CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-06-01 20:11:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clarify OpenClaw HMAC agent credentials

Browse Source
This commit is contained in:
BigBodyCobain
2026-05-30 13:52:01 -06:00
parent a16f22ed34
commit f03ebbba11
5 changed files with 74 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/components/AIIntelPanel.tsx
+9 -1
View File
@@ -632,10 +632,18 @@ function ConnectModalBody({ apiEndpoint, handleCopy, copied }: ConnectModalBodyP
const buildSnippet = (key: string) => {
const lines: string[] = [];
if (resolvedUrl) lines.push(`SHADOWBROKER_URL=${resolvedUrl}`);
lines.push(`SHADOWBROKER_KEY=${key}`);
lines.push(`SHADOWBROKER_HMAC_SECRET=${key}`);
lines.push(`SHADOWBROKER_ACCESS=${accessTier}`);
if (connectionMode === 'remote' && nodeId) lines.push(`SHADOWBROKER_NODE_ID=${nodeId}`);
lines.push('');
lines.push('# AUTH DIRECTIVE:');
lines.push('# SHADOWBROKER_HMAC_SECRET is a shared HMAC signing secret, not a raw API key.');
lines.push('# Never send it as X-Admin-Key, Authorization: Bearer, a query parameter, or a plain request header.');
lines.push('# Every direct ShadowBroker API request must be HMAC-SHA256 signed with:');
lines.push('# X-SB-Timestamp, X-SB-Nonce, X-SB-Signature');
lines.push('# Signature input: METHOD|path|timestamp|nonce|sha256(body)');
lines.push('# Use the ShadowBrokerClient/openclaw skill helper so requests are signed automatically.');
lines.push('');
lines.push('# OPERATING DIRECTIVE:');
lines.push('# You are a remote OpenClaw agent connected to ShadowBroker.');
lines.push('# ShadowBroker is a live intelligence and telemetry platform, not a narrow single-purpose API.');
frontend/src/components/OnboardingModal.tsx
+5 -2
View File
@@ -129,13 +129,16 @@ const OnboardingModal = React.memo(function OnboardingModal({
const agentSnippet = [
`SHADOWBROKER_URL=${agentEndpoint}`,
agentSecret ? `SHADOWBROKER_KEY=${agentSecret}` : 'SHADOWBROKER_KEY=<generate in ShadowBroker>',
agentSecret ? `SHADOWBROKER_HMAC_SECRET=${agentSecret}` : 'SHADOWBROKER_HMAC_SECRET=<generate in ShadowBroker>',
`SHADOWBROKER_ACCESS=${agentTier}`,
'',
'# FIRST: load available tools',
`GET ${agentEndpoint}/api/ai/tools`,
'',
'# Auth: HMAC-SHA256 signed requests.',
'# Auth: SHADOWBROKER_HMAC_SECRET is not a raw API key.',
'# Sign every direct request with X-SB-Timestamp, X-SB-Nonce, and X-SB-Signature.',
'# Signature input: METHOD|path|timestamp|nonce|sha256(body).',
'# Do not send the secret as X-Admin-Key, Authorization, or a query parameter.',
'# Restricted = read-only telemetry. Full = can write when asked.',
].join('\n');
const remoteAgentNeedsTor = agentMode === 'remote' && !torAddress;