vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-05 03:30:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: tighten container bind defaults for landing (#61818) (thanks @openperf)

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-06 13:51:53 +01:00
parent c857e93735
commit c9e4b86c7e
7 changed files with 57 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/commands/doctor-security.test.ts
View File

@@ -118,6 +118,14 @@ describe("noteSecurityWarnings gateway exposure", () => {
expect(message).not.toContain("Gateway bound");
});
it("treats unset bind as loopback for host-side doctor checks", async () => {
const cfg = { gateway: {} } as OpenClawConfig;
await noteSecurityWarnings(cfg);
const message = lastMessage();
expect(message).toContain("No channel security warnings detected");
expect(message).not.toContain("Gateway bound");
});
it("shows explicit dmScope config command for multi-user DMs", async () => {
pluginRegistry.list = [
{

4
src/commands/doctor-security.ts
View File

@@ -5,7 +5,7 @@ import type { OpenClawConfig, GatewayBindMode } from "../config/config.js";
import type { AgentConfig } from "../config/types.agents.js";
import { hasConfiguredSecretInput } from "../config/types.secrets.js";
import { resolveGatewayAuth } from "../gateway/auth.js";
import { defaultGatewayBindMode, isLoopbackHost, resolveGatewayBindHost } from "../gateway/net.js";
import { isLoopbackHost, resolveGatewayBindHost } from "../gateway/net.js";
import { resolveExecPolicyScopeSnapshot } from "../infra/exec-approvals-effective.js";
import { loadExecApprovals, type ExecAsk, type ExecSecurity } from "../infra/exec-approvals.js";
import { resolveDmAllowState } from "../security/dm-policy-shared.js";
@@ -184,7 +184,7 @@ export async function noteSecurityWarnings(cfg: OpenClawConfig) {
// that expose the gateway to network without proper auth
const tailscaleMode = cfg.gateway?.tailscale?.mode ?? "off";
const gatewayBind = (cfg.gateway?.bind ?? defaultGatewayBindMode(tailscaleMode)) as string;
const gatewayBind = (cfg.gateway?.bind ?? "loopback") as string;
const customBindHost = cfg.gateway?.customBindHost?.trim();
const bindModes: GatewayBindMode[] = ["auto", "lan", "loopback", "custom", "tailnet"];
const bindMode = bindModes.includes(gatewayBind as GatewayBindMode)