Hawk Collective 2890

exec-approval-setup

3 min read

exec-approval-setup

Source

  • Type: local-file
  • Path: /home/topher/.openclaw/workspace-crash-bot/projects/exec-approval-setup.md
  • Bytes: 3249
  • Updated: 2026-05-02T21:17:02.421Z

Content

# Exec Approval Setup — Crash-bot
 
## Why
Crash-bot-public (server channel agent) currently has no exec capabilities. We need to enable exec with approval gating so Crash can build/configure the memory-wiki and professor agent system. The DM agent (crash-bot) will implement this.
 
## What to Implement
 
### 1. Host Approvals File: `~/.openclaw/exec-approvals.json`
 
```json
{
  "version": 1,
  "defaults": {
    "security": "deny",
    "ask": "on-miss",
    "askFallback": "deny",
    "autoAllowSkills": false
  },
  "agents": {
    "crash-bot-public": {
      "security": "allowlist",
      "ask": "on-miss",
      "askFallback": "deny",
      "autoAllowSkills": true,
      "allowlist": []
    },
    "crash-bot": {
      "security": "allowlist",
      "ask": "on-miss",
      "askFallback": "allowlist",
      "autoAllowSkills": true,
      "allowlist": [
        "ls",
        "cat",
        "head",
        "tail",
        "grep",
        "jq",
        "openclaw status",
        "openclaw wiki"
      ]
    }
  }
}
```
 
**Key points:**
- `crash-bot-public` starts with empty allowlist — every command requires approval
- `crash-bot` (DM agent) has read-only commands pre-approved, everything else needs approval
- Both agents use `ask: "on-miss"` — anything not on the allowlist prompts -topher for approval
- `askFallback: "deny"` for public means if approval UI is unreachable, deny the command
- Add commands to the allowlist over time as comfort grows
 
### 2. Agent Config in openclaw.json
 
For crash-bot-public, enable exec with allowlist mode:
 
```json
{
  "tools": {
    "exec": {
      "host": "gateway",
      "security": "allowlist",
      "ask": "on-miss"
    }
  }
}
```
 
For crash-bot (DM), same but with broader allowlist:
 
```json
{
  "tools": {
    "exec": {
      "host": "gateway",
      "security": "allowlist",
      "ask": "on-miss"
    }
  }
}
```
 
### 3. Important Safety Notes
 
- **Backup openclaw.json before editing** — use naming convention: `openclaw.json.pre-exec-approval-<YYYYMMDD-HHMMSS>`
- **Use `jq` with `|=` update operator** — never filter pipes that collapse the full structure
- **Write to temp file first, validate with `jq empty`, then swap**
- **Restart gateway after changes**: `openclaw gateway restart`
- **Test with a safe command first**: Ask crash-bot-public to run `ls ~/.openclaw/` and verify the approval prompt appears
 
### 4. Approval Flow
 
When crash-bot-public needs to run a command:
1. Crash posts the command in the conversation with an approval request
2. -topher types `/approve` to allow it
3. Command executes
 
When crash-bot (DM) needs elevated access:
1. Same flow, but the approval shows in the DM channel
2. Only -topher sees it (Matt and Kyle don't see DM approvals)
 
### 5. What This Enables
 
Once exec is set up, crash-bot can:
- Enable and configure the memory-wiki plugin
- Initialize the wiki vault
- Run `openclaw wiki doctor` and `openclaw wiki status`
- Set up the professor agent
- Manage vault files and run bridge imports
 
All of these would still require -topher's approval until specific commands are added to the allowlist.
 
### Context
 
This is part of the Personal Knowledge Companion project. See `projects/life-view-dashboard.md` for full details.

Notes

  • No related pages yet.

Graph View

Backlinks