Commit 7e118b4
fix: address P1/P2 review findings
- P1: treat missing sig file as suspicious when config exists (no-sig bypass)
- P2: use crypto.timingSafeEqual for HMAC comparison
- P2: remove process-lifetime token cache (read fresh each time)
- P2: add scope checks to config.set and config.apply (consistency)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>1 parent 09980c4 commit 7e118b4
10,386 files changed
Lines changed: 58 additions & 26 deletions
File tree
- .agents
- skills
- openclaw-ghsa-maintainer
- openclaw-parallels-smoke
- openclaw-pr-maintainer
- openclaw-release-maintainer
- openclaw-test-heap-leaks
- agents
- scripts
- parallels-discord-roundtrip
- security-triage
- .github
- ISSUE_TEMPLATE
- actions
- detect-docs-changes
- ensure-base-commit
- setup-node-env
- setup-pnpm-store-cache
- codeql
- instructions
- workflows
- .pi
- extensions
- ui
- prompts
- .vscode
- Swabble
- .github
- workflows
- Sources
- SwabbleCore
- Config
- Hooks
- Speech
- Support
- SwabbleKit
- swabble
- CLI
- Commands
- Tests
- SwabbleKitTests
- swabbleTests
- docs
- scripts
- apps
- android
- THIRD_PARTY_LICENSES
- app
- src
- main
- java
- ai
- openclaw
- app
- chat
- gateway
- node
- protocol
- tools
- ui
- chat
- voice
- res
- font
- mipmap-anydpi
- mipmap-hdpi
- mipmap-mdpi
- mipmap-xhdpi
- mipmap-xxhdpi
- mipmap-xxxhdpi
- values-night
- values
- xml
- play
- test
- java
- ai
- openclaw
- app
- chat
- gateway
- node
- protocol
- ui
- chat
- voice
- benchmark
- src
- main
- java
- ai
- openclaw
- app
- benchmark
- gradle
- wrapper
- scripts
- ios
- ActivityWidget
- Assets.xcassets
- Config
- Sources
- Assets.xcassets
- AppIcon.appiconset
- Calendar
- Camera
- Capabilities
- Chat
- Contacts
- Device
- EventKit
- Gateway
- LiveActivity
- Location
- Media
- Model
- Motion
- Onboarding
- Push
- Reminders
- Screen
- Services
- Settings
- Status
- Voice
- Tests
- Logic
- WatchApp
- Assets.xcassets
- AppIcon.appiconset
- WatchExtension
- Sources
- fastlane
- metadata
- en-US
- review_information
- screenshots
- session-2026-03-07
- macos
- Icon.icon
- Assets
- Sources
- OpenClawDiscovery
- OpenClawIPC
- OpenClawMacCLI
- OpenClawProtocol
- OpenClaw
- Logging
- NodeMode
- Resources
- DeviceModels
- Tests
- OpenClawIPCTests
- assets
- chrome-extension
- icons
- docs
- .generated
- .i18n
- assets
- macos-onboarding
- showcase
- sponsors
- automation
- channels
- cli
- concepts
- debug
- diagnostics
- gateway
- security
- help
- images
- install
- ja-JP
- start
- nodes
- platforms
- mac
- plugins
- providers
- reference
- templates
- security
- start
- tools
- web
- zh-CN
- automation
- channels
- cli
- concepts
- debug
- diagnostics
- gateway
- security
- help
- install
- nodes
- platforms
- mac
- plugins
- providers
- reference
- templates
- security
- start
- tools
- web
- extensions
- acpx
- skills
- acp-router
- src
- runtime-internals
- test-utils
- amazon-bedrock
- anthropic-vertex
- anthropic
- bluebubbles
- src
- brave
- src
- byteplus
- chutes
- cloudflare-ai-gateway
- copilot-proxy
- device-pair
- diagnostics-otel
- src
- diffs
- assets
- skills
- diffs
- src
- discord
- src
- actions
- monitor
- voice
- elevenlabs
- fal
- feishu
- skills
- feishu-doc
- references
- feishu-drive
- feishu-perm
- feishu-wiki
- src
- firecrawl
- src
- github-copilot
- googlechat
- src
- google
- src
- huggingface
- imessage
- src
- monitor
- irc
- src
- kilocode
- kimi-coding
- line
- src
- llm-task
- src
- lobster
- src
- matrix
- src
- matrix
- actions
- client
- monitor
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
0 commit comments