mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-07 07:20:43 +00:00
f523bbfcd1
Derive Claude CLI bypass mode from OpenClaw exec YOLO policy, preserve raw Claude permission-mode overrides, update docs/changelog, and cover global/per-agent policy behavior.
143 lines
4.3 KiB
TypeScript
143 lines
4.3 KiB
TypeScript
import type { CliBackendConfig } from "../config/types.js";
|
|
import type { OpenClawConfig } from "../config/types.openclaw.js";
|
|
|
|
export type PluginTextReplacement = {
|
|
from: string | RegExp;
|
|
to: string;
|
|
};
|
|
|
|
export type PluginTextTransforms = {
|
|
/** Rewrites applied to outbound prompt text before provider/CLI transport. */
|
|
input?: PluginTextReplacement[];
|
|
/** Rewrites applied to inbound assistant text before OpenClaw consumes it. */
|
|
output?: PluginTextReplacement[];
|
|
};
|
|
|
|
export type CliBundleMcpMode =
|
|
| "claude-config-file"
|
|
| "codex-config-overrides"
|
|
| "gemini-system-settings";
|
|
|
|
export type CliBackendPrepareExecutionContext = {
|
|
config?: OpenClawConfig;
|
|
workspaceDir: string;
|
|
agentDir?: string;
|
|
provider: string;
|
|
modelId: string;
|
|
authProfileId?: string;
|
|
};
|
|
|
|
export type CliBackendPreparedExecution = {
|
|
env?: Record<string, string>;
|
|
clearEnv?: string[];
|
|
cleanup?: () => Promise<void>;
|
|
};
|
|
|
|
export type CliBackendAuthEpochMode = "combined" | "profile-only";
|
|
|
|
export type CliBackendNormalizeConfigContext = {
|
|
config?: OpenClawConfig;
|
|
backendId: string;
|
|
agentId?: string;
|
|
};
|
|
|
|
/** Plugin-owned CLI backend defaults used by the text-only CLI runner. */
|
|
export type CliBackendPlugin = {
|
|
/** Provider id used in model refs, for example `claude-cli/opus`. */
|
|
id: string;
|
|
/** Default backend config before user overrides from `agents.defaults.cliBackends`. */
|
|
config: CliBackendConfig;
|
|
/**
|
|
* Optional live-smoke metadata owned by the backend plugin.
|
|
*
|
|
* Keep provider-specific test wiring here instead of scattering it across
|
|
* Docker wrappers, docs, and gateway live tests.
|
|
*/
|
|
liveTest?: {
|
|
defaultModelRef?: string;
|
|
defaultImageProbe?: boolean;
|
|
defaultMcpProbe?: boolean;
|
|
docker?: {
|
|
npmPackage?: string;
|
|
binaryName?: string;
|
|
};
|
|
};
|
|
/**
|
|
* Whether OpenClaw should inject bundle MCP config for this backend.
|
|
*
|
|
* Keep this opt-in. Only backends that explicitly consume OpenClaw's bundle
|
|
* MCP bridge should enable it.
|
|
*/
|
|
bundleMcp?: boolean;
|
|
/**
|
|
* Provider-owned bundle MCP integration strategy.
|
|
*
|
|
* Different CLIs wire MCP through different surfaces:
|
|
* - Claude: `--strict-mcp-config --mcp-config`
|
|
* - Codex: `-c mcp_servers=...`
|
|
* - Gemini: system-level `settings.json`
|
|
*/
|
|
bundleMcpMode?: CliBundleMcpMode;
|
|
/**
|
|
* Optional config normalizer applied after user overrides merge.
|
|
*
|
|
* Use this for backend-specific compatibility rewrites when old config
|
|
* shapes need to stay working.
|
|
*/
|
|
normalizeConfig?: (
|
|
config: CliBackendConfig,
|
|
context?: CliBackendNormalizeConfigContext,
|
|
) => CliBackendConfig;
|
|
/**
|
|
* Backend-owned final system-prompt transform.
|
|
*
|
|
* Use this for tiny CLI-specific compatibility rewrites without replacing
|
|
* the generic CLI runner or prompt builder.
|
|
*/
|
|
transformSystemPrompt?: (ctx: {
|
|
config?: OpenClawConfig;
|
|
workspaceDir?: string;
|
|
provider: string;
|
|
modelId: string;
|
|
modelDisplay: string;
|
|
agentId?: string;
|
|
systemPrompt: string;
|
|
}) => string | null | undefined;
|
|
/**
|
|
* Backend-owned bidirectional text replacements.
|
|
*
|
|
* `input` applies to the system prompt and user prompt passed to the CLI.
|
|
* `output` applies to parsed/streamed assistant text from the CLI.
|
|
*/
|
|
textTransforms?: PluginTextTransforms;
|
|
/**
|
|
* Preferred auth-profile id when the caller did not explicitly lock one.
|
|
*
|
|
* Use this when the backend should consume a canonical OpenClaw auth profile
|
|
* rather than ambient host auth by default.
|
|
*/
|
|
defaultAuthProfileId?: string;
|
|
/**
|
|
* Session/auth epoch source policy.
|
|
*
|
|
* `combined` keeps the legacy "host credential + auth profile" fingerprint.
|
|
* `profile-only` treats the selected OpenClaw auth profile as the sole auth
|
|
* owner for session invalidation when one is present.
|
|
*/
|
|
authEpochMode?: CliBackendAuthEpochMode;
|
|
/**
|
|
* Backend-owned execution bridge.
|
|
*
|
|
* Use this on async run paths when the backend needs a generated auth/config
|
|
* bridge (for example a private CLI home directory) without teaching the core
|
|
* runner about provider-specific file formats.
|
|
*/
|
|
prepareExecution?: (
|
|
ctx: CliBackendPrepareExecutionContext,
|
|
) =>
|
|
| Promise<CliBackendPreparedExecution | null | undefined>
|
|
| CliBackendPreparedExecution
|
|
| null
|
|
| undefined;
|
|
};
|