fix(bluebubbles): restore inbound image attachments and accept updated-message events

[omarshahine]

Summary

Four interconnected fixes for BlueBubbles inbound media that together restore image attachment handling on Node 22+:

1. Strip bundled-undici dispatcher from non-SSRF fetch path — blueBubblesFetchWithTimeout's non-SSRF fallback was spreading a bundled-undici dispatcher into globalThis.fetch(), which Node 22's built-in undici rejects with TypeError: invalid onRequestStart method. This silently broke ALL inbound attachment downloads. (BlueBubbles attachment downloads silently fail on Node.js 22 (undici dispatcher mismatch) #64105, BlueBubbles inbound attachments broken after 2026.4.5 upgrade #61861, [Bug]: BlueBubbles attachment downloads fail silently on Node 22.20+ — invalid onRequestStart method #67241, [Fix] Inbound image attachments silently fail in BlueBubbles and Slack — SSRF guard dispatcher incompatible with Node native fetch #62530)

2. Accept updated-message events carrying attachments — BlueBubbles fires updated-message when attachments are indexed after the initial new-message (which may arrive with attachments: []). The webhook handler was filtering these out as non-reaction events. ([Bug]: BlueBubbles inbound image webhooks arrive with attachments: [] and no follow-up -- OpenClaw never ingests the image #65430)

3. Event-type-aware dedup key — the persistent GUID dedup now suffixes updated-message keys with :updated so follow-up attachment events aren't rejected as duplicates of the already-committed new-message. (Relates to [codex] fix(bluebubbles): dedupe webhook replays without dropping edits #52277)

4. Retry attachment fetch for empty arrays — when the initial webhook arrives with empty attachments (image-only messages or updated-message events), waits 2s and re-fetches from the BB API as a fallback. (Relates to fix(bluebubbles): retry attachment fetch when webhook arrives with empty array (#65430) #67437)

Test plan

• pnpm tsgo — no new type errors
• pnpm test extensions/bluebubbles/ — 434 tests pass (9 new tests added)
• Manual: send standalone image via iMessage → agent receives and processes it
• Manual: send text + image together → agent receives both
• pnpm build — verify no [INEFFECTIVE_DYNAMIC_IMPORT] warnings

Issues closed

Closes #64105, closes #61861, closes #65430, closes #67241, closes #62530.

Related issues (not fixed by this PR)

• BlueBubbles: image attachments blocked by SSRF guard (localhost URL) #34749 — image attachments blocked by SSRF guard (localhost URL) — partially addressed by the dispatcher fix, but the broader SSRF allowlist for localhost BB servers is a separate concern
• SSRF guard blocks BlueBubbles plugin internal API calls to private IP #57181 — SSRF guard blocks BB plugin internal API calls to private IP — same broader SSRF allowlist issue
• BlueBubbles: SSRF allowlist doesn't cover reactions (react action blocked on private IP) #59722 — SSRF allowlist doesn't cover reactions — separate SSRF scope gap
• [Bug]: BlueBubbles health check fails on LAN/private serverUrl in 2026.4.2, while actual messaging still works #60715 — BB health check fails on LAN/private serverUrl — separate SSRF/health-check issue

Superseded PRs

• fix(bluebubbles): accept updated-message events carrying attachments #66120 — accept updated-message events carrying attachments (fully subsumed by fix Login fails with 'WebSocket Error (socket hang up)' ECONNRESET #2)
• fix(bluebubbles): retry attachment fetch when webhook arrives with empty array (#65430) #67437 — retry attachment fetch when webhook arrives with empty array (fully subsumed by fix Images not passed to Claude CLI - only path reference in text #4)
• fix(bluebubbles): route fetchImpl through bundled undici fetch on Node 24+ #66108 — route fetchImpl through bundled undici fetch on Node 24+ (different approach to same dispatcher issue, subsumed by fix fix: add @lid format support and allowFrom wildcard handling #1)

Related PRs

• [codex] fix(bluebubbles): dedupe webhook replays without dropping edits #52277 — dedupe webhook replays without dropping edits (assigned to @omarshahine, complementary finer-grained edit dedup)

🤖 Generated with Claude Code

[omarshahine]

Manual verification

Built locally from b3363ee, pnpm-linked, gateway restarted on the production Lobster instance (Node 25.6.0, macOS 26.3.1). Three inbound iMessage attachments sent from +12069106512 → Lobster.

Test A — cartoon lobster PNG (attachment-only bubble)

• On-disk: 2× 600,047-byte files written to ~/.openclaw/media/inbound/ at the same second (different UUIDs, same bytes → new-message fetch + updated-message fetch both fired).
• Agent session: received a 618,844-byte base64 image/png payload inline; model correctly described the image.

