mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-13 14:46:06 +00:00
* feat: wire codex diagnostics feedback * fix: harden codex diagnostics hints * fix: neutralize codex diagnostics output * fix: tighten codex diagnostics safeguards * fix: bound codex diagnostics feedback output * fix: tighten codex diagnostics throttling * fix: confirm codex diagnostics uploads * docs: clarify codex diagnostics add-on * fix: route diagnostics through core command * fix: tighten diagnostics authorization * fix: pin diagnostics to bundled codex command * fix: limit owner status in plugin commands * fix: scope diagnostics confirmations * fix: scope codex diagnostics cooldowns * fix: harden codex diagnostics ownership scopes * fix: harden diagnostics command trust and display * fix: keep diagnostics command trust internal * fix: clarify diagnostics exec boundary * fix: consume codex diagnostics confirmations atomically * test: include codex diagnostics binding metadata * test: use string codex binding timestamps * fix: keep reserved command trust host-only * fix: harden diagnostics trust and resume hints * wire diagnostics through exec approval * fix: keep diagnostics tests aligned with bundled root trust * fix telegram diagnostics owner auth * route trajectory exports through exec approval * fix trajectory exec command encoding * fix telegram group owner auth * fix export trajectory approval hardening * fix pairing command owner bootstrap * fix telegram owner exec approvals * fix: make diagnostics approval flow pasteable * fix: route native sensitive command followups * fix: invoke diagnostics exports with current cli * fix: refresh exec approval protocol models * fix: list codex diagnostics from thread bindings * fix: fold codex diagnostics into exec approval * fix: preserve diagnostics approval line breaks * docs: clarify diagnostics codex workflow
113 lines
3.0 KiB
TypeScript
113 lines
3.0 KiB
TypeScript
import type { ExecApprovalDecision } from "../infra/exec-approvals.js";
|
|
import type { ExecAsk, ExecHost, ExecSecurity, ExecTarget } from "../infra/exec-approvals.js";
|
|
import type { SafeBinProfileFixture } from "../infra/exec-safe-bin-policy.js";
|
|
import type { BashSandboxConfig } from "./bash-tools.shared.js";
|
|
import type { EmbeddedFullAccessBlockedReason } from "./pi-embedded-runner/types.js";
|
|
|
|
export type ExecToolDefaults = {
|
|
hasCronTool?: boolean;
|
|
host?: ExecTarget;
|
|
security?: ExecSecurity;
|
|
ask?: ExecAsk;
|
|
trigger?: string;
|
|
node?: string;
|
|
pathPrepend?: string[];
|
|
safeBins?: string[];
|
|
strictInlineEval?: boolean;
|
|
safeBinTrustedDirs?: string[];
|
|
safeBinProfiles?: Record<string, SafeBinProfileFixture>;
|
|
agentId?: string;
|
|
backgroundMs?: number;
|
|
timeoutSec?: number;
|
|
approvalWarningText?: string;
|
|
approvalFollowupText?: string;
|
|
approvalFollowup?: ExecApprovalFollowupFactory;
|
|
approvalFollowupMode?: "agent" | "direct";
|
|
approvalRunningNoticeMs?: number;
|
|
sandbox?: BashSandboxConfig;
|
|
elevated?: ExecElevatedDefaults;
|
|
allowBackground?: boolean;
|
|
scopeKey?: string;
|
|
sessionKey?: string;
|
|
messageProvider?: string;
|
|
currentChannelId?: string;
|
|
currentThreadTs?: string;
|
|
accountId?: string;
|
|
notifyOnExit?: boolean;
|
|
notifyOnExitEmptySuccess?: boolean;
|
|
cwd?: string;
|
|
};
|
|
|
|
export type ExecApprovalFollowupOutcome = {
|
|
status: "completed" | "failed";
|
|
exitCode: number | null;
|
|
timedOut: boolean;
|
|
aggregated: string;
|
|
reason?: string;
|
|
};
|
|
|
|
export type ExecApprovalFollowupContext = {
|
|
approvalId: string;
|
|
sessionId: string;
|
|
trigger?: string;
|
|
outcome: ExecApprovalFollowupOutcome;
|
|
};
|
|
|
|
export type ExecApprovalFollowupFactory = (
|
|
context: ExecApprovalFollowupContext,
|
|
) => string | undefined | Promise<string | undefined>;
|
|
|
|
export type ExecElevatedDefaults = {
|
|
enabled: boolean;
|
|
allowed: boolean;
|
|
defaultLevel: "on" | "off" | "ask" | "full";
|
|
fullAccessAvailable?: boolean;
|
|
fullAccessBlockedReason?: EmbeddedFullAccessBlockedReason;
|
|
};
|
|
|
|
export type ExecToolDetails =
|
|
| {
|
|
status: "running";
|
|
sessionId: string;
|
|
pid?: number;
|
|
startedAt: number;
|
|
cwd?: string;
|
|
tail?: string;
|
|
}
|
|
| {
|
|
status: "completed" | "failed";
|
|
exitCode: number | null;
|
|
durationMs: number;
|
|
aggregated: string;
|
|
timedOut?: boolean;
|
|
cwd?: string;
|
|
}
|
|
| {
|
|
status: "approval-pending";
|
|
approvalId: string;
|
|
approvalSlug: string;
|
|
expiresAtMs: number;
|
|
allowedDecisions?: readonly ExecApprovalDecision[];
|
|
host: ExecHost;
|
|
command: string;
|
|
cwd?: string;
|
|
nodeId?: string;
|
|
warningText?: string;
|
|
}
|
|
| {
|
|
status: "approval-unavailable";
|
|
reason:
|
|
| "initiating-platform-disabled"
|
|
| "initiating-platform-unsupported"
|
|
| "no-approval-route";
|
|
channel?: string;
|
|
channelLabel?: string;
|
|
accountId?: string;
|
|
sentApproverDms?: boolean;
|
|
host: ExecHost;
|
|
command: string;
|
|
cwd?: string;
|
|
nodeId?: string;
|
|
warningText?: string;
|
|
};
|