refactor: satisfy swiftlint
This commit is contained in:
Peter Steinberger
@@ -280,8 +280,10 @@ enum ExecApprovalsStore {
|
|||||||
let resolvedAgent = ExecApprovalsResolvedDefaults(
|
let resolvedAgent = ExecApprovalsResolvedDefaults(
|
||||||
security: agentEntry.security ?? wildcardEntry.security ?? resolvedDefaults.security,
|
security: agentEntry.security ?? wildcardEntry.security ?? resolvedDefaults.security,
|
||||||
ask: agentEntry.ask ?? wildcardEntry.ask ?? resolvedDefaults.ask,
|
ask: agentEntry.ask ?? wildcardEntry.ask ?? resolvedDefaults.ask,
|
||||||
askFallback: agentEntry.askFallback ?? wildcardEntry.askFallback ?? resolvedDefaults.askFallback,
|
askFallback: agentEntry.askFallback ?? wildcardEntry.askFallback
|
||||||
autoAllowSkills: agentEntry.autoAllowSkills ?? wildcardEntry.autoAllowSkills ?? resolvedDefaults.autoAllowSkills)
|
?? resolvedDefaults.askFallback,
|
||||||
|
autoAllowSkills: agentEntry.autoAllowSkills ?? wildcardEntry.autoAllowSkills
|
||||||
|
?? resolvedDefaults.autoAllowSkills)
|
||||||
let allowlist = ((wildcardEntry.allowlist ?? []) + (agentEntry.allowlist ?? []))
|
let allowlist = ((wildcardEntry.allowlist ?? []) + (agentEntry.allowlist ?? []))
|
||||||
.map { entry in
|
.map { entry in
|
||||||
ExecAllowlistEntry(
|
ExecAllowlistEntry(
|
||||||
|
|||||||
@@ -191,7 +191,6 @@ struct GeneralSettings: View {
|
|||||||
if self.state.connectionMode == .remote {
|
if self.state.connectionMode == .remote {
|
||||||
self.remoteCard
|
self.remoteCard
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -480,62 +480,22 @@ actor MacNodeRuntime {
|
|||||||
message: "SYSTEM_RUN_DISABLED: security=deny")
|
message: "SYSTEM_RUN_DISABLED: security=deny")
|
||||||
}
|
}
|
||||||
|
|
||||||
let requiresAsk = ExecApprovalHelpers.requiresAsk(
|
let approval = await self.resolveSystemRunApproval(
|
||||||
ask: ask,
|
req: req,
|
||||||
security: security,
|
params: params,
|
||||||
allowlistMatch: allowlistMatch,
|
context: ExecRunContext(
|
||||||
skillAllow: skillAllow)
|
displayCommand: displayCommand,
|
||||||
|
security: security,
|
||||||
let decisionFromParams = ExecApprovalHelpers.parseDecision(params.approvalDecision)
|
ask: ask,
|
||||||
var approvedByAsk = params.approved == true || decisionFromParams != nil
|
agentId: agentId,
|
||||||
var persistAllowlist = decisionFromParams == .allowAlways
|
resolution: resolution,
|
||||||
if decisionFromParams == .deny {
|
allowlistMatch: allowlistMatch,
|
||||||
await self.emitExecEvent(
|
skillAllow: skillAllow,
|
||||||
"exec.denied",
|
sessionKey: sessionKey,
|
||||||
payload: ExecEventPayload(
|
runId: runId))
|
||||||
sessionKey: sessionKey,
|
if let response = approval.response { return response }
|
||||||
runId: runId,
|
let approvedByAsk = approval.approvedByAsk
|
||||||
host: "node",
|
let persistAllowlist = approval.persistAllowlist
|
||||||
command: displayCommand,
|
|
||||||
reason: "user-denied"))
|
|
||||||
return Self.errorResponse(
|
|
||||||
req,
|
|
||||||
code: .unavailable,
|
|
||||||
message: "SYSTEM_RUN_DENIED: user denied")
|
|
||||||
}
|
|
||||||
if requiresAsk, !approvedByAsk {
|
|
||||||
let decision = await MainActor.run {
|
|
||||||
ExecApprovalsPromptPresenter.prompt(
|
|
||||||
ExecApprovalPromptRequest(
|
|
||||||
command: displayCommand,
|
|
||||||
cwd: params.cwd,
