- Add vault/SCHEMA.md documenting the TOML schema for vault actions - Add validate_vault_action() function to vault/vault-env.sh that: - Validates required fields (id, formula, context, secrets) - Validates secret names against allowlist - Rejects unknown fields - Validates formula exists in formulas/ - Create vault/validate.sh script for CLI validation - Add example TOML files in vault/examples/: - webhook-call.toml: Example calling external webhook - promote.toml: Example promoting build/artifact - publish.toml: Example publishing to ClawHub
Moves shared env.sh sourcing + vault-bot token override into vault/vault-env.sh so the three vault sub-scripts no longer share a duplicate 5-line block. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
