github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 22:34:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Agents/Tools: preflight exec script files for shell var injection (#18457)

Browse Source 
* fix(agents): don't force store=true for codex responses

* test: stabilize respawn + subagent usage assertions

* Agents/Tools: preflight exec to detect shell variable injection in scripts

* Changelog: fix merge marker formatting
This commit is contained in:
Vignesh
2026-02-16 10:34:29 -08:00
committed by GitHub
parent 9b70849567
commit b0a01fe482
4 changed files with 187 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/agents/pi-embedded-runner-extraparams.e2e.test.ts
View File

@@ -154,4 +154,27 @@ describe("applyExtraParamsToAgent", () => {
});
expect(payload.store).toBe(false);
});
it("does not force store=true for Codex responses (Codex requires store=false)", () => {
const payload = { store: false };
const baseStreamFn: StreamFn = (_model, _context, options) => {
options?.onPayload?.(payload);
return new AssistantMessageEventStream();
};
const agent = { streamFn: baseStreamFn };
applyExtraParamsToAgent(agent, undefined, "openai-codex", "codex-mini-latest");
const model = {
api: "openai-codex-responses",
provider: "openai-codex",
id: "codex-mini-latest",
baseUrl: "https://chatgpt.com/backend-api/codex/responses",
} as Model<"openai-codex-responses">;
const context: Context = { messages: [] };
void agent.streamFn?.(model, context, {});
expect(payload.store).toBe(false);
});
});