Summary:
- Split browser SSRF quarantine from tab closure so read-only browser operations do not close user-owned tabs on policy denial.
- Keep OpenClaw-initiated navigation/create paths closing blocked tabs, and add regression coverage for both contracts.
- Update changelog with contributor credit.
Verification:
- pnpm test extensions/browser/src/browser/pw-session.assert-navigation-safety.test.ts extensions/browser/src/browser/pw-tools-core.snapshot.navigate-guard.test.ts
- pnpm test extensions/browser/src/browser/pw-tools-core.browser-ssrf-guard.test.ts extensions/browser/src/browser/pw-tools-core.snapshot.test.ts
- Exact-head CI success: 25535578610
- Exact-head Real behavior proof success: 25536652326
Thanks @scotthuang.
Fixes#78445.
- Use piped stdio for the post-core update child on Windows so the child and descendants do not inherit the parent console handles.
- Relay child stdout/stderr back to the parent when piped so update output remains visible.
- Keep non-Windows behavior on inherited stdio.
- Add focused coverage for the stdio resolver.
Verification:
- `pnpm vitest run src/cli/update-cli/update-command.test.ts`
- `pnpm build`
- `pnpm exec oxlint src/cli/update-cli/update-command.ts src/cli/update-cli/update-command.test.ts`
- Full GitHub CI green at `321608e00ba118421ea65124f494458ed229defd`.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fixes#78159.
- Add `windowsHide: true` to the login-shell env probe used by shell-env fallback on Windows.
- Cover the fallback and trusted-shell paths with focused tests.
- Add the changelog attribution for #78266.
Verification:
- `pnpm vitest run src/infra/shell-env.test.ts`
- `pnpm build`
- `pnpm check`
- Full GitHub CI green at `deb6ffbd3c203fc52f5b320fe5ca5aafa11ade57`.
Summary:
- The PR exports `ensureAbsoluteDirectory` through the fs-safe/SDK runtime facades and routes browser download ... through safe output directory/file helpers with focused tests, a changelog entry, and SDK API hash updates.
- Reproducibility: yes. at source level: current main creates browser download/output roots with raw recursive ... jection coverage for that path. I did not run a live browser runtime reproduction in this read-only review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(browser): use fs-safe output directory helper
- PR branch already contained follow-up commit before automerge: docs(changelog): mention browser fs-safe hardening
- PR branch already contained follow-up commit before automerge: fix(browser): harden download output writes
Validation:
- ClawSweeper review passed for head a9c9570f66.
- Required merge gates passed before the squash merge.
Prepared head SHA: a9c9570f66
Review: https://github.com/openclaw/openclaw/pull/78780#issuecomment-4394146682
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
