github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 06:31:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(security): migrate sha1 hashes to sha256 for synthetic ids (#7343) (#22528)

Browse Source 
* feat(prompt): add explicit owner hash secret to obfuscation path

* feat(security): migrate synthetic IDs to sha256 for #7343
This commit is contained in:
Vincent Koc
2026-02-21 03:20:14 -05:00
committed by GitHub
parent 9abab6a2c9
commit c20d519e05
6 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/agents/system-prompt.ts
View File

@@ -1,11 +1,11 @@
import { createHmac, createHash } from "node:crypto";
import type { ReasoningLevel, ThinkLevel } from "../auto-reply/thinking.js";
import { SILENT_REPLY_TOKEN } from "../auto-reply/tokens.js";
import type { MemoryCitationsMode } from "../config/types.memory.js";
import { listDeliverableMessageChannels } from "../utils/message-channel.js";
import type { ResolvedTimeFormat } from "./date-time.js";
import type { EmbeddedContextFile } from "./pi-embedded-helpers.js";
import { SILENT_REPLY_TOKEN } from "../auto-reply/tokens.js";
import { listDeliverableMessageChannels } from "../utils/message-channel.js";
import { sanitizeForPromptLiteral } from "./sanitize-for-prompt.js";
import { createHmac, createHash } from "node:crypto";
/**
* Controls which hardcoded sections are included in the system prompt.
@@ -80,7 +80,7 @@ function formatOwnerDisplayId(ownerId: string, ownerDisplaySecret?: string) {
const digest = hasSecret
? createHmac("sha256", hasSecret).update(ownerId).digest("hex")
: createHash("sha256").update(ownerId).digest("hex");
return digest.slice(0, 16);
return digest.slice(0, 12);
}
function buildOwnerIdentityLine(

4
src/agents/tool-call-id.ts
View File

@@ -1,5 +1,5 @@
import { createHash } from "node:crypto";
import type { AgentMessage } from "@mariozechner/pi-agent-core";
import { createHash } from "node:crypto";
export type ToolCallIdMode = "strict" | "strict9";
@@ -94,7 +94,7 @@ export function isValidCloudCodeAssistToolId(id: string, mode: ToolCallIdMode =
}
function shortHash(text: string, length = 8): string {
return createHash("sha1").update(text).digest("hex").slice(0, length);
return createHash("sha256").update(text).digest("hex").slice(0, length);
}
function makeUniqueToolId(params: { id: string; used: Set<string>; mode: ToolCallIdMode }): string {