write-configlisted

# clawback canonical config writer Run `.skills/write-config/scripts/write_canonical_config.mjs` from the project root. It writes a canonical `CLAWBACK.md`: every option at its DEFAULT value (generated from the live `DEFAULTS` in `src/config.js`, so it never drifts as options change), except the two a LAN bind needs set — `host=0.0.0.0` and `tls=true` (it leaves `adminToken` as a null placeholder for you to set) — followed by the documentation body in `canonical_config_body.md` (in this skill's `assets/` directory). ```bash # write BOTH ./CLAWBACK.md and the global ~/.config/clawback/CLAWBACK.md: node .skills/write-config/scripts/write_canonical_config.mjs # write specific target(s): node .skills/write-config/scripts/write_canonical_config.mjs ./CLAWBACK.md # inject a real token instead of the null placeholder: CLAWBACK_CANONICAL_TOKEN=… node .skills/write-config/scripts/write_canonical_config.mjs ``` ## adminToken handling (secret-safe) The `adminToken` fronts live Anthropic credentials, so the script never mints one and never prints a token's value. It resolves ONE shared value in this order and writes it to every target so they agree: 1. `CLAWBACK_CANONICAL_TOKEN` from the environment, if set; 2. a real existing token preserved from the first target that already has one (a `null` / empty / placeholder token does NOT count — it is overwritten); 3. otherwise `null` — a placeholder you must fill in. With `host: 0.0.0.0`, the proxy refuses to bind until `adminToken`