NianJiu
1bfa2787b5
fix(exec): resume agent turn for native chat exec approvals ( #93949 )
...
* fix(exec): resume agent turn for native chat exec approvals (issue #93918 )
Extend the inline approval-pending path that PR #85239 added for webchat to
every bundled chat channel that ships an `approval-handler.runtime`
adapter (Telegram, Discord, Slack, Signal, WhatsApp, iMessage, Matrix,
Google Chat, QQ Bot, plus webchat). When the originating turn can be
approved in the same chat, the gateway resolves the approval in place and
the agent waits inline for the command output instead of terminating the
run on the "approval-pending" tool result.
Before this fix, native chat approvals landed in the fire-and-forget
`sendExecApprovalFollowup` path. The followup either failed silently
against the agent dispatch and fell through to a direct delivery to the
operator, or never reached the agent at all; either way the model never
saw an "Exec running / Exec finished / Exec denied" event. The operator
had to send a follow-up message to recover the turn, and a new approval
was minted because the original run had already ended.
The change:
- Introduces `NATIVE_APPROVAL_CHANNELS` and `isNativeApprovalChannel`
in `src/utils/message-channel-constants.ts`, listing the channels that
ship a native chat approval client. `webchat` is included so the
single-channel check inside `shouldAwaitGatewayApprovalInline` can
move from "this one id" to "any native approval client".
- Replaces the `INTERNAL_MESSAGE_CHANNEL` equality check in
`shouldAwaitGatewayApprovalInline` with `isNativeApprovalChannel`,
preserving the `approvalFollowupMode` opt-out and the existing
`unavailableReason === null` gate.
- Adds unit tests asserting inline resolution and inline denial for
every native approval channel, plus a regression test that
non-native channels (e.g. feishu) and explicit `approvalFollowupMode`
settings still take the fire-and-forget path.
- Adds a `NATIVE_APPROVAL_CHANNELS` test in
`src/utils/message-channel.test.ts` to lock the membership and the
negative cases.
Refs https://github.com/openclaw/openclaw/issues/93918
* fix(lint): restore InternalMessageChannel type export lost during rebase
Rebase on upstream/main dropped the InternalMessageChannel type alias
from message-channel-constants.ts, breaking the plugin-sdk boundary
.dts check ('has no exported member named InternalMessageChannel').
message-channel.ts was also re-importing the type only to re-export
it, triggering the oxlint no-unused-vars rule.
- Re-add 'export type InternalMessageChannel = typeof INTERNAL_MESSAGE_CHANNEL'
in message-channel-constants.ts so the public re-export is valid.
- Drop the redundant 'type InternalMessageChannel' from the local
import in message-channel.ts; the value-side import is what the
file body actually needs.
* test(exec): align native approval routing expectations
2026-06-18 16:41:04 -04:00
Jesse Merhi
c9707ab635
fix(exec): rebuild command authorization on the Tree-sitter command planner
...
Replace the exec approval parser/planner path with Tree-sitter-backed authorization planning, carrying planner decisions through node and gateway execution.
This keeps unpersistable shell shapes one-shot, adds typed `unavailableDecisions` for approval prompts, and refreshes coverage for allowlist matching, command rendering, durable allow-always persistence, and host approval paths.
Verification:
- GitHub PR checks for ce2381192d : CLEAN, 142 success, 32 skipped, 0 failed, 0 pending.
- /Users/jmerhi/.nvm/versions/node/v24.12.0/bin/node scripts/plugin-sdk-surface-report.mjs --check
- /Users/jmerhi/.nvm/versions/node/v24.12.0/bin/node scripts/run-vitest.mjs test/scripts/plugin-sdk-surface-report.test.ts --reporter=verbose
- Focused exec approval suite: 13 files, 467 tests.
2026-06-18 10:12:48 +10:00
Vincent Koc
df86f36a57
fix(agents): emit inline exec approval decisions
2026-06-17 16:11:32 +08:00
Vincent Koc
481fd10988
feat(agents): emit security events for exec approvals
2026-06-17 16:11:32 +08:00
Vincent Koc
ccf5976d06
fix(gateway): async trajectory export approvals
2026-06-14 22:25:47 +08:00
Peter Steinberger
6537080674
docs: document gateway exec host
2026-06-04 06:09:49 -04:00
brokemac79
3aa460409e
fix: route denied exec approval followups to sessions
...
Routes denied async exec approval followups through the originating main session before using direct external fallback. Keeps strict inline-eval timeout denials fail-closed, while preserving suppression for subagent, cron, and no-session denial cases.
Refs #88167 .
Verification:
- git diff --check origin/main...refs/remotes/pr/88417
- .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
- gh pr checks 88417 --repo openclaw/openclaw --watch=false
Co-authored-by: brokemac79 <martin_cleary@yahoo.co.uk >
2026-05-30 21:45:16 +01:00
joshavant
209732535f
fix(exec): align release validation checks
...
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com >
2026-05-30 00:04:06 +10:00
joshavant
ab84c8cc09
fix(exec): bind gateway auto-review commands
...
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com >
2026-05-30 00:04:06 +10:00
joshavant
80227005a0
feat(exec): add normalized auto mode
...
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com >
2026-05-30 00:04:06 +10:00
clawsweeper[bot]
17e2ccf179
fix(exec): return approved WebChat gateway exec output inline ( #85239 )
...
Summary:
- The PR changes gateway exec approval handling so native WebChat approvals wait for the decision and return a ... al as the exec tool result, while preserving async follow-ups for diagnostics-direct and non-WebChat paths.
