Frank Yang
96e4975922
fix: protect bootstrap files during memory flush ( #38574 )
...
Merged via squash.
Prepared head SHA: a0b9a02e2e4488090+frankekn@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-10 12:44:33 +08:00
Peter Steinberger
74ecdec9ba
fix(security): harden fs-safe copy writes
2026-03-07 19:10:27 +00:00
Josh Avant
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-03-03 02:58:20 +00:00
Peter Steinberger
c20ee11348
fix: harden fs-safe write boundary checks
2026-03-02 23:36:23 +00:00
Peter Steinberger
34daed1d1e
refactor(core): dedupe infra, media, pairing, and plugin helpers
2026-03-02 21:32:11 +00:00
Peter Steinberger
dbbd41a2ed
fix(security): harden file installs and race-path tests
2026-03-02 19:30:02 +00:00
Peter Steinberger
7dac9b05dd
fix(security): harden zip write race handling
2026-03-02 17:38:11 +00:00
Peter Steinberger
104d32bb64
fix(security): unify root-bound write hardening
2026-03-02 17:12:33 +00:00
Peter Steinberger
4a80311628
refactor(security): split sandbox media staging and stream safe copies
2026-03-02 16:53:14 +00:00
cygaar
127217612c
fix(CI/CD): use path.resolve in expandHomePrefix test for Windows compat ( #30961 )
...
Merged via squash.
Prepared head SHA: 26bc11851797691933+cygaar@users.noreply.github.com >
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com >
Reviewed-by: @velvet-shark
2026-03-02 14:18:11 +01:00
Peter Steinberger
00dcd931cb
test(fs-safe): assert directory-read errors never leak EISDIR text
2026-03-02 03:35:20 +00:00
倪汉杰0668001185
6398a0ba8f
fix(infra): avoid EISDIR leak to messaging when Read targets directory ( Closes #31186 )
2026-03-02 03:35:20 +00:00
Peter Steinberger
710004e011
fix(security): harden root-scoped writes against symlink races
2026-03-02 01:27:46 +00:00
Peter Steinberger
c823a85302
fix: harden sandbox media reads against TOCTOU escapes
2026-03-02 01:04:01 +00:00
Onur
ac5d7ee4cd
Tests: normalize HOME expansion assertion on Windows
2026-03-01 20:39:24 +01:00
Glucksberg
645d963954
feat: expand ~ (tilde) to home directory in file tools (read/write/edit) (openclaw#29779) thanks @Glucksberg
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-03-01 07:00:52 -06:00
YuzuruS
f5c2be1910
fix: distinguish outside-workspace errors from not-found in fs-safe
...
When editing a file outside the workspace root, SafeOpenError previously
used the "invalid-path" code with the message "path escapes root". This
was indistinguishable from other invalid-path errors (hardlinks, symlinks,
non-files) and consumers often fell back to a generic "not found" message,
which was misleading.
Add a new "outside-workspace" error code with the message "file is outside
workspace root" so consumers can surface a clear, accurate error message.
- fs-safe.ts: add "outside-workspace" to SafeOpenErrorCode, use it for
all path-escapes-root checks in openFileWithinRoot/writeFileWithinRoot
- pi-tools.read.ts: map "outside-workspace" to EACCES instead of rethrowing
- browser/paths.ts: return specific "File is outside {scopeLabel}" message
- media/server.ts: return 400 with descriptive message for outside-workspace
- fs-safe.test.ts: update traversal test expectations
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-28 18:08:10 +05:30
Peter Steinberger
e3385a6578
fix(security): harden root file guards and host writes
2026-02-26 13:32:58 +01:00
Peter Steinberger
ad1c07e7c0
refactor: eliminate remaining duplicate blocks across draft streams and tests
2026-02-22 07:44:57 +00:00
Peter Steinberger
bf3f8ec428
refactor(media): unify safe local file reads
2026-02-19 10:21:20 +01:00
