github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 18:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: dedupe exec wrapper denial plan and test setup

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-25 00:43:19 +00:00
parent 943b8f171a
commit a9ce6bd79b
3 changed files with 140 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/infra/exec-wrapper-resolution.ts
View File

@@ -448,6 +448,19 @@ function isSemanticDispatchWrapperUsage(wrapper: string, argv: string[]): boolea
return !TRANSPARENT_DISPATCH_WRAPPERS.has(wrapper);
}
function blockedDispatchWrapperPlan(params: {
argv: string[];
wrappers: string[];
blockedWrapper: string;
}): DispatchWrapperExecutionPlan {
return {
argv: params.argv,
wrappers: params.wrappers,
policyBlocked: true,
blockedWrapper: params.blockedWrapper,
};
}
export function resolveDispatchWrapperExecutionPlan(
argv: string[],
maxDepth = MAX_DISPATCH_WRAPPER_DEPTH,
@@ -457,36 +470,33 @@ export function resolveDispatchWrapperExecutionPlan(
for (let depth = 0; depth < maxDepth; depth += 1) {
const unwrap = unwrapKnownDispatchWrapperInvocation(current);
if (unwrap.kind === "blocked") {
return {
return blockedDispatchWrapperPlan({
argv: current,
wrappers,
policyBlocked: true,
blockedWrapper: unwrap.wrapper,
};
});
}
if (unwrap.kind !== "unwrapped" || unwrap.argv.length === 0) {
break;
}
wrappers.push(unwrap.wrapper);
if (isSemanticDispatchWrapperUsage(unwrap.wrapper, current)) {
return {
return blockedDispatchWrapperPlan({
argv: current,
wrappers,
policyBlocked: true,
blockedWrapper: unwrap.wrapper,
};
});
}
current = unwrap.argv;
}
if (wrappers.length >= maxDepth) {
const overflow = unwrapKnownDispatchWrapperInvocation(current);
if (overflow.kind === "blocked" || overflow.kind === "unwrapped") {
return {
return blockedDispatchWrapperPlan({
argv: current,
wrappers,
policyBlocked: true,
blockedWrapper: overflow.wrapper,
};
});
}
}
return { argv: current, wrappers, policyBlocked: false };