claudia.keller/openclaw-vainplex
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openclaw-vainplex/src/auto-reply/reply
History
Glucksberg 34e2425b4d
fix(security): restrict MEDIA path extraction to prevent LFI (#4930) 
* fix(security): restrict inbound media staging to media directory

* docs: update MEDIA path guidance for security restrictions

- Update agent hint to warn against absolute/~ paths
- Update docs example to use https:// instead of /tmp/

---------

Co-authored-by: Evan Otero <evanotero@google.com>
2026-01-31 10:55:37 -08:00
..
exec chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
queue chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
abort.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
abort.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
agent-runner-execution.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
agent-runner-helpers.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
agent-runner-memory.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
agent-runner-payloads.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
agent-runner-utils.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner-utils.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
agent-runner.authprofileid-fallback.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.block-streaming.test.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
agent-runner.claude-cli.test.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.resets-corrupted-gemini-sessions-deletes-transcripts.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.retries-after-compaction-failure-by-resetting-session.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.signals-typing-block-replies.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.signals-typing-normal-runs.test.ts test: align NO_REPLY typing expectations 2026-01-21 17:12:50 +00:00
agent-runner.heartbeat-typing.runreplyagent-typing-heartbeat.still-replies-even-if-session-reset-fails.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.memory-flush.runreplyagent-memory-flush.increments-compaction-count-flush-compaction-completes.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.memory-flush.runreplyagent-memory-flush.runs-memory-flush-turn-updates-session-metadata.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.memory-flush.runreplyagent-memory-flush.skips-memory-flush-cli-providers.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.memory-flush.runreplyagent-memory-flush.skips-memory-flush-sandbox-workspace-is-read.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.memory-flush.runreplyagent-memory-flush.uses-configured-prompts-memory-flush-runs.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.messaging-tools.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
agent-runner.reasoning-tags.test.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
agent-runner.response-usage-footer.test.ts test(usage): cover modes and full footer 2026-01-18 06:01:25 +00:00
agent-runner.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
audio-tags.ts refactor: consolidate reply/media helpers 2026-01-10 02:41:16 +01:00
bash-command.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
block-reply-coalescer.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
block-reply-pipeline.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
block-streaming.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
body.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-allowlist.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-approve.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
commands-approve.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-bash.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-compact.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-config.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-context-report.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-context.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
commands-core.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-info.test.ts fix: tighten commands output + telegram pagination (#2504) 2026-01-27 02:43:14 -05:00
commands-info.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-models.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-parsing.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
commands-plugin.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-policy.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
commands-session.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-status.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-subagents.ts fix: lint cleanups 2026-01-31 07:59:01 +00:00
commands-tts.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
commands-types.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
commands.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
commands.ts refactor(auto-reply): split reply pipeline 2026-01-14 09:11:16 +00:00
config-commands.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
config-value.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
debug-commands.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.auth.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.fast-lane.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
directive-handling.impl.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.model-picker.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.model.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
directive-handling.model.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.parse.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.persist.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
directive-handling.queue-validation.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.shared.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
directive-handling.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
directives.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
dispatch-from-config.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
dispatch-from-config.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
exec.ts feat: add /exec session overrides 2026-01-18 06:12:54 +00:00
followup-runner.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
followup-runner.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
formatting.test.ts test: consolidate auto-reply unit coverage 2026-01-23 18:34:33 +00:00
get-reply-directives-apply.ts chore: Enable more lint rules, disable some that trigger a lot. Will clean up later. 2026-01-31 16:04:04 +09:00
get-reply-directives-utils.ts feat: add /exec session overrides 2026-01-18 06:12:54 +00:00
get-reply-directives.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
get-reply-inline-actions.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
get-reply-run.ts fix(security): restrict MEDIA path extraction to prevent LFI (#4930) 2026-01-31 10:55:37 -08:00
get-reply.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
groups.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
history.test.ts test: cover typing and history helpers 2026-01-23 23:34:30 +00:00
history.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
inbound-context.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
inbound-dedupe.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
inbound-sender-meta.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
inbound-text.ts fix: finalize inbound contexts 2026-01-17 05:06:39 +00:00
line-directives.test.ts feat: Add Line plugin (#1630) 2026-01-25 12:22:36 +00:00
line-directives.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
memory-flush.test.ts chore: migrate to oxlint and oxfmt 2026-01-14 15:02:19 +00:00
memory-flush.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
mentions.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
mentions.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
model-selection.inherit-parent.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
model-selection.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
normalize-reply.test.ts fix: avoid silent telegram empty replies (#3796) (#3796) 2026-01-29 11:34:47 +05:30
normalize-reply.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
provider-dispatcher.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
queue.collect-routing.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
queue.ts fix: hard-abort clears queues on /stop 2026-01-16 21:15:25 +00:00
reply-directives.ts refactor: unify inline directives and media fetch 2026-01-10 03:01:04 +01:00
reply-dispatcher.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
reply-elevated.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
reply-inline.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
reply-payloads.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
reply-reference.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
reply-routing.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
reply-tags.ts refactor: unify inline directives and media fetch 2026-01-10 03:01:04 +01:00
reply-threading.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
response-prefix-template.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
response-prefix-template.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
route-reply.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
route-reply.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
session-reset-model.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
session-resets.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
session-updates.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
session-usage.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
session.test.ts refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
session.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
stage-sandbox-media.ts fix(security): restrict MEDIA path extraction to prevent LFI (#4930) 2026-01-31 10:55:37 -08:00
streaming-directives.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
subagents-utils.test.ts feat(slash-commands): usage footer modes 2026-01-18 05:35:35 +00:00
subagents-utils.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
test-ctx.ts style: oxfmt 2026-01-17 10:26:08 +00:00
test-helpers.ts fix(typing): keep tool-start ttl mode-safe (#452, thanks @thesash) 2026-01-08 06:18:35 +00:00
typing-mode.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
typing.test.ts test: consolidate auto-reply unit coverage 2026-01-23 18:34:33 +00:00
typing.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00