openclaw - 💡(How to fix) Fix Feature Request: Exec Approval Auto-Learn & Preset Package Configurations [1 participants]

Feature Request: Exec Approval Auto-Learn & Preset Packages

Problem Statement

The current exec approval UX has two critical pain points for automation-heavy users:

1. No Auto-Learn / Memory for Approved Commands

When a user approves a command with "Always allow", the command should be added to the allowlist. However, in practice:

• Pattern matching is often too strict (exact command vs. binary path)
• Different invocations of the same tool (e.g., grep vs grep -n) don't share allowlist entries
• Automated workflows (cron jobs, skills, workflows) run without user present and get stuck on pending approvals
• Users end up needing to manually maintain large allowlists, which is error-prone

Expected behavior: Approved commands should auto-populate the allowlist with a pattern broad enough to match future invocations (e.g., approved grep should match all grep variants).

2. No Preset Package Configurations

Currently OpenClaw only offers:

• full - allow everything (too permissive)
• deny - block everything (too restrictive)
• allowlist - manual configuration (too complex)

Users want preset packages like:

Proposed Solutions

1. Auto-Learn Feature

Add an option autoLearnApproved: true:

{
  "defaults": {
    "security": "allowlist",
    "autoLearnApproved": true,  // NEW: auto-add approved commands to allowlist
    "autoLearnPatternScope": "binary"  // "binary" | "command" - how broad to add patterns
  }
}

Behavior:

• When a command is approved (once or always), it's automatically added to the allowlist
• autoLearnPatternScope: "binary" adds just the binary (e.g., grep matches all grep invocations)
• autoLearnPatternScope: "command" adds the full command with wildcards for arguments

2. Approval Memory / Persistence

After user approves a command, the pattern should persist across gateway restarts and be broad enough to match future invocations.

3. Preset Package API

Provide simple CLI/API to switch between security postures:

openclaw approvals set-profile developer
openclaw approvals set-profile automation
openclaw approvals set-profile strict

With corresponding configuration:

{
  "profiles": {
    "developer": { "security": "full", "ask": "off" },
    "automation": { "security": "allowlist", "ask": "on-miss", "autoLearnApproved": true },
    "strict": { "security": "deny", "ask": "always" },
    "learning": { "security": "allowlist", "ask": "always", "autoLearnApproved": true }
  }
}

4. Offline/Automation Fallback

When a command triggers approval but the user is not present:

• Option to auto-approve if previously approved (even if pattern has drifted)
• Option to auto-approve with "allow once" and queue notification for later review
• Timeout action: askFallback: "allow-if-previously-approved" (NEW)

User Scenario (Reproduction)

1. User has a cron job: openclaw cron run github-hot-report
2. Cron runs at 3 AM, user is asleep
3. Command triggers approval because it's not in allowlist
4. Workflow hangs, user never approves
5. Next day user finds failed cron, has to manually approve and re-run

Expected: Approved commands remember themselves; automated workflows don't get stuck.

Priority

This is a critical blocker for automation-heavy workflows. Without auto-learn or better presets, the approval system is only practical for interactive human-in-the-loop use cases, not for autonomous agents.

Submitted via OpenClaw ops agent on behalf of user