chore(sync): mirror docs from openclaw/openclaw@d583013b8f
This commit is contained in:
parent
4dc7f60144
commit
2a08c79b60
@ -1,5 +1,5 @@
|
||||
{
|
||||
"repository": "openclaw/openclaw",
|
||||
"sha": "ad2d13cc678c01115ed2820380b01aa72699f66f",
|
||||
"syncedAt": "2026-05-06T00:18:22.907Z"
|
||||
"sha": "d583013b8f961f5cb609c72264d3c680f08a1d2f",
|
||||
"syncedAt": "2026-05-06T00:25:00.633Z"
|
||||
}
|
||||
|
||||
@ -106,7 +106,7 @@ automatically.
|
||||
| ---------------- | ------------------------------------------------------ | ---------------------------------------------------------------------------------- |
|
||||
| Goal | Auto-allow narrow stdin filters | Explicitly trust specific executables |
|
||||
| Match type | Executable name + safe-bin argv policy | Resolved executable path glob, or bare command-name glob for PATH-invoked commands |
|
||||
| Argument scope | Restricted by safe-bin profile and literal-token rules | Path match only; arguments are otherwise your responsibility |
|
||||
| Argument scope | Restricted by safe-bin profile and literal-token rules | Path match by default; optional `argPattern` can restrict parsed argv |
|
||||
| Typical examples | `head`, `tail`, `tr`, `wc` | `jq`, `python3`, `node`, `ffmpeg`, custom CLIs |
|
||||
| Best use | Low-risk text transforms in pipelines | Any tool with broader behavior or side effects |
|
||||
|
||||
|
||||
@ -299,14 +299,52 @@ Examples:
|
||||
- `~/.local/bin/*`
|
||||
- `/opt/homebrew/bin/rg`
|
||||
|
||||
Each allowlist entry tracks:
|
||||
### Restricting arguments with argPattern
|
||||
|
||||
| Field | Meaning |
|
||||
| ------------------ | -------------------------------- |
|
||||
| `id` | Stable UUID used for UI identity |
|
||||
| `lastUsedAt` | Last-used timestamp |
|
||||
| `lastUsedCommand` | Last command that matched |
|
||||
| `lastResolvedPath` | Last resolved binary path |
|
||||
Add `argPattern` when an allowlist entry should match a binary and a
|
||||
specific argument shape. OpenClaw evaluates the regular expression
|
||||
against the parsed command arguments, excluding the executable token
|
||||
(`argv[0]`). For hand-authored entries, arguments are joined with a
|
||||
single space, so anchor the pattern when you need an exact match.
|
||||
|
||||
```json
|
||||
{
|
||||
"version": 1,
|
||||
"agents": {
|
||||
"main": {
|
||||
"allowlist": [
|
||||
{
|
||||
"pattern": "python3",
|
||||
"argPattern": "^safe\\.py$"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
That entry allows `python3 safe.py`; `python3 other.py` is an allowlist
|
||||
miss. If a path-only entry for the same binary is also present, unmatched
|
||||
arguments can still fall back to that path-only entry. Omit the path-only
|
||||
entry when the goal is to restrict the binary to the declared arguments.
|
||||
|
||||
Entries saved by approval flows can use an internal separator format for
|
||||
exact argv matching. Prefer the UI or approval flow to regenerate those
|
||||
entries instead of hand-editing the encoded value. If OpenClaw cannot
|
||||
parse argv for a command segment, entries with `argPattern` do not match.
|
||||
|
||||
Each allowlist entry supports:
|
||||
|
||||
| Field | Meaning |
|
||||
| ------------------ | ------------------------------------------------------------- |
|
||||
| `pattern` | Resolved binary path glob or bare command-name glob |
|
||||
| `argPattern` | Optional argv regex; omitted entries are path-only |
|
||||
| `id` | Stable UUID used for UI identity |
|
||||
| `source` | Entry source, such as `allow-always` |
|
||||
| `commandText` | Command text captured when an approval flow created the entry |
|
||||
| `lastUsedAt` | Last-used timestamp |
|
||||
| `lastUsedCommand` | Last command that matched |
|
||||
| `lastResolvedPath` | Last resolved binary path |
|
||||
|
||||
## Auto-allow skill CLIs
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user