github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 04:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename to openclaw

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-30 03:15:10 +01:00
parent 4583f88626
commit 9a7160786a
2357 changed files with 16688 additions and 16788 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/security/audit-extra.ts
View File

@@ -3,7 +3,7 @@ import path from "node:path";
import JSON5 from "json5";
import type { MoltbotConfig, ConfigFileSnapshot } from "../config/config.js";
import type { OpenClawConfig, ConfigFileSnapshot } from "../config/config.js";
import { createConfigIO } from "../config/config.js";
import { resolveNativeSkillsEnabled } from "../config/commands.js";
import { resolveOAuthDir } from "../config/paths.js";
@@ -48,7 +48,7 @@ function expandTilde(p: string, env: NodeJS.ProcessEnv): string | null {
return null;
}
function summarizeGroupPolicy(cfg: MoltbotConfig): {
function summarizeGroupPolicy(cfg: OpenClawConfig): {
open: number;
allowlist: number;
other: number;
@@ -69,7 +69,7 @@ function summarizeGroupPolicy(cfg: MoltbotConfig): {
return { open, allowlist, other };
}
export function collectAttackSurfaceSummaryFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectAttackSurfaceSummaryFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const group = summarizeGroupPolicy(cfg);
const elevated = cfg.tools?.elevated?.enabled !== false;
const hooksEnabled = cfg.hooks?.enabled === true;
@@ -116,7 +116,7 @@ export function collectSyncedFolderFindings(params: {
severity: "warn",
title: "State/config path looks like a synced folder",
detail: `stateDir=${params.stateDir}, configPath=${params.configPath}. Synced folders (iCloud/Dropbox/OneDrive/Google Drive) can leak tokens and transcripts onto other devices.`,
remediation: `Keep CLAWDBOT_STATE_DIR on a local-only volume and re-run "${formatCliCommand("moltbot security audit --fix")}".`,
remediation: `Keep OPENCLAW_STATE_DIR on a local-only volume and re-run "${formatCliCommand("openclaw security audit --fix")}".`,
});
}
return findings;
@@ -127,7 +127,7 @@ function looksLikeEnvRef(value: string): boolean {
return v.startsWith("${") && v.endsWith("}");
}
export function collectSecretsInConfigFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectSecretsInConfigFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const password =
typeof cfg.gateway?.auth?.password === "string" ? cfg.gateway.auth.password.trim() : "";
@@ -139,7 +139,7 @@ export function collectSecretsInConfigFindings(cfg: MoltbotConfig): SecurityAudi
detail:
"gateway.auth.password is set in the config file; prefer environment variables for secrets when possible.",
remediation:
"Prefer CLAWDBOT_GATEWAY_PASSWORD (env) and remove gateway.auth.password from disk.",
"Prefer OPENCLAW_GATEWAY_PASSWORD (env) and remove gateway.auth.password from disk.",
});
}
@@ -157,7 +157,7 @@ export function collectSecretsInConfigFindings(cfg: MoltbotConfig): SecurityAudi
return findings;
}
export function collectHooksHardeningFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectHooksHardeningFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
if (cfg.hooks?.enabled !== true) return findings;
@@ -215,7 +215,7 @@ function addModel(models: ModelRef[], raw: unknown, source: string) {
models.push({ id, source });
}
function collectModels(cfg: MoltbotConfig): ModelRef[] {
function collectModels(cfg: OpenClawConfig): ModelRef[] {
const out: ModelRef[] = [];
addModel(out, cfg.agents?.defaults?.model?.primary, "agents.defaults.model.primary");
for (const f of cfg.agents?.defaults?.model?.fallbacks ?? [])
@@ -286,7 +286,7 @@ function isClaude45OrHigher(id: string): boolean {
return /\bclaude-[^\s/]*?(?:-4-?5\b|4\.5\b)/i.test(id);
}
export function collectModelHygieneFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectModelHygieneFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const models = collectModels(cfg);
if (models.length === 0) return findings;
@@ -381,7 +381,7 @@ function pickToolPolicy(config?: { allow?: string[]; deny?: string[] }): Sandbox
}
function resolveToolPolicies(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
agentTools?: AgentToolsConfig;
sandboxMode?: "off" | "non-main" | "all";
agentId?: string | null;
@@ -405,7 +405,7 @@ function resolveToolPolicies(params: {
return policies;
}
function hasWebSearchKey(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
function hasWebSearchKey(cfg: OpenClawConfig, env: NodeJS.ProcessEnv): boolean {
const search = cfg.tools?.web?.search;
return Boolean(
search?.apiKey ||
@@ -416,20 +416,20 @@ function hasWebSearchKey(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
);
}
function isWebSearchEnabled(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
function isWebSearchEnabled(cfg: OpenClawConfig, env: NodeJS.ProcessEnv): boolean {
const enabled = cfg.tools?.web?.search?.enabled;
if (enabled === false) return false;
if (enabled === true) return true;
return hasWebSearchKey(cfg, env);
}
function isWebFetchEnabled(cfg: MoltbotConfig): boolean {
function isWebFetchEnabled(cfg: OpenClawConfig): boolean {
const enabled = cfg.tools?.web?.fetch?.enabled;
if (enabled === false) return false;
return true;
}
function isBrowserEnabled(cfg: MoltbotConfig): boolean {
function isBrowserEnabled(cfg: OpenClawConfig): boolean {
try {
return resolveBrowserConfig(cfg.browser, cfg).enabled;
} catch {
@@ -438,7 +438,7 @@ function isBrowserEnabled(cfg: MoltbotConfig): boolean {
}
export function collectSmallModelRiskFindings(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
env: NodeJS.ProcessEnv;
}): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
@@ -517,7 +517,7 @@ export function collectSmallModelRiskFindings(params: {
}
export async function collectPluginsTrustFindings(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
stateDir: string;
}): Promise<SecurityAuditFinding[]> {
const findings: SecurityAuditFinding[] = [];
@@ -750,7 +750,7 @@ export async function collectIncludeFilePermFindings(params: {
}
export async function collectStateDeepFilesystemFindings(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
env: NodeJS.ProcessEnv;
stateDir: string;
platform?: NodeJS.Platform;
@@ -905,7 +905,7 @@ export async function collectStateDeepFilesystemFindings(params: {
return findings;
}
function listGroupPolicyOpen(cfg: MoltbotConfig): string[] {
function listGroupPolicyOpen(cfg: OpenClawConfig): string[] {
const out: string[] = [];
const channels = cfg.channels as Record<string, unknown> | undefined;
if (!channels || typeof channels !== "object") return out;
@@ -926,7 +926,7 @@ function listGroupPolicyOpen(cfg: MoltbotConfig): string[] {
return out;
}
export function collectExposureMatrixFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectExposureMatrixFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const openGroups = listGroupPolicyOpen(cfg);
if (openGroups.length === 0) return findings;