fix(media): treat legacy Word docs as binary attachments

[openclaw-clownfish]

Summary

• Repair fix(media): treat legacy .doc containers as binary #54380 on top of current main.
• Keep the narrow application/msword and application/x-cfb binary MIME guard for legacy .doc/OLE files.
• Strengthen the regression test so those MIME types are explicitly allowed and the skip behavior depends on isBinaryMediaMime, addressing the Greptile review finding.

Credit

Based on #54380 by @andyliu. Related prior reports/PRs include #54176, #44068, #54190, and #54234; preserve attribution for any reused reproduction or test detail.

Validation

• pnpm check:changed
• Codex /review clean before merge

Fixes #54176 when landed.

ProjectClownfish replacement details:

• Cluster: ghcrawl-156640-autonomous-smoke
• Source PRs: fix(media): treat legacy .doc containers as binary #54380
• Credit: Primary source PR: fix(media): treat legacy .doc containers as binary #54380 by @andyliu.; Preserve attribution for related useful prior work in fix(media-understanding): skip legacy Word docs from text extraction #44068 by @legolaz8451 if its reproduction/test detail is reused.; Mention prior closed legacy Word/OLE attempts fix: treat application/x-cfb and application/msword as binary MIME types #54190 and fix: detect legacy Office binary formats as non-text attachments #54234 as related context only if their implementation or tests are reused.; Do not claim the sanitizer [Security] sanitizeMimeType regex should be anchored and case-insensitive #9795/fix(media): tighten sanitizeMimeType anchoring #73229 work in this legacy Word/OLE fix; that is a separate routed security-sensitive subpath.
• Validation: pnpm check:changed
• Repair fallback: To https://github.com/andyliu/openclaw.git
  ! [remote rejected] HEAD -> codex/fix-54176-binary-doc (refusing to allow a GitHub App to create or update workflow .github/workflows/auto-response.yml without workflows permission)
  error: failed to push some refs to 'https://github.com/andyliu/openclaw.git'

[greptile-apps]

Greptile Summary

Adds application/msword and application/x-cfb to the isBinaryMediaMime guard in apply.ts, preventing legacy .doc/OLE files with printable-looking bytes from being embedded into prompts as text. The accompanying it.each test verifies the skip holds even when those MIME types appear in an explicit allowedMimes config.

Confidence Score: 5/5

This PR is safe to merge — the change is narrow, well-tested, and has no bypass paths.

The fix is a two-line addition to an existing guard function, checked before any allowlist or heuristic logic. TEXT_EXT_MIME does not map .doc, so no forced-text override can bypass it. The new parameterised test covers both MIME types under the strongest allowlist condition.

No files require special attention.

_{Reviews (1): Last reviewed commit: "fix(media): treat legacy Word docs as bi..." | Re-trigger Greptile}

[clawsweeper]

Codex review: needs maintainer review before merge.

What this changes:

The PR adds application/msword and application/x-cfb to isBinaryMediaMime, adds a regression test that skips those MIME values even when explicitly allowed, and adds an active changelog fix entry.

Maintainer follow-up before merge:

This is already an open implementation PR with a narrow diff and no blocking automated review finding; the next action is maintainer review, validation, and merge or intentional replacement, not a separate repair PR.

Security review:

Security review cleared: The PR does not touch workflows, dependencies, lockfiles, scripts, permissions, secrets handling, generated/vendor code, or package metadata; the code change narrows binary prompt ingestion.

Review details

Best possible solution:

Land this PR or an equivalent focused media-understanding guard after maintainer validation, then close #54176 as implemented and leave the earlier unmerged attempts closed with credit preserved.

Do we have a high-confidence way to reproduce the issue?

Yes. The current-main source path shows that application/msword and application/x-cfb bypass the binary MIME guard and can reach text heuristics; the PR's new regression is a high-confidence unit reproduction for the intended skip behavior.

