惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
Malwarebytes
Malwarebytes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cybersecurity and Infrastructure Security Agency CISA
F
Future of Privacy Forum
C
Cisco Blogs
T
The Exploit Database - CXSecurity.com
A
Arctic Wolf
S
Securelist
K
Kaspersky official blog
S
Schneier on Security
T
ThreatConnect
T
Tenable Blog
Spread Privacy
Spread Privacy
T
True Tiger Recordings
AWS News Blog
AWS News Blog
F
Fox-IT International blog
量子位
T
Threatpost
V
Vulnerabilities – Threatpost
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
宝玉的分享
宝玉的分享
腾讯CDC
G
Google Developers Blog
aimingoo的专栏
aimingoo的专栏
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队
S
SegmentFault 最新的问题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
U
Unit 42
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
O
OpenAI News
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
The Register - Security
The Register - Security
MyScale Blog
MyScale Blog
小众软件
小众软件
A
About on SuperTechFans
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
美团技术团队
Google Online Security Blog
Google Online Security Blog
P
Proofpoint News Feed
MongoDB | Blog
MongoDB | Blog

Recent Commits to openclaw:main

fix: suppress async media incomplete-turn errors (#85933) · openclaw/openclaw@35dcd42 migrate auth credentials · openclaw/openclaw@f036bac fix migrate auth lint · openclaw/openclaw@50e6cb0 fix migrate supported auth imports · openclaw/openclaw@44bb2be fix migrate auth opt-out precedence · openclaw/openclaw@2016a51 honor migrate auth opt-out in plan · openclaw/openclaw@17edec7 address migrate auth review comments · openclaw/openclaw@0a98c2d fix ci blockers for migrate auth docs: add migrate auth changelog (#85667) · openclaw/openclaw@f7fcbdb fix(scripts): avoid duplicate install smoke ui build · openclaw/openclaw@b1b2841 fix(telegram): preserve inbound text entities (#83873) · openclaw/openclaw@b552919 chore: ignore Python bytecode caches · openclaw/openclaw@b6b2755 fix: make autoreview progress visible · openclaw/openclaw@236edb2 ci(release): fix plugin prerelease extension batch invocation test(telegram): provide topic cache store in message context harness · openclaw/openclaw@ff1fde1 test(agents): complete provider runtime test mocks · openclaw/openclaw@be8cd12 test(telegram): type topic cache harness store · openclaw/openclaw@84ab206 test(agents): sync provider runtime mocks · openclaw/openclaw@a289dd9 refactor: keep plain text tool-call promotion private (#86374) · openclaw/openclaw@c3ab2de fix(discord): suppress self-reply prompt echoes (#86238) docs: clarify config migration policy · openclaw/openclaw@c44367f fix(perf): fail startup bench on early gateway exit · openclaw/openclaw@a8fc28c fix: prevent plain text tool call leaks (#86222) · openclaw/openclaw@cd62780 fix: handle npm min-release-age in installers · openclaw/openclaw@316d97c fix(scripts): include ui:build in build-all full and ciArtifacts prof… · openclaw/openclaw@6704d0a fix(e2e): sample Windows kitchen sink gateway RSS · openclaw/openclaw@73189e3 fix(cron): respect isolated target and error on missing remove id (#8… · openclaw/openclaw@6709f4e fix(pi-embedded-runner): propagate trigger-derived priority to the gl… · openclaw/openclaw@0580f57 fix(cli): suppress self-update version warnings · openclaw/openclaw@e2bd20f fix: preserve webchat source reply details · openclaw/openclaw@aa50c51 docs: replace OpenClaw docs skill and add plugin permissions guide · openclaw/openclaw@0dabb70 fix(codex): preserve source reply mode for active runs (#86325) · openclaw/openclaw@b962110 fix: make compaction reinjection opt-in · openclaw/openclaw@ab910f8 fix codex usage-limit recovery copy (#86305) · openclaw/openclaw@c3c8a65 feat(ui): add ephemeral Activity tab · openclaw/openclaw@3dd0e8e fix(tests): harden native macos plugin proof · openclaw/openclaw@a5d5604 fix(commitments): serialize load-modify-save with in-process queue + … · openclaw/openclaw@d3c293d Fail Codex compaction at the Codex boundary (#85958) · openclaw/openclaw@dd47e47 fix(docker): restore config parent ownership · openclaw/openclaw@908b894 docs: clarify config default review policy (#86329) · openclaw/openclaw@3a03dd5 docs: clean changelog script entries · openclaw/openclaw@0eead19 fix(scripts): budget restart benchmark timeouts · openclaw/openclaw@5bd5509 fix: align ui vitest config assertion · openclaw/openclaw@730fd19 fix: route unit ui vitest targets