fix: harden agent gateway authorization scopes

2026-05-10 03:22:44 +00:00 · 2026-02-19 14:37:56 +01:00
parent 165c18819e
commit a40c10d3e2
19 changed files with 319 additions and 111 deletions
--- a/src/agents/tools/gateway-tool.ts
+++ b/src/agents/tools/gateway-tool.ts
@@ -65,6 +65,7 @@ const GatewayToolSchema = Type.Object({
 export function createGatewayTool(opts?: {
  agentSessionKey?: string;
  config?: OpenClawConfig;
+  senderIsOwner?: boolean;
 }): AnyAgentTool {
  return {
    label: "Gateway",
@@ -73,6 +74,9 @@ export function createGatewayTool(opts?: {
      "Restart, apply config, or update the gateway in-place (SIGUSR1). Use config.patch for safe partial config updates (merges with existing). Use config.apply only when replacing entire config. Both trigger restart after writing. Always pass a human-readable completion message via the `note` parameter so the system can deliver it to the user after restart.",
    parameters: GatewayToolSchema,
    execute: async (_toolCallId, args) => {
+      if (opts?.senderIsOwner === false) {
+        throw new Error("Tool restricted to owner senders.");
+      }
      const params = args as Record<string, unknown>;
      const action = readStringParam(params, "action", { required: true });
      if (action === "restart") {