Skip to content

feat(security): Provenance + CapabilityAware + WriteFileTool migration (#480 PR 2/3) #482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xinhuagu merged 7 commits into from
May 3, 2026
Merged

feat(security): Provenance + CapabilityAware + WriteFileTool migration (#480 PR 2/3) #482

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d46d622
feat(security): Provenance + CapabilityAware + WriteFileTool migratio…
xinhuagu May 3, 2026
8121a39
fix(security): only fall back to legacy path on toCapability failure
xinhuagu May 3, 2026
28662b8
fix(security): address CodeRabbit review on #482
xinhuagu May 3, 2026
cbcf271
fix(security): HttpFetch all methods are BOTH (close GET/HEAD egress …
xinhuagu May 3, 2026
b622560
refactor(security): rename Provenance.legacy and extract ToolPermissi…
xinhuagu May 3, 2026
9737bd9
refactor(daemon): simplify ToolPermissionRouter control flow
xinhuagu May 3, 2026
94ee5b5
fix(daemon): tolerate null inputJson in ToolPermissionRouter
xinhuagu May 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
refactor(daemon): simplify ToolPermissionRouter control flow 
Replace the conversionThrew flag + double-null-check with an early-return from the catch block plus a small checkLegacy helper. Same behavior, but each path now has a single return and the previously unreachable (conversionThrew && capability != null) branch disappears.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
  • Loading branch information
@xinhuagu @claude
xinhuagu and claude committed May 3, 2026
commit 9737bd9b333b6a0d6427cc9a5adaba9571705d27
23 changes: 13 additions & 10 deletions aceclaw-daemon/src/main/java/dev/aceclaw/daemon/ToolPermissionRouter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,29 +83,32 @@ static PermissionDecision check(
Objects.requireNonNull(mapper, "mapper");

if (!(delegate instanceof CapabilityAware capAware)) {
var legacyRequest = new PermissionRequest(delegate.name(), description, fallbackLevel);
return permissionManager.check(legacyRequest, sessionId);
return checkLegacy(delegate, description, fallbackLevel, sessionId, permissionManager);
}

Capability capability;
boolean conversionThrew = false;
try {
capability = capAware.toCapability(mapper.readTree(inputJson));
} catch (RuntimeException | IOException toCapErr) {
log.warn("CapabilityAware tool {} rejected args; falling back to legacy permission path: {}",
delegate.name(), toCapErr.getMessage());
capability = null;
conversionThrew = true;
return checkLegacy(delegate, description, fallbackLevel, sessionId, permissionManager);
}
if (capability == null && !conversionThrew) {
if (capability == null) {
throw new IllegalStateException(
"CapabilityAware tool " + delegate.name()
+ " returned null capability (contract violation)");
}
if (capability != null) {
var provenance = Provenance.fromNullableSessionId(sessionId);
return permissionManager.check(capability, provenance, delegate.name(), description);
}
var provenance = Provenance.fromNullableSessionId(sessionId);
return permissionManager.check(capability, provenance, delegate.name(), description);
}

private static PermissionDecision checkLegacy(
Tool delegate,
String description,
PermissionLevel fallbackLevel,
String sessionId,
PermissionManager permissionManager) {
var legacyRequest = new PermissionRequest(delegate.name(), description, fallbackLevel);
return permissionManager.check(legacyRequest, sessionId);
}
Expand Down
Loading