mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-12 17:51:22 +00:00
111 lines
3.0 KiB
TypeScript
111 lines
3.0 KiB
TypeScript
import type { OpenClawConfig } from "../config/config.js";
|
|
import type { SessionEntry } from "../config/sessions.js";
|
|
import type { ExecAsk, ExecHost, ExecSecurity, ExecTarget } from "../infra/exec-approvals.js";
|
|
import { resolveAgentConfig, resolveSessionAgentId } from "./agent-scope.js";
|
|
import { isRequestedExecTargetAllowed, resolveExecTarget } from "./bash-tools.exec-runtime.js";
|
|
import { resolveSandboxRuntimeStatus } from "./sandbox/runtime-status.js";
|
|
|
|
type ResolvedExecConfig = {
|
|
host?: ExecTarget;
|
|
security?: ExecSecurity;
|
|
ask?: ExecAsk;
|
|
node?: string;
|
|
};
|
|
|
|
function resolveExecConfigState(params: {
|
|
cfg?: OpenClawConfig;
|
|
sessionEntry?: SessionEntry;
|
|
agentId?: string;
|
|
sessionKey?: string;
|
|
}): {
|
|
cfg: OpenClawConfig;
|
|
host: ExecTarget;
|
|
agentExec?: ResolvedExecConfig;
|
|
globalExec?: ResolvedExecConfig;
|
|
} {
|
|
const cfg = params.cfg ?? {};
|
|
const resolvedAgentId =
|
|
params.agentId ??
|
|
resolveSessionAgentId({
|
|
sessionKey: params.sessionKey,
|
|
config: cfg,
|
|
});
|
|
const globalExec = cfg.tools?.exec;
|
|
const agentExec = resolvedAgentId
|
|
? resolveAgentConfig(cfg, resolvedAgentId)?.tools?.exec
|
|
: undefined;
|
|
const host =
|
|
(params.sessionEntry?.execHost as ExecTarget | undefined) ??
|
|
(agentExec?.host as ExecTarget | undefined) ??
|
|
(globalExec?.host as ExecTarget | undefined) ??
|
|
"auto";
|
|
return {
|
|
cfg,
|
|
host,
|
|
agentExec,
|
|
globalExec,
|
|
};
|
|
}
|
|
|
|
export function canExecRequestNode(params: {
|
|
cfg?: OpenClawConfig;
|
|
sessionEntry?: SessionEntry;
|
|
agentId?: string;
|
|
sessionKey?: string;
|
|
}): boolean {
|
|
const { host } = resolveExecConfigState(params);
|
|
return isRequestedExecTargetAllowed({
|
|
configuredTarget: host,
|
|
requestedTarget: "node",
|
|
});
|
|
}
|
|
|
|
export function resolveExecDefaults(params: {
|
|
cfg?: OpenClawConfig;
|
|
sessionEntry?: SessionEntry;
|
|
agentId?: string;
|
|
sessionKey?: string;
|
|
sandboxAvailable?: boolean;
|
|
}): {
|
|
host: ExecTarget;
|
|
effectiveHost: ExecHost;
|
|
security: ExecSecurity;
|
|
ask: ExecAsk;
|
|
node?: string;
|
|
canRequestNode: boolean;
|
|
} {
|
|
const { cfg, host, agentExec, globalExec } = resolveExecConfigState(params);
|
|
const sandboxAvailable =
|
|
params.sandboxAvailable ??
|
|
(params.sessionKey
|
|
? resolveSandboxRuntimeStatus({
|
|
cfg,
|
|
sessionKey: params.sessionKey,
|
|
}).sandboxed
|
|
: false);
|
|
const resolved = resolveExecTarget({
|
|
configuredTarget: host,
|
|
elevatedRequested: false,
|
|
sandboxAvailable,
|
|
});
|
|
return {
|
|
host,
|
|
effectiveHost: resolved.effectiveHost,
|
|
security:
|
|
(params.sessionEntry?.execSecurity as ExecSecurity | undefined) ??
|
|
agentExec?.security ??
|
|
globalExec?.security ??
|
|
"deny",
|
|
ask:
|
|
(params.sessionEntry?.execAsk as ExecAsk | undefined) ??
|
|
agentExec?.ask ??
|
|
globalExec?.ask ??
|
|
"on-miss",
|
|
node: params.sessionEntry?.execNode ?? agentExec?.node ?? globalExec?.node,
|
|
canRequestNode: isRequestedExecTargetAllowed({
|
|
configuredTarget: host,
|
|
requestedTarget: "node",
|
|
}),
|
|
};
|
|
}
|