Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Bug]: Zip file attachments are blocked via the message tool [3 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#78057Fetched 2026-05-06 06:17:24
View on GitHub
Comments
1
Participants
2
Timeline
6
Reactions
2
Author
garyd9garyd9
Participants
clawsweeper[bot]clawsweeper[bot]garyd9garyd9
Timeline (top)
cross-referenced ×3labeled ×2commented ×1

After moving from 2026.4.23 to 2026.5.2, I'm no longer able to have OC send .zip files as attachments to discord DMs (via message tool.) The error is "Host-local media sends only allow buffer-verified images, audio, video, PDF, and Office documents (got application/zip)."

Error Message

After moving from 2026.4.23 to 2026.5.2, I'm no longer able to have OC send .zip files as attachments to discord DMs (via message tool.) The error is "Host-local media sends only allow buffer-verified images, audio, video, PDF, and Office documents (got application/zip)." The error message comes from assertHostReadMediaAllowed() in src/media/web-media.ts

Root Cause

After moving from 2026.4.23 to 2026.5.2, I'm no longer able to have OC send .zip files as attachments to discord DMs (via message tool.) The error is "Host-local media sends only allow buffer-verified images, audio, video, PDF, and Office documents (got application/zip)."

Fix Action

Fixed

PR fix notes

PR #78073: fix(media): allow zip and archive attachments in host-read media sends [AI-assisted]

Description (problem / solution / changelog)

Root Cause

The assertHostReadMediaAllowed() gate in src/media/web-media.ts uses a HOST_READ_ALLOWED_DOCUMENT_MIMES allowlist to control which local file types the message tool can send as attachments. Archive MIME types (application/zip, application/gzip, application/x-tar, application/x-7z-compressed) were never added to this set, so any attempt to send a zip file via the message tool throws:

Host-local media sends only allow buffer-verified images, audio, video, PDF, and Office documents (got application/zip).

This is a regression from the host-read media gate tightening — zip attachments worked in 2026.4.x.

Fix

Add the four common archive MIME types to HOST_READ_ALLOWED_DOCUMENT_MIMES. These formats all have well-known magic bytes that file-type sniffs reliably, so the buffer-verification security invariant is preserved — no opaque blob can masquerade as an archive.

Regression Test Plan

  • Existing message-action-runner.media.test.ts tests pass (19/19).
  • Manual: place a .zip file in workspace, ask the agent to send it via message tool → attachment should succeed instead of throwing LocalMediaAccessError.

Security Impact

Low. Archives are buffer-verified via magic-byte sniffing (PK\x03\x04 for zip, \x1F\x8B for gzip, etc.), maintaining the same security posture as PDF/Office documents already in the allowlist. No new exfiltration vector is introduced — the agent could already send larger Office documents.

Fixes #78057

Changed files

  • src/media/web-media.ts (modified, +5/-1)

PR #78195: feat(media): make host-read MIME allowlist configurable via cfg.media

Description (problem / solution / changelog)

Problem

assertHostReadMediaAllowed in web-media.ts gates host-local file sends on a hardcoded MIME allowlist. The allowlist covers images, audio/video, PDF, and common Office formats but excludes archives and most other types. This is a regression from 4.23: ZIP attachments sent via the message tool now throw LocalMediaAccessError: path-not-allowed.

