github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 09:12:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(sandbox): avoid sandboxing main DM sessions

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-12 01:23:37 +00:00
parent b9ff4ca1fe
commit 58a12a757e
9 changed files with 207 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -34,6 +34,7 @@
- Agents/Tools: preserve action enums when flattening tool schemas. (#708) — thanks @xMikeMickelson. - Agents/Tools: preserve action enums when flattening tool schemas. (#708) — thanks @xMikeMickelson.
- Gateway/Agents: canonicalize main session aliases for store writes and add regression coverage. (#709) — thanks @xMikeMickelson. - Gateway/Agents: canonicalize main session aliases for store writes and add regression coverage. (#709) — thanks @xMikeMickelson.
- Agents: reset sessions and retry when auto-compaction overflows instead of crashing the gateway. - Agents: reset sessions and retry when auto-compaction overflows instead of crashing the gateway.
- Sandbox: fix non-main mode incorrectly sandboxing the main DM session and align `/status` runtime reporting with effective sandbox state.
## 2026.1.10 ## 2026.1.10

74
src/agents/sandbox.resolveSandboxContext.test.ts Normal file
View File

@@ -0,0 +1,74 @@
import { describe, expect, it, vi } from "vitest";
import type { ClawdbotConfig } from "../config/config.js";
describe("resolveSandboxContext", () => {
it("does not sandbox the agent main session in non-main mode", async () => {
vi.resetModules();
const spawn = vi.fn(() => {
throw new Error("spawn should not be called");
});
vi.doMock("node:child_process", async (importOriginal) => {
const actual =
await importOriginal<typeof import("node:child_process")>();
return { ...actual, spawn };
});
const { resolveSandboxContext } = await import("./sandbox.js");
const cfg: ClawdbotConfig = {
agents: {
defaults: {
sandbox: { mode: "non-main", scope: "session" },
},
list: [{ id: "main" }],
},
};
const result = await resolveSandboxContext({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: "/tmp/clawdbot-test",
});
expect(result).toBeNull();
expect(spawn).not.toHaveBeenCalled();
vi.doUnmock("node:child_process");
}, 15_000);
it("does not create a sandbox workspace for the agent main session in non-main mode", async () => {
vi.resetModules();
const spawn = vi.fn(() => {
throw new Error("spawn should not be called");
});
vi.doMock("node:child_process", async (importOriginal) => {
const actual =
await importOriginal<typeof import("node:child_process")>();
return { ...actual, spawn };
});
const { ensureSandboxWorkspaceForSession } = await import("./sandbox.js");
const cfg: ClawdbotConfig = {
agents: {
defaults: {
sandbox: { mode: "non-main", scope: "session" },
},
list: [{ id: "main" }],
},
};
const result = await ensureSandboxWorkspaceForSession({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: "/tmp/clawdbot-test",
});
expect(result).toBeNull();
expect(spawn).not.toHaveBeenCalled();
vi.doUnmock("node:child_process");
}, 15_000);
});

