refactor(gateway): share node command catalog

2026-03-12 07:20:45 +00:00 · 2026-02-26 22:01:06 +01:00
parent d82c042b09
commit d06632ba45
3 changed files with 30 additions and 12 deletions
--- a/src/gateway/node-command-policy.ts
+++ b/src/gateway/node-command-policy.ts
@@ -1,4 +1,9 @@
 import type { OpenClawConfig } from "../config/config.js";
+import {
+  NODE_BROWSER_PROXY_COMMAND,
+  NODE_SYSTEM_NOTIFY_COMMAND,
+  NODE_SYSTEM_RUN_COMMANDS,
+} from "../infra/node-commands.js";
 import type { NodeSession } from "./node-registry.js";

 const CANVAS_COMMANDS = [
@@ -38,14 +43,12 @@ const MOTION_COMMANDS = ["motion.activity", "motion.pedometer"];
 const SMS_DANGEROUS_COMMANDS = ["sms.send"];

 // iOS nodes don't implement system.run/which, but they do support notifications.
-const IOS_SYSTEM_COMMANDS = ["system.notify"];
+const IOS_SYSTEM_COMMANDS = [NODE_SYSTEM_NOTIFY_COMMAND];

 const SYSTEM_COMMANDS = [
-  "system.run.prepare",
-  "system.run",
-  "system.which",
-  "system.notify",
-  "browser.proxy",
+  ...NODE_SYSTEM_RUN_COMMANDS,
+  NODE_SYSTEM_NOTIFY_COMMAND,
+  NODE_BROWSER_PROXY_COMMAND,
 ];

 // "High risk" node commands. These can be enabled by explicitly adding them to
--- a/src/infra/node-commands.ts
+++ b/src/infra/node-commands.ts
@@ -0,0 +1,13 @@
+export const NODE_SYSTEM_RUN_COMMANDS = [
+  "system.run.prepare",
+  "system.run",
+  "system.which",
+] as const;
+
+export const NODE_SYSTEM_NOTIFY_COMMAND = "system.notify";
+export const NODE_BROWSER_PROXY_COMMAND = "browser.proxy";
+
+export const NODE_EXEC_APPROVALS_COMMANDS = [
+  "system.execApprovals.get",
+  "system.execApprovals.set",
+] as const;
--- a/src/node-host/runner.ts
+++ b/src/node-host/runner.ts
@@ -6,6 +6,11 @@ import { GatewayClient } from "../gateway/client.js";
 import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js";
 import type { SkillBinTrustEntry } from "../infra/exec-approvals.js";
 import { getMachineDisplayName } from "../infra/machine-name.js";
+import {
+  NODE_BROWSER_PROXY_COMMAND,
+  NODE_EXEC_APPROVALS_COMMANDS,
+  NODE_SYSTEM_RUN_COMMANDS,
+} from "../infra/node-commands.js";
 import { ensureOpenClawCliOnPath } from "../infra/path-env.js";
 import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
 import { VERSION } from "../version.js";
@@ -189,12 +194,9 @@ export async function runNodeHost(opts: NodeHostRunOptions): Promise<void> {
    scopes: [],
    caps: ["system", ...(browserProxyEnabled ? ["browser"] : [])],
    commands: [
-      "system.run.prepare",
-      "system.run",
-      "system.which",
-      "system.execApprovals.get",
-      "system.execApprovals.set",
-      ...(browserProxyEnabled ? ["browser.proxy"] : []),
+      ...NODE_SYSTEM_RUN_COMMANDS,
+      ...NODE_EXEC_APPROVALS_COMMANDS,
+      ...(browserProxyEnabled ? [NODE_BROWSER_PROXY_COMMAND] : []),
    ],
    pathEnv,
    permissions: undefined,