refactor: separate exec policy and execution targets

2026-05-02 07:10:23 +00:00 · 2026-03-23 19:33:29 -07:00
parent a96eded4a0
commit 7f373823b0
14 changed files with 444 additions and 170 deletions
--- a/src/node-host/invoke-system-run.ts
+++ b/src/node-host/invoke-system-run.ts
@@ -5,9 +5,9 @@ import type { GatewayClient } from "../gateway/client.js";
 import {
  addAllowlistEntry,
  recordAllowlistUse,
+  resolveApprovalAuditCandidatePath,
  resolveAllowAlwaysPatterns,
  resolveExecApprovals,
-  resolvePolicyAllowlistCandidatePath,
  type ExecAllowlistEntry,
  type ExecAsk,
  type ExecCommandSegment,
@@ -576,7 +576,7 @@ async function executeSystemRunPhase(
        phase.agentId,
        match,
        phase.commandText,
-        resolvePolicyAllowlistCandidatePath(phase.segments[0]?.resolution ?? null, phase.cwd),
+        resolveApprovalAuditCandidatePath(phase.segments[0]?.resolution ?? null, phase.cwd),
      );
    }
  }