narrowly · openclaw/openclaw@777402e fix: route explicit ui vitest targets narrowly · openclaw/openclaw@56a383c fix(android): harden play media permission removal fix(webchat): stabilize live transcript run state · openclaw/openclaw@119a01c fix(scripts): fail restart benchmark regressions · openclaw/openclaw@95d1b39 fix(openai): scope external codex auth to realtime fix(openai): prefer codex auth for GPT realtime · openclaw/openclaw@48c4f57 fix(openai): discover codex cli auth for provider checks · openclaw/openclaw@4656275 fix(android): keep talk mode on realtime relay · openclaw/openclaw@70614f8 test(android): add gateway connect adb probe · openclaw/openclaw@d7aa1f3 fix(android): stabilize realtime talk connection state · openclaw/openclaw@ffb02a5 test(android): add voice mode adb e2e harness · openclaw/openclaw@e52a3b3 fix(ci): stabilize deadcode and catalog checks · openclaw/openclaw@3db1508 fix(scripts): prebuild gateway cpu bench · openclaw/openclaw@ca70015 fix(e2e): harden bundled lifecycle probe on Windows · openclaw/openclaw@4798264 test(e2e): sample kitchen sink rpc peak rss · openclaw/openclaw@60c0f24 fix(scripts): remove stale deadcode allowlist entries · openclaw/openclaw@ea3bb92 fix(telegram): route polling diagnostics away from errors · openclaw/openclaw@b5c1199 fix(plugins): support linked source checkouts on Windows · openclaw/openclaw@793e300 fix(gateway): back off session tool mirrors under pressure (#84846) · openclaw/openclaw@42bdc94 fix(config): skip shell env fallback on Windows (#85739) · openclaw/openclaw@06bf302 fix(gateway): avoid duplicate session message broadcasts · openclaw/openclaw@1459044 fix: repair anchorless iMessage watch payloads · openclaw/openclaw@f37fbc9 fix(cli): route node status hints to stdout (#85780) · openclaw/openclaw@749692e fix(oc-path): support deep config edits (#86060) · openclaw/openclaw@3a72a30 fix(config): quiet benign metadata anomaly output · openclaw/openclaw@f3f4f29 fix(test): fail multi-node update regressions · openclaw/openclaw@732cf54 fix(google-vertex): support production ADC modes (#83971) · openclaw/openclaw@f09b4eb test(e2e): expose corrupt plugin deps smoke · openclaw/openclaw@fa3ff4d fix(codex): log app-server approval promotion trigger · openclaw/openclaw@d9af23f test(e2e): harden multi-node update smoke Clean up browser MCP subprocess tree (#85832) · openclaw/openclaw@8dc6b4d fix(agents): log warnings instead of swallowing subagent errors (#82943) · openclaw/openclaw@907bc03 fix(compaction): preserve partial summary on mid-chain chunk failure … · openclaw/openclaw@f0061dd fix(config): do not suppress recovery retry after failed backup resto… · openclaw/openclaw@5d174a5 chore: release 2026.5.25 fix(installer): support alpine cli installs · openclaw/openclaw@f68ed72 test(agents): keep runtime-plan provider mock current fix(scripts): launch env package scripts on Windows · openclaw/openclaw@4d4ce9e fix(agents): cache fallback provider resolution · openclaw/openclaw@3c8d101 fix(test): make import timing scripts Windows-safe · openclaw/openclaw@8ae9977 fix(telegram): transient Telegram pairing prompts (#85555) · openclaw/openclaw@8209426 fix(test): make max Vitest scripts Windows-safe · openclaw/openclaw@b681d5d fix(doctor): migrate Feishu account bot names (#86081) · openclaw/openclaw@9e8cc7e fix(scripts): prefilter conflict marker scans docs: add ClawSweeper review policy to AGENTS (#86197) · openclaw/openclaw@242e876 fix(installer): avoid before with npm release-age configs (#85491) · openclaw/openclaw@4742db6 fix(e2e): retry Windows kitchen sink probes · openclaw/openclaw@3e275a5 fix(installer): install node with apk on alpine fix(installer): detect musl linux shells · openclaw/openclaw@acfed37 perf(plugins,gateway): thread metadata snapshot + discovery through h… · openclaw/openclaw@8ccb11c fix(ui): split control ui runtime chunks · openclaw/openclaw@8bf4f7d refactor(config): extract GoogleChat schema into zod-schema.providers… · openclaw/openclaw@fe34141 fix(update): suppress internal handoff version warnings · openclaw/openclaw@6cc8244 test(e2e): select installable bundled plugins · openclaw/openclaw@0acc3e3 fix(scripts): harden Windows native opus install · openclaw/openclaw@43252c8 fix(agents): match runtime policy entries when session provider is em…
fix(gateway): gate talk secret bootstrap handoff (#85690) · openclaw/openclaw@c791e42
ngutman · 2026-05-25 · via Recent Commits to openclaw:main