34
src/agents/sandbox.ts
View File

@@ -546,11 +546,22 @@ export function resolveSandboxConfigForAgent(
function shouldSandboxSession( function shouldSandboxSession(
cfg: SandboxConfig, cfg: SandboxConfig,
sessionKey: string, sessionKey: string,
mainKey: string, mainSessionKey: string,
) { ) {
if (cfg.mode === "off") return false; if (cfg.mode === "off") return false;
if (cfg.mode === "all") return true; if (cfg.mode === "all") return true;
return sessionKey.trim() !== mainKey.trim(); return sessionKey.trim() !== mainSessionKey.trim();
}
function resolveMainSessionKeyForSandbox(params: {
cfg?: ClawdbotConfig;
agentId: string;
}): string {
if (params.cfg?.session?.scope === "global") return "global";
return buildAgentMainSessionKey({
agentId: params.agentId,
mainKey: normalizeMainKey(params.cfg?.session?.mainKey),
});
} }
export function resolveSandboxRuntimeStatus(params: { export function resolveSandboxRuntimeStatus(params: {
@@ -571,10 +582,7 @@ export function resolveSandboxRuntimeStatus(params: {
}); });
const cfg = params.cfg; const cfg = params.cfg;
const sandboxCfg = resolveSandboxConfigForAgent(cfg, agentId); const sandboxCfg = resolveSandboxConfigForAgent(cfg, agentId);
const mainSessionKey = buildAgentMainSessionKey({ const mainSessionKey = resolveMainSessionKeyForSandbox({ cfg, agentId });
agentId,
mainKey: normalizeMainKey(cfg?.session?.mainKey),
});
const sandboxed = sessionKey const sandboxed = sessionKey
? shouldSandboxSession(sandboxCfg, sessionKey, mainSessionKey) ? shouldSandboxSession(sandboxCfg, sessionKey, mainSessionKey)
: false; : false;
@@ -1293,8 +1301,11 @@ export async function resolveSandboxContext(params: {
if (!rawSessionKey) return null; if (!rawSessionKey) return null;
const agentId = resolveAgentIdFromSessionKey(rawSessionKey); const agentId = resolveAgentIdFromSessionKey(rawSessionKey);
const cfg = resolveSandboxConfigForAgent(params.config, agentId); const cfg = resolveSandboxConfigForAgent(params.config, agentId);
const mainKey = normalizeMainKey(params.config?.session?.mainKey); const mainSessionKey = resolveMainSessionKeyForSandbox({
if (!shouldSandboxSession(cfg, rawSessionKey, mainKey)) return null; cfg: params.config,
agentId,
});
if (!shouldSandboxSession(cfg, rawSessionKey, mainSessionKey)) return null;
await maybePruneSandboxes(cfg); await maybePruneSandboxes(cfg);
@@ -1373,8 +1384,11 @@ export async function ensureSandboxWorkspaceForSession(params: {
if (!rawSessionKey) return null; if (!rawSessionKey) return null;
const agentId = resolveAgentIdFromSessionKey(rawSessionKey); const agentId = resolveAgentIdFromSessionKey(rawSessionKey);
const cfg = resolveSandboxConfigForAgent(params.config, agentId); const cfg = resolveSandboxConfigForAgent(params.config, agentId);
const mainKey = normalizeMainKey(params.config?.session?.mainKey); const mainSessionKey = resolveMainSessionKeyForSandbox({
if (!shouldSandboxSession(cfg, rawSessionKey, mainKey)) return null; cfg: params.config,
agentId,
});
if (!shouldSandboxSession(cfg, rawSessionKey, mainSessionKey)) return null;
const agentWorkspaceDir = resolveUserPath( const agentWorkspaceDir = resolveUserPath(
params.workspaceDir?.trim() || DEFAULT_AGENT_WORKSPACE_DIR, params.workspaceDir?.trim() || DEFAULT_AGENT_WORKSPACE_DIR,

2
src/auto-reply/reply.queue.test.ts
View File

@@ -101,7 +101,7 @@ describe("queue followups", () => {
const secondText = Array.isArray(second) ? second[0]?.text : second?.text; const secondText = Array.isArray(second) ? second[0]?.text : second?.text;
expect(secondText).toBe("main"); expect(secondText).toBe("main");
await vi.runAllTimersAsync(); await vi.advanceTimersByTimeAsync(500);
await Promise.resolve(); await Promise.resolve();
expect(runEmbeddedPiAgent).toHaveBeenCalledTimes(2); expect(runEmbeddedPiAgent).toHaveBeenCalledTimes(2);

