From cb683c43bb2cc830caaa8690415eec6b36fd351d Mon Sep 17 00:00:00 2001
From: orion <orion@op.hangman-lab.top>
Date: Thu, 16 Apr 2026 14:34:00 +0000
Subject: [PATCH] fix: avoid clobbering sensitive config fields during
 configure

Reading the entire plugins tree via openclaw config get returns redacted
values for sensitive fields. Writing it back overwrites real secrets with
the __OPENCLAW_REDACTED__ sentinel. Changed to set individual leaf paths
only when missing.
---
 install.mjs | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/install.mjs b/install.mjs
index 850ce5e..3071ea2 100755
--- a/install.mjs
+++ b/install.mjs
@@ -349,23 +349,21 @@ async function configure() {
     if (!allow.includes(PLUGIN_NAME)) { allow.push(PLUGIN_NAME); setOpenclawConfig('plugins.allow', allow); }
     logOk(`plugins.allow includes ${PLUGIN_NAME}`);
 
-    const plugins = getOpenclawConfig('plugins', {});
-    plugins.entries = plugins.entries || {};
+    const entryPath = `plugins.entries.${PLUGIN_NAME}`;
+    const existingEnabled = getOpenclawConfig(`${entryPath}.enabled`, undefined);
+    if (existingEnabled === undefined) setOpenclawConfig(`${entryPath}.enabled`, true);
 
-    const existingEntry = plugins.entries[PLUGIN_NAME] || {};
-    const existingConfig = existingEntry.config || {};
-    const defaultConfig = { enabled: true, secretMgrPath, openclawProfilePath: openclawPath };
+    const cfgPath = `${entryPath}.config`;
+    const existingCfgEnabled = getOpenclawConfig(`${cfgPath}.enabled`, undefined);
+    if (existingCfgEnabled === undefined) setOpenclawConfig(`${cfgPath}.enabled`, true);
 
-    plugins.entries[PLUGIN_NAME] = {
-      ...existingEntry,
-      enabled: existingEntry.enabled ?? true,
-      config: {
-        ...defaultConfig,
-        ...existingConfig,
-      },
-    };
-    setOpenclawConfig('plugins', plugins);
-    logOk('Plugin entry configured (preserved existing config, added missing defaults)');
+    const existingSecretMgr = getOpenclawConfig(`${cfgPath}.secretMgrPath`, undefined);
+    if (existingSecretMgr === undefined) setOpenclawConfig(`${cfgPath}.secretMgrPath`, secretMgrPath);
+
+    const existingProfile = getOpenclawConfig(`${cfgPath}.openclawProfilePath`, undefined);
+    if (existingProfile === undefined) setOpenclawConfig(`${cfgPath}.openclawProfilePath`, openclawPath);
+
+    logOk('Plugin entry configured (set missing defaults only)');
   } catch (err) {
     logWarn(`Config failed: ${err.message}`);
   }