MCPcopy
hub / github.com/larksuite/cli / resolveExecRef

Function resolveExecRef

internal/binding/secret_resolve_exec.go:52–62  ·  view source on GitHub ↗

resolveExecRef handles {source:"exec"} SecretRef resolution. It audits the command path, runs the child under a timeout with a hard stdout cap, and extracts the secret from the JSON response. providerName is the caller- resolved effective alias (honours secrets.defaults.exec from openclaw.json).

(ref *SecretRef, providerName string, pc *ProviderConfig, getenv func(string) string)

Source from the content-addressed store, hash-verified

50// extracts the secret from the JSON response. providerName is the caller-
51// resolved effective alias (honours secrets.defaults.exec from openclaw.json).
52func resolveExecRef(ref *SecretRef, providerName string, pc *ProviderConfig, getenv func(string) string) (string, error) {
53 prep, err := prepareExecRun(ref, providerName, pc, getenv)
54 if err != nil {
55 return "", err
56 }
57 stdout, err := runExecCommand(prep)
58 if err != nil {
59 return "", err
60 }
61 return extractExecSecret(stdout, ref.ID, effectiveJSONOnly(pc))
62}
63
64// prepareExecRun audits the command path, marshals the JSON request,
65// assembles the minimal child env, and resolves timeout / output limits.

Calls 4

prepareExecRunFunction · 0.85
runExecCommandFunction · 0.85
extractExecSecretFunction · 0.85
effectiveJSONOnlyFunction · 0.85