Test B — cooked-lobster JPG (attachment-only bubble)

• On-disk: 2× 61,292-byte files at the same second.
• Agent session: received 39,252-byte base64 image/jpeg; model correctly described the image.

Test C — live-lobster JPG with body text "And this" (caption + image bubble)

• On-disk: 2× 113,566-byte files at the same second.
• Agent session: received body text And this plus 82,100-byte base64 image/jpeg; model correctly described the image.

Fix signatures observed

• fix: add @lid format support and allowFrom wildcard handling #1 — undici dispatcher stripped: zero invalid onRequestStart / TypeError across gateway.log + gateway.err.log since restart. Pre-fix, every attachment fetch would have thrown this on Node 22+.
• Login fails with 'WebSocket Error (socket hang up)' ECONNRESET #2 — accept updated-message: the second download per image confirms the event is no longer filtered as a non-reaction.
• WA business, groups & office hours  #3 — event-type-aware dedup: the second download committed instead of being rejected as a GUID duplicate.
• Images not passed to Claude CLI - only path reference in text #4 — retry empty attachments: implicit — the agent session contains the full base64 payload, which wouldn't survive an initial empty-attachments webhook without the 2s refetch fallback.

Build

pnpm build completes clean with no [INEFFECTIVE_DYNAMIC_IMPORT] warnings.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b3363ee094

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Detect attachment updates from normalized payload shape

isAttachmentUpdate only checks payload.data.attachments, but this webhook handler already supports wrapper formats (payload.message, payload.data.message, JSON-string payloads) through normalizeWebhookMessage/extractMessagePayload. For updated-message events where attachments are nested under one of those supported wrappers, this branch still treats the event as “updated without reaction” and returns early, so valid attachment updates are dropped and inbound media remains missing for those payload variants.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Preserve guarded dispatcher in non-SSRF fetch path

This removes init.dispatcher before calling fetch, which breaks the contract when this function is used as fetchImpl by guarded callers (for example attachment downloads via fetchRemoteMedia). fetchWithSsrFGuard passes a pinned dispatcher to enforce DNS pinning/SSRF policy per request; stripping it here silently disables that enforcement for this path and can allow requests to bypass the guarded network route (e.g., rebinding/proxy-policy mismatches).

Useful? React with 👍 / 👎.

[greptile-apps]

Greptile Summary

This PR delivers four interconnected fixes for BlueBubbles inbound image attachment handling on Node 22+: stripping a bundled-undici dispatcher from the non-SSRF fetch path, accepting updated-message events that carry indexed attachments, giving those events a distinct dedup key (:updated suffix), and adding a 2-second API-refetch fallback when the initial webhook arrives with an empty attachment array.

Fixes #1, #2, and #3 are well-implemented and directly address the root causes. Fix #4 (the attachment retry in processMessageAfterDedupe) has a correctness gap: the retry block at line 1076 is placed after the !rawBody early-return guard at line 791. For pure image-only new-message events (the primary stated target of text.length === 0 in shouldRetryAttachments), rawBody evaluates to "" and the message is dropped before the retry can fire. In practice this gap is partially mitigated by fix #2 when BB reliably sends a follow-up updated-message, but for deployments where BB does not, image-only messages are still silently dropped.

Confidence Score: 3/5

Fixes #1/#2/#3 are correct and safe; fix #4 has a logic ordering bug that makes the image-only retry dead code — should be addressed before merging.

The P1 finding (attachment retry unreachable for text-empty image-only messages) means the fallback mechanism described in fix #4 is silently broken for its primary use-case. The primary path (fix #2, updated-message events) still works when BB sends follow-up webhooks, but the stated fallback for cases where BB does not send one does not work for pure image messages.

extensions/bluebubbles/src/monitor-processing.ts — the retry block at line 1076 needs to be moved before the !rawBody guard at line 791 to be reachable for image-only messages.

Comments Outside Diff (2)

1. extensions/bluebubbles/src/monitor.ts, line 271-277 (link)

   Stale log message after filter logic expanded

   The log message says without reaction but the filter now also passes through isAttachmentUpdate events. An operator debugging dropped updated-message events with empty attachments will see misleading output.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: extensions/bluebubbles/src/monitor.ts
   Line: 271-277
   
   Comment:
   **Stale log message after filter logic expanded**
   
   The log message says `without reaction` but the filter now also passes through `isAttachmentUpdate` events. An operator debugging dropped `updated-message` events with empty attachments will see misleading output.
   
