docs(release): require tmux for 1password fallback · openclaw/openclaw@62adf63
steipete
·
2026-04-25
·
via Recent Commits to openclaw:main
File tree
.agents/skills/openclaw-release-maintainer
| Original file line number | Diff line number | Diff line change |
|---|
@@ -345,6 +345,9 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
|
345 | 345 | or stale, use the local tmux + 1Password fallback: |
346 | 346 | - Start or reuse a tmux session so interactive `npm login` and OTP prompts |
347 | 347 | are observable and recoverable. |
| 348 | +- Hard rule: never run `op` directly in the main agent shell during release |
| 349 | + work. Any 1Password CLI use must happen inside that tmux session so prompts |
| 350 | + and alerts are contained and observable. |
348 | 351 | - Use the 1Password item `op://Private/Npmjs` for npm credentials and OTP. |
349 | 352 | Do not print passwords, tokens, or OTPs to the transcript; send them through |
350 | 353 | tmux buffers, env vars scoped to the tmux command, or `expect` with |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -200,6 +200,11 @@ requires `NPM_TOKEN`, while the public repo keeps OIDC-only publish.
|
200 | 200 | That keeps the direct publish path and the beta-first promotion path both |
201 | 201 | documented and operator-visible. |
202 | 202 | |
| 203 | +If a maintainer must fall back to local npm authentication, run any 1Password |
| 204 | +CLI (`op`) commands only inside a dedicated tmux session. Do not call `op` |
| 205 | +directly from the main agent shell; keeping it inside tmux makes prompts, |
| 206 | +alerts, and OTP handling observable and prevents repeated host alerts. |
| 207 | + |
203 | 208 | ## Public references |
204 | 209 | |
205 | 210 | - [`.github/workflows/openclaw-npm-release.yml`](https://github.com/openclaw/openclaw/blob/main/.github/workflows/openclaw-npm-release.yml) |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。