Commit Graph

11 Commits

Author SHA1 Message Date
Peter Steinberger
218dcd815a feat(tooling): enforce noUncheckedIndexedAccess in the extensions lane (NUIA phase 4) (#105132)
* fix(extensions): make indexed access explicit across channel plugins

Transport-payload-safe burn-down: malformed Telegram/Discord/QQ/LINE
and sibling channel input keeps existing skip paths; no synthesized
fields, no new throws in delivery loops. Zalo escape sentinels preserve
literal matches instead of undefined replacements.

* fix(extensions): make indexed access explicit across provider and memory plugins

Stream and model iteration, tool-block guards, capture guards, and
sparse accumulators; singleton model reads carry named invariants.

* fix(extensions): make indexed access explicit across tooling plugins, flip the extensions lane

Remaining plugins (oc-path, qa-lab, browser, logbook, and siblings) plus
the tsconfig.extensions.json flag flip. Cleanup: logbook sampleFrames
NaN index at max=1, QA retry clamp at non-positive attempts, dead Canvas
probe and OpenShell no-op slice removed, twitch test setup leak excluded
from the prod lane.

* refactor(plugin-sdk): expose expectDefined via a focused SDK subpath

Extensions imported @openclaw/normalization-core directly, crossing the
external-plugin packaging boundary (it only worked because the runtime
builder bundles undeclared workspace helpers). expect-runtime joins the
canonical entrypoints JSON, generated exports, API baseline, docs, and
subpath contract test; all 78 extension imports now use the SDK seam.
Two scanner-shaped locals renamed for review-bundle hygiene.

* chore(plugin-sdk): raise surface budgets for the expect-runtime subpath

One new entrypoint with one callable export, added intentionally as the
packaging-honest seam for extension invariant helpers.
2026-07-12 09:17:31 +01:00
NIO
527f8f0cbb fix(image-gen): bound image generation provider JSON response reads (#96495)
* fix(image-gen): bound image generation provider JSON response reads

Route success JSON reads through readProviderJsonResponse (16 MiB cap)
in openrouter, google, fal, minimax, openai, and vydra image generation
providers to prevent OOM from oversized or hostile endpoint responses.
Mirrors the response-limit campaign already applied to other provider paths.

AI-assisted.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(image-gen): size bounded JSON caps for inline image payloads

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-06-26 07:08:30 -04:00
Vincent Koc
f57c3b55fd fix(microsoft-foundry): repair CI validation issues 2026-06-09 15:45:19 +09:00
Vincent Koc
ea51c3ea50 fix(microsoft-foundry): allow MAI image deployment prefixes 2026-06-09 15:34:28 +09:00
Vincent Koc
c93e837336 fix(microsoft-foundry): require deployment refs for MAI images 2026-06-09 15:34:28 +09:00
Vincent Koc
9cf46d7e5a fix(microsoft-foundry): trust only distinct MAI model metadata 2026-06-09 15:34:28 +09:00
Vincent Koc
5e4a160f54 fix(image-generation): allow explicit defaultless model refs 2026-06-09 15:34:28 +09:00
Vincent Koc
33cac9092b fix(microsoft-foundry): honor MAI image timeout deadlines 2026-06-09 15:34:28 +09:00
Vincent Koc
0c60bad890 fix(microsoft-foundry): require MAI image deployment defaults 2026-06-09 15:34:28 +09:00
Vincent Koc
a172db54b4 fix(microsoft-foundry): allow MAI deployment ids for image generation 2026-06-09 15:34:28 +09:00
Vincent Koc
d0a84089a0 feat(microsoft-foundry): add MAI image provider 2026-06-09 15:34:28 +09:00