github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 02:01:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
03bec49299446162015a531a125c6c0cf7901513
openclaw/src/auto-reply
History
zerone0x 03bec49299 fix: sanitize tool call text in sessions-helpers extractAssistantText 
Adds sanitization to extractAssistantText in sessions-helpers.ts to
prevent tool call text from leaking to users. Previously, messages
retrieved from chat history via sessions-helpers.ts could expose:

- Minimax XML tool calls (<invoke>...</invoke>)
- Downgraded tool call markers ([Tool Call: name (ID: ...)])
- Thinking tags (<think>...</think>)

This fix:
- Exports the stripping functions from pi-embedded-utils.ts
- Adds a new sanitizeTextContent helper in sessions-helpers.ts
- Updates extractAssistantText to sanitize before returning
- Updates extractMessageText in commands-subagents.ts to sanitize

Fixes #1269

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-23 07:03:26 +00:00
..
reply
fix: sanitize tool call text in sessions-helpers extractAssistantText
2026-01-23 07:03:26 +00:00
chunk.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
chunk.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
command-auth.test.ts
fix: harden whatsapp command auth
2026-01-15 07:54:39 +00:00
command-auth.ts
fix(security): gate slash/control commands
2026-01-17 06:49:34 +00:00
command-detection.test.ts
refactor: route channel runtime via plugin api
2026-01-18 11:01:16 +00:00
command-detection.ts
refactor(security): harden CommandAuthorized plumbing
2026-01-17 10:19:34 +00:00
commands-args.ts
fix: lint errors
2026-01-15 17:08:31 +00:00
commands-registry.args.test.ts
Usage: add cost summaries to /usage + mac menu
2026-01-19 00:05:06 +00:00
commands-registry.data.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
commands-registry.test.ts
feat(commands): add /models and fix /model listing UX
2026-01-21 11:53:29 -08:00
commands-registry.ts
refactor: route channel runtime via plugin api
2026-01-18 11:01:16 +00:00
commands-registry.types.ts
fix: tighten command arg value types
2026-01-15 17:08:09 +00:00
envelope.test.ts
fix: default envelope timestamps to local
2026-01-22 04:10:06 +00:00
envelope.ts
fix: default envelope timestamps to local
2026-01-22 04:10:06 +00:00
group-activation.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
heartbeat.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
heartbeat.ts
fix: heartbeat prompt + dedupe (#980) (thanks @voidserf)
2026-01-16 00:24:52 +00:00
inbound-debounce.test.ts
feat(whatsapp): add debounceMs for batching rapid messages (#971)
2026-01-15 23:07:19 +00:00
inbound-debounce.ts
feat(queue): add per-channel debounce overrides
2026-01-21 18:50:55 +00:00
media-note.test.ts
refactor: tighten media diagnostics
2026-01-17 07:27:38 +00:00
media-note.ts
refactor: tighten media diagnostics
2026-01-17 07:27:38 +00:00
model.test.ts
fix: refine model directive handling
2026-01-22 00:29:27 +00:00
model.ts
fix: refine model directive handling
2026-01-22 00:29:27 +00:00
reply.block-streaming.test.ts
fix: honor gateway env token for doctor/security
2026-01-23 03:16:52 +00:00
reply.directive.directive-behavior.accepts-thinking-xhigh-codex-models.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.directive.directive-behavior.applies-inline-reasoning-mixed-messages-acks-immediately.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.directive.directive-behavior.defaults-think-low-reasoning-capable-models-no.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.directive.directive-behavior.ignores-inline-model-uses-default-model.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
reply.directive.directive-behavior.lists-allowlisted-models-model-list.test.ts
fix: finish model list alias + heartbeat session (#1256) (thanks @zknicker)
2026-01-22 01:36:58 +00:00
reply.directive.directive-behavior.prefers-alias-matches-fuzzy-selection-is-ambiguous.test.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
reply.directive.directive-behavior.requires-per-agent-allowlist-addition-global.test.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
