nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/test
History
Sean c6f2db1506
fix: prevent gateway attachment offload regressions (#55513) (thanks @Syysean) 
* feat(gateway): implement claim check pattern to prevent OOM on large attachments

* fix: sanitize mediaId, refine trimEnd, remove warn log, add threshold and absolute path

* fix: enforce maxBytes before decoding and use dynamic path from saveMediaBuffer

* fix: enforce absolute maxBytes limit before Buffer allocation and preserve file extensions

* fix: align saveMediaBuffer arguments and satisfy oxfmt linter

* chore: strictly enforce linting rules (curly braces, unused vars, and error typing)

* fix: restrict offload to mainstream mimes to avoid extension-loss bug in store.ts for BMP/TIFF

* fix: restrict offload to mainstream mimes to bypass store.ts extension-loss bug

* chore: document bmp/tiff exclusion from offload whitelist in MIME_TO_EXT

* feat: implement agent-side resolver for opaque media URIs and finalize contract

* fix: support unicode media URIs and allow consecutive dots in safe IDs based on Codex review

* fix(gateway): enforce strict fail-fast for oversized media to prevent OOM bypass

* refactor(gateway): harden media offload with performance and security optimizations

This update refines the Claim Check pattern with industrial-grade guards:

- Performance: Implemented sampled Base64 validation for large payloads (>4KB) to prevent event loop blocking.
- Security: Added null-byte (\u0000) detection and reinforced path traversal guards.
- I18n: Updated media-uri regex to a blacklist-based character class for Unicode/Chinese filename support, with oxlint bypass for intentional control regex.
- Robustness: Enhanced error diagnostics with JSON-serialized IDs.

* fix: add HEIC/HEIF to offload allowlist and pass maxBytes to saveMediaBuffer

* fix(gateway): clean up offloaded media files on attachment parse failure

Address Codex review feedback: track saved media IDs and implement best-effort cleanup via deleteMediaBuffer if subsequent attachments fail validation, preventing orphaned files on disk.

* fix(gateway): enforce full base64 validation to prevent whitespace padding bypass

Address Codex review feedback: remove early return in isValidBase64 so padded payloads cannot bypass offload thresholds and reintroduce memory pressure. Updated related comments.

* fix(gateway): preserve offloaded media metadata and fix validation error mapping

Address Codex review feedback:
- Add \offloadedRefs\ to \ParsedMessageWithImages\ to expose structured metadata for offloaded attachments, preventing transcript media loss.
- Move \erifyDecodedSize\ outside the storage try-catch block to correctly surface client base64 validation failures as 4xx errors instead of 5xx \MediaOffloadError\.
- Add JSDoc TODOs indicating that upstream callers (chat.ts, agent.ts, server-node-events.ts) must explicitly pass the \supportsImages\ flag.

* fix(agents): explicitly allow media store dir when loading offloaded images

Address Codex review feedback: Pass getMediaDir() to loadWebMedia's localRoots for media-uri refs to prevent legacy path resolution mismatches from silently dropping large attachments.

* fix(gateway): resolve attachment offload regressions and error mapping

Address Codex review feedback:
- Pass \supportsImages\ dynamically in \chat.ts\ and \gent.ts\ based on model catalog, and explicitly in \server-node-events.ts\.
- Persist \offloadedRefs\ into the transcript pipeline in \chat.ts\ to preserve media metadata for >2MB attachments.
- Correctly map \MediaOffloadError\ to 5xx (UNAVAILABLE) to differentiate server storage faults from 4xx client validation errors.

* fix(gateway): dynamically compute supportsImages for overrides and node events

Address follow-up Codex review feedback:

- Use effective model (including overrides) to compute \supportsImages\ in \gent.ts\.

- Move session load earlier in \server-node-events.ts\ to dynamically compute \supportsImages\ rather than hardcoding true.

* fix(gateway): resolve capability edge cases reported by codex

Address final Codex edge cases:
- Refactor \gent.ts\ to compute \supportsImages\ even when no session key is present, ensuring text-only override requests without sessions safely drop attachments.
- Update catalog lookups in \chat.ts\, \gent.ts\, and \server-node-events.ts\ to strictly match both \id\ and \provider\ to prevent cross-provider model collisions.

