github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 15:18:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(nodes-tool): add exec approval flow for agent tool run action (#4726)

Browse Source 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b8ed4f1b6e
Co-authored-by: rmorse <853547+rmorse@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
This commit is contained in:
Ross Morsali
2026-02-13 19:04:24 +01:00
committed by GitHub
parent e84318e4bc
commit 6bc6cdad94
4 changed files with 224 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
src/agents/openclaw-tools.camera.e2e.test.ts
View File

@@ -132,4 +132,125 @@ describe("nodes run", () => {
invokeTimeoutMs: 45_000,
});
});
it("requests approval and retries with allow-once decision", async () => {
let invokeCalls = 0;
callGateway.mockImplementation(async ({ method, params }) => {
if (method === "node.list") {
return { nodes: [{ nodeId: "mac-1", commands: ["system.run"] }] };
}
if (method === "node.invoke") {
invokeCalls += 1;
if (invokeCalls === 1) {
throw new Error("SYSTEM_RUN_DENIED: approval required");
}
expect(params).toMatchObject({
nodeId: "mac-1",
command: "system.run",
params: {
command: ["echo", "hi"],
approved: true,
approvalDecision: "allow-once",
},
});
return { payload: { stdout: "", stderr: "", exitCode: 0, success: true } };
}
if (method === "exec.approval.request") {
expect(params).toMatchObject({
command: "echo hi",
host: "node",
timeoutMs: 120_000,
});
return { decision: "allow-once" };
}
throw new Error(`unexpected method: ${String(method)}`);
});
const tool = createOpenClawTools().find((candidate) => candidate.name === "nodes");
if (!tool) {
throw new Error("missing nodes tool");
}
await tool.execute("call1", {
action: "run",
node: "mac-1",
command: ["echo", "hi"],
});
expect(invokeCalls).toBe(2);
});
it("fails with user denied when approval decision is deny", async () => {
callGateway.mockImplementation(async ({ method }) => {
if (method === "node.list") {
return { nodes: [{ nodeId: "mac-1", commands: ["system.run"] }] };
}
if (method === "node.invoke") {
throw new Error("SYSTEM_RUN_DENIED: approval required");
}
if (method === "exec.approval.request") {
return { decision: "deny" };
}
throw new Error(`unexpected method: ${String(method)}`);
});
const tool = createOpenClawTools().find((candidate) => candidate.name === "nodes");
if (!tool) {
throw new Error("missing nodes tool");
}
await expect(
tool.execute("call1", {
action: "run",
node: "mac-1",
command: ["echo", "hi"],
}),
).rejects.toThrow("exec denied: user denied");
});
it("fails closed for timeout and invalid approval decisions", async () => {
const tool = createOpenClawTools().find((candidate) => candidate.name === "nodes");
if (!tool) {
throw new Error("missing nodes tool");
}
callGateway.mockImplementation(async ({ method }) => {
if (method === "node.list") {
return { nodes: [{ nodeId: "mac-1", commands: ["system.run"] }] };
}
if (method === "node.invoke") {
throw new Error("SYSTEM_RUN_DENIED: approval required");
}
if (method === "exec.approval.request") {
return {};
}
throw new Error(`unexpected method: ${String(method)}`);
});
await expect(
tool.execute("call1", {
action: "run",
node: "mac-1",
command: ["echo", "hi"],
}),
).rejects.toThrow("exec denied: approval timed out");
callGateway.mockImplementation(async ({ method }) => {
if (method === "node.list") {
return { nodes: [{ nodeId: "mac-1", commands: ["system.run"] }] };
}
if (method === "node.invoke") {
throw new Error("SYSTEM_RUN_DENIED: approval required");
}
if (method === "exec.approval.request") {
return { decision: "allow-never" };
}
throw new Error(`unexpected method: ${String(method)}`);
});
await expect(
tool.execute("call1", {
action: "run",
node: "mac-1",
command: ["echo", "hi"],
}),
).rejects.toThrow("exec denied: invalid approval decision");
});
});

