github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 00:11:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(channels,sandbox): land hard breakage cluster from reviewed PR bases

Browse Source 
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety.

Fixes #25836
Fixes #25840
Fixes #25824
Fixes #25868

Co-authored-by: Peter Wallin <pwallin@gmail.com>
Co-authored-by: Joshua Hall <josh@yaplabs.com>
Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com>
Co-authored-by: peteragility <peteragility@users.noreply.github.com>
This commit is contained in:
Peter Steinberger
2026-02-24 23:27:12 +00:00
parent 5552f9073f
commit e7a5f9f4d8
11 changed files with 380 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/agents/sandbox/fs-bridge.test.ts
View File

@@ -77,10 +77,22 @@ describe("sandbox fs bridge shell compatibility", () => {
const executables = mockedExecDockerRaw.mock.calls.map(([args]) => args[3] ?? "");
expect(executables.every((shell) => shell === "sh")).toBe(true);
expect(scripts.every((script) => script.includes("set -eu;"))).toBe(true);
expect(scripts.every((script) => /set -eu[;\n]/.test(script))).toBe(true);
expect(scripts.some((script) => script.includes("pipefail"))).toBe(false);
});
it("resolveCanonicalContainerPath script is valid POSIX sh (no do; token)", async () => {
const bridge = createSandboxFsBridge({ sandbox: createSandbox() });
await bridge.readFile({ filePath: "a.txt" });
const scripts = mockedExecDockerRaw.mock.calls.map(([args]) => args[5] ?? "");
const canonicalScript = scripts.find((script) => script.includes("allow_final"));
expect(canonicalScript).toBeDefined();
// "; " joining can create "do; cmd", which is invalid in POSIX sh.
expect(canonicalScript).not.toMatch(/\bdo;/);
});
it("resolves bind-mounted absolute container paths for reads", async () => {
const sandbox = createSandbox({
docker: {

2
src/agents/sandbox/fs-bridge.ts
View File

@@ -305,7 +305,7 @@ class SandboxFsBridgeImpl implements SandboxFsBridge {
"done",
'canonical=$(readlink -f -- "$cursor")',
'printf "%s%s\\n" "$canonical" "$suffix"',
].join("; ");
].join("\n");
const result = await this.runCommand(script, {
args: [params.containerPath, params.allowFinalSymlink ? "1" : "0"],
});