LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-28 08:52:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): restore strict inline-eval allow-always reuse

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-31 23:44:48 +09:00
parent 5aac609e08
commit 5e30da3cad
7 changed files with 128 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/tools/exec-approvals.md
View File

@@ -213,7 +213,7 @@ For allow-always decisions in allowlist mode, known dispatch wrappers
paths. Shell multiplexers (`busybox`, `toybox`) are also unwrapped for shell applets (`sh`, `ash`,
etc.) so inner executables are persisted instead of multiplexer binaries. If a wrapper or
multiplexer cannot be safely unwrapped, no allowlist entry is persisted automatically.
If you allowlist interpreters like `python3` or `node`, prefer `tools.exec.strictInlineEval=true` so inline eval still requires an explicit approval.
If you allowlist interpreters like `python3` or `node`, prefer `tools.exec.strictInlineEval=true` so inline eval still requires an explicit approval. In strict mode, `allow-always` can still persist benign interpreter/script invocations, but inline-eval carriers are not persisted automatically.
Default safe bins: