openclaw-ynabro 2.2.4 → 2.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +52 -16
  2. package/openclaw.plugin.json +5 -8
  3. package/package.json +2 -1
  4. package/skills/ynabro/prompts/ynabro.md +7 -2
package/README.md CHANGED
@@ -29,25 +29,61 @@ openclaw plugins install openclaw-ynabro
29
29
 
30
30
  ## Configuration
31
31
 
32
- Set your YNAB Personal Access Token in `openclaw.json`:
33
-
34
- ```json
35
- {
36
- "plugins": {
37
- "entries": {
38
- "openclaw-ynabro": {
39
- "config": {
40
- "token": "your-ynab-personal-access-token"
41
- }
42
- }
43
- }
44
- }
45
- }
32
+ Generate a YNAB Personal Access Token at https://app.ynab.com/settings/developer.
33
+
34
+ `openclaw-ynabro` integrates with [OpenClaw's secrets system](https://docs.openclaw.ai/gateway/secrets) — the token is registered as a SecretRef-eligible surface at `plugins.entries.openclaw-ynabro.config.token`. Store it with one of the supported flows; no environment variable fallback is implemented in the plugin.
35
+
36
+ ### Interactive (recommended)
37
+
38
+ ```bash
39
+ openclaw secrets configure
40
+ ```
41
+
42
+ In the wizard:
43
+
44
+ 1. Add or reuse a secrets provider (`env`, `file`, or `exec`).
45
+ 2. From the target picker, select `plugins.entries.openclaw-ynabro.config.token`.
46
+ 3. Provide the `source` / `provider` / `id` for your chosen backend.
47
+ 4. Run preflight and apply the plan.
48
+
49
+ ### Non-interactive
50
+
51
+ Examples — pick whichever provider matches your secret backend:
52
+
53
+ ```bash
54
+ # env provider (token loaded from ~/.openclaw/.env or shell env)
55
+ openclaw config set plugins.entries.openclaw-ynabro.config.token \
56
+ --ref-source env --ref-provider default --ref-id YNAB_TOKEN
57
+
58
+ # file provider (token stored in a JSON secrets file)
59
+ openclaw config set plugins.entries.openclaw-ynabro.config.token \
60
+ --ref-source file --ref-provider filemain --ref-id /plugins/openclaw-ynabro/token
61
+
62
+ # exec provider (token retrieved from an external secret manager)
63
+ openclaw config set plugins.entries.openclaw-ynabro.config.token \
64
+ --ref-source exec --ref-provider vault --ref-id providers/ynab/token
65
+
66
+ openclaw secrets reload
67
+ openclaw secrets audit | grep -i ynab
46
68
  ```
47
69
 
48
- OpenClaw also surfaces this as a sensitive field in its settings UI (labeled "YNAB Personal Access Token"). Generate a token at https://app.ynab.com/settings/developer.
70
+ The plugin reads the resolved token from `api.pluginConfig.token`; OpenClaw resolves the SecretRef before the plugin sees it.
71
+
72
+ The "YNAB Personal Access Token" field is also surfaced as a sensitive entry in OpenClaw's settings UI.
73
+
74
+ ### Plaintext (not recommended)
75
+
76
+ If you must, you can set the token in plaintext:
77
+
78
+ ```bash
79
+ openclaw config set plugins.entries.openclaw-ynabro.config.token "<your-ynab-pat>"
80
+ ```
81
+
82
+ This will surface in `openclaw secrets audit` as a plaintext finding — prefer a SecretRef.
83
+
84
+ ## Default Plan
49
85
 
50
- No environment variable fallback is supported.
86
+ The selected default plan id is persisted (non-secret) at `plugins.entries.openclaw-ynabro.config.defaultPlanId` by `ynabro_save_default_plan`. See **Onboarding** below.
51
87
 
52
88
  ## Onboarding
53
89
 
package/openclaw.plugin.json CHANGED
@@ -22,16 +22,13 @@
22
22
  "label": "YNAB Personal Access Token",
23
23
  "placeholder": "your-ynab-personal-access-token",
24
24
  "sensitive": true,
25
- "help": "Generate at https://app.ynab.com/settings/developer. Falls back to YNAB_TOKEN env var if not set here."
25
+ "help": "Generate at https://app.ynab.com/settings/developer. Store via `openclaw secrets configure` or `openclaw config set plugins.entries.openclaw-ynabro.config.token --ref-source env|file|exec --ref-provider <provider> --ref-id <id>`."
26
26
  }
27
27
  },
28
- "setup": {
29
- "providers": [
30
- {
31
- "id": "ynab",
32
- "envVars": ["YNAB_TOKEN"]
33
- }
34
- ]
28
+ "configContracts": {
29
+ "secretInputs": {
30
+ "paths": [{ "path": "token", "expected": "string" }]
31
+ }
35
32
  },
36
33
  "contracts": {
37
34
  "tools": [
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "openclaw-ynabro",
3
- "version": "2.2.4",
3
+ "version": "2.2.5",
4
4
  "description": "OpenClaw plugin that registers YNABro tools for YNAB integration",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -48,6 +48,7 @@
48
48
  },
49
49
  "scripts": {
50
50
  "build": "tsc -p tsconfig.build.json",
51
+ "test": "vitest run",
51
52
  "typecheck": "tsc --noEmit"
52
53
  }
53
54
  }
package/skills/ynabro/prompts/ynabro.md CHANGED
@@ -18,8 +18,13 @@ If `ready` is `false`, walk the user through setup:
18
18
  - **pi:** Call `ynabro_setup` — it presents a native TUI input popup where the
19
19
  user enters the token directly. It goes straight to pi's AuthStorage and
20
20
  never appears in the conversation.
21
- - **OpenClaw:** Instruct the user to add the token to `openclaw.json` or via
22
- the OpenClaw settings UI, then ask them to confirm when done.
21
+ - **OpenClaw:** Instruct the user to store the token using
22
+ `openclaw secrets configure` (recommended) and select the
23
+ `plugins.entries.openclaw-ynabro.config.token` target. As alternatives,
24
+ they can set it non-interactively with
25
+ `openclaw config set plugins.entries.openclaw-ynabro.config.token --ref-source env|file|exec ...`,
26
+ or via the OpenClaw settings UI's sensitive "YNAB Personal Access Token"
27
+ field. Ask them to confirm when done.
23
28
 
24
29
  2. **Missing plan:** Call `ynabro_setup` to list available plans. Help the user
25
30
  pick one. On OpenClaw, follow up with `ynabro_save_default_plan`.