

























@@ -3,15 +3,12 @@ import { resolveSandboxToolPolicyForAgent } from "../agents/sandbox/tool-policy.
33import type { SandboxToolPolicy } from "../agents/sandbox/types.js";
44import { isToolAllowedByPolicies } from "../agents/tool-policy-match.js";
55import { resolveToolProfilePolicy } from "../agents/tool-policy.js";
6-import {
7-resolveAgentModelFallbackValues,
8-resolveAgentModelPrimaryValue,
9-} from "../config/model-input.js";
106import type { OpenClawConfig } from "../config/types.openclaw.js";
117import type { AgentToolsConfig } from "../config/types.tools.js";
128import { hasConfiguredInternalHooks } from "../hooks/configured.js";
139import { hasConfiguredWebSearchCredential } from "../plugins/web-search-credential-presence.js";
1410import { inferParamBFromIdOrName } from "../shared/model-param-b.js";
11+import { collectAuditModelRefs } from "./audit-model-refs.js";
1512import { pickSandboxToolPolicy } from "./audit-tool-policy.js";
16131714export type SecurityAuditFinding = {
@@ -24,8 +21,6 @@ export type SecurityAuditFinding = {
24212522const SMALL_MODEL_PARAM_B_MAX = 300;
262327-type ModelRef = { id: string; source: string };
28-2924function summarizeGroupPolicy(cfg: OpenClawConfig): {
3025open: number;
3126allowlist: number;
@@ -55,59 +50,6 @@ function summarizeGroupPolicy(cfg: OpenClawConfig): {
5550return { open, allowlist, other };
5651}
575258-function addModel(models: ModelRef[], raw: unknown, source: string) {
59-if (typeof raw !== "string") {
60-return;
61-}
62-const id = raw.trim();
63-if (!id) {
64-return;
65-}
66-models.push({ id, source });
67-}
68-69-function collectModels(cfg: OpenClawConfig): ModelRef[] {
70-const out: ModelRef[] = [];
71-addModel(
72-out,
73-resolveAgentModelPrimaryValue(cfg.agents?.defaults?.model),
74-"agents.defaults.model.primary",
75-);
76-for (const fallback of resolveAgentModelFallbackValues(cfg.agents?.defaults?.model)) {
77-addModel(out, fallback, "agents.defaults.model.fallbacks");
78-}
79-addModel(
80-out,
81-resolveAgentModelPrimaryValue(cfg.agents?.defaults?.imageModel),
82-"agents.defaults.imageModel.primary",
83-);
84-for (const fallback of resolveAgentModelFallbackValues(cfg.agents?.defaults?.imageModel)) {
85-addModel(out, fallback, "agents.defaults.imageModel.fallbacks");
86-}
87-88-const list = Array.isArray(cfg.agents?.list) ? cfg.agents?.list : [];
89-for (const agent of list ?? []) {
90-if (!agent || typeof agent !== "object") {
91-continue;
92-}
93-const id =
94-typeof (agent as { id?: unknown }).id === "string" ? (agent as { id: string }).id : "";
95-const model = (agent as { model?: unknown }).model;
96-if (typeof model === "string") {
97-addModel(out, model, `agents.list.${id}.model`);
98-} else if (model && typeof model === "object") {
99-addModel(out, (model as { primary?: unknown }).primary, `agents.list.${id}.model.primary`);
100-const fallbacks = (model as { fallbacks?: unknown }).fallbacks;
101-if (Array.isArray(fallbacks)) {
102-for (const fallback of fallbacks) {
103-addModel(out, fallback, `agents.list.${id}.model.fallbacks`);
104-}
105-}
106-}
107-}
108-return out;
109-}
110-11153function extractAgentIdFromSource(source: string): string | null {
11254const match = source.match(/^agents\.list\.([^.]*)\./);
11355return match?.[1] ?? null;
@@ -210,7 +152,9 @@ export function collectSmallModelRiskFindings(params: {
210152env: NodeJS.ProcessEnv;
211153}): SecurityAuditFinding[] {
212154const findings: SecurityAuditFinding[] = [];
213-const models = collectModels(params.cfg).filter((entry) => !entry.source.includes("imageModel"));
155+const models = collectAuditModelRefs(params.cfg).filter(
156+(entry) => !entry.source.includes("imageModel"),
157+);
214158if (models.length === 0) {
215159return findings;
216160}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。