From fdc058e6c30956e7fdb982f90259b7c4a19761d5 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Tue, 24 Feb 2026 23:55:17 +0000 Subject: [PATCH] fix(onboard): harden core-channel fallback adapters (#25803) (thanks @Suko) --- CHANGELOG.md | 7 ++- src/commands/onboard-channels.test.ts | 4 ++ src/commands/onboarding/registry.test.ts | 54 ++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 src/commands/onboarding/registry.test.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 39970b1a797..ec295b56ee0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,12 @@ Docs: https://docs.openclaw.ai ### Fixes +- Gateway/Security: enforce gateway auth for the exact `/api/channels` plugin root path (plus `/api/channels/` descendants), with regression coverage for query/trailing-slash variants and near-miss paths that must remain plugin-owned. (#25753) Thanks @bmendonca3. +- Security/Exec: sanitize inherited host execution environment before merge, canonicalize inherited PATH handling, and strip dangerous keys (`LD_*`, `DYLD_*`, `SSLKEYLOGFILE`, and related injection vectors) from non-sandboxed exec runs. (#25755) Thanks @bmendonca3. +- Security/Hooks: normalize hook session-key classification with trim/lowercase plus Unicode NFKC folding (for example full-width `HOOK:...`) so external-content wrapping cannot be bypassed by mixed-case or lookalike prefixes. (#25750) Thanks @bmendonca3. +- Security/Voice Call: add Telnyx webhook replay detection and canonicalize replay-key signature encoding (Base64/Base64URL equivalent forms dedupe together), so duplicate signed webhook deliveries no longer re-trigger side effects. (#25832) Thanks @bmendonca3. +- WhatsApp/Web reconnect: treat close status `440` as non-retryable (including string-form status values), stop reconnect loops immediately, and emit operator guidance to relink after resolving session conflicts. (#25858) Thanks @markmusson. +- Onboarding/Telegram: keep core-channel onboarding available when plugin registry population is missing by falling back to built-in adapters and continuing wizard setup with actionable recovery guidance. (#25803) Thanks @Suko. - Automation/Subagent/Cron reliability: honor `ANNOUNCE_SKIP` in `sessions_spawn` completion/direct announce flows (no user-visible token leaks), add transient direct-announce retries for channel unavailability (for example WhatsApp listener reconnect windows), and include `cron` in the `coding` tool profile so `/tools/invoke` can execute cron actions when explicitly allowed by gateway policy. (#25800, #25656, #25842, #25813, #25822, #25821) Thanks @astra-fer, @aaajiao, @dwight11232-coder, @kevinWangSheng, @widingmarcus-cyber, and @stakeswky. - Discord/Block streaming: restore block-streamed reply delivery by suppressing only reasoning payloads (instead of all `block` payloads), fixing missing Discord replies in `channels.discord.streaming=block` mode. (#25839, #25836, #25792) Thanks @pewallin. - Matrix/Read receipts: send read receipts as soon as Matrix messages arrive (before handler pipeline work), so clients no longer show long-lived unread/sent states while replies are processing. (#25841, #25840) Thanks @joshjhall. @@ -599,7 +605,6 @@ Docs: https://docs.openclaw.ai - Security/Media: harden local media ingestion against TOCTOU/symlink swap attacks by pinning reads to a single file descriptor with symlink rejection and inode/device verification in `saveMediaSource`. Thanks @dorjoos for reporting. - Security/Lobster (Windows): for the next npm release, remove shell-based fallback when launching Lobster wrappers (`.cmd`/`.bat`) and switch to explicit argv execution with wrapper entrypoint resolution, preventing command injection while preserving Windows wrapper compatibility. Thanks @allsmog for reporting. - Security/Exec: require `tools.exec.safeBins` binaries