github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-12 20:12:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(gateway): share node command catalog

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 22:01:06 +01:00
parent d82c042b09
commit d06632ba45
3 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/gateway/node-command-policy.ts
View File

@@ -1,4 +1,9 @@
import type { OpenClawConfig } from "../config/config.js"; import type { OpenClawConfig } from "../config/config.js";
import {
NODE_BROWSER_PROXY_COMMAND,
NODE_SYSTEM_NOTIFY_COMMAND,
NODE_SYSTEM_RUN_COMMANDS,
} from "../infra/node-commands.js";
import type { NodeSession } from "./node-registry.js"; import type { NodeSession } from "./node-registry.js";
const CANVAS_COMMANDS = [ const CANVAS_COMMANDS = [
@@ -38,14 +43,12 @@ const MOTION_COMMANDS = ["motion.activity", "motion.pedometer"];
const SMS_DANGEROUS_COMMANDS = ["sms.send"]; const SMS_DANGEROUS_COMMANDS = ["sms.send"];
// iOS nodes don't implement system.run/which, but they do support notifications. // iOS nodes don't implement system.run/which, but they do support notifications.
const IOS_SYSTEM_COMMANDS = ["system.notify"]; const IOS_SYSTEM_COMMANDS = [NODE_SYSTEM_NOTIFY_COMMAND];
const SYSTEM_COMMANDS = [ const SYSTEM_COMMANDS = [
"system.run.prepare", ...NODE_SYSTEM_RUN_COMMANDS,
"system.run", NODE_SYSTEM_NOTIFY_COMMAND,
"system.which", NODE_BROWSER_PROXY_COMMAND,
"system.notify",
"browser.proxy",
]; ];
// "High risk" node commands. These can be enabled by explicitly adding them to // "High risk" node commands. These can be enabled by explicitly adding them to

13
src/infra/node-commands.ts Normal file
View File

@@ -0,0 +1,13 @@
export const NODE_SYSTEM_RUN_COMMANDS = [
"system.run.prepare",
"system.run",
"system.which",
] as const;
export const NODE_SYSTEM_NOTIFY_COMMAND = "system.notify";
export const NODE_BROWSER_PROXY_COMMAND = "browser.proxy";
export const NODE_EXEC_APPROVALS_COMMANDS = [
"system.execApprovals.get",
"system.execApprovals.set",
] as const;

14
src/node-host/runner.ts
View File

@@ -6,6 +6,11 @@ import { GatewayClient } from "../gateway/client.js";
import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js"; import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js";
import type { SkillBinTrustEntry } from "../infra/exec-approvals.js"; import type { SkillBinTrustEntry } from "../infra/exec-approvals.js";
import { getMachineDisplayName } from "../infra/machine-name.js"; import { getMachineDisplayName } from "../infra/machine-name.js";
import {
NODE_BROWSER_PROXY_COMMAND,
NODE_EXEC_APPROVALS_COMMANDS,
NODE_SYSTEM_RUN_COMMANDS,
} from "../infra/node-commands.js";
import { ensureOpenClawCliOnPath } from "../infra/path-env.js"; import { ensureOpenClawCliOnPath } from "../infra/path-env.js";
import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js"; import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
import { VERSION } from "../version.js"; import { VERSION } from "../version.js";
@@ -189,12 +194,9 @@ export async function runNodeHost(opts: NodeHostRunOptions): Promise<void> {
scopes: [], scopes: [],
caps: ["system", ...(browserProxyEnabled ? ["browser"] : [])], caps: ["system", ...(browserProxyEnabled ? ["browser"] : [])],
commands: [ commands: [
"system.run.prepare", ...NODE_SYSTEM_RUN_COMMANDS,
"system.run", ...NODE_EXEC_APPROVALS_COMMANDS,
"system.which", ...(browserProxyEnabled ? [NODE_BROWSER_PROXY_COMMAND] : []),
"system.execApprovals.get",
"system.execApprovals.set",
...(browserProxyEnabled ? ["browser.proxy"] : []),
], ],
pathEnv, pathEnv,
permissions: undefined, permissions: undefined,