73
src/agents/tools/nodes-tool.ts
View File

@@ -436,17 +436,74 @@ export function createNodesTool(options?: {
typeof params.needsScreenRecording === "boolean"
? params.needsScreenRecording
: undefined;
const raw = await callGatewayTool<{ payload: unknown }>("node.invoke", gatewayOpts, {
const runParams = {
command,
cwd,
env,
timeoutMs: commandTimeoutMs,
needsScreenRecording,
agentId,
sessionKey,
};
// First attempt without approval flags.
try {
const raw = await callGatewayTool<{ payload?: unknown }>("node.invoke", gatewayOpts, {
nodeId,
command: "system.run",
params: runParams,
timeoutMs: invokeTimeoutMs,
idempotencyKey: crypto.randomUUID(),
});
return jsonResult(raw?.payload ?? {});
} catch (firstErr) {
const msg = firstErr instanceof Error ? firstErr.message : String(firstErr);
if (!msg.includes("SYSTEM_RUN_DENIED: approval required")) {
throw firstErr;
}
}
// Node requires approval create a pending approval request on
// the gateway and wait for the user to approve/deny via the UI.
const APPROVAL_TIMEOUT_MS = 120_000;
const cmdText = command.join(" ");
const approvalResult = await callGatewayTool(
"exec.approval.request",
{ ...gatewayOpts, timeoutMs: APPROVAL_TIMEOUT_MS + 5_000 },
{
command: cmdText,
cwd,
host: "node",
agentId,
sessionKey,
timeoutMs: APPROVAL_TIMEOUT_MS,
},
);
const decisionRaw =
approvalResult && typeof approvalResult === "object"
? (approvalResult as { decision?: unknown }).decision
: undefined;
const approvalDecision =
decisionRaw === "allow-once" || decisionRaw === "allow-always" ? decisionRaw : null;
if (!approvalDecision) {
if (decisionRaw === "deny") {
throw new Error("exec denied: user denied");
}
if (decisionRaw === undefined || decisionRaw === null) {
throw new Error("exec denied: approval timed out");
}
throw new Error("exec denied: invalid approval decision");
}
// Retry with the approval decision.
const raw = await callGatewayTool<{ payload?: unknown }>("node.invoke", gatewayOpts, {
nodeId,
command: "system.run",
params: {
command,
cwd,
env,
timeoutMs: commandTimeoutMs,
needsScreenRecording,
agentId,
sessionKey,
...runParams,
approved: true,
approvalDecision,
},
timeoutMs: invokeTimeoutMs,
idempotencyKey: crypto.randomUUID(),

50
src/config/io.write-config.test.ts
View File

@@ -57,6 +57,7 @@ describe("config io write", () => {
defaults: {
cliBackends: {
codex: {
command: "codex",
env: {
OPENAI_API_KEY: "${OPENAI_API_KEY}",
},
@@ -110,9 +111,14 @@ describe("config io write", () => {
configPath,
JSON.stringify(
{
channels: {
discord: {
allowFrom: ["${DISCORD_USER_ID}", "123"],
agents: {
defaults: {
cliBackends: {
codex: {
command: "codex",
args: ["${DISCORD_USER_ID}", "123"],
},
},
},
},
},
@@ -131,23 +137,41 @@ describe("config io write", () => {
expect(snapshot.valid).toBe(true);
const next = structuredClone(snapshot.config);
const allowFrom = Array.isArray(next.channels?.discord?.allowFrom)
? next.channels?.discord?.allowFrom
: [];
next.channels = {
...next.channels,
discord: {
...next.channels?.discord,
allowFrom: [...allowFrom, "456"],
const codexBackend = next.agents?.defaults?.cliBackends?.codex;
const args = Array.isArray(codexBackend?.args) ? codexBackend?.args : [];
next.agents = {
...next.agents,
defaults: {
...next.agents?.defaults,
cliBackends: {
...next.agents?.defaults?.cliBackends,
codex: {
...codexBackend,
command: typeof codexBackend?.command === "string" ? codexBackend.command : "codex",
args: [...args, "456"],
},
},
},
};
await io.writeConfigFile(next);
const persisted = JSON.parse(await fs.readFile(configPath, "utf-8")) as {
channels: { discord?: { allowFrom?: string[] } };
agents: {
defaults: {
cliBackends: {
codex: {
args: string[];
};
};
};
};
};
expect(persisted.channels.discord?.allowFrom).toEqual(["${DISCORD_USER_ID}", "123", "456"]);
expect(persisted.agents.defaults.cliBackends.codex.args).toEqual([
"${DISCORD_USER_ID}",
"123",
"456",
]);
});
});
});