openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎extensions/discord/src/exec-approvals.test.ts‎
Lines changed: 24 additions & 12 deletions b/‎extensions/discord/src/exec-approvals.test.ts‎
Lines changed: 24 additions & 12 deletions
diff --git a/‎extensions/discord/src/exec-approvals.ts‎
Lines changed: 15 additions & 13 deletions b/‎extensions/discord/src/exec-approvals.ts‎
Lines changed: 15 additions & 13 deletions
diff --git a/‎extensions/discord/src/monitor/exec-approvals.test.ts‎
Lines changed: 46 additions & 3 deletions b/‎extensions/discord/src/monitor/exec-approvals.test.ts‎
Lines changed: 46 additions & 3 deletions
diff --git a/‎extensions/discord/src/monitor/exec-approvals.ts‎
Lines changed: 8 additions & 4 deletions b/‎extensions/discord/src/monitor/exec-approvals.ts‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎extensions/slack/src/config-ui-hints.ts‎
Lines changed: 1 addition & 1 deletion b/‎extensions/slack/src/config-ui-hints.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎extensions/slack/src/exec-approvals.test.ts‎
Lines changed: 20 additions & 13 deletions b/‎extensions/slack/src/exec-approvals.test.ts‎
Lines changed: 20 additions & 13 deletions
diff --git a/‎extensions/slack/src/exec-approvals.ts‎
Lines changed: 14 additions & 6 deletions b/‎extensions/slack/src/exec-approvals.ts‎
Lines changed: 14 additions & 6 deletions
@@ -15,6 +15,9 @@ Docs: https://docs.openclaw.ai
 
 ### Fixes
 
+- Exec/approvals: honor `exec-approvals.json` security defaults when inline or configured tool policy is unset, and keep Slack and Discord native approval handling aligned with inferred approvers and real channel enablement so remote exec stops falling into false approval timeouts and disabled states. Thanks @scoootscooob and @vincentkoc.
+- Exec/cron: resolve isolated cron no-route approval dead-ends from the effective host fallback policy when trusted automation is allowed, and make `openclaw doctor` warn when `tools.exec` is broader than `~/.openclaw/exec-approvals.json` so stricter host-policy conflicts are explicit. Thanks @scoootscooob and @vincentkoc.
+- Exec/approvals: make `allow-always` persist as durable user-approved trust instead of behaving like `allow-once`, reuse exact-command trust on shell-wrapper paths that cannot safely persist an executable allowlist entry, keep static allowlist entries from silently bypassing `ask:"always"`, and require explicit approval when Windows cannot build an allowlist execution plan instead of hard-dead-ending remote exec. Thanks @scoootscooob and @vincentkoc.
 - Gateway/reload: ignore startup config writes by persisted hash in the config reloader so generated auth tokens and seeded Control UI origins do not trigger a restart loop, while real `gateway.auth.*` edits still require restart. (#58678) Thanks @yelog
 - Discord/inbound media: pass Discord attachment and sticker downloads through the shared idle-timeout and worker-abort path so slow or stuck inbound media fetches stop hanging message processing. (#58593) Thanks @aquaright1
 - Telegram/local Bot API: preserve media MIME types for absolute-path downloads so local audio files still trigger transcription and other MIME-based handling. (#54603) Thanks @jzakirov
 
@@ -22,13 +22,26 @@ function buildConfig(
 }
 
 describe("discord exec approvals", () => {
-  it("requires enablement and an explicit or inferred approver", () => {
+  it("requires enablement and explicit or owner approvers", () => {
     expect(isDiscordExecApprovalClientEnabled({ cfg: buildConfig() })).toBe(false);
     expect(isDiscordExecApprovalClientEnabled({ cfg: buildConfig({ enabled: true }) })).toBe(false);
     expect(
       isDiscordExecApprovalClientEnabled({
         cfg: buildConfig({ enabled: true }, { allowFrom: ["123"] }),
       }),
+    ).toBe(false);
+    expect(
+      isDiscordExecApprovalClientEnabled({
+        cfg: buildConfig({ enabled: true, approvers: ["123"] }),
+      }),
+    ).toBe(true);
+    expect(
+      isDiscordExecApprovalClientEnabled({
+        cfg: {
+          ...buildConfig({ enabled: true }),
+          commands: { ownerAllowFrom: ["discord:789"] },
+        } as OpenClawConfig,
+      }),
     ).toBe(true);
   });
 
