mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-03 03:03:24 -04:00
fix(security): centralize owner-only tool gating and scope maps
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
import { collectTextContentBlocks } from "../../agents/content-blocks.js";
|
||||
import { createOpenClawTools } from "../../agents/openclaw-tools.js";
|
||||
import type { SkillCommandSpec } from "../../agents/skills.js";
|
||||
import { applyOwnerOnlyToolPolicy } from "../../agents/tool-policy.js";
|
||||
import { getChannelDock } from "../../channels/dock.js";
|
||||
import type { OpenClawConfig } from "../../config/config.js";
|
||||
import type { SessionEntry } from "../../config/sessions.js";
|
||||
@@ -200,10 +201,10 @@ export async function handleInlineActions(params: {
|
||||
agentDir,
|
||||
workspaceDir,
|
||||
config: cfg,
|
||||
senderIsOwner: command.senderIsOwner,
|
||||
});
|
||||
const authorizedTools = applyOwnerOnlyToolPolicy(tools, command.senderIsOwner);
|
||||
|
||||
const tool = tools.find((candidate) => candidate.name === dispatch.toolName);
|
||||
const tool = authorizedTools.find((candidate) => candidate.name === dispatch.toolName);
|
||||
if (!tool) {
|
||||
typing.cleanup();
|
||||
return { kind: "reply", reply: { text: `❌ Tool not available: ${dispatch.toolName}` } };
|
||||
|
||||
Reference in New Issue
Block a user