feat: allow session_status in sandbox
This commit is contained in:
Peter Steinberger
@@ -509,7 +509,7 @@ Read-only tools + read-only workspace:
|
|||||||
workspaceAccess: "ro"
|
workspaceAccess: "ro"
|
||||||
},
|
},
|
||||||
tools: {
|
tools: {
|
||||||
allow: ["read", "sessions_list", "sessions_history", "sessions_send", "sessions_spawn"],
|
allow: ["read", "sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status"],
|
||||||
deny: ["write", "edit", "bash", "process", "browser"]
|
deny: ["write", "edit", "bash", "process", "browser"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -532,7 +532,7 @@ No filesystem access (messaging/session tools enabled):
|
|||||||
workspaceAccess: "none"
|
workspaceAccess: "none"
|
||||||
},
|
},
|
||||||
tools: {
|
tools: {
|
||||||
allow: ["sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "whatsapp", "telegram", "slack", "discord", "gateway"],
|
allow: ["sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status", "whatsapp", "telegram", "slack", "discord", "gateway"],
|
||||||
deny: ["read", "write", "edit", "bash", "process", "browser", "canvas", "nodes", "cron", "gateway", "image"]
|
deny: ["read", "write", "edit", "bash", "process", "browser", "canvas", "nodes", "cron", "gateway", "image"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1297,7 +1297,7 @@ Defaults (if enabled):
|
|||||||
- `"ro"`: keep the sandbox workspace at `/workspace`, and mount the agent workspace read-only at `/agent` (disables `write`/`edit`)
|
- `"ro"`: keep the sandbox workspace at `/workspace`, and mount the agent workspace read-only at `/agent` (disables `write`/`edit`)
|
||||||
- `"rw"`: mount the agent workspace read/write at `/workspace`
|
- `"rw"`: mount the agent workspace read/write at `/workspace`
|
||||||
- auto-prune: idle > 24h OR age > 7d
|
- auto-prune: idle > 24h OR age > 7d
|
||||||
- tool policy: allow only `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn` (deny wins)
|
- tool policy: allow only `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status` (deny wins)
|
||||||
- configure via `tools.sandbox.tools`, override per-agent via `agents.list[].tools.sandbox.tools`
|
- configure via `tools.sandbox.tools`, override per-agent via `agents.list[].tools.sandbox.tools`
|
||||||
- optional sandboxed browser (Chromium + CDP, noVNC observer)
|
- optional sandboxed browser (Chromium + CDP, noVNC observer)
|
||||||
- hardening knobs: `network`, `user`, `pidsLimit`, `memory`, `cpus`, `ulimits`, `seccompProfile`, `apparmorProfile`
|
- hardening knobs: `network`, `user`, `pidsLimit`, `memory`, `cpus`, `ulimits`, `seccompProfile`, `apparmorProfile`
|
||||||
@@ -1362,7 +1362,7 @@ Legacy: `perSession` is still supported (`true` → `scope: "session"`,
|
|||||||
tools: {
|
tools: {
|
||||||
sandbox: {
|
sandbox: {
|
||||||
tools: {
|
tools: {
|
||||||
allow: ["bash", "process", "read", "write", "edit", "sessions_list", "sessions_history", "sessions_send", "sessions_spawn"],
|
allow: ["bash", "process", "read", "write", "edit", "sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status"],
|
||||||
deny: ["browser", "canvas", "nodes", "cron", "discord", "gateway"]
|
deny: ["browser", "canvas", "nodes", "cron", "discord", "gateway"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -241,7 +241,7 @@ Common use cases:
|
|||||||
workspaceAccess: "none"
|
workspaceAccess: "none"
|
||||||
},
|
},
|
||||||
tools: {
|
tools: {
|
||||||
allow: ["sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "whatsapp", "telegram", "slack", "discord", "gateway"],
|
allow: ["sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status", "whatsapp", "telegram", "slack", "discord", "gateway"],
|
||||||
deny: ["read", "write", "edit", "bash", "process", "browser", "canvas", "nodes", "cron", "gateway", "image"]
|
deny: ["read", "write", "edit", "bash", "process", "browser", "canvas", "nodes", "cron", "gateway", "image"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -178,7 +178,7 @@ precedence, and troubleshooting.
|
|||||||
- `"rw"` mounts the agent workspace read/write at `/workspace`
|
- `"rw"` mounts the agent workspace read/write at `/workspace`
|
||||||
- Auto-prune: idle > 24h OR age > 7d
|
- Auto-prune: idle > 24h OR age > 7d
|
||||||
- Network: `none` by default (explicitly opt-in if you need egress)
|
- Network: `none` by default (explicitly opt-in if you need egress)
|
||||||
- Default allow: `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`
|
- Default allow: `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status`
|
||||||
- Default deny: `browser`, `canvas`, `nodes`, `cron`, `discord`, `gateway`
|
- Default deny: `browser`, `canvas`, `nodes`, `cron`, `discord`, `gateway`
|
||||||
|
|
||||||
### Enable sandboxing
|
### Enable sandboxing
|
||||||
@@ -225,7 +225,7 @@ precedence, and troubleshooting.
