vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): tighten elevated allowFrom sender matching

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 21:58:40 +01:00
parent 3a088c9f4f
commit 6817c0ec7b
5 changed files with 282 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/tools/elevated.md
View File

@@ -46,6 +46,12 @@ title: "Elevated Mode"
- Feature gate: `tools.elevated.enabled` (default can be off via config even if the code supports it).
- Sender allowlist: `tools.elevated.allowFrom` with per-provider allowlists (e.g. `discord`, `whatsapp`).
- Unprefixed allowlist entries match sender-scoped identity values only (`SenderId`, `SenderE164`, `From`); recipient routing fields are never used for elevated authorization.
- Mutable sender metadata requires explicit prefixes:
- `name:<value>` matches `SenderName`
- `username:<value>` matches `SenderUsername`
- `tag:<value>` matches `SenderTag`
- `id:<value>`, `from:<value>`, `e164:<value>` are available for explicit identity targeting
- Per-agent gate: `agents.list[].tools.elevated.enabled` (optional; can only further restrict).
- Per-agent allowlist: `agents.list[].tools.elevated.allowFrom` (optional; when set, the sender must match **both** global + per-agent allowlists).
- Discord fallback: if `tools.elevated.allowFrom.discord` is omitted, the `channels.discord.allowFrom` list is used as a fallback (legacy: `channels.discord.dm.allowFrom`). Set `tools.elevated.allowFrom.discord` (even `[]`) to override. Per-agent allowlists do **not** use the fallback.