@@ -89,6 +89,7 @@ type ApprovedPairingResult = Extract<

8989

>;

9090

type ApprovedPairingDevice = ApprovedPairingResult["device"];

9191

const INTERNAL_PAIRING_SCOPES = ["operator.write", "operator.pairing"];

92+

const INTERNAL_SETUP_SCOPES = [...INTERNAL_PAIRING_SCOPES, "operator.talk.secrets"];

92939394

function createApi(params?: {

9495

config?: OpenClawPluginApi["config"];

@@ -286,7 +287,7 @@ describe("device-pair /pair qr", () => {

286287

const result = await command.handler(

287288

createCommandContext({

288289

channel: "webchat",

289-

gatewayClientScopes: ["operator.write", "operator.pairing"],

290+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

290291

}),

291292

);

292293

const payload = result as { text?: string; mediaUrl?: string; sensitiveMedia?: boolean };

@@ -342,6 +343,23 @@ describe("device-pair /pair qr", () => {

342343

});

343344

});

344345346+

it("rejects qr setup for internal callers without Talk secret scope", async () => {

347+

const command = registerPairCommand();

348+

const result = await command.handler(

349+

createCommandContext({

350+

channel: "webchat",

351+

args: "qr",

352+

commandBody: "/pair qr",

353+

gatewayClientScopes: INTERNAL_PAIRING_SCOPES,

354+

}),

355+

);

356+357+

expect(pluginApiMocks.issueDeviceBootstrapToken).not.toHaveBeenCalled();

358+

expect(result).toEqual({

359+

text: "⚠️ Setup code handoff includes Talk secrets and requires operator.talk.secrets.",

360+

});

361+

});

362+345363

it("reissues the bootstrap token if webchat QR rendering fails before falling back", async () => {

346364

pluginApiMocks.issueDeviceBootstrapToken

347365

.mockResolvedValueOnce({

@@ -358,7 +376,7 @@ describe("device-pair /pair qr", () => {

358376

const result = await command.handler(

359377

createCommandContext({

360378

channel: "webchat",

361-

gatewayClientScopes: ["operator.write", "operator.pairing"],

379+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

362380

}),

363381

);

364382

const text = requireText(result);

@@ -478,7 +496,7 @@ describe("device-pair /pair qr", () => {

478496

const result = await command.handler(

479497

createCommandContext({

480498

...testCase.ctx,

481-

gatewayClientScopes: INTERNAL_PAIRING_SCOPES,

499+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

482500

}),

483501

);

484502

const text = requireText(result);

@@ -538,7 +556,7 @@ describe("device-pair /pair qr", () => {

538556

createCommandContext({

539557

channel: "discord",

540558

senderId: "123",

541-

gatewayClientScopes: INTERNAL_PAIRING_SCOPES,

559+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

542560

}),

543561

);

544562

const text = requireText(result);

@@ -557,7 +575,7 @@ describe("device-pair /pair qr", () => {

557575

createCommandContext({

558576

channel: "msteams",

559577

senderId: "8:orgid:123",

560-

gatewayClientScopes: INTERNAL_PAIRING_SCOPES,

578+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

561579

}),

562580

);

