mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-16 18:11:37 +00:00
* feat(gateway): add cooperative suspension preparation * style: satisfy suspension lint checks * test(gateway): reset work admission between shared suites * fix(gateway): reject upgrades during suspension * fix(gateway): preserve admitted work during suspension * test(gateway): isolate suspension and restart state * fix(gateway): close suspension false-ready gaps * refactor(protocol): slim suspension declaration graph * refactor(plugin-sdk): sever protocol registry edges * fix(gateway): preserve admitted restart follow-ups * fix(gateway): make suspension recovery fail closed * fix(protocol): keep validation formatter re-export only * test(gateway): simplify deferred fixture type * style(gateway): clarify suspension entry name * fix(gateway): retain detached work admission
73 lines
2.0 KiB
TypeScript
73 lines
2.0 KiB
TypeScript
/**
|
|
* Method allowlist for Admin HTTP RPC. Only methods listed here can cross the
|
|
* trusted operator HTTP surface.
|
|
*/
|
|
const ADMIN_HTTP_RPC_ALLOWED_METHOD_GROUPS = {
|
|
gateway: [
|
|
"health",
|
|
"status",
|
|
"logs.tail",
|
|
"usage.status",
|
|
"usage.cost",
|
|
"gateway.restart.request",
|
|
"gateway.suspend.prepare",
|
|
"gateway.suspend.status",
|
|
"gateway.suspend.resume",
|
|
],
|
|
discovery: ["commands.list"],
|
|
config: [
|
|
"config.get",
|
|
"config.schema",
|
|
"config.schema.lookup",
|
|
"config.set",
|
|
"config.patch",
|
|
"config.apply",
|
|
],
|
|
channels: ["channels.status", "channels.start", "channels.stop", "channels.logout"],
|
|
web: ["web.login.start", "web.login.wait"],
|
|
models: ["models.list", "models.authStatus"],
|
|
agents: ["agents.list", "agents.create", "agents.update", "agents.delete"],
|
|
approvals: [
|
|
"exec.approvals.get",
|
|
"exec.approvals.set",
|
|
"exec.approvals.node.get",
|
|
"exec.approvals.node.set",
|
|
],
|
|
cron: [
|
|
"cron.status",
|
|
"cron.list",
|
|
"cron.get",
|
|
"cron.runs",
|
|
"cron.add",
|
|
"cron.update",
|
|
"cron.remove",
|
|
"cron.run",
|
|
],
|
|
devices: ["device.pair.list", "device.pair.approve", "device.pair.reject", "device.pair.remove"],
|
|
nodes: [
|
|
"node.list",
|
|
"node.describe",
|
|
"node.pair.list",
|
|
"node.pair.approve",
|
|
"node.pair.reject",
|
|
"node.pair.remove",
|
|
"node.rename",
|
|
],
|
|
tasks: ["tasks.list", "tasks.get", "tasks.cancel"],
|
|
diagnostics: ["doctor.memory.status", "update.status"],
|
|
} as const satisfies Record<string, readonly string[]>;
|
|
|
|
const ADMIN_HTTP_RPC_ALLOWED_METHODS: ReadonlySet<string> = new Set(
|
|
Object.values(ADMIN_HTTP_RPC_ALLOWED_METHOD_GROUPS).flat(),
|
|
);
|
|
|
|
/** Return whether an admin RPC method is exposed over HTTP. */
|
|
export function isAdminHttpRpcAllowedMethod(method: string): boolean {
|
|
return ADMIN_HTTP_RPC_ALLOWED_METHODS.has(method);
|
|
}
|
|
|
|
/** List all admin RPC methods exposed over HTTP. */
|
|
export function listAdminHttpRpcAllowedMethods(): string[] {
|
|
return Array.from(ADMIN_HTTP_RPC_ALLOWED_METHODS);
|
|
}
|