let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: show node PATH and bootstrap node host env

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-21 11:06:14 +00:00
parent dc06b225cd
commit 9bd6b3fd54
8 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@@ -4,7 +4,14 @@ Docs: https://docs.clawd.bot
## 2026.1.21
### Changes
- CLI: default exec approvals to the local host, add gateway/node targeting flags, and show target details in allowlist output.
- Exec approvals: support wildcard agent allowlists (`*`) across all agents.
- Nodes: expose node PATH in status/describe and bootstrap PATH for node-host execution.
### Fixes
- Nodes tool: include agent/node/gateway context in tool failure logs to speed approval debugging.
- macOS: exec approvals now respect wildcard agent allowlists (`*`).
- UI: remove the chat stop button and keep the composer aligned to the bottom edge.
- Configure: restrict the model allowlist picker to OAuth-compatible Anthropic models and preselect Opus 4.5.

13
src/cli/nodes-cli/register.status.ts
View File

@@ -44,6 +44,15 @@ function formatNodeVersions(node: {
return parts.length > 0 ? parts.join(" · ") : null;
}
function formatPathEnv(raw?: string): string | null {
if (typeof raw !== "string") return null;
const trimmed = raw.trim();
if (!trimmed) return null;
const parts = trimmed.split(":").filter(Boolean);
if (parts.length <= 3) return trimmed;
return `${parts.slice(0, 2).join(":")}:…:${parts.slice(-1)[0]}`;
}
function parseSinceMs(raw: unknown, label: string): number | undefined {
if (raw === undefined || raw === null) return undefined;
const value =
@@ -126,11 +135,13 @@ export function registerNodesStatusCommands(nodes: Command) {
const name = n.displayName?.trim() ? n.displayName.trim() : n.nodeId;
const perms = formatPermissions(n.permissions);
const versions = formatNodeVersions(n);
const pathEnv = formatPathEnv(n.pathEnv);
const detailParts = [
n.deviceFamily ? `device: ${n.deviceFamily}` : null,
n.modelIdentifier ? `hw: ${n.modelIdentifier}` : null,
perms ? `perms: ${perms}` : null,
versions,
pathEnv ? `path: ${pathEnv}` : null,
].filter(Boolean) as string[];
const caps = Array.isArray(n.caps)
? n.caps.map(String).filter(Boolean).sort().join(", ")
@@ -201,6 +212,7 @@ export function registerNodesStatusCommands(nodes: Command) {
const family = typeof obj.deviceFamily === "string" ? obj.deviceFamily : null;
const model = typeof obj.modelIdentifier === "string" ? obj.modelIdentifier : null;
const ip = typeof obj.remoteIp === "string" ? obj.remoteIp : null;
const pathEnv = typeof obj.pathEnv === "string" ? obj.pathEnv : null;
const versions = formatNodeVersions(
obj as {
platform?: string;
@@ -223,6 +235,7 @@ export function registerNodesStatusCommands(nodes: Command) {
model ? { Field: "Model", Value: model } : null,
perms ? { Field: "Perms", Value: perms } : null,
versions ? { Field: "Version", Value: versions } : null,
pathEnv ? { Field: "PATH", Value: pathEnv } : null,
{ Field: "Status", Value: status },
{ Field: "Caps", Value: caps ? caps.join(", ") : "?" },
].filter(Boolean) as Array<{ Field: string; Value: string }>;

1
src/cli/nodes-cli/types.ts
View File

@@ -53,6 +53,7 @@ export type NodeListNode = {
remoteIp?: string;
deviceFamily?: string;
modelIdentifier?: string;
pathEnv?: string;
caps?: string[];
commands?: string[];
permissions?: Record<string, boolean>;

2
src/gateway/client.ts
View File

@@ -53,6 +53,7 @@ export type GatewayClientOptions = {
caps?: string[];
commands?: string[];
permissions?: Record<string, boolean>;
pathEnv?: string;
deviceIdentity?: DeviceIdentity;
minProtocol?: number;
maxProtocol?: number;
@@ -232,6 +233,7 @@ export class GatewayClient {
this.opts.permissions && typeof this.opts.permissions === "object"
? this.opts.permissions
: undefined,
pathEnv: this.opts.pathEnv,
auth,
role,
scopes,

