fix(daemon): normalise whitespace in checkTokenDrift to prevent false-positive token-mismatch warning#26656
Closed
byungsker wants to merge 1 commit intoopenclaw:mainfrom
Closed
Conversation
…-positive token-mismatch warning Service-file parsers (systemd EnvironmentFile, launchd plist) can return environment-variable values with trailing newlines or spaces, causing checkTokenDrift to report 'Config token differs from service token' even though the two tokens are logically identical. Two-part fix: - service-audit.ts: trim both serviceToken and configToken before comparing inside checkTokenDrift so the function is robust regardless of how callers obtain the raw values - lifecycle-core.ts: also add .trim() at the call site for defence-in-depth (mirrors the existing trim already applied in auditGatewayServiceConfig) Two new test cases cover the whitespace edge cases. Fixes openclaw#26624
openclaw-barnacle
bot
added
gateway
|
This pull request has been automatically marked as stale due to inactivity. |
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as spam.
|
Closing this PR because the author has more than 10 active PRs in this repo. Please reduce the active PR queue and reopen or resubmit once it is back under the limit. You can close your own PRs to get back under the limit. |
Merged
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
openclaw gateway restartshows:…even when the two token values are identical.
Root Cause
checkTokenDriftcomparesserviceToken !== configTokenas raw strings. Service-file parsers on Linux (systemdEnvironmentFile/Environment=) and macOS (launchd plist) can return environment-variable values with trailing newlines or spaces. The config token goes throughtrimToUndefined()insideresolveGatewayCredentialsFromConfig, but the service token extracted inlifecycle-core.tsat line 282 was passed without.trim():So
"abc123\n" !== "abc123"→ false-positive drift detected.Fix
Two changes:
service-audit.ts: trim both sides insidecheckTokenDriftitself, making the function robust regardless of how callers supply the raw values.lifecycle-core.ts: add.trim()at the extraction site for defence-in-depth (mirrors the existing trim already present inauditGatewayServiceConfigat line 215).Tests
Two new test cases in
service-audit.test.ts:"same-token\n"vs"same-token"→null(no drift) ✅" same-token "vs"same-token"→null(no drift) ✅All 24 daemon-cli and service-audit tests pass.
Fixes #26624
Greptile Summary
Fixed false-positive token-mismatch warning in
openclaw gateway restartby normalizing whitespace in token comparison. Service-file parsers (systemdEnvironmentFile, launchd plist) can inject trailing newlines or spaces into environment variable values, causing identical tokens to appear different when compared as raw strings..trim()to service token extraction inlifecycle-core.ts:282for defense-in-depthcheckTokenDriftinservice-audit.tsto normalize both tokens before comparison using.trim() || undefinedpatternConfidence Score: 5/5
.trim()calls to normalize whitespace in token comparison, includes two new test cases covering the specific edge cases (trailing newlines and surrounding spaces), and follows the existing pattern already used elsewhere in the codebase (auditGatewayTokenat line 215). The change is defensive, backward-compatible, and directly addresses the reported false-positive warning without introducing new behavior.Last reviewed commit: da16723