refactor(security,config): split oversized files using dot-naming con…#13182
Merged
quotentiroler merged 1 commit intomainfrom Feb 10, 2026
Merged
refactor(security,config): split oversized files using dot-naming con…#13182quotentiroler merged 1 commit intomainfrom
quotentiroler merged 1 commit intomainfrom
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+222
to
+230
|
|
||
| const allow = params.cfg.plugins?.allow; | ||
| const allowConfigured = Array.isArray(allow) && allow.length > 0; | ||
| if (!allowConfigured) { | ||
| const hasString = (value: unknown) => typeof value === "string" && value.trim().length > 0; | ||
| const hasAccountStringKey = (account: unknown, key: string) => | ||
| Boolean( | ||
| account && | ||
| typeof account === "object" && |
Contributor
There was a problem hiding this comment.
Env leakage breaks tests
collectPluginsTrustFindings reads tokens from process.env (e.g., DISCORD_BOT_TOKEN, TELEGRAM_BOT_TOKEN, SLACK_BOT_TOKEN, SLACK_APP_TOKEN) instead of the env passed through the audit pipeline. This makes audit results (and any unit tests that inject env) non-deterministic and environment-dependent. Use the injected env (add env to params like other collectors) rather than process.env here.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/security/audit-extra.async.ts
Line: 222:230
Comment:
**Env leakage breaks tests**
`collectPluginsTrustFindings` reads tokens from `process.env` (e.g., `DISCORD_BOT_TOKEN`, `TELEGRAM_BOT_TOKEN`, `SLACK_BOT_TOKEN`, `SLACK_APP_TOKEN`) instead of the `env` passed through the audit pipeline. This makes audit results (and any unit tests that inject `env`) non-deterministic and environment-dependent. Use the injected env (add `env` to params like other collectors) rather than `process.env` here.
How can I resolve this? If you propose a fix, please make it concise.…vention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan
quotentiroler
force-pushed
the
refactor/wave1-split-oversized-files
branch
from
4579a64 to
1e2f933
Compare
vignesh07
pushed a commit
that referenced
this pull request
Feb 10, 2026
refactor(security,config): split oversized files using dot-naming convention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan PR #13182
YanHaidao
added a commit
to YanHaidao/clawdbot
that referenced
this pull request
Feb 10, 2026
* 'main' of github.com:YanHaidao/clawdbot: (94 commits) fix(auto-reply): prevent sender spoofing in group prompts Discord: add exec approval cleanup option (openclaw#13205) CI: extend stale timelines to be contributor-friendly (openclaw#13209) fix: enforce Discord agent component DM auth (openclaw#11254) (thanks @thedudeabidesai) refactor(security,config): split oversized files (openclaw#13182) Commands: add commands.allowFrom config CI: configure stale automation fix(signal): enforce mention gating for group messages (openclaw#13124) fix(ui): prioritize displayName over label in webchat session picker (openclaw#13108) Chore: add testflight auto-response Docker: include A2UI sources for bundle (openclaw#13114) fix: unify session maintenance and cron run pruning (openclaw#13083) docs: expand vulnerability reporting guidelines in SECURITY.md docs: add vulnerability reporting guidelines to CONTRIBUTING.md refactor: consolidate fetchWithTimeout into shared utility fix(memory): default batch embeddings to off Improve code analyzer for independent packages, CI: only run release-check on push to main fix(tools): correct Grok response parsing for xAI Responses API (openclaw#13049) chore(deps): update dependencies, remove hono pinning Update contributing, deduplicate more functions ...
Hansen1018
pushed a commit
to Hansen1018/openclaw
that referenced
this pull request
Feb 10, 2026
refactor(security,config): split oversized files using dot-naming convention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan PR openclaw#13182
michaelleone
pushed a commit
to michaelleone/openclaw
that referenced
this pull request
Feb 11, 2026
refactor(security,config): split oversized files using dot-naming convention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan PR openclaw#13182
Contributor
|
Why did this one get merged? schema.field-metadata.ts is unused duplicate data and there's a temp file with AI thinking in it... Please, guys, don't merge your own AI's slob without even looking at it. |
skyhawk14
pushed a commit
to skyhawk14/openclaw
that referenced
this pull request
Feb 13, 2026
refactor(security,config): split oversized files using dot-naming convention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan PR openclaw#13182
hughdidit
pushed a commit
to hughdidit/DAISy-Agency
that referenced
this pull request
Mar 1, 2026
refactor(security,config): split oversized files using dot-naming convention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan PR openclaw#13182 (cherry picked from commit f17c978)
This was referenced Mar 1, 2026
hughdidit
pushed a commit
to hughdidit/DAISy-Agency
that referenced
this pull request
Mar 3, 2026
refactor(security,config): split oversized files using dot-naming convention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan PR openclaw#13182 (cherry picked from commit f17c978) # Conflicts: # src/security/audit-extra.ts
zooqueen
pushed a commit
to hanzoai/bot
that referenced
this pull request
Mar 6, 2026
refactor(security,config): split oversized files using dot-naming convention - audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668) - schema.ts (1,114 LOC) -> schema (353) + field-metadata (729) - Add tmp-refactoring-strategy.md documenting Wave 1-4 plan PR openclaw#13182
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…vention
audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668)
schema.ts (1,114 LOC) -> schema (353) + field-metadata (729)
Add tmp-refactoring-strategy.md documenting Wave 1-4 plan
Greptile Overview
Greptile Summary
This PR splits two oversized modules into smaller dot-named files:
src/security/audit-extra.tsis converted into a small re-export barrel, the implementation moved intosrc/security/audit-extra.sync.ts(config-only checks) andsrc/security/audit-extra.async.ts(I/O-based checks).src/config/schema.tshas its large UI-hints metadata extracted intosrc/config/schema.field-metadata.tswhile keepingbuildConfigSchema()behavior inschema.ts.Overall this is a structural refactor intended to preserve behavior while improving maintainability and aligning with the repo’s dot-suffix module convention.
Confidence Score: 4/5
collectPluginsTrustFindingsnow reads fromprocess.envinstead of the injected env used by the audit runner, making outputs environment-dependent and breaking deterministic tests/configured behavior.