negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
feat/claw-approval-broker-mvp
openclaw/scripts/claw-broker/README.md
Fedor 2cbe4e2808
Some checks failed
Stale / stale (push) Has been cancelled
Details
Stale / lock-closed-issues (push) Has been cancelled
Details
feat: add claw approval MVP with privileged broker 
Implement Postgres-backed claw approval flow and integrate gateway methods for create/list/get/approve/reject/execute/audit. Add a minimal systemd-run privileged broker with bearer auth, strict scope and exact-command validation, dangerous-shell blocking, atomic once-grant consumption, and execution audit updates.
2026-03-13 12:41:23 +00:00

687 B
Raw Permalink Blame History

Claw Broker (MVP)

Minimal privileged broker for claw.approvals.execute.

API

  • POST /v1/execute
  • Bearer token via CLAW_BROKER_TOKEN

Request fields:

  • executionId
  • approvalRequestId
  • approvalGrantId
  • exactCommand
  • targetHost
  • targetUser
  • requestedBy
  • channel
  • chatId
  • humanUserId
  • sessionId

Response fields:

  • executionId
  • status
  • exitCode
  • stdoutSummary
  • stderrSummary
  • startedAt
  • finishedAt

Validation

Broker re-checks in Postgres before execution:

  • request/grant exist
  • status allows execution
  • once grant atomic consume
  • command exact match
  • scope match (targetHost, targetUser, channel, chatId, humanUserId, sessionId)
  • dangerous shell policy