146
src/auto-reply/reply.triggers.test.ts
View File

@@ -1361,86 +1361,90 @@ describe("trigger handling", () => {
}); });
}); });
it("stages inbound media into the sandbox workspace", async () => { it(
await withTempHome(async (home) => { "stages inbound media into the sandbox workspace",
const inboundDir = join(home, ".clawdbot", "media", "inbound"); { timeout: 15_000 },
await fs.mkdir(inboundDir, { recursive: true }); async () => {
const mediaPath = join(inboundDir, "photo.jpg"); await withTempHome(async (home) => {
await fs.writeFile(mediaPath, "test"); const inboundDir = join(home, ".clawdbot", "media", "inbound");
await fs.mkdir(inboundDir, { recursive: true });
const mediaPath = join(inboundDir, "photo.jpg");
await fs.writeFile(mediaPath, "test");
vi.mocked(runEmbeddedPiAgent).mockResolvedValue({ vi.mocked(runEmbeddedPiAgent).mockResolvedValue({
payloads: [{ text: "ok" }], payloads: [{ text: "ok" }],
meta: { meta: {
durationMs: 1, durationMs: 1,
agentMeta: { sessionId: "s", provider: "p", model: "m" }, agentMeta: { sessionId: "s", provider: "p", model: "m" },
}, },
}); });
const cfg = { const cfg = {
agents: { agents: {
defaults: { defaults: {
model: "anthropic/claude-opus-4-5", model: "anthropic/claude-opus-4-5",
workspace: join(home, "clawd"), workspace: join(home, "clawd"),
sandbox: { sandbox: {
mode: "non-main" as const, mode: "non-main" as const,
workspaceRoot: join(home, "sandboxes"), workspaceRoot: join(home, "sandboxes"),
},
}, },
}, },
}, whatsapp: {
whatsapp: { allowFrom: ["*"],
allowFrom: ["*"], },
}, session: {
session: { store: join(home, "sessions.json"),
store: join(home, "sessions.json"), },
}, };
};
const ctx = { const ctx = {
Body: "hi", Body: "hi",
From: "group:whatsapp:demo", From: "group:whatsapp:demo",
To: "+2000", To: "+2000",
ChatType: "group" as const, ChatType: "group" as const,
Provider: "whatsapp" as const, Provider: "whatsapp" as const,
MediaPath: mediaPath, MediaPath: mediaPath,
MediaType: "image/jpeg", MediaType: "image/jpeg",
MediaUrl: mediaPath, MediaUrl: mediaPath,
}; };
const res = await getReplyFromConfig(ctx, {}, cfg); const res = await getReplyFromConfig(ctx, {}, cfg);
const text = Array.isArray(res) ? res[0]?.text : res?.text; const text = Array.isArray(res) ? res[0]?.text : res?.text;
expect(text).toBe("ok"); expect(text).toBe("ok");
expect(runEmbeddedPiAgent).toHaveBeenCalledOnce(); expect(runEmbeddedPiAgent).toHaveBeenCalledOnce();
const prompt = const prompt =
vi.mocked(runEmbeddedPiAgent).mock.calls[0]?.[0]?.prompt ?? ""; vi.mocked(runEmbeddedPiAgent).mock.calls[0]?.[0]?.prompt ?? "";
const stagedPath = `media/inbound/${basename(mediaPath)}`; const stagedPath = `media/inbound/${basename(mediaPath)}`;
expect(prompt).toContain(stagedPath); expect(prompt).toContain(stagedPath);
expect(prompt).not.toContain(mediaPath); expect(prompt).not.toContain(mediaPath);
const sessionKey = resolveSessionKey( const sessionKey = resolveSessionKey(
cfg.session?.scope ?? "per-sender", cfg.session?.scope ?? "per-sender",
ctx, ctx,
cfg.session?.mainKey, cfg.session?.mainKey,
); );
const agentId = resolveAgentIdFromSessionKey(sessionKey); const agentId = resolveAgentIdFromSessionKey(sessionKey);
const sandbox = await ensureSandboxWorkspaceForSession({ const sandbox = await ensureSandboxWorkspaceForSession({
config: cfg, config: cfg,
sessionKey, sessionKey,
workspaceDir: resolveAgentWorkspaceDir(cfg, agentId), workspaceDir: resolveAgentWorkspaceDir(cfg, agentId),
});
expect(sandbox).not.toBeNull();
if (!sandbox) {
throw new Error("Expected sandbox to be set");
}
const stagedFullPath = join(
sandbox.workspaceDir,
"media",
"inbound",
basename(mediaPath),
);
await expect(fs.stat(stagedFullPath)).resolves.toBeTruthy();
}); });
expect(sandbox).not.toBeNull(); },
if (!sandbox) { );
throw new Error("Expected sandbox to be set");
}
const stagedFullPath = join(
sandbox.workspaceDir,
"media",
"inbound",
basename(mediaPath),
);
await expect(fs.stat(stagedFullPath)).resolves.toBeTruthy();
});
});
}); });
describe("group intro prompts", () => { describe("group intro prompts", () => {

