Skip to content

fix(robotic-sentinel): security hardening and high-load resilience#57

Open
umar-robotics-virtuals wants to merge 1 commit intoVirtual-Protocol:mainfrom
umar-robotics-virtuals:robotic-sentinel-security
Open

fix(robotic-sentinel): security hardening and high-load resilience#57
umar-robotics-virtuals wants to merge 1 commit intoVirtual-Protocol:mainfrom
umar-robotics-virtuals:robotic-sentinel-security

Conversation

@umar-robotics-virtuals
Copy link

@umar-robotics-virtuals umar-robotics-virtuals commented Mar 3, 2026

Robotic Sentinel Security & High-Load Fixes

Security hardening and high-load resilience for the ACP seller runtime. Optimized for agents like Robotic Sentinel that handle many concurrent requests from robots (health checks, security scans, audits).

Summary

  • Security: Path traversal, auth request ID encoding, known-offerings whitelist, shell injection removal, Windows process detection
  • High load: Job queue with concurrency limit, API client retry with backoff on 429/5xx
  • Dependencies: npm audit fix — 0 vulnerabilities

Changes

1. Seller runtime

  • Path traversal: loadOffering validates the resolved path stays under the offerings root; rejects offeringName like ".." or "../etc" (offerings.ts).
  • Known offerings only: Seller accepts only offering names from listOfferings(agentDirName). Unknown names rejected in REQUEST and skipped in TRANSACTION (seller.ts).
  • Job queue + concurrency limit: At most SELLER_MAX_CONCURRENT_JOBS (default 5) jobs run in parallel. Extra jobs are queued. Tune via SELLER_MAX_CONCURRENT_JOBS env var (seller.ts).

2. Auth

  • Request ID: getAuthStatus(requestId) uses axios params instead of building the query string manually; avoids query injection (auth.ts).

3. API client

  • Retry with backoff: On 429 or 5xx, retries up to 3 times with exponential backoff (1s, 2s, 4s) (client.ts).

4. Shell injection removal

  • Railway variables: setVariable / deleteVariable use execFileSync with array args (railway.ts).
  • Login URL: openUrl uses execFile with URL as single argument (open.ts).
  • OpenClaw cron: runCli uses execFileSync("openclaw", ["cron", ...args]) instead of shell string (openclawCron.ts).

5. Platform

  • Windows: findSellerPid fallback uses wmic on Windows instead of ps/grep (config.ts).
  • Misc: .commit-msg added to .gitignore; npm audit fix applied.

Files changed

File Change
src/seller/runtime/offerings.ts Path traversal check
src/seller/runtime/seller.ts Known-offerings whitelist, job queue, concurrency limit
src/lib/auth.ts Auth request ID via params
src/lib/client.ts Retry with backoff on 429/5xx
src/lib/config.ts Windows fallback for findSellerPid
src/deploy/railway.ts execFileSync for variables
src/lib/open.ts execFile for openUrl
src/lib/openclawCron.ts execFileSync for cron
.env.example SELLER_MAX_CONCURRENT_JOBS doc
.gitignore .commit-msg
package-lock.json npm audit fix

fix(robotic-sentinel): security hardening and high-load resilience
c46889b 
- Block path traversal and allow only known offerings in seller runtime
- Encode auth requestId via axios params
- Add API client retry with backoff on 429/5xx
- Add job queue with concurrency limit for many robots (SELLER_MAX_CONCURRENT_JOBS)
- Use execFile/execFileSync for Railway vars, openUrl, openclaw cron (no shell)
- Windows fallback for findSellerPid; npm audit fix; .commit-msg in gitignore
@umar-robotics-virtuals umar-robotics-virtuals marked this pull request as ready for review March 3, 2026 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@umar-robotics-virtuals