github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-03 03:03:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): centralize owner-only tool gating and scope maps

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 15:27:45 +01:00
parent 9130fd2b06
commit 3d7ad1cfca
16 changed files with 372 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/auto-reply/reply/get-reply-inline-actions.ts
View File

@@ -1,6 +1,7 @@
import { collectTextContentBlocks } from "../../agents/content-blocks.js";
import { createOpenClawTools } from "../../agents/openclaw-tools.js";
import type { SkillCommandSpec } from "../../agents/skills.js";
import { applyOwnerOnlyToolPolicy } from "../../agents/tool-policy.js";
import { getChannelDock } from "../../channels/dock.js";
import type { OpenClawConfig } from "../../config/config.js";
import type { SessionEntry } from "../../config/sessions.js";
@@ -200,10 +201,10 @@ export async function handleInlineActions(params: {
agentDir,
workspaceDir,
config: cfg,
senderIsOwner: command.senderIsOwner,
});
const authorizedTools = applyOwnerOnlyToolPolicy(tools, command.senderIsOwner);
const tool = tools.find((candidate) => candidate.name === dispatch.toolName);
const tool = authorizedTools.find((candidate) => candidate.name === dispatch.toolName);
if (!tool) {
typing.cleanup();
return { kind: "reply", reply: { text: `❌ Tool not available: ${dispatch.toolName}` } };