vrr/openclaw
2
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-25 06:47:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 21
openclaw/src/security
History
Blasius Patrick f5aebe42e1
fix(security): resolve model aliases before audit classification (#74532) 
* fix(security): resolve model aliases before audit classification

Before classification, model strings are now resolved through the alias
index so that configured aliases (e.g. 'gpt-prev') are translated to
their canonical provider/key form (e.g. 'openai/gpt-5.4') before hygene
and tier checks run.

Fixes #74455.

Signed-off-by: Blasius Patrick <blasius.patrick@gmail.com>

* fix(security): share audit model alias resolution

---------

Signed-off-by: Blasius Patrick <blasius.patrick@gmail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-04-29 19:26:02 +01:00
..
audit-channel-account-metadata.test.ts test(core): guard security audit boundaries 2026-04-20 17:38:20 +01:00
audit-channel-dm-policy.test.ts fix(security): tighten telegram dm audit coverage 2026-04-29 02:04:20 +01:00
audit-channel-readonly-resolution.test.ts
audit-channel-readonly-setup-fallback.test.ts fix(security): tighten telegram dm audit coverage 2026-04-29 02:04:20 +01:00
audit-channel-security.test-helpers.ts
audit-channel-source-config-discord.test.ts test: share channel audit plugin fixtures 2026-04-23 18:29:32 +01:00
audit-channel-source-config-slack.test.ts test: share channel audit plugin fixtures 2026-04-23 18:29:32 +01:00
audit-channel-test-helpers.ts test: share channel audit plugin fixtures 2026-04-23 18:29:32 +01:00
audit-channel.collect.runtime.ts
audit-channel.ts fix(security): tighten telegram dm audit coverage 2026-04-29 02:04:20 +01:00
audit-config-basics.test.ts
audit-config-include-perms.test.ts test: speed up focused test setup 2026-04-27 13:00:43 +01:00
audit-config-symlink.test.ts test: share security audit temp fixtures 2026-04-23 18:29:32 +01:00
audit-deep-code-safety.ts
audit-deep-probe-findings.ts
audit-exec-safe-bins.test.ts
audit-exec-sandbox-host.test.ts
audit-exec-surface.test.ts
audit-extra.async.test.ts perf(test): mock security code safety scans 2026-04-20 18:06:32 +01:00
audit-extra.async.ts test: speed up security audit tests 2026-04-26 02:51:19 +01:00
audit-extra.summary.ts fix(security): resolve model aliases before audit classification (#74532) 2026-04-29 19:26:02 +01:00
audit-extra.sync.test.ts perf: defer unconfigured gateway hooks 2026-04-20 19:47:35 +01:00
audit-extra.sync.ts fix(security): resolve model aliases before audit classification (#74532) 2026-04-29 19:26:02 +01:00
audit-filesystem-windows.test.ts test: share security audit temp fixtures 2026-04-23 18:29:32 +01:00
audit-fs.ts
audit-gateway-auth-selection.test.ts
audit-gateway-config.ts fix(gateway): allow explicit loopback trusted proxy auth 2026-04-27 22:01:06 -07:00
audit-gateway-exposure.test.ts fix(gateway): allow explicit loopback trusted proxy auth 2026-04-27 22:01:06 -07:00
audit-gateway-http-auth.test.ts
audit-gateway-tools-http.test.ts perf(test): isolate gateway audit tests 2026-04-20 18:58:10 +01:00
audit-gateway.test.ts perf(test): isolate gateway audit tests 2026-04-20 18:58:10 +01:00
audit-hooks-routing.test.ts
audit-loopback-logging.test.ts
audit-model-hygiene.test.ts fix(security): resolve model aliases before audit classification (#74532) 2026-04-29 19:26:02 +01:00
audit-model-refs.ts fix(security): resolve model aliases before audit classification (#74532) 2026-04-29 19:26:02 +01:00
audit-node-command-findings.test.ts fix(security): include dangerous commands in audit known commands (#73915) 2026-04-28 18:34:55 -07:00
audit-plugin-code-safety.test.ts
audit-plugin-readonly-scope.test.ts test: speed up focused test setup 2026-04-27 13:00:43 +01:00
audit-plugins-trust.test.ts test(security): cover bundled plugin allowlist audit 2026-04-27 11:50:24 +01:00
audit-plugins-trust.ts fix: keep native command auto defaults cold 2026-04-26 07:55:00 +01:00
audit-probe-failure.test.ts
audit-sandbox-browser.test.ts
audit-sandbox-docker-config.test.ts
audit-small-model-risk.test.ts fix(security): resolve model aliases before audit classification (#74532) 2026-04-29 19:26:02 +01:00
audit-summary.test.ts
audit-synced-folder.test.ts
audit-tool-policy.ts
audit-trust-model.test.ts
audit-workspace-skill-escape.test.ts test: speed up security audit tests 2026-04-26 02:51:19 +01:00
audit-workspace-skills.ts test: speed up security audit tests 2026-04-26 02:51:19 +01:00
audit.deep.runtime.ts
audit.nondeep.runtime.ts test: speed up security audit tests 2026-04-26 02:51:19 +01:00
audit.runtime.ts
audit.test-helpers.ts
audit.ts fix(security): tighten telegram dm audit coverage 2026-04-29 02:04:20 +01:00
audit.types.ts
channel-metadata.ts
config-regex.ts
context-visibility.test.ts
context-visibility.ts
core-dangerous-config-flags.ts refactor: share core helper logic 2026-04-23 18:09:20 +01:00
dangerous-config-flags-core.ts test: move pure hotspots to fast lane 2026-04-28 07:56:40 +01:00
dangerous-config-flags.test.ts test: move pure hotspots to fast lane 2026-04-28 07:56:40 +01:00
dangerous-config-flags.ts refactor: simplify plugin cache boundaries 2026-04-29 04:33:15 +01:00
dangerous-tools.ts refactor: keep plugin login policy out of core 2026-04-22 06:39:48 +01:00
dm-policy-shared.test.ts fix: align open DM allowlist policy (#74112) 2026-04-29 06:52:12 +01:00
dm-policy-shared.ts fix: align open DM allowlist policy (#74112) 2026-04-29 06:52:12 +01:00
external-content-source.ts
external-content.test.ts fix: sanitize LLM special tokens in external content 2026-04-21 20:29:02 +01:00
external-content.ts fix: sanitize LLM special tokens in external content 2026-04-21 20:29:02 +01:00
fix.test.ts
fix.ts refactor(config): migrate plugin config access 2026-04-27 12:35:58 +01:00
safe-regex.test.ts fix(logging): redact persisted transcript text 2026-04-26 12:12:44 -07:00
safe-regex.ts fix(logging): redact persisted transcript text 2026-04-26 12:12:44 -07:00
scan-paths.test.ts
scan-paths.ts
secret-equal.ts
skill-scanner.test.ts fix: skip test-only plugin install scan findings 2026-04-27 15:00:55 +01:00
skill-scanner.ts fix: skip test-only plugin install scan findings 2026-04-27 15:00:55 +01:00
test-temp-cases.ts test: share security audit temp fixtures 2026-04-23 18:29:32 +01:00
windows-acl.test.ts test(security): isolate windows acl user fallback 2026-04-29 12:36:28 +01:00
windows-acl.ts infra: fix heartbeat directive preservation and global enablement (#74471) 2026-04-29 17:49:41 +01:00