fix(exec): clarify auto routing semantics (#58897) (thanks @vincentkoc)

2026-04-27 08:28:14 +00:00 · 2026-04-02 18:24:27 +01:00
parent 938541999e
commit 45c8207ef2
8 changed files with 98 additions and 0 deletions
--- a/docs/tools/exec-approvals.md
+++ b/docs/tools/exec-approvals.md
@@ -104,6 +104,12 @@ This is now the default host behavior unless you tighten it explicitly:
 - `tools.exec.ask`: `off`
 - host `askFallback`: `full`

+Important distinction:
+
+- `tools.exec.host=auto` chooses where exec runs: sandbox when available, otherwise gateway.
+- YOLO chooses how host exec is approved: `security=full` plus `ask=off`.
+- `auto` does not let a tool call override a sandboxed session to `gateway` or `node`. If you want a different host, set `tools.exec.host` or use `/exec host=...` explicitly.
+
 If you want a more conservative setup, tighten either layer back to `allowlist` / `on-miss`
 or `deny`.