TopherSlater/openclaw-wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
openclaw-wiki/sources/exec-approval-setup.md

148 lines
3.8 KiB
Markdown
Raw Permalink Normal View History

Initial commit — Fabric vault sources 2026-05-03T00:23:11Z
2026-05-03 00:23:11 +00:00
---
pageType: source
id: source.exec-approval-setup
title: exec-approval-setup
sourceType: local-file
sourcePath: /home/topher/.openclaw/workspace-crash-bot/projects/exec-approval-setup.md
ingestedAt: 2026-05-02T21:17:02.421Z
updatedAt: 2026-05-02T21:17:02.421Z
status: active
---
# exec-approval-setup
## Source
- Type: `local-file`
- Path: `/home/topher/.openclaw/workspace-crash-bot/projects/exec-approval-setup.md`
- Bytes: 3249
- Updated: 2026-05-02T21:17:02.421Z
## Content
````text
# Exec Approval Setup — Crash-bot
## Why
Crash-bot-public (server channel agent) currently has no exec capabilities. We need to enable exec with approval gating so Crash can build/configure the memory-wiki and professor agent system. The DM agent (crash-bot) will implement this.
## What to Implement
### 1. Host Approvals File: `~/.openclaw/exec-approvals.json`
```json
{
"version": 1,
"defaults": {
"security": "deny",
"ask": "on-miss",
"askFallback": "deny",
"autoAllowSkills": false
},
"agents": {
"crash-bot-public": {
"security": "allowlist",
"ask": "on-miss",
"askFallback": "deny",
"autoAllowSkills": true,
"allowlist": []
},
"crash-bot": {
"security": "allowlist",
"ask": "on-miss",
"askFallback": "allowlist",
"autoAllowSkills": true,
"allowlist": [
"ls",
"cat",
"head",
"tail",
"grep",
"jq",
"openclaw status",
"openclaw wiki"
]
}
}
}
```
**Key points:**
- `crash-bot-public` starts with empty allowlist — every command requires approval
- `crash-bot` (DM agent) has read-only commands pre-approved, everything else needs approval
- Both agents use `ask: "on-miss"` — anything not on the allowlist prompts -topher for approval
- `askFallback: "deny"` for public means if approval UI is unreachable, deny the command
- Add commands to the allowlist over time as comfort grows
### 2. Agent Config in openclaw.json
For crash-bot-public, enable exec with allowlist mode:
```json
{
"tools": {
"exec": {
"host": "gateway",
"security": "allowlist",
"ask": "on-miss"
}
}
}
```
For crash-bot (DM), same but with broader allowlist:
```json
{
"tools": {
"exec": {
"host": "gateway",
"security": "allowlist",
"ask": "on-miss"
}
}
}
```
### 3. Important Safety Notes
- **Backup openclaw.json before editing** — use naming convention: `openclaw.json.pre-exec-approval-<YYYYMMDD-HHMMSS>`
- **Use `jq` with `|=` update operator** — never filter pipes that collapse the full structure
- **Write to temp file first, validate with `jq empty`, then swap**
- **Restart gateway after changes**: `openclaw gateway restart`
- **Test with a safe command first**: Ask crash-bot-public to run `ls ~/.openclaw/` and verify the approval prompt appears
### 4. Approval Flow
When crash-bot-public needs to run a command:
1. Crash posts the command in the conversation with an approval request
2. -topher types `/approve` to allow it
3. Command executes
When crash-bot (DM) needs elevated access:
1. Same flow, but the approval shows in the DM channel
2. Only -topher sees it (Matt and Kyle don't see DM approvals)
### 5. What This Enables
Once exec is set up, crash-bot can:
- Enable and configure the memory-wiki plugin
- Initialize the wiki vault
- Run `openclaw wiki doctor` and `openclaw wiki status`
- Set up the professor agent
- Manage vault files and run bridge imports
All of these would still require -topher's approval until specific commands are added to the allowlist.
### Context
This is part of the Personal Knowledge Companion project. See `projects/life-view-dashboard.md` for full details.
````
## Notes
<!-- openclaw:human:start -->
<!-- openclaw:human:end -->
## Related
<!-- openclaw:wiki:related:start -->
- No related pages yet.
<!-- openclaw:wiki:related:end -->
Reference in New Issue Copy Permalink