@@ -43,7 +56,7 @@ describe("discord exec approvals", () => {
     expect(isDiscordExecApprovalApprover({ cfg, senderId: "123" })).toBe(false);
   });
 
-  it("infers approvers from allowFrom, legacy dm.allowFrom, and explicit DM defaultTo", () => {
+  it("does not infer approvers from allowFrom or default DM routes", () => {
     const cfg = buildConfig(
       { enabled: true },
       {
@@ -53,18 +66,17 @@ describe("discord exec approvals", () => {
       },
     );
 
-    expect(getDiscordExecApprovalApprovers({ cfg })).toEqual(["123", "456", "789"]);
-    expect(isDiscordExecApprovalApprover({ cfg, senderId: "789" })).toBe(true);
+    expect(getDiscordExecApprovalApprovers({ cfg })).toEqual([]);
+    expect(isDiscordExecApprovalApprover({ cfg, senderId: "789" })).toBe(false);
   });
 
-  it("ignores non-user default targets when inferring approvers", () => {
-    const cfg = buildConfig(
-      { enabled: true },
-      {
-        defaultTo: "channel:123",
-      },
-    );
+  it("falls back to commands.ownerAllowFrom for exec approvers", () => {
+    const cfg = {
+      ...buildConfig({ enabled: true }),
+      commands: { ownerAllowFrom: ["discord:123", "user:456", "789"] },
+    } as OpenClawConfig;
 
-    expect(getDiscordExecApprovalApprovers({ cfg })).toEqual([]);
+    expect(getDiscordExecApprovalApprovers({ cfg })).toEqual(["123", "456", "789"]);
+    expect(isDiscordExecApprovalApprover({ cfg, senderId: "456" })).toBe(true);
   });
 });
@@ -22,26 +22,28 @@ function normalizeDiscordApproverId(value: string): string | undefined {
   }
 }
 
+function resolveDiscordOwnerApprovers(cfg: OpenClawConfig): string[] {
+  const ownerAllowFrom = cfg.commands?.ownerAllowFrom;
+  if (!Array.isArray(ownerAllowFrom) || ownerAllowFrom.length === 0) {
+    return [];
+  }
+  return resolveApprovalApprovers({
+    explicit: ownerAllowFrom,
+    normalizeApprover: (value) => normalizeDiscordApproverId(String(value)),
+  });
+}
+
 export function getDiscordExecApprovalApprovers(params: {
   cfg: OpenClawConfig;
   accountId?: string | null;
   configOverride?: DiscordExecApprovalConfig | null;
 }): string[] {
-  const account = resolveDiscordAccount(params).config;
   return resolveApprovalApprovers({
-    explicit: params.configOverride?.approvers ?? account.execApprovals?.approvers,
-    allowFrom: account.allowFrom,
-    extraAllowFrom: account.dm?.allowFrom,
-    defaultTo: account.defaultTo,
+    explicit:
+      params.configOverride?.approvers ??
+      resolveDiscordAccount(params).config.execApprovals?.approvers ??
+      resolveDiscordOwnerApprovers(params.cfg),
     normalizeApprover: (value) => normalizeDiscordApproverId(String(value)),
-    normalizeDefaultTo: (value) => {
-      try {
-        const target = parseDiscordTarget(value);
-        return target?.kind === "user" ? target.id : undefined;
-      } catch {
-        return undefined;
-      }
-    },
   });
 }
 
 
@@ -177,12 +177,16 @@ type ExecApprovalButtonContext = import("./exec-approvals.js").ExecApprovalButto
 
 // ─── Helpers ──────────────────────────────────────────────────────────────────
 
-function createHandler(config: DiscordExecApprovalConfig, accountId = "default") {
+function createHandler(
+  config: DiscordExecApprovalConfig,
+  accountId = "default",
+  cfgOverrides: Record<string, unknown> = {},
+) {
   return new DiscordExecApprovalHandler({
     token: "test-token",
     accountId,
     config,
-    cfg: { session: { store: STORE_PATH } },
+    cfg: { session: { store: STORE_PATH }, ...cfgOverrides },
   });
 }
 
@@ -447,6 +451,18 @@ describe("DiscordExecApprovalHandler.shouldHandle", () => {
     expect(handler.shouldHandle(createRequest())).toBe(false);
   });
 
