[Repo Assist] feat: implement ExecApprovalV2PolicyHandler (PR7 coordinator)#261
Draft
github-actions[bot] wants to merge 1 commit intomasterfrom
Draft
Conversation
Add the V2 exec approval policy coordinator that was deferred to "PR7/PR8" in existing code comments. This makes the V2 approval rail functional for the first time — previously the V2 path always returned an error because no 'Allowed' result code existed. Changes: - ExecApprovalV2Result: add Allowed code + Allowed() factory method - ExecApprovalV2PolicyHandler: new IExecApprovalV2Handler implementation that validates input, evaluates ExecApprovalPolicy, expands shell wrappers and re-evaluates each sub-command, then returns Allowed/SecurityDeny/AllowlistMiss - SystemCapability.HandleRunAsync: execute command when V2 returns Allowed; extract ParseRunRequest/RunCommandAsync/ExecuteRunRequestAsync helpers shared between legacy and V2 paths - ExecApprovalV2RoutingTests: 4 new Allowed-path routing tests; guard test tightened to .SetV2Handler( call-site pattern; renamed V2Result_AllCodesConstructible (6→7 codes) - ExecApprovalV2PolicyHandlerTests: 11 new tests covering allow/deny/ prompt rules, input validation, shell-wrapper expansion, integration The handler is not yet wired to production (the guard test enforces this); a follow-on PR will install it in NodeService/App.xaml.cs once the resolution step from PR#260 lands. Test status: Shared 1165 passed / 2 failed (pre-existing A2UI/Canvas failures unrelated to this change) / 20 skipped. Tray 407 passed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-actions
Bot
added
automation
enhancement
14 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 This is an automated pull request from Repo Assist.
Summary
This implements
ExecApprovalV2PolicyHandler— the V2 exec approval policy coordinator that existing code comments explicitly defer to "PR7/PR8". This makes the V2 approval rail functional for the first time: previously the V2 path inSystemCapability.HandleRunAsyncalways returned an error because noAllowedresult code existed and the only handler (ExecApprovalV2NullHandler) always returnedUnavailable.The handler is intentionally not yet wired to production. A guard test (
ProductionWiring_SetV2Handler_NotCalledInSrc) enforces this. The follow-on PR will install it inNodeService/App.xaml.csonce the resolution step from PR #260 lands.Root Cause
The V2 exec approval architecture was built incrementally:
ExecApprovalV2NullHandler(always inert)ExecApprovalPolicyand returns anAlloweddecisionWithout an
Allowedcode inExecApprovalV2Code,HandleRunAsynchad no way to proceed to execution on the V2 path — the enum was structurally missing its success case.Changes
ExecApprovalV2Result.csAllowedtoExecApprovalV2Codeenum (7 codes total, up from 6)ExecApprovalV2Result.Allowed()factory methodExecApprovalV2PolicyHandler.cs(new)Implements
IExecApprovalV2Handler:ExecApprovalV2InputValidatorExecApprovalPolicyfor the top-level commandExecShellWrapperParser.Expand()and re-evaluates each sub-command (preventscmd /c dangerous-cmdfrom bypassing allow rules)Allowed,SecurityDeny, orAllowlistMissSystemCapability.csHandleRunAsyncV2 branch: proceeds to execution when result isAllowedExecuteRunRequestAsync/ParseRunRequest/RunCommandAsyncas private helpers shared between the legacy path and the new V2 execution pathParsedRunRequestinner class for argv/env/timeout parsing resultsTests
ExecApprovalV2RoutingTests.cs: 4 new tests covering theAllowedexecution path end-to-end; guard test tightened to.SetV2Handler(call-site pattern; renamed test to reflect 7 codesExecApprovalV2PolicyHandlerTests.cs(new, 11 tests): covers Allow/Deny/Prompt rules, input validation failures, shell-wrapper inner-command evaluation, non-throw defensive test, integration testsTrade-offs
Prompt→ UI interaction (that is a separate concern for a later PR). APromptrule fromExecApprovalPolicycauses the handler to returnAllowlistMissfor now, preserving the existing fallback behavior.RunCommandAsyncis unchanged from the legacy path; the V2 path reuses it exactly, so execution semantics are identical.Test Status
OpenClaw.Shared.TestsOpenClaw.Tray.TestsThe 2 Shared.Tests failures (
CanvasCapabilityTests.A2UIPush_WithJsonlPath_ReadsFile,A2UICapabilitySecurityTests.A2UIPush_FileJsonl_OverCap_ReturnsError) are pre-existing and unrelated to this change — they test JSONL file reading in the Canvas/A2UI capability and fail due to test environment setup, not any code changed here.Closes: n/a (this is forward progress on the V2 exec approval architecture)
Previous baseline: Shared 1152/1172 (20 skipped), Tray 407/407