惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
Schneier on Security
Schneier on Security
T
Tor Project blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tenable Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Threat Research - Cisco Blogs
C
CERT Recently Published Vulnerability Notes
Security Latest
Security Latest
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
Scott Helme
Scott Helme
Webroot Blog
Webroot Blog
Project Zero
Project Zero
Google Online Security Blog
Google Online Security Blog
The Last Watchdog
The Last Watchdog
Spread Privacy
Spread Privacy
Hacker News: Ask HN
Hacker News: Ask HN
PCI Perspectives
PCI Perspectives
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
W
WeLiveSecurity
Attack and Defense Labs
Attack and Defense Labs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
N
News | PayPal Newsroom
Help Net Security
Help Net Security
The Hacker News
The Hacker News
H
Heimdal Security Blog
O
OpenAI News
S
Security @ Cisco Blogs
N
News and Events Feed by Topic
Cyberwarzone
Cyberwarzone
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 叶小钗
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
大猫的无限游戏
大猫的无限游戏
A
Arctic Wolf
I
Intezer
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Security Affairs
P
Proofpoint News Feed
S
Secure Thoughts
腾讯CDC
Google DeepMind News
Google DeepMind News
量子位
罗磊的独立博客

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
fix(outbound): reject reserved Telegram targets · openclaw/openclaw@56baf9d
2026-06-25 · via Recent Commits to openclaw:main
Original file line numberDiff line numberDiff line change

@@ -737,6 +737,9 @@ outbound host generic and use the messaging adapter surface for provider rules:

737737

should be treated as `direct`, `group`, or `channel` before directory lookup.

738738

- `messaging.targetResolver.looksLikeId(raw, normalized)` tells core whether an

739739

input should skip straight to id-like resolution instead of directory search.

740+

- `messaging.targetResolver.reservedLiterals` lists bare words that are

741+

channel/session references for that provider and must fail closed before

742+

directory or default-target fallback.

740743

- `messaging.targetResolver.resolveTarget(...)` is the plugin fallback when

741744

core needs a final provider-owned resolution after normalization or after a

742745

directory miss.

Original file line numberDiff line numberDiff line change

@@ -739,7 +739,7 @@ Write colocated tests in `src/channel.test.ts`:

739739

describeMessageTool and action discovery

740740

</Card>

741741

<Card title="Target resolution" icon="crosshair" href="/plugins/architecture-internals#channel-target-resolution">

742-

inferTargetChatType, looksLikeId, resolveTarget

742+

inferTargetChatType, looksLikeId, reservedLiterals, resolveTarget

743743

</Card>

744744

<Card title="Runtime helpers" icon="settings" href="/plugins/sdk-runtime">

745745

TTS, STT, media, subagent via api.runtime

Original file line numberDiff line numberDiff line change

@@ -833,6 +833,7 @@ export const telegramPlugin = createChatChannelPlugin({

833833

targetResolver: {

834834

looksLikeId: looksLikeTelegramTargetId,

835835

hint: "<chatId>",

836+

reservedLiterals: ["current", "self", "this", "me"],

836837

},

837838

},

838839

resolver: {

Original file line numberDiff line numberDiff line change

@@ -92,6 +92,14 @@ export function expectChannelSurfaceContract(params: {

9292

expect(typeof messaging.targetResolver.hint).toBe("string");

9393

expect(messaging.targetResolver.hint.trim()).not.toBe("");

9494

}

95+

if (messaging.targetResolver.reservedLiterals !== undefined) {

96+

expect(Array.isArray(messaging.targetResolver.reservedLiterals)).toBe(true);

97+

expect(

98+

messaging.targetResolver.reservedLiterals.every(

99+

(value) => typeof value === "string" && value.trim(),

100+

),

101+

).toBe(true);

102+

}

95103

if (messaging.targetResolver.resolveTarget) {

96104

expect(typeof messaging.targetResolver.resolveTarget).toBe("function");

97105

}

Original file line numberDiff line numberDiff line change

@@ -608,6 +608,8 @@ export type ChannelMessagingAdapter = {

608608

targetResolver?: {

609609

looksLikeId?: (raw: string, normalized?: string) => boolean;

610610

hint?: string;

611+

/** Bare words that are command/session references for this channel, not literal destinations. */

612+

reservedLiterals?: readonly string[];

611613

/**

612614

* Plugin-owned fallback for explicit/native targets or post-directory-miss

613615

* resolution. This should complement directory lookup, not duplicate it.

