diff --git a/CHANGELOG.md b/CHANGELOG.md index d8cd54aac..9ba49a2ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ Docs: https://docs.clawd.bot Status: unreleased. ### Changes +- Agents: honor tools.exec.safeBins in exec allowlist checks. (#2281) - Docs: tighten Fly private deployment steps. (#2289) Thanks @dguido. - Gateway: warn on hook tokens via query params; document header auth preference. (#2200) Thanks @YuriNachos. - Doctor: warn on gateway exposure without auth. (#2016) Thanks @Alex-Alaniz. diff --git a/src/agents/pi-tools.safe-bins.test.ts b/src/agents/pi-tools.safe-bins.test.ts new file mode 100644 index 000000000..43202bbb5 --- /dev/null +++ b/src/agents/pi-tools.safe-bins.test.ts @@ -0,0 +1,78 @@ +import fs from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import { describe, expect, it, vi } from "vitest"; +import type { ClawdbotConfig } from "../config/config.js"; +import type { ExecApprovalsResolved } from "../infra/exec-approvals.js"; +import { createClawdbotCodingTools } from "./pi-tools.js"; + +vi.mock("../infra/exec-approvals.js", async (importOriginal) => { + const mod = await importOriginal(); + const approvals: ExecApprovalsResolved = { + path: "/tmp/exec-approvals.json", + socketPath: "/tmp/exec-approvals.sock", + token: "token", + defaults: { + security: "allowlist", + ask: "off", + askFallback: "deny", + autoAllowSkills: false, + }, + agent: { + security: "allowlist", + ask: "off", + askFallback: "deny", + autoAllowSkills: false, + }, + allowlist: [], + file: { + version: 1, + socket: { path: "/tmp/exec-approvals.sock", token: "token" }, + defaults: { + security: "allowlist", + ask: "off", + askFallback: "deny", + autoAllowSkills: false, + }, + agents: {}, + }, + }; + return { ...mod, resolveExecApprovals: () => approvals }; +}); + +describe("createClawdbotCodingTools safeBins", () => { + it("threads tools.exec.safeBins into exec allowlist checks", async () => { + if (process.platform === "win32") return; + + const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "clawdbot-safe-bins-")); + const cfg: ClawdbotConfig = { + tools: { + exec: { + host: "gateway", + security: "allowlist", + ask: "off", + safeBins: ["echo"], + }, + }, + }; + + const tools = createClawdbotCodingTools({ + config: cfg, + sessionKey: "agent:main:main", + workspaceDir: tmpDir, + agentDir: path.join(tmpDir, "agent"), + }); + const execTool = tools.find((tool) => tool.name === "exec"); + expect(execTool).toBeDefined(); + + const marker = `safe-bins-${Date.now()}`; + const result = await execTool!.execute("call1", { + command: `echo ${marker}`, + workdir: tmpDir, + }); + const text = result.content.find((content) => content.type === "text")?.text ?? ""; + + expect(result.details.status).toBe("completed"); + expect(text).toContain(marker); + }); +}); diff --git a/src/agents/pi-tools.ts b/src/agents/pi-tools.ts index bd745da03..9013f1e52 100644 --- a/src/agents/pi-tools.ts +++ b/src/agents/pi-tools.ts @@ -86,6 +86,7 @@ function resolveExecConfig(cfg: ClawdbotConfig | undefined) { ask: globalExec?.ask, node: globalExec?.node, pathPrepend: globalExec?.pathPrepend, + safeBins: globalExec?.safeBins, backgroundMs: globalExec?.backgroundMs, timeoutSec: globalExec?.timeoutSec, approvalRunningNoticeMs: globalExec?.approvalRunningNoticeMs, @@ -235,6 +236,7 @@ export function createClawdbotCodingTools(options?: { ask: options?.exec?.ask ?? execConfig.ask, node: options?.exec?.node ?? execConfig.node, pathPrepend: options?.exec?.pathPrepend ?? execConfig.pathPrepend, + safeBins: options?.exec?.safeBins ?? execConfig.safeBins, agentId, cwd: options?.workspaceDir, allowBackground,