feat: add tool restrictions to DevClaw agents in plugin config
This commit is contained in:
Lauren ten Hoor
12
lib/setup.ts
12
lib/setup.ts
@@ -277,6 +277,7 @@ async function resolveWorkspacePath(agentId: string): Promise<string> {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Write DevClaw model tier config and devClawAgentIds to openclaw.json plugins section.
|
* Write DevClaw model tier config and devClawAgentIds to openclaw.json plugins section.
|
||||||
|
* Also adds tool restrictions (deny sessions_spawn) to DevClaw agents.
|
||||||
* Read-modify-write to preserve existing config.
|
* Read-modify-write to preserve existing config.
|
||||||
*/
|
*/
|
||||||
async function writePluginConfig(
|
async function writePluginConfig(
|
||||||
@@ -307,6 +308,17 @@ async function writePluginConfig(
|
|||||||
if (!existing.includes(agentId)) {
|
if (!existing.includes(agentId)) {
|
||||||
config.plugins.entries.devclaw.config.devClawAgentIds = [...existing, agentId];
|
config.plugins.entries.devclaw.config.devClawAgentIds = [...existing, agentId];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Add tool restrictions (deny sessions_spawn) to the agent
|
||||||
|
const agent = config.agents?.list?.find((a: { id: string }) => a.id === agentId);
|
||||||
|
if (agent) {
|
||||||
|
if (!agent.tools) {
|
||||||
|
agent.tools = {};
|
||||||
|
}
|
||||||
|
agent.tools.deny = ["sessions_spawn"];
|
||||||
|
// Clear any conflicting allow list
|
||||||
|
delete agent.tools.allow;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Atomic write
|
// Atomic write
|
||||||
|
|||||||
Reference in New Issue
Block a user