fix(infra): block BROWSER, GIT_EDITOR, GIT_SEQUENCE_EDITOR from inherited host env#1
Closed
pgondhi987 wants to merge 312 commits intomainfrom
Closed
fix(infra): block BROWSER, GIT_EDITOR, GIT_SEQUENCE_EDITOR from inherited host env#1pgondhi987 wants to merge 312 commits intomainfrom
pgondhi987 wants to merge 312 commits intomainfrom
Conversation
Merged via squash. Prepared head SHA: 7c45542 Co-authored-by: mbelinky <[email protected]> Co-authored-by: mbelinky <[email protected]> Reviewed-by: @mbelinky
Merged via squash. Prepared head SHA: 8db9b86 Co-authored-by: mbelinky <[email protected]> Co-authored-by: mbelinky <[email protected]> Reviewed-by: @mbelinky
…openperf) * fix(gateway): skip local workdir resolution for remote node execution * chore: add inline comment for non-obvious node workdir skip * fix: preserve node exec cwd on remote hosts (openclaw#50961) (thanks @openperf) --------- Co-authored-by: Ayaan Zaidi <[email protected]>
…nclaw#55632) (thanks @openperf) * fix(agents): preserve original task prompt on model fallback for new sessions * fix(agents): use dynamic transcript check for sessionHasHistory on fallback retry Address Greptile review feedback: replace the static !isNewSession flag with a dynamic sessionFileHasContent() check that reads the on-disk transcript before each fallback retry. This correctly handles the edge case where the primary model completes at least one assistant-response turn (flushing the user message to disk) before failing - the fallback now sends the recovery prompt instead of duplicating the original body. The !isNewSession short-circuit is kept as a fast path so existing sessions skip the file read entirely. * fix(agents): address security vulnerabilities in session fallback logic Fixes three medium-severity security issues identified by Aisle Security Analysis on PR openclaw#55632: - CWE-400: Unbounded session transcript read in sessionFileHasContent() - CWE-400: Symlink-following in sessionFileHasContent() - CWE-201: Sensitive prompt replay to a different fallback provider * fix(agents): use JSONL parsing for session history detection (CWE-703) Replace bounded byte-prefix substring matching in sessionFileHasContent() with line-by-line JSONL record parsing. The previous approach could miss an assistant message when the preceding user content exceeded the 256KB read limit, causing a false negative that blocks cross-provider fallback entirely. * fix(agents): preserve fallback prompt across providers --------- Co-authored-by: Ayaan Zaidi <[email protected]>
…thomasxm) * fix: canonicalize session keys at write time to prevent orphaned sessions (openclaw#29683) resolveSessionKey() uses hardcoded DEFAULT_AGENT_ID="main", but all read paths canonicalize via cfg. When the configured default agent differs (e.g. "ops" with mainKey "work"), writes produce "agent:main:main" while reads look up "agent:ops:work", orphaning transcripts on every restart. Fix all three write-path call sites by wrapping with canonicalizeMainSessionAlias: - initSessionState (auto-reply/reply/session.ts) - runWebHeartbeatOnce (web/auto-reply/heartbeat-runner.ts) - resolveCronAgentSessionKey (cron/isolated-agent/session-key.ts) Add startup migration (migrateOrphanedSessionKeys) to rename existing orphaned keys to canonical form, merging by most-recent updatedAt. * fix: address review — track agent IDs in migration map, align snapshot key P1: migrateOrphanedSessionKeys now tracks agentId alongside each store path in a Map instead of inferring from the filesystem path. This correctly handles custom session.store templates outside the default agents/<id>/ layout. P2: Pass the already-canonicalized sessionKey to getSessionSnapshot so the heartbeat snapshot reads/restores use the same key as the write path. * fix: log migration results at all early return points migrateOrphanedSessionKeys runs before detectLegacyStateMigrations, so it can canonicalize legacy keys (e.g. "main" → "agent:main:main") before the legacy detector sees them. This caused the early return path to skip logging, breaking doctor-state-migrations tests that assert log.info was called. Extract logMigrationResults helper and call it at every return point. * fix: handle shared stores and ~ expansion in migration P1: When session.store has no {agentId}, all agents resolve to the same file. Track all agentIds per store path (Map<path, Set<id>>) and run canonicalization once per agent. Skip cross-agent "agent:main:*" remapping when "main" is a legitimate configured agent sharing the store, to avoid merging its data into another agent's namespace. P2: Use expandHomePrefix (environment-aware ~ resolution) instead of os.homedir() in