github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 14:01:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enforce inbound attachment root policy across pipelines

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 14:15:34 +01:00
parent cfe8457a0f
commit 1316e57403
16 changed files with 555 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/config/zod-schema.providers-core.ts
View File

@@ -1,5 +1,6 @@
import { z } from "zod";
import { isSafeScpRemoteHost } from "../infra/scp-host.js";
import { isValidInboundPathRootPattern } from "../media/inbound-path-policy.js";
import {
normalizeTelegramCommandDescription,
normalizeTelegramCommandName,
@@ -819,6 +820,12 @@ export const IMessageAccountSchemaBase = z
dmHistoryLimit: z.number().int().min(0).optional(),
dms: z.record(z.string(), DmConfigSchema.optional()).optional(),
includeAttachments: z.boolean().optional(),
attachmentRoots: z
.array(z.string().refine(isValidInboundPathRootPattern, "expected absolute path root"))
.optional(),
remoteAttachmentRoots: z
.array(z.string().refine(isValidInboundPathRootPattern, "expected absolute path root"))
.optional(),
mediaMaxMb: z.number().int().positive().optional(),
textChunkLimit: z.number().int().positive().optional(),
chunkMode: z.enum(["length", "newline"]).optional(),