mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-09 19:43:55 +00:00
* fix(google-meet): bound JSON response body reads to prevent OOM
Replace raw response.json() with readProviderJsonResponse (16 MiB cap)
across meet.ts, calendar.ts, and oauth.ts to prevent unbounded memory
allocation from oversized HTTP response bodies.
Also extract duplicated hasConfig check in createGoogleMeetSpace.
Test: loopback HTTP server test with 4 MiB oversized body + valid body.
* fix(test): prove readProviderJsonResponse bounds the 200 success path
Replace loopback server with synthetic Response objects. The oversized
test now returns HTTP 200 with a 17 MiB body — readProviderJsonResponse
rejects it at its 16 MiB cap, proving the bounded read fires on the
success path (not just the already-bounded 500 error path the old test
exercised).
Ref. https://github.com/openclaw/openclaw/pull/98850
* fix(test): add real HTTP transport integration tests for bounded JSON reads
- Add two vitest integration tests that start a real local TCP server,
fetch through native HTTP transport, and verify readProviderJsonResponse
correctly rejects oversized responses and passes normal ones.
- Existing synthetic-boundary tests unchanged.
Ref. https://github.com/openclaw/openclaw/pull/98850
* fix(test): wrap server.listen in promise executor to satisfy oxlint no-promise-executor-return
* fix(google-meet): add real SSRF-guard transport integration tests for bounded JSON reads
Adds two new integration tests that route meet.googleapis.com requests
through a local TCP server via spyOnGoogleMeetFetch, exercising the
actual fetchGoogleMeetSpace function end-to-end through the SSRF guard
mock. This addresses ClawSweeper review feedback requesting real
transport-level proof of the bounded read contract.
* fix(google-meet): preserve original fetch reference in spyOnGoogleMeetFetch to avoid recursion
The mockImplementation replaced globalThis.fetch, so calling fetch() inside
the mock called the mock itself. Capture globalThis.fetch before spying and
use the saved reference inside the implementation to avoid infinite recursion.
* fix(google-meet): add console.log debug output to loopback proof tests
Add structured console.log evidence markers to the four real HTTP
transport integration tests so that reviewers can see the bounded-read
contract working through actual TCP connections. Format matches the
established pattern from Alix-007's approved bound-read PRs.
* Revert "fix(google-meet): add console.log debug output to loopback proof tests"
This reverts commit e64c26d17e.
* fix(google-meet): tighten response body limits
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
@openclaw/google-meet
Official Google Meet participant plugin for OpenClaw.
This plugin registers the google_meet tool so agents can join Google Meet calls through supported Chrome or Twilio transports.
Install
openclaw plugins install @openclaw/google-meet
Restart the Gateway after installing or updating the plugin.
Configure
Enable the plugin and follow the Google Meet docs for browser profile, transport, and call-join setup:
Package
- Plugin id:
google-meet - Tool:
google_meet - Package:
@openclaw/google-meet - Minimum OpenClaw host:
2026.4.20