fix: port upstream gateway.real_ip_fallback_enabled conditional severity (upstream #23428)

[Copilot]

Ports upstream commit 29e41d4c0ac2 to the fork. The gateway.real_ip_fallback_enabled audit finding previously had no concept of loopback-only proxy setups, meaning a loopback-bound gateway with all-loopback trustedProxies would still fire critical instead of warn.

Changes

• src/config/types.gateway.ts: Add allowRealIpFallback?: boolean to GatewayConfig.

• src/security/audit.ts:

  • Add allowRealIpFallback check in collectGatewayConfigFindings with conditional severity: critical when bind !== "loopback" or when trusted-proxy auth mode has at least one non-loopback proxy entry; warn otherwise.
  • Add isLoopbackOnlyTrustedProxyEntry(entry) helper — handles plain IPs, IPv4 CIDRs (rejects prefix < 8 to prevent ranges extending beyond 127.0.0.0/8), and IPv6 (only ::1/128 qualifies).

• src/security/audit.test.ts: Add parametrized test covering all four severity branches:

loopback + token auth + loopback proxy       → warn
lan + token auth                             → critical
loopback + trusted-proxy + loopback proxies  → warn
loopback + trusted-proxy + 10.0.0.0/8        → critical

Notes

• CHANGELOG.md, extensions/feishu/, and README.md intentionally not modified (protected fork files).
• src/commands/sessions.test-helpers.ts temp-path refactor skipped — file does not exist in this fork.
• auth.mode === "trusted-proxy" cast via as string since the fork's ResolvedGatewayAuthMode predates trusted-proxy support; the guard is forward-compatible once that mode lands.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>upstream(feishu): 移植 1 个冲突 commit (P0) — v2026.2.21→v2026.2.23</issue_title>
<issue_description>## 任务

将以下 1 个上游 commit 的修改语义化应用到本 fork。这些 commit 无法直接 cherry-pick（存在冲突），需要理解修改意图后手动应用等效变更。

上游版本范围

• 来源: openclaw/openclaw v2026.2.21 → v2026.2.23
• 模块: feishu
• 优先级: P0

需要移植的 commit

Commit 1: 29e41d4c0ac2 (P0)

描述: fix: land security audit severity + temp-path guard fixes (openclaw#23428) (thanks @bmendonca3)
涉及文件: CHANGELOG.md,extensions/feishu/src/dedup.ts,src/commands/sessions.test-helpers.ts,src/security/audit.test.ts,src/security/audit.ts

查看上游 diff

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b3e15b1a8..fde13f274 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ Docs: https://docs.openclaw.ai
 - Channels/Delivery: remove hardcoded WhatsApp delivery fallbacks; require explicit/session channel context or auto-pick the sole configured channel when unambiguous. (#23357) Thanks @lbo728.
 - ACP/Gateway: wait for gateway hello before opening ACP requests, and fail fast on pre-hello connect failures to avoid startup hangs and early `gateway not connected` request races. (#23390) Thanks @janckerchen.
 - Security/Audit: add `openclaw security audit` detection for open group policies that expose runtime/filesystem tools without sandbox/workspace guards (`security.exposure.open_groups_with_runtime_or_fs`).
+- Security/Audit: make `gateway.real_ip_fallback_enabled` severity conditional for loopback trusted-proxy setups (warn for loopback-only `trustedProxies`, critical when non-loopback proxies are trusted). (#23428) Thanks @bmendonca3.
 - Security/Exec env: block request-scoped `HOME` and `ZDOTDIR` overrides in host exec env sanitizers (Node + macOS), preventing shell startup-file execution before allowlist-evaluated command bodies. This ships in the next npm release. Thanks @tdjackey for reporting.
 - Security/Gateway: emit a startup security warning when insecure/dangerous config flags are enabled (including `gateway.controlUi.dangerouslyDisableDeviceAuth=true`) and point operators to `openclaw security audit`.
 - Security/Hooks auth: normalize hook auth rate-limit client IP keys so IPv4 and IPv4-mapped IPv6 addresses share one throttle bucket, preventing dual-form auth-attempt budget bypasses. This ships in the next npm release. Thanks @aether-ai-agent for reporting.
diff --git a/extensions/feishu/src/dedup.ts b/extensions/feishu/src/dedup.ts
index 6468e30f2..b0fa4ce16 100644
--- a/extensions/feishu/src/dedup.ts
+++ b/extensions/feishu/src/dedup.ts
@@ -14,6 +14,9 @@ function resolveStateDirFromEnv(env: NodeJS.ProcessEnv = process.env): string {
   if (stateOverride) {
     return stateOverride;
   }
+  if (env.VITEST || env.NODE_ENV === "test") {
+    return path.join(os.tmpdir(), ["openclaw-vitest", String(process.pid)].join("-"));
+  }
   return path.join(os.homedir(), ".openclaw");
 }
 
diff --git a/src/commands/sessions.test-helpers.ts b/src/commands/sessions.test-helpers.ts
index 4c0d8b0c4..d4c01efc8 100644
--- a/src/commands/sessions.test-helpers.ts
+++ b/src/commands/sessions.test-helpers.ts
@@ -50,7 +50,8 @@ export function makeRuntime(params?: { throwOnError?: boolean }): {
 }
 
 export function writeStore(data: unknown, prefix = "sessions"): string {
-  const file = path.join(os.tmpdir(), `${prefix}-${Date.now()}-${randomUUID()}.json`);
+  const fileName = `${[prefix, Date.now(), randomUUID()].join("-")}.json`;
+  const file = path.join(os.tmpdir(), fileName);
   fs.writeFileSync(file, JSON.stringify(data, null, 2));
   return file;
 }
diff --git a/src/security/audit.test.ts b/src/security/audit.test.ts
index 0edb5d635..c8703341c 100644
--- a/src/security/audit.test.ts
+++ b/src/security/audit.test.ts
@@ -1009,6 +1009,40 @@ describe("security audit", () => {
         },
         expectedSeverity: "critical",
       },
+      {
+        name: "loopback trusted-proxy with loopback-only proxies",
+        cfg: {
+          gateway: {
+            bind: "loopback",
+            allowRealIpFallback: true,
+            trustedProxies: ["127.0.0.1"],
+            auth: {
+              mode: "trusted-proxy",
+              trustedProxy: {
+                userHeader: "x-forwarded-user",
+              },
+            },
+          },
+        },
+        expectedSeverity: "warn",
+      },
+      {
+        name: "loopback trusted-proxy with non-loopback proxy range",
+        cfg: {
+          gateway: {
+            bind: "loopback",
+            allowRealIpFallback: true,
+            trustedProxies: ["127.0.0.1", "10.0.0.0/8"],
+            auth: {
+              mode: "trusted-proxy",
+              trustedProxy: {
+                userHeader: "x-forwarded-user",
+              },
+            },
+          },
+        },
+        expectedSeverity: "critical",
+      },
     ];
 
     for (const testCase of cases) {
diff --git a/src/sec...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes jiulingyun/openclaw-cn#350

<!-- START COPILOT CODING AGENT TIPS -->
---

✨ Let Copilot coding agent [set things up for you](https://github.com/jiulingyun/openclaw-cn/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo.