Skip to content

security: harden system.run against env injection and shell-wrapper bypass#187

Closed
shanselman wants to merge 106 commits intomasterfrom
feature/voice-mode
Closed

security: harden system.run against env injection and shell-wrapper bypass#187
shanselman wants to merge 106 commits intomasterfrom
feature/voice-mode

Conversation

@shanselman
Copy link
Copy Markdown
Collaborator

@shanselman shanselman commented Apr 20, 2026

Summary

Closes #184.

This complements PR #186 by covering the remaining wrapper-bypass portion as well.

NichUK added 30 commits March 23, 2026 01:34
@NichUK
Add Windows voice mode foundation and AlwaysOn runtime
be624fe
@NichUK
Fix voice chat transport and reply routing
f40ffc3
@NichUK
Add configurable voice mode settings and setup UI
a81d31e
@NichUK
Integrate always-on voice mode with tray chat workflow
197a89b
@NichUK
Fix tray voice startup and chat window submission
1340bde
@NichUK
Remove stale always-on autosubmit setting
aed8cb8
@NichUK
Add focused coordinator coverage for tray voice chat
25dd06b
@NichUK
Address voice mode review findings and harden runtime
1336472
@NichUK
Document required Minimax and ElevenLabs provider support
0f1028a
@NichUK
Harden tray chat voice message handling
2c8a46d
@NichUK
Fix voice transport connection task reuse
fdbf48e
@NichUK
Group voice runtime services under Services/Voice
b556c64
@NichUK
Implement MiniMax TTS for voice mode
7f31c12
@NichUK
Add editable TTS provider settings to voice mode
c64f168
@NichUK
Move voice settings into main settings window
907a1a0
@NichUK
Extract hosted voice settings panel from settings window
6dba89b
@NichUK
Generalize cloud TTS providers through catalog contracts
ded41a2
@NichUK
Rename voice modes to VoiceWake and TalkMode
199e534
@NichUK
Move voice settings below node mode toggle
47efc3e
@NichUK
Make cloud TTS voice settings fully catalog-driven
85d7b90
@NichUK
Ship voice provider catalog with the tray app
c1cc0ff
@NichUK
Instrument voice output latency and reduce TTS buffering
83f05ee
@NichUK
Tighten talk mode speech recognition filtering
d137409
@NichUK
Use MiniMax api-uw endpoint for lower TTS latency
05d7bae
@NichUK
Add catalog-driven MiniMax WebSocket TTS
5efcebf
@NichUK
Fix voice restart after settings save
45ff8f8
@NichUK
Fix MiniMax websocket voice playback routing
71d0de4
@NichUK
Add dynamic tray icons for voice states
91ccec3
@NichUK
Add pre-response voice latency timing logs
2ff57fc
@NichUK
Keep talk mode alive after input failures
ffa3fa2
NichUK and others added 27 commits March 26, 2026 22:30
@NichUK
Polish talk mode recovery and settings
ad471b2
@NichUK
Ship v0.1rc3 voice chat and docs fixes
c6be900
@NichUK
Add compact voice repeater window
89ccb08
@NichUK
Refine voice transport and webchat draft bridge
5443dc3
@NichUK
Refine voice mode controls and docs
dc8651c
@NichUK
Add voice mode feature icon asset
a787640
@NichUK
Address remaining voice review comments
67771c2
@NichUK
Tweak voice mode README credit wording
4756563
@NichUK
Merge branch 'codex/webchat-direct-send-restore' into feature/voice-mode
c9dc8e8
@NichUK
Merge remote feature branch into feature/voice-mode
fc66745
@NichUK
Merge origin/master into feature/voice-mode
db108f4
@NichUK
Fix tests after master merge
6c9680f
@NichUK
Update src/OpenClaw.Tray.WinUI/Services/Voice/VoiceCloudTextToSpeechC…
777088c 
…lient.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@NichUK
Fix SupportsSpeechToTextRuntime test assertions to match streaming pr…
78d0a3d 
…ovider route kinds

Agent-Logs-Url: https://github.com/NichUK/openclaw-windows-node/sessions/f2ae3d04-4f08-49c2-8095-9e801a4ccf6d

Co-authored-by: NichUK <346792+NichUK@users.noreply.github.com>
@NichUK
Fix incorrect test project binding to x64
3d5b4e7
@NichUK
Merge branch 'feature/voice-mode' of github.com:NichUK/openclaw-windo…
a6592e8 
…ws-node into feature/voice-mode
@NichUK
Revert "Fix SupportsSpeechToTextRuntime test assertions to match stre…
83c7983 
…aming provider route kinds"

Reverts CoPilot fix
This reverts commit 78d0a3d.
@NichUK
Remove incorrect project binding to x64
1820901
@NichUK
Refactor tray voice code into OpenClaw.Tray.Shared
91006ce 
Move voice-mode test-targeted logic out of the WinUI app and into a dedicated shared project so tray tests no longer need to reference OpenClaw.Tray.WinUI directly.

This restores the original CI assumption that the tray test project can be built on its own without transitively building a Windows App SDK application with an implicit architecture. It also keeps the voice/chat extraction scoped away from the broader OpenClaw.Shared library, which remains general-purpose and non-tray-specific.

The new OpenClaw.Tray.Shared project now contains the shared voice/chat surface used by both the tray app and tray tests, including voice transport helpers, provider catalog loading, cloud TTS support, chat coordination, and the web chat DOM bridge. The WinUI app retains the UI shell pieces, including DispatcherQueueAdapter and the app-level icon path helper.

As a follow-up cleanup during the extraction, split the previous IconHelper into AppIconHelper in the WinUI project and VoiceTrayIconHelper in the shared tray project so the new shared library stays focused on voice-related behavior rather than wider tray infrastructure.
@NichUK
Update src/OpenClaw.Tray.WinUI/App.xaml.cs
fd6c89f 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@NichUK
Update src/OpenClaw.Tray.WinUI/App.xaml.cs
4f3c8c6 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@NichUK
Update src/OpenClaw.Tray.WinUI/Helpers/AppIconHelper.cs
7e7bb32 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@NichUK
Merge pull request #5 from NichUK/codex/fix-pr120-ci
88caa1a 
Refactor tray voice code into OpenClaw.Tray.Shared
@NichUK
Add tests for voice provider configuration helpers
5534e93 
Cover the pure shared logic in VoiceProviderConfigurationStoreExtensions with focused unit tests for case-insensitive provider lookup, case-insensitive setting lookup, SetValue creation/update behavior, and removal of blank or null values.
@NichUK
Merge pull request #6 from NichUK/codex/fix-pr120-ci
57ae532 
Add tests for voice provider configuration helpers
@NichUK
Merge remote-tracking branch 'upstream/master' into feature/voice-mode
7b48541 
# Conflicts:
#	tests/OpenClaw.Shared.Tests/OpenClawGatewayClientTests.cs
@shanselman
security: harden system.run approval checks
89fc8bb 
Closes #184 by blocking dangerous environment overrides and by re-evaluating nested shell-wrapper payloads and chained commands against the exec approval policy.

This extends the partial env-only approach discussed in PR #186 so the Windows node closes both vectors called out in the issue.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@shanselman
Copy link
Copy Markdown
Collaborator Author

shanselman commented Apr 20, 2026

Opened from the wrong long-lived branch by mistake; superseded by #188 with only the intended #184 security changes.

@shanselman shanselman closed this Apr 20, 2026
@github-actions github-actions bot mentioned this pull request Apr 20, 2026
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] system.run: env variable injection and shell wrapper approval bypass

3 participants

@shanselman @NichUK