LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-07 22:44:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

perf(security): allow audit snapshot and summary cache reuse

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-03 02:32:05 +00:00
parent 62582fc088
commit 895abc5a64
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/security/audit.ts
View File

@@ -6,7 +6,7 @@ import { resolveBrowserConfig, resolveProfile } from "../browser/config.js";
import { resolveBrowserControlAuth } from "../browser/control-auth.js";
import { listChannelPlugins } from "../channels/plugins/index.js";
import { formatCliCommand } from "../cli/command-format.js";
import type { OpenClawConfig } from "../config/config.js";
import type { ConfigFileSnapshot, OpenClawConfig } from "../config/config.js";
import { resolveConfigPath, resolveStateDir } from "../config/paths.js";
import { resolveGatewayAuth } from "../gateway/auth.js";
import { buildGatewayConnectionDetails } from "../gateway/call.js";
@@ -104,6 +104,10 @@ export type SecurityAuditOptions = {
execIcacls?: ExecFn;
/** Dependency injection for tests (Docker label checks). */
execDockerRawFn?: typeof execDockerRaw;
/** Optional preloaded config snapshot to skip audit-time config file reads. */
configSnapshot?: ConfigFileSnapshot | null;
/** Optional cache for code-safety summaries across repeated deep audits. */
codeSafetySummaryCache?: Map<string, Promise<unknown>>;
};
function countBySeverity(findings: SecurityAuditFinding[]): SecurityAuditSummary {
@@ -1033,11 +1037,14 @@ export async function runSecurityAudit(opts: SecurityAuditOptions): Promise<Secu
const configSnapshot =
opts.includeFilesystem !== false
? await readConfigSnapshotForAudit({ env, configPath }).catch(() => null)
? opts.configSnapshot !== undefined
? opts.configSnapshot
: await readConfigSnapshotForAudit({ env, configPath }).catch(() => null)
: null;
if (opts.includeFilesystem !== false) {
const codeSafetySummaryCache = new Map<string, Promise<unknown>>();
const codeSafetySummaryCache =
opts.codeSafetySummaryCache ?? new Map<string, Promise<unknown>>();
findings.push(
...(await collectFilesystemFindings({
stateDir,