github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 02:21:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix (gateway): redact sensitive status details for non-admin scopes

Browse Source
This commit is contained in:
Vignesh Natarajan
2026-02-14 21:14:55 -08:00
parent 0dec234505
commit fac040cb10
4 changed files with 133 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
src/commands/status.summary.redaction.test.ts Normal file
View File

@@ -0,0 +1,69 @@
import { describe, expect, it } from "vitest";
import type { StatusSummary } from "./status.types.js";
import { redactSensitiveStatusSummary } from "./status.summary.js";
describe("redactSensitiveStatusSummary", () => {
it("removes sensitive session and path details while preserving summary structure", () => {
const input: StatusSummary = {
heartbeat: {
defaultAgentId: "main",
agents: [{ agentId: "main", enabled: true, every: "5m", everyMs: 300_000 }],
},
channelSummary: ["ok"],
queuedSystemEvents: ["none"],
sessions: {
paths: ["/tmp/openclaw/sessions.json"],
count: 1,
defaults: { model: "gpt-5", contextTokens: 200_000 },
recent: [
{
key: "main",
kind: "direct",
sessionId: "sess-1",
updatedAt: 1,
age: 2,
totalTokens: 3,
totalTokensFresh: true,
remainingTokens: 4,
percentUsed: 5,
model: "gpt-5",
contextTokens: 200_000,
flags: ["id:sess-1"],
},
],
byAgent: [
{
agentId: "main",
path: "/tmp/openclaw/main-sessions.json",
count: 1,
recent: [
{
key: "main",
kind: "direct",
sessionId: "sess-1",
updatedAt: 1,
age: 2,
totalTokens: 3,
totalTokensFresh: true,
remainingTokens: 4,
percentUsed: 5,
model: "gpt-5",
contextTokens: 200_000,
flags: ["id:sess-1"],
},
],
},
],
},
};
const redacted = redactSensitiveStatusSummary(input);
expect(redacted.sessions.paths).toEqual([]);
expect(redacted.sessions.defaults).toEqual({ model: null, contextTokens: null });
expect(redacted.sessions.recent).toEqual([]);
expect(redacted.sessions.byAgent[0]?.path).toBe("[redacted]");
expect(redacted.sessions.byAgent[0]?.recent).toEqual([]);
expect(redacted.heartbeat).toEqual(input.heartbeat);
expect(redacted.channelSummary).toEqual(input.channelSummary);
});
});

28
src/commands/status.summary.ts
View File

@@ -67,7 +67,30 @@ const buildFlags = (entry?: SessionEntry): string[] => {
return flags;
};
export async function getStatusSummary(): Promise<StatusSummary> {
export function redactSensitiveStatusSummary(summary: StatusSummary): StatusSummary {
return {
...summary,
sessions: {
...summary.sessions,
paths: [],
defaults: {
model: null,
contextTokens: null,
},
recent: [],
byAgent: summary.sessions.byAgent.map((entry) => ({
...entry,
path: "[redacted]",
recent: [],
})),
},
};
}
export async function getStatusSummary(
options: { includeSensitive?: boolean } = {},
): Promise<StatusSummary> {
const { includeSensitive = true } = options;
const cfg = loadConfig();
const linkContext = await resolveLinkChannelContext(cfg);
const agentList = listAgentsForGateway(cfg);
@@ -179,7 +202,7 @@ export async function getStatusSummary(): Promise<StatusSummary> {
const recent = allSessions.slice(0, 10);
const totalSessions = allSessions.length;
return {
const summary: StatusSummary = {
linkChannel: linkContext
? {
id: linkContext.plugin.id,
@@ -205,4 +228,5 @@ export async function getStatusSummary(): Promise<StatusSummary> {
byAgent,
},
};
return includeSensitive ? summary : redactSensitiveStatusSummary(summary);
}