reply.directive.directive-behavior.returns-status-alongside-directive-only-acks.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.directive.directive-behavior.shows-current-elevated-level-as-off-after.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.directive.directive-behavior.shows-current-verbose-level-verbose-has-no.test.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
reply.directive.directive-behavior.supports-fuzzy-model-matches-model-directive.test.ts
test: update fuzzy model selection expectations (#1372) (thanks @zerone0x)
2026-01-22 01:16:59 +00:00
reply.directive.directive-behavior.updates-tool-verbose-during-flight-run-toggle.test.ts
fix: finish model list alias + heartbeat session (#1256) (thanks @zknicker)
2026-01-22 01:36:58 +00:00
reply.directive.parse.test.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
reply.heartbeat-typing.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
reply.media-note.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
reply.queue.test.ts
feat: enhance BlueBubbles media and message handling by adding reply context support and improving outbound message ID tracking
2026-01-20 12:07:54 +00:00
reply.raw-body.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.group-intro-prompts.test.ts
refactor: migrate messaging plugins to sdk
2026-01-18 08:54:00 +00:00
reply.triggers.trigger-handling.allows-activation-from-allowfrom-groups.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.trigger-handling.allows-approved-sender-toggle-elevated-mode.test.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
reply.triggers.trigger-handling.allows-elevated-off-groups-without-mention.test.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
reply.triggers.trigger-handling.filters-usage-summary-current-model-provider.test.ts
test(usage): cover modes and full footer
2026-01-18 06:01:25 +00:00
reply.triggers.trigger-handling.handles-inline-commands-strips-it-before-agent.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.trigger-handling.ignores-inline-elevated-directive-unapproved-sender.test.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
reply.triggers.trigger-handling.includes-error-cause-embedded-agent-throws.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.trigger-handling.keeps-inline-status-unauthorized-senders.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.trigger-handling.reports-active-auth-profile-key-snippet-status.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.trigger-handling.runs-compact-as-gated-command.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.trigger-handling.runs-greeting-prompt-bare-reset.test.ts
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
reply.triggers.trigger-handling.shows-endpoint-default-model-status-not-configured.test.ts
feat(slash-commands): usage footer modes
2026-01-18 05:35:35 +00:00
reply.triggers.trigger-handling.shows-quick-model-picker-grouped-by-model.test.ts
fix: finish model list alias + heartbeat session (#1256) (thanks @zknicker)
2026-01-22 01:36:58 +00:00
reply.triggers.trigger-handling.stages-inbound-media-into-sandbox-workspace.test.ts
ci: stabilize vitest runs
2026-01-18 06:58:54 +00:00
reply.triggers.trigger-handling.targets-active-session-native-stop.test.ts
fix: route native status to active agent
2026-01-20 19:04:31 +00:00
reply.ts
feat: add /exec session overrides
2026-01-18 06:12:54 +00:00
send-policy.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
skill-commands.test.ts
fix: add /skill fallback for native limits
2026-01-20 13:20:29 +00:00
skill-commands.ts
fix: add /skill fallback for native limits
2026-01-20 13:20:29 +00:00
status.test.ts
refactor: centralize sandbox runtime label
2026-01-21 09:07:21 +00:00
status.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
templating.test.ts
fix: make node-llama-cpp optional
2026-01-15 18:37:02 +00:00
templating.ts
feat: improve media auto-detect
2026-01-23 05:47:09 +00:00
thinking.test.ts
fix: align ZAI thinking toggles
2026-01-16 22:26:43 +00:00
thinking.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
tokens.ts
feat: add provider-specific tool policies
2026-01-15 03:55:20 +00:00
tool-meta.test.ts
fix: improve tool summaries
2026-01-23 01:00:24 +00:00
tool-meta.ts
fix: format exec elevated flag first in tool summaries
2026-01-17 21:54:24 +00:00
types.ts
feat: add dynamic template variables to messages.responsePrefix (#923)
2026-01-14 23:05:08 -05:00