diff --git a/src/agents/pi-tools.ts b/src/agents/pi-tools.ts index 5e72cdb5a1..7ba93ab381 100644 --- a/src/agents/pi-tools.ts +++ b/src/agents/pi-tools.ts @@ -52,6 +52,7 @@ import { import { applyOwnerOnlyToolPolicy, collectExplicitAllowlist, + mergeAlsoAllowPolicy, resolveToolProfilePolicy, } from "./tool-policy.js"; import { resolveWorkspaceRoot } from "./workspace-dir.js"; @@ -219,15 +220,8 @@ export function createOpenClawCodingTools(options?: { const profilePolicy = resolveToolProfilePolicy(profile); const providerProfilePolicy = resolveToolProfilePolicy(providerProfile); - const mergeAlsoAllow = (policy: typeof profilePolicy, alsoAllow?: string[]) => { - if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0) { - return policy; - } - return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) }; - }; - - const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow); - const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow( + const profilePolicyWithAlsoAllow = mergeAlsoAllowPolicy(profilePolicy, profileAlsoAllow); + const providerProfilePolicyWithAlsoAllow = mergeAlsoAllowPolicy( providerProfilePolicy, providerProfileAlsoAllow, ); diff --git a/src/agents/tool-policy.ts b/src/agents/tool-policy.ts index d4fa9a69b1..310980474d 100644 --- a/src/agents/tool-policy.ts +++ b/src/agents/tool-policy.ts @@ -291,3 +291,13 @@ export function resolveToolProfilePolicy(profile?: string): ToolProfilePolicy | deny: resolved.deny ? [...resolved.deny] : undefined, }; } + +export function mergeAlsoAllowPolicy( + policy: TPolicy | undefined, + alsoAllow?: string[], +): TPolicy | undefined { + if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0) { + return policy; + } + return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) }; +} diff --git a/src/gateway/tools-invoke-http.ts b/src/gateway/tools-invoke-http.ts index 222b883f27..91a03f3f32 100644 --- a/src/gateway/tools-invoke-http.ts +++ b/src/gateway/tools-invoke-http.ts @@ -10,7 +10,11 @@ import { applyToolPolicyPipeline, buildDefaultToolPolicyPipelineSteps, } from "../agents/tool-policy-pipeline.js"; -import { collectExplicitAllowlist, resolveToolProfilePolicy } from "../agents/tool-policy.js"; +import { + collectExplicitAllowlist, + mergeAlsoAllowPolicy, + resolveToolProfilePolicy, +} from "../agents/tool-policy.js"; import { ToolInputError } from "../agents/tools/common.js"; import { loadConfig } from "../config/config.js"; import { resolveMainSessionKey } from "../config/sessions.js"; @@ -215,15 +219,8 @@ export async function handleToolsInvokeHttpRequest( const profilePolicy = resolveToolProfilePolicy(profile); const providerProfilePolicy = resolveToolProfilePolicy(providerProfile); - const mergeAlsoAllow = (policy: typeof profilePolicy, alsoAllow?: string[]) => { - if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0) { - return policy; - } - return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) }; - }; - - const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow); - const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow( + const profilePolicyWithAlsoAllow = mergeAlsoAllowPolicy(profilePolicy, profileAlsoAllow); + const providerProfilePolicyWithAlsoAllow = mergeAlsoAllowPolicy( providerProfilePolicy, providerProfileAlsoAllow, );