let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(sandbox): drop legacy memory shorthand

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-12 22:42:57 +00:00
parent ec5099db89
commit 72100ba3ab
4 changed files with 2 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/gateway/sandbox-vs-tool-policy-vs-elevated.md
View File

@@ -79,8 +79,6 @@ Available groups:
- `group:sessions`: `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status` - `group:sessions`: `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status`
- `group:memory`: `memory_search`, `memory_get` - `group:memory`: `memory_search`, `memory_get`
Legacy shorthand: `memory` expands to `group:memory`.
## Elevated: exec-only “run on host” ## Elevated: exec-only “run on host”
Elevated does **not** grant extra tools; it only affects `exec`. Elevated does **not** grant extra tools; it only affects `exec`.

2
docs/multi-agent-sandbox-tools.md
View File

@@ -182,8 +182,6 @@ Sandbox tool policy supports `group:*` entries that expand to multiple concrete
- `group:sessions`: `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status` - `group:sessions`: `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status`
- `group:memory`: `memory_search`, `memory_get` - `group:memory`: `memory_search`, `memory_get`
Legacy shorthand: `memory` expands to `group:memory`.
### Elevated Mode ### Elevated Mode
`tools.elevated` is the global baseline (sender-based allowlist). `agents.list[].tools.elevated` can further restrict elevated for specific agents (both must allow). `tools.elevated` is the global baseline (sender-based allowlist). `agents.list[].tools.elevated` can further restrict elevated for specific agents (both must allow).

4
src/agents/sandbox-explain.test.ts
View File

@@ -65,7 +65,7 @@ describe("sandbox explain helpers", () => {
]); ]);
}); });
it("supports legacy 'memory' shorthand and deny wins after expansion", () => { it("denies still win after group expansion", () => {
const cfg: ClawdbotConfig = { const cfg: ClawdbotConfig = {
agents: { agents: {
defaults: { defaults: {
@@ -75,7 +75,7 @@ describe("sandbox explain helpers", () => {
tools: { tools: {
sandbox: { sandbox: {
tools: { tools: {
allow: ["memory"], allow: ["group:memory"],
deny: ["memory_get"], deny: ["memory_get"],
}, },
}, },

3
src/agents/sandbox.ts
View File

@@ -269,9 +269,6 @@ function expandToolGroupEntry(entry: string): string[] {
if (!raw) return []; if (!raw) return [];
const lower = raw.toLowerCase(); const lower = raw.toLowerCase();
// Back-compat shorthand: "memory" => "group:memory"
if (lower === "memory") return TOOL_GROUPS["group:memory"];
const group = TOOL_GROUPS[lower]; const group = TOOL_GROUPS[lower];
if (group) return group; if (group) return group;
return [raw]; return [raw];