let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(build): restore tool policy typing

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-15 04:33:35 +00:00
parent 1baa55c145
commit eb3e865f15
3 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/config/types.tools.ts
View File

@@ -7,6 +7,15 @@ export type AgentToolsConfig = {
profile?: ToolProfileId; profile?: ToolProfileId;
allow?: string[]; allow?: string[];
deny?: string[]; deny?: string[];
/** Optional tool policy overrides keyed by provider id or "provider/model". */
byProvider?: Record<
string,
{
profile?: ToolProfileId;
allow?: string[];
deny?: string[];
}
>;
/** Per-agent elevated exec gate (can only further restrict global tools.elevated). */ /** Per-agent elevated exec gate (can only further restrict global tools.elevated). */
elevated?: { elevated?: {
/** Enable or disable elevated mode for this agent (default: true). */ /** Enable or disable elevated mode for this agent (default: true). */
@@ -73,6 +82,15 @@ export type ToolsConfig = {
profile?: ToolProfileId; profile?: ToolProfileId;
allow?: string[]; allow?: string[];
deny?: string[]; deny?: string[];
/** Optional tool policy overrides keyed by provider id or "provider/model". */
byProvider?: Record<
string,
{
profile?: ToolProfileId;
allow?: string[];
deny?: string[];
}
>;
web?: { web?: {
search?: { search?: {
/** Enable web search tool (default: true when API key is present). */ /** Enable web search tool (default: true when API key is present). */

8
src/config/zod-schema.agent-runtime.ts
View File

@@ -146,6 +146,12 @@ export const ToolProfileSchema = z
.union([z.literal("minimal"), z.literal("coding"), z.literal("messaging"), z.literal("full")]) .union([z.literal("minimal"), z.literal("coding"), z.literal("messaging"), z.literal("full")])
.optional(); .optional();
const ByProviderPolicySchema = z.object({
profile: ToolProfileSchema,
allow: z.array(z.string()).optional(),
deny: z.array(z.string()).optional(),
});
// Provider docking: allowlists keyed by provider id (no schema updates when adding providers). // Provider docking: allowlists keyed by provider id (no schema updates when adding providers).
export const ElevatedAllowFromSchema = z export const ElevatedAllowFromSchema = z
.record(z.string(), z.array(z.union([z.string(), z.number()]))) .record(z.string(), z.array(z.union([z.string(), z.number()])))
@@ -170,6 +176,7 @@ export const AgentToolsSchema = z
profile: ToolProfileSchema, profile: ToolProfileSchema,
allow: z.array(z.string()).optional(), allow: z.array(z.string()).optional(),
deny: z.array(z.string()).optional(), deny: z.array(z.string()).optional(),
byProvider: z.record(z.string(), ByProviderPolicySchema).optional(),
elevated: z elevated: z
.object({ .object({
enabled: z.boolean().optional(), enabled: z.boolean().optional(),
@@ -273,6 +280,7 @@ export const ToolsSchema = z
profile: ToolProfileSchema, profile: ToolProfileSchema,
allow: z.array(z.string()).optional(), allow: z.array(z.string()).optional(),
deny: z.array(z.string()).optional(), deny: z.array(z.string()).optional(),
byProvider: z.record(z.string(), ByProviderPolicySchema).optional(),
web: ToolsWebSchema, web: ToolsWebSchema,
audio: z audio: z
.object({ .object({

4
src/gateway/server-methods/config.ts
View File

@@ -27,7 +27,7 @@ import {
validateConfigSchemaParams, validateConfigSchemaParams,
validateConfigSetParams, validateConfigSetParams,
} from "../protocol/index.js"; } from "../protocol/index.js";
import type { GatewayRequestHandlers } from "./types.js"; import type { GatewayRequestHandlers, RespondFn } from "./types.js";
function resolveBaseHash(params: unknown): string | null { function resolveBaseHash(params: unknown): string | null {
const raw = (params as { baseHash?: unknown })?.baseHash; const raw = (params as { baseHash?: unknown })?.baseHash;
@@ -39,7 +39,7 @@ function resolveBaseHash(params: unknown): string | null {
function requireConfigBaseHash( function requireConfigBaseHash(
params: unknown, params: unknown,
snapshot: Awaited<ReturnType<typeof readConfigFileSnapshot>>, snapshot: Awaited<ReturnType<typeof readConfigFileSnapshot>>,
respond: (ok: boolean, payload?: unknown, error?: unknown) => void, respond: RespondFn,
): boolean { ): boolean {
if (!snapshot.exists) return true; if (!snapshot.exists) return true;
if (typeof snapshot.raw !== "string" || !snapshot.hash) { if (typeof snapshot.raw !== "string" || !snapshot.hash) {