Files
openclaw-openclaw/docs/cli/approvals.md
Peter Steinberger f7d7148cf0 docs: rewrite published docs grounded in current source (#100142)
Source-grounded rewrite of 529 published docs pages with per-unit information-loss verification: 1,713 factual corrections cited to src/**, generated surfaces regenerated, frontmatter titles preserved for i18n, release notes pages untouched. All docs gates green.

Closes #100141
2026-07-05 00:32:47 -04:00

5.2 KiB

summary, read_when, title
summary read_when title
CLI reference for `openclaw approvals` and `openclaw exec-policy`
You want to edit exec approvals from the CLI
You need to manage allowlists on gateway or node hosts
Approvals

openclaw approvals

Manage exec approvals for the local host, gateway host, or a node host. With no target flag, commands read/write the local approvals file on disk. Use --gateway to target the gateway, or --node <id|name|ip> to target a specific node.

Alias: openclaw exec-approvals

Related: Exec approvals, Nodes

openclaw exec-policy

openclaw exec-policy is the local-only convenience command that keeps requested tools.exec.* config and the local host approvals file in sync in one step:

openclaw exec-policy show
openclaw exec-policy show --json

openclaw exec-policy preset yolo
openclaw exec-policy preset cautious --json

openclaw exec-policy set --host gateway --security full --ask off --ask-fallback full

Presets (yolo, cautious, deny-all) apply host, security, ask, and askFallback together. set applies only the flags you pass; each accepted value is validated (--host auto|sandbox|gateway|node, --security deny|allowlist|full, --ask off|on-miss|always, --ask-fallback deny|allowlist|full).

Scope:

  • Updates the local config file and local approvals file together; does not push policy to the gateway or a node host.
  • --host node is rejected: node exec approvals are fetched from the node at runtime, so local exec-policy cannot synchronize them. Use openclaw approvals set --node <id|name|ip> instead.
  • exec-policy show marks host=node scopes as node-managed at runtime instead of deriving an effective policy from the local approvals file.

For remote host approvals, use openclaw approvals set --gateway or openclaw approvals set --node <id|name|ip> directly.

Common commands

openclaw approvals get
openclaw approvals get --node <id|name|ip>
openclaw approvals get --gateway

get shows the effective exec policy for the target: the requested tools.exec policy, the host approvals-file policy, and the merged effective result.

Precedence:

  • The host approvals file is the enforceable source of truth.
  • Requested tools.exec policy can narrow or broaden intent, but the effective result is derived from host rules.
  • --node combines the node host approvals file with gateway tools.exec policy (both apply at runtime).
  • If gateway config is unavailable, the CLI falls back to the node approvals snapshot and notes that the final runtime policy could not be computed.

Replace approvals from a file

openclaw approvals set --file ./exec-approvals.json
openclaw approvals set --stdin <<'EOF'
{ version: 1, defaults: { security: "full", ask: "off", askFallback: "full" } }
EOF
openclaw approvals set --node <id|name|ip> --file ./exec-approvals.json
openclaw approvals set --gateway --file ./exec-approvals.json

set accepts JSON5, not only strict JSON. Use either --file or --stdin, not both.

"Never prompt" / YOLO example

Set the host approvals defaults to full + off for a host that should never stop on exec approvals:

openclaw approvals set --stdin <<'EOF'
{
  version: 1,
  defaults: {
    security: "full",
    ask: "off",
    askFallback: "full"
  }
}
EOF

Node variant: same body with openclaw approvals set --node <id|name|ip> --stdin.

This changes the host approvals file only. To keep the requested OpenClaw policy aligned, also set:

openclaw config set tools.exec.host gateway
openclaw config set tools.exec.security full
openclaw config set tools.exec.ask off

tools.exec.host=gateway is explicit here because host=auto still means "sandbox when available, otherwise gateway": YOLO is about approvals, not routing. Use gateway (or /exec host=gateway) when you want host exec even with a sandbox configured.

Omitted askFallback defaults to deny. Set askFallback: "full" explicitly when upgrading a no-UI host that should keep never-prompt behavior.

Local shortcut for the same intent, on the local machine only:

openclaw exec-policy preset yolo

Allowlist helpers

openclaw approvals allowlist add "~/Projects/**/bin/rg"
openclaw approvals allowlist add --agent main --node <id|name|ip> "/usr/bin/uptime"
openclaw approvals allowlist add --agent "*" "/usr/bin/uname"

openclaw approvals allowlist remove "~/Projects/**/bin/rg"

Common options

get, set, and allowlist add|remove all support:

  • --node <id|name|ip> (resolves id, name, IP, or id prefix; same resolver as openclaw nodes)
  • --gateway
  • shared node RPC options: --url, --token, --timeout, --json

No target flag means the local approvals file on disk.

allowlist add|remove also supports --agent <id> (defaults to "*", applying to all agents).

Notes

  • The node host must advertise system.execApprovals.get/set (macOS app or headless node host).
  • Approvals files are stored per host in the OpenClaw state dir: $OPENCLAW_STATE_DIR/exec-approvals.json, or ~/.openclaw/exec-approvals.json when the variable is unset.