Commit Graph

11 Commits

Author SHA1 Message Date
Shakker
55750f7c6d test: route security floor env setup 2026-06-18 15:06:13 +01:00
Vincent Koc
adad27d744 fix(exec): honor state dir approvals (#92056) 2026-06-11 09:30:56 +09:00
Peter Steinberger
2feb81249f docs: document exec tool entry 2026-06-04 06:16:34 -04:00
zhang-guiping
60dcaa3cf5 fix #88773: [Bug]: Telegram DM exec requires approval despite allowlist + ask:off — works in webchat, not in Telegram (#89035)
* fix exec ask policy source

* fix gateway test type fixtures

* docs: update exec ask parameter docs to match runtime behavior

* fix: preserve trusted per-call exec ask hardening while blocking model-supplied overrides for channel runs

* docs: align exec ask contract with runtime

* refactor(agents): simplify exec ask policy cleanup

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-06-03 18:33:08 +05:30
kinjitakabe
fee4e52f22 fix(exec): allow known safe shell builtins in allowlist mode
Treat pathless POSIX shell builtins (`:`, `cd`, `false`, `pwd`, `true`) as internally safe only during shell allowlist evaluation. This avoids approval prompts for chains like `cd /tmp && git status` when the executable segment is already allowlisted, without adding a `tools.exec.safeBuiltins` config knob.

Environment-mutating builtins (`export`, `unset`), code-evaluating builtins (`eval`, `source`, `.`), unknown commands, and direct argv execution remain approval-gated unless separately allowlisted.

Proof: `pnpm test src/infra/exec-safe-builtins.test.ts src/agents/bash-tools.exec.security-floor.test.ts -- --reporter=verbose`; `pnpm changed:lanes --json`; `pnpm check:no-conflict-markers`; `git diff --check origin/main...HEAD`. CI related failures were resolved on the final SHA; remaining `checks-node-core-runtime-media-ui` failure is unrelated to this PR.

Fixes #46056.
Thanks @kinjitakabe.

Co-authored-by: kevinkang-ai <273844887+kevinkang-ai@users.noreply.github.com>
2026-05-31 13:39:13 +01:00
joshavant
47c578034a fix(exec): align release validation surfaces
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-05-30 00:04:06 +10:00
joshavant
80227005a0 feat(exec): add normalized auto mode
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-05-30 00:04:06 +10:00
Peter Steinberger
e8785972d0 test: tighten agent auth assertions 2026-05-11 16:21:43 +01:00
Peter Steinberger
e50f323c1f test(exec): isolate OpenClaw home in security floor tests 2026-05-11 13:18:50 +01:00
Peter Steinberger
1cbe6e271b fix(exec): address security floor review 2026-05-11 13:18:50 +01:00
Bryan Pearson
235ad7ec95 fix(exec): keep configured security authoritative 2026-05-11 13:18:50 +01:00