description "Tests for the Credentials Vault.
(in-suite vault-suite)
(test test-masking
(is (equal "sk-t...-key" (opencortex::vault-mask-string "sk-test-key")))
(is (equal "[REDACTED]" (opencortex::vault-mask-string "short"))))
(is (equal "sk-t...-key" (opencortex::vault-mask-string "sk-test-key))
(is (equal "[REDACTED]" (opencortex::vault-mask-string "short)))
(test test-vault-persistence
"Verify that setting a secret triggers a snapshot (mock check)."
(let ((old-version (opencortex::org-object-version (gethash "root" *memory*))))
(opencortex:vault-set-secret :test "secret-val")
(opencortex:vault-set-secret :test "secret-val
(is (> (opencortex::org-object-version (gethash "root" *memory*)) old-version))))
|#
#+end_src