Summary
Remove the entire bash/exec tool subsystem, PTY terminal handling, and exec-approval security infrastructure. These components implemented shell command execution inside the Docker sandbox (removed in #68). RemoteClaw's CLI agents (Claude, Gemini, Codex, OpenCode) handle their own shell execution natively — this pi-embedded execution infrastructure is dead code.
Scope
~78 files to delete + ~15 surviving files needing import cleanup = ~93 files total
Phase 1: Core Bash Tools (~26 files)
Delete src/agents/bash-tools*.ts and src/agents/bash-process-registry*.ts:
bash-tools.ts — main export barrelbash-tools.shared.ts — shared utilitiesbash-tools.exec.ts — core exec tool implementationbash-tools.exec-types.ts — exec tool typesbash-tools.exec-runtime.ts — runtime supportbash-tools.exec-approval-request.ts — approval request handlingbash-tools.exec-host-gateway.ts — gateway host routingbash-tools.exec-host-node.ts — node host routingbash-tools.process.ts — process toolbash-process-registry.ts — process registry- All associated test files (~16 tests)
Phase 2: PTY Support (~6 files)
src/agents/pty-dsr.ts — PTY device status reportssrc/agents/pty-keys.ts + test — PTY key encodingsrc/process/supervisor/adapters/pty.ts — PTY adaptersrc/process/supervisor/supervisor.pty-command.test.ts — PTY command testsrc/types/lydell-node-pty.d.ts — node-pty type definitions
Phase 3: Process Exec (2 files)
src/process/exec.ts + test — process execution wrapper
Phase 4: Exec Infrastructure (~28 files)
Delete src/infra/exec-*.ts and src/infra/system-run-command*.ts:
Exec approvals core:
exec-approvals.ts + test — approval systemexec-approvals-analysis.ts — approval analysisexec-approvals-allowlist.ts — allowlistexec-approvals-config.test.ts, exec-approvals-test-helpers.tsexec-approval-forwarder.ts + test — approval forwardingexec-obfuscation-detect.ts + test — obfuscation detection
Exec safety & policy:
exec-safety.ts — safety checksexec-command-resolution.ts — command resolutionexec-host.ts — host routingexec-safe-bin-policy.ts + test — safe binary policyexec-safe-bin-policy-profiles.ts — policy profilesexec-safe-bin-policy-validator.ts — policy validatorexec-safe-bin-runtime-policy.ts + test — runtime policyexec-safe-bin-trust.ts + test — trust evaluationexec-wrapper-resolution.ts — wrapper resolution
System run command (depends on exec-wrapper-resolution):
system-run-command.ts + test + contract test
Additional exec approval tests:
exec-approvals-allow-always.test.tsexec-approvals-parity.test.tsexec-approvals-safe-bins.test.ts
Phase 5: Channel Exec Approvals (~8 files)
src/discord/monitor/exec-approvals.ts + testsrc/gateway/exec-approval-manager.tssrc/gateway/protocol/schema/exec-approvals.tssrc/gateway/server-methods/exec-approval.tssrc/gateway/server-methods/exec-approvals.tssrc/cli/exec-approvals-cli.ts + test
Phase 6: Auto-Reply Bash/Exec Handlers (~4 files)
src/auto-reply/reply/bash-command.ts — bash command handlersrc/auto-reply/reply/commands-bash.ts — bash command registrationsrc/auto-reply/reply/exec.ts — exec barrelsrc/auto-reply/reply/exec/directive.ts — exec directive parsing
Phase 7: Other (~4 files)
src/node-host/exec-policy.ts + testsrc/config/normalize-exec-safe-bin.tssrc/test-utils/exec-assertions.ts
Phase 8: Import Cleanup (~15 surviving files)
Remove dead imports and references from KEEP/MODIFY code:
src/agents/pi-tools.ts — remove bash-tools imports and exec/process tool creation logicsrc/agents/tool-policy.test.ts — remove bash/exec tool assertionssrc/auto-reply/reply/get-reply-directives.ts — remove bash-tools importssrc/auto-reply/reply/get-reply-run.ts — remove bash-tools importssrc/auto-reply/reply/queue/types.ts — remove bash-tools type importssrc/auto-reply/reply/agent-runner-execution.ts — remove exec referencessrc/auto-reply/reply/commands.test.ts — remove bash command testssrc/auto-reply/reply/get-reply-inline-actions.skip-when-config-empty.test.ts — remove exec refssrc/config/commands.test.ts — remove bash command testssrc/plugins/commands.ts — remove bash command registrationsrc/cli/program/register.subclis.ts — remove exec-approvals subcli entrysrc/cron/*.test.ts — remove exec references in test fixtures (if any)
Exclusions (DO NOT DELETE)
src/daemon/exec-file.ts — general node:child_process wrapper used by daemon infrastructure (systemd.ts, launchd.ts, schtasks.ts). Not bash-exec-tool-specific.src/daemon/schtasks-exec.ts — Windows scheduled task utility. Uses exec-file.ts.src/agents/shell-utils.ts — has consumers beyond bash-tools (cli-runner/helpers.ts, process/supervisor/supervisor.ts). Keep with its test.- pi-embedded-runner files — these import bash-tools but will be deleted in a separate gutting task. Leave their imports alone.
