fix(feishu): avoid axios interceptor internals#89806
Conversation
|
Codex review: passed. Reviewed June 19, 2026, 1:49 AM ET / 05:49 UTC. Summary PR surface: Source +7, Tests +48. Total +55 across 2 files. Reproducibility: yes. for the source/dependency boundary: current main still writes Review metrics: 1 noteworthy metric.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land this public-interceptor change after exact-head checks and mergeability pass, then let #83913 close as implemented by the merge. Do we have a high-confidence way to reproduce the issue? Yes for the source/dependency boundary: current main still writes Is this the best way to solve the issue? Yes. Registering a public request interceptor that always sets the Feishu User-Agent is the narrow maintainable fix; clearing Axios storage directly or adding a config switch would keep unnecessary dependency-internal coupling. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 2db37c2cd0a5. Label changesLabel changes:
Label justifications:
Evidence reviewedPR surface: Source +7, Tests +48. Total +55 across 2 files. View PR surface stats
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
/clownfish automerge |
|
Clownfish is on the reef for this PR. 🐠 I tagged A maintainer can call |
|
🦞✅ Source: What merged:
Automerge notes:
The automerge loop is complete. Automerge progress:
|
Summary: - The branch replaces Feishu's module-load Axios `handlers` reset with public request-interceptor registration and adds tests that throw on private handler access. - PR surface: Source +7, Tests +48. Total +55 across 2 files. - Reproducibility: yes. for the source/dependency boundary: current main still writes `interceptors.request.ha ... l on that access before the production change. No live authenticated Feishu request failure was reproduced. Automerge notes: - No ClawSweeper repair was needed after automerge opt-in. Validation: - ClawSweeper review passed for head b870831. - Required merge gates passed before the squash merge. Prepared head SHA: b870831 Review: openclaw#89806 (comment) Co-authored-by: Cornna <96944678+ymylive@users.noreply.github.com>
Summary: - The branch replaces Feishu's module-load Axios `handlers` reset with public request-interceptor registration and adds tests that throw on private handler access. - PR surface: Source +7, Tests +48. Total +55 across 2 files. - Reproducibility: yes. for the source/dependency boundary: current main still writes `interceptors.request.ha ... l on that access before the production change. No live authenticated Feishu request failure was reproduced. Automerge notes: - No ClawSweeper repair was needed after automerge opt-in. Validation: - ClawSweeper review passed for head b870831. - Required merge gates passed before the squash merge. Prepared head SHA: b870831 Review: openclaw#89806 (comment) Co-authored-by: Cornna <96944678+ymylive@users.noreply.github.com>
Summary
Lark.defaultHttpInstance.interceptors.request.handlersat module load.request.use(...)interceptor API.handlersis read or written.Fixes #83913
Red test
Before the production change, the new
extensions/feishu/src/client.test.tsimport-time regression failed with:Real behavior proof
Behavior or issue addressed: The Feishu client no longer reads or writes the undocumented axios
interceptors.request.handlersarray during import, and registers its User-Agent override through the public interceptor API.Real environment tested: Local macOS source checkout at PR head
b87083193b84f304af0eeebf92c582ed355bdb24, Node vianode --import tsx, real bundled@larksuiteoapi/node-sdkdefault HTTP instance.Exact steps or command run after this patch: Replaced only the public
request.useboundary with a counter, made the privatehandlersproperty throw on direct read/write, then importedextensions/feishu/src/client.tsthrough tsx.Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): Terminal output from the runtime import probe:
Observed result after fix: Importing the Feishu client succeeded, exactly one public
request.useinterceptor was registered, the registered callback was a function, and the throwing privatehandlersaccessor was never touched by OpenClaw import code.What was not tested: No live Feishu/Lark network request was sent; this proof verifies the import-time interceptor registration boundary that issue UA interceptor replacement relies on undocumented axios
handlersinternal #83913 reported.Proof limitations or environment constraints: The probe intentionally avoids credentials and network calls; it uses the real SDK object but instruments the interceptor boundary locally.
Before evidence (optional but encouraged): Before the production change, the added regression failed at
extensions/feishu/src/client.ts:75:31withDo not write axios private interceptor handlers.Validation
node scripts/run-vitest.mjs extensions/feishu/src/client.test.ts --reporter=dot-> 18 passednpx oxfmt --check extensions/feishu/src/client.ts extensions/feishu/src/client.test.ts-> passednode scripts/run-oxlint.mjs extensions/feishu/src/client.ts extensions/feishu/src/client.test.ts-> passednode scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.extensions.test.json-> passedgit diff --check-> passed