Is this the best way to solve the issue?

Yes. Adding these known legacy Word/OLE MIME values to the existing binary guard before text heuristics is the narrowest maintainable fix; dedicated .doc conversion can be separate future work if product wants extraction support.

Acceptance criteria:

• pnpm test src/media-understanding/apply.test.ts
• pnpm check:changed

What I checked:

• current_main_guard_gap: isBinaryMediaMime skips media families, octet-stream, archive MIME types, +zip, and most application/vnd.* values, but current main does not include application/msword or application/x-cfb. (src/media-understanding/apply.ts:349, 6308d2a1dcd4)
• text_extraction_path: extractFileBlocks consults the binary MIME guard before suspicious-binary checks, UTF/text heuristics, MIME coercion, and allowed-MIME handling, so the omitted legacy MIME values can still reach text extraction on current main. (src/media-understanding/apply.ts:430, 6308d2a1dcd4)
• current_tests_missing_legacy_cases: Current tests cover ZIP-based Office MIME skipping and vendor +json preservation, but there is no current application/msword or application/x-cfb regression in src/media-understanding. (src/media-understanding/apply.test.ts:1603, 6308d2a1dcd4)
• adjacent_helpers_do_not_fix_prompt_path: application/msword is mapped to .doc and application/x-cfb is accepted for validated host-local document reads, but those helpers are separate from the media-understanding prompt file-block guard. (src/media/web-media.ts:99, 6308d2a1dcd4)
• latest_release_lacks_fix: The v2026.4.27 tag resolves to cbc2ba0931468259f26a7c547131a06e03ca6c6c; the release tree has isBinaryMediaMime and the Office vendor test, but no application/msword or application/x-cfb guard/test. (src/media-understanding/apply.ts:349, cbc2ba093146)
• pr_diff_scope: The provided PR diff changes only CHANGELOG.md, src/media-understanding/apply.ts, and src/media-understanding/apply.test.ts; it adds the two MIME guard entries and a parameterized skip regression. (src/media-understanding/apply.ts:362, 4d827051cabe)

Likely related people:

• vignesh07: Prior feature-history review in the PR thread identifies 86a156db2627d68fb00b320c9ef7ca508a2a0df9 as changing isBinaryMediaMime into the current application-MIME binary guard where this PR adds the missing legacy Word/OLE values. (role: introduced current guard behavior; confidence: high; commits: 86a156db2627; files: src/media-understanding/apply.ts)
• frankekn: Prior history ties cb18ce7a8566ecc0571ad6e517f430f9143ea8f6 to the file attachment extraction path, text MIME heuristics, and related misclassification coverage affected by this guard. (role: introduced file extraction and text-heuristic path; confidence: medium; commits: cb18ce7a8566; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)
• steipete: The existing review thread routes inbound media-understanding introduction and later media-understanding/media helper maintenance to steipete; local release history also shows Peter Steinberger as release maintainer for the current tagged tree. (role: feature introducer and recent maintainer; confidence: medium; commits: 1b973f750621, fcb7c9ff650a, 6545317a2cb9; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts, src/media/mime.ts)
• martinfrancois: Prior history identifies 734bb9c2e73b18777175ae05953f51b4be034d33 as adding +zip binary MIME handling, ZIP-signature skipping, and regression coverage in the same prompt-extraction path. (role: adjacent binary-payload hardening owner; confidence: medium; commits: 734bb9c2e73b; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)
• gumadeiras: The prior thread notes gumadeiras as connected to the same 734bb9c2e73b18777175ae05953f51b4be034d33 binary prompt-inflation hardening work, making them a secondary routing candidate for this guard family. (role: adjacent reviewer/coauthor; confidence: low; commits: 734bb9c2e73b; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)

Remaining risk / open question:

• Validation still needs to run on the PR head; this review was read-only and did not execute tests or changed-gate checks.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 6308d2a1dcd4.