From bbc34215a2405bd392d883e4b7bef012d0af4c8b Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Mon, 12 Jan 2026 21:56:06 +0000 Subject: [PATCH] fix: land sandbox binds (#790) (thanks @akonyer) --- CHANGELOG.md | 1 + src/config/zod-schema.ts | 40 ++++++++++++++++++++-------------------- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6be30c218..656ab4918 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ - Discord: add `discord.allowBots` to permit bot-authored messages (still ignores its own messages) with docs warning about bot loops. (#802) — thanks @zknicker. - CLI/Onboarding: `clawdbot dashboard` prints/copies the tokenized Control UI link and opens it; onboarding now auto-opens the dashboard with your token and keeps the link in the summary. - Commands: native slash commands now default to `"auto"` (on for Discord/Telegram, off for Slack) with per-provider overrides (`discord/telegram/slack.commands.native`) and docs updated. +- Sandbox: allow Docker bind mounts via `docker.binds`; merges global + per-agent binds (per-agent ignored under shared scope) for custom host paths. (#790 — thanks @akonyer) ### Fixes - Auto-reply: inline `/status` now honors allowlists (authorized stripped + replied inline; unauthorized leaves text for the agent) to match command gating tests. diff --git a/src/config/zod-schema.ts b/src/config/zod-schema.ts index 5d519fe05..e92329441 100644 --- a/src/config/zod-schema.ts +++ b/src/config/zod-schema.ts @@ -241,6 +241,26 @@ const ExecutableTokenSchema = z .string() .refine(isSafeExecutableValue, "expected safe executable name or path"); +const NativeCommandsSettingSchema = z.union([z.boolean(), z.literal("auto")]); + +const ProviderCommandsSchema = z + .object({ + native: NativeCommandsSettingSchema.optional(), + }) + .optional(); + +const CommandsSchema = z + .object({ + native: NativeCommandsSettingSchema.optional().default("auto"), + text: z.boolean().optional(), + config: z.boolean().optional(), + debug: z.boolean().optional(), + restart: z.boolean().optional(), + useAccessGroups: z.boolean().optional(), + }) + .optional() + .default({ native: "auto" }); + const ToolsAudioTranscriptionSchema = z .object({ args: z.array(z.string()).optional(), @@ -256,14 +276,6 @@ const TelegramTopicSchema = z.object({ systemPrompt: z.string().optional(), }); -const NativeCommandsSettingSchema = z.union([z.boolean(), z.literal("auto")]); - -const ProviderCommandsSchema = z - .object({ - native: NativeCommandsSettingSchema.optional(), - }) - .optional(); - const TelegramGroupSchema = z.object({ requireMention: z.boolean().optional(), skills: z.array(z.string()).optional(), @@ -720,18 +732,6 @@ const MessagesSchema = z }) .optional(); -const CommandsSchema = z - .object({ - native: NativeCommandsSettingSchema.optional().default("auto"), - text: z.boolean().optional(), - config: z.boolean().optional(), - debug: z.boolean().optional(), - restart: z.boolean().optional(), - useAccessGroups: z.boolean().optional(), - }) - .optional() - .default({ native: "auto" }); - const HeartbeatSchema = z .object({ every: z.string().optional(),