+  it("does not treat channel allowFrom as approval authority", () => {
+    const handler = createHandler({ enabled: true }, "default", {
+      channels: {
+        discord: {
+          token: "discord-token",
+          allowFrom: ["123"],
+        },
+      },
+    });
+    expect(handler.shouldHandle(createRequest())).toBe(false);
+  });
+
   it("returns true with minimal config", () => {
     const handler = createHandler({ enabled: true, approvers: ["123"] });
     expect(handler.shouldHandle(createRequest())).toBe(true);
@@ -617,10 +633,37 @@ describe("DiscordExecApprovalHandler.getApprovers", () => {
         config: { enabled: true } as DiscordExecApprovalConfig,
         expected: [],
       },
+      {
+        name: "allowFrom does not grant approver rights",
+        config: { enabled: true } as DiscordExecApprovalConfig,
+        cfgOverrides: {
+          channels: {
+            discord: {
+              token: "discord-token",
+              allowFrom: ["123"],
+            },
+          },
+        },
+        expected: [],
+      },
+      {
+        name: "ownerAllowFrom still grants exec approver rights",
+        config: { enabled: true } as DiscordExecApprovalConfig,
+        cfgOverrides: {
+          commands: {
+            ownerAllowFrom: ["discord:123"],
+          },
+        },
+        expected: ["123"],
+      },
     ] as const;
 
     for (const testCase of cases) {
-      const handler = createHandler(testCase.config);
+      const handler = createHandler(
+        testCase.config,
+        "default",
+        "cfgOverrides" in testCase ? (testCase.cfgOverrides as Record<string, unknown>) : {},
+      );
       expect(handler.getApprovers(), testCase.name).toEqual(testCase.expected);
     }
   });
 
@@ -33,6 +33,7 @@ import type {
 import type { RuntimeEnv } from "openclaw/plugin-sdk/runtime-env";
 import { logDebug, logError } from "openclaw/plugin-sdk/text-runtime";
 import { createDiscordNativeApprovalAdapter } from "../approval-native.js";
+import { getDiscordExecApprovalApprovers } from "../exec-approvals.js";
 import { createDiscordClient, stripUndefinedFields } from "../send.shared.js";
 import { DiscordUiContainer } from "../ui.js";
 
@@ -454,8 +455,7 @@ export class DiscordExecApprovalHandler {
       cfg: this.opts.cfg,
       gatewayUrl: this.opts.gatewayUrl,
       eventKinds: ["exec", "plugin"],
-      isConfigured: () =>
-        Boolean(this.opts.config.enabled && (this.opts.config.approvers?.length ?? 0) > 0),
+      isConfigured: () => Boolean(this.opts.config.enabled && this.getApprovers().length > 0),
       shouldHandle: (request) => this.shouldHandle(request),
       deliverRequested: async (request) => await this.deliverRequested(request),
       finalizeResolved: async ({ request, resolved, entries }) => {
@@ -472,7 +472,7 @@ export class DiscordExecApprovalHandler {
     if (!config.enabled) {
       return false;
     }
-    if (!config.approvers || config.approvers.length === 0) {
+    if (this.getApprovers().length === 0) {
       return false;
     }
 
@@ -763,7 +763,11 @@ export class DiscordExecApprovalHandler {
 
   /** Return the list of configured approver IDs. */
   getApprovers(): string[] {
-    return this.opts.config.approvers ?? [];
+    return getDiscordExecApprovalApprovers({
+      cfg: this.opts.cfg,
+      accountId: this.opts.accountId,
+      configOverride: this.opts.config,
+    });
   }
 }
 
 
@@ -59,7 +59,7 @@ export const slackChannelConfigUiHints = {
   },
   "execApprovals.approvers": {
     label: "Slack Exec Approval Approvers",
-    help: "Slack user IDs allowed to approve exec requests for this workspace account. Use Slack user IDs or user targets such as `U123`, `user:U123`, or `<@U123>`. If you leave this unset, OpenClaw falls back to owner IDs inferred from channels.slack.allowFrom, channels.slack.dm.allowFrom, and defaultTo when possible.",
+    help: "Slack user IDs allowed to approve exec requests for this workspace account. Use Slack user IDs or user targets such as `U123`, `user:U123`, or `<@U123>`. If you leave this unset, OpenClaw falls back to commands.ownerAllowFrom when possible.",
   },
   "execApprovals.agentFilter": {
     label: "Slack Exec Approval Agent Filter",
 
