feat: integrate claw-code parity bridges and compatibility tools

[yashwant86]

Mirror of openclaw#67345

---

Summary by MergeMonkey

• What's New:
  • Add parity harness lint script to verify claw-code feature bridges remain wired
  • Add sandbox capability probe to detect host support for sandboxed execution
  • Add file mutation payload size and binary content guards for write/edit tools
  • Add dedicated bash command validation module with shell safety checks
  • Add task, team, cron, MCP, and LSP tool surface wiring for agent tooling
  • Add claw-code tool-call alias normalization for cross-platform compatibility
  • Add filesystem permission-denied error standardization across sandbox paths
  • Add sandbox capability readiness reporting to doctor health checks

[mergemonkeyhq]

Walkthrough

A developer runs pnpm lint:parity:claw-code to verify that key claw-code feature bridges (bash validation, sandbox probing, file mutation guards, task/team/cron/MCP/LSP tools, permission enforcement) remain properly wired in the codebase. The harness scans source files for expected patterns, compares against a baseline snapshot, and reports any drift. Separately, the sandbox capability probe is integrated into doctor health checks so operators can see whether sandboxed execution is viable on their host.

Changes

Files	Summary
Claw-Code Parity Harness Script & Baseline scripts/check-claw-code-parity-harness.mjs test/fixtures/claw-code-parity-harness-baseline.json test/claw-code-parity-harness.test.ts package.json	Introduces a lint-time parity harness that scans source files for expected feature markers across nine lanes (bash validation, sandbox probe, file hardening, task/team/cron/MCP/LSP wiring, permission enforcement), compares against a checked-in baseline snapshot, and reports drift. Registers the script as `lint:parity:claw-code`.
Sandbox Capability Probe src/agents/sandbox/capability-probe.ts src/agents/sandbox/capability-probe.test.ts src/agents/sandbox.ts	Introduces a runtime capability probe that checks for Docker CLI, unshare binary, and user namespace support to determine whether sandboxed execution is viable on the current host. Re-exports probe from the sandbox barrel module.
Doctor Sandbox Capability Integration src/commands/doctor-sandbox.ts src/commands/doctor-sandbox.warns-sandbox-enabled-without-docker.test.ts src/commands/doctor.warns-per-agent-sandbox-docker-browser-prune.e2e.test.ts src/flows/doctor-health-contributions.ts	Wires the sandbox capability probe into doctor health checks, rendering probe results in diagnostics output and surfacing sandbox readiness warnings during health flows.
File Mutation Payload Guards src/agents/pi-tools.read.ts	Adds `assertSafeMutationTextPayload` and `wrapFsMutationPayloadGuard` to enforce byte-size limits and reject NUL-byte payloads on write/edit tool inputs before forwarding to the underlying tool execution.
Bash Validation Module src/agents/bash-validation.ts, bash-validation.test.ts, bash-tools.exec.ts	Extracts bash command validation into a dedicated module with shell-safety pattern checks, and wires it into the exec tool path so validation warnings surface before command execution.
Filesystem Permission-Denied Standardization src/agents/fs-permission-denied.ts src/agents/fs-permission-denied.test.ts src/agents/apply-patch.ts src/agents/apply-patch.test.ts src/agents/sandbox/fs-bridge-path-safety.ts src/agents/sandbox/fs-bridge.ts src/agents/sandbox/remote-fs-bridge.ts	Introduces a `createFsPermissionDeniedError` factory with typed reasons (workspace_boundary, sandbox_root, read_only, symlink_escape, hardlink_escape) and adopts it across apply-patch, fs-bridge, and remote-fs-bridge paths to standardize permission-denied error messages.
Workspace Path Safety Tests src/agents/pi-tools.workspace-paths.test.ts	Extends workspace path boundary tests to cover hardlink and sandbox escape scenarios, and updates assertion patterns to match the new standardized permission-denied error format.
Task Tool & Registry src/agents/tools/task-tool.ts src/agents/tools/task-tool.test.ts src/agents/team-registry.ts src/agents/team-registry.test.ts	Implements task tool (create/get/list/update actions with in-memory task registry) and team registry (create/get/list with normalized member/label lists), each backed by tests exercising CRUD flows.
Team, Cron, MCP, LSP Tools src/agents/tools/team-tool.ts, team-tool.test.ts, mcp-tool.ts, mcp-tool.test.ts, lsp-tool.ts, lsp-tool.test.ts	Adds team tool (wrapping team registry), MCP tool (session lifecycle dispatch), and LSP tool (hover/definition/references dispatch) with schema-driven input validation and corresponding test suites.
Claw-Code Compatibility & Alias Tools src/agents/tools/claw-compat-tools.ts src/agents/tools/claw-compat-tools.test.ts src/agents/pi-embedded-runner/run/attempt.tool-call-normalization.ts src/agents/pi-embedded-runner/run/attempt.test.ts	Implements claw-code compatibility tool shims and a tool-call alias resolution layer that maps claw-code style tool names and argument shapes to openclaw canonical equivalents during embedded runner replay.
Tool Catalog & Owner-Only Wiring src/agents/tool-catalog.ts src/agents/tools/owner-only-tools.ts src/agents/openclaw-tools.ts src/agents/openclaw-tools.owner-authorization.test.ts	Registers task, team, MCP, and cron tools in the agent tool catalog and openclaw tool bundle, updates owner-only core tool list to include cron/gateway/nodes, and adjusts authorization tests accordingly.

