fix(security): clarify dmScope remediation path with explicit CLI command#13129
Merged
Conversation
…mand # Problem The security audit and onboarding screens suggested 'Set session.dmScope="..."' for multi-user DM isolation. This led users to try setting the value in invalid config paths (e.g., 'channels.imessage.dmScope'). # Changes - Updated 'src/security/audit.ts' to use 'formatCliCommand' for dmScope remediation. - Updated 'src/commands/doctor-security.ts' and 'src/commands/onboard-channels.ts' to use the explicit 'openclaw config set' command format. # Validation - Verified text alignment with 'pnpm tsgo'. - Confirmed CLI command formatting remains consistent across modified files.
steipete
force-pushed
the
fix/security-audit-path-v2
branch
from
73dc309 to
58f8b34
Compare
steipete
added a commit
that referenced
this pull request
Feb 13, 2026
Contributor
|
Landed via temp rebase onto main.
Thanks @VintLin! |
skyhawk14
pushed a commit
to skyhawk14/openclaw
that referenced
this pull request
Feb 13, 2026
skyhawk14
pushed a commit
to skyhawk14/openclaw
that referenced
this pull request
Feb 13, 2026
GwonHyeok
pushed a commit
to learners-superpumped/openclaw
that referenced
this pull request
Feb 15, 2026
GwonHyeok
pushed a commit
to learners-superpumped/openclaw
that referenced
this pull request
Feb 15, 2026
jiulingyun
added a commit
to jiulingyun/openclaw-cn
that referenced
this pull request
Feb 15, 2026
hughdidit
pushed a commit
to hughdidit/DAISy-Agency
that referenced
this pull request
Mar 1, 2026
This was referenced Mar 1, 2026
6 tasks
hughdidit
pushed a commit
to hughdidit/DAISy-Agency
that referenced
this pull request
Mar 3, 2026
zooqueen
pushed a commit
to hanzobot/core
that referenced
this pull request
Mar 6, 2026
zooqueen
pushed a commit
to hanzobot/core
that referenced
this pull request
Mar 6, 2026
lovewanwan
pushed a commit
to lovewanwan/openclaw
that referenced
this pull request
Apr 28, 2026
lovewanwan
pushed a commit
to lovewanwan/openclaw
that referenced
this pull request
Apr 28, 2026
ogt-redknie
pushed a commit
to ogt-redknie/OPENX
that referenced
this pull request
May 2, 2026
ogt-redknie
pushed a commit
to ogt-redknie/OPENX
that referenced
this pull request
May 2, 2026
github-actions Bot
pushed a commit
to Desicool/openclaw
that referenced
this pull request
May 9, 2026
github-actions Bot
pushed a commit
to Desicool/openclaw
that referenced
this pull request
May 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The security audit and onboarding screens suggested 'Set session.dmScope="..."'
for multi-user DM isolation. This led users to try setting the value in invalid
config paths (e.g., 'channels.imessage.dmScope').
Changes
to use the explicit 'openclaw config set' command format.
Validation
Fixes:#11642
Greptile Overview
Greptile Summary
This PR updates user-facing security guidance around DM session isolation (dmScope) to reduce confusion about where to set the config.
src/security/audit.tsnow recommends an explicitopenclaw config set session.dmScope "per-channel-peer"CLI command (viaformatCliCommand) instead of suggesting users manually edit a config path.src/commands/doctor-security.tsandsrc/commands/onboard-channels.tssimilarly switch the DM-scope remediation text to an explicit CLI command, keeping the formatting consistent with other CLI hints (including profile injection handled byformatCliCommand).No behavioral/security logic changes were introduced; this is primarily a messaging/UX clarification that aligns onboarding + audit output with supported configuration workflows.
Confidence Score: 5/5
formatCliCommandhelper; no control flow or security decision logic was modified. Verified the helper’s behavior with quoted arguments and found no whitespace/format issues in the diff.