4bf94aa0d6
* feat: add local exec-policy CLI * fix: harden exec-policy CLI output * fix: harden exec approvals writes * fix: tighten local exec-policy sync * docs: document exec-policy CLI * fix: harden exec-policy rollback and approvals path checks * fix: reject exec-policy sync when host remains node * fix: validate approvals path before mkdir * fix: guard exec-policy rollback against newer approvals writes * fix: restore exec approvals via hardened rollback path * fix: guard exec-policy config writes with base hash * docs: add exec-policy changelog entry * fix: clarify exec-policy show for node host * fix: strip stale exec-policy decisions
5.6 KiB
summary, read_when, title
| summary | read_when | title | ||
|---|---|---|---|---|
| CLI reference for `openclaw approvals` and `openclaw exec-policy` |
|
approvals |
openclaw approvals
Manage exec approvals for the local host, gateway host, or a node host.
By default, commands target the local approvals file on disk. Use --gateway to target the gateway, or --node to target a specific node.
Alias: openclaw exec-approvals
Related:
- Exec approvals: Exec approvals
- Nodes: Nodes
openclaw exec-policy
openclaw exec-policy is the local convenience command for keeping the requested
tools.exec.* config and the local host approvals file aligned in one step.
Use it when you want to:
- inspect the local requested policy, host approvals file, and effective merge
- apply a local preset such as YOLO or deny-all
- synchronize local
tools.exec.*and local~/.openclaw/exec-approvals.json
Examples:
openclaw exec-policy show
openclaw exec-policy show --json
openclaw exec-policy preset yolo
openclaw exec-policy preset cautious --json
openclaw exec-policy set --host gateway --security full --ask off --ask-fallback full
Output modes:
- no
--json: prints the human-readable table view --json: prints machine-readable structured output
Current scope:
exec-policyis local-only- it updates the local config file and the local approvals file together
- it does not push policy to the gateway host or a node host
--host nodeis rejected in this command because node exec approvals are fetched from the node at runtime and must be managed through node-targeted approvals commands insteadopenclaw exec-policy showmarkshost=nodescopes as node-managed at runtime instead of deriving an effective policy from the local approvals file
If you need to edit remote host approvals directly, keep using openclaw approvals set --gateway
or openclaw approvals set --node <id|name|ip>.
Common commands
openclaw approvals get
openclaw approvals get --node <id|name|ip>
openclaw approvals get --gateway
openclaw approvals get now shows the effective exec policy for local, gateway, and node targets:
- requested
tools.execpolicy - host approvals-file policy
- effective result after precedence rules are applied
Precedence is intentional:
- the host approvals file is the enforceable source of truth
- requested
tools.execpolicy can narrow or broaden intent, but the effective result is still derived from the host rules --nodecombines the node host approvals file with gatewaytools.execpolicy, because both still apply at runtime- if gateway config is unavailable, the CLI falls back to the node approvals snapshot and notes that the final runtime policy could not be computed
Replace approvals from a file
openclaw approvals set --file ./exec-approvals.json
openclaw approvals set --stdin <<'EOF'
{ version: 1, defaults: { security: "full", ask: "off" } }
EOF
openclaw approvals set --node <id|name|ip> --file ./exec-approvals.json
openclaw approvals set --gateway --file ./exec-approvals.json
set accepts JSON5, not only strict JSON. Use either --file or --stdin, not both.
"Never prompt" / YOLO example
For a host that should never stop on exec approvals, set the host approvals defaults to full + off:
openclaw approvals set --stdin <<'EOF'
{
version: 1,
defaults: {
security: "full",
ask: "off",
askFallback: "full"
}
}
EOF
Node variant:
openclaw approvals set --node <id|name|ip> --stdin <<'EOF'
{
version: 1,
defaults: {
security: "full",
ask: "off",
askFallback: "full"
}
}
EOF
This changes the host approvals file only. To keep the requested OpenClaw policy aligned, also set:
openclaw config set tools.exec.host gateway
openclaw config set tools.exec.security full
openclaw config set tools.exec.ask off
Why tools.exec.host=gateway in this example:
host=autostill means "sandbox when available, otherwise gateway".- YOLO is about approvals, not routing.
- If you want host exec even when a sandbox is configured, make the host choice explicit with
gatewayor/exec host=gateway.
This matches the current host-default YOLO behavior. Tighten it if you want approvals.
Local shortcut:
openclaw exec-policy preset yolo
That local shortcut updates both the requested local tools.exec.* config and the
local approvals defaults together. It is equivalent in intent to the manual two-step
setup above, but only for the local machine.
Allowlist helpers
openclaw approvals allowlist add "~/Projects/**/bin/rg"
openclaw approvals allowlist add --agent main --node <id|name|ip> "/usr/bin/uptime"
openclaw approvals allowlist add --agent "*" "/usr/bin/uname"
openclaw approvals allowlist remove "~/Projects/**/bin/rg"
Common options
get, set, and allowlist add|remove all support:
--node <id|name|ip>--gateway- shared node RPC options:
--url,--token,--timeout,--json
Targeting notes:
- no target flags means the local approvals file on disk
--gatewaytargets the gateway host approvals file--nodetargets one node host after resolving id, name, IP, or id prefix
allowlist add|remove also supports:
--agent <id>(defaults to*)
Notes
--nodeuses the same resolver asopenclaw nodes(id, name, ip, or id prefix).--agentdefaults to"*", which applies to all agents.- The node host must advertise
system.execApprovals.get/set(macOS app or headless node host). - Approvals files are stored per host at
~/.openclaw/exec-approvals.json.