Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gateway): include device identity in authenticated loopback probes (#48805)

Browse Source
This commit is contained in:
Cursor Agent 2026-03-17 18:40:11 +00:00
parent 84ae2b63eb
commit 7f0cfb98c7
No known key found for this signature in database
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -137,6 +137,7 @@ Docs: https://docs.openclaw.ai
- Agents/compaction: trigger overflow recovery from the tool-result guard once post-compaction context still exceeds the safe threshold, so long tool loops compact before the next model call hard-fails. (#29371) thanks @keshav55.
- macOS/exec approvals: harden exec-host request HMAC verification to use a timing-safe compare and keep malformed or truncated signatures fail-closed in focused IPC auth coverage.
- Gateway/exec approvals: surface requested env override keys in gateway-host approval prompts so operators can review surviving env context without inheriting noisy base host env.
- Gateway/probe: include device identity in authenticated loopback probes so `openclaw status` and probe RPCs get full paired scopes instead of being scope-limited. Strip identity only for effectively anonymous probes (opts.auth undefined or empty). (#48805)
- Telegram/network: preserve sticky IPv4 fallback state across polling restarts so hosts with unstable IPv6 to `api.telegram.org` stop re-triggering repeated Telegram timeouts after each restart. (#48282) Thanks @yassinebkr.
- Plugins/subagents: forward per-run provider and model overrides through gateway plugin subagent dispatch so plugin-launched agent delegations honor explicit model selection again. (#48277) Thanks @jalehman.
- Agents/compaction: write minimal boundary summaries for empty preparations while keeping split-turn prefixes on the normal path, so no-summarizable-message sessions stop retriggering the safeguard loop. (#42215) thanks @lml2468.

11
src/gateway/probe.ts
View File

@ -45,9 +45,14 @@ export async function probeGateway(opts: {
const disableDeviceIdentity = (() => {
try {
const hostname = new URL(opts.url).hostname;
// Local authenticated probes should stay device-bound so read/detail RPCs
// are not scope-limited by the shared-auth scope stripping hardening.
return isLoopbackHost(hostname) && !(opts.auth?.token || opts.auth?.password);
// Probes should stay device-bound whenever possible so read/detail RPCs
// are not scope-limited by shared-auth/anonymous scope stripping hardening.
// We used to disable identity for all local probes without token/password,
// but that breaks authenticated status checks when hardening is enabled.
//
// Now we only disable it for literal anonymous loopback probes (opts.auth
// undefined) to maintain legacy "no-setup" local status behavior.
return isLoopbackHost(hostname) && opts.auth === undefined;
} catch {
return false;
}