From 65119aaa044d62fe814f38ac2dfe920b177cacd8 Mon Sep 17 00:00:00 2001 From: Ahmed Abushagur Date: Wed, 20 May 2026 23:09:04 -0700 Subject: [PATCH] feat(local): warn users before executing commands on their machine Local spawns now show a security warning with three options: Ok (proceed normally), Sandbox (run inside a Docker container), or Cancel (abort). Replaces the previous openclaw-only warning with a universal prompt that applies to all agents. When Sandbox is selected, the function re-invokes with useSandbox=true so the Docker-wrapped runner is used. --- packages/cli/src/local/run.ts | 59 +++++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/packages/cli/src/local/run.ts b/packages/cli/src/local/run.ts index 0611002fe..9a671a55b 100644 --- a/packages/cli/src/local/run.ts +++ b/packages/cli/src/local/run.ts @@ -37,6 +37,45 @@ import { * host (the `local` cloud). */ export async function runLocalAgent(agentName: string, useSandbox: boolean): Promise { + // Warn that local spawning executes commands directly on the user's machine. + // Skip in non-interactive mode (headless / CI) and when sandbox is already active. + if (!useSandbox && process.env.SPAWN_NON_INTERACTIVE !== "1") { + process.stderr.write("\n"); + logWarn("⚠ Local execution warning"); + logWarn(" Spawning locally will execute commands directly on this machine."); + logWarn(" The agent will have full access to your filesystem, shell, and network.\n"); + + const action = await p.select<"ok" | "sandbox" | "cancel">({ + message: "How would you like to proceed?", + options: [ + { + value: "ok", + label: "Ok", + hint: "proceed — execute directly on this machine", + }, + { + value: "sandbox", + label: "Sandbox", + hint: "run inside a Docker container instead", + }, + { + value: "cancel", + label: "Cancel", + hint: "abort the operation", + }, + ], + }); + + if (p.isCancel(action) || action === "cancel") { + p.log.info("Operation cancelled."); + process.exit(0); + } + + if (action === "sandbox") { + return runLocalAgent(agentName, true); + } + } + const baseRunner = { runServer: runLocal, uploadFile: async (l: string, r: string) => uploadFile(l, r), @@ -55,26 +94,6 @@ export async function runLocalAgent(agentName: string, useSandbox: boolean): Pro await ensureDocker(); } - // Warn about security implications of installing OpenClaw locally - // (skip warning in sandbox mode — the container provides isolation) - if (agentName === "openclaw" && !useSandbox && process.env.SPAWN_NON_INTERACTIVE !== "1") { - process.stderr.write("\n"); - logWarn("⚠ Local installation warning"); - logWarn(` This will install ${agent.name} directly on your machine.`); - logWarn(" The agent will have full access to your filesystem, shell, and network."); - logWarn(" For isolation, consider running on a cloud VM instead.\n"); - - const confirmed = await p.confirm({ - message: "Continue with local installation?", - initialValue: true, - }); - - if (p.isCancel(confirmed) || !confirmed) { - p.log.info("Installation cancelled."); - process.exit(0); - } - } - const cloud: CloudOrchestrator = { cloudName: "local", cloudLabel: useSandbox ? "local (sandboxed)" : "local",