Commit Graph

30 Commits

Author SHA1 Message Date
NianJiu
1bfa2787b5 fix(exec): resume agent turn for native chat exec approvals (#93949)
* fix(exec): resume agent turn for native chat exec approvals (issue #93918)

Extend the inline approval-pending path that PR #85239 added for webchat to
every bundled chat channel that ships an `approval-handler.runtime`
adapter (Telegram, Discord, Slack, Signal, WhatsApp, iMessage, Matrix,
Google Chat, QQ Bot, plus webchat). When the originating turn can be
approved in the same chat, the gateway resolves the approval in place and
the agent waits inline for the command output instead of terminating the
run on the "approval-pending" tool result.

Before this fix, native chat approvals landed in the fire-and-forget
`sendExecApprovalFollowup` path. The followup either failed silently
against the agent dispatch and fell through to a direct delivery to the
operator, or never reached the agent at all; either way the model never
saw an "Exec running / Exec finished / Exec denied" event. The operator
had to send a follow-up message to recover the turn, and a new approval
was minted because the original run had already ended.

The change:

- Introduces `NATIVE_APPROVAL_CHANNELS` and `isNativeApprovalChannel`
  in `src/utils/message-channel-constants.ts`, listing the channels that
  ship a native chat approval client. `webchat` is included so the
  single-channel check inside `shouldAwaitGatewayApprovalInline` can
  move from "this one id" to "any native approval client".
- Replaces the `INTERNAL_MESSAGE_CHANNEL` equality check in
  `shouldAwaitGatewayApprovalInline` with `isNativeApprovalChannel`,
  preserving the `approvalFollowupMode` opt-out and the existing
  `unavailableReason === null` gate.
- Adds unit tests asserting inline resolution and inline denial for
  every native approval channel, plus a regression test that
  non-native channels (e.g. feishu) and explicit `approvalFollowupMode`
  settings still take the fire-and-forget path.
- Adds a `NATIVE_APPROVAL_CHANNELS` test in
  `src/utils/message-channel.test.ts` to lock the membership and the
  negative cases.

Refs https://github.com/openclaw/openclaw/issues/93918

* fix(lint): restore InternalMessageChannel type export lost during rebase

Rebase on upstream/main dropped the InternalMessageChannel type alias
from message-channel-constants.ts, breaking the plugin-sdk boundary
.dts check ('has no exported member named InternalMessageChannel').
message-channel.ts was also re-importing the type only to re-export
it, triggering the oxlint no-unused-vars rule.

- Re-add 'export type InternalMessageChannel = typeof INTERNAL_MESSAGE_CHANNEL'
  in message-channel-constants.ts so the public re-export is valid.
- Drop the redundant 'type InternalMessageChannel' from the local
  import in message-channel.ts; the value-side import is what the
  file body actually needs.

* test(exec): align native approval routing expectations
2026-06-18 16:41:04 -04:00
Jesse Merhi
c9707ab635 fix(exec): rebuild command authorization on the Tree-sitter command planner
Replace the exec approval parser/planner path with Tree-sitter-backed authorization planning, carrying planner decisions through node and gateway execution.

This keeps unpersistable shell shapes one-shot, adds typed `unavailableDecisions` for approval prompts, and refreshes coverage for allowlist matching, command rendering, durable allow-always persistence, and host approval paths.

Verification:
- GitHub PR checks for ce2381192d: CLEAN, 142 success, 32 skipped, 0 failed, 0 pending.
- /Users/jmerhi/.nvm/versions/node/v24.12.0/bin/node scripts/plugin-sdk-surface-report.mjs --check
- /Users/jmerhi/.nvm/versions/node/v24.12.0/bin/node scripts/run-vitest.mjs test/scripts/plugin-sdk-surface-report.test.ts --reporter=verbose
- Focused exec approval suite: 13 files, 467 tests.
2026-06-18 10:12:48 +10:00
Vincent Koc
df86f36a57 fix(agents): emit inline exec approval decisions 2026-06-17 16:11:32 +08:00
Vincent Koc
481fd10988 feat(agents): emit security events for exec approvals 2026-06-17 16:11:32 +08:00
Vincent Koc
ccf5976d06 fix(gateway): async trajectory export approvals 2026-06-14 22:25:47 +08:00
Peter Steinberger
6537080674 docs: document gateway exec host 2026-06-04 06:09:49 -04:00
brokemac79
3aa460409e fix: route denied exec approval followups to sessions
Routes denied async exec approval followups through the originating main session before using direct external fallback. Keeps strict inline-eval timeout denials fail-closed, while preserving suppression for subagent, cron, and no-session denial cases.

Refs #88167.

Verification:
- git diff --check origin/main...refs/remotes/pr/88417
- .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
- gh pr checks 88417 --repo openclaw/openclaw --watch=false

Co-authored-by: brokemac79 <martin_cleary@yahoo.co.uk>
2026-05-30 21:45:16 +01:00
joshavant
209732535f fix(exec): align release validation checks
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-05-30 00:04:06 +10:00
joshavant
ab84c8cc09 fix(exec): bind gateway auto-review commands
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-05-30 00:04:06 +10:00
joshavant
80227005a0 feat(exec): add normalized auto mode
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-05-30 00:04:06 +10:00
clawsweeper[bot]
17e2ccf179 fix(exec): return approved WebChat gateway exec output inline (#85239)
Summary:
- The PR changes gateway exec approval handling so native WebChat approvals wait for the decision and return a ... al as the exec tool result, while preserving async follow-ups for diagnostics-direct and non-WebChat paths.
- Reproducibility: yes. Current-main source and tests show approval-required gateway exec returns approval-pen ... linked source PR provides live WebChat canary output showing the fixed inline result after native approval.

Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(exec): return approved WebChat gateway exec output inline

Validation:
- ClawSweeper review passed for head 7182322015.
- Required merge gates passed before the squash merge.

Prepared head SHA: 7182322015
Review: https://github.com/openclaw/openclaw/pull/85239#issuecomment-4515339946

Co-authored-by: Zac-W <wangzhifengzac@gmail.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: takhoffman
Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com>
2026-05-22 06:30:34 +00:00
Peter Steinberger
524185a68e fix(exec): bind approval trust to realpaths (#82825) 2026-05-17 03:41:50 +01:00
100menotu001
a1d0b2709a Add security audit suppressions (#76949)
* Add security audit suppressions

* docs: list audit suppression dangerous flag

* fix(security): keep audit suppressions visible

* docs(changelog): thank audit suppression contributor

---------

Co-authored-by: Craig <froelich@craigs.mac.studio.froho>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-05-16 22:57:04 +01:00
Peter Steinberger
b5dc9a578b test: dedupe exec host followup mock reads 2026-05-12 19:24:11 +01:00
Peter Steinberger
69f3ac80df test: guard agent five-hit mock calls 2026-05-12 09:40:35 +01:00
Shakker
4cb35e4bff test: count exec followup results 2026-05-12 03:44:56 +01:00
Peter Steinberger
d1ff0b0fc2 test: tighten exec host gateway assertions 2026-05-09 17:30:23 +01:00
Peter Steinberger
bd0e10a2f6 refactor: route inline eval through command analysis 2026-05-03 18:06:10 +01:00
pashpashpash
6ce1058296 Wire diagnostics through the core chat command (#72936)
* feat: wire codex diagnostics feedback

* fix: harden codex diagnostics hints

* fix: neutralize codex diagnostics output

* fix: tighten codex diagnostics safeguards

* fix: bound codex diagnostics feedback output

* fix: tighten codex diagnostics throttling

* fix: confirm codex diagnostics uploads

* docs: clarify codex diagnostics add-on

* fix: route diagnostics through core command

* fix: tighten diagnostics authorization

* fix: pin diagnostics to bundled codex command

* fix: limit owner status in plugin commands

* fix: scope diagnostics confirmations

* fix: scope codex diagnostics cooldowns

* fix: harden codex diagnostics ownership scopes

* fix: harden diagnostics command trust and display

* fix: keep diagnostics command trust internal

* fix: clarify diagnostics exec boundary

* fix: consume codex diagnostics confirmations atomically

* test: include codex diagnostics binding metadata

* test: use string codex binding timestamps

* fix: keep reserved command trust host-only

* fix: harden diagnostics trust and resume hints

* wire diagnostics through exec approval

* fix: keep diagnostics tests aligned with bundled root trust

* fix telegram diagnostics owner auth

* route trajectory exports through exec approval

* fix trajectory exec command encoding

* fix telegram group owner auth

* fix export trajectory approval hardening

* fix pairing command owner bootstrap

* fix telegram owner exec approvals

* fix: make diagnostics approval flow pasteable

* fix: route native sensitive command followups

* fix: invoke diagnostics exports with current cli

* fix: refresh exec approval protocol models

* fix: list codex diagnostics from thread bindings

* fix: fold codex diagnostics into exec approval

* fix: preserve diagnostics approval line breaks

* docs: clarify diagnostics codex workflow
2026-04-29 07:40:37 +09:00
Peter Steinberger
f5c49758fc test: share gateway exec allowlist fixture 2026-04-19 04:10:19 +01:00
Peter Steinberger
7b2a723891 test: dedupe exec host boundary mocks 2026-04-18 22:18:46 +01:00
Peter Steinberger
f00ef03d91 test: dedupe bash gateway inline eval setup 2026-04-18 21:57:56 +01:00
Peter Steinberger
a89f171865 fix: repair latest main gates 2026-04-06 20:31:34 +01:00
Peter Steinberger
4ad1d96e5d fix(ci): repair typing drift on main 2026-04-06 20:20:30 +01:00
Devin Robison
681931345b fix: this is a real approval boundary bypass that tur (#323) (#62078) 2026-04-06 13:13:35 -06:00
Peter Steinberger
a74fb94fa3 fix(exec): remove host obfuscation gating 2026-04-05 18:01:41 +01:00
Peter Steinberger
9e4cf3996e test: add gateway durable allow-always coverage (#59880) (thanks @luoyanglang) 2026-04-04 15:18:24 +09:00
Peter Steinberger
ffd34f8896 test: reduce agent test import churn 2026-04-03 04:41:09 +01:00
seonang
4207ca2eb8 Fix Telegram exec approval delivery and auto-resume fallback 2026-04-03 00:56:54 +09:00
Vincent Koc
2d53ffdec1 fix(exec): resolve remote approval regressions (#58792)
* fix(exec): restore remote approval policy defaults

* fix(exec): handle headless cron approval conflicts

* fix(exec): make allow-always durable

* fix(exec): persist exact-command shell trust

* fix(doctor): match host exec fallback

* fix(exec): preserve blocked and inline approval state

* Doctor: surface allow-always ask bypass

* Doctor: match effective exec policy

* Exec: match node durable command text

* Exec: tighten durable approval security

* Exec: restore owner approver fallback

* Config: refresh Slack approval metadata

---------

Co-authored-by: scoootscooob <zhentongfan@gmail.com>
2026-04-01 02:07:20 -07:00