github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 07:51:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: preserve sandbox allow-all semantics

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-16 01:52:03 +00:00
parent 014d45f7ee
commit d95be2c384
3 changed files with 91 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/agents/sandbox/tool-policy.e2e.test.ts
View File

@@ -1,21 +0,0 @@
import { describe, expect, it } from "vitest";
import type { SandboxToolPolicy } from "./types.js";
import { isToolAllowed } from "./tool-policy.js";
describe("sandbox tool policy", () => {
it("allows all tools with * allow", () => {
const policy: SandboxToolPolicy = { allow: ["*"], deny: [] };
expect(isToolAllowed(policy, "browser")).toBe(true);
});
it("denies all tools with * deny", () => {
const policy: SandboxToolPolicy = { allow: [], deny: ["*"] };
expect(isToolAllowed(policy, "read")).toBe(false);
});
it("supports wildcard patterns", () => {
const policy: SandboxToolPolicy = { allow: ["web_*"] };
expect(isToolAllowed(policy, "web_fetch")).toBe(true);
expect(isToolAllowed(policy, "read")).toBe(false);
});
});

3
src/agents/sandbox/tool-policy.ts
View File

@@ -89,6 +89,9 @@ export function resolveSandboxToolPolicyForAgent(
// `image` is essential for multimodal workflows; always include it in sandboxed
// sessions unless explicitly denied.
if (
// Empty allowlist means "allow all" for `isToolAllowed`, so don't inject a
// single tool that would accidentally turn it into an explicit allowlist.
expandedAllow.length > 0 &&
!expandedDeny.map((v) => v.toLowerCase()).includes("image") &&
!expandedAllow.map((v) => v.toLowerCase()).includes("image")
) {