3.8 KiB
3.8 KiB
pageType, id, title, sourceType, sourcePath, ingestedAt, updatedAt, status
| pageType | id | title | sourceType | sourcePath | ingestedAt | updatedAt | status |
|---|---|---|---|---|---|---|---|
| source | source.exec-approval-setup | exec-approval-setup | local-file | /home/topher/.openclaw/workspace-crash-bot/projects/exec-approval-setup.md | 2026-05-02T21:17:02.421Z | 2026-05-02T21:17:02.421Z | active |
exec-approval-setup
Source
- Type:
local-file - Path:
/home/topher/.openclaw/workspace-crash-bot/projects/exec-approval-setup.md - Bytes: 3249
- Updated: 2026-05-02T21:17:02.421Z
Content
# Exec Approval Setup — Crash-bot
## Why
Crash-bot-public (server channel agent) currently has no exec capabilities. We need to enable exec with approval gating so Crash can build/configure the memory-wiki and professor agent system. The DM agent (crash-bot) will implement this.
## What to Implement
### 1. Host Approvals File: `~/.openclaw/exec-approvals.json`
```json
{
"version": 1,
"defaults": {
"security": "deny",
"ask": "on-miss",
"askFallback": "deny",
"autoAllowSkills": false
},
"agents": {
"crash-bot-public": {
"security": "allowlist",
"ask": "on-miss",
"askFallback": "deny",
"autoAllowSkills": true,
"allowlist": []
},
"crash-bot": {
"security": "allowlist",
"ask": "on-miss",
"askFallback": "allowlist",
"autoAllowSkills": true,
"allowlist": [
"ls",
"cat",
"head",
"tail",
"grep",
"jq",
"openclaw status",
"openclaw wiki"
]
}
}
}
```
**Key points:**
- `crash-bot-public` starts with empty allowlist — every command requires approval
- `crash-bot` (DM agent) has read-only commands pre-approved, everything else needs approval
- Both agents use `ask: "on-miss"` — anything not on the allowlist prompts -topher for approval
- `askFallback: "deny"` for public means if approval UI is unreachable, deny the command
- Add commands to the allowlist over time as comfort grows
### 2. Agent Config in openclaw.json
For crash-bot-public, enable exec with allowlist mode:
```json
{
"tools": {
"exec": {
"host": "gateway",
"security": "allowlist",
"ask": "on-miss"
}
}
}
```
For crash-bot (DM), same but with broader allowlist:
```json
{
"tools": {
"exec": {
"host": "gateway",
"security": "allowlist",
"ask": "on-miss"
}
}
}
```
### 3. Important Safety Notes
- **Backup openclaw.json before editing** — use naming convention: `openclaw.json.pre-exec-approval-<YYYYMMDD-HHMMSS>`
- **Use `jq` with `|=` update operator** — never filter pipes that collapse the full structure
- **Write to temp file first, validate with `jq empty`, then swap**
- **Restart gateway after changes**: `openclaw gateway restart`
- **Test with a safe command first**: Ask crash-bot-public to run `ls ~/.openclaw/` and verify the approval prompt appears
### 4. Approval Flow
When crash-bot-public needs to run a command:
1. Crash posts the command in the conversation with an approval request
2. -topher types `/approve` to allow it
3. Command executes
When crash-bot (DM) needs elevated access:
1. Same flow, but the approval shows in the DM channel
2. Only -topher sees it (Matt and Kyle don't see DM approvals)
### 5. What This Enables
Once exec is set up, crash-bot can:
- Enable and configure the memory-wiki plugin
- Initialize the wiki vault
- Run `openclaw wiki doctor` and `openclaw wiki status`
- Set up the professor agent
- Manage vault files and run bridge imports
All of these would still require -topher's approval until specific commands are added to the allowlist.
### Context
This is part of the Personal Knowledge Companion project. See `projects/life-view-dashboard.md` for full details.
Notes
Related
- No related pages yet.