From 7bb97ed252bffe34a125f93044d2583d9e07ebe0 Mon Sep 17 00:00:00 2001 From: OoO Date: Tue, 28 Apr 2026 12:34:23 +0800 Subject: [PATCH] fix: remove hardcoded Telegram Bot token to resolve AiderHeal security warning --- docs/adr/README.md | 5 +++++ routes/openclaw_bot_routes.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/adr/README.md b/docs/adr/README.md index a53a6e5..f2ba368 100644 --- a/docs/adr/README.md +++ b/docs/adr/README.md @@ -32,6 +32,11 @@ | [008](ADR-008-actual-runtime-on-188.md) | 正式運行環境確認 — 188 Docker Compose(非 110 K3s) | Accepted | 2026-04-18 | | [009](ADR-009-embedding-retry-queue-persistence.md) | Embedding Retry Queue 持久化(DB-backed) | Accepted | 2026-04-19 | | [010](ADR-010-gitea-cicd-pipeline.md) | EwoooC Gitea CI/CD Pipeline(Gitea Actions + Docker Compose) | Accepted | 2026-04-19 | +| [011](ADR-011-cross-project-resource-isolation.md) | 跨專案資源隔離與 Container 管理原則(188 多專案共存邊界) | Accepted | 2026-04-19 | +| [012](ADR-012-agent-action-ladder.md) | Agent Action Ladder(AI Agent 事件介入與自動修復三級信任邊界 L0/L1/L2/L3) | Accepted | 2026-04-19 | +| [013](ADR-013-aiops-autoheal.md) | AIOps 自動修復閉環架構(七步閉環 + SSH Jump Executor) | Accepted | 2026-04-19 | +| [014](ADR-014-ppt-report-system-v2.md) | PPT 簡報系統 V2 — 原生圖表 + 9 種報告類型 | Accepted | 2026-04-20 | +| [015](ADR-015-telegram-bot-menu-restoration.md) | Telegram Bot 完整菜單系統恢復 | Accepted | 2026-04-20 | ## 規範 diff --git a/routes/openclaw_bot_routes.py b/routes/openclaw_bot_routes.py index 121a12f..3f13f18 100644 --- a/routes/openclaw_bot_routes.py +++ b/routes/openclaw_bot_routes.py @@ -74,7 +74,7 @@ openclaw_bot_bp = Blueprint('openclaw_bot', __name__) _seen_update_ids: set = set() _SEEN_MAX = 500 -BOT_TOKEN = os.getenv('OPENCLAW_BOT_TOKEN', '8610496165:AAFOlcWV4oRUSC2TI-fYux7JV97fjNzsYR8') +BOT_TOKEN = os.getenv('OPENCLAW_BOT_TOKEN', '') BOT_API_URL = f"https://api.telegram.org/bot{BOT_TOKEN}" ALLOWED_GROUP = int(os.getenv('OPENCLAW_GROUP_ID', '-1003940688311')) MOMO_BASE_URL = os.getenv('MOMO_BASE_URL', 'https://mo.wooo.work')