fix(exec): keep implicit sandbox default and restore no-alert baseline

2026-05-08 11:41:24 +00:00 · 2026-02-23 02:17:43 +01:00
parent f6c2e99f5d
commit 45febecf2a
4 changed files with 29 additions and 8 deletions
--- a/src/agents/pi-tools-agent-config.test.ts
+++ b/src/agents/pi-tools-agent-config.test.ts
@@ -604,6 +604,31 @@ describe("Agent-specific tool filtering", () => {
    expect(resultDetails?.status).toBe("completed");
  });

+  it("keeps sandbox as the implicit exec host default without forcing gateway approvals", async () => {
+    const tools = createOpenClawCodingTools({
+      config: {},
+      sessionKey: "agent:main:main",
+      workspaceDir: "/tmp/test-main-implicit-sandbox",
+      agentDir: "/tmp/agent-main-implicit-sandbox",
+    });
+    const execTool = tools.find((tool) => tool.name === "exec");
+    expect(execTool).toBeDefined();
+
+    const result = await execTool!.execute("call-implicit-sandbox-default", {
+      command: "echo done",
+      yieldMs: 10,
+    });
+    const details = result?.details as { status?: string } | undefined;
+    expect(details?.status).toBe("completed");
+
+    await expect(
+      execTool!.execute("call-implicit-sandbox-gateway", {
+        command: "echo done",
+        host: "gateway",
+      }),
+    ).rejects.toThrow("exec host not allowed");
+  });
+
  it("fails closed when exec host=sandbox is requested without sandbox runtime", async () => {
    const tools = createOpenClawCodingTools({
      config: {},
@@ -618,7 +643,7 @@ describe("Agent-specific tool filtering", () => {
        command: "echo done",
        host: "sandbox",
      }),
-    ).rejects.toThrow("exec host not allowed");
+    ).rejects.toThrow("exec host=sandbox is configured");
  });

  it("should apply agent-specific exec host defaults over global defaults", async () => {