resolveStorePathFromTemplate, matching the runtime resolveStorePath behavior for OPENCLAW_HOME/HOME overrides. * fix: narrow cross-agent remap to provable orphan aliases only Only remap agent:main:* keys where the suffix is a main session alias ("main" or the configured mainKey). Other agent:main:* keys — hooks, subagents, cron sessions, per-sender keys — may be intentional cross-agent references and must not be silently moved into another agent's namespace. * fix: run orphan-key session migration at gateway startup (openclaw#29683) * fix: canonicalize cross-agent legacy main aliases in session keys (openclaw#29683) * fix: guard shared-store migration against cross-agent legacy alias remap (openclaw#29683) * refactor: split session-key migration out of pr 30654 --------- Co-authored-by: Your Name <[email protected]> Co-authored-by: Ayaan Zaidi <[email protected]>
…int warning (openclaw#53298) Merged via squash. Prepared head SHA: 6f5813f Co-authored-by: keithce <[email protected]> Co-authored-by: gumadeiras <[email protected]> Reviewed-by: @gumadeiras
* fix(ios): mark activitykit import as preconcurrency * fix: note iOS ActivityKit preconcurrency build fix (openclaw#57180) (thanks @ngutman)
…ions (openclaw#57226) Wire the shared resolveReactionMessageId helper into the WhatsApp channel adapter, matching the pattern already used by Telegram, Signal, and Discord. The model can now react to the current inbound message without explicitly providing a messageId. Safety guards: - Only falls back to context when the source is WhatsApp - Suppresses fallback when targeting a different chat (normalized comparison) - Throws ToolInputError (400) instead of plain Error (500) when messageId is missing, preserving gateway error mapping
* fix: harden clawhub plugin publishing and install * fix(process): preserve windows shim exit success
…, await server close
openclaw#53604) Merged via squash. Prepared head SHA: 818d437 Co-authored-by: Qinsam <[email protected]> Co-authored-by: mukhtharcm <[email protected]> Reviewed-by: @mukhtharcm
Problem: When LLM stops responding, the agent hangs for ~5 minutes with no feedback. Users had to use /stop to recover. Solution: Add idle timeout detection for LLM streaming responses.
…7361) * feat(tasks): move task ledger to sqlite * feat(tasks): add task run audit command * style(tasks): normalize audit command formatting * fix(tasks): address audit summary and sqlite perms * fix(tasks): avoid duplicate lost audit findings
* feat(openai): forward text verbosity across responses transports * fix(openai): remove stale verbosity rebase artifact * chore(changelog): add openai text verbosity entry --------- Co-authored-by: Ubuntu <[email protected]> Co-authored-by: Vincent Koc <[email protected]>
* fix(memory): add qmd mcporter search tool override * fix(memory): tighten qmd search tool override guards * chore(config): drop generated docs baselines from qmd pr * fix(memory): keep explicit qmd query override on v2 args * docs(changelog): normalize qmd search tool attribution * fix(memory): reuse v1 qmd tool after query fallback
* feat(tasks): add status health and maintenance command * fix(tasks): address status and maintenance review feedback
* feat(tasks): harden maintenance repair paths * fix(tasks): address follow-up maintenance review comments
Owner
Author
|
Closing — re-opening against upstream openclaw/openclaw. |
pgondhi987
pushed a commit
that referenced
this pull request
Mar 31, 2026
* feat: add QQ Bot channel extension * fix(qqbot): add setupWizard to runtime plugin for onboard re-entry * fix: fix review * fix: fix review * chore: sync lockfile and config-docs baseline for qqbot extension * refactor: 移除图床服务器相关代码 * fix * docs: 新增 QQ Bot 插件文档并修正链接路径 * refactor: remove credential backup functionality and update setup logic - Deleted the credential backup module to streamline the codebase. - Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs. - Simplified slash commands by removing unused hot upgrade compatibility checks and related functions. - Adjusted types to use SecretInput for client secrets in QQBot configuration. - Modified bundled plugin metadata to allow additional properties in the config schema. * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup - Deleted the qqbot-media and qqbot-remind skills documentation files. - Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations. - Implemented tests for local media path remapping, verifying correct resolution of media file paths. - Removed obsolete channel and remind tools, streamlining the codebase. * feat: 更新 QQBot 配置模式,添加音频格式和账户定义 * feat: 添加 QQBot 频道管理和定时提醒技能,更新媒体路径解析功能 * fix * feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引 * feat: update reminder and qq channel skills * feat: 更新remind工具投递目标地址格式 * feat: Refactor QQBot payload handling and improve code documentation - Simplified and clarified the structure of payload interfaces for Cron reminders and media messages. - Enhanced the parsing function to provide clearer error messages and improved validation. - Updated platform utility functions for better cross-platform compatibility and clearer documentation. - Improved text parsing utilities for better readability and consistency in emoji representation. - Optimized upload cache management with clearer comments and reduced redundancy. - Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation. * OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift > [email protected] check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw > node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check [bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts ELIFECYCLE Command failed with exit code 1. ELIFECYCLE Command failed with exit code 1. * feat: 添加 QQBot 渠道配置及相关账户设置 * fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review DM routing (7 fixes): - #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId) - openclaw#2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId} - openclaw#3: sendTextChunks adds DM branch - openclaw#4: sendMarkdownReply adds DM branch for text and Base64 images - openclaw#5: parseAndSendMediaTags maps DM to targetType:dm + guildId - openclaw#6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field - openclaw#7: handleImage/Audio/Video/FilePayload add DM branches Other high-priority fixes: - openclaw#8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment - openclaw#9: broadcastMessage uses groupOpenid instead of member_openid for group users - openclaw#10: Unify KnownUser storage - proactive.ts delegates to known-users.ts - openclaw#11: Remove invalid recordKnownUser calls for guild/DM users - openclaw#12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook - openclaw#13: sendPhoto channel unsupported returns error field - openclaw#14: sendTextAfterMedia adds channel and dm branches Type fixes: - DeliverEventContext adds guildId field - MediaTargetContext.targetType adds dm variant - sendPlainTextReply imgMediaTarget adds DM branch * fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review Blocker-1: Remove unused dmPolicy config knob - dmPolicy was declared in schema/types/plugin.json but never consumed at runtime - Removed from config-schema.ts, types.ts, and openclaw.plugin.json - allowFrom remains active (already wired into framework command-auth) Blocker-2: Gate sensitive slash commands with allowFrom authorization - SlashCommand interface adds requireAuth?: boolean - SlashCommandContext adds commandAuthorized: boolean - /bot-logs set to requireAuth: true (reads local log files) - matchSlashCommand rejects unauthorized senders for requireAuth commands - trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config Medium-priority fixes: - openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage - openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa - openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal - openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match - openclaw#19: isCronExpression validates each token starts with a cron-valid character - openclaw#20: --token format validation rejects malformed input without colon separator - openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable * test(qqbot): add focused tests for slash command authorization path - Unauthorized sender rejected for /bot-logs (requireAuth: true) - Authorized sender allowed for /bot-logs - Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders - Unknown slash commands return null (passthrough) - Non-slash messages return null - Usage query (/bot-logs ?) also gated by auth check * fix(qqbot): align global TTS fallback with framework config resolution - Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core resolveTtsConfig logic: check auto !== 'off', fall back to legacy enabled boolean, default to off when neither is set. - Add pre-check in reply-dispatcher before calling globalTextToSpeech to avoid unnecessary TTS calls and noisy error logs when TTS is not configured. - Remove inline as any casts; use OpenClawConfig type throughout. - Refactor handleAudioPayload into flat early-return structure with unified send path (plugin TTS → global fallback → send). * fix(qqbot): break ESM circular dependency causing multi-account startup crash The bundled gateway chunk had a circular static import on the channel chunk (gateway -> outbound-deliver -> channel, while channel dynamically imports gateway). When two accounts start concurrently via Promise.all, the first dynamic import triggers module graph evaluation; the circular reference causes api exports (including runDiagnostics) to resolve as undefined before the module finishes evaluating. Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new text-utils.ts leaf module. outbound-deliver.ts now imports from text-utils.ts, breaking the cycle. channel.ts re-exports for backward compatibility. * fix(qqbot): serialize gateway module import to prevent multi-account startup race When multiple accounts start concurrently via Promise.all, each calls await import('./gateway.js') independently. Due to ESM circular dependencies in the bundled output, the first import can resolve transitive exports as undefined before module evaluation completes. Fix: cache the dynamic import promise in a module-level variable so all concurrent startAccount calls share the same import, ensuring the gateway module is fully evaluated before any account uses it. * refactor(qqbot): remove startup greeting logic Remove getStartupGreetingPlan and related startup greeting delivery: - Delete startup-greeting.ts (greeting plan, marker persistence) - Delete admin-resolver.ts (admin resolution, greeting dispatch) - Remove startup greeting calls from gateway READY/RESUMED handlers - Remove isFirstReadyGlobal flag and adminCtx * fix(qqbot): skip octal escape decoding for Windows local paths Windows paths like C:\Users\1\file.txt contain backslash-digit sequences that were incorrectly matched as octal escape sequences and decoded, corrupting the file path. Detect Windows local paths (drive letter or UNC prefix) and skip the octal decoding step for them. * fix bot issue * feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile * docs: 添加 QQBot 配置和消息处理的设计说明 * rebase * fix(qqbot): align slash-command auth with shared command-auth model Route requireAuth:true slash commands (e.g. /bot-logs) through the framework's api.registerCommand() so resolveCommandAuthorization() applies commands.allowFrom.qqbot precedence and qqbot: prefix normalization before any handler runs. - slash-commands.ts: registerCommand() now auto-routes by requireAuth into two maps (commands / frameworkCommands); getFrameworkCommands() exports the auth-required set for framework registration; bot-help lists both maps - index.ts: registerFull() iterates getFrameworkCommands() and calls api.registerCommand() for each; handler derives msgType from ctx.from, sends file attachments via sendDocument, supports multi-account via ctx.accountId - gateway.ts (inbound): replace raw allowFrom string comparison with qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and uppercase before matching event.senderId - gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized is true (requireAuth:true commands never reach matchSlashCommand) - command-auth.test.ts: add regression tests for qqbot: prefix normalization in the inbound commandAuthorized computation - slash-commands.test.ts: update /bot-logs tests to expect null (command routed to framework, not in local registry) * rebase and solve conflict * fix(qqbot): preserve mixed env setup credentials --------- Co-authored-by: yuehuali <[email protected]> Co-authored-by: walli <[email protected]> Co-authored-by: WideLee <[email protected]> Co-authored-by: Frank Yang <[email protected]>
pgondhi987
pushed a commit
that referenced
this pull request
Mar 31, 2026
* feat: add QQ Bot channel extension * fix(qqbot): add setupWizard to runtime plugin for onboard re-entry * fix: fix review * fix: fix review * chore: sync lockfile and config-docs baseline for qqbot extension * refactor: 移除图床服务器相关代码 * fix * docs: 新增 QQ Bot 插件文档并修正链接路径 * refactor: remove credential backup functionality and update setup logic - Deleted the credential backup module to streamline the codebase. - Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs. - Simplified slash commands by removing unused hot upgrade compatibility checks and related functions. - Adjusted types to use SecretInput for client secrets in QQBot configuration. - Modified bundled plugin metadata to allow additional properties in the config schema. * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup - Deleted the qqbot-media and qqbot-remind skills documentation files. - Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations. - Implemented tests for local media path remapping, verifying correct resolution of media file paths. - Removed obsolete channel and remind tools, streamlining the codebase. * feat: 更新 QQBot 配置模式,添加音频格式和账户定义 * feat: 添加 QQBot 频道管理和定时提醒技能,更新媒体路径解析功能 * fix * feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引 * feat: update reminder and qq channel skills * feat: 更新remind工具投递目标地址格式 * feat: Refactor QQBot payload handling and improve code documentation - Simplified and clarified the structure of payload interfaces for Cron reminders and media messages. - Enhanced the parsing function to provide clearer error messages and improved validation. - Updated platform utility functions for better cross-platform compatibility and clearer documentation. - Improved text parsing utilities for better readability and consistency in emoji representation. - Optimized upload cache management with clearer comments and reduced redundancy. - Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation. * OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift > [email protected] check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw > node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check [bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts ELIFECYCLE Command failed with exit code 1. ELIFECYCLE Command failed with exit code 1. * feat: 添加 QQBot 渠道配置及相关账户设置 * fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review DM routing (7 fixes): - #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId) - openclaw#2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId} - openclaw#3: sendTextChunks adds DM branch - openclaw#4: sendMarkdownReply adds DM branch for text and Base64 images - openclaw#5: parseAndSendMediaTags maps DM to targetType:dm + guildId - openclaw#6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field - openclaw#7: handleImage/Audio/Video/FilePayload add DM branches Other high-priority fixes: - openclaw#8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment - openclaw#9: broadcastMessage uses groupOpenid instead of member_openid for group users - openclaw#10: Unify KnownUser storage - proactive.ts delegates to known-users.ts - openclaw#11: Remove invalid recordKnownUser calls for guild/DM users - openclaw#12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook - openclaw#13: sendPhoto channel unsupported returns error field - openclaw#14: sendTextAfterMedia adds channel and dm branches Type fixes: - DeliverEventContext adds guildId field - MediaTargetContext.targetType adds dm variant - sendPlainTextReply imgMediaTarget adds DM branch * fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review Blocker-1: Remove unused dmPolicy config knob - dmPolicy was declared in schema/types/plugin.json but never consumed at runtime - Removed from config-schema.ts, types.ts, and openclaw.plugin.json - allowFrom remains active (already wired into framework command-auth) Blocker-2: Gate sensitive slash commands with allowFrom authorization - SlashCommand interface adds requireAuth?: boolean - SlashCommandContext adds commandAuthorized: boolean - /bot-logs set to requireAuth: true (reads local log files) - matchSlashCommand rejects unauthorized senders for requireAuth commands - trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config Medium-priority fixes: - openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage - openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa - openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal - openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match - openclaw#19: isCronExpression validates each token starts with a cron-valid character - openclaw#20: --token format validation rejects malformed input without colon separator - openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable * test(qqbot): add focused tests for slash command authorization path - Unauthorized sender rejected for /bot-logs (requireAuth: true) - Authorized sender allowed for /bot-logs - Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders - Unknown slash commands return null (passthrough) - Non-slash messages return null - Usage query (/bot-logs ?) also gated by auth check * fix(qqbot): align global TTS fallback with framework config resolution - Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core resolveTtsConfig logic: check auto !== 'off', fall back to legacy enabled boolean, default to off when neither is set. - Add pre-check in reply-dispatcher before calling globalTextToSpeech to avoid unnecessary TTS calls and noisy error logs when TTS is not configured. - Remove inline as any casts; use OpenClawConfig type throughout. - Refactor handleAudioPayload into flat early-return structure with unified send path (plugin TTS → global fallback → send). * fix(qqbot): break ESM circular dependency causing multi-account startup crash The bundled gateway chunk had a circular static import on the channel chunk (gateway -> outbound-deliver -> channel, while channel dynamically imports gateway). When two accounts start concurrently via Promise.all, the first dynamic import triggers module graph evaluation; the circular reference causes api exports (including runDiagnostics) to resolve as undefined before the module finishes evaluating. Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new text-utils.ts leaf module. outbound-deliver.ts now imports from text-utils.ts, breaking the cycle. channel.ts re-exports for backward compatibility. * fix(qqbot): serialize gateway module import to prevent multi-account startup race When multiple accounts start concurrently via Promise.all, each calls await import('./gateway.js') independently. Due to ESM circular dependencies in the bundled output, the first import can resolve transitive exports as undefined before module evaluation completes. Fix: cache the dynamic import promise in a module-level variable so all concurrent startAccount calls share the same import, ensuring the gateway module is fully evaluated before any account uses it. * refactor(qqbot): remove startup greeting logic Remove getStartupGreetingPlan and related startup greeting delivery: - Delete startup-greeting.ts (greeting plan, marker persistence) - Delete admin-resolver.ts (admin resolution, greeting dispatch) - Remove startup greeting calls from gateway READY/RESUMED handlers - Remove isFirstReadyGlobal flag and adminCtx * fix(qqbot): skip octal escape decoding for Windows local paths Windows paths like C:\Users\1\file.txt contain backslash-digit sequences that were incorrectly matched as octal escape sequences and decoded, corrupting the file path. Detect Windows local paths (drive letter or UNC prefix) and skip the octal decoding step for them. * fix bot issue * feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile * docs: 添加 QQBot 配置和消息处理的设计说明 * rebase * fix(qqbot): align slash-command auth with shared command-auth model Route requireAuth:true slash commands (e.g. /bot-logs) through the framework's api.registerCommand() so resolveCommandAuthorization() applies commands.allowFrom.qqbot precedence and qqbot: prefix normalization before any handler runs. - slash-commands.ts: registerCommand() now auto-routes by requireAuth into two maps (commands / frameworkCommands); getFrameworkCommands() exports the auth-required set for framework registration; bot-help lists both maps - index.ts: registerFull() iterates getFrameworkCommands() and calls api.registerCommand() for each; handler derives msgType from ctx.from, sends file attachments via sendDocument, supports multi-account via ctx.accountId - gateway.ts (inbound): replace raw allowFrom string comparison with qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and uppercase before matching event.senderId - gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized is true (requireAuth:true commands never reach matchSlashCommand) - command-auth.test.ts: add regression tests for qqbot: prefix normalization in the inbound commandAuthorized computation - slash-commands.test.ts: update /bot-logs tests to expect null (command routed to framework, not in local registry) * rebase and solve conflict * fix(qqbot): preserve mixed env setup credentials --------- Co-authored-by: yuehuali <[email protected]> Co-authored-by: walli <[email protected]> Co-authored-by: WideLee <[email protected]> Co-authored-by: Frank Yang <[email protected]>
pgondhi987
pushed a commit
that referenced
this pull request
Mar 31, 2026
* feat: add QQ Bot channel extension * fix(qqbot): add setupWizard to runtime plugin for onboard re-entry * fix: fix review * fix: fix review * chore: sync lockfile and config-docs baseline for qqbot extension * refactor: 移除图床服务器相关代码 * fix * docs: 新增 QQ Bot 插件文档并修正链接路径 * refactor: remove credential backup functionality and update setup logic - Deleted the credential backup module to streamline the codebase. - Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs. - Simplified slash commands by removing unused hot upgrade compatibility checks and related functions. - Adjusted types to use SecretInput for client secrets in QQBot configuration. - Modified bundled plugin metadata to allow additional properties in the config schema. * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup - Deleted the qqbot-media and qqbot-remind skills documentation files. - Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations. - Implemented tests for local media path remapping, verifying correct resolution of media file paths. - Removed obsolete channel and remind tools, streamlining the codebase. * feat: 更新 QQBot 配置模式,添加音频格式和账户定义 * feat: 添加 QQBot 频道管理和定时提醒技能,更新媒体路径解析功能 * fix * feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引 * feat: update reminder and qq channel skills * feat: 更新remind工具投递目标地址格式 * feat: Refactor QQBot payload handling and improve code documentation - Simplified and clarified the structure of payload interfaces for Cron reminders and media messages. - Enhanced the parsing function to provide clearer error messages and improved validation. - Updated platform utility functions for better cross-platform compatibility and clearer documentation. - Improved text parsing utilities for better readability and consistency in emoji representation. - Optimized upload cache management with clearer comments and reduced redundancy. - Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation. * OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift > [email protected] check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw > node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check [bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts ELIFECYCLE Command failed with exit code 1. ELIFECYCLE Command failed with exit code 1. * feat: 添加 QQBot 渠道配置及相关账户设置 * fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review DM routing (7 fixes): - #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId) - openclaw#2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId} - openclaw#3: sendTextChunks adds DM branch - openclaw#4: sendMarkdownReply adds DM branch for text and Base64 images - openclaw#5: parseAndSendMediaTags maps DM to targetType:dm + guildId - openclaw#6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field - openclaw#7: handleImage/Audio/Video/FilePayload add DM branches Other high-priority fixes: - openclaw#8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment - openclaw#9: broadcastMessage uses groupOpenid instead of member_openid for group users - openclaw#10: Unify KnownUser storage - proactive.ts delegates to known-users.ts - openclaw#11: Remove invalid recordKnownUser calls for guild/DM users - openclaw#12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook - openclaw#13: sendPhoto channel unsupported returns error field - openclaw#14: sendTextAfterMedia adds channel and dm branches Type fixes: - DeliverEventContext adds guildId field - MediaTargetContext.targetType adds dm variant - sendPlainTextReply imgMediaTarget adds DM branch * fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review Blocker-1: Remove unused dmPolicy config knob - dmPolicy was declared in schema/types/plugin.json but never consumed at runtime - Removed from config-schema.ts, types.ts, and openclaw.plugin.json - allowFrom remains active (already wired into framework command-auth) Blocker-2: Gate sensitive slash commands with allowFrom authorization - SlashCommand interface adds requireAuth?: boolean - SlashCommandContext adds commandAuthorized: boolean - /bot-logs set to requireAuth: true (reads local log files) - matchSlashCommand rejects unauthorized senders for requireAuth commands - trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config Medium-priority fixes: - openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage - openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa - openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal - openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match - openclaw#19: isCronExpression validates each token starts with a cron-valid character - openclaw#20: --token format validation rejects malformed input without colon separator - openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable * test(qqbot): add focused tests for slash command authorization path - Unauthorized sender rejected for /bot-logs (requireAuth: true) - Authorized sender allowed for /bot-logs - Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders - Unknown slash commands return null (passthrough) - Non-slash messages return null - Usage query (/bot-logs ?) also gated by auth check * fix(qqbot): align global TTS fallback with framework config resolution - Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core resolveTtsConfig logic: check auto !== 'off', fall back to legacy enabled boolean, default to off when neither is set. - Add pre-check in reply-dispatcher before calling globalTextToSpeech to avoid unnecessary TTS calls and noisy error logs when TTS is not configured. - Remove inline as any casts; use OpenClawConfig type throughout. - Refactor handleAudioPayload into flat early-return structure with unified send path (plugin TTS → global fallback → send). * fix(qqbot): break ESM circular dependency causing multi-account startup crash The bundled gateway chunk had a circular static import on the channel chunk (gateway -> outbound-deliver -> channel, while channel dynamically imports gateway). When two accounts start concurrently via Promise.all, the first dynamic import triggers module graph evaluation; the circular reference causes api exports (including runDiagnostics) to resolve as undefined before the module finishes evaluating. Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new text-utils.ts leaf module. outbound-deliver.ts now imports from text-utils.ts, breaking the cycle. channel.ts re-exports for backward compatibility. * fix(qqbot): serialize gateway module import to prevent multi-account startup race When multiple accounts start concurrently via Promise.all, each calls await import('./gateway.js') independently. Due to ESM circular dependencies in the bundled output, the first import can resolve transitive exports as undefined before module evaluation completes. Fix: cache the dynamic import promise in a module-level variable so all concurrent startAccount calls share the same import, ensuring the gateway module is fully evaluated before any account uses it. * refactor(qqbot): remove startup greeting logic Remove getStartupGreetingPlan and related startup greeting delivery: - Delete startup-greeting.ts (greeting plan, marker persistence) - Delete admin-resolver.ts (admin resolution, greeting dispatch) - Remove startup greeting calls from gateway READY/RESUMED handlers - Remove isFirstReadyGlobal flag and adminCtx * fix(qqbot): skip octal escape decoding for Windows local paths Windows paths like C:\Users\1\file.txt contain backslash-digit sequences that were incorrectly matched as octal escape sequences and decoded, corrupting the file path. Detect Windows local paths (drive letter or UNC prefix) and skip the octal decoding step for them. * fix bot issue * feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile * docs: 添加 QQBot 配置和消息处理的设计说明 * rebase * fix(qqbot): align slash-command auth with shared command-auth model Route requireAuth:true slash commands (e.g. /bot-logs) through the framework's api.registerCommand() so resolveCommandAuthorization() applies commands.allowFrom.qqbot precedence and qqbot: prefix normalization before any handler runs. - slash-commands.ts: registerCommand() now auto-routes by requireAuth into two maps (commands / frameworkCommands); getFrameworkCommands() exports the auth-required set for framework registration; bot-help lists both maps - index.ts: registerFull() iterates getFrameworkCommands() and calls api.registerCommand() for each; handler derives msgType from ctx.from, sends file attachments via sendDocument, supports multi-account via ctx.accountId - gateway.ts (inbound): replace raw allowFrom string comparison with qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and uppercase before matching event.senderId - gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized is true (requireAuth:true commands never reach matchSlashCommand) - command-auth.test.ts: add regression tests for qqbot: prefix normalization in the inbound commandAuthorized computation - slash-commands.test.ts: update /bot-logs tests to expect null (command routed to framework, not in local registry) * rebase and solve conflict * fix(qqbot): preserve mixed env setup credentials --------- Co-authored-by: yuehuali <[email protected]> Co-authored-by: walli <[email protected]> Co-authored-by: WideLee <[email protected]> Co-authored-by: Frank Yang <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
BROWSER,GIT_EDITOR,GIT_SEQUENCE_EDITOR) were missing from the always-strip blocklist, allowing them to be inherited from a hostile parent process environment.BROWSER,GIT_EDITOR, andGIT_SEQUENCE_EDITORtoblockedKeysinhost-env-security-policy.json(always-strip, not just override-blocked). Regenerated the Swift parity file. Extended unit tests and added a live exploit-regression test forGIT_SEQUENCE_EDITOR.blockedOverrideKeys,blockedOverridePrefixes,blockedPrefixes, the sanitization logic, or any call sites.Change Type (select all)
Scope (select all touched areas)
Linked Issue/PR
Root Cause / Regression History (if applicable)
BROWSER,GIT_EDITOR, andGIT_SEQUENCE_EDITORwere not listed inblockedKeysand so were passed through from the inherited environment to child processes.GIT_EXEC_PATH,GIT_EXTERNAL_DIFF,GIT_TEMPLATE_DIR, and theDYLD_/LD_prefix blocks.Regression Test Plan (if applicable)
src/infra/host-env-security.test.tsisDangerousHostEnvVarNameblocks all three keys case-insensitively; live exploit-regression test forGIT_SEQUENCE_EDITORviagit rebase -iconfirms the sanitizer prevents execution of a marker-writing payload.🤖 AI-assisted (Claude). Fully reviewed — changes understood. No GHSA references included per policy.