let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: treat tools.alsoAllow as implicit allow-all when no allowlist

Browse Source
This commit is contained in:
Vignesh Natarajan
2026-01-25 00:36:47 -08:00
committed by Pocket Clawd
parent 2ad3508a33
commit d62b7c0d1e
2 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/agents/pi-tools.policy.ts
View File

@@ -103,7 +103,11 @@ type ToolPolicyConfig = {
function unionAllow(base?: string[], extra?: string[]) {
if (!Array.isArray(extra) || extra.length === 0) return base;
if (!Array.isArray(base) || base.length === 0) return base;
// If the user is using alsoAllow without an allowlist, treat it as additive on top of
// an implicit allow-all policy.
if (!Array.isArray(base) || base.length === 0) {
return Array.from(new Set(["*", ...extra]));
}
return Array.from(new Set([...base, ...extra]));
}
@@ -111,7 +115,9 @@ function pickToolPolicy(config?: ToolPolicyConfig): SandboxToolPolicy | undefine
if (!config) return undefined;
const allow = Array.isArray(config.allow)
? unionAllow(config.allow, config.alsoAllow)
: undefined;
: Array.isArray(config.alsoAllow) && config.alsoAllow.length > 0
? unionAllow(undefined, config.alsoAllow)
: undefined;
const deny = Array.isArray(config.deny) ? config.deny : undefined;
if (!allow && !deny) return undefined;
return { allow, deny };