github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-12 06:13:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): unify secure id paths and guard weak patterns

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 10:14:55 +01:00
parent ae8d4a8eec
commit 6c2e999776
12 changed files with 167 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/agents/pi-embedded-runner/compact.ts
View File

@@ -13,6 +13,7 @@ import type { ReasoningLevel, ThinkLevel } from "../../auto-reply/thinking.js";
import { resolveChannelCapabilities } from "../../config/channel-capabilities.js";
import type { OpenClawConfig } from "../../config/config.js";
import { getMachineDisplayName } from "../../infra/machine-name.js";
import { generateSecureToken } from "../../infra/secure-random.js";
import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js";
import { type enqueueCommand, enqueueCommandInLane } from "../../process/command-queue.js";
import { isCronSessionKey, isSubagentSessionKey } from "../../routing/session-key.js";
@@ -133,7 +134,7 @@ type CompactionMessageMetrics = {
};
function createCompactionDiagId(): string {
return `cmp-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
return `cmp-${Date.now().toString(36)}-${generateSecureToken(4)}`;
}
function getMessageTextChars(msg: AgentMessage): number {