From bb3ef120e2395733ac6af1c15c3e70f44c4140bc Mon Sep 17 00:00:00 2001
From: jeffaf <jeffbarron@protonmail.com>
Date: Tue, 17 Mar 2026 23:12:19 -0400
Subject: [PATCH] fix(rubberband): exclude media paths from config_tampering
 detection

Writes to the openclaw media directory (inbound/outbound file delivery)
were incorrectly flagged as config_tampering. Added media to the negative
lookahead alongside workspace for both redirect and cp/mv/install patterns.

Fixes false positive when copying images for Telegram delivery.
---
 src/security/rubberband.ts | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/security/rubberband.ts b/src/security/rubberband.ts
index f23c0247f44..9619d04c0b1 100644
--- a/src/security/rubberband.ts
+++ b/src/security/rubberband.ts
@@ -253,17 +253,18 @@ const PATTERNS: Record<string, PatternRule> = {
       // Redirect writes - use non-greedy match, exclude command separators
       />\s*[^;|&\n]*clawdbot\.json/i,
       />\s*[^;|&\n]*openclaw\.json/i,
-      // Match .clawdbot/ and .openclaw/ config paths but EXCLUDE workspace/ subtree
+      // Match .clawdbot/ and .openclaw/ config paths but EXCLUDE workspace/ and media/ subtrees
       // The workspace/ directory is the agent's working area (projects, scripts, etc.)
-      />\s*[^;|&\n]*\.clawdbot\/(?!workspace\/)[^;|&\n]*[^/\s]/i,
-      />\s*[^;|&\n]*\.openclaw\/(?!workspace\/)[^;|&\n]*[^/\s]/i,
+      // The media/ directory is used for inbound/outbound file delivery
+      />\s*[^;|&\n]*\.clawdbot\/(?!workspace\/|media\/)[^;|&\n]*[^/\s]/i,
+      />\s*[^;|&\n]*\.openclaw\/(?!workspace\/|media\/)[^;|&\n]*[^/\s]/i,
       /(echo|cat|printf)[^;|&\n]*>\s*[^;|&\n]*SOUL\.md/i,
       /(echo|cat|printf)[^;|&\n]*>\s*[^;|&\n]*AGENTS\.md/i,
-      // cp/mv/tee/install to config paths (exclude workspace/)
+      // cp/mv/tee/install to config paths (exclude workspace/ and media/)
       /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*clawdbot\.json/i,
       /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*openclaw\.json/i,
-      /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*\.clawdbot\/(?!workspace\/)[^;|&\n]*[^/\s]/i,
-      /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*\.openclaw\/(?!workspace\/)[^;|&\n]*[^/\s]/i,
+      /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*\.clawdbot\/(?!workspace\/|media\/)[^;|&\n]*[^/\s]/i,
+      /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*\.openclaw\/(?!workspace\/|media\/)[^;|&\n]*[^/\s]/i,
       /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*SOUL\.md/i,
       /(cp|mv|install)\s+[^;|&\n]+\s+[^;|&\n]*AGENTS\.md/i,
       /tee\s+[^;|&\n]*SOUL\.md/i,