--- pageType: source id: source.exec-approval-setup title: exec-approval-setup sourceType: local-file sourcePath: /home/topher/.openclaw/workspace-crash-bot/projects/exec-approval-setup.md ingestedAt: 2026-05-02T21:17:02.421Z updatedAt: 2026-05-02T21:17:02.421Z status: active --- # exec-approval-setup ## Source - Type: `local-file` - Path: `/home/topher/.openclaw/workspace-crash-bot/projects/exec-approval-setup.md` - Bytes: 3249 - Updated: 2026-05-02T21:17:02.421Z ## Content ````text # Exec Approval Setup — Crash-bot ## Why Crash-bot-public (server channel agent) currently has no exec capabilities. We need to enable exec with approval gating so Crash can build/configure the memory-wiki and professor agent system. The DM agent (crash-bot) will implement this. ## What to Implement ### 1. Host Approvals File: `~/.openclaw/exec-approvals.json` ```json { "version": 1, "defaults": { "security": "deny", "ask": "on-miss", "askFallback": "deny", "autoAllowSkills": false }, "agents": { "crash-bot-public": { "security": "allowlist", "ask": "on-miss", "askFallback": "deny", "autoAllowSkills": true, "allowlist": [] }, "crash-bot": { "security": "allowlist", "ask": "on-miss", "askFallback": "allowlist", "autoAllowSkills": true, "allowlist": [ "ls", "cat", "head", "tail", "grep", "jq", "openclaw status", "openclaw wiki" ] } } } ``` **Key points:** - `crash-bot-public` starts with empty allowlist — every command requires approval - `crash-bot` (DM agent) has read-only commands pre-approved, everything else needs approval - Both agents use `ask: "on-miss"` — anything not on the allowlist prompts -topher for approval - `askFallback: "deny"` for public means if approval UI is unreachable, deny the command - Add commands to the allowlist over time as comfort grows ### 2. Agent Config in openclaw.json For crash-bot-public, enable exec with allowlist mode: ```json { "tools": { "exec": { "host": "gateway", "security": "allowlist", "ask": "on-miss" } } } ``` For crash-bot (DM), same but with broader allowlist: ```json { "tools": { "exec": { "host": "gateway", "security": "allowlist", "ask": "on-miss" } } } ``` ### 3. Important Safety Notes - **Backup openclaw.json before editing** — use naming convention: `openclaw.json.pre-exec-approval-` - **Use `jq` with `|=` update operator** — never filter pipes that collapse the full structure - **Write to temp file first, validate with `jq empty`, then swap** - **Restart gateway after changes**: `openclaw gateway restart` - **Test with a safe command first**: Ask crash-bot-public to run `ls ~/.openclaw/` and verify the approval prompt appears ### 4. Approval Flow When crash-bot-public needs to run a command: 1. Crash posts the command in the conversation with an approval request 2. -topher types `/approve` to allow it 3. Command executes When crash-bot (DM) needs elevated access: 1. Same flow, but the approval shows in the DM channel 2. Only -topher sees it (Matt and Kyle don't see DM approvals) ### 5. What This Enables Once exec is set up, crash-bot can: - Enable and configure the memory-wiki plugin - Initialize the wiki vault - Run `openclaw wiki doctor` and `openclaw wiki status` - Set up the professor agent - Manage vault files and run bridge imports All of these would still require -topher's approval until specific commands are added to the allowlist. ### Context This is part of the Personal Knowledge Companion project. See `projects/life-view-dashboard.md` for full details. ```` ## Notes ## Related - No related pages yet.