nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/src
History
YUJIE2002 3c0ec76e8e fix(config): harden backup file permissions and clean orphan .bak files 
Addresses #31699 — config .bak files persist with sensitive data.

Changes:
- Explicitly chmod 0o600 on all .bak files after creation, instead of
  relying on copyFile to preserve source permissions (not guaranteed on
  all platforms, e.g. Windows, NFS mounts).
- Clean up orphan .bak files that fall outside the managed 5-deep
  rotation ring (e.g. PID-stamped leftovers from interrupted writes,
  manual backups like .bak.before-marketing).
- Add tests for permission hardening and orphan cleanup.

The backup ring itself is preserved — it's a valuable recovery mechanism.
This PR hardens the security surface by ensuring backup files are
always owner-only and stale copies don't accumulate indefinitely.
 		2026-03-02 20:40:15 +00:00
..
acp refactor: dedupe agent and reply runtimes 2026-03-02 19:57:33 +00:00
agents fix(tools): strip xAI-unsupported JSON Schema keywords from tool definitions 2026-03-02 20:37:07 +00:00
auto-reply fix: prevent reasoning text leak through handleMessageEnd fallback 2026-03-02 20:32:01 +00:00
browser refactor: dedupe agent and reply runtimes 2026-03-02 19:57:33 +00:00
canvas-host refactor(agents): centralize tool display definitions 2026-03-02 12:13:45 +00:00
channels refactor: dedupe channel and gateway surfaces 2026-03-02 19:57:33 +00:00
cli refactor: dedupe cli config cron and install flows 2026-03-02 19:57:33 +00:00
commands refactor: dedupe cli config cron and install flows 2026-03-02 19:57:33 +00:00
compat
config fix(config): harden backup file permissions and clean orphan .bak files 2026-03-02 20:40:15 +00:00
cron perf(cron): cache schedule evaluators and stagger offsets 2026-03-02 20:19:10 +00:00
daemon refactor: dedupe cli config cron and install flows 2026-03-02 19:57:33 +00:00
discord fix(discord): use per-channel message queues to restore parallel agent dispatch 2026-03-02 20:34:41 +00:00
docs
gateway Gateway: suppress NO_REPLY lead-fragment chat leaks 2026-03-02 20:27:49 +00:00
hooks refactor: dedupe cli config cron and install flows 2026-03-02 19:57:33 +00:00
i18n fix(ci): resolve i18n typing and generated-policy drift 2026-03-02 04:29:18 +00:00
imessage refactor: dedupe channel and gateway surfaces 2026-03-02 19:57:33 +00:00
infra fix(models): infer codex weekly usage labels from reset cadence 2026-03-02 20:35:45 +00:00
line refactor: dedupe channel and gateway surfaces 2026-03-02 19:57:33 +00:00
link-understanding
logging fix: resolve rebase conflict markers 2026-03-02 19:57:33 +00:00
markdown refactor: split telegram delivery and unify media/frontmatter/i18n pipelines 2026-03-02 04:14:06 +00:00
media refactor(net): unify proxy env checks and guarded fetch modes 2026-03-02 16:24:26 +00:00
media-understanding refactor(shared): dedupe protocol schema typing and session/media helpers 2026-03-02 19:57:33 +00:00
memory perf(config): skip redundant schema and session-store work 2026-03-02 20:19:10 +00:00
node-host refactor: dedupe agent and reply runtimes 2026-03-02 19:57:33 +00:00
pairing fix(pairing): handle missing accountId in allowFrom reads (#31369) 2026-03-01 23:24:33 -08:00
plugin-sdk refactor: dedupe channel and gateway surfaces 2026-03-02 19:57:33 +00:00
plugins fix: restore helper imports and plugin hook test exports 2026-03-02 19:57:33 +00:00
process refactor: dedupe cli config cron and install flows 2026-03-02 19:57:33 +00:00
providers refactor: dedupe agent and reply runtimes 2026-03-02 19:57:33 +00:00
routing perf(routing): cache normalized agent-id lookups 2026-03-02 20:19:10 +00:00
scripts
secrets refactor: dedupe cli config cron and install flows 2026-03-02 19:57:33 +00:00
security perf(security): cache scanner directory walks 2026-03-02 20:19:10 +00:00
sessions test(integration): dedupe messaging, secrets, and plugin test suites 2026-03-02 07:13:11 +00:00
shared refactor: dedupe cli config cron and install flows 2026-03-02 19:57:33 +00:00
signal fix(signal): land #31138 syncMessage presence filtering (@Sid-Qin) 2026-03-02 03:28:25 +00:00
slack fix(slack): apply mrkdwn conversion in streaming and preview paths 2026-03-02 20:34:41 +00:00
telegram Telegram: support compact model callback fallback 2026-03-02 20:38:43 +00:00
terminal refactor: dedupe channel and gateway surfaces 2026-03-02 19:57:33 +00:00
test-helpers
test-utils test(perf): increase guardrail scan read concurrency 2026-03-02 19:34:04 +00:00
tts refactor: dedupe channel and gateway surfaces 2026-03-02 19:57:33 +00:00
tui fix(tui): honor explicit gateway auth for url overrides 2026-03-02 19:48:02 +00:00
types
utils fix(agents): add forward-compat fallback for google-gemini-cli gemini-3.1-pro/flash-preview (#26570) 2026-02-26 18:39:13 -05:00
web WhatsApp: guard main DM last-route to single owner 2026-03-02 20:33:59 +00:00
whatsapp
wizard fix(security): harden sms.send dangerous-node defaults 2026-03-02 16:06:52 +00:00
channel-web.ts
docker-image-digests.test.ts
docker-setup.e2e.test.ts feat(docker): add opt-in sandbox support for Docker deployments (#29974) 2026-03-01 23:06:10 -08:00
dockerfile.test.ts fix(docker): harden /app/extensions permissions to 755 (#30191) 2026-03-01 15:45:21 -08:00
entry.ts CLI: add root --help fast path and lazy channel option resolution (#30975) 2026-03-01 14:23:46 -08:00
extensionAPI.ts
globals.ts
index.ts
logger.test.ts
logger.ts refactor: dedupe agent and reply runtimes 2026-03-02 19:57:33 +00:00
logging.ts
polls.test.ts
polls.ts
runtime.ts
utils.test.ts
utils.ts
version.test.ts refactor: centralize delivery/path/media/version lifecycle 2026-03-02 04:04:36 +00:00
version.ts refactor: centralize delivery/path/media/version lifecycle 2026-03-02 04:04:36 +00:00