563581

const text = requireText(result);

@@ -678,6 +696,23 @@ describe("device-pair /pair default setup code", () => {

678696

});

679697

});

680698699+

it("rejects setup code issuance for internal callers without Talk secret scope", async () => {

700+

const command = registerPairCommand();

701+

const result = await command.handler(

702+

createCommandContext({

703+

channel: "webchat",

704+

args: "",

705+

commandBody: "/pair",

706+

gatewayClientScopes: INTERNAL_PAIRING_SCOPES,

707+

}),

708+

);

709+710+

expect(pluginApiMocks.issueDeviceBootstrapToken).not.toHaveBeenCalled();

711+

expect(result).toEqual({

712+

text: "⚠️ Setup code handoff includes Talk secrets and requires operator.talk.secrets.",

713+

});

714+

});

715+681716

it("fails closed for webchat setup code issuance when scopes are absent", async () => {

682717

const command = registerPairCommand();

683718

const result = await command.handler(

@@ -749,7 +784,7 @@ describe("device-pair /pair default setup code", () => {

749784

channel: "webchat",

750785

args: "",

751786

commandBody: "/pair",

752-

gatewayClientScopes: ["operator.write", "operator.pairing"],

787+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

753788

}),

754789

);

755790

const text = requireText(result);

@@ -769,7 +804,7 @@ describe("device-pair /pair default setup code", () => {

769804

channel: "webchat",

770805

args: "",

771806

commandBody: "/pair",

772-

gatewayClientScopes: ["operator.write", "operator.pairing"],

807+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

773808

}),

774809

);

775810

const text = requireText(result);

@@ -789,7 +824,7 @@ describe("device-pair /pair default setup code", () => {

789824

channel: "webchat",

790825

args: "",

791826

commandBody: "/pair",

792-

gatewayClientScopes: ["operator.write", "operator.pairing"],

827+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

793828

}),

794829

);

795830

@@ -808,7 +843,7 @@ describe("device-pair /pair default setup code", () => {

808843

channel: "webchat",

809844

args: "",

810845

commandBody: "/pair",

811-

gatewayClientScopes: ["operator.write", "operator.pairing"],

846+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

812847

}),

813848

);

814849

@@ -827,7 +862,7 @@ describe("device-pair /pair default setup code", () => {

827862

channel: "webchat",

828863

args: "",

829864

commandBody: "/pair",

830-

gatewayClientScopes: ["operator.write", "operator.pairing"],

865+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

831866

}),

832867

);

833868

@@ -861,7 +896,7 @@ describe("device-pair /pair default setup code", () => {

861896

channel: "webchat",

862897

args: "",

863898

commandBody: "/pair",

864-

gatewayClientScopes: ["operator.write", "operator.pairing"],

899+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

865900

}),

866901

);

867902

@@ -890,7 +925,7 @@ describe("device-pair /pair default setup code", () => {

890925

channel: "webchat",

891926

args: "",

892927

commandBody: "/pair",

893-

gatewayClientScopes: ["operator.write", "operator.pairing"],

928+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

894929

}),

895930

);

896931

const text = requireText(result);

@@ -910,7 +945,7 @@ describe("device-pair /pair default setup code", () => {

910945

channel: "webchat",

911946

args: "",

912947

commandBody: "/pair",

913-

gatewayClientScopes: ["operator.write", "operator.pairing"],

948+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

914949

}),

915950

);

916951

@@ -940,7 +975,7 @@ describe("device-pair /pair default setup code", () => {

940975

channel: "webchat",

941976

args: "",

942977

commandBody: "/pair",

943-

gatewayClientScopes: ["operator.write", "operator.pairing"],

978+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

944979

}),

945980

);

946981

@@ -967,7 +1002,7 @@ describe("device-pair /pair default setup code", () => {

9671002

channel: "webchat",

9681003

args: "",

9691004

commandBody: "/pair",

970-

gatewayClientScopes: ["operator.write", "operator.pairing"],

1005+

gatewayClientScopes: INTERNAL_SETUP_SCOPES,

9711006

}),

9721007

);

9731008

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。