negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-03 23:02:28 -08:00
parent 6fdb136688
commit 35eb40a700
13 changed files with 289 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/discord/monitor/message-handler.process.ts
View File

@@ -28,6 +28,7 @@ import { readSessionUpdatedAt, resolveStorePath } from "../../config/sessions.js
import { danger, logVerbose, shouldLogVerbose } from "../../globals.js";
import { buildAgentSessionKey } from "../../routing/resolve-route.js";
import { resolveThreadSessionKeys } from "../../routing/session-key.js";
import { buildUntrustedChannelMetadata } from "../../security/channel-metadata.js";
import { truncateUtf16Safe } from "../../utils.js";
import { reactMessageDiscord, removeReactionDiscord } from "../send.js";
import { normalizeDiscordSlug } from "./allow-list.js";
@@ -137,7 +138,13 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
const forumContextLine = isForumStarter ? `[Forum parent: #${forumParentSlug}]` : null;
const groupChannel = isGuildMessage && displayChannelSlug ? `#${displayChannelSlug}` : undefined;
const groupSubject = isDirectMessage ? undefined : groupChannel;
const channelDescription = channelInfo?.topic?.trim();
const untrustedChannelMetadata = isGuildMessage
? buildUntrustedChannelMetadata({
source: "discord",
label: "Discord channel topic",
entries: [channelInfo?.topic],
})
: undefined;
const senderName = sender.isPluralKit
? (sender.name ?? author.username)
: (data.member?.nickname ?? author.globalName ?? author.username);
@@ -145,10 +152,9 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
? (sender.tag ?? sender.name ?? author.username)
: author.username;
const senderTag = sender.tag;
const systemPromptParts = [
channelDescription ? `Channel topic: ${channelDescription}` : null,
channelConfig?.systemPrompt?.trim() || null,
].filter((entry): entry is string => Boolean(entry));
const systemPromptParts = [channelConfig?.systemPrompt?.trim() || null].filter(
(entry): entry is string => Boolean(entry),
);
const groupSystemPrompt =
systemPromptParts.length > 0 ? systemPromptParts.join("\n\n") : undefined;
const storePath = resolveStorePath(cfg.session?.store, {
@@ -281,6 +287,7 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
SenderTag: senderTag,
GroupSubject: groupSubject,
GroupChannel: groupChannel,
UntrustedContext: untrustedChannelMetadata ? [untrustedChannelMetadata] : undefined,
GroupSystemPrompt: isGuildMessage ? groupSystemPrompt : undefined,
GroupSpace: isGuildMessage ? (guildInfo?.id ?? guildSlug) || undefined : undefined,
Provider: "discord" as const,