Fix/config restore baseline#75568
Conversation
Previously a failed copyFile during suspicious-read recovery was swallowed by a bare catch, still logged as 'Config auto-restored from backup', and the audit record was written with valid: true — making a silent failure look like success. Capture the error, log a distinct failure warning with the message, set valid to restoredFromBackup, and persist restoreErrorCode / restoreErrorMessage on the observe audit record for both async and sync paths.
Review follow-ups on openclaw#70515: add the parallel failure-injection test for maybeRecoverSuspiciousConfigReadSync so the sync path has the same coverage, and move the captured error message inside the suspicious- reason parentheses in the failure warning so the line no longer reads 'failed: <path> (...): <msg>' (double colon) — it now reads 'failed: <path> (..., <msg>)' with a single trailing colon after 'failed'.
openclaw-barnacle
Bot
added
size: S
triage: blank-template
|
Thanks for the context here. I swept through the related work, and this is now duplicate or superseded. Close as duplicate/superseded. The branch repeats the restore-copy audit/logging work from closed #70515, while open canonical PR #75441 already includes the same cherry-picked commits, broader config observe-recovery write-failure coverage, and the required changelog credit. So I’m closing this here and keeping the remaining discussion on the canonical linked item. Review detailsBest possible solution: Keep #75441 as the canonical path: it should land or be closed after maintainer review, because it carries this restore-copy audit fix with broader observe-recovery write-failure handling and changelog coverage. Do we have a high-confidence way to reproduce the issue? Yes. The failure path is reproducible by injecting copyFile/copyFileSync failure while a valid Is this the best way to solve the issue? No as a standalone PR. The safer maintainable solution is the canonical #75441 branch, which includes the same fix plus adjacent write-failure handling and release-note coverage. Security review: Security review cleared: The diff only changes config recovery logging/audit fields and tests; it does not add dependencies, workflow execution, permissions, network access, or secret-handling expansion. What I checked:
Likely related people:
Codex review notes: model gpt-5.5, reasoning high; reviewed against e8afaf512e87. |
1 participant
Summary
Describe the problem and fix in 2–5 bullets:
If this PR fixes a plugin beta-release blocker, title it
fix(<plugin-id>): beta blocker - <summary>and link the matchingBeta blocker: <plugin-name> - <summary>issue labeledbeta-blocker. Contributors cannot label PRs, so the title is the PR-side signal for maintainers and automation.Change Type (select all)
Scope (select all touched areas)
Linked Issue/PR
Root Cause (if applicable)
For bug fixes or regressions, explain why this happened, not just what changed. Otherwise write
N/A. If the cause is unclear, writeUnknown.Regression Test Plan (if applicable)
For bug fixes or regressions, name the smallest reliable test coverage that should catch this. Otherwise write
N/A.User-visible / Behavior Changes
List user-visible changes (including defaults/config).
If none, write
None.Diagram (if applicable)
For UI changes or non-trivial logic flows, include a small ASCII diagram reviewers can scan quickly. Otherwise write
N/A.Security Impact (required)
Yes/No)Yes/No)Yes/No)Yes/No)Yes/No)Yes, explain risk + mitigation:Repro + Verification
Environment
Steps
Expected
Actual
Evidence
Attach at least one:
Human Verification (required)
What you personally verified (not just CI), and how:
Review Conversations
If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.
Compatibility / Migration
Yes/No)Yes/No)Yes/No)Risks and Mitigations
List only real risks for this PR. Add/remove entries as needed. If none, write
None.