github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 22:44:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): harden CommandAuthorized plumbing

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-17 09:01:43 +00:00
parent 31e8ecca10
commit 69ba2765de
16 changed files with 92 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/auto-reply/reply/inbound-context.ts
View File

@@ -1,6 +1,6 @@
import { normalizeChatType } from "../../channels/chat-type.js";
import { resolveConversationLabel } from "../../channels/conversation-label.js";
import type { MsgContext } from "../templating.js";
import type { FinalizedMsgContext, MsgContext } from "../templating.js";
import { formatInboundBodyWithSenderMeta } from "./inbound-sender-meta.js";
import { normalizeInboundTextNewlines } from "./inbound-text.js";
@@ -19,7 +19,7 @@ function normalizeTextField(value: unknown): string | undefined {
export function finalizeInboundContext<T extends Record<string, unknown>>(
ctx: T,
opts: FinalizeInboundContextOptions = {},
): T & MsgContext {
): T & FinalizedMsgContext {
const normalized = ctx as T & MsgContext;
normalized.Body = normalizeInboundTextNewlines(
@@ -64,5 +64,8 @@ export function finalizeInboundContext<T extends Record<string, unknown>>(
body: normalized.BodyForAgent,
});
return normalized;
// Always set. Default-deny when upstream forgets to populate it.
normalized.CommandAuthorized = normalized.CommandAuthorized === true;
return normalized as T & FinalizedMsgContext;
}