github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 08:52:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: exclude maxTokens from config redaction + honor deleteAfterRun on skipped cron jobs (#13342)

Browse Source 
* fix: exclude maxTokens and token-count fields from config redaction

The /token/i regex in SENSITIVE_KEY_PATTERNS falsely matched fields like
maxTokens, maxOutputTokens, maxCompletionTokens etc. These are numeric
config fields for token counts, not sensitive credentials.

Added a whitelist (SENSITIVE_KEY_WHITELIST) that explicitly excludes
known token-count field names from redaction. This prevents config
corruption when maxTokens gets replaced with __OPENCLAW_REDACTED__
during config round-trips.

Fixes #13236

* fix: honor deleteAfterRun for one-shot 'at' jobs with 'skipped' status

Previously, deleteAfterRun only triggered when result.status was 'ok'.
For one-shot 'at' jobs, a 'skipped' status (e.g. empty heartbeat file)
would leave the job in state but disabled, never getting cleaned up.

Now deleteAfterRun also triggers on 'skipped' status for 'at' jobs,
since a skipped one-shot job has no meaningful retry path.

Fixes #13249

* Cron: format timer.ts

---------

Co-authored-by: nice03 <niceyslee@gmail.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
This commit is contained in:
niceysam
2026-02-12 22:55:05 +09:00
committed by GitHub
parent f8cad44cd6
commit f7e05d0136
3 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/config/redact-snapshot.ts
View File

@@ -8,6 +8,22 @@ import type { ConfigFileSnapshot } from "./types.openclaw.js";
*/
export const REDACTED_SENTINEL = "__OPENCLAW_REDACTED__";
/**
* Non-sensitive field names that happen to match sensitive patterns.
* These are explicitly excluded from redaction.
*/
const SENSITIVE_KEY_WHITELIST = new Set([
"maxtokens",
"maxoutputtokens",
"maxinputtokens",
"maxcompletiontokens",
"contexttokens",
"totaltokens",
"tokencount",
"tokenlimit",
"tokenbudget",
]);
/**
* Patterns that identify sensitive config field names.
* Aligned with the UI-hint logic in schema.ts.
@@ -15,6 +31,9 @@ export const REDACTED_SENTINEL = "__OPENCLAW_REDACTED__";
const SENSITIVE_KEY_PATTERNS = [/token$/i, /password/i, /secret/i, /api.?key/i];
function isSensitiveKey(key: string): boolean {
if (SENSITIVE_KEY_WHITELIST.has(key.toLowerCase())) {
return false;
}
return SENSITIVE_KEY_PATTERNS.some((pattern) => pattern.test(key));
}