fix: feat: define vault action TOML schema for PR-based approval (#74)
- Add vault/SCHEMA.md documenting the TOML schema for vault actions - Add validate_vault_action() function to vault/vault-env.sh that: - Validates required fields (id, formula, context, secrets) - Validates secret names against allowlist - Rejects unknown fields - Validates formula exists in formulas/ - Create vault/validate.sh script for CLI validation - Add example TOML files in vault/examples/: - webhook-call.toml: Example calling external webhook - promote.toml: Example promoting build/artifact - publish.toml: Example publishing to ClawHub
This commit is contained in:
Agent
parent
29717f767b
commit
e48e218158
6 changed files with 332 additions and 0 deletions
21
vault/examples/promote.toml
Normal file
21
vault/examples/promote.toml
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# vault/examples/promote.toml
|
||||
# Example: Promote a build/artifact to production
|
||||
#
|
||||
# This vault action demonstrates promoting a built artifact to a
|
||||
# production environment with proper authentication.
|
||||
|
||||
id = "promote-20260331"
|
||||
formula = "run-supervisor"
|
||||
context = "Promote build v1.2.3 to production environment"
|
||||
|
||||
# Secrets to inject for deployment authentication
|
||||
secrets = ["DEPLOY_KEY", "DOCKER_HUB_TOKEN"]
|
||||
|
||||
# Optional: use larger model for complex deployment logic
|
||||
model = "sonnet"
|
||||
|
||||
# Optional: enable MCP tools for container operations
|
||||
tools = ["docker"]
|
||||
|
||||
# Optional: deployments may take longer
|
||||
timeout_minutes = 45
|
||||
21
vault/examples/publish.toml
Normal file
21
vault/examples/publish.toml
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# vault/examples/publish.toml
|
||||
# Example: Publish a skill to ClawHub
|
||||
#
|
||||
# This vault action demonstrates publishing a skill to ClawHub
|
||||
# using the clawhub-publish formula.
|
||||
|
||||
id = "publish-site-20260331"
|
||||
formula = "run-publish-site"
|
||||
context = "Publish updated site to production"
|
||||
|
||||
# Secrets to inject (only these get passed to the container)
|
||||
secrets = ["DEPLOY_KEY"]
|
||||
|
||||
# Optional: use sonnet model
|
||||
model = "sonnet"
|
||||
|
||||
# Optional: enable MCP tools
|
||||
tools = []
|
||||
|
||||
# Optional: 30 minute timeout
|
||||
timeout_minutes = 30
|
||||
21
vault/examples/webhook-call.toml
Normal file
21
vault/examples/webhook-call.toml
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# vault/examples/webhook-call.toml
|
||||
# Example: Call an external webhook with authentication
|
||||
#
|
||||
# This vault action demonstrates calling an external webhook endpoint
|
||||
# with proper authentication via injected secrets.
|
||||
|
||||
id = "webhook-call-20260331"
|
||||
formula = "run-rent-a-human"
|
||||
context = "Notify Slack channel about deployment completion"
|
||||
|
||||
# Secrets to inject (only these get passed to the container)
|
||||
secrets = ["DEPLOY_KEY"]
|
||||
|
||||
# Optional: use sonnet model for this action
|
||||
model = "sonnet"
|
||||
|
||||
# Optional: enable MCP tools
|
||||
tools = []
|
||||
|
||||
# Optional: 30 minute timeout
|
||||
timeout_minutes = 30
|
||||
Loading…
Add table
Add a link
Reference in a new issue