fix: filter internal JSON events in command-reply output#29
Closed
Nachx639 wants to merge 1 commit intoopenclaw:mainfrom
Closed
fix: filter internal JSON events in command-reply output#29Nachx639 wants to merge 1 commit intoopenclaw:mainfrom
Nachx639 wants to merge 1 commit intoopenclaw:mainfrom
Conversation
- Create src/auto-reply/strip-json-events.ts shared module - Apply stripJsonEventLines filter in command-reply.ts before building payloads - Prevents message_end, turn_end and other internal events from leaking to WhatsApp
Contributor
|
Thank you, this is a band-aid. I found the root cause of the issue, and there should no longer be a problem. |
dgarson
referenced
this pull request
in dgarson/clawdbot
Feb 2, 2026
alexprime1889-prog
pushed a commit
to alexprime1889-prog/moltbot
that referenced
this pull request
Feb 8, 2026
centminmod
added a commit
to centminmod/clawdbot
that referenced
this pull request
Feb 11, 2026
…ttacks, 2 misconfigs) New guide covering the "AI foot-gun" problem — LLMs modifying their own OpenClaw config via the ungated gateway tool (config.apply/config.patch). - CREATE ai-self-misconfiguration.md: TL;DR, attack surface table, 13-category misconfiguration catalog, defense strategies, gap analysis - ADD misconfiguration #11 (AI "optimizes" config) and #12 (schema-valid but dangerous values) - ADD prompt injection attacks openclaw#28 (config via gateway tool), openclaw#29 (via shell), openclaw#30 (gradual security degradation) - ADD hardening checklist openclaw#13 (never let AI modify security-critical config) - UPDATE README navigation and cross-references (27→30 attacks)
slathrop
referenced
this pull request
in slathrop/openclaw-js
Feb 11, 2026
Tasks completed: 2/2 - Task 1: Port commit #28 (Voyage docs + API key) and #51 (input_type) - Task 2: Port commit #29 (default model update to Opus 4.6) SUMMARY: .planning/phases/12-memory-qmd-hardening/12-06-SUMMARY.md
superlowburn
added a commit
to superlowburn/clawdbot-Jan26-2025
that referenced
this pull request
Feb 16, 2026
Fixes openclaw#29 - QMD eager init missing concurrency de-duplication and timer ordering. Changes: 1. Added QMD_MANAGER_INFLIGHT cache to dedupe concurrent QmdMemoryManager creation 2. Reordered timer arming to happen BEFORE boot update, ensuring retries continue even if boot fails This prevents duplicate QMD managers being created when multiple concurrent calls to getMemorySearchManager() occur, and ensures the periodic update timer remains armed even if the boot update fails or times out.
frodo-harborbot
added a commit
to harborworks/openclaw
that referenced
this pull request
Feb 16, 2026
* Add side panel navigation with Secrets page - Add Sidebar component with NavLink-based navigation - Add SecretsPage placeholder - Update Layout to include sidebar alongside main content - Add sidebar CSS styles - Add /secrets route * Implement secrets UI following Gimli's pattern - Add convex/secrets.ts: list, set, remove, markConsumed, listPending - Add modular component architecture: - SecretRow: individual secret with inline edit/delete - SecretValueInput: reusable password input with save/cancel - SecretStatus: status badge (set/unset/syncing) - AddSecretForm: new custom variable form with reserved name validation - Add lib/crypto.ts: RSA-OAEP browser-side encryption - Add lib/secrets.ts: reserved names, required keys config, types - Add SecretsPage with required keys + custom variables sections - Add secrets CSS using existing design tokens * Wire up harbor selection for secrets page - Add convex/harbors.ts with listForUser query (via memberships) - Add useHarbors hook - SecretsPage auto-selects first harbor, shows picker if multiple - Read publicKey from harbor record for encryption * Remove OPENROUTER key, drop background box on secret names * Add harbors:setPublicKey mutation * Handle insecure context: skip encryption when SubtleCrypto unavailable (LAN HTTP dev) * Downgrade crypto warning to debug level in dev only * Implement daemon secrets sync - Add daemon/src/secrets.ts: keypair init, decrypt, env file write, mark consumed - Update daemon/src/index.ts: wire secrets sync into poll loop - Add convex secrets:listPendingForDaemon query (public, for daemon HTTP access) - Make secrets:markConsumed a public mutation - Remove unused internalQuery/internalMutation - Add convex dependency to daemon * Fix daemon Docker build: include node_modules, add HARBOR_ID env, fix permissions - Copy node_modules in Dockerfile production stage - Add HARBOR_ID and ENV_FILE_PATH to