rookiestar28
diff --git a/‎.detect-secrets.cfg‎
Lines changed: 1 addition & 1 deletion b/‎.detect-secrets.cfg‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 9 additions & 2 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎api/checkpoints_handler.py‎
Lines changed: 39 additions & 15 deletions b/‎api/checkpoints_handler.py‎
Lines changed: 39 additions & 15 deletions
diff --git a/‎api/config.py‎
Lines changed: 29 additions & 14 deletions b/‎api/config.py‎
Lines changed: 29 additions & 14 deletions
diff --git a/‎api/preflight_handler.py‎
Lines changed: 42 additions & 21 deletions b/‎api/preflight_handler.py‎
Lines changed: 42 additions & 21 deletions
@@ -36,7 +36,7 @@ exclude_lines:
   - "example.com"
   - "your-api-key"
   - "<token>"
-  - "<your.*>"
+  - "(?i)<your.*>"
   - "sk-xxx"
 
 # Exclude files
 
@@ -4,15 +4,22 @@
 # Install: pip install pre-commit && pre-commit install
 # Update baseline: detect-secrets scan --baseline .secrets.baseline
 
+exclude: |
+  (?x)^(
+    REFERENCE/.*|
+    node_modules/.*|
+    test-results/.*|
+    playwright-report/.*|
+    playwright/\\.cache/.*
+  )$
+
 repos:
   # Secret detection
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.4.0
     hooks:
       - id: detect-secrets
         args:
-          - --config
-          - .detect-secrets.cfg
           - --baseline
           - .secrets.baseline
         exclude: |
 
@@ -2,6 +2,7 @@
 Checkpoints API Handlers (R47).
 Exposes endpoints for listing, creating, retrieving, and deleting workflow checkpoints.
 """
+
 from __future__ import annotations
 
 import json
@@ -17,13 +18,23 @@
 if __package__ and "." in __package__:
     from ..models.schemas import MAX_BODY_SIZE
     from ..services.access_control import is_loopback, require_admin_token
-    from ..services.checkpoints import create_checkpoint, delete_checkpoint, get_checkpoint, list_checkpoints
+    from ..services.checkpoints import (
+        create_checkpoint,
+        delete_checkpoint,
+        get_checkpoint,
+        list_checkpoints,
+    )
     from ..services.rate_limit import check_rate_limit
     from ..services.request_ip import get_client_ip
 else:  # pragma: no cover (test-only import mode)
     from models.schemas import MAX_BODY_SIZE  # type: ignore
     from services.access_control import is_loopback, require_admin_token  # type: ignore
-    from services.checkpoints import create_checkpoint, delete_checkpoint, get_checkpoint, list_checkpoints  # type: ignore
+    from services.checkpoints import (  # type: ignore
+        create_checkpoint,
+        delete_checkpoint,
+        get_checkpoint,
+        list_checkpoints,
+    )
     from services.rate_limit import check_rate_limit  # type: ignore
     from services.request_ip import get_client_ip  # type: ignore
 
@@ -34,12 +45,17 @@
 def _json_resp(data: Dict[str, Any], status: int = 200) -> web.Response:
     return web.json_response(data, status=status)
 
+
 def _remote_admin_allowed() -> bool:
     val = (
-        os.environ.get("OPENCLAW_ALLOW_REMOTE_ADMIN")
-        or os.environ.get("MOLTBOT_ALLOW_REMOTE_ADMIN")
-        or ""
-    ).strip().lower()
+        (
+            os.environ.get("OPENCLAW_ALLOW_REMOTE_ADMIN")
+            or os.environ.get("MOLTBOT_ALLOW_REMOTE_ADMIN")
+            or ""
+        )
+        .strip()
+        .lower()
+    )
     return val in ("1", "true", "yes", "on")
 
