Align exec approval fallback default docs

drobison00 · drobison00 · commit a9df494150b7 · 2026-06-10T15:54:13.000Z
diff --git a/docs/cli/approvals.md b/docs/cli/approvals.md
@@ -83,7 +83,7 @@ Precedence is intentional:
 ```bash
 openclaw approvals set --file ./exec-approvals.json
 openclaw approvals set --stdin <<'EOF'
-{ version: 1, defaults: { security: "full", ask: "off" } }
+{ version: 1, defaults: { security: "full", ask: "off", askFallback: "full" } }
 EOF
 openclaw approvals set --node <id|name|ip> --file ./exec-approvals.json
 openclaw approvals set --gateway --file ./exec-approvals.json
@@ -137,7 +137,8 @@ Why `tools.exec.host=gateway` in this example:
 - YOLO is about approvals, not routing.
 - If you want host exec even when a sandbox is configured, make the host choice explicit with `gateway` or `/exec host=gateway`.
 
-This matches the current host-default YOLO behavior. Tighten it if you want approvals.
+Omitted `askFallback` defaults to `deny`. Set `askFallback: "full"`
+explicitly when upgrading a no-UI host that should keep never-prompt behavior.
 
 Local shortcut:
 
diff --git a/docs/tools/exec-approvals.md b/docs/tools/exec-approvals.md
@@ -159,7 +159,8 @@ when set at the narrower session or agent scope.
 ### `askFallback`
 
 <ParamField path="askFallback" type='"deny" | "allowlist" | "full"'>
-  Resolution when a prompt is required but no UI is reachable.
+  Resolution when a prompt is required but no UI is reachable. If this
+  field is omitted, OpenClaw defaults to `deny`.
 
 - `deny` - block.
 - `allowlist` - allow only if allowlist matches.
@@ -211,7 +212,9 @@ If you want host exec to run without approval prompts, you must open
 (`tools.exec.*`) **and** host-local approvals policy in
 `~/.openclaw/exec-approvals.json`.
 
-YOLO is the default host behavior unless you tighten it explicitly:
+OpenClaw defaults omitted `askFallback` to `deny`. Set host
+`askFallback` to `full` explicitly when a no-UI approval prompt should
+fall back to allow.
 
 | Layer                 | YOLO setting               |
 | --------------------- | -------------------------- |
@@ -278,7 +281,8 @@ openclaw exec-policy preset yolo
 That local shortcut updates both:
 
 - Local `tools.exec.host/security/ask`.
-- Local `~/.openclaw/exec-approvals.json` defaults.
+- Local `~/.openclaw/exec-approvals.json` defaults, including
+  `askFallback: "full"`.
 
 It is intentionally local-only. To change gateway-host or node-host
 approvals remotely, use `openclaw approvals set --gateway` or
diff --git a/src/cli/exec-approvals-cli.test.ts b/src/cli/exec-approvals-cli.test.ts
@@ -500,8 +500,8 @@ describe("exec approvals CLI", () => {
       requireRecord(toolsScope.askFallback, "tools.exec askFallback"),
       "tools.exec askFallback",
       {
-        effective: "full",
-        source: "OpenClaw default (full)",
+        effective: "deny",
+        source: "OpenClaw default (deny)",
       },
     );
 
@@ -517,8 +517,8 @@ describe("exec approvals CLI", () => {
       effective: "always",
     });
     expectFields(requireRecord(agentScope.askFallback, "agent askFallback"), "agent askFallback", {
-      effective: "allowlist",
-      source: "OpenClaw default (full)",
+      effective: "deny",
+      source: "OpenClaw default (deny)",
     });
   });
 
