Skip to content

fix: 0.4.0 revival — tool contract fix, allowlist hardening, dep refresh#5

Merged
sidmohan0 merged 4 commits into
mainfrom
feat/0.4.0-hardening
Jul 2, 2026
Merged

fix: 0.4.0 revival — tool contract fix, allowlist hardening, dep refresh#5
sidmohan0 merged 4 commits into
mainfrom
feat/0.4.0-hardening

Conversation

@sidmohan0

Copy link
Copy Markdown
Contributor

Summary

Revival cleanup for 0.4.0 (DFPY-120), verified against current upstream OpenClaw (v2026.6.11) docs and source.

  • Tool contract fix (ported from feat(fogclaw): E2E baseline tests, CI workflow, and OpenClaw API fix #3): all 6 tools registered with schema:/handler:, which the runtime does not recognize — tool calls failed before reaching the model. Now parameters: + execute(toolCallId, params), confirmed still the current contract. Tools also declared in the manifest contracts.tools block, now required for discovery.
  • Allowlist hardening (ported from datafog-python 4.7.0): full-match semantics (a partial pattern match can no longer suppress a finding), nested-quantifier rejection at config time (ReDoS), 512-char pattern cap, and a 512-char subject cap that fails safe (finding kept).
  • Dependency refresh: npm audit 10 vulnerabilities (2 critical) → 0. vitest 2→4, sharp 0.35.3, protobufjs/rollup/tar transitives fixed. onnxruntime pins deliberately unchanged (gliner 0.0.19 is still latest and expects 1.19.x internals).
  • Runtime metadata: openclaw.compat block, Node engine floor 22.19, version 0.4.0.

Known follow-ups are listed in the CHANGELOG (hook migration off deprecated before_agent_start, reply_payload_sending coverage).

Test plan

  • 224 unit tests pass (4 new hardening regression tests, written red-first)
  • tsc --noEmit and build clean
  • npm audit: 0 vulnerabilities
  • Smoke test against a live OpenClaw install before publishing 0.4.0

sidmohan0 added 4 commits July 2, 2026 15:44
…ntics

Port the datafog-python 4.7.0 allowlist hardening: reject quantified
groups containing nested quantifiers at config time (catastrophic
backtracking on attacker-influenced entity text), cap pattern length at
512 chars, anchor patterns so a partial match never suppresses a
finding, and skip pattern matching for entities longer than 512 chars
(fail-safe: the finding is kept).
…contract

All 6 tools were registered with schema:/handler:, which the OpenClaw
runtime does not recognize — tool calls failed before reaching the model
(verified against upstream docs/plugins/building-plugins.md; execute
receives (toolCallId, params)). Ported from PR #3, which discovered the
breakage during E2E testing in February. Also declares the six tools in
the manifest contracts.tools block, now required for tool discovery, and
bumps the manifest version to 0.4.0.
npm audit reported 10 vulnerabilities (2 critical). audit fix cleared
the protobufjs/rollup/tar transitives; the rest were the vitest 2.x dev
chain, cleared by vitest 4. sharp 0.34.5 -> 0.35.3. onnxruntime pins
stay as-is: gliner 0.0.19 (still latest) expects onnxruntime 1.19.x
internals, and the test suite mocks GLiNER so a runtime ABI break would
not be caught here. Adds the openclaw.compat block and Node >=22.19
engine floor now required by the plugin runtime. Version to 0.4.0.
@sidmohan0 sidmohan0 merged commit ec5bd71 into main Jul 2, 2026
2 checks passed
@sidmohan0 sidmohan0 deleted the feat/0.4.0-hardening branch July 2, 2026 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant