nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/docs/gateway
History
Nikolay Petrov a9f1188785
sessions_spawn: inline attachments with redaction, lifecycle cleanup, and docs (#16761) 
Add inline file attachment support for sessions_spawn (subagent runtime only):

- Schema: attachments[] (name, content, encoding, mimeType) and attachAs.mountPath hint
- Materialization: files written to .openclaw/attachments/<uuid>/ with manifest.json
- Validation: strict base64 decode, filename checks, size limits, duplicate detection
- Transcript redaction: sanitizeToolCallInputs redacts attachment content from persisted transcripts
- Lifecycle cleanup: safeRemoveAttachmentsDir with symlink-safe path containment check
- Config: tools.sessions_spawn.attachments (enabled, maxFiles, maxFileBytes, maxTotalBytes, retainOnSessionKeep)
- Registry: attachmentsDir/attachmentsRootDir/retainAttachmentsOnKeep on SubagentRunRecord
- ACP rejection: attachments rejected for runtime=acp with clear error message
- Docs: updated tools/index.md, concepts/session-tool.md, configuration-reference.md
- Tests: 85 new/updated tests across 5 test files

Fixes:
- Guard fs.rm in materialization catch block with try/catch (review concern #1)
- Remove unreachable fallback in safeRemoveAttachmentsDir (review concern #7)
- Move attachment cleanup out of retry path to avoid timing issues with announce loop

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
Co-authored-by: napetrov <napetrov@users.noreply.github.com>
 		2026-03-01 21:33:51 -08:00
..
security fix(gateway): allow ws:// to private network addresses (#28670) 2026-03-01 20:49:45 -08:00
authentication.md docs(secrets): align provider model and add exec resolver coverage 2026-02-26 14:47:22 +00:00
background-process.md Exec/ACP: inject OPENCLAW_SHELL into child shell env (#31271) 2026-03-01 20:31:06 -08:00
bonjour.md fix(security): require explicit trust for first-time TLS pins 2026-02-14 17:55:20 +01:00
bridge-protocol.md fix(security): harden discovery routing and TLS pins 2026-02-14 17:18:14 +01:00
cli-backends.md chore: apply local workspace updates (#9911) 2026-02-05 16:54:44 -05:00
configuration-examples.md docs: fix wrong Providers link in configuration examples 2026-02-26 02:41:07 -06:00
configuration-reference.md sessions_spawn: inline attachments with redaction, lifecycle cleanup, and docs (#16761) 2026-03-01 21:33:51 -08:00
configuration.md Discord: thread bindings idle + max-age lifecycle (#27845) (thanks @osolmaz) 2026-02-27 10:02:39 +01:00
discovery.md fix(security): require explicit trust for first-time TLS pins 2026-02-14 17:55:20 +01:00
doctor.md Doctor: warn when Linux state dir is on SD/eMMC mounts (#31033) 2026-03-01 16:36:01 -08:00
gateway-lock.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
health.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
heartbeat.md docs(heartbeat): add directPolicy to config examples 2026-02-26 03:59:38 +01:00
index.md docs(secrets): add dedicated apply plan contract page 2026-02-26 14:47:22 +00:00
local-models.md Docs: enable markdownlint autofixables except list numbering (#10476) 2026-02-06 10:08:59 -05:00
logging.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
multiple-gateways.md docs(security): clarify canvas host exposure and auth 2026-02-14 14:57:19 +01:00
network-model.md fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
openai-http-api.md fix(gateway): enforce owner boundary for agent runs 2026-03-02 00:27:44 +00:00
openresponses-http-api.md fix(gateway): enforce owner boundary for agent runs 2026-03-02 00:27:44 +00:00
pairing.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
protocol.md refactor!: remove versioned system-run approval contract 2026-03-02 01:12:53 +00:00
remote-gateway-readme.md refactor: replace bot.molt identifiers with ai.openclaw 2026-02-25 05:03:24 +00:00
remote.md fix(gateway): allow ws:// to private network addresses (#28670) 2026-03-01 20:49:45 -08:00
sandbox-vs-tool-policy-vs-elevated.md chore: Run `pnpm format:fix`. 2026-01-31 21:13:13 +09:00
sandboxing.md fix(security): harden sandbox novnc observer flow 2026-03-01 22:44:28 +00:00
secrets-plan-contract.md docs(secrets): add dedicated apply plan contract page 2026-02-26 14:47:22 +00:00
secrets.md docs(secrets): add dedicated apply plan contract page 2026-02-26 14:47:22 +00:00
tailscale.md fix(gateway): scope tailscale tokenless auth to websocket 2026-02-21 13:03:13 +01:00
tools-invoke-http-api.md fix: classify /tools/invoke errors and sanitize 500s (#13185) (thanks @davidrudduck) 2026-02-13 16:58:30 +01:00
troubleshooting.md docs: clarify Anthropic context1m long-context requirements 2026-03-01 22:35:26 +00:00
trusted-proxy-auth.md docs: refresh CLI and trusted-proxy docs 2026-02-25 02:40:12 +00:00