Fixes#78445.
- Use piped stdio for the post-core update child on Windows so the child and descendants do not inherit the parent console handles.
- Relay child stdout/stderr back to the parent when piped so update output remains visible.
- Keep non-Windows behavior on inherited stdio.
- Add focused coverage for the stdio resolver.
Verification:
- `pnpm vitest run src/cli/update-cli/update-command.test.ts`
- `pnpm build`
- `pnpm exec oxlint src/cli/update-cli/update-command.ts src/cli/update-cli/update-command.test.ts`
- Full GitHub CI green at `321608e00ba118421ea65124f494458ed229defd`.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fixes#78159.
- Add `windowsHide: true` to the login-shell env probe used by shell-env fallback on Windows.
- Cover the fallback and trusted-shell paths with focused tests.
- Add the changelog attribution for #78266.
Verification:
- `pnpm vitest run src/infra/shell-env.test.ts`
- `pnpm build`
- `pnpm check`
- Full GitHub CI green at `deb6ffbd3c203fc52f5b320fe5ca5aafa11ade57`.
Summary:
- The PR exports `ensureAbsoluteDirectory` through the fs-safe/SDK runtime facades and routes browser download ... through safe output directory/file helpers with focused tests, a changelog entry, and SDK API hash updates.
- Reproducibility: yes. at source level: current main creates browser download/output roots with raw recursive ... jection coverage for that path. I did not run a live browser runtime reproduction in this read-only review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(browser): use fs-safe output directory helper
- PR branch already contained follow-up commit before automerge: docs(changelog): mention browser fs-safe hardening
- PR branch already contained follow-up commit before automerge: fix(browser): harden download output writes
Validation:
- ClawSweeper review passed for head a9c9570f66.
- Required merge gates passed before the squash merge.
Prepared head SHA: a9c9570f66
Review: https://github.com/openclaw/openclaw/pull/78780#issuecomment-4394146682
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
When gateway.auth.mode is 'none', the local backend self-pairing skip was
gated on sharedAuthOk, which stays false for no-auth mode. The missing-device
handler still rejected with 1008: device identity required.
Fix: shouldSkipLocalBackendSelfPairing now bypasses sharedAuthOk entirely
when authMethod is 'none' and the connection is local (direct_local or
shared_secret_loopback_local) without browser origin. Remote and
browser-originated connections still require proper device auth.
ClawSweeper P1: Make the none-auth backend bypass reachable
ClawSweeper P2: Test the reachable none-auth connect state
Co-Authored-By: Paperclip <noreply@paperclip.ing>
