diff --git a/.detect-secrets.cfg b/.detect-secrets.cfg index 3ab7ebb69b5..34f4ff85f07 100644 --- a/.detect-secrets.cfg +++ b/.detect-secrets.cfg @@ -41,3 +41,5 @@ pattern = grep -q 'N[O]DE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache' ~/.bash pattern = env: \{ MISTRAL_API_K[E]Y: "sk-\.\.\." \}, pattern = "ap[i]Key": "xxxxx", pattern = ap[i]Key: "A[I]za\.\.\.", +# Sparkle appcast signatures are release metadata, not credentials. +pattern = sparkle:edSignature="[A-Za-z0-9+/=]+" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 74dc847d487..2f9d299a5b3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -71,6 +71,8 @@ repos: - 'ap[i]Key: "A[I]za\.\.\.",' - --exclude-lines - '"ap[i]Key": "(resolved|normalized|legacy)-key"(,)?' + - --exclude-lines + - 'sparkle:edSignature="[A-Za-z0-9+/=]+"' # Shell script linting - repo: https://github.com/koalaman/shellcheck-precommit rev: v0.11.0 diff --git a/.secrets.baseline b/.secrets.baseline index 871217bc3bc..b1f909e6ca4 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -153,7 +153,8 @@ "env: \\{ MISTRAL_API_K[E]Y: \"sk-\\.\\.\\.\" \\},", "\"ap[i]Key\": \"xxxxx\"(,)?", "ap[i]Key: \"A[I]za\\.\\.\\.\",", - "\"ap[i]Key\": \"(resolved|normalized|legacy)-key\"(,)?" + "\"ap[i]Key\": \"(resolved|normalized|legacy)-key\"(,)?", + "sparkle:edSignature=\"[A-Za-z0-9+/=]+\"" ] }, { @@ -180,29 +181,6 @@ "line_number": 15 } ], - "appcast.xml": [ - { - "type": "Base64 High Entropy String", - "filename": "appcast.xml", - "hashed_secret": "7afea670e53d801f1f881c99c40aa177e3395bfa", - "is_verified": false, - "line_number": 365 - }, - { - "type": "Base64 High Entropy String", - "filename": "appcast.xml", - "hashed_secret": "6e1ba26139ac4e73427e68a7eec2abf96bcf1fd4", - "is_verified": false, - "line_number": 584 - }, - { - "type": "Base64 High Entropy String", - "filename": "appcast.xml", - "hashed_secret": "c0baa9660a8d3b11874c63a535d8369f4a8fa8fa", - "is_verified": false, - "line_number": 723 - } - ], "apps/android/app/src/test/java/ai/openclaw/android/node/AppUpdateHandlerTest.kt": [ { "type": "Hex High Entropy String", @@ -13035,5 +13013,5 @@ } ] }, - "generated_at": "2026-03-09T06:30:58Z" + "generated_at": "2026-03-09T08:37:13Z" } diff --git a/src/daemon/launchd.ts b/src/daemon/launchd.ts index 11e0bd50d20..492eb2e4d6e 100644 --- a/src/daemon/launchd.ts +++ b/src/daemon/launchd.ts @@ -276,8 +276,8 @@ export async function uninstallLegacyLaunchAgents({ return agents; } - const home = resolveHomeDir(env); - const trashDir = path.join(home, ".Trash"); + const home = toPosixPath(resolveHomeDir(env)); + const trashDir = path.posix.join(home, ".Trash"); try { await fs.mkdir(trashDir, { recursive: true }); } catch { @@ -323,8 +323,8 @@ export async function uninstallLaunchAgent({ return; } - const home = resolveHomeDir(env); - const trashDir = path.join(home, ".Trash"); + const home = toPosixPath(resolveHomeDir(env)); + const trashDir = path.posix.join(home, ".Trash"); const dest = path.join(trashDir, `${label}.plist`); try { await fs.mkdir(trashDir, { recursive: true }); @@ -415,9 +415,10 @@ export async function installLaunchAgent({ } const plistPath = resolveLaunchAgentPlistPathForLabel(env, label); - const home = resolveHomeDir(env); + const home = toPosixPath(resolveHomeDir(env)); + const libraryDir = path.posix.join(home, "Library"); await ensureSecureDirectory(home); - await ensureSecureDirectory(path.join(home, "Library")); + await ensureSecureDirectory(libraryDir); await ensureSecureDirectory(path.dirname(plistPath)); const serviceDescription = resolveGatewayServiceDescription({ env, environment, description });