8262a03060
Add a new extension that gates sensitive tool calls (exec, Bash, Write, Edit, NotebookEdit) behind GitHub Device Flow authentication. Users must approve on GitHub Mobile or enter a code at github.com/login/device before the bot can execute dangerous operations. Key changes: - Wire up before_tool_call hook in tool execution path (tool-hook-wrapper.ts) - Create 2fa-github extension with: - GitHub Device Authorization Flow implementation - File-based session store with TTL (~/.clawdbot/2fa-sessions.json) - Non-blocking flow: returns immediately with code, user retries after approval - Configurable tool list and session TTL (default 30 min) Configuration: plugins.entries.2fa-github.config.clientId: "Ov23..." # or GITHUB_2FA_CLIENT_ID env var Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
15 lines
268 B
JSON
15 lines
268 B
JSON
{
|
|
"name": "@moltbot/2fa-github",
|
|
"version": "0.1.0",
|
|
"type": "module",
|
|
"description": "GitHub Mobile 2FA gate for sensitive tool calls",
|
|
"moltbot": {
|
|
"extensions": [
|
|
"./index.ts"
|
|
]
|
|
},
|
|
"devDependencies": {
|
|
"moltbot": "workspace:*"
|
|
}
|
|
}
|