Skip to content

Commit 4babd92

Browse files
steipetesteipete
committed
refactor: trim infra env exports
1 parent 4fce562 commit 4babd92

9 files changed

Lines changed: 23 additions & 32 deletions

src/infra/exec-approval-session-target.ts

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,6 @@ import type { ExecApprovalRequest } from "./exec-approvals.js";
1010
import { resolveSessionDeliveryTarget } from "./outbound/targets.js";
1111
import type { PluginApprovalRequest } from "./plugin-approvals.js";
1212

13-
export {
14-
doesApprovalRequestMatchChannelAccount,
15-
resolveApprovalRequestAccountId,
16-
resolveApprovalRequestChannelAccountId,
17-
} from "./approval-request-account-binding.js";
18-
1913
export type ExecApprovalSessionTarget = {
2014
channel?: string;
2115
to: string;

src/infra/exec-safe-bin-policy-profiles.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -295,7 +295,7 @@ export function resolveSafeBinProfiles(
295295
};
296296
}
297297

298-
export function resolveSafeBinDeniedFlags(
298+
function resolveSafeBinDeniedFlags(
299299
fixtures: Readonly<Record<string, SafeBinProfileFixture>> = SAFE_BIN_PROFILE_FIXTURES,
300300
): Record<string, string[]> {
301301
const out: Record<string, string[]> = {};

src/infra/fs-pinned-write-helper.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ import type { Readable } from "node:stream";
77
import { pipeline } from "node:stream/promises";
88
import type { FileIdentityStat } from "./file-identity.js";
99

10-
export type PinnedWriteInput =
10+
type PinnedWriteInput =
1111
| { kind: "buffer"; data: string | Buffer; encoding?: BufferEncoding }
1212
| { kind: "stream"; stream: Readable };
1313

src/infra/gateway-discovery-targets.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import {
55
type GatewayDiscoveryResolvedEndpoint,
66
} from "./bonjour-discovery.js";
77

8-
export type GatewayDiscoveryTarget = {
8+
type GatewayDiscoveryTarget = {
99
title: string;
1010
domain: string;
1111
endpoint: GatewayDiscoveryResolvedEndpoint | null;

src/infra/gateway-lock.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ const LockPayloadSchema = z.object({
2929
startTime: z.number().optional(),
3030
}) as z.ZodType<LockPayload>;
3131

32-
export type GatewayLockHandle = {
32+
type GatewayLockHandle = {
3333
lockPath: string;
3434
configPath: string;
3535
release: () => Promise<void>;

src/infra/git-root.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import fs from "node:fs";
22
import path from "node:path";
33

4-
export const DEFAULT_GIT_DISCOVERY_MAX_DEPTH = 12;
4+
const DEFAULT_GIT_DISCOVERY_MAX_DEPTH = 12;
55

66
function walkUpFrom<T>(
77
startDir: string,

src/infra/heartbeat-reason.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import { normalizeOptionalString } from "../shared/string-coerce.js";
22

3-
export type HeartbeatReasonKind =
3+
type HeartbeatReasonKind =
44
| "retry"
55
| "interval"
66
| "manual"

src/infra/heartbeat-typing.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ type HeartbeatTypingLogger = {
88
debug?: (message: string, meta?: Record<string, unknown>) => void;
99
};
1010

11-
export type HeartbeatTypingTarget = {
11+
type HeartbeatTypingTarget = {
1212
channel: string;
1313
to?: string;
1414
accountId?: string | null;

src/infra/host-env-security.ts

Lines changed: 16 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -4,25 +4,25 @@ import { markOpenClawExecEnv } from "./openclaw-exec-env.js";
44
const PORTABLE_ENV_VAR_KEY = /^[A-Za-z_][A-Za-z0-9_]*$/;
55
const WINDOWS_COMPAT_OVERRIDE_ENV_VAR_KEY = /^[A-Za-z_][A-Za-z0-9_()]*$/;
66

