openai-auth-switcher-public

# OpenAI Auth Switcher Public Use this skill as the **publishable public-track release** of the OpenAI auth switcher workflow. It is designed for OpenClaw administrators who want a **web-first, first-run-friendly, release-safe** workflow for OpenAI OAuth account takeover, inspection, dry-run validation, controlled switching, and public distribution. ## Purpose Keep the live/internal operator skill and the public distributable skill separated. This public track must: - avoid bundling live runtime state - avoid bundling auth snapshots, callbacks, backups, or token ledgers from a real machine - avoid machine-specific hard-coded paths where possible - document compatibility boundaries explicitly - provide a release-safe packaging workflow - keep temporary runtime files inside the skill runtime area, while encouraging important persistent state to live in an external state base via `OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR` ## Core operating model Treat OpenClaw OpenAI OAuth switching as a high-sensitivity maintenance workflow. Always do work in this order: 1. Use `install.sh` as the default user-facing bootstrap entrypoint. 2. Run `doctor.py` when installation or environment checks fail. 3. Confirm runtime discovery with `env_detect.py`. 4. Inspect the current runtime before any switch logic. 5. Dry-run any target before proposing a write. 6. Keep rollback and backup behavior explicit. 7. Package only from this public skill directory or from a sanitized staging copy. ## Included scripts Primary public-release scripts: - `install.sh` — recommended user entrypoint; wraps the web bootstrap into a single shell command - `uninstall.sh` — recommended cleanup entrypoint before `clawhub uninstall` - `scripts/install_web_app.py` — one-shot web bootstrap for first-run access - `scripts/pick_port.py` — port selection helper (`9527` → `12138` → fallback) - `scripts/generate_web_credentials.py` — default admin credential generator - `scripts/doctor.py` — compatibility and environment checks - `scripts/env_detect.py` — OpenClaw path and runtime discovery - `scripts/paths.py` — centralized path resolution helpers - `scripts/inspect_runtime.py` — portable runtime inspection - `scripts/profile_slot.py` — public-safe slot metadata and local slot files - `scripts/rollback_experiment.py` — rollback helper using explicit backup sources - `scripts/switch_experiment.py` — controlled switch experiment with backup and rollback - `scripts/token_ledger.py` — local token attribution ledger rebuild - `scripts/hourly_usage.py` — hourly/daily rollup payload for local analytics - `scripts/package_public_skill.py` — release-safe packager wrapper Helper modules: - `scripts/auth_file_lib.py` - `scripts/probe_lib.py` - `scripts/lock_lib.py` - `scripts/state_lib.py` ## Compatibility and safety references Read only as needed: - `references/compatibility.md` — Python / Node / OpenClaw / OS expectations - `references/runtime-discovery.md` — path detection and override model - `references/install-and-runbook.md` — operator flow and first-run checks - `references/security-model.md` — sensitivity, boundaries, and redaction rules - `references/packaging-policy.md` — publish checklist and forbidden contents - `references/migration-notes.md` — relation to the internal/live skill ## Release rule Do not publish `skills/openai-auth-switcher` directly. Use the public skill directory for ClawHub publication and use a packaging wrapper that rejects runtime data, backups, session callbacks, and credential-bearing files. Recommended first release positioning: - version: `0.1.0` - tested on OpenClaw `2026.3.11` - tested on Python `3.11` - tested on Node.js `22.x` - Linux-first release