Verification
# All delete targets gone
ls src/agents/bash-tools*.ts src/agents/bash-process-registry*.ts src/agents/pty-*.ts 2>/dev/null
# Should return nothing
# No exec-approvals in infra
ls src/infra/exec-*.ts src/infra/system-run-command*.ts 2>/dev/null
# Should return nothing
# Build passes
pnpm build
# No bash-tools or exec-approvals imports in surviving code
# (exclude pi-embedded-runner which is deleted separately)
grep -r "from.*bash-tools\|from.*exec-approvals\|from.*exec-safe-bin\|from.*exec-host\|from.*exec-safety\|from.*exec-command-resolution\|from.*exec-wrapper-resolution\|from.*system-run-command\|from.*exec-obfuscation\|from.*pty-dsr\|from.*pty-keys\|from.*bash-command\|from.*commands-bash\|from.*exec-approval-forwarder\|from.*exec-approvals-analysis\|from.*normalize-exec-safe-bin\|from.*exec-assertions" src/ --include="*.ts" | grep -v "pi-embedded-runner" | grep -v node_modules
# Should return nothing
Why
RemoteClaw replaces OpenClaw's pi-embedded execution engine with CLI agent subprocesses. The bash/exec tool subsystem was OpenClaw's mechanism for running shell commands inside Docker sandboxes on behalf of the AI. CLI agents (Claude Code, Gemini CLI, Codex CLI, OpenCode) handle their own shell execution natively — they don't need RemoteClaw to proxy shell commands. The exec-approval security infrastructure (approval forwarding, obfuscation detection, safe-bin policies) exists solely to gate bash/exec tool usage and has no purpose without those tools.
Summary
Remove the entire bash/exec tool subsystem, PTY terminal handling, and exec-approval security infrastructure. These components implemented shell command execution inside the Docker sandbox (removed in #68). RemoteClaw's CLI agents (Claude, Gemini, Codex, OpenCode) handle their own shell execution natively — this pi-embedded execution infrastructure is dead code.
