fix(browser): cap act action timeouts

2026-06-07 00:42:55 +00:00 · 2026-05-30 03:52:29 -04:00
parent fc90f0f15c
commit cec50aa047
2 changed files with 18 additions and 1 deletions
--- a/extensions/browser/src/browser/routes/agent.act.normalize.test.ts
+++ b/extensions/browser/src/browser/routes/agent.act.normalize.test.ts
@@ -1,3 +1,4 @@
+import { MAX_TIMER_TIMEOUT_MS } from "openclaw/plugin-sdk/number-runtime";
 import { describe, expect, it } from "vitest";
 import { normalizeActRequest } from "./agent.act.normalize.js";

@@ -32,6 +33,20 @@ describe("normalizeActRequest numeric fields", () => {
    });
  });

+  it("caps oversized action timeouts", () => {
+    expect(
+      normalizeActRequest({
+        kind: "wait",
+        text: "ready",
+        timeoutMs: String(Number.MAX_SAFE_INTEGER),
+      }),
+    ).toMatchObject({
+      kind: "wait",
+      text: "ready",
+      timeoutMs: MAX_TIMER_TIMEOUT_MS,
+    });
+  });
+
  it("rejects loose integer tokens for action durations and timeouts", () => {
    expect(() =>
      normalizeActRequest({
--- a/extensions/browser/src/browser/routes/agent.act.normalize.ts
+++ b/extensions/browser/src/browser/routes/agent.act.normalize.ts
@@ -1,3 +1,4 @@
+import { resolveTimerTimeoutMs } from "openclaw/plugin-sdk/number-runtime";
 import {
  ACT_MAX_BATCH_ACTIONS,
  ACT_MAX_CLICK_DELAY_MS,
@@ -88,7 +89,8 @@ function readActionNonNegativeInteger(
 }

 function readActionTimeoutMs(body: Record<string, unknown>): number | undefined {
-  return readActionPositiveInteger(body, "timeoutMs");
+  const timeoutMs = readActionPositiveInteger(body, "timeoutMs");
+  return timeoutMs === undefined ? undefined : resolveTimerTimeoutMs(timeoutMs, 1);
 }

 function readBoundedActionDurationMs(