
















@@ -1,3 +1,5 @@
1+// Gateway node command policy.
2+// Computes per-platform allowlists from built-in, plugin, runtime, and config inputs.
13import { normalizeOptionalLowercaseString } from "@openclaw/normalization-core/string-coerce";
24import { normalizeUniqueStringEntries } from "@openclaw/normalization-core/string-normalization";
35import type { OpenClawConfig } from "../config/types.openclaw.js";
@@ -292,6 +294,8 @@ function filterApprovedRuntimeCommands(params: {
292294if (!isDesktopPlatformId(params.platformId)) {
293295return [];
294296}
297+// Desktop host commands are not default-enabled for normal node sessions.
298+// A live node can still expose approved commands from its runtime handshake.
295299return params.commands.filter((command) => DESKTOP_HOST_COMMANDS.has(command.trim()));
296300}
297301@@ -338,6 +342,8 @@ function resolveNodeCommandAllowlistInternal(
338342const extra = cfg.gateway?.nodes?.allowCommands ?? [];
339343const deny = new Set(cfg.gateway?.nodes?.denyCommands ?? []);
340344const dangerousPluginCommands = new Set(listDangerousPluginNodeCommands());
345+// Dangerous plugin commands are excluded from plugin defaults. Explicit
346+// gateway.nodes.allowCommands below can still opt them in for operators.
341347const allow = new Set(
342348[...base, ...talkCommands, ...pluginDefaults, ...approved, ...extra]
343349.map((cmd) => cmd.trim())
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。