Scope
~78 files to delete + ~15 surviving files needing import cleanup = ~93 files total
Phase 1: Core Bash Tools (~26 files)
Delete
src/agents/bash-tools*.tsandsrc/agents/bash-process-registry*.ts:bash-tools.ts— main export barrelbash-tools.shared.ts— shared utilitiesbash-tools.exec.ts— core exec tool implementationbash-tools.exec-types.ts— exec tool typesbash-tools.exec-runtime.ts— runtime supportbash-tools.exec-approval-request.ts— approval request handlingbash-tools.exec-host-gateway.ts— gateway host routingbash-tools.exec-host-node.ts— node host routingbash-tools.process.ts— process toolbash-process-registry.ts— process registryPhase 2: PTY Support (~6 files)
src/agents/pty-dsr.ts— PTY device status reportssrc/agents/pty-keys.ts+ test — PTY key encodingsrc/process/supervisor/adapters/pty.ts— PTY adaptersrc/process/supervisor/supervisor.pty-command.test.ts— PTY command testsrc/types/lydell-node-pty.d.ts— node-pty type definitionsPhase 3: Process Exec (2 files)
src/process/exec.ts+ test — process execution wrapperPhase 4: Exec Infrastructure (~28 files)
Delete
src/infra/exec-*.tsandsrc/infra/system-run-command*.ts:Exec approvals core:
exec-approvals.ts+ test — approval systemexec-approvals-analysis.ts— approval analysisexec-approvals-allowlist.ts— allowlistexec-approvals-config.test.ts,exec-approvals-test-helpers.tsexec-approval-forwarder.ts+ test — approval forwardingexec-obfuscation-detect.ts+ test — obfuscation detectionExec safety & policy:
exec-safety.ts— safety checksexec-command-resolution.ts— command resolutionexec-host.ts— host routingexec-safe-bin-policy.ts+ test — safe binary policyexec-safe-bin-policy-profiles.ts— policy profilesexec-safe-bin-policy-validator.ts— policy validatorexec-safe-bin-runtime-policy.ts+ test — runtime policyexec-safe-bin-trust.ts+ test — trust evaluationexec-wrapper-resolution.ts— wrapper resolutionSystem run command (depends on exec-wrapper-resolution):
system-run-command.ts+ test + contract testAdditional exec approval tests:
exec-approvals-allow-always.test.tsexec-approvals-parity.test.tsexec-approvals-safe-bins.test.tsPhase 5: Channel Exec Approvals (~8 files)
src/discord/monitor/exec-approvals.ts+ testsrc/gateway/exec-approval-manager.tssrc/gateway/protocol/schema/exec-approvals.tssrc/gateway/server-methods/exec-approval.tssrc/gateway/server-methods/exec-approvals.tssrc/cli/exec-approvals-cli.ts+ testPhase 6: Auto-Reply Bash/Exec Handlers (~4 files)
src/auto-reply/reply/bash-command.ts— bash command handlersrc/auto-reply/reply/commands-bash.ts— bash command registrationsrc/auto-reply/reply/exec.ts— exec barrelsrc/auto-reply/reply/exec/directive.ts— exec directive parsingPhase 7: Other (~4 files)
src/node-host/exec-policy.ts+ testsrc/config/normalize-exec-safe-bin.tssrc/test-utils/exec-assertions.tsPhase 8: Import Cleanup (~15 surviving files)
Remove dead imports and references from KEEP/MODIFY code:
src/agents/pi-tools.ts— remove bash-tools imports and exec/process tool creation logicsrc/agents/tool-policy.test.ts— remove bash/exec tool assertionssrc/auto-reply/reply/get-reply-directives.ts— remove bash-tools importssrc/auto-reply/reply/get-reply-run.ts— remove bash-tools importssrc/auto-reply/reply/queue/types.ts— remove bash-tools type importssrc/auto-reply/reply/agent-runner-execution.ts— remove exec referencessrc/auto-reply/reply/commands.test.ts— remove bash command testssrc/auto-reply/reply/get-reply-inline-actions.skip-when-config-empty.test.ts— remove exec refssrc/config/commands.test.ts— remove bash command testssrc/plugins/commands.ts— remove bash command registrationsrc/cli/program/register.subclis.ts— removeexec-approvalssubcli entrysrc/cron/*.test.ts— remove exec references in test fixtures (if any)Exclusions (DO NOT DELETE)
src/daemon/exec-file.ts— generalnode:child_processwrapper used by daemon infrastructure (systemd.ts,launchd.ts,schtasks.ts). Not bash-exec-tool-specific.src/daemon/schtasks-exec.ts— Windows scheduled task utility. Usesexec-file.ts.src/agents/shell-utils.ts— has consumers beyond bash-tools (cli-runner/helpers.ts,process/supervisor/supervisor.ts). Keep with its test.Verification
Why
RemoteClaw replaces OpenClaw's pi-embedded execution engine with CLI agent subprocesses. The bash/exec tool subsystem was OpenClaw's mechanism for running shell commands inside Docker sandboxes on behalf of the AI. CLI agents (Claude Code, Gemini CLI, Codex CLI, OpenCode) handle their own shell execution natively — they don't need RemoteClaw to proxy shell commands. The exec-approval security infrastructure (approval forwarding, obfuscation detection, safe-bin policies) exists solely to gate bash/exec tool usage and has no purpose without those tools.