fix(doctor): warn that approvals.exec.enabled only disables forwarding

Co-authored-by: nomadonwheels196 <nomadonwheels196@users.noreply.github.com>
2026-05-10 13:05:01 +00:00 · 2026-02-22 23:32:35 +01:00
parent a30f9c8673
commit 3b0e62d5bf
3 changed files with 24 additions and 0 deletions
--- a/src/commands/doctor-security.test.ts
+++ b/src/commands/doctor-security.test.ts
@@ -104,4 +104,19 @@ describe("noteSecurityWarnings gateway exposure", () => {
    const message = lastMessage();
    expect(message).toContain('config set session.dmScope "per-channel-peer"');
  });
+
+  it("clarifies approvals.exec forwarding-only behavior", async () => {
+    const cfg = {
+      approvals: {
+        exec: {
+          enabled: false,
+        },
+      },
+    } as OpenClawConfig;
+    await noteSecurityWarnings(cfg);
+    const message = lastMessage();
+    expect(message).toContain("disables approval forwarding only");
+    expect(message).toContain("exec-approvals.json");
+    expect(message).toContain("openclaw approvals get --gateway");
+  });
 });