feat: improve exec approvals defaults and wildcard

src/infra/exec-approvals.test.ts

@@ -9,6 +9,7 @@ import {
   maxAsk,
   minSecurity,
   resolveCommandResolution,
+  resolveExecApprovals,
   type ExecAllowlistEntry,
 } from "./exec-approvals.js";
 
@@ -106,3 +107,36 @@ describe("exec approvals policy helpers", () => {
     expect(maxAsk("on-miss", "off")).toBe("on-miss");
   });
 });
+
+describe("exec approvals wildcard agent", () => {
+  it("merges wildcard allowlist entries with agent entries", () => {
+    const dir = makeTempDir();
+    const oldHome = process.env.HOME;
+    process.env.HOME = dir;
+
+    const approvalsPath = path.join(dir, ".clawdbot", "exec-approvals.json");
+    fs.mkdirSync(path.dirname(approvalsPath), { recursive: true });
+    fs.writeFileSync(
+      approvalsPath,
+      JSON.stringify(
+        {
+          version: 1,
+          agents: {
+            "*": { allowlist: [{ pattern: "/bin/hostname" }] },
+            main: { allowlist: [{ pattern: "/usr/bin/uname" }] },
+          },
+        },
+        null,
+        2,
+      ),
+    );
+
+    const resolved = resolveExecApprovals("main");
+    expect(resolved.allowlist.map((entry) => entry.pattern)).toEqual([
+      "/bin/hostname",
+      "/usr/bin/uname",
+    ]);
+
+    process.env.HOME = oldHome;
+  });
+});

src/infra/exec-approvals.ts

@@ -213,6 +213,7 @@ export function resolveExecApprovals(
   const defaults = file.defaults ?? {};
   const agentKey = agentId ?? "default";
   const agent = file.agents?.[agentKey] ?? {};
+  const wildcard = file.agents?.["*"] ?? {};
   const fallbackSecurity = overrides?.security ?? DEFAULT_SECURITY;
   const fallbackAsk = overrides?.ask ?? DEFAULT_ASK;
   const fallbackAskFallback = overrides?.askFallback ?? DEFAULT_ASK_FALLBACK;
@@ -228,17 +229,22 @@ export function resolveExecApprovals(
   };
   const resolvedAgent: Required<ExecApprovalsDefaults> = {
     security: normalizeSecurity(
-      agent.security ?? resolvedDefaults.security,
+      agent.security ?? wildcard.security ?? resolvedDefaults.security,
       resolvedDefaults.security,
     ),
-    ask: normalizeAsk(agent.ask ?? resolvedDefaults.ask, resolvedDefaults.ask),
+    ask: normalizeAsk(agent.ask ?? wildcard.ask ?? resolvedDefaults.ask, resolvedDefaults.ask),
     askFallback: normalizeSecurity(
-      agent.askFallback ?? resolvedDefaults.askFallback,
+      agent.askFallback ?? wildcard.askFallback ?? resolvedDefaults.askFallback,
       resolvedDefaults.askFallback,
     ),
-    autoAllowSkills: Boolean(agent.autoAllowSkills ?? resolvedDefaults.autoAllowSkills),
+    autoAllowSkills: Boolean(
+      agent.autoAllowSkills ?? wildcard.autoAllowSkills ?? resolvedDefaults.autoAllowSkills,
+    ),
   };
-  const allowlist = Array.isArray(agent.allowlist) ? agent.allowlist : [];
+  const allowlist = [
+    ...(Array.isArray(wildcard.allowlist) ? wildcard.allowlist : []),
+    ...(Array.isArray(agent.allowlist) ? agent.allowlist : []),
+  ];
   return {
     path: resolveExecApprovalsPath(),
     socketPath: expandHome(file.socket?.path ?? resolveExecApprovalsSocketPath()),