centersl/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-27 09:21:35 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix(media): narrow default local attachment roots

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-22 10:24:46 -07:00
parent 2a66eaf473
commit 5863ce1f78
3 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/start/openclaw.md
View File

@@ -192,6 +192,11 @@ MEDIA:https://example.com/screenshot.png
OpenClaw extracts these and sends them as media alongside the text.
For local paths, the default allowlist is intentionally narrow: the OpenClaw temp
root, the media cache, agent workspace paths, and sandbox-generated files. If you
need broader local-file attachment roots, configure an explicit channel/plugin
allowlist instead of relying on arbitrary host paths.
## Operations checklist
```bash

33
src/media/local-roots.test.ts Normal file
View File

@@ -0,0 +1,33 @@
import path from "node:path";
import { afterEach, describe, expect, it, vi } from "vitest";
import { getAgentScopedMediaLocalRoots, getDefaultMediaLocalRoots } from "./local-roots.js";
describe("local media roots", () => {
afterEach(() => {
vi.unstubAllEnvs();
});
it("keeps temp, media cache, and workspace roots by default", () => {
const stateDir = path.join("/tmp", "openclaw-media-roots-state");
vi.stubEnv("OPENCLAW_STATE_DIR", stateDir);
const roots = getDefaultMediaLocalRoots();
expect(roots).toContain(path.join(stateDir, "media"));
expect(roots).toContain(path.join(stateDir, "workspace"));
expect(roots).toContain(path.join(stateDir, "sandboxes"));
expect(roots).not.toContain(path.join(stateDir, "agents"));
expect(roots.length).toBeGreaterThanOrEqual(3);
});
it("adds the active agent workspace without re-opening broad agent state roots", () => {
const stateDir = path.join("/tmp", "openclaw-agent-media-roots-state");
vi.stubEnv("OPENCLAW_STATE_DIR", stateDir);
const roots = getAgentScopedMediaLocalRoots({}, "ops");
expect(roots).toContain(path.join(stateDir, "workspace-ops"));
expect(roots).toContain(path.join(stateDir, "sandboxes"));
expect(roots).not.toContain(path.join(stateDir, "agents"));
});
});

1
src/media/local-roots.ts
View File

@@ -26,7 +26,6 @@ function buildMediaLocalRoots(
return [
preferredTmpDir,
path.join(resolvedStateDir, "media"),
path.join(resolvedStateDir, "agents"),
path.join(resolvedStateDir, "workspace"),
path.join(resolvedStateDir, "sandboxes"),
];