Approach

Rather than hardcoding additional types (as in #78073) or removing the check from one code path, this PR makes the allowlist operator-configurable via cfg.media:

```jsonc { "media": { // append to the built-in list (default policy) "hostReadAllowedMimes": ["application/zip", "application/gzip"], // or replace it entirely "hostReadMimePolicy": "override", "hostReadAllowedMimes": ["application/zip"] } } ```

hostReadMimePolicy:

  • "extend" (default) — adds the listed types to the built-in allowlist
  • "override" — replaces the built-in list entirely (for operators who want full control)

The built-in allowlist is unchanged; installs that don't set hostReadAllowedMimes see no behavior difference.

Files changed

  • src/config/types.openclaw.ts, src/config/zod-schema.ts, src/config/schema.labels.ts — config schema
  • src/media/load-options.ts — thread hostReadAllowedMimes/hostReadMimePolicy through OutboundMediaLoadParamsOutboundMediaLoadOptions
  • src/media/web-media.tsassertHostReadMediaAllowed now accepts a pre-built allowedDocumentMimes set assembled from the config
  • src/media/outbound-attachment.ts, src/auto-reply/reply/reply-media-paths.ts, src/infra/outbound/message-action-params.ts — thread config fields to callers that have access to cfg
  • Tests updated: ZIP rejection replaced with ZIP-succeeds-with-config test; text-file rejection test restored

Test plan

  • 20/20 message-action-runner.media.test.ts pass
  • 5/5 plugin-sdk/outbound-media.test.ts pass
  • tsc --noEmit clean

Supersedes #78073.

Changed files

  • scripts/bench-sessions-list-seed.ts (added, +398/-0)
  • scripts/bench-sessions-list.ts (added, +394/-0)
  • src/auto-reply/reply/reply-media-paths.ts (modified, +2/-0)
  • src/config/schema.labels.ts (modified, +2/-0)
  • src/config/types.openclaw.ts (modified, +7/-0)
  • src/config/zod-schema.ts (modified, +2/-0)
  • src/infra/outbound/message-action-params.ts (modified, +12/-1)
  • src/infra/outbound/message-action-runner.media.test.ts (modified, +34/-4)
  • src/media/load-options.ts (modified, +7/-0)
  • src/media/outbound-attachment.ts (modified, +13/-4)
  • src/media/web-media.ts (modified, +15/-7)

PR #78292: fix(media): allow buffer-verified ZIP archives in host-read validator

Description (problem / solution / changelog)

Summary

  • Problem: ZIP file attachments are rejected via the message tool with error "Host-local media sends only allow buffer-verified images, audio, video, PDF, and Office documents (got application/zip)". This is a regression from v2026.4.23 to v2026.5.2.
  • What changed: Added application/zip to HOST_READ_ALLOWED_DOCUMENT_MIMES set in src/media/web-media.ts, enabling ZIP files to pass the host-read media validator.
  • Why it matters: Users frequently need to send ZIP archives (e.g., source code bundles) via Discord/other channels. Blocking ZIPs breaks common workflows.

Change Type

  • Bug fix
  • Feature
  • Refactor
  • Docs
  • Security
  • Chore

Scope

  • Gateway/orchestration
  • Skills/tool execution
  • Auth/tokens
  • Memory/storage
  • Integrations (media handling for message tool)
  • API/contracts
  • UI/DX
  • CI/CD

Linked Issue

  • Fixes #78057
  • This PR fixes a regression (ZIP attachments worked in v2026.4.23)

Root Cause

  • HOST_READ_ALLOWED_DOCUMENT_MIMES in src/media/web-media.ts lacked application/zip, causing ZIP files to fail validation.
  • The host-read validator was introduced in commit 3bb02d333865, which omitted ZIP from the initial allowlist.

Regression Test Plan

  • Unit test added
  • Target test: src/media/web-media.test.ts - "allows host-read ZIP files"
  • New test verifies ZIP magic bytes (PK\x03\x04) are accepted as application/zip.

Security Impact

  • ZIP files are validated by file-type magic bytes detection
  • No new permissions/capabilities
  • Disguised files (e.g., CSV with ZIP magic bytes) still rejected via CSV/Markdown special handling

User-visible Changes

  • ZIP attachments now work via message tool (Discord and other channels)
  • No config changes required

Verification

  • Code review of assertHostReadMediaAllowed logic
  • Test added for ZIP acceptance
  • Existing test "rejects binary data disguised as a CSV file" still valid (CSV special handling catches disguised files)

Compatibility

  • Backward compatible
  • No migration needed
  • Restores behavior from v2026.4.23

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • src/media/web-media.test.ts (modified, +15/-0)