 
@@ -60,8 +76,9 @@ def _deny_remote_admin_if_needed(request: web.Request) -> web.Response | None:
 
 async def list_checkpoints_handler(request: web.Request) -> web.Response:
     """GET /openclaw/checkpoints"""
-    if web is None: raise RuntimeError("aiohttp not available")
-    
+    if web is None:
+        raise RuntimeError("aiohttp not available")
+
     if not check_rate_limit(request, "admin"):
         return _json_resp({"ok": False, "error": "rate_limit_exceeded"}, 429)
 
@@ -82,47 +99,53 @@ async def list_checkpoints_handler(request: web.Request) -> web.Response:
 
 async def create_checkpoint_handler(request: web.Request) -> web.Response:
     """POST /openclaw/checkpoints"""
-    if web is None: raise RuntimeError("aiohttp not available")
+    if web is None:
+        raise RuntimeError("aiohttp not available")
 
     if not check_rate_limit(request, "admin"):
         return _json_resp({"ok": False, "error": "rate_limit_exceeded"}, 429)
 
     # Body Size Check
     if request.content_length and request.content_length > MAX_BODY_SIZE:
-         return _json_resp({"ok": False, "error": "payload_too_large"}, 413)
+        return _json_resp({"ok": False, "error": "payload_too_large"}, 413)
 
     try:
         data = await request.json()
     except Exception:
         return _json_resp({"ok": False, "error": "invalid_json"}, 400)
 
+    # Admin boundary (localhost convenience mode if no token configured)
     allowed, error = require_admin_token(request)
     if not allowed:
         return _json_resp({"ok": False, "error": error or "unauthorized"}, 403)
     deny_resp = _deny_remote_admin_if_needed(request)
     if deny_resp:
         return deny_resp
 
+    # Extract info
     workflow = data.get("workflow") or data.get("prompt")
     name = data.get("name", "Untitled Snapshot")
     description = data.get("description", "")
 
     if not workflow or not isinstance(workflow, dict):
-         return _json_resp({"ok": False, "error": "missing_workflow"}, 400)
+        return _json_resp({"ok": False, "error": "missing_workflow"}, 400)
 
     try:
         meta = create_checkpoint(name, workflow, description)
         return _json_resp({"ok": True, "checkpoint": meta}, 201)
     except ValueError as e:
-        return _json_resp({"ok": False, "error": "validation_error", "detail": str(e)}, 400)
+        return _json_resp(
+            {"ok": False, "error": "validation_error", "detail": str(e)}, 400
+        )
     except Exception as e:
         logger.exception("Create checkpoint failed")
         return _json_resp({"ok": False, "error": str(e)}, 500)
 
 
 async def get_checkpoint_handler(request: web.Request) -> web.Response:
     """GET /openclaw/checkpoints/{id}"""
-    if web is None: raise RuntimeError("aiohttp not available")
+    if web is None:
+        raise RuntimeError("aiohttp not available")
 
     checkpoint_id = request.match_info.get("id")
     if not checkpoint_id:
@@ -147,11 +170,12 @@ async def get_checkpoint_handler(request: web.Request) -> web.Response:
 
 async def delete_checkpoint_handler(request: web.Request) -> web.Response:
     """DELETE /openclaw/checkpoints/{id}"""
-    if web is None: raise RuntimeError("aiohttp not available")
+    if web is None:
+        raise RuntimeError("aiohttp not available")
 
     checkpoint_id = request.match_info.get("id")
     if not checkpoint_id:
-         return _json_resp({"ok": False, "error": "missing_id"}, 400)
+        return _json_resp({"ok": False, "error": "missing_id"}, 400)
 
     allowed, error = require_admin_token(request)
     if not allowed:
 
