openclaw

Author	SHA1	Message	Date
Peter Steinberger	02124094bf	perf(test): fold acp event mapper tests into client suite	2026-02-16 02:45:00 +00:00
Peter Steinberger	153a7644ea	fix(acp): tighten safe kind inference	2026-02-14 13:18:49 +01:00
Peter Steinberger	bb1c3dfe10	fix(acp): prompt for non-read/search permissions	2026-02-14 12:53:27 +01:00
Peter Steinberger	ee31cd47b4	fix: close OC-02 gaps in ACP permission + gateway HTTP deny config (#15390 ) (thanks @aether-ai-agent)	2026-02-13 14:30:06 +01:00
aether-ai-agent	749e28dec7	fix(security): block dangerous tools from HTTP gateway and fix ACP auto-approval (OC-02) Two critical RCE vectors patched: Vector 1 - Gateway HTTP /tools/invoke: - Add DEFAULT_GATEWAY_HTTP_TOOL_DENY blocking sessions_spawn, sessions_send, gateway, whatsapp_login from HTTP invocation - Apply deny filter after existing policy cascade, before tool lookup - Add gateway.tools.{allow,deny} config override in GatewayConfig Vector 2 - ACP client auto-approval: - Replace blind allow_once selection with danger-aware permission handler - Dangerous tools (exec, sessions_spawn, etc.) require interactive confirmation - Safe tools retain auto-approve behavior (backward compatible) - Empty options array now denied (was hardcoded "allow") - 30s timeout auto-denies to prevent hung sessions CWE-78 \| CVSS:3.1 9.8 Critical	2026-02-13 14:30:06 +01:00