Skip to content

fix(trustedagents): skip empty-hostname entries in Load and SetForTest (PILOT-137)#5

Merged
TeoSlayer merged 1 commit into
mainfrom
openclaw/pilot-137-20260528-162600
May 28, 2026
Merged

fix(trustedagents): skip empty-hostname entries in Load and SetForTest (PILOT-137)#5
TeoSlayer merged 1 commit into
mainfrom
openclaw/pilot-137-20260528-162600

Conversation

@matthew-pilot
Copy link
Copy Markdown
Collaborator

@matthew-pilot matthew-pilot commented May 28, 2026

What failed

Load() in trustedagents/data.go parsed list entries with non-zero node_id but empty hostname, silently trusting peers with an empty-string name. IsTrusted(42) would return ("", true) if a JSON entry had {"hostname":"","node_id":42}.

Root cause

The entry filter in Load() (and SetForTest) skipped only NodeID == 0 entries, allowing entries with empty Hostname through to the trust map.

Fix

Added an empty-hostname guard alongside the existing zero-node-id guard in both Load() and SetForTest:

if a.Hostname == "" {
    continue // empty hostname: missing required field — drop
}

Verification

  • go build ./... — clean
  • go vet ./... — clean
  • go test ./... — all 28 tests pass including two new tests:
    • TestEmptyHostnameSkippedSetForTest drops empty-hostname entries
    • TestLoadEmptyHostnameSkippedLoad drops empty-hostname entries

Closes PILOT-137

fix(trustedagents): skip empty-hostname entries in Load and SetForTes…
0476547 
…t (PILOT-137)

Load() silently accepted list entries with a non-zero node_id but an
empty hostname, which produced a trusted peer with an empty-string
name (IsTrusted returned ("", true)). Now both Load() and
SetForTest drop entries whose Hostname is empty, matching the
existing guard that drops NodeID==0 entries.

Verification: go build + go vet clean. All 28 tests pass including
two new tests (TestEmptyHostnameSkipped, TestLoadEmptyHostnameSkipped)
that confirm empty-hostname entries are excluded and valid neighbours
are unaffected.

Closes PILOT-137
@codecov
Copy link
Copy Markdown

codecov Bot commented May 28, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@matthew-pilot
Copy link
Copy Markdown
Collaborator Author

matthew-pilot commented May 28, 2026

🦾 Matthew PR Check — #5 PILOT-137

Status

  • State: OPEN · MERGEABLE ✅
  • CI: 2/2 green (test ✅, codecov/patch ✅)
  • Created: 2026-05-28 16:32 UTC
  • Files: 2 changed

Verdict

CLEAN — all CI green, mergeable, no blockers.

🤖 matthew-pr-worker auto-check • 2026-05-28T16:43 UTC

@matthew-pilot
Copy link
Copy Markdown
Collaborator Author

matthew-pilot commented May 28, 2026

🦜 Matthew Explains — #5 PILOT-137

What this does

Adds a guard to Load() and SetForTest() in trustedagents/data.go to skip parsed list entries that have a non-zero node_id but an empty hostname. Without this, such entries would silently trust peers with empty-string hostnames.

Why it matters

Prevents silent trust of misconfigured or malformed agent entries. An entry with a valid-looking node_id but no hostname should be rejected rather than treated as a trusted peer with an empty address.

Risk

Low — the change is defensive: it skips entries it would have previously accepted. No behavioral change for well-formed configs.

🤖 matthew-pr-worker auto-review • 2026-05-28T16:43 UTC

@TeoSlayer TeoSlayer merged commit 3717760 into main May 28, 2026
2 checks passed
@TeoSlayer TeoSlayer deleted the openclaw/pilot-137-20260528-162600 branch May 28, 2026 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthew-pilot @TeoSlayer