hovclaw 0.1.3 → 0.1.5

package/README.md

@@ -33,15 +33,17 @@ HOVClaw is built on a simple principle: **run your own AI agent infrastructure,
 - **Policy layer** - `dmPolicy`, `groupPolicy`, per-group/per-topic overrides, pairing flow
 - **Native Telegram commands** - Auto-registered slash command menu (including skill aliases)
 - **Thinking controls** - `/think <level> <task>` plus persisted default via `commands.defaultThinkingLevel`
+- **Exec chat approvals** - `/bash <cmd>` requests approval and `/approve <id> allow-once|allow-always|deny` resolves
 
 ### Gateway & Control Plane
 
-- **WebSocket protocol v3** - Request/response/event frames with 21 methods
+- **WebSocket protocol v3** - Request/response/event frames with 25 methods
 - **Built-in web UI** - Connection, health, channels, sessions, and chat in one page
 - **Fail-closed auth defaults** - Gateway auth is required unless explicitly opting into insecure mode
 - **Origin-aware WS policy** - Browser `Origin` headers must be same-origin or allowlisted
 - **LaunchAgent integration** - `hovclaw gateway install/start/stop` for macOS background service
 - **Programmatic access** - `hovclaw gateway call <method>` for scripting
+- **Approval APIs** - `exec.approval.request|resolve` and `exec.approvals.get|set`
 
 ### Agent Runtime
 
@@ -49,7 +51,9 @@ HOVClaw is built on a simple principle: **run your own AI agent infrastructure,
 - **Multi-provider models** - Anthropic, Google, OpenAI, OpenRouter via `@mariozechner/pi-ai`
 - **Model routing** - Per-target model slots (interactive, discord, cron) with fallback policy
 - **Workspace-first tools** - Relative file tool paths resolve from agent workspace
-- **Least-privilege tools** - Bash tool disabled by default (`runtime.tools.bashEnabled=false`)
+- **Exec approvals model** - deny/allowlist/full + `off|on-miss|always` ask modes with persistent allowlists
+- **Least-privilege defaults** - exec disabled by default (`runtime.tools.exec.enabled=false`)
+- **Read-only diagnostics** - built-in `diagnose_device` tool (`profile=core`)
 - **Session persistence** - SQLite-backed sessions, messages, agent state, and usage tracking
 
 ### Scheduling & Automation
@@ -106,7 +110,7 @@ and agent configuration. All settings are saved to `~/.hovclaw/config.json`.
 Security defaults in this release are intentionally strict:
 - gateway start fails if `gateway.enabled=true` and neither `gateway.auth.token` nor `gateway.auth.password` is set (unless `gateway.auth.allowUnauthenticated=true`)
 - Telegram webhook mode requires a non-empty webhook secret
-- bash runtime tool is opt-in only via `runtime.tools.bashEnabled=true`
+- exec runtime tool is opt-in via `runtime.tools.exec.enabled=true` (legacy `runtime.tools.bashEnabled=true` still maps to exec enabled)
 
 Agent and skill definitions are loaded from:
 - `~/.hovclaw/agents/<name>/agent.json` (`CLAUDE.md`, `cron.json`)
@@ -187,7 +191,7 @@ Environment overrides are supported for most fields. See [docs/config-reference.
 │                                                               │
 │  ┌────────────────────────────────────────────────────────┐   │
 │  │                    Gateway (ws + http)                  │   │
-│  │  WebSocket v3 protocol  •  Web UI  •  21 methods       │   │
+│  │  WebSocket v3 protocol  •  Web UI  •  25 methods       │   │
 │  └────────────────────────────────────────────────────────┘   │
 │                                                               │
 │  ┌────────────────────────────────────────────────────────┐   │
@@ -205,7 +209,7 @@ Environment overrides are supported for most fields. See [docs/config-reference.
 | **Agent Manager** | Per-session agent lifecycle, state persistence, model resolution |
 | **Router** | Binding-based inbound routing with peer/guild/account/channel cascade |
 | **Scheduler** | Cron job loading, execution, and channel notifications |
-| **Gateway** | WebSocket v3 server with 21 methods, 5 event types, built-in web UI |
+| **Gateway** | WebSocket v3 server with 25 methods, 7 event types, built-in web UI |
 | **Skill Loader** | SKILL.md frontmatter parsing and dependency checking |
 | **Channels** | Telegram (multi-account, policy, pairing) and Discord adapters |
 
@@ -264,8 +268,10 @@ hovclaw daemon install|uninstall|start|stop|restart|status|logs
 | `chat.history` / `chat.send` / `chat.abort` | Chat session interaction |
 | `cron.list` / `cron.status` | Scheduled job listing and status |
 | `logs.tail` | Recent audit events |
+| `exec.approval.request` / `exec.approval.resolve` | Create and resolve pending exec approvals |
+| `exec.approvals.get` / `exec.approvals.set` | Read/write persisted exec defaults and per-agent allowlists |
 
-Events: `tick`, `health`, `agent`, `chat`, `shutdown`
+Events: `tick`, `health`, `agent`, `chat`, `shutdown`, `exec.approval.requested`, `exec.approval.resolved`
 
 ## Development
 

package/dist/{doctor-DJHTvhli.js → doctor-0iphhiTj.js}

@@ -1,4 +1,4 @@
-import { A as ensureConfigFromLegacyEnv, F as hasConfigFile, H as saveCredentials, I as hasCredentialsFile, L as loadConfig, M as getCredentialsPath, P as getHovclawHome, R as loadCredentials, V as saveConfigFile, j as getConfigPath, k as detectLegacyEnvConfig, z as loadFileConfig } from "./hovclaw.js";
+import { B as loadCredentials, I as getHovclawHome, L as hasConfigFile, M as ensureConfigFromLegacyEnv, N as getConfigPath, P as getCredentialsPath, R as hasCredentialsFile, U as saveConfigFile, V as loadFileConfig, W as saveCredentials, j as detectLegacyEnvConfig, z as loadConfig } from "./hovclaw.js";
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";

package/dist/gateway/ui/index.html

@@ -36,7 +36,7 @@
             <input
               id="gateway-url"
               type="text"
-              placeholder="ws://127.0.0.1:18789"
+              placeholder="ws://127.0.0.1:18889"
               spellcheck="false"
             />
           </label>