docker-compose.host.yml - Add .env.host for local testing * Add gateway restart via SIGUSR1 after secrets sync - Daemon scans /proc to find gateway PID (shared PID namespace) - Sends SIGUSR1 after writing env file - Add openclaw-config.json with commands.restart=true - Mount config as read-only volume for gateway * Remove memory file, add memory/ to gitignore * Replace SIGUSR1 with WebSocket gateway client - Add gateway-client.ts (WS RPC client with auto-reconnect) - Daemon connects to gateway via WS on startup - Patches default config (openclaw-config.json) into gateway on first connect - Triggers gateway restart via config.patch after secrets sync - Remove pid namespace sharing and static config volume mount - Copy scripts/ into Docker image for default config * Replace PID namespace sharing with env file watcher sidecar - Add gateway-entrypoint.sh: node-based fs.watch on .env, sends SIGTERM to gateway process when file changes, Docker restart brings it back - Remove pid: service:gateway from docker-compose - Daemon no longer needs /proc scanning for gateway PID - WS config.patch used for config defaults only - Env watcher handles secrets-triggered restarts * Add API key auth for daemon-Convex communication - Add Convex HTTP API endpoints (convex/http.ts) for daemon operations: POST /api/daemon/register, GET /api/daemon/secrets, POST /api/daemon/secrets/consumed - All endpoints validate API key (SHA-256 hashed) against harbor doc - Convert daemon-facing functions to internalQuery/internalMutation - Add generateApiKey mutation to harbors.ts - Remove convex npm dependency from daemon — pure HTTP fetch - Derive .convex.site URL from CONVEX_URL for HTTP action routing * Add GH Actions workflow for building and pushing host images to ECR - Triggered on tag push (v*) or manual dispatch - Builds harbor-daemon from daemon/Dockerfile - Builds harbor-gateway from new gateway/Dockerfile (openclaw from npm) - Gateway image includes env watcher entrypoint - Updated docker-compose.host.yml to reference ECR images - Removed local build context and volume-mounted entrypoint * Use self-hosted runner for image builds * Use DAEMON_VERSION and GATEWAY_VERSION env vars in docker-compose
|
@claude please review this PR |
dalefrieswthat
pushed a commit
to dalefrieswthat/openclaw
that referenced
this pull request
Feb 25, 2026
…-session-list fix: show effective session properties and indicate inheritance w/icon
zooqueen
referenced
this pull request
in hanzoai/bot
Feb 25, 2026
… security headers (#29) - Add per-instance HMAC-SHA256 signing key for VNC tunnel tokens (defense-in-depth against tunnel ID brute-force) - Verify HMAC signature before accepting /vnc-tunnel connections with constant-time comparison to prevent timing attacks - Add security headers to /vnc-viewer response: Referrer-Policy: no-referrer (prevents token leaking) X-Frame-Options: DENY (prevents clickjacking) Strict-Transport-Security (enforces HTTPS) Content-Security-Policy (restricts script sources to esm.sh) Cache-Control: no-store (prevents token caching) - Add <meta name="referrer" content="no-referrer"/> to viewer HTML Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
songliu0403-rgb
pushed a commit
to songliu0403-rgb/openclaw
that referenced
this pull request
Feb 26, 2026
elliot-ylambda
pushed a commit
to elliot-ylambda/magister-openclaw
that referenced
this pull request
Mar 7, 2026
…vements Add favicon, Old Way vs New Way section, and update skills count
heatherstew44-maker
pushed a commit
to heatherstew44-maker/openclaw
that referenced
this pull request
Mar 8, 2026
activate the microphone on demand
lucasmpramos
added a commit
to butley/openclaw
that referenced
this pull request
Mar 10, 2026
- patches/README.md: 27 active patches, added openclaw#29 - verify-patches.sh: 27/27 passing - KNOWN-ISSUES.md: documented openclaw#28 cron filter, openclaw#29 text dedup, diagnostic logging additions Co-authored-by: Bob
lucasmpramos
added a commit
to butley/openclaw
that referenced
this pull request
Mar 10, 2026
Co-authored-by: Bob
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Internal JSON events (
message_end,turn_end, etc.) were leaking to WhatsApp during heartbeats and regular responses.Solution
src/auto-reply/strip-json-events.tsas a shared module withstripJsonEventLines()functioncommand-reply.tsbefore building payloadsChanges
src/auto-reply/strip-json-events.ts- new file with shared filter functionsrc/auto-reply/command-reply.ts- import and apply filter before payload constructionTesting
npm run build)