fix: scope 2026.3.8 patch to redaction crash

2026-03-10 20:37:41 +08:00 · 2026-03-10 20:37:41 +08:00 · 4c740f7dd3
commit 4c740f7dd3
parent 7e4e9d3371
3 changed files with 13 additions and 11 deletions
--- a/src/config/redact-snapshot.raw.test.ts
+++ b/src/config/redact-snapshot.raw.test.ts
@ -67,13 +67,19 @@ describe("replaceSensitiveValuesInRaw", () => {
  });

  it("handles non-string raw input gracefully", () => {
-    const result = replaceSensitiveValuesInRaw({
+    const nullResult = replaceSensitiveValuesInRaw({
      raw: null as unknown as string,
      sensitiveValues: ["test"],
      redactedSentinel: "***",
    });
-    // String(null) returns "null", but our defensive code returns empty string
-    expect(result).toBe("");
+    const objectResult = replaceSensitiveValuesInRaw({
+      raw: { secret: "test" } as unknown as string,
+      sensitiveValues: ["test"],
+      redactedSentinel: "***",
+    });
+
+    expect(nullResult).toBe("");
+    expect(objectResult).toBe("");
  });

  it("handles unicode strings", () => {
--- a/src/config/redact-snapshot.raw.ts
+++ b/src/config/redact-snapshot.raw.ts
@ -5,9 +5,8 @@ import JSON5 from "json5";
 * Redacts sensitive values from a raw config string.
 * Filters out empty/null/undefined values to prevent RangeError (#41247).
 *
- * Note: When `params.raw` is not a string (e.g., null, number), it is
- * converted to a string via `String(params.raw ?? "")` and returned
- * without redaction. This is a silent fallback for invalid input.
+ * Note: When `params.raw` is not a string, this returns an empty string
+ * defensively instead of returning a stringified unredacted value.
 */
 export function replaceSensitiveValuesInRaw(params: {
  raw: string;
@ -16,7 +15,7 @@ export function replaceSensitiveValuesInRaw(params: {
 }): string {
  // Defensive: validate input types
  if (typeof params.raw !== "string") {
-    return String(params.raw ?? "");
+    return "";
  }

  // Defensive: normalize and filter sensitive values
--- a/src/gateway/server-cron.ts
+++ b/src/gateway/server-cron.ts
@ -292,10 +292,7 @@ export function buildGatewayCronService(params: {
        abortSignal,
        agentId,
        sessionKey: `cron:${job.id}`,
-        // FIX #41266: Use subagent lane to avoid deadlock with cron lane
-        // The outer enqueueRun already holds CommandLane.Cron; using "cron"
-        // here would cause deadlock since cron lane has concurrency=1.
-        lane: "subagent",
+        lane: "cron",
      });
    },
    sendCronFailureAlert: async ({ job, text, channel, to, mode, accountId }) => {