fix: honor tools.exec ask/security in approvals

2026-01-24 04:53:26 +00:00
parent fd23b9b209
commit 5662a9cdfc
6 changed files with 44 additions and 9 deletions
--- a/docs/tools/exec-approvals.md
+++ b/docs/tools/exec-approvals.md
@@ -12,6 +12,7 @@ Exec approvals are the **companion app / node host guardrail** for letting a san
 commands on a real host (`gateway` or `node`). Think of it like a safety interlock:
 commands are allowed only when policy + allowlist + (optional) user approval all agree.
 Exec approvals are **in addition** to tool policy and elevated gating (unless elevated is set to `full`, which skips approvals).
+Effective policy is the **stricter** of `tools.exec.*` and approvals defaults; if an approvals field is omitted, the `tools.exec` value is used.

 If the companion app UI is **not available**, any request that requires a prompt is
 resolved by the **ask fallback** (default: deny).