OpenClaw Base64 Transport Validator
Validate base64-encoded transport payloads — thought signatures, encoded tokens, API payloads — and catch truncation, padding errors, and encoding mismatches before they hit the Gemini API. Based on OpenClaw PRs #82995, #83221, and #83310 merged May 17–18, 2026.
Why Use the Base64 Transport Validator
Built around the base64 validation and input sanitization improvements merged into OpenClaw on May 17–18, 2026.
Truncation Detection
Catches compaction-truncated thought_signature strings — the exact bug from PR #82995 where non-mod-4 lengths caused Gemini HTTP 400 errors.
Strict Charset Validation
Validates standard base64 (A-Z, a-z, 0-9, +, /) and URL-safe (-, _) charsets. Detects mixed encoding and invalid characters instantly.
Decode & Inspect
Decodes valid payloads and shows content preview, byte size, and binary detection — so you can verify the signature contains the data you expect.
Auto-Fix Suggestions
Automatically suggests fixes for common issues: adds missing padding, removes truncation markers, converts URL-safe to standard encoding.
Batch Validation
Validate multiple signatures at once — one per line. Get aggregate stats (valid, invalid, truncated, fixable) and per-line diagnostics.
Sanitization Code
Copy a ready-to-use TypeScript sanitization function based on the actual PR #82995 fix — drop it into your transport layer.
Validate Your Base64 Payloads
Paste a base64 string — or multiple strings in batch mode — and get instant validation with truncation detection, decoding, and fix suggestions.
TypeScript sanitization snippet (from PR #82995)
// Base64 thought_signature sanitizer — based on OpenClaw PR #82995
// Drop truncated/corrupt signatures at the transport boundary
function sanitizeThoughtSignature(
sig: string | undefined,
fallbackSentinel?: string,
): string | undefined {
if (!sig) return undefined;
// Reject truncation markers (compaction artifacts)
if (/[…]|\.{3,}$/.test(sig)) return fallbackSentinel;
// Must be valid base64: mod-4 length, legal charset
if (sig.length % 4 !== 0) return fallbackSentinel;
if (!/^[A-Za-z0-9+/]*={0,2}$/.test(sig)) return fallbackSentinel;
// Verify it actually decodes
try {
atob(sig);
return sig;
} catch {
return fallbackSentinel;
}
}Frequently Asked Questions
What was the base64 thought_signature bug fixed in PR #82995?
During context compaction, OpenClaw's compaction engine could truncate Gemini thought_signature base64 strings mid-token, leaving strings with lengths not divisible by 4 — sometimes ending with ellipsis markers. Both the native Google transport and OpenAI-compatible paths forwarded these invalid strings as-is, triggering Gemini's strict validation with 'Base64 decoding failed' errors (HTTP 400) that aborted entire assistant turns. PR #82995 added sanitization at the transport boundary to silently drop truncated signatures while preserving surrounding content.
Why does base64 length need to be divisible by 4?
Base64 encodes 3 bytes of binary data into 4 ASCII characters. Every valid base64 string must have a length that's a multiple of 4 — with '=' padding characters added to reach that multiple when the input doesn't divide evenly. A non-mod-4 length means the string was either truncated (the compaction bug) or corrupted. The Gemini API enforces this strictly, which is why truncated thought signatures cause immediate 400 errors.
What's the difference between standard and URL-safe base64?
Standard base64 uses '+' and '/' as the 63rd and 64th characters, while URL-safe base64 (RFC 4648 §5) uses '-' and '_' instead — since '+' and '/' have special meaning in URLs. Gemini's thought_signature field uses standard base64, so if you're getting signatures from a system that uses URL-safe encoding, they need to be converted before forwarding. This tool detects the encoding type and warns you about mismatches.
How does the sanitization from PR #82995 work?
The fix validates base64 signatures at the transport boundary — right before they're sent to Gemini. It checks for truncation markers (ellipsis or non-mod-4 lengths), and if a signature is invalid, it's silently dropped rather than forwarded. For Gemini 3 models, an invalid signature falls back to the GEMINI_THOUGHT_SIGNATURE_VALIDATOR_SKIP sentinel; for other models, the field is omitted entirely. Surrounding text and toolCall bodies remain intact.
What are 'unsafe reasoning replay IDs' from PR #83221?
PR #83221 addressed a related issue in GitHub Copilot's integration where reasoning replay IDs could contain unsafe characters that, when base64-encoded and replayed, could cause injection or parsing failures. The fix sanitizes these IDs before they enter the replay pipeline — a similar pattern to the thought_signature sanitization in PR #82995.
How does PR #83310's integer timeout validation relate?
PR #83310 fixed the CLI's --timeout parser to reject fractional and suffixed values (like '1.5' or '10abc') that were silently misinterpreted. This is part of the same theme as PR #82995: tightening input validation at boundaries. The old parser used Number.parseInt() which accepts numeric prefixes; the fix requires the full string to be a decimal digit sequence — a safe positive integer — before converting to milliseconds.