|
|||||||
tools: {
|
tools: {
|
||||||
sandbox: {
|
sandbox: {
|
||||||
tools: {
|
tools: {
|
||||||
allow: ["bash", "process", "read", "write", "edit", "sessions_list", "sessions_history", "sessions_send", "sessions_spawn"],
|
allow: ["bash", "process", "read", "write", "edit", "sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status"],
|
||||||
deny: ["browser", "canvas", "nodes", "cron", "discord", "gateway"]
|
deny: ["browser", "canvas", "nodes", "cron", "discord", "gateway"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -253,7 +253,7 @@ Legacy `agent.*` configs are migrated by `clawdbot doctor`; prefer `agents.defau
|
|||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"tools": {
|
"tools": {
|
||||||
"allow": ["sessions_list", "sessions_send", "sessions_history"],
|
"allow": ["sessions_list", "sessions_send", "sessions_history", "session_status"],
|
||||||
"deny": ["bash", "write", "edit", "read", "browser"]
|
"deny": ["bash", "write", "edit", "read", "browser"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -193,7 +193,7 @@ Notes:
|
|||||||
- Use `delayMs` (defaults to 2000) to avoid interrupting an in-flight reply.
|
- Use `delayMs` (defaults to 2000) to avoid interrupting an in-flight reply.
|
||||||
- `restart` is disabled by default; enable with `commands.restart: true`.
|
- `restart` is disabled by default; enable with `commands.restart: true`.
|
||||||
|
|
||||||
### `sessions_list` / `sessions_history` / `sessions_send` / `sessions_spawn`
|
### `sessions_list` / `sessions_history` / `sessions_send` / `sessions_spawn` / `session_status`
|
||||||
List sessions, inspect transcript history, or send to another session.
|
List sessions, inspect transcript history, or send to another session.
|
||||||
|
|
||||||
Core parameters:
|
Core parameters:
|
||||||
@@ -201,6 +201,7 @@ Core parameters:
|
|||||||
- `sessions_history`: `sessionKey`, `limit?`, `includeTools?`
|
- `sessions_history`: `sessionKey`, `limit?`, `includeTools?`
|
||||||
- `sessions_send`: `sessionKey`, `message`, `timeoutSeconds?` (0 = fire-and-forget)
|
- `sessions_send`: `sessionKey`, `message`, `timeoutSeconds?` (0 = fire-and-forget)
|
||||||
- `sessions_spawn`: `task`, `label?`, `agentId?`, `model?`, `runTimeoutSeconds?`, `cleanup?`
|
- `sessions_spawn`: `task`, `label?`, `agentId?`, `model?`, `runTimeoutSeconds?`, `cleanup?`
|
||||||
|
- `session_status`: `sessionKey?` (default current), `model?` (`default` clears override)
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
- `main` is the canonical direct-chat key; global/unknown are hidden.
|
- `main` is the canonical direct-chat key; global/unknown are hidden.
|
||||||
|
|||||||
@@ -468,4 +468,22 @@ describe("Agent-specific sandbox config", () => {
|
|||||||
deny: ["edit"],
|
deny: ["edit"],
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("includes session_status in default sandbox allowlist", async () => {
|
||||||
|
const { resolveSandboxConfigForAgent } = await import("./sandbox.js");
|
||||||
|
|
||||||
|
const cfg: ClawdbotConfig = {
|
||||||
|
agents: {
|
||||||
|
defaults: {
|
||||||
|
sandbox: {
|
||||||
|
mode: "all",
|
||||||
|
scope: "agent",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
const sandbox = resolveSandboxConfigForAgent(cfg, "main");
|
||||||
|
expect(sandbox.tools.allow).toContain("session_status");
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -141,6 +141,7 @@ const DEFAULT_TOOL_ALLOW = [
|
|||||||
"sessions_history",
|
"sessions_history",
|
||||||
"sessions_send",
|
"sessions_send",
|
||||||
"sessions_spawn",
|
"sessions_spawn",
|
||||||
|
"session_status",
|
||||||
];
|
];
|
||||||
const DEFAULT_TOOL_DENY = [
|
const DEFAULT_TOOL_DENY = [
|
||||||
"browser",
|
"browser",
|
||||||
|
|||||||
Reference in New Issue
Block a user