7-
export const HOST_DANGEROUS_ENV_KEY_VALUES: readonly string[] = Object.freeze([
7+
const HOST_DANGEROUS_ENV_KEY_VALUES: readonly string[] = Object.freeze([
88
...HOST_ENV_SECURITY_POLICY.blockedKeys,
99
]);
10-
export const HOST_DANGEROUS_ENV_PREFIXES: readonly string[] = Object.freeze([
10+
const HOST_DANGEROUS_ENV_PREFIXES: readonly string[] = Object.freeze([
1111
...HOST_ENV_SECURITY_POLICY.blockedPrefixes,
1212
]);
13-
export const HOST_DANGEROUS_INHERITED_ENV_KEY_VALUES: readonly string[] = Object.freeze([
13+
const HOST_DANGEROUS_INHERITED_ENV_KEY_VALUES: readonly string[] = Object.freeze([
1414
...HOST_ENV_SECURITY_POLICY.blockedInheritedKeys,
1515
]);
16-
export const HOST_DANGEROUS_INHERITED_ENV_PREFIXES: readonly string[] = Object.freeze([
16+
const HOST_DANGEROUS_INHERITED_ENV_PREFIXES: readonly string[] = Object.freeze([
1717
...HOST_ENV_SECURITY_POLICY.blockedInheritedPrefixes,
1818
]);
19-
export const HOST_DANGEROUS_OVERRIDE_ENV_KEY_VALUES: readonly string[] = Object.freeze([
19+
const HOST_DANGEROUS_OVERRIDE_ENV_KEY_VALUES: readonly string[] = Object.freeze([
2020
...HOST_ENV_SECURITY_POLICY.blockedOverrideKeys,
2121
]);
22-
export const HOST_DANGEROUS_OVERRIDE_ENV_PREFIXES: readonly string[] = Object.freeze([
22+
const HOST_DANGEROUS_OVERRIDE_ENV_PREFIXES: readonly string[] = Object.freeze([
2323
...HOST_ENV_SECURITY_POLICY.blockedOverridePrefixes,
2424
]);
25-
export const HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_KEY_VALUES: readonly string[] = Object.freeze([
25+
const HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_KEY_VALUES: readonly string[] = Object.freeze([
2626
"TERM",
2727
"LANG",
2828
"LC_ALL",
@@ -32,16 +32,13 @@ export const HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_KEY_VALUES: readonly string
3232
"NO_COLOR",
3333
"FORCE_COLOR",
3434
]);
35-
export const HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_PREFIX_VALUES: readonly string[] =
36-
Object.freeze(["LC_"]);
37-
export const HOST_DANGEROUS_ENV_KEYS = new Set<string>(HOST_DANGEROUS_ENV_KEY_VALUES);
38-
export const HOST_DANGEROUS_INHERITED_ENV_KEYS = new Set<string>(
39-
HOST_DANGEROUS_INHERITED_ENV_KEY_VALUES,
40-
);
41-
export const HOST_DANGEROUS_OVERRIDE_ENV_KEYS = new Set<string>(
42-
HOST_DANGEROUS_OVERRIDE_ENV_KEY_VALUES,
43-
);
44-
export const HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_KEYS = new Set<string>(
35+
const HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_PREFIX_VALUES: readonly string[] = Object.freeze([
36+
"LC_",
37+
]);
38+
const HOST_DANGEROUS_ENV_KEYS = new Set<string>(HOST_DANGEROUS_ENV_KEY_VALUES);
39+
const HOST_DANGEROUS_INHERITED_ENV_KEYS = new Set<string>(HOST_DANGEROUS_INHERITED_ENV_KEY_VALUES);
40+
const HOST_DANGEROUS_OVERRIDE_ENV_KEYS = new Set<string>(HOST_DANGEROUS_OVERRIDE_ENV_KEY_VALUES);
41+
const HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_KEYS = new Set<string>(
4542
HOST_SHELL_WRAPPER_ALLOWED_OVERRIDE_ENV_KEY_VALUES,
4643
);
4744

@@ -59,13 +56,13 @@ function isShellWrapperAllowedOverrideEnvVarName(rawKey: string): boolean {
5956
);
6057
}
6158

62-
export type HostExecEnvSanitizationResult = {
59+
type HostExecEnvSanitizationResult = {
6360
env: Record<string, string>;
6461
rejectedOverrideBlockedKeys: string[];
6562
rejectedOverrideInvalidKeys: string[];
6663
};
6764

68-
export type HostExecEnvOverrideDiagnostics = {
65+
type HostExecEnvOverrideDiagnostics = {
6966
rejectedOverrideBlockedKeys: string[];
7067
rejectedOverrideInvalidKeys: string[];
7168
};

0 commit comments

Comments
 (0)