@@ -29,19 +29,27 @@ function buildConfig(
 }
 
 describe("slack exec approvals", () => {
-  it("requires enablement and an explicit or inferred approver", () => {
+  it("requires enablement and explicit or owner approvers", () => {
     expect(isSlackExecApprovalClientEnabled({ cfg: buildConfig() })).toBe(false);
     expect(isSlackExecApprovalClientEnabled({ cfg: buildConfig({ enabled: true }) })).toBe(false);
     expect(
       isSlackExecApprovalClientEnabled({
         cfg: buildConfig({ enabled: true }, { allowFrom: ["U123"] }),
       }),
-    ).toBe(true);
+    ).toBe(false);
     expect(
       isSlackExecApprovalClientEnabled({
         cfg: buildConfig({ enabled: true, approvers: ["U123"] }),
       }),
     ).toBe(true);
+    expect(
+      isSlackExecApprovalClientEnabled({
+        cfg: {
+          ...buildConfig({ enabled: true }),
+          commands: { ownerAllowFrom: ["slack:U123OWNER"] },
+        } as OpenClawConfig,
+      }),
+    ).toBe(true);
   });
 
   it("prefers explicit approvers when configured", () => {
@@ -55,7 +63,7 @@ describe("slack exec approvals", () => {
     expect(isSlackExecApprovalApprover({ cfg, senderId: "U123" })).toBe(false);
   });
 
-  it("infers approvers from allowFrom, dm.allowFrom, and DM defaultTo", () => {
+  it("does not infer approvers from allowFrom or DM default routes", () => {
     const cfg = buildConfig(
       { enabled: true },
       {
@@ -65,19 +73,18 @@ describe("slack exec approvals", () => {
       },
     );
 
-    expect(getSlackExecApprovalApprovers({ cfg })).toEqual(["U123", "U456", "U789"]);
-    expect(isSlackExecApprovalApprover({ cfg, senderId: "U789" })).toBe(true);
+    expect(getSlackExecApprovalApprovers({ cfg })).toEqual([]);
+    expect(isSlackExecApprovalApprover({ cfg, senderId: "U789" })).toBe(false);
   });
 
-  it("ignores non-user default targets when inferring approvers", () => {
-    const cfg = buildConfig(
-      { enabled: true },
-      {
-        defaultTo: "channel:C123",
-      },
-    );
+  it("falls back to commands.ownerAllowFrom for exec approvers", () => {
+    const cfg = {
+      ...buildConfig({ enabled: true }),
+      commands: { ownerAllowFrom: ["slack:U123", "user:U456", "<@U789>"] },
+    } as OpenClawConfig;
 
-    expect(getSlackExecApprovalApprovers({ cfg })).toEqual([]);
+    expect(getSlackExecApprovalApprovers({ cfg })).toEqual(["U123", "U456", "U789"]);
+    expect(isSlackExecApprovalApprover({ cfg, senderId: "U456" })).toBe(true);
   });
 
   it("defaults target to dm", () => {
 
@@ -28,6 +28,17 @@ export function normalizeSlackApproverId(value: string | number): string | undef
   return /^[UW][A-Z0-9]+$/i.test(trimmed) ? trimmed : undefined;
 }
 
+function resolveSlackOwnerApprovers(cfg: OpenClawConfig): string[] {
+  const ownerAllowFrom = cfg.commands?.ownerAllowFrom;
+  if (!Array.isArray(ownerAllowFrom) || ownerAllowFrom.length === 0) {
+    return [];
+  }
+  return resolveApprovalApprovers({
+    explicit: ownerAllowFrom,
+    normalizeApprover: normalizeSlackApproverId,
+  });
+}
+
 export function shouldHandleSlackExecApprovalRequest(params: {
   cfg: OpenClawConfig;
   accountId?: string | null;
@@ -61,14 +72,11 @@ export function getSlackExecApprovalApprovers(params: {
   cfg: OpenClawConfig;
   accountId?: string | null;
 }): string[] {
-  const account = resolveSlackAccount(params).config;
   return resolveApprovalApprovers({
-    explicit: account.execApprovals?.approvers,
-    allowFrom: account.allowFrom,
-    extraAllowFrom: account.dm?.allowFrom,
-    defaultTo: account.defaultTo,
+    explicit:
+      resolveSlackAccount(params).config.execApprovals?.approvers ??
+      resolveSlackOwnerApprovers(params.cfg),
     normalizeApprover: normalizeSlackApproverId,
-    normalizeDefaultTo: normalizeSlackApproverId,
   });
 }