romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8262a03060
openclaw/extensions/2fa-github
History
gerald Ruby 8262a03060 feat: add GitHub 2FA gate extension for sensitive tools 
Add a new extension that gates sensitive tool calls (exec, Bash, Write,
Edit, NotebookEdit) behind GitHub Device Flow authentication. Users must
approve on GitHub Mobile or enter a code at github.com/login/device
before the bot can execute dangerous operations.

Key changes:
- Wire up before_tool_call hook in tool execution path (tool-hook-wrapper.ts)
- Create 2fa-github extension with:
  - GitHub Device Authorization Flow implementation
  - File-based session store with TTL (~/.clawdbot/2fa-sessions.json)
  - Non-blocking flow: returns immediately with code, user retries after approval
  - Configurable tool list and session TTL (default 30 min)

Configuration:
  plugins.entries.2fa-github.config.clientId: "Ov23..."
  # or GITHUB_2FA_CLIENT_ID env var

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 11:32:13 -08:00
..
src feat: add GitHub 2FA gate extension for sensitive tools 2026-01-29 11:32:13 -08:00
index.ts feat: add GitHub 2FA gate extension for sensitive tools 2026-01-29 11:32:13 -08:00
moltbot.plugin.json feat: add GitHub 2FA gate extension for sensitive tools 2026-01-29 11:32:13 -08:00
package.json feat: add GitHub 2FA gate extension for sensitive tools 2026-01-29 11:32:13 -08:00