






















@@ -148,6 +148,15 @@ type LayeredExecPolicy = {
148148ask: ExecAsk;
149149};
150150151+type EffectiveSystemRunExecPolicy = {
152+agentExec: ExecToolConfig | undefined;
153+globalExec: ExecToolConfig | undefined;
154+approvals: ReturnType<typeof resolveExecApprovals>;
155+security: ExecSecurity;
156+ask: ExecAsk;
157+autoReview: boolean;
158+};
159+151160function hasLegacyExecPolicyOverride(exec?: ExecToolConfig): boolean {
152161return exec?.security !== undefined || exec?.ask !== undefined;
153162}
@@ -210,6 +219,45 @@ function resolveAgentExecConfig(
210219return entry?.tools?.exec;
211220}
212221222+export function resolveEffectiveSystemRunExecPolicy(params: {
223+cfg: OpenClawConfig;
224+agentId: string | undefined;
225+defaultSecurity: ExecSecurity;
226+defaultAsk: ExecAsk;
227+requireSocket: boolean;
228+}): EffectiveSystemRunExecPolicy {
229+const agentExec = resolveAgentExecConfig(params.cfg, params.agentId);
230+const globalExec = params.cfg.tools?.exec;
231+const layeredPolicy = applyExecPolicyLayer(
232+applyExecPolicyLayer(
233+{
234+security: params.defaultSecurity,
235+ask: params.defaultAsk,
236+},
237+globalExec,
238+),
239+agentExec,
240+);
241+const modePolicy = resolveExecModePolicy({
242+mode: layeredPolicy.mode,
243+security: layeredPolicy.security,
244+ask: layeredPolicy.ask,
245+});
246+const approvals = resolveExecApprovals(params.agentId, {
247+security: modePolicy.security,
248+ask: modePolicy.ask,
249+requireSocket: params.requireSocket,
250+});
251+return {
252+ agentExec,
253+ globalExec,
254+ approvals,
255+security: minSecurity(modePolicy.security, approvals.agent.security),
256+ask: maxAsk(modePolicy.ask, approvals.agent.ask),
257+autoReview: modePolicy.autoReview,
258+};
259+}
260+213261async function resolveSystemRunAutoReviewer(params: {
214262opts: HandleSystemRunInvokeOptions;
215263cfg: OpenClawConfig;
@@ -443,32 +491,14 @@ async function evaluateSystemRunPolicyPhase(
443491parsed: SystemRunParsePhase,
444492): Promise<SystemRunPolicyPhase | null> {
445493const cfg = await loadSystemRunConfig(opts);
446-const agentExec = resolveAgentExecConfig(cfg, parsed.agentId);
447-const globalExec = cfg.tools?.exec;
448-const layeredPolicy = applyExecPolicyLayer(
449-applyExecPolicyLayer(
450-{
451-security: opts.resolveExecSecurity(undefined),
452-ask: opts.resolveExecAsk(undefined),
453-},
454-globalExec,
455-),
456-agentExec,
457-);
458-const modePolicy = resolveExecModePolicy({
459-mode: layeredPolicy.mode,
460-security: layeredPolicy.security,
461-ask: layeredPolicy.ask,
462-});
463-const configuredSecurity = modePolicy.security;
464-const configuredAsk = modePolicy.ask;
465-const approvals = resolveExecApprovals(parsed.agentId, {
466-security: configuredSecurity,
467-ask: configuredAsk,
494+const effectivePolicy = resolveEffectiveSystemRunExecPolicy({
495+ cfg,
496+agentId: parsed.agentId,
497+defaultSecurity: opts.resolveExecSecurity(undefined),
498+defaultAsk: opts.resolveExecAsk(undefined),
468499requireSocket: opts.preferMacAppExecHost,
469500});
470-const security = minSecurity(configuredSecurity, approvals.agent.security);
471-const ask = maxAsk(configuredAsk, approvals.agent.ask);
501+const { agentExec, globalExec, approvals, security, ask } = effectivePolicy;
472502const autoAllowSkills = approvals.agent.autoAllowSkills;
473503const { safeBins, safeBinProfiles, trustedSafeBinDirs } = resolveExecSafeBinRuntimePolicy({
474504global: cfg.tools?.exec,
@@ -580,7 +610,7 @@ async function evaluateSystemRunPolicyPhase(
580610 ? autoReviewSegment?.argv
581611 : undefined;
582612const canAutoReviewApprovalMiss =
583-modePolicy.autoReview &&
613+effectivePolicy.autoReview &&
584614ask !== "always" &&
585615analysisOk &&
586616autoReviewArgv !== undefined &&
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。