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant Script as ParityHarness
    participant FS as FileSystem
    participant Baseline as BaselineJSON
    participant Diff as DiffEngine

    Dev->>Script: pnpm lint:parity:claw-code
    Script->>FS: collectClawCodeParityHarnessSnapshot()
    loop For each lane (1-9)
        FS-->>Script: hasPattern(file, regex) → boolean
    end
    Script->>Script: Build ParityLaneEntry[]
    Script->>Baseline: readExpectedInventory()
    Baseline-->>Script: expected entries
    Script->>Diff: diffInventory(expected, actual)
    Diff-->>Script: added/removed/changed
    alt No drift
        Script-->>Dev: Exit 0 (pass)
    else Drift detected
        Script-->>Dev: Exit 1 + report
    end

    participant Doctor as DoctorCommand
    participant Probe as CapabilityProbe
    participant Host as HostSystem

    Doctor->>Probe: probeSandboxCapabilities()
    Probe->>Host: check docker, unshare, /proc
    Host-->>Probe: availability results
    Probe-->>Doctor: SandboxCapabilityProbeResult
    Doctor-->>Dev: Display sandbox readiness

Loading

Dig Deeper With Commands

• /review <file-path> <function-optional>
• /chat <file-path> "<question>"
• /roast <file-path>

Runs only when explicitly triggered.

[mergemonkeyhq]

SSRF via remote_trigger tool — fetch with user-controlled URL and no allowlist

createRemoteTriggerCompatTool makes an arbitrary fetch() call with a URL, method, headers, and body all supplied by the caller. The tool is registered in openclaw-tools.ts:287 as a regular (non-owner-only) tool, meaning any agent can invoke it. There's no URL allowlist, no internal-IP blocking, and no SSRF protection — an attacker-controlled agent could probe internal services, cloud metadata endpoints (169.254.169.254), or other internal infrastructure.

Either add remote_trigger to the owner-only tools list, or implement URL validation that blocks internal/private IP ranges and cloud metadata endpoints before making the fetch call.

[mergemonkeyhq]

Actionable Comments Posted: 1

🧾 Coverage Summary

✔️ Covered (41 files)

- package.json
- scripts/check-claw-code-parity-harness.mjs
- src/agents/apply-patch.test.ts
- src/agents/apply-patch.ts
- src/agents/bash-tools.exec.ts
- src/agents/bash-validation.test.ts
- src/agents/bash-validation.ts
- src/agents/fs-permission-denied.test.ts
- src/agents/fs-permission-denied.ts
- src/agents/openclaw-tools.owner-authorization.test.ts
- src/agents/openclaw-tools.ts
- src/agents/pi-embedded-runner/run/attempt.test.ts
- src/agents/pi-embedded-runner/run/attempt.tool-call-normalization.ts
- src/agents/pi-tools.read.ts
- src/agents/pi-tools.workspace-paths.test.ts
- src/agents/sandbox.ts
- src/agents/sandbox/capability-probe.test.ts
- src/agents/sandbox/capability-probe.ts
- src/agents/sandbox/fs-bridge-path-safety.ts
- src/agents/sandbox/fs-bridge.ts
- src/agents/sandbox/remote-fs-bridge.ts
- src/agents/team-registry.test.ts
- src/agents/team-registry.ts
- src/agents/tool-catalog.ts
- src/agents/tools/claw-compat-tools.test.ts
- src/agents/tools/claw-compat-tools.ts
- src/agents/tools/lsp-tool.test.ts
- src/agents/tools/lsp-tool.ts
- src/agents/tools/mcp-tool.test.ts
- src/agents/tools/mcp-tool.ts
- src/agents/tools/owner-only-tools.ts
- src/agents/tools/task-tool.test.ts
- src/agents/tools/task-tool.ts
- src/agents/tools/team-tool.test.ts
- src/agents/tools/team-tool.ts
- src/commands/doctor-sandbox.ts
- src/commands/doctor-sandbox.warns-sandbox-enabled-without-docker.test.ts
- src/commands/doctor.warns-per-agent-sandbox-docker-browser-prune.e2e.test.ts
- src/flows/doctor-health-contributions.ts
- test/claw-code-parity-harness.test.ts
- test/fixtures/claw-code-parity-harness-baseline.json