fix(security): throw on config validation failure instead of returning empty config#9040
Closed
joetomasone wants to merge 1 commit intoopenclaw:mainfrom
Closed
fix(security): throw on config validation failure instead of returning empty config#9040joetomasone wants to merge 1 commit intoopenclaw:mainfrom
joetomasone wants to merge 1 commit intoopenclaw:mainfrom
Conversation
…g empty config
BREAKING CHANGE: loadConfig() now throws on validation failure instead of
returning {}.
Previously, when config validation failed (e.g., invalid plugin references),
loadConfig() returned {} which caused all security settings (dmPolicy,
allowFrom, groupPolicy) to fall back to permissive defaults. This allowed
unauthorized senders to receive pairing codes or messages.
Now, validation failures propagate as exceptions. Callers must handle the
error explicitly rather than silently operating with no access control.
Fixes openclaw#5052
5 tasks
thewilloftheshadow
force-pushed
the
main
branch
from
bfc1ccb to
f92900f
Compare
4 tasks
|
This pull request has been automatically marked as stale due to inactivity. |
Contributor
Author
|
Friendly bump — this PR is still active and ready for review. Happy to address any feedback. |
This comment was marked as spam.
This comment was marked as spam.
|
This pull request has been automatically marked as stale due to inactivity. |
steipete
added a commit
that referenced
this pull request
Mar 7, 2026
…masone) Land #9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for #5052. Co-authored-by: Joe Tomasone <[email protected]>
Contributor
|
Landed on What I did:
Hashes:
Thanks @joetomasone. |
This was referenced Mar 7, 2026
vincentkoc
pushed a commit
to BryanTegomoh/openclaw-fork
that referenced
this pull request
Mar 8, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
ziomancer
pushed a commit
to ziomancer/openclaw
that referenced
this pull request
Mar 8, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
openperf
pushed a commit
to openperf/moltbot
that referenced
this pull request
Mar 8, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
mcaxtr
pushed a commit
to mcaxtr/openclaw
that referenced
this pull request
Mar 8, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
Saitop
pushed a commit
to NomiciAI/openclaw
that referenced
this pull request
Mar 8, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
GordonSH-oss
pushed a commit
to GordonSH-oss/openclaw
that referenced
this pull request
Mar 9, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
jenawant
pushed a commit
to jenawant/openclaw
that referenced
this pull request
Mar 10, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
4 tasks
dhoman
pushed a commit
to dhoman/chrono-claw
that referenced
this pull request
Mar 11, 2026
…@joetomasone) Land openclaw#9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for openclaw#5052. Co-authored-by: Joe Tomasone <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security Issue
Fixes #5052
When
loadConfig()failed validation (e.g., due to invalid plugin references), it returned{}instead of propagating the error. This caused all security settings to fall back to permissive defaults:dmPolicydefaulted to"pairing"— any sender could get a pairing codeallowFromwas ignored — allowlist protection bypassedgroupPolicywas ignored — group restrictions bypassedRoot Cause
Fix
Throw the error instead of returning empty config:
Impact
BREAKING CHANGE:
loadConfig()now throws on validation failure instead of returning{}.Compatibility with #9036
This pairs well with PR #9036 (systemd restart limits). If config is invalid:
This is the correct fail-closed behavior for a security-critical system.