feat(kiloclaw): workspace file editor for /root/.openclaw/#1140
Merged
feat(kiloclaw): workspace file editor for /root/.openclaw/#1140
Conversation
Adds getFileTree, readFile, and writeFile gateway methods, DO stub methods, and platform API routes (/files/tree, /files/read, /files/write). Also fixes pre-existing TS18046 errors in files.test.ts and adds file_etag_conflict/file_not_found to OPENCLAW_CONFIG_ERROR_CODES.
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
Contributor
Code Review SummaryStatus: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Other Observations (not in diff)No additional summary-only issues. Files Reviewed (29 files)
Fix these issues in Kilo Cloud Reviewed by gpt-5.4-20260305 · 2,349,190 tokens |
…, JSON validation
- buildTree: skip unreadable directories instead of crashing - buildTree: filter files by allowed extensions to avoid info disclosure - backupFile: wrap in try/catch so backup failures don't block writes
… validation - Close button now prompts when unsaved changes exist (same dialog as file switch) - After save, use savedContentRef to avoid flashing stale content while query refetches - Server-side validation rejects non-object JSON for openclaw.json writes
- resolveSafePath/verifyCanonicalized now check all path segments for 'credentials', not just the first — prevents access to nested credentials dirs like workspace/credentials/key.json - backupFile test now includes the newly created backup in the mock directory listing to match real call order (copyFileSync before readdirSync)
…, handle corrupt openclaw.json - Add unit tests for verifyCanonicalized (symlink escape, credentials at any depth) - Wrap onDirtyChange in useCallback to prevent unnecessary effect firings on parent re-renders - readFile tRPC: return raw content when openclaw.json is unparseable instead of 500, so the user can fix it in the editor
…ding On file_etag_conflict, keep editedContent and show diff view so the user can compare their version against the server's, instead of silently clearing their work.
…ave path - Add redactRawText() for regex-based secret redaction when JSON.parse fails, so broken openclaw.json doesn't leak raw API keys to the browser - Handle broken current file in save path — skip secret restoration when on-disk JSON is unparseable so the user can actually save their repair
Remove redactRawText and broken-file save workaround. Both read and write paths now throw a clear error directing users to contact support when openclaw.json contains invalid JSON.
…ditor # Conflicts: # src/routers/kiloclaw-router.ts
Only treat bare 404s (no error code) as "unknown route" from old controllers. 404s with a specific code like file_not_found should propagate so callers get the correct error instead of "controller too old".
Wrap atomicWrite in try-catch to return a structured 500 response on write failure (disk full, permissions) instead of an unhandled exception.
…coded string Export BLOCKED_SEGMENTS from safe-path and use it in buildTree's directory filter to maintain a single source of truth for blocked paths.
Add explicit check for '..' and '.' path segments at the tRPC layer so path traversal attempts are rejected before reaching the controller.
iscekic
added a commit
that referenced
this pull request
Mar 17, 2026
The credentials directory was blocked at both the controller level (BLOCKED_SEGMENTS in safe-path) and the Next.js router level (USER_FILTERED_DIRS). Remove both layers so users can see and access credentials folders in the workspace file editor. Closes #1140
The credentials directory was blocked at both the controller level (BLOCKED_SEGMENTS in safe-path) and the Next.js router level (USER_FILTERED_DIRS). Remove both layers so users can see and access credentials folders in the workspace file editor.
Move backup files from alongside the original file to a centralized .kilo-backups folder at the root. Backup filenames use sanitized paths (slashes replaced with __) with format: name.timestamp.bak
iscekic
force-pushed
the
feat/workspace-file-editor
branch
from
23b8a11 to
26cde25
Compare
Users now see the full unfiltered tree and can read/write any file the controller allows. The controller's resolveSafePath already handles path traversal protection.
iscekic
force-pushed
the
feat/workspace-file-editor
branch
from
7189460 to
a2f2241
Compare
Backup copies of openclaw.json (.kilo-backups/openclaw.json.*.bak) now go through the same secret redaction as the original file. Also make the Edit Files button open-only so closing goes through the unsaved-changes confirmation dialog.
Users own their secrets — no need to redact them in their own editor. This removes the redact-on-read / restore-on-write dance, simplifying both the read and write paths for openclaw.json.
jeanduplessis
approved these changes
Mar 17, 2026
pandemicsyn
approved these changes
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/root/.openclaw/directory treeChanges
Controller (
kiloclaw/controller/)/_kilo/files/tree,/_kilo/files/read,/_kilo/files/writesafe-path.ts: path traversal protection (rejects.., absolute paths, null bytes, symlink escapes viaverifyCanonicalized)backup-file.ts: pre-write backups to.kilo-backups/directory with sanitized filenames (path/to/file.md→.kilo-backups/path__to__file.md.<timestamp>.bak), 5-backup rotationatomic-write.ts: temp file + rename for crash-safe writestRPC router (
src/routers/kiloclaw-router.ts)fileTree,readFile,writeFileprocedures behindclawAccessProcedure(billing gate)openclaw.jsonwrite validates JSON object shape (server-side + client-side)handleFileOperationErrormaps controller 400/404/409 to proper tRPC error codesAdmin (
src/routers/admin-kiloclaw-instances-router.ts)adminProcedure— same unfiltered accessUI
FileTree: collapsible directory tree, directories collapsed by defaultFileEditorPane: Monaco editor with diff view, ETag conflict detection, optimistic save updatesFileEditorShell: resizable sidebar, unsaved-changes confirmation dialog, min-height 500pxWorkspaceFileEditor/AdminFileEditor: wiring for user and admin contextsSettingsTab: "Edit Files" button is open-only (closing goes through unsaved-changes guard)Test plan
/root/.openclaw/contents (including credentials, .kilo-backups)openclaw.json→ validates JSON object before saving