feat: add /exec session overrides

2026-01-18 06:11:38 +00:00
parent 1d8614c7c2
commit 8f7f7ee7dc
28 changed files with 615 additions and 8 deletions
--- a/src/gateway/protocol/schema/sessions.ts
+++ b/src/gateway/protocol/schema/sessions.ts
@@ -45,6 +45,10 @@ export const SessionsPatchParamsSchema = Type.Object(
      ]),
    ),
    elevatedLevel: Type.Optional(Type.Union([NonEmptyString, Type.Null()])),
+    execHost: Type.Optional(Type.Union([NonEmptyString, Type.Null()])),
+    execSecurity: Type.Optional(Type.Union([NonEmptyString, Type.Null()])),
+    execAsk: Type.Optional(Type.Union([NonEmptyString, Type.Null()])),
+    execNode: Type.Optional(Type.Union([NonEmptyString, Type.Null()])),
    model: Type.Optional(Type.Union([NonEmptyString, Type.Null()])),
    spawnedBy: Type.Optional(Type.Union([NonEmptyString, Type.Null()])),
    sendPolicy: Type.Optional(
--- a/src/gateway/sessions-patch.ts
+++ b/src/gateway/sessions-patch.ts
@@ -30,6 +30,30 @@ function invalid(message: string): { ok: false; error: ErrorShape } {
  return { ok: false, error: errorShape(ErrorCodes.INVALID_REQUEST, message) };
 }

+function normalizeExecHost(raw: string): "sandbox" | "gateway" | "node" | undefined {
+  const normalized = raw.trim().toLowerCase();
+  if (normalized === "sandbox" || normalized === "gateway" || normalized === "node") {
+    return normalized;
+  }
+  return undefined;
+}
+
+function normalizeExecSecurity(raw: string): "deny" | "allowlist" | "full" | undefined {
+  const normalized = raw.trim().toLowerCase();
+  if (normalized === "deny" || normalized === "allowlist" || normalized === "full") {
+    return normalized;
+  }
+  return undefined;
+}
+
+function normalizeExecAsk(raw: string): "off" | "on-miss" | "always" | undefined {
+  const normalized = raw.trim().toLowerCase();
+  if (normalized === "off" || normalized === "on-miss" || normalized === "always") {
+    return normalized;
+  }
+  return undefined;
+}
+
 export async function applySessionsPatchToStore(params: {
  cfg: ClawdbotConfig;
  store: Record<string, SessionEntry>;
@@ -150,6 +174,50 @@ export async function applySessionsPatchToStore(params: {
    }
  }

+  if ("execHost" in patch) {
+    const raw = patch.execHost;
+    if (raw === null) {
+      delete next.execHost;
+    } else if (raw !== undefined) {
+      const normalized = normalizeExecHost(String(raw));
+      if (!normalized) return invalid('invalid execHost (use "sandbox"|"gateway"|"node")');
+      next.execHost = normalized;
+    }
+  }
+
+  if ("execSecurity" in patch) {
+    const raw = patch.execSecurity;
+    if (raw === null) {
+      delete next.execSecurity;
+    } else if (raw !== undefined) {
+      const normalized = normalizeExecSecurity(String(raw));
+      if (!normalized) return invalid('invalid execSecurity (use "deny"|"allowlist"|"full")');
+      next.execSecurity = normalized;
+    }
+  }
+
+  if ("execAsk" in patch) {
+    const raw = patch.execAsk;
+    if (raw === null) {
+      delete next.execAsk;
+    } else if (raw !== undefined) {
+      const normalized = normalizeExecAsk(String(raw));
+      if (!normalized) return invalid('invalid execAsk (use "off"|"on-miss"|"always")');
+      next.execAsk = normalized;
+    }
+  }
+
+  if ("execNode" in patch) {
+    const raw = patch.execNode;
+    if (raw === null) {
+      delete next.execNode;
+    } else if (raw !== undefined) {
+      const trimmed = String(raw).trim();
+      if (!trimmed) return invalid("invalid execNode: empty");
+      next.execNode = trimmed;
+    }
+  }
+
  if ("model" in patch) {
    const raw = patch.model;
    if (raw === null) {