fix(infra): preserve blocked dispatch policy target

# Conflicts: # CHANGELOG.md
2026-04-24 23:21:30 +00:00 · 2026-03-23 18:33:32 -07:00
parent 32e89b4687
commit 21d480ed92
3 changed files with 27 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ Docs: https://docs.openclaw.ai
 - Docs/Feishu: replace `botName` with `name` in the channel config examples so the docs match the strict account schema for per-account display names. (#52753) Thanks @haroldfabla2-hue.
 - Doctor/plugins: make `openclaw doctor --fix` remove stale `plugins.allow` and `plugins.entries` refs left behind after plugin removal. Thanks @sallyom
 - Agents/replay: canonicalize malformed assistant transcript content before session-history sanitization so legacy or corrupted assistant turns stop crashing Pi replay and subagent recovery paths.
+- Infra/exec trust: preserve shell-multiplexer wrapper binaries for policy checks without breaking approved-command reconstruction, so BusyBox/ToyBox allowlist and audit flows bind to the real wrapper while execution plans stay coherent. (#53134) Thanks @vincentkoc.

 ## 2026.3.23

--- a/src/infra/exec-wrapper-trust-plan.test.ts
+++ b/src/infra/exec-wrapper-trust-plan.test.ts
@@ -43,4 +43,29 @@ describe("resolveExecWrapperTrustPlan", () => {
      shellInlineCommand: null,
    });
  });
+
+  test("keeps the blocked dispatch argv as the policy target after transparent unwraps", () => {
+    if (process.platform === "win32") {
+      return;
+    }
+    expect(
+      resolveExecWrapperTrustPlan([
+        "/usr/bin/time",
+        "-p",
+        "/usr/bin/env",
+        "FOO=bar",
+        "sh",
+        "-lc",
+        "echo hi",
+      ]),
+    ).toEqual({
+      argv: ["/usr/bin/env", "FOO=bar", "sh", "-lc", "echo hi"],
+      policyArgv: ["/usr/bin/env", "FOO=bar", "sh", "-lc", "echo hi"],
+      wrapperChain: [],
+      policyBlocked: true,
+      blockedWrapper: "env",
+      shellWrapperExecutable: false,
+      shellInlineCommand: null,
+    });
+  });
 });
--- a/src/infra/exec-wrapper-trust-plan.ts
+++ b/src/infra/exec-wrapper-trust-plan.ts
@@ -70,7 +70,7 @@ export function resolveExecWrapperTrustPlan(
    if (dispatchPlan.policyBlocked) {
      return blockedExecWrapperTrustPlan({
        argv: dispatchPlan.argv,
-        policyArgv,
+        policyArgv: dispatchPlan.argv,
        wrapperChain,
        blockedWrapper: dispatchPlan.blockedWrapper ?? current[0] ?? "unknown",
      });