github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-30 00:08:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): add optional workspace-only path guards for fs tools

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 23:50:04 +01:00
parent 55a25f9875
commit 5e7c3250cb
14 changed files with 201 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/config/schema.help.ts
View File

@@ -58,6 +58,8 @@ export const FIELD_HELP: Record<string, string> = {
"diagnostics.cacheTrace.includeSystem": "Include system prompt in trace output (default: true).",
"tools.exec.applyPatch.enabled":
"Experimental. Enables apply_patch for OpenAI models when allowed by tool policy.",
"tools.exec.applyPatch.workspaceOnly":
"Restrict apply_patch paths to the workspace directory (default: false).",
"tools.exec.applyPatch.allowModels":
'Optional allowlist of model ids (e.g. "gpt-5.2" or "openai/gpt-5.2").',
"tools.exec.notifyOnExit":
@@ -65,6 +67,8 @@ export const FIELD_HELP: Record<string, string> = {
"tools.exec.pathPrepend": "Directories to prepend to PATH for exec runs (gateway/sandbox).",
"tools.exec.safeBins":
"Allow stdin-only safe binaries to run without explicit allowlist entries.",
"tools.fs.workspaceOnly":
"Restrict filesystem tools (read/write/edit/apply_patch) to the workspace directory (default: false).",
"tools.message.allowCrossContextSend":
"Legacy override: allow cross-context sends across all providers.",
"tools.message.crossContext.allowWithinProvider":