@@ -238,7 +238,7 @@ async def llm_models_handler(request: web.Request) -> web.Response:
     provider_override = (request.query.get("provider") or "").strip().lower()
     effective, _sources = get_effective_config()
     provider = provider_override or (effective.get("provider") or "openai")
-    
+
     # Resolve Base URL (Runtime config > Catalog Default)
     # Allows users to override base_url for standard providers (e.g. self-hosted OpenAI compat)
     runtime_base_url = (effective.get("base_url") or "").strip()
@@ -268,15 +268,18 @@ async def llm_models_handler(request: web.Request) -> web.Response:
     # Priority: Runtime URL -> Info Default
     base_url = runtime_base_url if runtime_base_url else info.base_url
     if not base_url:
-         return web.json_response(
-            {"ok": False, "error": f"No base URL configured for provider '{provider}'."},
+        return web.json_response(
+            {
+                "ok": False,
+                "error": f"No base URL configured for provider '{provider}'.",
+            },
             status=400,
         )
 
     # Cache Key: (provider, base_url)
     # This ensures switching base_url (e.g. from OpenAI to local proxy) doesn't use stale cache.
     cache_key = (provider, base_url)
-    
+
     # Check Cache
     now = time.time()
     cached_entry = _MODEL_LIST_CACHE.get(cache_key)
@@ -336,20 +339,26 @@ async def llm_models_handler(request: web.Request) -> web.Response:
             body = resp.read(1_000_000)
         payload = json.loads(body.decode("utf-8", errors="replace"))
         models = _extract_models_from_payload(payload)
-        
+
         # Update Cache
         _MODEL_LIST_CACHE[cache_key] = (now, models)
-        
+
         return web.json_response(
             {"ok": True, "provider": provider, "models": models, "cached": False}
         )
     except urllib.error.HTTPError as e:
         # Fallback Check
         if cached_entry:
-             ts, models = cached_entry
-             warning = f"Using cached list (refresh failed: HTTP {e.code} {e.reason})"
-             return web.json_response(
-                {"ok": True, "provider": provider, "models": models, "cached": True, "warning": warning}
+            ts, models = cached_entry
+            warning = f"Using cached list (refresh failed: HTTP {e.code} {e.reason})"
+            return web.json_response(
+                {
+                    "ok": True,
+                    "provider": provider,
+                    "models": models,
+                    "cached": True,
+                    "warning": warning,
+                }
             )
         return web.json_response(
             {"ok": False, "error": f"HTTP error {e.code}: {e.reason}"}, status=502
@@ -358,10 +367,16 @@ async def llm_models_handler(request: web.Request) -> web.Response:
         logger.exception("Failed to fetch model list")
         # Fallback Check
         if cached_entry:
-             ts, models = cached_entry
-             warning = f"Using cached list (refresh failed: {str(e)})"
-             return web.json_response(
-                {"ok": True, "provider": provider, "models": models, "cached": True, "warning": warning}
+            ts, models = cached_entry
+            warning = f"Using cached list (refresh failed: {str(e)})"
+            return web.json_response(
+                {
+                    "ok": True,
+                    "provider": provider,
+                    "models": models,
+                    "cached": True,
+                    "warning": warning,
+                }
             )
         return web.json_response({"ok": False, "error": str(e)}, status=500)
 
 
@@ -3,6 +3,7 @@
 
 Exposes POST /openclaw/preflight to run diagnostics on a workflow payload.
 """
+
 from __future__ import annotations
 
 import json
@@ -18,13 +19,21 @@
 if __package__ and "." in __package__:
     from ..models.schemas import MAX_BODY_SIZE
     from ..services.access_control import is_loopback, require_admin_token
-    from ..services.preflight import _get_model_inventory, _get_node_class_mappings, run_preflight_check
+    from ..services.preflight import (
+        _get_model_inventory,
+        _get_node_class_mappings,
+        run_preflight_check,
+    )
     from ..services.rate_limit import check_rate_limit
     from ..services.request_ip import get_client_ip
 else:  # pragma: no cover (test-only import mode)
     from models.schemas import MAX_BODY_SIZE  # type: ignore
     from services.access_control import is_loopback, require_admin_token  # type: ignore
-    from services.preflight import _get_model_inventory, _get_node_class_mappings, run_preflight_check  # type: ignore
+    from services.preflight import (  # type: ignore
+        _get_model_inventory,
+        _get_node_class_mappings,
+        run_preflight_check,
+    )
     from services.rate_limit import check_rate_limit  # type: ignore
     from services.request_ip import get_client_ip  # type: ignore
 
