harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/src
History
Edvard Schøyen 861137b2b3
fix(security): deny unapproved tool calls on non-CLI channels (#998) 
When autonomy is set to "supervised", the approval gate only prompted
interactively on CLI. On Telegram and other channels, all tool calls
were silently auto-approved with ApprovalResponse::Yes, including
high-risk tools like shell — completely bypassing supervised mode.

On non-CLI channels where interactive prompting is not possible, deny
tool calls that require approval instead of auto-approving. Users can
expand the auto_approve list in config to explicitly allow specific
tools on non-interactive channels.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 05:22:56 -05:00
..
agent fix(security): deny unapproved tool calls on non-CLI channels (#998) 2026-02-20 05:22:56 -05:00
approval refactor(sync): migrate remaining std mutex usage to parking_lot 2026-02-18 00:45:26 +08:00
auth chore: Remove blocking read strings 2026-02-19 14:52:29 +08:00
channels fix(channel): use per-recipient typing handles in Discord (#1005) 2026-02-20 05:02:39 -05:00
config fix(config): change web_search.enabled default to false for explicit opt-in (#986) 2026-02-20 04:58:19 -05:00
cost refactor(sync): migrate remaining std mutex usage to parking_lot 2026-02-18 00:45:26 +08:00
cron feat(cron): add cron update CLI subcommand for in-place job updates 2026-02-19 15:11:37 +08:00
daemon fix(channels): interrupt in-flight telegram requests on newer sender messages 2026-02-20 01:54:07 +08:00
doctor feat(memory): add embedding hint routes and upgrade guidance 2026-02-19 20:49:53 +08:00
gateway test(gateway): add edge-case idempotency store tests 2026-02-19 13:28:24 -08:00
hardware fix: gate nusb/hardware discovery to Linux/macOS/Windows only 2026-02-20 00:02:01 +08:00
health refactor(sync): migrate remaining std mutex usage to parking_lot 2026-02-18 00:45:26 +08:00
heartbeat test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
integrations fix(channels): interrupt in-flight telegram requests on newer sender messages 2026-02-20 01:54:07 +08:00
memory fix(memory): avoid tokio runtime panic when initializing postgres backend 2026-02-20 16:21:25 +08:00
observability docs(code): expand doc comments on security, observability, runtime, and peripheral traits 2026-02-19 13:19:46 -08:00
onboard fix(skills): make open-skills sync opt-in and configurable 2026-02-20 16:45:50 +08:00
peripherals Merge pull request #1017 from zeroclaw-labs/test/peripherals-unit-tests 2026-02-19 16:17:07 -08:00
providers fix(provider): surface API key rotation as ineffective warning (#1000) 2026-02-20 05:00:26 -05:00
rag chore(lint): extend low-risk clippy cleanup batch 2026-02-17 16:40:58 +08:00
runtime docs(code): expand doc comments on security, observability, runtime, and peripheral traits 2026-02-19 13:19:46 -08:00
security Merge pull request #1013 from zeroclaw-labs/fix/docs-inline-code-comments 2026-02-19 16:01:19 -08:00
service fix(channel): hot-apply runtime config updates for running channel service 2026-02-20 11:05:41 +08:00
skillforge chore: Remove blocking read strings 2026-02-19 14:52:29 +08:00
skills fix(skills): make open-skills sync opt-in and configurable 2026-02-20 16:45:50 +08:00
tools fix(composio): request latest v3 tool versions by default (#1039) 2026-02-19 23:29:09 -05:00
tunnel feat(proxy): add scoped proxy configuration and docs runbooks 2026-02-18 22:10:42 +08:00
identity.rs test: cover deterministic HashMap ordering paths 2026-02-18 21:55:40 +08:00
lib.rs refactor(lib): restrict internal module visibility to pub(crate) (#985) 2026-02-20 05:06:41 -05:00
main.rs fix(skills): make open-skills sync opt-in and configurable 2026-02-20 16:45:50 +08:00
migration.rs readd tests, remove markdown files 2026-02-18 14:42:39 +08:00
multimodal.rs feat: add multimodal image marker support with Ollama vision 2026-02-19 21:25:21 +08:00
util.rs chore: Remove more blocking io calls 2026-02-19 18:04:55 +08:00