fix: align claude cli permissions with exec policy

Derive Claude CLI bypass mode from OpenClaw exec YOLO policy, preserve raw Claude permission-mode overrides, update docs/changelog, and cover global/per-agent policy behavior.
2026-05-06 19:00:45 +00:00 · 2026-04-23 23:11:34 +01:00
parent 999caf530b
commit f523bbfcd1
19 changed files with 352 additions and 56 deletions
--- a/extensions/anthropic/cli-backend.ts
+++ b/extensions/anthropic/cli-backend.ts
@@ -36,6 +36,8 @@ export function buildAnthropicCliBackend(): CliBackendPlugin {
        "--verbose",
        "--setting-sources",
        "user",
+        "--allowedTools",
+        "mcp__openclaw__*",
      ],
      resumeArgs: [
        "-p",
@@ -45,6 +47,8 @@ export function buildAnthropicCliBackend(): CliBackendPlugin {
        "--verbose",
        "--setting-sources",
        "user",
+        "--allowedTools",
+        "mcp__openclaw__*",
        "--resume",
        "{sessionId}",
      ],
@@ -53,6 +57,8 @@ export function buildAnthropicCliBackend(): CliBackendPlugin {
      input: "stdin",
      modelArg: "--model",
      modelAliases: CLAUDE_CLI_MODEL_ALIASES,
+      imageArg: "@",
+      imagePathScope: "workspace",
      sessionArg: "--session-id",
      sessionMode: "always",
      sessionIdFields: [...CLAUDE_CLI_SESSION_ID_FIELDS],