openai-auth-switcher-public

# OpenAI Auth Switcher Public

Use this skill as the **publishable public-track release** of the OpenAI auth switcher workflow.

It is designed for OpenClaw administrators who want a **web-first, first-run-friendly, release-safe** workflow for OpenAI OAuth account takeover, inspection, dry-run validation, controlled switching, and public distribution.

## Purpose

Keep the live/internal operator skill and the public distributable skill separated.

This public track must:

- avoid bundling live runtime state
- avoid bundling auth snapshots, callbacks, backups, or token ledgers from a real machine
- avoid machine-specific hard-coded paths where possible
- document compatibility boundaries explicitly
- provide a release-safe packaging workflow
- keep temporary runtime files inside the skill runtime area, while encouraging important persistent state to live in an external state base via `OPENAI_AUTH_SWITCHER_PUBLIC_STATE_DIR`

## Core operating model

Treat OpenClaw OpenAI OAuth switching as a high-sensitivity maintenance workflow.

Always do work in this order:

1. Use `install.sh` as the default user-facing bootstrap entrypoint.
2. Run `doctor.py` when installation or environment checks fail.
3. Confirm runtime discovery with `env_detect.py`.
4. Inspect the current runtime before any switch logic.
5. Dry-run any target before proposing a write.
6. Keep rollback and backup behavior explicit.
7. Package only from this public skill directory or from a sanitized staging copy.

## Included scripts

Primary public-release scripts:

- `install.sh` — recommended user entrypoint; wraps the web bootstrap into a single shell command
- `uninstall.sh` — recommended cleanup entrypoint before `clawhub uninstall`
- `scripts/install_web_app.py` — one-shot web bootstrap for first-run access
- `scripts/pick_port.py` — port selection helper (`9527` → `12138` → fallback)
- `scripts/generate_web_credentials.py` — default admin credential generator
- `scripts/doctor.py` — compatibility and environment checks
- `scripts/env_detect.py` — OpenClaw path and runtime discovery
- `scripts/paths.py` — centralized path resolution helpers
- `scripts/inspect_runtime.py` — portable runtime inspection
- `scripts/profile_slot.py` — public-safe slot metadata and local slot files
- `scripts/rollback_experiment.py` — rollback helper using explicit backup sources
- `scripts/switch_experiment.py` — controlled switch experiment with backup and rollback
- `scripts/token_ledger.py` — local token attribution ledger rebuild
- `scripts/hourly_usage.py` — hourly/daily rollup payload for local analytics
- `scripts/package_public_skill.py` — release-safe packager wrapper

Helper modules:

- `scripts/auth_file_lib.py`
- `scripts/probe_lib.py`
- `scripts/lock_lib.py`
- `scripts/state_lib.py`

## Compatibility and safety references

Read only as needed:

- `references/compatibility.md` — Python / Node / OpenClaw / OS expectations
- `references/runtime-discovery.md` — path detection and override model
- `references/install-and-runbook.md` — operator flow and first-run checks
- `references/security-model.md` — sensitivity, boundaries, and redaction rules
- `references/packaging-policy.md` — publish checklist and forbidden contents
- `references/migration-notes.md` — relation to the internal/live skill

## Release rule

Do not publish `skills/openai-auth-switcher` directly.

Use the public skill directory for ClawHub publication and use a packaging wrapper that rejects runtime data, backups, session callbacks, and credential-bearing files.

Recommended first release positioning:

- version: `0.1.0`
- tested on OpenClaw `2026.3.11`
- tested on Python `3.11`
- tested on Node.js `22.x`
- Linux-first release