Original file line numberDiff line numberDiff line change

@@ -2300,7 +2300,7 @@ export const agentHandlers: GatewayRequestHandlers = {

23002300

let resolvedTo = deliveryPlan.resolvedTo;

23012301

let effectivePlan = deliveryPlan;

23022302

let deliveryDowngradeReason: string | null = null;

2303-

let deliveryTargetResolutionError: Error | undefined;

2303+

let deliveryTargetResolutionError: Error | undefined = deliveryPlan.targetResolutionError;

23042304
23052305

if (wantsDelivery && resolvedChannel === INTERNAL_MESSAGE_CHANNEL) {

23062306

const cfgResolved = cfgForAgent ?? cfg;

@@ -2328,6 +2328,27 @@ export const agentHandlers: GatewayRequestHandlers = {

23282328

}

23292329

}

23302330
2331+

if (wantsDelivery && deliveryTargetResolutionError) {

2332+

if (!bestEffortDeliver) {

2333+

respond(

2334+

false,

2335+

undefined,

2336+

errorShape(ErrorCodes.INVALID_REQUEST, String(deliveryTargetResolutionError)),

2337+

);

2338+

return;

2339+

}

2340+

deliveryDowngradeReason = String(deliveryTargetResolutionError);

2341+

resolvedChannel = INTERNAL_MESSAGE_CHANNEL;

2342+

deliveryTargetMode = undefined;

2343+

resolvedTo = undefined;

2344+

effectivePlan = {

2345+

...deliveryPlan,

2346+

resolvedChannel,

2347+

resolvedTo,

2348+

deliveryTargetMode,

2349+

};

2350+

}

2351+
23312352

if (!resolvedTo && isDeliverableMessageChannel(resolvedChannel)) {

23322353

const cfgResolved = cfgForAgent ?? cfg;

23332354

const fallback = resolveAgentOutboundTarget({

Original file line numberDiff line numberDiff line change

@@ -313,6 +313,52 @@ describe("agent delivery helpers", () => {

313313

expect(plan.resolvedTo).toBe("1470130713209602050");

314314

});

315315
316+

it("carries explicit target resolution errors from session-route preparation", async () => {

317+

const targetResolutionError = new Error('reserved target "current"');

318+

mocks.resolveOutboundChannelPlugin.mockReturnValue({

319+

messaging: { resolveOutboundSessionRoute: vi.fn() },

320+

});

321+

mocks.resolveOutboundTarget.mockReturnValueOnce({

322+

ok: false,

323+

error: targetResolutionError,

324+

});

325+
326+

const plan = await resolveAgentDeliveryPlanWithSessionRoute({

327+

cfg: {} as OpenClawConfig,

328+

agentId: "agent",

329+

sessionEntry: undefined,

330+

requestedChannel: "workspace",

331+

explicitTo: "current",

332+

accountId: undefined,

333+

wantsDelivery: true,

334+

});

335+
336+

expect(mocks.resolveOutboundSessionRoute).not.toHaveBeenCalled();

337+

expect(plan.resolvedTo).toBe("current");

338+

expect(plan.targetResolutionError).toBe(targetResolutionError);

339+

});

340+
341+

it("surfaces stored explicit target errors even when explicit validation is disabled", () => {

342+

const targetResolutionError = new Error('reserved target "current"');

343+
344+

const resolved = resolveAgentOutboundTarget({

345+

cfg: {} as OpenClawConfig,

346+

plan: {

347+

baseDelivery: { mode: "explicit" },

348+

resolvedChannel: "workspace",

349+

resolvedTo: "current",

350+

deliveryTargetMode: "explicit",

351+

targetResolutionError,

352+

},

353+

targetMode: "explicit",

354+

validateExplicitTarget: false,

355+

});

356+
357+

expect(mocks.resolveOutboundTarget).not.toHaveBeenCalled();

358+

expect(resolved.resolvedTarget).toEqual({ ok: false, error: targetResolutionError });

359+

expect(resolved.resolvedTo).toBeUndefined();

360+

});

361+
316362

it("falls back to the original plan when session-route canonicalization fails", async () => {

317363

mocks.resolveOutboundChannelPlugin.mockReturnValue({

318364

messaging: { resolveOutboundSessionRoute: vi.fn() },

Original file line numberDiff line numberDiff line change

@@ -29,6 +29,7 @@ export type AgentDeliveryPlan = {

2929

resolvedAccountId?: string;

3030

resolvedThreadId?: string | number;

3131

deliveryTargetMode?: ChannelOutboundTargetMode;

32+

targetResolutionError?: Error;

3233

};

3334
3435

export function resolveAgentDeliveryPlan(params: {

@@ -163,7 +164,7 @@ export async function resolveAgentDeliveryPlanWithSessionRoute(

163164

mode: plan.deliveryTargetMode ?? "explicit",

164165

});

165166

if (!normalizedTarget.ok) {

166-

return plan;

167+

return { ...plan, targetResolutionError: normalizedTarget.error };

167168

}

168169

const explicitThreadId =

169170

params.explicitThreadId != null && params.explicitThreadId !== ""

@@ -210,6 +211,13 @@ export function resolveAgentOutboundTarget(params: {

210211

params.targetMode ??

