github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 05:47:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-03 23:02:28 -08:00
parent 6fdb136688
commit 35eb40a700
13 changed files with 289 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/slack/monitor/slash.ts
View File

@@ -26,6 +26,7 @@ import {
upsertChannelPairingRequest,
} from "../../pairing/pairing-store.js";
import { resolveAgentRoute } from "../../routing/resolve-route.js";
import { buildUntrustedChannelMetadata } from "../../security/channel-metadata.js";
import {
normalizeAllowList,
normalizeAllowListLower,
@@ -377,15 +378,16 @@ export function registerSlackMonitorSlashCommands(params: {
},
});
const channelDescription = [channelInfo?.topic, channelInfo?.purpose]
.map((entry) => entry?.trim())
.filter((entry): entry is string => Boolean(entry))
.filter((entry, index, list) => list.indexOf(entry) === index)
.join("\n");
const systemPromptParts = [
channelDescription ? `Channel description: ${channelDescription}` : null,
channelConfig?.systemPrompt?.trim() || null,
].filter((entry): entry is string => Boolean(entry));
const untrustedChannelMetadata = isRoomish
? buildUntrustedChannelMetadata({
source: "slack",
label: "Slack channel description",
entries: [channelInfo?.topic, channelInfo?.purpose],
})
: undefined;
const systemPromptParts = [channelConfig?.systemPrompt?.trim() || null].filter(
(entry): entry is string => Boolean(entry),
);
const groupSystemPrompt =
systemPromptParts.length > 0 ? systemPromptParts.join("\n\n") : undefined;
@@ -414,6 +416,7 @@ export function registerSlackMonitorSlashCommands(params: {
}) ?? (isDirectMessage ? senderName : roomLabel),
GroupSubject: isRoomish ? roomLabel : undefined,
GroupSystemPrompt: isRoomish ? groupSystemPrompt : undefined,
UntrustedContext: untrustedChannelMetadata ? [untrustedChannelMetadata] : undefined,
SenderName: senderName,
SenderId: command.user_id,
Provider: "slack" as const,