let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: remove unreachable approval fallback

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-18 22:25:58 +00:00
parent 85d1835476
commit ed5ece4120
1 changed files with 4 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
apps/macos/Sources/Clawdbot/NodeMode/MacNodeRuntime.swift
View File

@@ -443,7 +443,6 @@ actor MacNodeRuntime {
let approvals = ExecApprovalsStore.resolve(agentId: agentId) let approvals = ExecApprovalsStore.resolve(agentId: agentId)
let security = approvals.agent.security let security = approvals.agent.security
let ask = approvals.agent.ask let ask = approvals.agent.ask
let askFallback = approvals.agent.askFallback
let autoAllowSkills = approvals.agent.autoAllowSkills let autoAllowSkills = approvals.agent.autoAllowSkills
let sessionKey = (params.sessionKey?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false) let sessionKey = (params.sessionKey?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false)
? params.sessionKey!.trimmingCharacters(in: .whitespacesAndNewlines) ? params.sessionKey!.trimmingCharacters(in: .whitespacesAndNewlines)
@@ -489,7 +488,7 @@ actor MacNodeRuntime {
var approvedByAsk = false var approvedByAsk = false
if requiresAsk { if requiresAsk {
let decision: ExecApprovalDecision? = await ExecApprovalsPromptPresenter.prompt( let decision = await ExecApprovalsPromptPresenter.prompt(
ExecApprovalPromptRequest( ExecApprovalPromptRequest(
command: displayCommand, command: displayCommand,
cwd: params.cwd, cwd: params.cwd,
@@ -500,7 +499,7 @@ actor MacNodeRuntime {
resolvedPath: resolution?.resolvedPath)) resolvedPath: resolution?.resolvedPath))
switch decision { switch decision {
case .deny?: case .deny:
await self.emitExecEvent( await self.emitExecEvent(
"exec.denied", "exec.denied",
payload: ExecEventPayload( payload: ExecEventPayload(
@@ -513,41 +512,7 @@ actor MacNodeRuntime {
req, req,
code: .unavailable, code: .unavailable,
message: "SYSTEM_RUN_DENIED: user denied") message: "SYSTEM_RUN_DENIED: user denied")
case nil: case .allowAlways:
if askFallback == .full {
approvedByAsk = true
} else if askFallback == .allowlist {
if allowlistMatch != nil || skillAllow {
approvedByAsk = true
} else {
await self.emitExecEvent(
"exec.denied",
payload: ExecEventPayload(
sessionKey: sessionKey,
runId: runId,
host: "node",
command: displayCommand,
reason: "approval-required"))
return Self.errorResponse(
req,
code: .unavailable,
message: "SYSTEM_RUN_DENIED: approval required")
}
} else {
await self.emitExecEvent(
"exec.denied",
payload: ExecEventPayload(
sessionKey: sessionKey,
runId: runId,
host: "node",
command: displayCommand,
reason: "approval-required"))
return Self.errorResponse(
req,
code: .unavailable,
message: "SYSTEM_RUN_DENIED: approval required")
}
case .allowAlways?:
approvedByAsk = true approvedByAsk = true
if security == .allowlist { if security == .allowlist {
let pattern = resolution?.resolvedPath ?? let pattern = resolution?.resolvedPath ??
@@ -558,7 +523,7 @@ actor MacNodeRuntime {
ExecApprovalsStore.addAllowlistEntry(agentId: agentId, pattern: pattern) ExecApprovalsStore.addAllowlistEntry(agentId: agentId, pattern: pattern)
} }
} }
case .allowOnce?: case .allowOnce:
approvedByAsk = true approvedByAsk = true
} }
} }