23
src/auto-reply/status.ts
View File

@@ -8,6 +8,7 @@ import {
} from "../agents/defaults.js"; } from "../agents/defaults.js";
import { resolveModelAuthMode } from "../agents/model-auth.js"; import { resolveModelAuthMode } from "../agents/model-auth.js";
import { resolveConfiguredModelRef } from "../agents/model-selection.js"; import { resolveConfiguredModelRef } from "../agents/model-selection.js";
import { resolveSandboxRuntimeStatus } from "../agents/sandbox.js";
import { import {
derivePromptTokens, derivePromptTokens,
normalizeUsage, normalizeUsage,
@@ -248,14 +249,22 @@ export function buildStatusMessage(args: StatusArgs): string {
const runtime = (() => { const runtime = (() => {
const sandboxMode = args.agent?.sandbox?.mode ?? "off"; const sandboxMode = args.agent?.sandbox?.mode ?? "off";
if (sandboxMode === "off") return { label: "direct" }; if (sandboxMode === "off") return { label: "direct" };
const sessionScope = args.sessionScope ?? "per-sender";
const mainKey = resolveMainSessionKey({
session: { scope: sessionScope },
});
const sessionKey = args.sessionKey?.trim(); const sessionKey = args.sessionKey?.trim();
const sandboxed = sessionKey const sandboxed = (() => {
? sandboxMode === "all" || sessionKey !== mainKey.trim() if (!sessionKey) return false;
: false; if (sandboxMode === "all") return true;
if (args.config) {
return resolveSandboxRuntimeStatus({
cfg: args.config,
sessionKey,
}).sandboxed;
}
const sessionScope = args.sessionScope ?? "per-sender";
const mainKey = resolveMainSessionKey({
session: { scope: sessionScope },
});
return sessionKey !== mainKey.trim();
})();
const runtime = sandboxed ? "docker" : sessionKey ? "direct" : "unknown"; const runtime = sandboxed ? "docker" : sessionKey ? "direct" : "unknown";
return { return {
label: `${runtime}/${sandboxMode}`, label: `${runtime}/${sandboxMode}`,

2
src/cli/cron-cli.test.ts
View File

@@ -35,7 +35,7 @@ vi.mock("../runtime.js", () => ({
})); }));
describe("cron cli", () => { describe("cron cli", () => {
it("trims model and thinking on cron add", async () => { it("trims model and thinking on cron add", { timeout: 15_000 }, async () => {
callGatewayFromCli.mockClear(); callGatewayFromCli.mockClear();
const { registerCronCli } = await import("./cron-cli.js"); const { registerCronCli } = await import("./cron-cli.js");

20
src/gateway/server.auth.test.ts
View File

@@ -131,6 +131,13 @@ describe("gateway server auth/connect", () => {
{ timeout: 15000 }, { timeout: 15000 },
async () => { async () => {
const { server, ws } = await startServerWithClient(); const { server, ws } = await startServerWithClient();
const closeInfoPromise = new Promise<{ code: number; reason: string }>(
(resolve) => {
ws.once("close", (code, reason) =>
resolve({ code, reason: reason.toString() }),
);
},
);
ws.send( ws.send(
JSON.stringify({ JSON.stringify({
@@ -164,18 +171,7 @@ describe("gateway server auth/connect", () => {
"invalid connect params", "invalid connect params",
); );
const closeInfo = await new Promise<{ code: number; reason: string }>( const closeInfo = await closeInfoPromise;
(resolve, reject) => {
const timer = setTimeout(
() => reject(new Error("close timeout")),
3000,
);
ws.once("close", (code, reason) => {
clearTimeout(timer);
resolve({ code, reason: reason.toString() });
});
},
);
expect(closeInfo.code).toBe(1008); expect(closeInfo.code).toBe(1008);
expect(closeInfo.reason).toContain("invalid connect params"); expect(closeInfo.reason).toContain("invalid connect params");

14
src/gateway/server.ts
View File

@@ -1480,6 +1480,13 @@ export async function startGatewayServer(
? `invalid connect params: ${formatValidationErrors(validateConnectParams.errors)}` ? `invalid connect params: ${formatValidationErrors(validateConnectParams.errors)}`
: "invalid handshake: first request must be connect" : "invalid handshake: first request must be connect"
: "invalid request frame"; : "invalid request frame";
handshakeState = "failed";
setCloseCause("invalid-handshake", {
frameType,
frameMethod,
frameId,
handshakeError,
});
if (isRequestFrame) { if (isRequestFrame) {
const req = parsed as RequestFrame; const req = parsed as RequestFrame;
send({ send({
@@ -1493,13 +1500,6 @@ export async function startGatewayServer(
`invalid handshake conn=${connId} remote=${remoteAddr ?? "?"}`, `invalid handshake conn=${connId} remote=${remoteAddr ?? "?"}`,
); );
} }
handshakeState = "failed";
setCloseCause("invalid-handshake", {
frameType,
frameMethod,
frameId,
handshakeError,
});
const closeReason = truncateCloseReason( const closeReason = truncateCloseReason(
handshakeError || "invalid handshake", handshakeError || "invalid handshake",
); );