211212

params.plan.deliveryTargetMode ??

212213

(params.plan.resolvedTo ? "explicit" : "implicit");

214+

if (params.plan.targetResolutionError) {

215+

return {

216+

resolvedTarget: { ok: false, error: params.plan.targetResolutionError },

217+

resolvedTo: undefined,

218+

targetMode,

219+

};

220+

}

213221

if (!isDeliverableMessageChannel(params.plan.resolvedChannel)) {

214222

return {

215223

resolvedTarget: null,

Original file line numberDiff line numberDiff line change

@@ -40,6 +40,14 @@ export function unknownTargetError(provider: string, raw: string, hint?: string)

4040

return new Error(unknownTargetMessage(provider, raw, hint));

4141

}

4242
43+

export function reservedTargetLiteralMessage(provider: string, raw: string, hint?: string): string {

44+

return `Reserved target "${raw}" for ${provider} cannot be used as a literal destination. Provide an explicit id or handle.${formatTargetHint(hint, true)}`;

45+

}

46+
47+

export function reservedTargetLiteralError(provider: string, raw: string, hint?: string): Error {

48+

return new Error(reservedTargetLiteralMessage(provider, raw, hint));

49+

}

50+
4351

function formatTargetHint(hint?: string, withLabel = false): string {

4452

const normalized = hint?.trim();

4553

if (!normalized) {

Original file line numberDiff line numberDiff line change

@@ -32,6 +32,52 @@ function resolveChannelPluginForTargetRead(channelId: ChannelId): ChannelPlugin

3232

return getLoadedChannelPluginForRead(channelId) ?? getChannelPlugin(channelId);

3333

}

3434
35+

function normalizeTargetLiteral(value: string): string | undefined {

36+

return normalizeOptionalLowercaseString(value);

37+

}

38+
39+

function stripPluginTargetPrefix(raw: string, plugin: ChannelPlugin): string {

40+

let target = raw.trim();

41+

const prefixes = [plugin.id, ...(plugin.messaging?.targetPrefixes ?? [])]

42+

.map((prefix) => normalizeTargetLiteral(String(prefix)))

43+

.filter((prefix): prefix is string => Boolean(prefix));

44+

while (target) {

45+

const lowered = normalizeTargetLiteral(target) ?? "";

46+

const prefix = prefixes.find((candidate) => lowered.startsWith(`${candidate}:`));

47+

if (!prefix) {

48+

return target;

49+

}

50+

target = target.slice(prefix.length + 1).trim();

51+

}

52+

return target;

53+

}

54+
55+

export function resolveReservedTargetLiteral(params: {

56+

raw?: string;

57+

plugin?: ChannelPlugin;

58+

}): string | undefined {

59+

const raw = normalizeOptionalString(params.raw);

60+

const plugin = params.plugin;

61+

const reservedLiterals = plugin?.messaging?.targetResolver?.reservedLiterals;

62+

if (!raw || !plugin || !reservedLiterals?.length) {

63+

return undefined;

64+

}

65+

const stripped = stripPluginTargetPrefix(raw, plugin);

66+

if (!stripped || /^[@#]/.test(stripped) || /^(channel|group|user):/i.test(stripped)) {

67+

return undefined;

68+

}

69+

const normalized = normalizeTargetLiteral(stripped);

70+

if (!normalized) {

71+

return undefined;

72+

}

73+

const reserved = new Set(

74+

reservedLiterals

75+

.map(normalizeTargetLiteral)

76+

.filter((literal): literal is string => Boolean(literal)),

77+

);

78+

return reserved.has(normalized) ? normalized : undefined;

79+

}

80+
3581

function resetTargetNormalizerCacheForTests(): void {

3682

targetNormalizerCacheByChannelId.clear();

3783

}

@@ -224,10 +270,15 @@ export function buildTargetResolverSignature(

224270

: "pinned";

225271

const resolver = plugin?.messaging?.targetResolver;

226272

const hint = resolver?.hint ?? "";

273+

const reserved = (resolver?.reservedLiterals ?? [])

274+

.map(normalizeTargetLiteral)

275+

.filter((literal): literal is string => Boolean(literal))

276+

.toSorted()

277+

.join(",");

227278

const looksLike = resolver?.looksLikeId;

228279

// Function source is only a cheap invalidation hint; resolver behavior still belongs to the plugin.

229280

const source = looksLike ? looksLike.toString() : "";

230-

return hashSignature(`${registryScope}|${hint}|${source}`);

281+

return hashSignature(`${registryScope}|${hint}|${reserved}|${source}`);

231282

}

232283
233284

function hashSignature(value: string): string {