fix(security): audit open dm tool exposure#92883
Conversation
|
Codex review: needs changes before merge. Reviewed June 15, 2026, 2:48 PM ET / 18:48 UTC. Summary PR surface: Source +10, Tests +30. Total +40 across 2 files. Reproducibility: yes. Source inspection shows current main returns from collectExposureMatrixFindings unless groupPolicy is open, while the PR body provides after-fix terminal output for dmPolicy="open". Review metrics: 1 noteworthy metric.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review findings
Review detailsBest possible solution: Land one canonical focused fix that covers canonical and legacy channel/account DM policy paths, updates public audit docs, and either accepts or avoids the stable-check-ID wording change before closing the linked issue and older overlapping PR. Do we have a high-confidence way to reproduce the issue? Yes. Source inspection shows current main returns from collectExposureMatrixFindings unless groupPolicy is open, while the PR body provides after-fix terminal output for dmPolicy="open". Is this the best way to solve the issue? Yes, mostly. Centralizing open inbound policy collection in the existing exposure matrix is the narrow maintainable fix; the branch should still align public docs and get maintainer acceptance of the audit-text compatibility tradeoff. Full review comments:
Overall correctness: patch is correct AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against c40db057da33. Label changesLabel justifications:
Evidence reviewedPR surface: Source +10, Tests +30. Total +40 across 2 files. View PR surface stats
Acceptance criteria:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
49a4872 to
fddafb7
Compare
|
Maintainer verification complete.
No runtime config or migration behavior changed. No known proof gaps remain for the audit collector and documentation surface. |
* fix(security): audit open dm tool exposure * fix(security): align open DM audit precedence --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
* fix(security): audit open dm tool exposure * fix(security): align open DM audit precedence --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Summary
Fixes #55612.
Extends the security exposure matrix from only
groupPolicy="open"to all open inbound conversation policies that can expose tools:channels.<id>.groupPolicychannels.<id>.dmPolicychannels.<id>.dm.policychannels.<id>.accounts.<accountId>The existing exposure check IDs are kept stable, but their title/detail/remediation text now covers open groups and DMs.
Real behavior proof
Behavior addressed:
security auditwarned critically for open groups with elevated/runtime/fs tools, but an equivalent open DM path only showed the lower-severity multi-user heuristic.Real environment tested: local OpenClaw checkout on this branch, using the production
collectExposureMatrixFindingsimplementation fromsrc/security/audit-extra.sync.ts.Exact steps or command run after this patch:
Evidence after fix:
Observed result after fix:
dmPolicy="open"now produces both CRITICAL exposure findings, with the affected policy path shown aschannels.feishu.dmPolicy.What was not tested: full CLI rendering and provider-specific live Feishu delivery were not exercised; this patch is limited to the synchronous audit finding collector and regression tests around that collector.
Validation