|
|
||||||
host: "node",
|
|
||||||
security: security.rawValue,
|
|
||||||
ask: ask.rawValue,
|
|
||||||
agentId: agentId,
|
|
||||||
resolvedPath: resolution?.resolvedPath))
|
|
||||||
}
|
|
||||||
switch decision {
|
|
||||||
case .deny:
|
|
||||||
await self.emitExecEvent(
|
|
||||||
"exec.denied",
|
|
||||||
payload: ExecEventPayload(
|
|
||||||
sessionKey: sessionKey,
|
|
||||||
runId: runId,
|
|
||||||
host: "node",
|
|
||||||
command: displayCommand,
|
|
||||||
reason: "user-denied"))
|
|
||||||
return Self.errorResponse(
|
|
||||||
req,
|
|
||||||
code: .unavailable,
|
|
||||||
message: "SYSTEM_RUN_DENIED: user denied")
|
|
||||||
case .allowAlways:
|
|
||||||
approvedByAsk = true
|
|
||||||
persistAllowlist = true
|
|
||||||
case .allowOnce:
|
|
||||||
approvedByAsk = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if persistAllowlist, security == .allowlist,
|
if persistAllowlist, security == .allowlist,
|
||||||
let pattern = ExecApprovalHelpers.allowlistPattern(command: command, resolution: resolution)
|
let pattern = ExecApprovalHelpers.allowlistPattern(command: command, resolution: resolution)
|
||||||
{
|
{
|
||||||
@@ -659,6 +619,99 @@ actor MacNodeRuntime {
|
|||||||
return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payload)
|
return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payload)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private struct ExecApprovalOutcome {
|
||||||
|
var approvedByAsk: Bool
|
||||||
|
var persistAllowlist: Bool
|
||||||
|
var response: BridgeInvokeResponse?
|
||||||
|
}
|
||||||
|
|
||||||
|
private struct ExecRunContext {
|
||||||
|
var displayCommand: String
|
||||||
|
var security: ExecSecurity
|
||||||
|
var ask: ExecAsk
|
||||||
|
var agentId: String?
|
||||||
|
var resolution: ExecCommandResolution?
|
||||||
|
var allowlistMatch: ExecAllowlistEntry?
|
||||||
|
var skillAllow: Bool
|
||||||
|
var sessionKey: String
|
||||||
|
var runId: String
|
||||||
|
}
|
||||||
|
|
||||||
|
private func resolveSystemRunApproval(
|
||||||
|
req: BridgeInvokeRequest,
|
||||||
|
params: ClawdbotSystemRunParams,
|
||||||
|
context: ExecRunContext) async -> ExecApprovalOutcome
|
||||||
|
{
|
||||||
|
let requiresAsk = ExecApprovalHelpers.requiresAsk(
|
||||||
|
ask: context.ask,
|
||||||
|
security: context.security,
|
||||||
|
allowlistMatch: context.allowlistMatch,
|
||||||
|
skillAllow: context.skillAllow)
|
||||||
|
|
||||||
|
let decisionFromParams = ExecApprovalHelpers.parseDecision(params.approvalDecision)
|
||||||
|
var approvedByAsk = params.approved == true || decisionFromParams != nil
|
||||||
|
var persistAllowlist = decisionFromParams == .allowAlways
|
||||||
|
if decisionFromParams == .deny {
|
||||||
|
await self.emitExecEvent(
|
||||||
|
"exec.denied",
|
||||||
|
payload: ExecEventPayload(
|
||||||
|
sessionKey: context.sessionKey,
|
||||||
|
runId: context.runId,
|
||||||
|
host: "node",
|
||||||
|
command: context.displayCommand,
|
||||||
|
reason: "user-denied"))
|
||||||
|
return ExecApprovalOutcome(
|
||||||
|
approvedByAsk: approvedByAsk,
|
||||||
|
persistAllowlist: persistAllowlist,
|
||||||
|
response: Self.errorResponse(
|
||||||
|
req,
|
||||||
|
code: .unavailable,
|
||||||
|
message: "SYSTEM_RUN_DENIED: user denied"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if requiresAsk, !approvedByAsk {
