fix: harden ACP secret handling and exec preflight boundaries

2026-05-08 09:21:23 +00:00 · 2026-02-19 15:33:25 +01:00
parent 3d7ad1cfca
commit b40821b068
14 changed files with 412 additions and 36 deletions
--- a/src/security/audit.test.ts
+++ b/src/security/audit.test.ts
@@ -235,6 +235,58 @@ describe("security audit", () => {
    expect(hasFinding(res, "gateway.auth_no_rate_limit")).toBe(false);
  });

+  it("warns when exec host is explicitly sandbox while sandbox mode is off", async () => {
+    const cfg: OpenClawConfig = {
+      tools: {
+        exec: {
+          host: "sandbox",
+        },
+      },
+      agents: {
+        defaults: {
+          sandbox: {
+            mode: "off",
+          },
+        },
+      },
+    };
+
+    const res = await audit(cfg);
+
+    expect(hasFinding(res, "tools.exec.host_sandbox_no_sandbox_defaults", "warn")).toBe(true);
+  });
+
+  it("warns when an agent sets exec host=sandbox with sandbox mode off", async () => {
+    const cfg: OpenClawConfig = {
+      tools: {
+        exec: {
+          host: "gateway",
+        },
+      },
+      agents: {
+        defaults: {
+          sandbox: {
+            mode: "off",
+          },
+        },
+        list: [
+          {
+            id: "ops",
+            tools: {
+              exec: {
+                host: "sandbox",
+              },
+            },
+          },
+        ],
+      },
+    };
+
+    const res = await audit(cfg);
+
+    expect(hasFinding(res, "tools.exec.host_sandbox_no_sandbox_agents", "warn")).toBe(true);
+  });
+
  it("warns when loopback control UI lacks trusted proxies", async () => {
    const cfg: OpenClawConfig = {
      gateway: {