gut(ui): remove autoAllowSkills from exec-approvals config (#2524)#2535
Merged
alexey-pelykh merged 1 commit intomainfrom Apr 24, 2026
Merged
gut(ui): remove autoAllowSkills from exec-approvals config (#2524)#2535alexey-pelykh merged 1 commit intomainfrom
alexey-pelykh merged 1 commit intomainfrom
Conversation
…arketplace fully gutted, UI toggle no longer drives behavior (#2524) The "Auto-allow skill CLIs" toggle in nodes-exec-approvals is an OpenClaw skills-marketplace config flag. RemoteClaw has no skills subsystem to gate, so the checkbox was UI dead weight: it patched a backend key the runtime no longer reads. Removed from ui/: - ExecApprovalsDefaults.autoAllowSkills (controller type) - ExecApprovalsResolvedDefaults.autoAllowSkills (view-local type) - resolveExecApprovalsDefaults() autoAllowSkills default read - renderExecApprovalsPolicy() autoOverride/autoEffective/autoIsDefault locals - "Auto-allow skill CLIs" list-item block (checkbox + override clear button) ui/ grep: zero hits after change (was 8 hits across 2 files; issue body's "only two sites" claim was stale). Out-of-scope hits flagged for follow-up (not ui/, so not under issue AC): - src/gateway/protocol/schema/exec-approvals.ts — backend schema still defines autoAllowSkills as optional. Stored values silently ignored; backend removal is a separate cleanup. - docs/tools/exec.md, docs/tools/exec-approvals.md, docs/gateway/security/index.md — still reference the field; trail the backend schema removal. - apps/macos/Sources/RemoteClaw/ — native macOS app has its own autoAllowSkills wiring; separate cleanup lane. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced Apr 24, 2026
alexey-pelykh
added a commit
that referenced
this pull request
Apr 24, 2026
…#2557) Follow-up to #2524/#2535 (UI side). The skills marketplace is gutted per CLAUDE.md § Fork Context; `autoAllowSkills` is dead — runtime no longer reads it, UI no longer sends it. Strips the residual backend schema field and user-facing docs surface. - `src/gateway/protocol/schema/exec-approvals.ts`: drop `autoAllowSkills` from `ExecApprovalsPolicyFields` (spreads into both Defaults + Agent schemas, so removal cascades to both) - `docs/tools/exec.md`: remove the "autoAllowSkills is a separate..." paragraph - `docs/tools/exec-approvals.md`: drop 2 keys from the JSON schema example, remove the entire "## Auto-allow skill CLIs" section (12 lines), trim "or skill auto-allow" from allowlist-chaining prose - `docs/gateway/security/index.md`: drop `autoAllowSkills` from the exec-drift parenthetical; delete the `tools.exec.auto_allow_skills_enabled` audit code table row (no `src/` emitter — verified via grep) - `docs/gateway/protocol.md`: delete the now-empty "Node helper methods" subsection documenting the `skills.bins` RPC "for auto-allow checks" — the RPC itself was gutted in #2413/#2448, the doc line was missed Out of scope (deferred): - `apps/macos/Sources/RemoteClaw/*.swift` — per #2527 (coordinated native gut wave) - `docs/refactor/*.md` historical audit docs — track the gut work itself and remain as historical records Verification: - `pnpm check` (format + tsgo + oxlint + css-class-drift): green - `pnpm test`: 7010 passed, 3 skipped across 799 files; 288 passed in parallel suite; 12/12 UI smoke - Fork-integrity gates (throwing-stub-callers, zombie-imports, stub-debt, obsolescence-audit): all clean, baselines unchanged Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #2524. Removes the OpenClaw-era "Auto-allow skill CLIs" toggle from the exec-approvals UI. RemoteClaw has no skills subsystem to gate, so the checkbox was UI dead weight — it patched a backend config key the runtime no longer reads.
Scope
UI-only (per issue AC:
grep -rn 'autoAllowSkills' ui/returns zero hits).Removed from
ui/:ExecApprovalsDefaults.autoAllowSkills(controllers/exec-approvals.ts)ExecApprovalsResolvedDefaults.autoAllowSkills(view-local type)resolveExecApprovalsDefaults()—autoAllowSkillsdefault readrenderExecApprovalsPolicy()—autoOverride/autoEffective/autoIsDefaultlocalsPure subtraction: 47 lines removed, 0 added.
Note on issue body staleness
Issue #2524 body claims
grep -rn 'autoAllowSkills' ui/returns "only the two sites above" (ui/src/ui/views/nodes-exec-approvals.ts:21,90). Actualui/grep at the time of this PR showed 8 hits across 2 files (7 in the view, 1 in the controller type) — all part of the same dead UI control. The PR covers all 8 to satisfy the AC's "zero hits" criterion.Acceptance criteria
grep -rn 'autoAllowSkills' ui/returns zero hitspnpm checkgreen (format + tsgo + lint + CSS class drift)pnpm testgreen (7014 passed, 3 skipped, across 800 test files — plus 288 tests across 17 parallel-suite files)pnpm test:ui:smokegreen (12 passed, 2 suites)Out-of-scope hits flagged for follow-up
Not
ui/, so not under this issue's AC. Each is a separate cleanup lane:src/gateway/protocol/schema/exec-approvals.ts:19autoAllowSkills: Type.Optional(Type.Boolean()). Stored values silently ignored after this PR (no UI control writes it; runtime already doesn't read it), but the schema surface remains. Recommend: separate issue to drop the backend schema field once confirmed no migration/serialization depends on it.docs/tools/exec-approvals.md,docs/tools/exec.md,docs/gateway/security/index.mdautoAllowSkillsas a feature / show JSON examples. Should trail the backend schema removal.apps/macos/Sources/RemoteClaw/*.swiftautoAllowSkillswiring (SystemRunSettingsView.swift,ExecApprovalEvaluation.swift,ExecApprovals.swift). Native gutting is a separate cleanup lane.Risk
ui/changes; no tests touchedautoAllowSkillsinui/(confirmed by grep).autoAllowSkillsstill load (backend schema still accepts the key); they're just no longer editable from the UI. That matches the gutting intent.Test plan
pnpm check— greenpnpm test— greenpnpm test:ui:smoke— greenrenderExecApprovalsPolicywith bothisDefaults=trueand agent-scoped state — three list-items remain (Security / Ask / Ask fallback), no broken template.🤖 Generated with Claude Code