github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 20:14:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(tools): centralize default policy steps

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 14:25:21 +00:00
parent 1a4fb35030
commit 268c14f021
3 changed files with 80 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/agents/pi-tools.ts
View File

@@ -43,7 +43,10 @@ import {
wrapToolParamNormalization, wrapToolParamNormalization,
} from "./pi-tools.read.js"; } from "./pi-tools.read.js";
import { cleanToolSchemaForGemini, normalizeToolParameters } from "./pi-tools.schema.js"; import { cleanToolSchemaForGemini, normalizeToolParameters } from "./pi-tools.schema.js";
import { applyToolPolicyPipeline } from "./tool-policy-pipeline.js"; import {
applyToolPolicyPipeline,
buildDefaultToolPolicyPipelineSteps,
} from "./tool-policy-pipeline.js";
import { import {
applyOwnerOnlyToolPolicy, applyOwnerOnlyToolPolicy,
collectExplicitAllowlist, collectExplicitAllowlist,
@@ -389,37 +392,18 @@ export function createOpenClawCodingTools(options?: {
toolMeta: (tool) => getPluginToolMeta(tool), toolMeta: (tool) => getPluginToolMeta(tool),
warn: logWarn, warn: logWarn,
steps: [ steps: [
{ ...buildDefaultToolPolicyPipelineSteps({
policy: profilePolicyWithAlsoAllow, profilePolicy: profilePolicyWithAlsoAllow,
label: profile ? `tools.profile (${profile})` : "tools.profile", profile,
stripPluginOnlyAllowlist: true, providerProfilePolicy: providerProfilePolicyWithAlsoAllow,
}, providerProfile,
{ globalPolicy,
policy: providerProfilePolicyWithAlsoAllow, globalProviderPolicy,
label: providerProfile agentPolicy,
? `tools.byProvider.profile (${providerProfile})` agentProviderPolicy,
: "tools.byProvider.profile", groupPolicy,
stripPluginOnlyAllowlist: true, agentId,
}, }),
{ policy: globalPolicy, label: "tools.allow", stripPluginOnlyAllowlist: true },
{
policy: globalProviderPolicy,
label: "tools.byProvider.allow",
stripPluginOnlyAllowlist: true,
},
{
policy: agentPolicy,
label: agentId ? `agents.${agentId}.tools.allow` : "agent tools.allow",
stripPluginOnlyAllowlist: true,
},
{
policy: agentProviderPolicy,
label: agentId
? `agents.${agentId}.tools.byProvider.allow`
: "agent tools.byProvider.allow",
stripPluginOnlyAllowlist: true,
},
{ policy: groupPolicy, label: "group tools.allow", stripPluginOnlyAllowlist: true },
{ policy: sandbox?.tools, label: "sandbox tools.allow" }, { policy: sandbox?.tools, label: "sandbox tools.allow" },
{ policy: subagentPolicy, label: "subagent tools.allow" }, { policy: subagentPolicy, label: "subagent tools.allow" },
], ],

