From f7d36d96b4ecdc569c59633b9bee3ffd963d13ee Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Fri, 20 Mar 2026 06:46:31 -0400 Subject: [PATCH] Use Paperclip secret_ref for OPENROUTER_API_KEY instead of plain text Co-Authored-By: Paperclip --- engineering/regina/CONFIG.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/engineering/regina/CONFIG.md b/engineering/regina/CONFIG.md index aeab9e3..b07ca6c 100644 --- a/engineering/regina/CONFIG.md +++ b/engineering/regina/CONFIG.md @@ -34,7 +34,7 @@ "cwd": "/paperclip/privilegedescalation/agents/engineering/regina", "env": { "HOME": { "type": "plain", "value": "/paperclip/privilegedescalation/agents/engineering/regina" }, - "OPENROUTER_API_KEY": { "type": "plain", "value": "" }, + "OPENROUTER_API_KEY": { "type": "secret_ref", "secretId": "d843133a-0702-4f44-b8e8-43249879995f" }, "GITHUB_APP_ID_REGINA": { "type": "plain", "value": "3097914" }, "GITHUB_PEM_PATH_REGINA": { "type": "plain", "value": "/paperclip/secrets/github-pems/privilegedescalation.pem" } }, @@ -42,16 +42,12 @@ } ``` -> **OPENROUTER_API_KEY** is redacted here. The full env block including the key is stored in -> `/Users/cpfarhood/Downloads/pg-fix-regina-env2.sh` on the operator's machine. Run that script after -> any UI save to restore Regina's env + model. - ## Capabilities Owns QA, PR review, regression testing, and CI health monitoring for Privileged Escalation repos. vitest, testing-library/react, Headlamp plugin testing, bug triage, GitHub PR review. ## Known Issues -- **Env + model wipe on UI save**: Every time Regina's config is saved via the Paperclip UI, both `env` and `model` are wiped. Run `pg-fix-regina-env2.sh` after any UI save. +- **Env + model wipe on UI save**: Every time Regina's config is saved via the Paperclip UI, both `env` and `model` may be wiped. Restore via DB patch after any UI save. - **Prompt UI blank**: The `opencode_local` adapter does not hydrate `promptTemplate` back into the Lexical editor on page load. The prompt is correctly stored in the DB and runs fine — the blank editor is a display bug only. - **No `instructionsFilePath`**: The `opencode_local` adapter does not support file-based prompt loading. The prompt must be restored via DB patch (see COMPANY.md).