|
||||||
|
let decision = await MainActor.run {
|
||||||
|
ExecApprovalsPromptPresenter.prompt(
|
||||||
|
ExecApprovalPromptRequest(
|
||||||
|
command: context.displayCommand,
|
||||||
|
cwd: params.cwd,
|
||||||
|
host: "node",
|
||||||
|
security: context.security.rawValue,
|
||||||
|
ask: context.ask.rawValue,
|
||||||
|
agentId: context.agentId,
|
||||||
|
resolvedPath: context.resolution?.resolvedPath))
|
||||||
|
}
|
||||||
|
switch decision {
|
||||||
|
case .deny:
|
||||||
|
await self.emitExecEvent(
|
||||||
|
"exec.denied",
|
||||||
|
payload: ExecEventPayload(
|
||||||
|
sessionKey: context.sessionKey,
|
||||||
|
runId: context.runId,
|
||||||
|
host: "node",
|
||||||
|
command: context.displayCommand,
|
||||||
|
reason: "user-denied"))
|
||||||
|
return ExecApprovalOutcome(
|
||||||
|
approvedByAsk: approvedByAsk,
|
||||||
|
persistAllowlist: persistAllowlist,
|
||||||
|
response: Self.errorResponse(
|
||||||
|
req,
|
||||||
|
code: .unavailable,
|
||||||
|
message: "SYSTEM_RUN_DENIED: user denied"))
|
||||||
|
case .allowAlways:
|
||||||
|
approvedByAsk = true
|
||||||
|
persistAllowlist = true
|
||||||
|
case .allowOnce:
|
||||||
|
approvedByAsk = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return ExecApprovalOutcome(
|
||||||
|
approvedByAsk: approvedByAsk,
|
||||||
|
persistAllowlist: persistAllowlist,
|
||||||
|
response: nil)
|
||||||
|
}
|
||||||
|
|
||||||
private func handleSystemExecApprovalsGet(_ req: BridgeInvokeRequest) async throws -> BridgeInvokeResponse {
|
private func handleSystemExecApprovalsGet(_ req: BridgeInvokeRequest) async throws -> BridgeInvokeResponse {
|
||||||
_ = ExecApprovalsStore.ensureFile()
|
_ = ExecApprovalsStore.ensureFile()
|
||||||
let snapshot = ExecApprovalsStore.readSnapshot()
|
let snapshot = ExecApprovalsStore.readSnapshot()
|
||||||
|
|||||||
@@ -47,7 +47,6 @@ struct PermissionStatusList: View {
|
|||||||
.font(.footnote)
|
.font(.footnote)
|
||||||
.padding(.top, 2)
|
.padding(.top, 2)
|
||||||
.help("Refresh status")
|
.help("Refresh status")
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -221,6 +221,6 @@ final class TailscaleService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
nonisolated static func fallbackTailnetIPv4() -> String? {
|
nonisolated static func fallbackTailnetIPv4() -> String? {
|
||||||
Self.detectTailnetIPv4()
|
self.detectTailnetIPv4()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -48,7 +48,10 @@ import Testing
|
|||||||
|
|
||||||
@Test func expectedGatewayVersionFromStringUsesParser() {
|
@Test func expectedGatewayVersionFromStringUsesParser() {
|
||||||
#expect(GatewayEnvironment.expectedGatewayVersion(from: "v9.1.2") == Semver(major: 9, minor: 1, patch: 2))
|
#expect(GatewayEnvironment.expectedGatewayVersion(from: "v9.1.2") == Semver(major: 9, minor: 1, patch: 2))
|
||||||
#expect(GatewayEnvironment.expectedGatewayVersion(from: "2026.1.11-4") == Semver(major: 2026, minor: 1, patch: 11))
|
#expect(GatewayEnvironment.expectedGatewayVersion(from: "2026.1.11-4") == Semver(
|
||||||
|
major: 2026,
|
||||||
|
minor: 1,
|
||||||
|
patch: 11))
|
||||||
#expect(GatewayEnvironment.expectedGatewayVersion(from: nil) == nil)
|
#expect(GatewayEnvironment.expectedGatewayVersion(from: nil) == nil)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user