nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,573 Commits 968 Branches 100 Tags 6.5 GiB
Commit Graph

62 Commits

Author SHA1 Message Date
Peter Steinberger fff6333773 fix(exec): implement Windows argPattern allowlist flow 2026-04-03 00:09:28 +09:00
Peter Steinberger 65c1716ad4
refactor(infra): clarify jsonl socket contract 2026-04-02 15:20:37 +01:00
Peter Steinberger c678ae7e7a
feat(exec): default host exec to yolo 2026-04-02 14:52:51 +01:00
Vincent Koc ecb4ea9830 fix(ci): restore exec approval masking semantics 2026-04-02 19:23:26 +09:00
wangchunyue a597938be8
fix(exec): strip invalid approval policy enums during config normalization (#59112) 
* fix(exec): strip invalid security/ask enum values during config normalization

* fix(exec): narrow invalid approvals config cleanup

---------

Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-04-02 01:40:10 -07:00
Gustavo Madeira Santana f69570f820
Exec approvals: fix policy source attribution (#59367) 
Merged via squash.

Prepared head SHA: 974945a9f0
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-02 01:28:14 -04:00
Gustavo Madeira Santana ba735d0158
Exec approvals: unify effective policy reporting and actions (#59283) 
Merged via squash.

Prepared head SHA: d579b97a93
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-01 22:02:39 -04:00
Vincent Koc 2d53ffdec1
fix(exec): resolve remote approval regressions (#58792) 
* fix(exec): restore remote approval policy defaults

* fix(exec): handle headless cron approval conflicts

* fix(exec): make allow-always durable

* fix(exec): persist exact-command shell trust

* fix(doctor): match host exec fallback

* fix(exec): preserve blocked and inline approval state

* Doctor: surface allow-always ask bypass

* Doctor: match effective exec policy

* Exec: match node durable command text

* Exec: tighten durable approval security

* Exec: restore owner approver fallback

* Config: refresh Slack approval metadata

---------

Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-04-01 02:07:20 -07:00
Peter Steinberger 1ca01b738b
fix: stabilize exec approval approver routing 2026-03-30 06:25:03 +09:00
Peter Steinberger 276ccd2583
fix(exec): default implicit target to auto 2026-03-30 06:03:08 +09:00
Peter Steinberger 68c674d37c refactor(security): simplify system.run approval model 2026-03-11 01:43:06 +00:00
Peter Steinberger 7289c19f1a fix(security): bind system.run approvals to exact argv text 2026-03-11 01:25:31 +00:00
Peter Steinberger c76d29208b fix(node-host): bind approved script operands 2026-03-07 23:04:00 +00:00
Peter Steinberger 3c71e2bd48 refactor(core): extract shared dedup helpers 2026-03-07 10:41:05 +00:00
Peter Steinberger 155118751f refactor!: remove versioned system-run approval contract 2026-03-02 01:12:53 +00:00
Peter Steinberger 78a7ff2d50 fix(security): harden node exec approvals against symlink rebind 2026-02-26 21:47:45 +01:00
Peter Steinberger 10481097f8 refactor(security): enforce v1 node exec approval binding 2026-02-26 18:09:01 +01:00
Peter Steinberger 4894d907fa refactor(exec-approvals): unify system.run binding and generate host env policy 2026-02-26 16:58:01 +01:00
Peter Steinberger 9a4b2266cc fix(security): bind node system.run approvals to env 2026-02-26 16:38:07 +01:00
Peter Steinberger da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00
Peter Steinberger 92eb3dfc9d refactor(security): unify exec approval request matching 2026-02-26 03:54:37 +01:00
Peter Steinberger 03e689fc89 fix(security): bind system.run approvals to argv identity 2026-02-26 03:41:31 +01:00
Peter Steinberger 4a3f8438e5 fix(gateway): bind node exec approvals to nodeId 2026-02-24 03:05:58 +00:00
Peter Steinberger 51b0772e14 fix(exec-approvals): harden forwarding target and resolve delivery paths 
Co-authored-by: bubmiller <bubmiller@users.noreply.github.com>
 2026-02-22 20:37:22 +01:00
Peter Steinberger b73a2de9f6 refactor(infra): reuse shared home prefix expansion 2026-02-18 17:48:02 +00:00
Peter Steinberger a0e763168f refactor(exec-approvals): share socket default merge 2026-02-15 17:36:08 +00:00
Peter Steinberger 3d0e568007 refactor(infra): share jsonl socket requester 2026-02-15 13:56:50 +00:00
Peter Steinberger ea0ef18704 refactor: centralize exec approval timeout 2026-02-15 01:18:53 +01:00
Peter Steinberger e9de242159 refactor(exec-approvals): share request event types 2026-02-14 15:39:46 +00:00
Peter Steinberger 83bc73f4ea refactor(exec-approvals): split allowlist evaluation module 2026-02-13 19:08:37 +00:00
Peter Steinberger 81fbfa06ee refactor(exec-approvals): extract command analysis module 2026-02-13 19:08:37 +00:00
Marcus Castro e90caa66d8
fix(exec): allow heredoc operator (<<) in allowlist security mode (#13811) 
* fix(exec): allow heredoc operator (<<) in allowlist security mode

* fix: allow multiline heredoc parsing in exec approvals (#13811) (thanks @mcaxtr)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 04:41:51 +01:00
George Pickett 141f551a4c fix(exec-approvals): coerce bare string allowlist entries (#9903) (thanks @mcaxtr) 2026-02-05 15:52:51 -08:00
Marcus Castro 6ff209e932 fix(exec-approvals): coerce bare string allowlist entries to objects (#9790) 2026-02-05 15:52:51 -08:00
Peter Steinberger a7f4a53ce8 fix: harden Windows exec allowlist 2026-02-03 09:34:25 -08:00
Peter Steinberger d1ecb46076 fix: harden exec allowlist parsing 2026-02-02 16:53:15 -08:00
cpojer f06dd8df06
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer 5ceff756e1
chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Peter Steinberger 9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger cad7ed1cb8 fix(exec-approvals): stabilize allowlist ids (#1521) 2026-01-23 19:00:45 +00:00
Peter Steinberger 4b19066cc1 fix: normalize Windows exec allowlist paths 2026-01-23 03:11:41 +00:00
Peter Steinberger e872f5335b fix: allow chained exec allowlists 
Co-authored-by: Lucas Czekaj <1464539+czekaj@users.noreply.github.com>
 2026-01-23 00:11:58 +00:00
Peter Steinberger 36a2584ac7 fix: allowlist match without local exec resolution 2026-01-22 10:29:36 +00:00
Peter Steinberger e389bd478b fix: keep backslashes in quoted exec paths 2026-01-22 09:58:24 +00:00
Peter Steinberger 1a4fade2f7 fix: honor Windows Path casing 2026-01-22 08:33:52 +00:00
Peter Steinberger b748b86b23 fix: canonicalize allowlist paths on Windows 2026-01-22 08:07:55 +00:00
Peter Steinberger 230211fe26 fix: resolve Windows exec paths with extensions 2026-01-22 07:46:50 +00:00
Lucas Czekaj 4b3e9c0f33 fix(exec): align node exec approvals (#1425) 
Thanks @czekaj.

Co-authored-by: Lucas Czekaj <lukasz@czekaj.us>
 2026-01-22 07:22:43 +00:00
Peter Steinberger 9450873c1b fix: align exec approvals default agent 2026-01-22 04:05:54 +00:00
Peter Steinberger 2d583e877b fix: default exec approvals to main agent (#1417) (thanks @czekaj) 2026-01-22 03:58:53 +00:00