48
src/agents/tool-policy-pipeline.ts
View File

@@ -14,6 +14,54 @@ export type ToolPolicyPipelineStep = {
stripPluginOnlyAllowlist?: boolean; stripPluginOnlyAllowlist?: boolean;
}; };
export function buildDefaultToolPolicyPipelineSteps(params: {
profilePolicy?: ToolPolicyLike;
profile?: string;
providerProfilePolicy?: ToolPolicyLike;
providerProfile?: string;
globalPolicy?: ToolPolicyLike;
globalProviderPolicy?: ToolPolicyLike;
agentPolicy?: ToolPolicyLike;
agentProviderPolicy?: ToolPolicyLike;
groupPolicy?: ToolPolicyLike;
agentId?: string;
}): ToolPolicyPipelineStep[] {
const agentId = params.agentId?.trim();
const profile = params.profile?.trim();
const providerProfile = params.providerProfile?.trim();
return [
{
policy: params.profilePolicy,
label: profile ? `tools.profile (${profile})` : "tools.profile",
stripPluginOnlyAllowlist: true,
},
{
policy: params.providerProfilePolicy,
label: providerProfile
? `tools.byProvider.profile (${providerProfile})`
: "tools.byProvider.profile",
stripPluginOnlyAllowlist: true,
},
{ policy: params.globalPolicy, label: "tools.allow", stripPluginOnlyAllowlist: true },
{
policy: params.globalProviderPolicy,
label: "tools.byProvider.allow",
stripPluginOnlyAllowlist: true,
},
{
policy: params.agentPolicy,
label: agentId ? `agents.${agentId}.tools.allow` : "agent tools.allow",
stripPluginOnlyAllowlist: true,
},
{
policy: params.agentProviderPolicy,
label: agentId ? `agents.${agentId}.tools.byProvider.allow` : "agent tools.byProvider.allow",
stripPluginOnlyAllowlist: true,
},
{ policy: params.groupPolicy, label: "group tools.allow", stripPluginOnlyAllowlist: true },
];
}
export function applyToolPolicyPipeline(params: { export function applyToolPolicyPipeline(params: {
tools: AnyAgentTool[]; tools: AnyAgentTool[];
toolMeta: (tool: AnyAgentTool) => { pluginId: string } | undefined; toolMeta: (tool: AnyAgentTool) => { pluginId: string } | undefined;

48
src/gateway/tools-invoke-http.ts
View File

@@ -6,7 +6,10 @@ import {
resolveGroupToolPolicy, resolveGroupToolPolicy,
resolveSubagentToolPolicy, resolveSubagentToolPolicy,
} from "../agents/pi-tools.policy.js"; } from "../agents/pi-tools.policy.js";
import { applyToolPolicyPipeline } from "../agents/tool-policy-pipeline.js"; import {
applyToolPolicyPipeline,
buildDefaultToolPolicyPipelineSteps,
} from "../agents/tool-policy-pipeline.js";
import { collectExplicitAllowlist, resolveToolProfilePolicy } from "../agents/tool-policy.js"; import { collectExplicitAllowlist, resolveToolProfilePolicy } from "../agents/tool-policy.js";
import { ToolInputError } from "../agents/tools/common.js"; import { ToolInputError } from "../agents/tools/common.js";
import { loadConfig } from "../config/config.js"; import { loadConfig } from "../config/config.js";
@@ -259,37 +262,18 @@ export async function handleToolsInvokeHttpRequest(
toolMeta: (tool) => getPluginToolMeta(tool as any), toolMeta: (tool) => getPluginToolMeta(tool as any),
warn: logWarn, warn: logWarn,
steps: [ steps: [
{ ...buildDefaultToolPolicyPipelineSteps({
policy: profilePolicyWithAlsoAllow, profilePolicy: profilePolicyWithAlsoAllow,
label: profile ? `tools.profile (${profile})` : "tools.profile", profile,
stripPluginOnlyAllowlist: true, providerProfilePolicy: providerProfilePolicyWithAlsoAllow,
}, providerProfile,
{ globalPolicy,
policy: providerProfilePolicyWithAlsoAllow, globalProviderPolicy,
label: providerProfile agentPolicy,
? `tools.byProvider.profile (${providerProfile})` agentProviderPolicy,
: "tools.byProvider.profile", groupPolicy,
stripPluginOnlyAllowlist: true, agentId,
}, }),
{ policy: globalPolicy, label: "tools.allow", stripPluginOnlyAllowlist: true },
{
policy: globalProviderPolicy,
label: "tools.byProvider.allow",
stripPluginOnlyAllowlist: true,
},
{
policy: agentPolicy,
label: agentId ? `agents.${agentId}.tools.allow` : "agent tools.allow",
stripPluginOnlyAllowlist: true,
},
{
policy: agentProviderPolicy,
label: agentId
? `agents.${agentId}.tools.byProvider.allow`
: "agent tools.byProvider.allow",
stripPluginOnlyAllowlist: true,
},
{ policy: groupPolicy, label: "group tools.allow", stripPluginOnlyAllowlist: true },
{ policy: subagentPolicy, label: "subagent tools.allow" }, { policy: subagentPolicy, label: "subagent tools.allow" },
], ],
}); });