github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 04:41:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): centralize owner-only tool gating and scope maps

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 15:27:45 +01:00
parent 9130fd2b06
commit 3d7ad1cfca
16 changed files with 372 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/channels/plugins/agent-tools/whatsapp-login.ts
View File

@@ -5,6 +5,7 @@ export function createWhatsAppLoginTool(): ChannelAgentTool {
return {
label: "WhatsApp Login",
name: "whatsapp_login",
ownerOnly: true,
description: "Generate a WhatsApp QR code for linking, or wait for the scan to complete.",
// NOTE: Using Type.Unsafe for action enum instead of Type.Union([Type.Literal(...)]
// because Claude API on Vertex AI rejects nested anyOf schemas as invalid JSON Schema.

4
src/channels/plugins/types.core.ts
View File

@@ -12,7 +12,9 @@ export type ChannelId = ChatChannelId | (string & {});
export type ChannelOutboundTargetMode = "explicit" | "implicit" | "heartbeat";
export type ChannelAgentTool = AgentTool<TSchema, unknown>;
export type ChannelAgentTool = AgentTool<TSchema, unknown> & {
ownerOnly?: boolean;
};
export type ChannelAgentToolFactory = (params: { cfg?: OpenClawConfig }) => ChannelAgentTool[];