* fix(agents): restore before_install hook for skill installs

Restore the plugin scanner security hook that was accidentally dropped during merge conflict resolution.

* fix: resolve attachment pathing, defer parsing after auth gates, and clean up node-event mocks

* fix: resolve syntax errors in test-env, fix missing helper imports, and optimize parsing sequence in node events

* fix(gateway): re-enforce message length limit after attachment parsing

Adds a secondary check to ensure the 20,000-char cap remains effective even after media markers are appended during the offload flow.

* fix(gateway): prevent dropping valid small images and clean up orphaned media on size rejection

* fix(gateway): share attachment image capability checks

* fix(gateway): preserve mixed attachment order

* fix: fail closed on unknown image capability (#55513) (thanks @Syysean)

* fix: classify offloaded attachment refs explicitly (#55513) (thanks @Syysean)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 		2026-03-30 20:54:40 +05:30
..
fixtures fix: stabilize extensions surface test gate 2026-03-30 07:47:58 +09:00
helpers Tests: restore extension plugin test seams 2026-03-29 22:38:44 -04:00
mocks fix(ci): stabilize whatsapp extension checks 2026-03-23 15:50:19 -07:00
scripts Tests: relax targeted unit planner split assertion 2026-03-30 01:06:32 -04:00
appcast.test.ts test: strengthen regression coverage and trim low-value checks 2026-03-22 07:38:01 +00:00
architecture-smells.test.ts refactor: dedupe test and script helpers 2026-03-24 15:48:35 +00:00
channel-outbounds.ts test(contracts): avoid sync telegram vitest harness loads 2026-03-29 18:37:11 +01:00
cli-json-stdout.e2e.test.ts
extension-plugin-sdk-boundary.test.ts refactor: dedupe test and script helpers 2026-03-24 15:48:35 +00:00
extension-test-boundary.test.ts test: trim stale extension boundary allowlist 2026-03-30 08:05:59 +09:00
gateway.multi.e2e.test.ts
git-hooks-pre-commit.test.ts fix(hooks): avoid repo-wide format churn 2026-03-27 20:19:53 +00:00
global-setup.ts
non-isolated-runner.ts test: harden vitest no-isolate coverage 2026-03-22 10:48:21 -07:00
official-channel-catalog.test.ts fix: stabilize serial test suite 2026-03-30 04:46:04 +09:00
openclaw-launcher.e2e.test.ts fix(cli): clarify source archive install failures 2026-03-19 01:49:28 -07:00
openclaw-npm-postpublish-verify.test.ts fix(runtime): stabilize provider and channel runtime tests 2026-03-27 18:15:40 +00:00
openclaw-npm-release-check.test.ts fix: keep beta on newer prereleases 2026-03-30 05:37:01 +09:00
plugin-extension-import-boundary.test.ts refactor: dedupe test and script helpers 2026-03-24 15:48:35 +00:00
plugin-npm-release.test.ts refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
release-check.test.ts Build: mirror Matrix crypto WASM runtime deps (#57163) 2026-03-29 15:57:28 -04:00
setup.ts Revert "feat: add video generation core infrastructure and extend image generation parameters (#53681)" (#54943) 2026-03-25 23:00:14 -07:00
test-env.test.ts test: ignore stale isolated state dir in live env staging 2026-03-28 20:35:07 -04:00
test-env.ts fix: prevent gateway attachment offload regressions (#55513) (thanks @Syysean) 2026-03-30 20:54:40 +05:30
test-runner-manifest.test.ts refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
ui.presenter-next-run.test.ts
vitest-config.test.ts fix: stabilize unit test planner scheduling 2026-03-30 06:17:06 +09:00
vitest-extensions-config.test.ts refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
vitest-performance-config.test.ts build: refresh deps and vitest cache lanes 2026-03-27 02:26:07 +00:00
vitest-scoped-config.test.ts refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
vitest-unit-config.test.ts refactor: dedupe test and script helpers 2026-03-24 15:48:35 +00:00
vitest-unit-paths.test.ts refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
web-search-provider-boundary.test.ts refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00