github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-30 20:51:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security: add explicit opt-in for deprecated plugin runtime exec (#20874)

Browse Source 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: de69f81725
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
This commit is contained in:
Mariano
2026-02-19 11:30:36 +00:00
committed by GitHub
parent e955582c8f
commit db73402235
8 changed files with 111 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/config/types.plugins.ts
View File

@@ -13,6 +13,14 @@ export type PluginsLoadConfig = {
paths?: string[];
};
export type PluginsRuntimeConfig = {
/**
* Re-enable deprecated runtime.system.runCommandWithTimeout for legacy plugins.
* Disabled by default for security hardening.
*/
allowLegacyExec?: boolean;
};
export type PluginInstallRecord = {
source: "npm" | "archive" | "path";
spec?: string;
@@ -30,6 +38,7 @@ export type PluginsConfig = {
/** Optional plugin denylist (plugin ids). */
deny?: string[];
load?: PluginsLoadConfig;
runtime?: PluginsRuntimeConfig;
slots?: PluginSlotsConfig;
entries?: Record<string, PluginEntryConfig>;
installs?: Record<string, PluginInstallRecord>;