github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 08:51:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f788de30c842626e62e3a1bc3159ce2885d7ae5f
openclaw/src/gateway
History
David Rudduck f788de30c8 fix(security): sanitize error responses to prevent information leakage (#5) 
* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.
2026-02-13 16:58:30 +01:00
..
protocol
fix: preserve inter-session input provenance (thanks @anbecker)
2026-02-13 02:02:01 +01:00
server
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
server-methods
fix: Finish credential redaction that was merged unfinished (#13073)
2026-02-13 16:19:21 +01:00
assistant-identity.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
assistant-identity.ts
feat(ui): add Agents dashboard
2026-02-02 21:31:17 -05:00
auth-rate-limit.test.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
auth-rate-limit.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
auth.test.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
auth.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
boot.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
boot.ts
fix: fix(boot): use ephemeral session per boot to prevent stale context (openclaw#11764) thanks @mcinteerj
2026-02-12 09:41:43 -06:00
call.test.ts
fix: context overflow compaction and subagent announce improvements (#11664) (thanks @tyler6204)
2026-02-07 20:02:32 -08:00
call.ts
fix: context overflow compaction and subagent announce improvements (#11664) (thanks @tyler6204)
2026-02-07 20:02:32 -08:00
chat-abort.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
chat-attachments.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
chat-attachments.ts
fix(gateway): increase WebSocket max payload to 5 MB for image uploads (#14486)
2026-02-12 17:48:49 +01:00
chat-sanitize.test.ts
fix: hide message_id hints in web chat
2026-01-24 13:52:31 +00:00
chat-sanitize.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
client.e2e.test.ts
test: migrate suites to e2e coverage layout
2026-02-13 14:28:22 +00:00
client.maxpayload.test.ts
perf(test): reduce module reload overhead in key suites
2026-02-13 15:45:19 +00:00
client.ts
chore: Enable typescript/no-explicit-any rule.
2026-02-02 16:18:09 +09:00
config-reload.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
config-reload.ts
fix: ignore meta field changes in config file watcher (#13460)
2026-02-12 07:55:26 -06:00
control-ui-shared.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
control-ui.test.ts
fix: harden control ui framing + ws origin
2026-02-03 16:00:57 -08:00
control-ui.ts
fix: harden control ui framing + ws origin
2026-02-03 16:00:57 -08:00
device-auth.ts
feat: enforce device-bound connect challenge
2026-01-20 13:04:19 +00:00
exec-approval-manager.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
gateway-cli-backend.live.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
gateway-models.profiles.live.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
gateway.e2e.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
hooks-mapping.test.ts
feat(hooks): add agentId support to webhook mappings (#13672)
2026-02-10 19:23:58 -05:00
hooks-mapping.ts
feat(hooks): add agentId support to webhook mappings (#13672)
2026-02-10 19:23:58 -05:00
hooks.test.ts
fix: harden hook session key routing defaults
2026-02-13 02:09:14 +01:00
hooks.ts
fix: harden hook session key routing defaults
2026-02-13 02:09:14 +01:00
http-common.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
http-utils.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
live-image-probe.ts
refactor: consolidate PNG encoder and safeParseJson utilities (#12457)
2026-02-09 00:21:54 -08:00