6
src/gateway/node-registry.ts
View File

@@ -17,6 +17,7 @@ export type NodeSession = {
caps: string[];
commands: string[];
permissions?: Record<string, boolean>;
pathEnv?: string;
connectedAtMs: number;
};
@@ -51,6 +52,10 @@ export class NodeRegistry {
typeof (connect as { permissions?: Record<string, boolean> }).permissions === "object"
? ((connect as { permissions?: Record<string, boolean> }).permissions ?? undefined)
: undefined;
const pathEnv =
typeof (connect as { pathEnv?: string }).pathEnv === "string"
? (connect as { pathEnv?: string }).pathEnv
: undefined;
const session: NodeSession = {
nodeId,
connId: client.connId,
@@ -66,6 +71,7 @@ export class NodeRegistry {
caps,
commands,
permissions,
pathEnv,
connectedAtMs: Date.now(),
};
this.nodesById.set(nodeId, session);

1
src/gateway/protocol/schema/frames.ts
View File

@@ -37,6 +37,7 @@ export const ConnectParamsSchema = Type.Object(
caps: Type.Optional(Type.Array(NonEmptyString, { default: [] })),
commands: Type.Optional(Type.Array(NonEmptyString)),
permissions: Type.Optional(Type.Record(NonEmptyString, Type.Boolean())),
pathEnv: Type.Optional(Type.String()),
role: Type.Optional(NonEmptyString),
scopes: Type.Optional(Type.Array(NonEmptyString)),
device: Type.Optional(

2
src/gateway/server-methods/nodes.ts
View File

@@ -275,6 +275,7 @@ export const nodeHandlers: GatewayRequestHandlers = {
remoteIp: live?.remoteIp ?? paired?.remoteIp,
caps,
commands,
pathEnv: live?.pathEnv,
permissions: live?.permissions ?? paired?.permissions,
connectedAtMs: live?.connectedAtMs,
paired: Boolean(paired),
@@ -338,6 +339,7 @@ export const nodeHandlers: GatewayRequestHandlers = {
remoteIp: live?.remoteIp ?? paired?.remoteIp,
caps,
commands,
pathEnv: live?.pathEnv,
permissions: live?.permissions,
connectedAtMs: live?.connectedAtMs,
paired: Boolean(paired),

16
src/node-host/runner.ts
View File

@@ -25,6 +25,7 @@ import {
import { getMachineDisplayName } from "../infra/machine-name.js";
import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js";
import { loadConfig } from "../config/config.js";
import { ensureClawdbotCliOnPath } from "../infra/path-env.js";
import { VERSION } from "../version.js";
import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
@@ -102,6 +103,7 @@ type NodeInvokeRequestPayload = {
const OUTPUT_CAP = 200_000;
const OUTPUT_EVENT_TAIL = 20_000;
const DEFAULT_NODE_PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
const execHostEnforced = process.env.CLAWDBOT_NODE_EXEC_HOST?.trim().toLowerCase() === "app";
const execHostFallbackAllowed =
@@ -287,10 +289,18 @@ function resolveEnvPath(env?: Record<string, string>): string[] {
(env as Record<string, string>)?.Path ??
process.env.PATH ??
process.env.Path ??
"";
DEFAULT_NODE_PATH;
return raw.split(path.delimiter).filter(Boolean);
}
function ensureNodePathEnv(): string {
ensureClawdbotCliOnPath({ pathEnv: process.env.PATH ?? "" });
const current = process.env.PATH ?? "";
if (current.trim()) return current;
process.env.PATH = DEFAULT_NODE_PATH;
return DEFAULT_NODE_PATH;
}
function resolveExecutable(bin: string, env?: Record<string, string>) {
if (bin.includes("/") || bin.includes("\\")) return null;
const extensions =
@@ -369,6 +379,9 @@ export async function runNodeHost(opts: NodeHostRunOptions): Promise<void> {
const port = gateway.port ?? 18789;
const scheme = gateway.tls ? "wss" : "ws";
const url = `${scheme}://${host}:${port}`;
const pathEnv = ensureNodePathEnv();
// eslint-disable-next-line no-console
console.log(`node host PATH: ${pathEnv}`);
const client = new GatewayClient({
url,
@@ -389,6 +402,7 @@ export async function runNodeHost(opts: NodeHostRunOptions): Promise<void> {
"system.execApprovals.get",
"system.execApprovals.set",
],
pathEnv,
permissions: undefined,
deviceIdentity: loadOrCreateDeviceIdentity(),
tlsFingerprint: gateway.tlsFingerprint,