github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 09:01:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Exec: fail closed when sandbox host is unavailable

Browse Source
This commit is contained in:
Brian Mendonca
2026-02-22 01:49:10 -07:00
committed by Peter Steinberger
parent 5a0032de3e
commit c76a47cce2
4 changed files with 65 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/agents/pi-tools.ts
View File

@@ -349,9 +349,13 @@ export function createOpenClawCodingTools(options?: {
return [tool];
});
const { cleanupMs: cleanupMsOverride, ...execDefaults } = options?.exec ?? {};
// Fail-closed baseline: when no sandbox context exists, default exec to gateway
// so we never silently treat "sandbox" as host execution.
const resolvedExecHost =
options?.exec?.host ?? execConfig.host ?? (sandbox ? "sandbox" : "gateway");
const execTool = createExecTool({
...execDefaults,
host: options?.exec?.host ?? execConfig.host,
host: resolvedExecHost,
security: options?.exec?.security ?? execConfig.security,
ask: options?.exec?.ask ?? execConfig.ask,
node: options?.exec?.node ?? execConfig.node,