net.test.ts
fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (#11448)
2026-02-07 19:16:51 -06:00
net.ts
Update contributing, deduplicate more functions
2026-02-09 19:21:33 -08:00
node-command-policy.test.ts
Gateway/Plugins: device pairing + phone control plugins (#11755)
2026-02-08 18:07:13 +01:00
node-command-policy.ts
Gateway/Plugins: device pairing + phone control plugins (#11755)
2026-02-08 18:07:13 +01:00
node-registry.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
open-responses.schema.ts
feat(gateway): implement OpenResponses /v1/responses endpoint phase 2
2026-01-20 07:37:01 +00:00
openai-http.e2e.test.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
openai-http.ts
fix(security): sanitize error responses to prevent information leakage (#5)
2026-02-13 16:58:30 +01:00
openresponses-http.e2e.test.ts
fix: harden OpenResponses URL input fetching
2026-02-13 01:38:49 +01:00
openresponses-http.ts
fix(security): sanitize error responses to prevent information leakage (#5)
2026-02-13 16:58:30 +01:00
openresponses-parity.e2e.test.ts
test(gateway): add OpenResponses parity E2E tests
2026-01-20 07:37:01 +00:00
origin-check.test.ts
fix: harden control ui framing + ws origin
2026-02-03 16:00:57 -08:00
origin-check.ts
refactor: centralize isPlainObject, isRecord, isErrno, isLoopbackHost utilities (#12926)
2026-02-09 17:02:55 -08:00
probe.ts
refactor: consolidate duplicate utility functions (#12439)
2026-02-08 23:59:43 -08:00
server-broadcast.test.ts
TUI/Gateway: fix pi streaming + tool routing + model display + msg updating (#8432)
2026-02-04 17:12:16 -05:00
server-broadcast.ts
TUI/Gateway: fix pi streaming + tool routing + model display + msg updating (#8432)
2026-02-04 17:12:16 -05:00
server-browser.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server-channels.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-chat-registry.test.ts
test(gateway): cover helper registries
2026-01-03 19:37:09 +01:00
server-chat.agent-events.test.ts
feat(gateway): stream thinking events and decouple tool events from verbose level (#10568)
2026-02-10 19:17:21 -06:00
server-chat.ts
feat(gateway): stream thinking events and decouple tool events from verbose level (#10568)
2026-02-10 19:17:21 -06:00
server-close.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-constants.ts
fix(gateway): increase WebSocket max payload to 5 MB for image uploads (#14486)
2026-02-12 17:48:49 +01:00
server-cron.ts
fix(cron): pass agentId to runHeartbeatOnce for main-session jobs (#14140)
2026-02-11 22:22:29 -06:00
server-discovery-runtime.ts
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
server-discovery.test.ts
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
server-discovery.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server-http.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
server-lanes.ts
refactor: use command lane enum
2026-01-20 10:51:25 +00:00
server-maintenance.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-methods-list.ts
feat(gateway): add agents.create/update/delete methods (#11045)
2026-02-07 16:47:58 -08:00
server-methods.ts
feat(gateway): add agents.create/update/delete methods (#11045)
2026-02-07 16:47:58 -08:00
server-mobile-nodes.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server-model-catalog.ts
refactor(gateway): split server runtime
2026-01-14 09:11:21 +00:00
server-node-events-types.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server-node-events.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-node-events.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-node-subscriptions.test.ts
chore: Enable more lint rules, disable some that trigger a lot. Will clean up later.
