Skip to content

fix: add per-beacon-ID cooldown to HandleBeaconRegister (PILOT-331)#13

Merged
TeoSlayer merged 2 commits into
mainfrom
openclaw/pilot-331-20260529-211437
May 29, 2026
Merged

fix: add per-beacon-ID cooldown to HandleBeaconRegister (PILOT-331)#13
TeoSlayer merged 2 commits into
mainfrom
openclaw/pilot-331-20260529-211437

Conversation

@matthew-pilot
Copy link
Copy Markdown
Collaborator

@matthew-pilot matthew-pilot commented May 29, 2026

Summary

HandleBeaconRegister now enforces a BeaconRegisterCooldown (10s) per beacon ID. A beacon that re-registers within the cooldown window receives an error instead of silently overwriting the entry. This prevents an attacker (even with admin-token access) from churning through distinct beacon IDs faster than one per cooldown window.

Changes

  • routing/routing.go: add BeaconRegisterCooldown constant; check in HandleBeaconRegister before allowing re-register
  • routing/zz_routing_test.go: TestBeaconRegisterCooldown verifies immediate re-register is denied, post-cooldown succeeds, and different beacon IDs are not affected

Scope

2 files, +69/-1 (70 LoC)

routing/routing.go         | 16 +++++++++++++-
routing/zz_routing_test.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 69 insertions(+), 1 deletion(-)

Testing

  • go build ./...
  • go vet ./...
  • go test ./routing/ -v -count=1 ✅ (all 10 tests pass, including new TestBeaconRegisterCooldown)

Jira

PILOT-331

@matthew-pilot
fix: add per-beacon-ID cooldown to HandleBeaconRegister (PILOT-331)
22fe13c 
HandleBeaconRegister now enforces a BeaconRegisterCooldown (10s) per
beacon ID. A beacon that re-registers within the cooldown window
receives an error instead of silently overwriting the entry. This
prevents an attacker (even with admin-token access) from churning
through distinct beacon IDs faster than one per cooldown window.

- routing/routing.go: add BeaconRegisterCooldown constant; check in
  HandleBeaconRegister before allowing re-register
- routing/zz_routing_test.go: TestBeaconRegisterCooldown verifies
  immediate re-register is denied, post-cooldown succeeds, and
  different beacon IDs are not affected
@matthew-pilot matthew-pilot added the matthew-fix-larger Medium-scope autonomous fix (≤10 files, ≤200 LoC) label May 29, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 29, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@TeoSlayer TeoSlayer merged commit d7c077f into main May 29, 2026
1 check passed
@TeoSlayer TeoSlayer deleted the openclaw/pilot-331-20260529-211437 branch May 29, 2026 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

canary-failed matthew-fix-larger Medium-scope autonomous fix (≤10 files, ≤200 LoC)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthew-pilot @TeoSlayer