nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,243 Commits 754 Branches 79 Tags 4 GiB
Commit Graph

56 Commits

Author SHA1 Message Date
Peter Steinberger e4d63818f5 fix: ignore tools.exec.pathPrepend for node hosts 2026-02-14 20:45:05 +01:00
Peter Steinberger 24d2c6292e refactor(security): refine safeBins hardening 2026-02-14 19:59:13 +01:00
Peter Steinberger 77b89719d5 fix(security): block safeBins shell expansion 2026-02-14 19:44:14 +01:00
Peter Steinberger b47fa9e715 refactor(exec): extract bash tool runtime internals 2026-02-13 19:08:37 +00:00
Ramin Shirali Hossein Zade 1af0edf7ff
fix: ensure exec approval is registered before returning (#2402) (#3357) 
* feat(gateway): add register and awaitDecision methods to ExecApprovalManager

Separates registration (synchronous) from waiting (async) to allow callers
to confirm registration before the decision is made. Adds grace period for
resolved entries to prevent race conditions.

* feat(gateway): add two-phase response and waitDecision handler for exec approvals

Send immediate 'accepted' response after registration so callers can confirm
the approval ID is valid. Add exec.approval.waitDecision endpoint to wait for
decision on already-registered approvals.

* fix(exec): await approval registration before returning approval-pending

Ensures the approval ID is registered in the gateway before the tool returns.
Uses exec.approval.request with expectFinal:false for registration, then
fire-and-forget exec.approval.waitDecision for the decision phase.

Fixes #2402

* test(gateway): update exec-approval test for two-phase response

Add assertion for immediate 'accepted' response before final decision.

* test(exec): update approval-id test mocks for new two-phase flow

Mock both exec.approval.request (registration) and exec.approval.waitDecision
(decision) calls to match the new internal implementation.

* fix(lint): add cause to errors, use generics instead of type assertions

* fix(exec-approval): guard register() against duplicate IDs

* fix: remove unused timeoutMs param, guard register() against duplicates

* fix(exec-approval): throw on duplicate ID, capture entry in closure

* fix: return error on timeout, remove stale test mock branch

* fix: wrap register() in try/catch, make timeout handling consistent

* fix: update snapshot on timeout, make two-phase response opt-in

* fix: extend grace period to 15s, return 'expired' status

* fix: prevent double-resolve after timeout

* fix: make register() idempotent, capture snapshot before await

* fix(gateway): complete two-phase exec approval wiring

* fix: finalize exec approval race fix (openclaw#3357) thanks @ramin-shirali

* fix(protocol): regenerate exec approval request models (openclaw#3357) thanks @ramin-shirali

* fix(test): remove unused callCount in discord threading test

---------

Co-authored-by: rshirali <rshirali@rshirali-haga.local>
Co-authored-by: rshirali <rshirali@rshirali-haga-1.home>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 19:57:02 +01:00
Peter Steinberger b272158fe4 perf(test): eliminate resetModules via injectable seams 2026-02-13 16:20:37 +00:00
max ec910a235e
refactor: consolidate duplicate utility functions (#12439) 
* refactor: consolidate duplicate utility functions

- Add escapeRegExp to src/utils.ts and remove 10 local duplicates
- Rename bash-tools clampNumber to clampWithDefault (different signature)
- Centralize formatError calls to use formatErrorMessage from infra/errors.ts
- Re-export formatErrorMessage from cli/cli-utils.ts to preserve API

* refactor: consolidate remaining escapeRegExp duplicates

* refactor: consolidate sleep, stripAnsi, and clamp duplicates
 2026-02-08 23:59:43 -08:00
Peter Steinberger a7f4a53ce8 fix: harden Windows exec allowlist 2026-02-03 09:34:25 -08:00
cpojer 935a0e5708
chore: Enable `typescript/no-explicit-any` rule. 2026-02-02 16:18:09 +09:00
cpojer baa1e95b9d
chore: Enable `no-unnecessary-template-expression` lint rule. 2026-02-02 15:37:05 +09:00
Peter Steinberger a87a07ec8a fix: harden host exec env validation (#4896) (thanks @HassanFleyah) 2026-02-01 15:37:19 -08:00
Hasan FLeyah 0a5821a811
fix(security): enforce strict environment variable validation in exec tool (#4896) 2026-02-01 15:36:24 -08:00
cpojer f06dd8df06
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
Peter Steinberger a42e1c82d9 fix: restore tsc build and plugin install tests 2026-01-31 07:54:15 +00:00
cpojer 3282d22dd9
chore: Fix TypeScript errors 3/n. 2026-01-31 16:47:03 +09:00
cpojer 5ceff756e1
chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
cpojer 15792b153f
chore: Enable more lint rules, disable some that trigger a lot. Will clean up later. 2026-01-31 16:04:04 +09:00
Peter Steinberger 9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger c6cdbb630c fix: harden exec spawn fallback 2026-01-25 06:37:39 +00:00
Ivan Casco fe7436a1f6
fix(exec): only set security=full when elevated mode is full (#1616) 2026-01-24 20:55:21 +00:00
Peter Steinberger 5662a9cdfc fix: honor tools.exec ask/security in approvals 2026-01-24 04:53:44 +00:00
Peter Steinberger 4912e85ac8 fix: fall back to non-PTY exec 2026-01-23 06:27:26 +00:00
Peter Steinberger e872f5335b fix: allow chained exec allowlists 
Co-authored-by: Lucas Czekaj <1464539+czekaj@users.noreply.github.com>
 2026-01-23 00:11:58 +00:00
Lucas Czekaj 4b3e9c0f33 fix(exec): align node exec approvals (#1425) 
Thanks @czekaj.

