feat(config): add tools.alsoAllow additive allowlist
This commit is contained in:
Vignesh Natarajan
committed by
Pocket Clawd
Pocket Clawd
parent
b9098f3401
commit
2ad3508a33
@@ -96,13 +96,22 @@ export function filterToolsByPolicy(tools: AnyAgentTool[], policy?: SandboxToolP
|
||||
|
||||
type ToolPolicyConfig = {
|
||||
allow?: string[];
|
||||
alsoAllow?: string[];
|
||||
deny?: string[];
|
||||
profile?: string;
|
||||
};
|
||||
|
||||
function unionAllow(base?: string[], extra?: string[]) {
|
||||
if (!Array.isArray(extra) || extra.length === 0) return base;
|
||||
if (!Array.isArray(base) || base.length === 0) return base;
|
||||
return Array.from(new Set([...base, ...extra]));
|
||||
}
|
||||
|
||||
function pickToolPolicy(config?: ToolPolicyConfig): SandboxToolPolicy | undefined {
|
||||
if (!config) return undefined;
|
||||
const allow = Array.isArray(config.allow) ? config.allow : undefined;
|
||||
const allow = Array.isArray(config.allow)
|
||||
? unionAllow(config.allow, config.alsoAllow)
|
||||
: undefined;
|
||||
const deny = Array.isArray(config.deny) ? config.deny : undefined;
|
||||
if (!allow && !deny) return undefined;
|
||||
return { allow, deny };
|
||||
@@ -195,6 +204,17 @@ export function resolveEffectiveToolPolicy(params: {
|
||||
agentProviderPolicy: pickToolPolicy(agentProviderPolicy),
|
||||
profile,
|
||||
providerProfile: agentProviderPolicy?.profile ?? providerPolicy?.profile,
|
||||
// alsoAllow is applied at the profile stage (to avoid being filtered out early).
|
||||
profileAlsoAllow: Array.isArray(agentTools?.alsoAllow)
|
||||
? agentTools?.alsoAllow
|
||||
: Array.isArray(globalTools?.alsoAllow)
|
||||
? globalTools?.alsoAllow
|
||||
: undefined,
|
||||
providerProfileAlsoAllow: Array.isArray(agentProviderPolicy?.alsoAllow)
|
||||
? agentProviderPolicy?.alsoAllow
|
||||
: Array.isArray(providerPolicy?.alsoAllow)
|
||||
? providerPolicy?.alsoAllow
|
||||
: undefined,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -157,6 +157,8 @@ export function createClawdbotCodingTools(options?: {
|
||||
agentProviderPolicy,
|
||||
profile,
|
||||
providerProfile,
|
||||
profileAlsoAllow,
|
||||
providerProfileAlsoAllow,
|
||||
} = resolveEffectiveToolPolicy({
|
||||
config: options?.config,
|
||||
sessionKey: options?.sessionKey,
|
||||
@@ -175,14 +177,25 @@ export function createClawdbotCodingTools(options?: {
|
||||
});
|
||||
const profilePolicy = resolveToolProfilePolicy(profile);
|
||||
const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
|
||||
|
||||
const mergeAlsoAllow = (policy: typeof profilePolicy, alsoAllow?: string[]) => {
|
||||
if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0) return policy;
|
||||
return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) };
|
||||
};
|
||||
|
||||
const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow);
|
||||
const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow(
|
||||
providerProfilePolicy,
|
||||
providerProfileAlsoAllow,
|
||||
);
|
||||
const scopeKey = options?.exec?.scopeKey ?? (agentId ? `agent:${agentId}` : undefined);
|
||||
const subagentPolicy =
|
||||
isSubagentSessionKey(options?.sessionKey) && options?.sessionKey
|
||||
? resolveSubagentToolPolicy(options.config)
|
||||
: undefined;
|
||||
const allowBackground = isToolAllowedByPolicies("process", [
|
||||
profilePolicy,
|
||||
providerProfilePolicy,
|
||||
profilePolicyWithAlsoAllow,
|
||||
providerProfilePolicyWithAlsoAllow,
|
||||
globalPolicy,
|
||||
globalProviderPolicy,
|
||||
agentPolicy,
|
||||
@@ -340,11 +353,11 @@ export function createClawdbotCodingTools(options?: {
|
||||
return expandPolicyWithPluginGroups(resolved.policy, pluginGroups);
|
||||
};
|
||||
const profilePolicyExpanded = resolvePolicy(
|
||||
profilePolicy,
|
||||
profilePolicyWithAlsoAllow,
|
||||
profile ? `tools.profile (${profile})` : "tools.profile",
|
||||
);
|
||||
const providerProfileExpanded = resolvePolicy(
|
||||
providerProfilePolicy,
|
||||
providerProfilePolicyWithAlsoAllow,
|
||||
providerProfile ? `tools.byProvider.profile (${providerProfile})` : "tools.byProvider.profile",
|
||||
);
|
||||
const globalPolicyExpanded = resolvePolicy(globalPolicy, "tools.allow");
|
||||
|
||||
@@ -165,7 +165,9 @@ const FIELD_LABELS: Record<string, string> = {
