vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,989 Commits 680 Branches 76 Tags
daaf211e20feaab89f8c1a65343b0daf064a7322
Commit Graph

46 Commits

Author SHA1 Message Date
Peter Steinberger
daaf211e20 fix(node-host): fail closed on unbound interpreter approvals 2026-03-11 02:36:38 +00:00
Harold Hunt
de49a8b72c Telegram: exec approvals for OpenCode/Codex (#37233) 
Merged via squash.

Prepared head SHA: f243379094
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Reviewed-by: @huntharo
 2026-03-09 23:04:35 -04:00
Peter Steinberger
c76d29208b fix(node-host): bind approved script operands 2026-03-07 23:04:00 +00:00
Peter Steinberger
155118751f refactor!: remove versioned system-run approval contract 2026-03-02 01:12:53 +00:00
Peter Steinberger
b67e600bff fix(security): restrict default safe-bin trusted dirs 2026-02-24 23:13:37 +00:00
Peter Steinberger
a67689a7e3 fix: harden allow-always shell multiplexer wrapper handling 2026-02-24 03:06:51 +00:00
Peter Steinberger
f0f886ecc4 docs(security): clarify gateway-node trust boundary in docs 2026-02-24 01:35:44 +00:00
Peter Steinberger
3b8e33037a fix(security): harden safeBins long-option validation 2026-02-23 23:58:58 +00:00
Peter Steinberger
24c954d972 fix(security): harden allow-always wrapper persistence 2026-02-22 22:55:33 +01:00
Peter Steinberger
64b273a71c fix(exec): harden safe-bin trust and add explicit trusted dirs 2026-02-22 22:43:18 +01:00
Peter Steinberger
0d0f4c6992 refactor(exec): centralize safe-bin policy checks 2026-02-22 13:18:25 +01:00
Peter Steinberger
47c3f742b6 fix(exec): require explicit safe-bin profiles 2026-02-22 12:58:55 +01:00
Peter Steinberger
e80c803fa8 fix(security): block shell env allowlist bypass in system.run 2026-02-22 12:47:05 +01:00
Peter Steinberger
89aad7b922 refactor: tighten safe-bin policy model and docs parity 2026-02-21 19:24:23 +01:00
Peter Steinberger
4c1dd9d068 fix(security): harden macos rawCommand allowlist resolution 2026-02-21 19:17:56 +01:00
Peter Steinberger
57fbbaebca fix: block safeBins sort --compress-program bypass 2026-02-21 19:13:53 +01:00
Peter Steinberger
c6ee14d60e fix(security): block grep safe-bin file-read bypass 2026-02-21 11:18:29 +01:00
Peter Steinberger
bafdbb6f11 fix(security): eliminate safeBins file-existence oracle 2026-02-19 14:18:11 +01:00
Peter Steinberger
cfe8457a0f fix(security): harden safeBins stdin-only enforcement 2026-02-19 14:10:45 +01:00
Peter Steinberger
28bac46c92 fix(security): harden safeBins path trust 2026-02-18 04:55:31 +01:00
Peter Steinberger
24d2c6292e refactor(security): refine safeBins hardening 2026-02-14 19:59:13 +01:00
Peter Steinberger
77b89719d5 fix(security): block safeBins shell expansion 2026-02-14 19:44:14 +01:00
Peter Steinberger
31a7e4f937 chore(skills): remove bird skill 2026-02-06 22:28:44 -08:00
Peter Steinberger
d1ecb46076 fix: harden exec allowlist parsing 2026-02-02 16:53:15 -08:00
Seb Slight
abcaa8c7a9 Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
cpojer
8cab78abbc chore: Run pnpm format:fix. 2026-01-31 21:13:13 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
0f8f0fb9d7 docs: clarify command authorization for exec directives 2026-01-26 22:18:41 +00:00
Lucas Czekaj
483fba41b9 feat(discord): add exec approval forwarding to DMs (#1621) 
* feat(discord): add exec approval forwarding to DMs

Add support for forwarding exec approval requests to Discord DMs,
allowing users to approve/deny command execution via interactive buttons.

Features:
- New DiscordExecApprovalHandler that connects to gateway and listens
  for exec.approval.requested/resolved events
- Sends DMs with embeds showing command details and 3 buttons:
  Allow once, Always allow, Deny
- Configurable via channels.discord.execApprovals with:
  - enabled: boolean
  - approvers: Discord user IDs to notify
  - agentFilter: only forward for specific agents
  - sessionFilter: only forward for matching session patterns
- Updates message embed when approval is resolved or expires

Also fixes exec completion routing: when async exec completes after
approval, the heartbeat now uses a specialized prompt to ensure the
model relays the result to the user instead of responding HEARTBEAT_OK.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat: generic exec approvals forwarding (#1621) (thanks @czekaj)

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-24 20:56:40 +00:00
Peter Steinberger
5662a9cdfc fix: honor tools.exec ask/security in approvals 2026-01-24 04:53:44 +00:00
Peter Steinberger
cad7ed1cb8 fix(exec-approvals): stabilize allowlist ids (#1521) 2026-01-23 19:00:45 +00:00
Peter Steinberger
e872f5335b fix: allow chained exec allowlists 
Co-authored-by: Lucas Czekaj <1464539+czekaj@users.noreply.github.com>
 2026-01-23 00:11:58 +00:00
Peter Steinberger
96f1846c2c docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
Peter Steinberger
a2981c5a2c feat: add elevated ask/full modes 2026-01-22 05:41:11 +00:00
Peter Steinberger
9450873c1b fix: align exec approvals default agent 2026-01-22 04:05:54 +00:00
Peter Steinberger
7e1a17e5e6 fix: unify exec approval ids 2026-01-22 00:59:29 +00:00
Peter Steinberger
3b18efdd25 feat: tighten exec allowlist gating 2026-01-21 21:45:50 +00:00
Peter Steinberger
39e24c9937 docs: update node CLI references 2026-01-21 16:48:42 +00:00
Peter Steinberger
06c17a333e docs: update protocol + security notes 2026-01-20 13:04:20 +00:00
Peter Steinberger
d06d440086 docs: clarify macOS node service IPC plan 2026-01-18 16:24:43 +00:00
Peter Steinberger
3686bde783 feat: add exec approvals tooling and service status 2026-01-18 15:23:41 +00:00
Peter Steinberger
4de3c3a028 feat: add exec approvals editor in control ui and mac app 2026-01-18 08:54:38 +00:00
Peter Steinberger
ae0b4c4990 feat: add exec host routing + node daemon 2026-01-18 07:46:00 +00:00
Peter Steinberger
efdb33c975 feat: add exec host approvals flow 2026-01-18 04:27:41 +00:00
Peter Steinberger
0674f1fa3c feat: add exec approvals allowlists 2026-01-18 01:34:31 +00:00