Skip to content

Cherry-pick batch: Security hardening (2/2) (7 commits)#1957

Merged
alexey-pelykh merged 6 commits intomainfrom
staging/cherry-pick-1868
Mar 24, 2026
Merged

Cherry-pick batch: Security hardening (2/2) (7 commits)#1957
alexey-pelykh merged 6 commits intomainfrom
staging/cherry-pick-1868

Conversation

@alexey-pelykh
Copy link
Copy Markdown

@alexey-pelykh alexey-pelykh commented Mar 24, 2026

Cherry-pick batch from upstream

Issue: #1868
Commits: 4 cherry-picked, 3 skipped (empty after fork-aware resolution)

# Hash Subject Result
1 c1733d700d test: merge audit sandbox docker danger cases RESOLVED
2 c42cb1ca66 refactor: audit synology dangerous name matching RESOLVED
3 d2a36d0a98 refactor: share small test harness helpers RESOLVED
4 d9fb1e0e45 test: dedupe acp startup test harness SKIPPED
5 e4c61723cd ACP: fail closed on conflicting tool identity hints (openclaw#46817) RESOLVED
6 ef53926542 test: merge audit install metadata cases SKIPPED
7 fb4b6eef03 test: merge audit code safety failure cases SKIPPED

Closes #1868

🤖 Generated with Claude Code

steipete and others added 5 commits March 24, 2026 01:00
@steipete @alexey-pelykh
test: merge audit sandbox docker danger cases
a20c915 
(cherry picked from commit c1733d7)
@steipete @alexey-pelykh
refactor: audit synology dangerous name matching
022e455 
(cherry picked from commit c42cb1c)
@steipete @alexey-pelykh
refactor: share small test harness helpers
25ca904 
(cherry picked from commit d2a36d0)
@vincentkoc @alexey-pelykh
ACP: fail closed on conflicting tool identity hints (openclaw#46817)
1458f60 
* ACP: fail closed on conflicting tool identity hints

* ACP: restore rawInput fallback for safe tool resolution

* ACP tests: cover rawInput-only safe tool approval

(cherry picked from commit e4c6172)
@alexey-pelykh @claude
fix: adapt cherry-picks for fork TS strictness
7e9aeed 
- Add inspectAccount to stubChannelPlugin params type for synology-chat
- Replace OpenClawConfig with RemoteClawConfig in synology test cases
- Replace runChannelSecurityAudit with runSecurityAudit (fork API)

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@alexey-pelykh alexey-pelykh enabled auto-merge (squash) March 24, 2026 00:20
@alexey-pelykh @claude
fix: adapt sandbox docker test for fork-stubbed detection functions
141eb0a 
Fork stubs isDangerousNetworkMode and getBlockedBindReason, so only
seccomp/apparmor profile checks are active. Simplify test to match.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@alexey-pelykh alexey-pelykh merged commit 661db3b into main Mar 24, 2026
7 checks passed
@alexey-pelykh alexey-pelykh deleted the staging/cherry-pick-1868 branch March 24, 2026 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cherry-pick: Security hardening (2/2) (7 commits)

3 participants

@alexey-pelykh @steipete @vincentkoc