liuyu/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-06 05:51:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(plugin-sdk): add resolve_exec_env hook

Browse Source 
Summary:
- Add the plugin SDK `resolve_exec_env` hook for bounded exec environment contributions.
- Wire resolved exec env through exec preparation/final execution without exposing plugin env values to generic tool hooks.
- Cover lazy exec loading, host and command rewrites, node/gateway execution, filtering, and EXEC shell snapshot cache behavior.

Verification:
- `pnpm changed:lanes --json`
- `node scripts/run-vitest.mjs src/agents/bash-tools.exec.resolve-env-hook.test.ts src/agents/agent-tool-definition-adapter.test.ts src/agents/agent-tool-definition-adapter.after-tool-call.test.ts src/agents/shell-snapshot.test.ts src/plugins/hook-resolve-exec-env.test.ts`
- `pnpm check:test-types`
- `pnpm lint src/agents/bash-tools.exec.ts src/agents/bash-tools.exec.resolve-env-hook.test.ts`
- `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main`
- PR CI clean on 1bbad8d071: https://github.com/openclaw/openclaw/actions/runs/26817910293

Co-authored-by: Lanzhi <lizhan3@xiaomi.com>
This commit is contained in:
兰之
2026-06-02 20:00:42 +08:00
committed by GitHub
parent e992af4b6e
commit 10d10faa25
11 changed files with 910 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/plugins/hooks.md
View File

@@ -120,6 +120,7 @@ observation-only.
- **`before_tool_call`** - rewrite tool params, block execution, or require approval
- `after_tool_call` - observe tool results, errors, and duration
- `resolve_exec_env` - contribute plugin-owned environment variables to `exec`
- **`tool_result_persist`** - rewrite the assistant message produced from a tool result
- **`before_message_write`** - inspect or block an in-progress message write (rare)
@@ -233,6 +234,28 @@ for host-trusted gates such as workspace policy, budget enforcement, or
reserved workflow safety. External plugins should use normal `before_tool_call`
hooks.
### Exec environment hook
`resolve_exec_env` lets plugins contribute environment variables to `exec`
tool invocations after the base exec environment is built and before the
command runs. It receives:
- `event.sessionKey`
- `event.toolName`, currently always `"exec"`
- `event.host`, one of `"gateway"`, `"sandbox"`, or `"node"`
- context fields such as `ctx.agentId`, `ctx.sessionKey`,
`ctx.messageProvider`, and `ctx.channelId`
Return a `Record<string, string>` to merge into the exec environment. Handlers
run in priority order, and later hook results override earlier hook results for
the same key.
Hook output is filtered through the host exec environment key policy before it
is merged. Invalid keys, `PATH`, and dangerous host override keys such as
`LD_*`, `DYLD_*`, `NODE_OPTIONS`, proxy variables, and TLS override variables
are dropped. The filtered plugin env is included in gateway approval/audit
metadata and forwarded to node-host execution requests.
### Tool result persistence
Tool results can include structured `details` for UI rendering, diagnostics,