From 69a1ee138bb78ad4663fe2d9e58678f7b0d07b74 Mon Sep 17 00:00:00 2001 From: t Date: Tue, 23 Jun 2026 09:38:23 -0600 Subject: ponytail simplifications to panto cli and lua extensiosn --- docs/oauth-provider-auth.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs/oauth-provider-auth.md') diff --git a/docs/oauth-provider-auth.md b/docs/oauth-provider-auth.md index 268c7e9..ab11cf8 100644 --- a/docs/oauth-provider-auth.md +++ b/docs/oauth-provider-auth.md @@ -38,7 +38,7 @@ Core should own: - loading and validating named auth blocks - API-key resolution from literal config or environment - OAuth login flows -- token persistence under `$PANTO_HOME` +- token persistence under the panto data home - refresh-before-turn with an expiry margin - refresh-after-401/403 with one retry - final request-header injection @@ -405,7 +405,7 @@ If Lua still needs HTTP later, expose a separate `panto.http` wrapper. ### C4. Token storage -Store under `$PANTO_HOME/auth/.json` initially: +Store under `/auth/.json` initially: ```json { @@ -503,7 +503,7 @@ provider must name an `[auth.]` session via `auth = ""`; provider-level `api_key`/`api_key_env_var` are gone. Resolved decisions for the open questions above: `auth` is required for networked providers; Codex device auth is a `dialect = "codex"` variant of the generic `oauth_device` type; -keychain storage is deferred (file-backed `$PANTO_HOME/auth/.json`, +keychain storage is deferred (file-backed `/auth/.json`, owner-only `0600`). The `[auth.]` schema is deliberately flat and minimal: -- cgit v1.3