Commit Graph

3 Commits

Author SHA1 Message Date
eeee0717
e97806af16 fix(code-cli): fix dotenv escaping and redaction gaps found in re-review of 4fc8948
Re-review of the previous CLI-config fix batch (4fc8948) surfaced three
regressions introduced by that batch itself, plus two sinks the secret
redaction still missed:

- dotenv.ts: quoting a value that needed escaping (contains #, quotes, or
  leading/trailing whitespace) injected \\ and \" escapes that the real
  `dotenv` package (used by gemini-cli to read the file back) never
  unescapes — it only re-expands \n/\r inside double-quoted values. This
  silently corrupted Windows-style paths (doubled backslashes) and any
  value containing a literal double quote. Fixed by preferring a
  single-quoted value (read back 100% literally) whenever it has no
  embedded single quote, and only escaping \n/\r in the double-quote
  fallback.
- redact.ts: the value-matching regex stopped at the first embedded
  apostrophe in a double-quoted value, or at an already-broken/empty
  quoted pair, leaving the real secret exposed as an unredacted trailing
  fragment in both cases. Fixed by matching the rest of the source line
  (smol-toml embeds raw source lines verbatim in its own error messages)
  instead of a single quoted token.
- Centralized secret redaction inside parseTomlOrThrow/parseJsonOrThrow
  themselves (instead of only at the two call sites that remembered to
  wrap it), closing two previously-unredacted sinks:
  validateCliConfigDraftForWrite (manual config-text editing) and
  draftUpdater.ts's direct parse calls.
- Added missing assertCliConfigCredentials coverage for the
  missing-base-URL branches of OpenCode/Qwen/Kimi (only the missing-API-key
  branch had a test before).

Every fix has a regression test verified to fail without it; the dotenv
and redact tests exercise the real `dotenv`/`smol-toml` packages directly
rather than hand-crafted strings, to catch this class of drift going
forward.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Signed-off-by: eeee0717 <chentao020717Work@outlook.com>
2026-07-05 17:54:14 +08:00
eeee0717
4fc8948ab0 fix(code-cli): resolve data-loss, credential-leak, and behavior-regression findings from PR review
Addresses a local code review of the CLI-config subsystem covering 18 findings
across 2 CRITICAL, 9 IMPORTANT, and 7 SUGGESTION items:

- Distinguish missing-file from read-error in readExternal/snapshotFile so a
  transient read failure (EACCES/EBUSY) no longer gets misread as "file
  doesn't exist," which previously caused the build path to wipe unmanaged
  config keys and the rollback path to trash real user config files.
- Stop using the MANAGED (full-wipe) key set on incremental build paths for
  Gemini/Qwen/Kimi, which was silently deleting fields Cherry has no UI for.
- Quote dotenv values containing `#` or leading/trailing whitespace so
  Gemini's .env file survives round-tripping through external parsers.
- Fail closed (instead of silently defaulting) when OpenCode provider
  resolution fails, and when Claude Code is enabled without an API key.
- Restore the custom OpenClaw gateway port preference and fix an initial-load
  race in the config draft controller that could misclassify a foreign
  config as managed before apiKeys finished loading.
- Redact likely secrets (including multiline TOML triple-quoted values and
  Bearer tokens) from parser error messages before they reach logs/UI.
- Write CLI config files with 0600 permissions instead of the platform
  default, since they contain credentials.
- Avoid a Codex provider display-name collision with the literal "OpenAI"
  sentinel used to encode remoteCompaction.
- Remove the dead Codex "Write Common Config" toggle and its dead OpenClaw
  IPC routes (check_health/get_channels/check_update/perform_update), which
  had no consumers.
- Harden rollback error logging (don't mask the original write error with a
  restore error) and null out empty-shell connection objects instead of
  treating them as valid foreign configs.

Each fix ships with a regression test verified to fail without its
corresponding change.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Signed-off-by: eeee0717 <chentao020717Work@outlook.com>
2026-07-05 17:05:11 +08:00
Pleasurecruise
b387010a29 feat: add CLI config editor & remove Hermes support
Introduce a new renderer-side CLI config subsystem (src/renderer/pages/code/cliConfig/*) with draft editing, parsing, builders, injection, and clearing logic plus UI (CliConfigEditor, config panel integration). Move/refactor CLI page hooks/constants and tests to use the new module. Remove Hermes-specific code and config writers (hermesConfig + tests), drop Hermes from presets/i18n/CodeCli enums and paths. Add openclaw.sync_config IPC handler and adapt CodeCliService to delegate OpenClaw config sync to OpenClawService. Update preference/types to allow optional modelId and adjust related tests.
2026-07-03 15:04:22 +08:00