   
   
   How can I resolve this? If you propose a fix, please make it concise.

2. extensions/bluebubbles/src/attachments.ts, line 30-32 (link)

   blueBubblesPolicy in attachments.ts still returns {} (triggers SSRF guard)

   fetchBlueBubblesMessageAttachments (added in this PR, below) deliberately passes undefined instead of {} when private-network is not opted-in, with a comment explaining that {} routes through the SSRF guard and blocks localhost BB servers. The module-level blueBubblesPolicy helper at line 30 still returns {} for the non-private case, meaning sendBlueBubblesAttachment (which uses it via postMultipartFormData) takes the SSRF-guarded path for localhost deployments.

   This inconsistency is worth consolidating to avoid future confusion — monitor-processing.ts already has a local blueBubblesPolicy that returns undefined for the same reason.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: extensions/bluebubbles/src/attachments.ts
   Line: 30-32
   
   Comment:
   **`blueBubblesPolicy` in `attachments.ts` still returns `{}` (triggers SSRF guard)**
   
   `fetchBlueBubblesMessageAttachments` (added in this PR, below) deliberately passes `undefined` instead of `{}` when private-network is not opted-in, with a comment explaining that `{}` routes through the SSRF guard and blocks localhost BB servers. The module-level `blueBubblesPolicy` helper at line 30 still returns `{}` for the non-private case, meaning `sendBlueBubblesAttachment` (which uses it via `postMultipartFormData`) takes the SSRF-guarded path for localhost deployments.
   
   This inconsistency is worth consolidating to avoid future confusion — `monitor-processing.ts` already has a local `blueBubblesPolicy` that returns `undefined` for the same reason.
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: extensions/bluebubbles/src/monitor-processing.ts
Line: 1076-1108

Comment:
**Attachment retry unreachable for image-only messages**

The retry condition at line 1083 explicitly targets `text.length === 0` (pure image-only messages), but those messages are dropped by the `!rawBody` guard at line 791 — which is evaluated before this retry block. When a `new-message` arrives with `text=""` and `attachments=[]`, `rawBody` is `text || placeholder = "" || "" = ""`, causing an early return. The retry is never reached.

The result: for a standalone image-only `new-message` that arrives before BB finishes attachment indexing, with BB not sending a follow-up `updated-message`, the message is silently dropped and fix #4's fallback does nothing.

The simplest repair is to move the attachment-retry block (or at minimum the `resolvedAttachments` reassignment) **before** the `!rawBody` guard, and recompute `placeholder`/`rawBody` afterward if `resolvedAttachments` was updated.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: extensions/bluebubbles/src/monitor.ts
Line: 271-277