|
||||
"tools.links.models": "Link Understanding Models",
|
||||
"tools.links.scope": "Link Understanding Scope",
|
||||
"tools.profile": "Tool Profile",
|
||||
"tools.alsoAllow": "Tool Allowlist Additions",
|
||||
"agents.list[].tools.profile": "Agent Tool Profile",
|
||||
"agents.list[].tools.alsoAllow": "Agent Tool Allowlist Additions",
|
||||
"tools.byProvider": "Tool Policy by Provider",
|
||||
"agents.list[].tools.byProvider": "Agent Tool Policy by Provider",
|
||||
"tools.exec.applyPatch.enabled": "Enable apply_patch",
|
||||
|
||||
@@ -140,12 +140,21 @@ export type ToolProfileId = "minimal" | "coding" | "messaging" | "full";
|
||||
|
||||
export type ToolPolicyConfig = {
|
||||
allow?: string[];
|
||||
/**
|
||||
* Additional allowlist entries merged into the effective allowlist.
|
||||
*
|
||||
* Intended for additive configuration (e.g., "also allow lobster") without forcing
|
||||
* users to replace/duplicate an existing allowlist or profile.
|
||||
*/
|
||||
alsoAllow?: string[];
|
||||
deny?: string[];
|
||||
profile?: ToolProfileId;
|
||||
};
|
||||
|
||||
export type GroupToolPolicyConfig = {
|
||||
allow?: string[];
|
||||
/** Additional allowlist entries merged into allow. */
|
||||
alsoAllow?: string[];
|
||||
deny?: string[];
|
||||
};
|
||||
|
||||
@@ -188,6 +197,8 @@ export type AgentToolsConfig = {
|
||||
/** Base tool profile applied before allow/deny lists. */
|
||||
profile?: ToolProfileId;
|
||||
allow?: string[];
|
||||
/** Additional allowlist entries merged into allow and/or profile allowlist. */
|
||||
alsoAllow?: string[];
|
||||
deny?: string[];
|
||||
/** Optional tool policy overrides keyed by provider id or "provider/model". */
|
||||
byProvider?: Record<string, ToolPolicyConfig>;
|
||||
@@ -312,6 +323,8 @@ export type ToolsConfig = {
|
||||
/** Base tool profile applied before allow/deny lists. */
|
||||
profile?: ToolProfileId;
|
||||
allow?: string[];
|
||||
/** Additional allowlist entries merged into allow and/or profile allowlist. */
|
||||
alsoAllow?: string[];
|
||||
deny?: string[];
|
||||
/** Optional tool policy overrides keyed by provider id or "provider/model". */
|
||||
byProvider?: Record<string, ToolPolicyConfig>;
|
||||
|
||||
@@ -150,6 +150,7 @@ export const SandboxPruneSchema = z
|
||||
export const ToolPolicySchema = z
|
||||
.object({
|
||||
allow: z.array(z.string()).optional(),
|
||||
alsoAllow: z.array(z.string()).optional(),
|
||||
deny: z.array(z.string()).optional(),
|
||||
})
|
||||
.strict()
|
||||
@@ -202,6 +203,7 @@ export const ToolProfileSchema = z
|
||||
export const ToolPolicyWithProfileSchema = z
|
||||
.object({
|
||||
allow: z.array(z.string()).optional(),
|
||||
alsoAllow: z.array(z.string()).optional(),
|
||||
deny: z.array(z.string()).optional(),
|
||||
profile: ToolProfileSchema,
|
||||
})
|
||||
@@ -231,6 +233,7 @@ export const AgentToolsSchema = z
|
||||
.object({
|
||||
profile: ToolProfileSchema,
|
||||
allow: z.array(z.string()).optional(),
|
||||
alsoAllow: z.array(z.string()).optional(),
|
||||
deny: z.array(z.string()).optional(),
|
||||
byProvider: z.record(z.string(), ToolPolicyWithProfileSchema).optional(),
|
||||
elevated: z
|
||||
@@ -425,6 +428,7 @@ export const ToolsSchema = z
|
||||
.object({
|
||||
profile: ToolProfileSchema,
|
||||
allow: z.array(z.string()).optional(),
|
||||
alsoAllow: z.array(z.string()).optional(),
|
||||
deny: z.array(z.string()).optional(),
|
||||
byProvider: z.record(z.string(), ToolPolicyWithProfileSchema).optional(),
|
||||
web: ToolsWebSchema,
|
||||
|
||||
@@ -1,12 +1,19 @@
|
||||
import { describe, expect, it, vi } from "vitest";
|
||||
import { beforeEach, describe, expect, it, vi } from "vitest";
|
||||
|
||||
import type { IncomingMessage, ServerResponse } from "node:http";
|
||||
|
||||
import { installGatewayTestHooks, getFreePort, startGatewayServer } from "./test-helpers.server.js";
|
||||
import { resetTestPluginRegistry, setTestPluginRegistry, testState } from "./test-helpers.mocks.js";
|
||||
import { createTestRegistry } from "../test-utils/channel-plugins.js";
|
||||
|
||||
installGatewayTestHooks({ scope: "suite" });
|
||||
|
||||
beforeEach(() => {
|
||||
// Ensure these tests are not affected by host env vars.