@@ -33,10 +42,14 @@
 
 def _remote_admin_allowed() -> bool:
     val = (
-        os.environ.get("OPENCLAW_ALLOW_REMOTE_ADMIN")
-        or os.environ.get("MOLTBOT_ALLOW_REMOTE_ADMIN")
-        or ""
-    ).strip().lower()
+        (
+            os.environ.get("OPENCLAW_ALLOW_REMOTE_ADMIN")
+            or os.environ.get("MOLTBOT_ALLOW_REMOTE_ADMIN")
+            or ""
+        )
+        .strip()
+        .lower()
+    )
     return val in ("1", "true", "yes", "on")
 
 
@@ -72,34 +85,42 @@ async def preflight_handler(request: web.Request) -> web.Response:
     # Body Size Check
     content_type = request.headers.get("Content-Type", "")
     if not content_type.startswith("application/json"):
-        return web.json_response({"ok": False, "error": "unsupported_media_type"}, status=415)
+        return web.json_response(
+            {"ok": False, "error": "unsupported_media_type"}, status=415
+        )
 
     try:
         raw_body = await request.content.read(MAX_BODY_SIZE + 1)
         if len(raw_body) > MAX_BODY_SIZE:
             return web.json_response(
                 {"ok": False, "error": "payload_too_large"}, status=413
             )
-        data = json.loads(raw_body.decode("utf-8"))
+        data = json.loads(raw_body)
     except Exception:
         return web.json_response({"ok": False, "error": "invalid_json"}, status=400)
 
     # Admin boundary (localhost convenience mode if no token configured)
     allowed, error = require_admin_token(request)
     if not allowed:
-        return web.json_response({"ok": False, "error": error or "unauthorized"}, status=403)
+        return web.json_response(
+            {"ok": False, "error": error or "unauthorized"}, status=403
+        )
     deny_resp = _deny_remote_admin_if_needed(request)
     if deny_resp:
         return deny_resp
 
     # Extract workflow
     # It might be in { "prompt": ... } or root
     workflow = data.get("prompt") or data
-    
+
     if not isinstance(workflow, dict):
         return web.json_response(
-             {"ok": False, "error": "invalid_payload", "detail": "Expected JSON object with workflow data"},
-             status=400
+            {
+                "ok": False,
+                "error": "invalid_payload",
+                "detail": "Expected JSON object with workflow data",
+            },
+            status=400,
         )
 
     # Run Diagnostics
@@ -130,24 +151,24 @@ async def inventory_handler(request: web.Request) -> web.Response:
     # Admin boundary (localhost convenience mode if no token configured)
     allowed, error = require_admin_token(request)
     if not allowed:
-        return web.json_response({"ok": False, "error": error or "unauthorized"}, status=403)
+        return web.json_response(
+            {"ok": False, "error": error or "unauthorized"}, status=403
+        )
     deny_resp = _deny_remote_admin_if_needed(request)
     if deny_resp:
         return deny_resp
-        
+
     try:
         # Nodes (Classes only needed)
         nodes_map = _get_node_class_mappings()
         node_classes = sorted(list(nodes_map.keys()))
-        
+
         # Models
         models_map = _get_model_inventory()
-        
-        return web.json_response({
-            "ok": True,
-            "nodes": node_classes,
-            "models": models_map
-        })
+
+        return web.json_response(
+            {"ok": True, "nodes": node_classes, "models": models_map}
+        )
     except Exception as e:
         logger.exception("Inventory fetch failed")
         return web.json_response(