feat: default exec shell snapshots · openclaw/openclaw@6b1b2ff
steipete
·
2026-05-31
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -106,11 +106,10 @@ Env var equivalents:
|
106 | 106 | |
107 | 107 | ## Exec shell snapshots |
108 | 108 | |
109 | | -`OPENCLAW_EXEC_SHELL_SNAPSHOT=1` is an opt-in gateway exec optimization for bash and zsh. Set it in the Gateway |
110 | | -process environment; per-call `exec.env` values cannot enable it or redirect its cache directory. When enabled, |
111 | | -OpenClaw captures sourceable aliases/functions and a small safe environment set from shell startup files into |
112 | | -`$OPENCLAW_STATE_DIR/cache/shell-snapshots/`, then sources that snapshot before each `exec` command. Secret-looking |
113 | | -variables are excluded from the snapshot. Sandbox and node exec do not use it. |
| 109 | +On non-Windows Gateway hosts, bash and zsh `exec` commands use a startup snapshot by default. |
| 110 | +Set `OPENCLAW_EXEC_SHELL_SNAPSHOT=0` in the Gateway process environment to disable this path. |
| 111 | +Values `false`, `no`, and `off` also disable it. Per-call `exec.env` values cannot toggle |
| 112 | +snapshots or redirect the snapshot cache. |
114 | 113 | |
115 | 114 | ## Runtime-injected env vars |
116 | 115 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -80,11 +80,11 @@ Notes:
|
80 | 80 | from `PATH` to avoid fish-incompatible scripts, then falls back to `SHELL` if neither exists. |
81 | 81 | - On Windows hosts, exec prefers PowerShell 7 (`pwsh`) discovery (Program Files, ProgramW6432, then PATH), |
82 | 82 | then falls back to Windows PowerShell 5.1. |
83 | | -- On non-Windows gateway hosts, setting `OPENCLAW_EXEC_SHELL_SNAPSHOT=1` in the Gateway process environment |
84 | | -enables an opt-in startup snapshot for bash and zsh. OpenClaw captures sourceable aliases/functions and a small |
85 | | -safe environment set from shell startup files into `$OPENCLAW_STATE_DIR/cache/shell-snapshots/`, then sources |
86 | | -that snapshot before each exec command. Secret-looking variables are excluded; sandbox and node exec do not use |
87 | | - this snapshot. |
| 83 | +- On non-Windows gateway hosts, bash and zsh exec commands use a startup snapshot. OpenClaw captures sourceable |
| 84 | +aliases/functions and a small safe environment set from shell startup files into |
| 85 | +`$OPENCLAW_STATE_DIR/cache/shell-snapshots/`, then sources that snapshot before each exec command. |
| 86 | + Secret-looking variables are excluded; sandbox and node exec do not use this snapshot. Set |
| 87 | +`OPENCLAW_EXEC_SHELL_SNAPSHOT=0` in the Gateway process environment to disable this snapshot path. |
88 | 88 | - Host execution (`gateway`/`node`) rejects `env.PATH` and loader overrides (`LD_*`/`DYLD_*`) to |
89 | 89 | prevent binary hijacking or injected code. |
90 | 90 | - OpenClaw sets `OPENCLAW_SHELL=exec` in the spawned command environment (including PTY and sandbox execution) so shell/profile rules can detect exec-tool context. |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -829,7 +829,6 @@ export async function runExecProcess(opts: {
|
829 | 829 | shellArgs, |
830 | 830 | cwd: opts.workdir, |
831 | 831 | env: shellRuntimeEnv, |
832 | | -enabled: true, |
833 | 832 | }); |
834 | 833 | |
835 | 834 | const childArgv = [shell, ...shellArgs, commandWithShellSnapshot]; |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。