Comment:
**Stale log message after filter logic expanded**

The log message says `without reaction` but the filter now also passes through `isAttachmentUpdate` events. An operator debugging dropped `updated-message` events with empty attachments will see misleading output.

```suggestion
            `webhook ignored ${eventType || "event"} (no reaction or attachment update)`,
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: extensions/bluebubbles/src/attachments.ts
Line: 30-32

Comment:
**`blueBubblesPolicy` in `attachments.ts` still returns `{}` (triggers SSRF guard)**

`fetchBlueBubblesMessageAttachments` (added in this PR, below) deliberately passes `undefined` instead of `{}` when private-network is not opted-in, with a comment explaining that `{}` routes through the SSRF guard and blocks localhost BB servers. The module-level `blueBubblesPolicy` helper at line 30 still returns `{}` for the non-private case, meaning `sendBlueBubblesAttachment` (which uses it via `postMultipartFormData`) takes the SSRF-guarded path for localhost deployments.

This inconsistency is worth consolidating to avoid future confusion — `monitor-processing.ts` already has a local `blueBubblesPolicy` that returns `undefined` for the same reason.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(bluebubbles): resolve review finding..." | Re-trigger Greptile}

[aisle-research-bot]

🔒 Aisle Security Analysis

We found 3 potential security issue(s) in this PR:

#	Severity	Title
1	🟠 High	BlueBubbles API password embedded in URL query string
2	🟠 High	SSRF guard bypass by passing undefined policy to blueBubblesFetchWithTimeout
3	🟡 Medium	SSRF protection bypass by passing undefined policy to blueBubblesFetchWithTimeout

1. 🟠 BlueBubbles API password embedded in URL query string

Property	Value
Severity	High
CWE	CWE-201
Location	extensions/bluebubbles/src/types.ts:128-138

Description

The BlueBubbles integration constructs API URLs by placing the account password directly into the URL query string (?password=...).

This is sensitive-data exposure because URLs are commonly recorded or propagated via:

• application/server access logs
• reverse proxies and load balancers
• monitoring/APM tooling
• exception messages (e.g., network errors that include the full request URL)
• browser/network intermediaries (if ever used outside strictly server-side contexts)

In this change, the new fetchBlueBubblesMessageAttachments() code path also uses buildBlueBubblesApiUrl(..., password) to fetch message metadata, increasing the number of requests that will carry credentials in the URL.

Vulnerable code:

const url = new URL(params.path, `${normalized}/`);
if (params.password) {
  url.searchParams.set("password", params.password);
}
return url.toString();

Recommendation

Do not put secrets in URLs. Send the password via an HTTP header (or another non-URL channel supported by BlueBubbles), and ensure any logging redacts sensitive headers.

For example, refactor to return a URL without credentials and add a helper to build the request init:

export function buildBlueBubblesApiRequest(params: {
  baseUrl: string;
  path: string;
  password?: string;
}): { url: string; init: RequestInit } {
  const normalized = normalizeBlueBubblesServerUrl(params.baseUrl);
  const url = new URL(params.path, `${normalized}/`).toString();
  const headers = new Headers();
  if (params.password) headers.set("Authorization", `Bearer ${params.password}`);
  return { url, init: { headers } };
}

If the upstream API only supports password-in-query, implement redaction before any logging/telemetry (e.g., scrub password query param from URLs) and avoid including raw error strings that may contain the full URL.

2. 🟠 SSRF guard bypass by passing `undefined` policy to `blueBubblesFetchWithTimeout`

Property	Value
Severity	High
CWE	CWE-918
Location	extensions/bluebubbles/src/types.ts:149-190

Description

blueBubblesFetchWithTimeout only routes through the SSRF guard when ssrfPolicy !== undefined. This change intentionally returns undefined for the non-private-network case, which disables the SSRF guard entirely and falls back to an unguarded fetch().

Impact:

• baseUrl is used to build BlueBubbles API URLs (e.g. /api/v1/message/:guid). If an attacker can influence serverUrl/baseUrl (via misconfiguration, config-write features, or any upstream injection), requests will be made to arbitrary hosts without SSRF protections.
• The SSRF guard is also the natural place to enforce redirect restrictions, DNS/IP checks, and blocking private/link-local/metadata IP ranges. Bypassing it risks access to internal services.

Vulnerable code paths introduced/changed:

• blueBubblesPolicy() now returns undefined when private-network access is not opted-in, explicitly selecting the unguarded path.
• New API call fetchBlueBubblesMessageAttachments() uses this undefined policy, causing an unguarded GET request to the configured server URL.

Vulnerable code:

​// attachments.ts
return allowPrivateNetwork ? { allowPrivateNetwork: true } : undefined;

​// types.ts
if (ssrfPolicy !== undefined) {
  return await _fetchGuard({ ..., policy: ssrfPolicy, ...});
}
return await fetch(url, { ...safeInit, signal: controller.signal });

Recommendation

Do not use undefined to mean “allow localhost”; keep the SSRF guard engaged by default and express exceptions as explicit policy.

Options:

1. Preferred: extend policy to allow localhost explicitly while still enforcing SSRF protections for everything else (e.g., allowedHostnames: ["localhost"] and/or explicit loopback IP allowances), and always call _fetchGuard.
2. If a fallback is required, gate it narrowly: only allow http://localhost / 127.0.0.1 / ::1 when opted-in, and still disallow redirects to private/link-local/metadata ranges.

Example (conceptual):

function blueBubblesPolicy(allowPrivateNetwork?: boolean): SsrFPolicy {
  if (allowPrivateNetwork) return { allowPrivateNetwork: true };
  ​// keep SSRF guard on, but allow common self-hosted hostnames safely
  return { allowedHostnames: ["localhost"] };
}

​// and in blueBubblesFetchWithTimeout: always guard