2026-01-31 16:04:04 +09:00
server-node-subscriptions.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server-plugins.test.ts
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
server-plugins.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-reload-handlers.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-restart-sentinel.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-runtime-config.ts
fix(ui): fix web UI after tsdown migration and typing changes
2026-02-03 13:56:20 -05:00
server-runtime-state.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
server-session-key.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server-shared.ts
refactor(gateway): split server helpers
2026-01-03 19:37:09 +01:00
server-startup-log.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server-startup-memory.test.ts
Gateway: eager-init QMD backend on startup
2026-02-09 23:58:34 -08:00
server-startup-memory.ts
Gateway: eager-init QMD backend on startup
2026-02-09 23:58:34 -08:00
server-startup.ts
Gateway: eager-init QMD backend on startup
2026-02-09 23:58:34 -08:00
server-tailscale.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
server-utils.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
server-utils.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server-wizard-sessions.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server-ws-runtime.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
server.agent.gateway-server-agent-a.e2e.test.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
server.agent.gateway-server-agent-b.e2e.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server.auth.e2e.test.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
server.canvas-auth.e2e.test.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
server.channels.e2e.test.ts
feat: Add Line plugin (#1630)
2026-01-25 12:22:36 +00:00
server.chat.gateway-server-chat-b.e2e.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server.chat.gateway-server-chat.e2e.test.ts
TUI/Gateway: fix pi streaming + tool routing + model display + msg updating (#8432)
2026-02-04 17:12:16 -05:00
server.config-apply.e2e.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server.config-patch.e2e.test.ts
security: redact credentials from config.get gateway responses (#9858)
2026-02-05 16:34:48 -08:00
server.cron.e2e.test.ts
fix: cron scheduler reliability, store hardening, and UX improvements (#10776)
2026-02-06 18:03:03 -08:00
server.health.e2e.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server.hooks.e2e.test.ts
fix: harden hook session key routing defaults
2026-02-13 02:09:14 +01:00
server.impl.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
server.ios-client-id.e2e.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server.models-voicewake-misc.e2e.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
server.nodes.late-invoke.test.ts
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
server.plugin-http-auth.test.ts
fix: Unauthenticated Nostr profile API allows remote config tampering (#13719)
2026-02-12 07:55:22 -06:00
server.reload.e2e.test.ts
chore: Enable more lint rules, disable some that trigger a lot. Will clean up later.
2026-01-31 16:04:04 +09:00
server.roles-allowlist-update.e2e.test.ts
fix(update): honor update.channel for update.run
2026-02-03 17:57:55 -08:00
server.sessions-send.e2e.test.ts
fix: preserve inter-session input provenance (thanks @anbecker)
2026-02-13 02:02:01 +01:00
server.sessions.gateway-server-sessions-a.e2e.test.ts
fix: /status shows incorrect context percentage — totalTokens clamped to contextTokens (#15114) (#15133)
2026-02-12 23:52:19 -05:00
server.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
session-utils.fs.test.ts
fix(ci): resolve windows test path assertion and sync protocol swift models
2026-02-13 02:39:34 +01:00
session-utils.fs.ts
fix: preserve inter-session input provenance (thanks @anbecker)
2026-02-13 02:02:01 +01:00
session-utils.test.ts
fix: /status shows incorrect context percentage — totalTokens clamped to contextTokens (#15114) (#15133)
2026-02-12 23:52:19 -05:00
session-utils.ts
fix: /status shows incorrect context percentage — totalTokens clamped to contextTokens (#15114) (#15133)
2026-02-12 23:52:19 -05:00
session-utils.types.ts
fix: /status shows incorrect context percentage — totalTokens clamped to contextTokens (#15114) (#15133)
2026-02-12 23:52:19 -05:00
sessions-patch.test.ts
test: lock /think off persistence (#9564)
2026-02-09 16:08:15 -08:00
sessions-patch.ts
Fix: Honor /think off for reasoning-capable models
2026-02-09 16:08:15 -08:00
sessions-resolve.ts
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
test-helpers.e2e.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
test-helpers.mocks.ts
security: redact credentials from config.get gateway responses (#9858)
2026-02-05 16:34:48 -08:00
test-helpers.openai-mock.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
test-helpers.server.ts
fix(gateway): default-deny missing connect scopes
2026-02-11 12:04:30 +01:00
test-helpers.ts
refactor(src): split oversized modules
2026-01-14 01:17:56 +00:00
tools-invoke-http.test.ts
fix: close OC-02 gaps in ACP permission + gateway HTTP deny config (#15390) (thanks @aether-ai-agent)
2026-02-13 14:30:06 +01:00
tools-invoke-http.ts
fix(security): sanitize error responses to prevent information leakage (#5)
2026-02-13 16:58:30 +01:00
ws-log.test.ts
fix: add agent context to ws logs
2026-01-17 20:37:36 +00:00
ws-log.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
ws-logging.ts
Gateway: optimize ws logs in normal mode
2025-12-18 13:27:52 +00:00