to resolve from trusted bin directories (system defaults plus gateway startup `PATH`) so PATH-hijacked trojan binaries cannot bypass allowlist checks. Thanks @jackhax for reporting. -- Security/Exec: sanitize inherited host execution environment before merge and strip dangerous keys (`LD_*`, `DYLD_*`, `SSLKEYLOGFILE`, and related injection vectors) from non-sandboxed exec runs. (#9792) - Security/Exec: remove file-existence oracle behavior from `tools.exec.safeBins` by using deterministic argv-only stdin-safe validation and blocking file-oriented flags (for example `sort -o`, `jq -f`, `grep -f`) so allow/deny results no longer disclose host file presence. Thanks @nedlir for reporting. - Security/Browser: route browser URL navigation through one SSRF-guarded validation path for tab-open/CDP-target/Playwright navigation flows and block private/metadata destinations by default (configurable via `browser.ssrfPolicy`). Thanks @dorjoos for reporting. - Security/Exec: for the next npm release, harden safe-bin stdin-only enforcement by blocking output/recursive flags (`sort -o/--output`, grep recursion) and tightening default safe bins to remove `sort`/`grep`, preventing safe-bin allowlist bypass for file writes/recursive reads. Thanks @nedlir for reporting. diff --git a/src/commands/onboard-channels.test.ts b/src/commands/onboard-channels.test.ts index d6c0669e4fd..d314fa9b59c 100644 --- a/src/commands/onboard-channels.test.ts +++ b/src/commands/onboard-channels.test.ts @@ -129,6 +129,10 @@ describe("setupChannels", () => { ); }); expect(sawHardStop).toBe(false); + expect(note).toHaveBeenCalledWith( + expect.stringContaining("continuing with onboarding"), + "Channel setup", + ); }); it("shows explicit dmScope config command in channel primer", async () => { diff --git a/src/commands/onboarding/registry.test.ts b/src/commands/onboarding/registry.test.ts new file mode 100644 index 00000000000..f501d257f18 --- /dev/null +++ b/src/commands/onboarding/registry.test.ts @@ -0,0 +1,54 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import type { ChannelOnboardingAdapter } from "./types.js"; + +const listChannelPluginsMock = vi.fn(); + +vi.mock("../../channels/plugins/index.js", () => ({ + listChannelPlugins: () => listChannelPluginsMock(), +})); + +function createAdapter(channel: ChannelOnboardingAdapter["channel"]): ChannelOnboardingAdapter { + return { + channel, + getStatus: async () => ({ + channel, + configured: false, + statusLines: [], + }), + configure: async (ctx) => ({ cfg: ctx.cfg }), + }; +} + +describe("onboarding registry", () => { + beforeEach(() => { + listChannelPluginsMock.mockReset(); + listChannelPluginsMock.mockReturnValue([]); + }); + + it("falls back to built-in adapters when plugin registry is empty", async () => { + const { getChannelOnboardingAdapter } = await import("./registry.js"); + expect(getChannelOnboardingAdapter("telegram")).toBeTruthy(); + expect(getChannelOnboardingAdapter("whatsapp")).toBeTruthy(); + expect(getChannelOnboardingAdapter("discord")).toBeTruthy(); + expect(getChannelOnboardingAdapter("slack")).toBeTruthy(); + expect(getChannelOnboardingAdapter("signal")).toBeTruthy(); + expect(getChannelOnboardingAdapter("imessage")).toBeTruthy(); + }); + + it("prefers registry adapters over built-in fallback for the same channel", async () => { + const customTelegramAdapter = createAdapter("telegram"); + listChannelPluginsMock.mockReturnValue([ + { + id: "telegram", + onboarding: customTelegramAdapter, + }, + ]); + const { getChannelOnboardingAdapter, listChannelOnboardingAdapters } = + await import("./registry.js"); + + expect(getChannelOnboardingAdapter("telegram")).toBe(customTelegramAdapter); + expect( + listChannelOnboardingAdapters().filter((adapter) => adapter.channel === "telegram"), + ).toHaveLength(1); + }); +});