vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 16:10:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): include Matrix avatar params in sandbox media normalization + preserve mxc:// URLs + log gmail watcher stop failures [AI-assisted] (#64701)

Browse Source 
Merged via squash.

Prepared head SHA: 54de3f019b
Co-authored-by: slepybear <108438815+slepybear@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
This commit is contained in:
slepybear
2026-04-15 00:22:29 +08:00
committed by GitHub
parent daabbce9a0
commit 450c3a8ed2
20 changed files with 593 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/plugins/architecture.md
View File

@@ -173,6 +173,15 @@ For channel plugins, the SDK surface is
call lets a plugin return its visible actions, capabilities, and schema
contributions together so those pieces do not drift apart.
When a channel-specific message-tool param carries a media source such as a
local path or remote media URL, the plugin should also return
`mediaSourceParams` from `describeMessageTool(...)`. Core uses that explicit
list to apply sandbox path normalization and outbound media-access hints
without hardcoding plugin-owned param names.
Prefer action-scoped maps there, not one channel-wide flat list, so a
profile-only media param does not get normalized on unrelated actions like
`send`.
Core passes runtime scope into that discovery step. Important fields include:
- `accountId`

10
docs/plugins/sdk-channel-plugins.md
View File

@@ -35,6 +35,16 @@ shared `message` tool in core. Your plugin owns:
Core owns the shared message tool, prompt wiring, the outer session-key shape,
generic `:thread:` bookkeeping, and dispatch.
If your channel adds message-tool params that carry media sources, expose those
param names through `describeMessageTool(...).mediaSourceParams`. Core uses
that explicit list for sandbox path normalization and outbound media-access
policy, so plugins do not need shared-core special cases for provider-specific
avatar, attachment, or cover-image params.
Prefer returning an action-keyed map such as
`{ "set-profile": ["avatarUrl", "avatarPath"] }` so unrelated actions do not
inherit another action's media args. A flat array still works for params that
are intentionally shared across every exposed action.
If your platform stores extra scope inside conversation ids, keep that parsing
in the plugin with `messaging.resolveSessionConversation(...)`. That is the
canonical hook for mapping `rawId` to the base conversation id, optional thread