github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 05:32:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): centralize owner-only tool gating and scope maps

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 15:27:45 +01:00
parent 9130fd2b06
commit 3d7ad1cfca
16 changed files with 372 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/agents/tools/common.ts
View File

@@ -5,7 +5,9 @@ import type { ImageSanitizationLimits } from "../image-sanitization.js";
import { sanitizeToolResultImages } from "../tool-images.js";
// oxlint-disable-next-line typescript/no-explicit-any
export type AnyAgentTool = AgentTool<any, unknown>;
export type AnyAgentTool = AgentTool<any, unknown> & {
ownerOnly?: boolean;
};
export type StringParamOptions = {
required?: boolean;
@@ -210,10 +212,19 @@ export function jsonResult(payload: unknown): AgentToolResult<unknown> {
};
}
export function assertOwnerSender(senderIsOwner?: boolean): void {
if (senderIsOwner === false) {
throw new Error(OWNER_ONLY_TOOL_ERROR);
export function wrapOwnerOnlyToolExecution(
tool: AnyAgentTool,
senderIsOwner: boolean,
): AnyAgentTool {
if (tool.ownerOnly !== true || senderIsOwner || !tool.execute) {
return tool;
}
return {
...tool,
execute: async () => {
throw new Error(OWNER_ONLY_TOOL_ERROR);
},
};
}
export async function imageResult(params: {