- Reproducibility: yes. Current-main source and tests show approval-required gateway exec returns approval-pen ... linked source PR provides live WebChat canary output showing the fixed inline result after native approval.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(exec): return approved WebChat gateway exec output inline
Validation:
- ClawSweeper review passed for head 7182322015 .
- Required merge gates passed before the squash merge.
Prepared head SHA: 7182322015
Review: https://github.com/openclaw/openclaw/pull/85239#issuecomment-4515339946
Co-authored-by: Zac-W <wangzhifengzac@gmail.com >
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: takhoffman
Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com >
2026-05-22 06:30:34 +00:00
Peter Steinberger
524185a68e
fix(exec): bind approval trust to realpaths ( #82825 )
2026-05-17 03:41:50 +01:00
100menotu001
a1d0b2709a
Add security audit suppressions ( #76949 )
...
* Add security audit suppressions
* docs: list audit suppression dangerous flag
* fix(security): keep audit suppressions visible
* docs(changelog): thank audit suppression contributor
---------
Co-authored-by: Craig <froelich@craigs.mac.studio.froho >
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-05-16 22:57:04 +01:00
Peter Steinberger
b5dc9a578b
test: dedupe exec host followup mock reads
2026-05-12 19:24:11 +01:00
Peter Steinberger
69f3ac80df
test: guard agent five-hit mock calls
2026-05-12 09:40:35 +01:00
Shakker
4cb35e4bff
test: count exec followup results
2026-05-12 03:44:56 +01:00
Peter Steinberger
d1ff0b0fc2
test: tighten exec host gateway assertions
2026-05-09 17:30:23 +01:00
Peter Steinberger
bd0e10a2f6
refactor: route inline eval through command analysis
2026-05-03 18:06:10 +01:00
pashpashpash
6ce1058296
Wire diagnostics through the core chat command ( #72936 )
...
* feat: wire codex diagnostics feedback
* fix: harden codex diagnostics hints
* fix: neutralize codex diagnostics output
* fix: tighten codex diagnostics safeguards
* fix: bound codex diagnostics feedback output
* fix: tighten codex diagnostics throttling
* fix: confirm codex diagnostics uploads
* docs: clarify codex diagnostics add-on
* fix: route diagnostics through core command
* fix: tighten diagnostics authorization
* fix: pin diagnostics to bundled codex command
* fix: limit owner status in plugin commands
* fix: scope diagnostics confirmations
* fix: scope codex diagnostics cooldowns
* fix: harden codex diagnostics ownership scopes
* fix: harden diagnostics command trust and display
* fix: keep diagnostics command trust internal
* fix: clarify diagnostics exec boundary
* fix: consume codex diagnostics confirmations atomically
* test: include codex diagnostics binding metadata
* test: use string codex binding timestamps
* fix: keep reserved command trust host-only
* fix: harden diagnostics trust and resume hints
* wire diagnostics through exec approval
* fix: keep diagnostics tests aligned with bundled root trust
* fix telegram diagnostics owner auth
* route trajectory exports through exec approval
* fix trajectory exec command encoding
* fix telegram group owner auth
* fix export trajectory approval hardening
* fix pairing command owner bootstrap
* fix telegram owner exec approvals
* fix: make diagnostics approval flow pasteable
* fix: route native sensitive command followups
* fix: invoke diagnostics exports with current cli
* fix: refresh exec approval protocol models
* fix: list codex diagnostics from thread bindings
* fix: fold codex diagnostics into exec approval
* fix: preserve diagnostics approval line breaks
* docs: clarify diagnostics codex workflow
2026-04-29 07:40:37 +09:00
Peter Steinberger
f5c49758fc
test: share gateway exec allowlist fixture
2026-04-19 04:10:19 +01:00
Peter Steinberger
7b2a723891
test: dedupe exec host boundary mocks
2026-04-18 22:18:46 +01:00
Peter Steinberger
f00ef03d91
test: dedupe bash gateway inline eval setup
2026-04-18 21:57:56 +01:00
Peter Steinberger
a89f171865
fix: repair latest main gates
2026-04-06 20:31:34 +01:00
Peter Steinberger
4ad1d96e5d
fix(ci): repair typing drift on main
2026-04-06 20:20:30 +01:00
Devin Robison
681931345b
fix: this is a real approval boundary bypass that tur ( #323 ) ( #62078 )
2026-04-06 13:13:35 -06:00
Peter Steinberger
a74fb94fa3
fix(exec): remove host obfuscation gating
2026-04-05 18:01:41 +01:00
Peter Steinberger
9e4cf3996e
test: add gateway durable allow-always coverage ( #59880 ) (thanks @luoyanglang)
2026-04-04 15:18:24 +09:00
Peter Steinberger
ffd34f8896
test: reduce agent test import churn
2026-04-03 04:41:09 +01:00
seonang
4207ca2eb8
Fix Telegram exec approval delivery and auto-resume fallback
2026-04-03 00:56:54 +09:00
Vincent Koc
2d53ffdec1
fix(exec): resolve remote approval regressions ( #58792 )
...
* fix(exec): restore remote approval policy defaults
* fix(exec): handle headless cron approval conflicts
* fix(exec): make allow-always durable
* fix(exec): persist exact-command shell trust
* fix(doctor): match host exec fallback
* fix(exec): preserve blocked and inline approval state
* Doctor: surface allow-always ask bypass
* Doctor: match effective exec policy
* Exec: match node durable command text
* Exec: tighten durable approval security
* Exec: restore owner approver fallback
* Config: refresh Slack approval metadata
---------
Co-authored-by: scoootscooob <zhentongfan@gmail.com >
2026-04-01 02:07:20 -07:00