fix(onboard): harden core-channel fallback adapters (#25803) (thanks @Suko)

2026-05-21 04:54:59 +00:00 · 2026-02-24 23:55:17 +00:00
parent cbdd989aa2
commit fdc058e6c3
3 changed files with 64 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,12 @@ Docs: https://docs.openclaw.ai

 ### Fixes

+- Gateway/Security: enforce gateway auth for the exact `/api/channels` plugin root path (plus `/api/channels/` descendants), with regression coverage for query/trailing-slash variants and near-miss paths that must remain plugin-owned. (#25753) Thanks @bmendonca3.
+- Security/Exec: sanitize inherited host execution environment before merge, canonicalize inherited PATH handling, and strip dangerous keys (`LD_*`, `DYLD_*`, `SSLKEYLOGFILE`, and related injection vectors) from non-sandboxed exec runs. (#25755) Thanks @bmendonca3.
+- Security/Hooks: normalize hook session-key classification with trim/lowercase plus Unicode NFKC folding (for example full-width `ＨＯＯＫ：...`) so external-content wrapping cannot be bypassed by mixed-case or lookalike prefixes. (#25750) Thanks @bmendonca3.
+- Security/Voice Call: add Telnyx webhook replay detection and canonicalize replay-key signature encoding (Base64/Base64URL equivalent forms dedupe together), so duplicate signed webhook deliveries no longer re-trigger side effects. (#25832) Thanks @bmendonca3.
+- WhatsApp/Web reconnect: treat close status `440` as non-retryable (including string-form status values), stop reconnect loops immediately, and emit operator guidance to relink after resolving session conflicts. (#25858) Thanks @markmusson.
+- Onboarding/Telegram: keep core-channel onboarding available when plugin registry population is missing by falling back to built-in adapters and continuing wizard setup with actionable recovery guidance. (#25803) Thanks @Suko.
 - Automation/Subagent/Cron reliability: honor `ANNOUNCE_SKIP` in `sessions_spawn` completion/direct announce flows (no user-visible token leaks), add transient direct-announce retries for channel unavailability (for example WhatsApp listener reconnect windows), and include `cron` in the `coding` tool profile so `/tools/invoke` can execute cron actions when explicitly allowed by gateway policy. (#25800, #25656, #25842, #25813, #25822, #25821) Thanks @astra-fer, @aaajiao, @dwight11232-coder, @kevinWangSheng, @widingmarcus-cyber, and @stakeswky.
 - Discord/Block streaming: restore block-streamed reply delivery by suppressing only reasoning payloads (instead of all `block` payloads), fixing missing Discord replies in `channels.discord.streaming=block` mode. (#25839, #25836, #25792) Thanks @pewallin.
 - Matrix/Read receipts: send read receipts as soon as Matrix messages arrive (before handler pipeline work), so clients no longer show long-lived unread/sent states while replies are processing. (#25841, #25840) Thanks @joshjhall.
@@ -599,7 +605,6 @@ Docs: https://docs.openclaw.ai
 - Security/Media: harden local media ingestion against TOCTOU/symlink swap attacks by pinning reads to a single file descriptor with symlink rejection and inode/device verification in `saveMediaSource`. Thanks @dorjoos for reporting.
 - Security/Lobster (Windows): for the next npm release, remove shell-based fallback when launching Lobster wrappers (`.cmd`/`.bat`) and switch to explicit argv execution with wrapper entrypoint resolution, preventing command injection while preserving Windows wrapper compatibility. Thanks @allsmog for reporting.
 - Security/Exec: require `tools.exec.safeBins` binaries to resolve from trusted bin directories (system defaults plus gateway startup `PATH`) so PATH-hijacked trojan binaries cannot bypass allowlist checks. Thanks @jackhax for reporting.
- Security/Exec: sanitize inherited host execution environment before merge and strip dangerous keys (`LD_*`, `DYLD_*`, `SSLKEYLOGFILE`, and related injection vectors) from non-sandboxed exec runs. (#9792)
 - Security/Exec: remove file-existence oracle behavior from `tools.exec.safeBins` by using deterministic argv-only stdin-safe validation and blocking file-oriented flags (for example `sort -o`, `jq -f`, `grep -f`) so allow/deny results no longer disclose host file presence. Thanks @nedlir for reporting.
 - Security/Browser: route browser URL navigation through one SSRF-guarded validation path for tab-open/CDP-target/Playwright navigation flows and block private/metadata destinations by default (configurable via `browser.ssrfPolicy`). Thanks @dorjoos for reporting.
 - Security/Exec: for the next npm release, harden safe-bin stdin-only enforcement by blocking output/recursive flags (`sort -o/--output`, grep recursion) and tightening default safe bins to remove `sort`/`grep`, preventing safe-bin allowlist bypass for file writes/recursive reads. Thanks @nedlir for reporting.
--- a/src/commands/onboard-channels.test.ts
+++ b/src/commands/onboard-channels.test.ts
@@ -129,6 +129,10 @@ describe("setupChannels", () => {
      );
    });
    expect(sawHardStop).toBe(false);
+    expect(note).toHaveBeenCalledWith(
+      expect.stringContaining("continuing with onboarding"),
+      "Channel setup",
+    );
  });

  it("shows explicit dmScope config command in channel primer", async () => {
--- a/src/commands/onboarding/registry.test.ts
+++ b/src/commands/onboarding/registry.test.ts
@@ -0,0 +1,54 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { ChannelOnboardingAdapter } from "./types.js";
+
+const listChannelPluginsMock = vi.fn();
+
+vi.mock("../../channels/plugins/index.js", () => ({
+  listChannelPlugins: () => listChannelPluginsMock(),
+}));
+
+function createAdapter(channel: ChannelOnboardingAdapter["channel"]): ChannelOnboardingAdapter {
+  return {
+    channel,
+    getStatus: async () => ({
+      channel,
+      configured: false,
+      statusLines: [],
+    }),
+    configure: async (ctx) => ({ cfg: ctx.cfg }),
+  };
+}
+
+describe("onboarding registry", () => {
+  beforeEach(() => {
+    listChannelPluginsMock.mockReset();
+    listChannelPluginsMock.mockReturnValue([]);
+  });
+
+  it("falls back to built-in adapters when plugin registry is empty", async () => {
+    const { getChannelOnboardingAdapter } = await import("./registry.js");
+    expect(getChannelOnboardingAdapter("telegram")).toBeTruthy();
+    expect(getChannelOnboardingAdapter("whatsapp")).toBeTruthy();
+    expect(getChannelOnboardingAdapter("discord")).toBeTruthy();
+    expect(getChannelOnboardingAdapter("slack")).toBeTruthy();
+    expect(getChannelOnboardingAdapter("signal")).toBeTruthy();
+    expect(getChannelOnboardingAdapter("imessage")).toBeTruthy();
+  });
+
+  it("prefers registry adapters over built-in fallback for the same channel", async () => {
+    const customTelegramAdapter = createAdapter("telegram");
+    listChannelPluginsMock.mockReturnValue([
+      {
+        id: "telegram",
+        onboarding: customTelegramAdapter,
+      },
+    ]);
+    const { getChannelOnboardingAdapter, listChannelOnboardingAdapters } =
+      await import("./registry.js");
+
+    expect(getChannelOnboardingAdapter("telegram")).toBe(customTelegramAdapter);
+    expect(
+      listChannelOnboardingAdapters().filter((adapter) => adapter.channel === "telegram"),
+    ).toHaveLength(1);
+  });
+});