Co-authored-by: Lucas Czekaj <lukasz@czekaj.us>
 2026-01-22 07:22:43 +00:00
Peter Steinberger 8544df36b8 feat: extend Control UI assistant identity 2026-01-22 07:08:13 +00:00
Peter Steinberger 23ea4a21e0 fix: skip elevated defaults when not allowed 2026-01-22 06:03:23 +00:00
Peter Steinberger a2981c5a2c feat: add elevated ask/full modes 2026-01-22 05:41:11 +00:00
Lucas Czekaj 0c55b1e9ce fix(exec): derive agentId from sessionKey for allowlist lookup 
When creating exec tools via chat/Discord, agentId was not passed,
causing allowlist lookup to use 'default' key instead of 'main'.
User's allowlist entries in agents.main were never matched.

Now derives agentId from sessionKey if not explicitly provided,
ensuring correct allowlist lookup for all exec paths.
 2026-01-22 03:58:53 +00:00
Lucas Czekaj de898c423b fix(exec): pass undefined instead of null for optional approval params 
TypeBox Type.Optional(Type.String()) accepts string|undefined but NOT null.
Discord exec was failing with 'resolvedPath must be string' because callers
passed null explicitly. Web UI worked because it skipped the approval request.

Fixes exec approval validation error in Discord-triggered sessions.
 2026-01-21 18:14:51 -08:00
Peter Steinberger 7e1a17e5e6 fix: unify exec approval ids 2026-01-22 00:59:29 +00:00
Peter Steinberger 3b18efdd25 feat: tighten exec allowlist gating 2026-01-21 21:45:50 +00:00
Peter Steinberger 1ad4a7194e fix: allow node exec fallback and defer node approvals 2026-01-21 04:46:50 +00:00
Peter Steinberger 28c49db494 fix: default exec security to allowlist 2026-01-21 03:40:27 +00:00
Peter Steinberger e45228ac37 fix: merge login shell PATH for gateway exec 2026-01-20 14:04:13 +00:00
Peter Steinberger 87343c374e feat: route exec approvals via gateway 2026-01-20 13:04:19 +00:00
Peter Steinberger 588dc43787 fix: resolve format/build failures 2026-01-19 11:32:15 +00:00
Peter Steinberger 4609ed70c1 fix: align exec approval gateway timeout 2026-01-19 10:09:17 +00:00
Peter Steinberger 2f8206862a refactor: remove bridge protocol 2026-01-19 10:08:29 +00:00
Peter Steinberger 73e9e787b4 feat: unify device auth + pairing 2026-01-19 10:07:56 +00:00
Peter Steinberger 953472bf25 feat: add exec pathPrepend config 2026-01-19 00:35:43 +00:00
Peter Steinberger 3686bde783 feat: add exec approvals tooling and service status 2026-01-18 15:23:41 +00:00
Peter Steinberger ae0b4c4990 feat: add exec host routing + node daemon 2026-01-18 07:46:00 +00:00
Peter Steinberger 1ae415e395 fix: align agent exec config 2026-01-18 04:37:15 +00:00
Peter Steinberger efdb33c975 feat: add exec host approvals flow 2026-01-18 04:27:41 +00:00
Peter Steinberger 252dfbcd40 fix: include context in elevated exec denial 2026-01-17 17:55:11 +00:00
Peter Steinberger d8b463d0b3 fix: cap pending process output 2026-01-17 08:26:12 +00:00
Peter Steinberger 5dc87a2ed4 fix: respond to PTY cursor queries 2026-01-17 07:05:24 +00:00
Peter Steinberger 5ebfc0738f feat: add session slug generator 2026-01-17 06:23:26 +00:00
Peter Steinberger e59d8c5436 style: oxfmt format 2026-01-17 05:48:56 +00:00
Peter Steinberger 07a3db153d feat: notify on exec exit 2026-01-17 05:43:34 +00:00