mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-14 12:16:04 +00:00
* fix(exec): auto-approve recognized read-only boolean flags on default safe bins Default safe bins (cut, head, tail, tr, uniq, wc) auto-approve stdin-only text-filter invocations, but the short-option validator only had an accept path for value-consuming flags: a cluster of pure boolean short flags fell through to a terminal reject, so common read-only forms like 'wc -l', 'tr -d', 'uniq -c' and 'sort -n' were force-routed to manual approval even though the bins are stdin-only and the dangerous flags are already denied. Add an allowedBooleanFlags allowlist to the safe-bin profile model and populate it for the default bins with their read-only boolean flags. The short-cluster validator now accepts recognized boolean flags and the long validator reuses its existing boolean-flag accept branch (previously unreachable). Unrecognized short flags (e.g. 'tr -S') stay fail-closed, and denied flags are still rejected first. * fix(exec): keep safe-bin allowedBooleanFlags off the config-facing fixture type The boolean-flag allowlist for default safe bins leaked onto SafeBinProfileFixture, the type used for tools.exec.safeBinProfiles, while the strict zod schema and the config normalizer never accepted or preserved the key. Move allowedBooleanFlags to an internal BuiltinSafeBinProfileFixture used only for the curated built-in profiles; custom config profiles keep the allowedValueFlags/deniedFlags model. Adds tests proving built-in profiles still honor the boolean allowlist and that a custom profile cannot widen it. * fix(exec): keep tail follow approval-gated * test(exec): stabilize safe-bin trust fixtures * test(exec): isolate safe-bin argv fixtures --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>