|
||||
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
|
||||
delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
|
||||
});
|
||||
|
||||
const resolveGatewayToken = (): string => {
|
||||
const token = (testState.gatewayAuth as { token?: string } | undefined)?.token;
|
||||
if (!token) throw new Error("test gateway token missing");
|
||||
@@ -47,6 +54,35 @@ describe("POST /tools/invoke", () => {
|
||||
await server.close();
|
||||
});
|
||||
|
||||
it("supports tools.alsoAllow as additive allowlist (profile stage)", async () => {
|
||||
// No explicit tool allowlist; rely on profile + alsoAllow.
|
||||
testState.agentsConfig = {
|
||||
list: [{ id: "main" }],
|
||||
} as any;
|
||||
|
||||
// minimal profile does NOT include sessions_list, but alsoAllow should.
|
||||
const { writeConfigFile } = await import("../config/config.js");
|
||||
await writeConfigFile({
|
||||
tools: { profile: "minimal", alsoAllow: ["sessions_list"] },
|
||||
} as any);
|
||||
|
||||
const port = await getFreePort();
|
||||
const server = await startGatewayServer(port, { bind: "loopback" });
|
||||
const token = resolveGatewayToken();
|
||||
|
||||
const res = await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
|
||||
method: "POST",
|
||||
headers: { "content-type": "application/json", authorization: `Bearer ${token}` },
|
||||
body: JSON.stringify({ tool: "sessions_list", action: "json", args: {}, sessionKey: "main" }),
|
||||
});
|
||||
|
||||
expect(res.status).toBe(200);
|
||||
const body = await res.json();
|
||||
expect(body.ok).toBe(true);
|
||||
|
||||
await server.close();
|
||||
});
|
||||
|
||||
it("accepts password auth when bearer token matches", async () => {
|
||||
testState.agentsConfig = {
|
||||
list: [
|
||||
|
||||
@@ -130,9 +130,22 @@ export async function handleToolsInvokeHttpRequest(
|
||||
agentProviderPolicy,
|
||||
profile,
|
||||
providerProfile,
|
||||
profileAlsoAllow,
|
||||
providerProfileAlsoAllow,
|
||||
} = resolveEffectiveToolPolicy({ config: cfg, sessionKey });
|
||||
const profilePolicy = resolveToolProfilePolicy(profile);
|
||||
const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
|
||||
|
||||
const mergeAlsoAllow = (policy: typeof profilePolicy, alsoAllow?: string[]) => {
|
||||
if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0) return policy;
|
||||
return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) };
|
||||
};
|
||||
|
||||
const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow);
|
||||
const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow(
|
||||
providerProfilePolicy,
|
||||
providerProfileAlsoAllow,
|
||||
);
|
||||
const groupPolicy = resolveGroupToolPolicy({
|
||||
config: cfg,
|
||||
sessionKey,
|
||||
@@ -183,11 +196,11 @@ export async function handleToolsInvokeHttpRequest(
|
||||
return expandPolicyWithPluginGroups(resolved.policy, pluginGroups);
|
||||
};
|
||||
const profilePolicyExpanded = resolvePolicy(
|
||||
profilePolicy,
|
||||
profilePolicyWithAlsoAllow,
|
||||
profile ? `tools.profile (${profile})` : "tools.profile",
|
||||
);
|
||||
const providerProfileExpanded = resolvePolicy(
|
||||
providerProfilePolicy,
|
||||
providerProfilePolicyWithAlsoAllow,
|
||||
providerProfile ? `tools.byProvider.profile (${providerProfile})` : "tools.byProvider.profile",
|
||||
);
|
||||
const globalPolicyExpanded = resolvePolicy(globalPolicy, "tools.allow");
|
||||
|
||||
Reference in New Issue
Block a user