github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 15:14:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-03 23:02:28 -08:00
parent 6fdb136688
commit 35eb40a700
13 changed files with 289 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/auto-reply/reply/get-reply-run.ts
View File

@@ -43,6 +43,7 @@ import { resolveQueueSettings } from "./queue.js";
import { routeReply } from "./route-reply.js";
import { ensureSkillSnapshot, prependSystemEvents } from "./session-updates.js";
import { resolveTypingMode } from "./typing-mode.js";
import { appendUntrustedContext } from "./untrusted-context.js";
type AgentDefaults = NonNullable<OpenClawConfig["agents"]>["defaults"];
type ExecOverrides = Pick<ExecToolDefaults, "host" | "security" | "ask" | "node">;
@@ -227,6 +228,7 @@ export async function runPreparedReply(
isNewSession,
prefixedBodyBase,
});
prefixedBodyBase = appendUntrustedContext(prefixedBodyBase, sessionCtx.UntrustedContext);
const threadStarterBody = ctx.ThreadStarterBody?.trim();
const threadStarterNote =
isNewSession && threadStarterBody