vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:20:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: align apply_patch deny policy docs (#76795)

Browse Source
This commit is contained in:
Peter Steinberger
2026-05-03 18:12:31 +01:00
parent 8da9d8c55f
commit 7857dfabcc
4 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -28,6 +28,7 @@ Docs: https://docs.openclaw.ai
### Fixes
- Agents/tools: stop treating `tools.deny: ["write"]` as an implicit `apply_patch` deny; operators who want to block patch writes should deny `apply_patch` or `group:fs` explicitly. Fixes #76749. (#76795) Thanks @Nek-12 and @hclsys.
- Gateway/update: recover an installed-but-unloaded macOS LaunchAgent after package updates, rerun Gateway health/version/channel readiness checks, and print restart, reinstall, and rollback guidance before reporting update failure. (#76790) Thanks @jonathanlindsay.
- Google Meet: route stateful CLI session commands through the gateway-owned runtime so joined realtime sessions survive after the starting CLI process exits. Fixes #76344. Thanks @coltonharris-wq.
- Memory/status: split builtin sqlite-vec store readiness from embedding-provider readiness in `memory status --deep` and `openclaw status`, so local vector-store failures no longer look like provider failures and provider failures no longer hide a healthy local vector store.

8
docs/gateway/config-tools.md
View File

@@ -54,6 +54,14 @@ Global tool allow/deny policy (deny wins). Case-insensitive, supports `*` wildca
}
```
`write` and `apply_patch` are separate tool ids. `allow: ["write"]` also enables `apply_patch` for compatible models, but `deny: ["write"]` does not deny `apply_patch`. To block all file mutation, deny `group:fs` or list each mutating tool explicitly:
```json5
{
tools: { deny: ["write", "edit", "apply_patch"] },
}
```
### `tools.byProvider`
Further restrict tools for specific providers or models. Order: base profile → provider profile → allow/deny.

1
docs/tools/exec.md
View File

@@ -264,6 +264,7 @@ Notes:
- Only available for OpenAI/OpenAI Codex models.
- Tool policy still applies; `allow: ["write"]` implicitly allows `apply_patch`.
- `deny: ["write"]` does not deny `apply_patch`; deny `apply_patch` explicitly or use `deny: ["group:fs"]` when patch writes should also be blocked.
- Config lives under `tools.exec.applyPatch`.
- `tools.exec.applyPatch.enabled` defaults to `true`; set it to `false` to disable the tool for OpenAI models.
- `tools.exec.applyPatch.workspaceOnly` defaults to `true` (workspace-contained). Set it to `false` only if you intentionally want `apply_patch` to write/delete outside the workspace directory.

4
src/agents/pi-tools.policy.test.ts
View File

@@ -37,8 +37,8 @@ describe("pi-tools.policy", () => {
expect(isToolAllowedByPolicyName("apply_patch", { allow: ["write"] })).toBe(true);
});
it("blocks apply_patch when write is denylisted", () => {
expect(isToolAllowedByPolicyName("apply_patch", { deny: ["write"] })).toBe(false);
it("keeps apply_patch when write is denylisted", () => {
expect(isToolAllowedByPolicyName("apply_patch", { deny: ["write"] })).toBe(true);
});
});