const { response, release } = await _fetchGuard({ url, init, timeoutMs, policy: ssrfPolicy ?? {}, auditContext: "bluebubbles-api" });

3. 🟡 SSRF protection bypass by passing undefined policy to blueBubblesFetchWithTimeout

Property	Value
Severity	Medium
CWE	CWE-918
Location	extensions/bluebubbles/src/attachments.ts:30-36

Description

blueBubblesFetchWithTimeout enforces SSRF protections only when a ssrfPolicy is provided; when it is undefined, it falls back to a raw fetch(url, ...) with no SSRF validation.

This change intentionally returns undefined in blueBubblesPolicy(...) for the default (non-private-network) case, and fetchBlueBubblesMessageAttachments also passes policy: undefined when allowPrivateNetwork is not opted-in.

Impact:

• If an attacker can influence baseUrl (e.g., via tenant/account configuration, or any pathway that allows untrusted modification of BlueBubbles server settings), the server will perform arbitrary outbound HTTP requests without SSRF guardrails.
• This can enable access to internal services (e.g., http://127.0.0.1, RFC1918, or cloud metadata endpoints depending on environment), turning the feature into an SSRF primitive.

Vulnerable code (policy intentionally disabled):

​// Pass `undefined` (not `{}`) ... so the non-SSRF fallback path is used.
return allowPrivateNetwork ? { allowPrivateNetwork: true } : undefined;

const policy: SsrFPolicy | undefined = opts.allowPrivateNetwork
  ? { allowPrivateNetwork: true }
  : undefined;
const response = await blueBubblesFetchWithTimeout(url, { method: "GET" }, opts.timeoutMs, policy);

And the sink behavior:

if (ssrfPolicy !== undefined) {
  ​// SSRF-guarded fetch...
}
​// ...else: raw fetch
return await fetch(url, { ...safeInit, signal: controller.signal });

Recommendation

Do not disable SSRF protections by default.

Options:

1. Keep SSRF guard enabled and explicitly allow only the BlueBubbles host:
   • Parse the configured baseUrl hostname and pass ssrfPolicy: { allowedHostnames: [hostname] }.
   • If you must support localhost deployments, allow it via an explicit opt-in flag (or a dedicated allowLocalhost setting), not by bypassing the guard.

Example:

const hostname = new URL(normalizeBlueBubblesServerUrl(opts.baseUrl)).hostname;
const policy: SsrFPolicy = opts.allowPrivateNetwork
  ? { allowPrivateNetwork: true }
  : { allowedHostnames: [hostname] };

const response = await blueBubblesFetchWithTimeout(url, { method: "GET" }, opts.timeoutMs, policy);

2. If localhost must be supported by default, implement a narrow allowlist (e.g., localhost, 127.0.0.1, ::1) rather than fully unguarded fetch, and still block link-local/metadata ranges.

---

Analyzed PR: #67510 at commit 7806211

_{Last updated on: 2026-04-16T17:00:37Z}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bea8f55c1c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[yfge]

Review follow-up triage:

I checked the current feedback and the two highest-signal code changes are:

• move the attachment retry path before the !rawBody early return in extensions/bluebubbles/src/monitor-processing.ts, then recompute placeholder/body from the resolved attachments so attachment-only messages can survive the retry path
• align the stale webhook log string in extensions/bluebubbles/src/monitor.ts and make extensions/bluebubbles/src/attachments.ts return undefined instead of {} for the non-private SSRF policy path, matching the newer fetch behavior

I prepared that patch locally, but this automation token cannot push to openclaw/openclaw (403 Permission denied to yfge).

One caveat from validation: the targeted BlueBubbles vitest run in my temp clone surfaced broad existing failures in the branch test suite, so I am not claiming a green branch from automation yet. The review points above are still valid and actionable.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ae97d0d9fb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4bfc2777b4

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 279dba17d2

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b751956760

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Prevent updated-message keys from replaying the same user prompt

Suffixing every updated-message dedupe key with :updated makes attachment follow-up webhooks for the same GUID bypass the existing new-message claim and run a full second inbound processing pass. When BlueBubbles sends new-message first (text, empty attachments) and then an updated-message later with attachments, this path can produce two independent assistant replies/tool runs for one user message once the update lands outside the 500ms debounce window.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 36aefb0feb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Preserve private-network opt-out for attachment fetches

When allowPrivateNetwork is false, this now sets policy to undefined, which routes blueBubblesFetchWithTimeout through the raw fetch path instead of the SSRF-guarded path. In practice this bypasses the channel’s private-network guardrails for message-attachment lookups, so deployments that explicitly set channels.bluebubbles.network.dangerouslyAllowPrivateNetwork=false can still make requests to private BlueBubbles hosts. This is a security/config-contract regression introduced by switching from {} to undefined here.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7806211535

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep attachment uploads on guarded fetch path

blueBubblesPolicy now returns undefined when private-network mode is not explicitly enabled, and that helper is also used by sendBlueBubblesAttachment for /api/v1/message/attachment requests. In this configuration blueBubblesFetchWithTimeout skips fetchWithSsrFGuard and falls back to raw fetch, so attachment uploads lose pinned-DNS/redirect/private-IP enforcement even when operators explicitly set network.dangerouslyAllowPrivateNetwork: false; this is a security regression on the outbound attachment path introduced by this helper change.

Useful? React with 👍 / 👎.