  • src/media/web-media.ts (modified, +1/-0)

Code Example

The error message comes from assertHostReadMediaAllowed() in src/media/web-media.ts
RAW_BUFFERClick to expand / collapse

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

After moving from 2026.4.23 to 2026.5.2, I'm no longer able to have OC send .zip files as attachments to discord DMs (via message tool.) The error is "Host-local media sends only allow buffer-verified images, audio, video, PDF, and Office documents (got application/zip)."

Steps to reproduce

  1. Install 2026.5.2 and get discord working.

  2. Assuming you have OC working to send discord DM's, place a small .zip file (a real one, not something else renamed) in your workspace directory.

  3. Ask the agent to send you the file in a discord DM. (for example: Please send me a discord DM with ~/.openclaw/workspace/zipfile.zip attached.)

Expected behavior

The message tool should send you a discord DM with the .zip file attached. (I used this dozens of times with 2026.4.23. I just used it today with "okay, that looks good. zip up the files and send them to my discord DM.")

Actual behavior

The agent works to figure out the discord skill and starts playing with the message tool, and eventually fails. Some agents will then try doing weird stuff like base64 encoding, etc.

OpenClaw version

2026.4.23 and 2026.5.2

Operating system

MacOS Tahoe

Install method

npm via installsh for 4.23 and git via install.sh for 5.2

Model

Same issues with (local) qwen3.6, (local) gemma4, and openai/gpt5.4-mini

Provider / routing chain

all local or direct to openai (for the gpt-5.4-mini)

Additional provider/model setup details

n/a

Logs, screenshots, and evidence

The error message comes from assertHostReadMediaAllowed() in src/media/web-media.ts

Impact and severity

Affected: discord. It probably impacts other channels, but I didn't test them.

Severity: For me, it blocks my workflow. If I can't get the agent to zip up a directory of dozens of source files and send them to me, it becomes very painful to retrieve them.

Frequency: about to repeat 100%

Consequence: Openclaw becomes much less useful if I can't send zip files to myself.

Additional information

src/media/web-media.ts -> assertHostReadMediaAllowed()

Unable to determine what changed between 4.23 and 5.2 that changed this behavior.

If blocking of .zip files is now intentional, please explain why and provide some type of knob or setting to override that. It's kind of silly to generate many source code files and have no easy way to transfer them to the user!

extent analysis

TL;DR

The issue can be fixed by modifying the assertHostReadMediaAllowed() function in src/media/web-media.ts to allow .zip files as attachments.

Guidance

  • Review the changes made to src/media/web-media.ts between versions 2026.4.23 and 2026.5.2 to understand why .zip files are no longer allowed.
  • Modify the assertHostReadMediaAllowed() function to add application/zip to the list of allowed media types.
  • Test the modified function to ensure it allows .zip files to be sent as attachments.
  • Consider adding a configuration option to allow users to override the default allowed media types.

Example

// src/media/web-media.ts
function assertHostReadMediaAllowed(mediaType: string) {
  const allowedTypes = [
    'image/*',
    'audio/*',
    'video/*',
    'application/pdf',
    'application/msword', // Office documents
    'application/zip', // Add this line to allow .zip files
  ];
  if (!allowedTypes.includes(mediaType)) {
    throw new Error(`Host-local media sends only allow ${allowedTypes.join(', ')}`);
  }
}

Notes

The fix assumes that the intention is to allow .zip files as attachments. If the blocking of .zip files is intentional, a different solution may be required.

Recommendation

Apply workaround: Modify the assertHostReadMediaAllowed() function to allow .zip files as attachments, as this is a critical feature for the user's workflow.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

The message tool should send you a discord DM with the .zip file attached. (I used this dozens of times with 2026.4.23. I just used it today with "okay, that looks good. zip up the files and send them to my discord DM.")

#vector store#embedding generation#cache error#pipeline error#runtime error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - ✅(Solved) Fix [Bug]: Zip file attachments are blocked via the message tool [3 pull requests, 1 comments, 2 participants]