fix: wire requester agent override for cron tools

2026-01-25 13:05:15 +00:00 · 2026-01-25 13:05:15 +00:00 · 11a6f6db2e
commit 11a6f6db2e
parent 19e0b701cf
7 changed files with 98 additions and 5 deletions
--- a/src/agents/clawdbot-tools.agents.test.ts
+++ b/src/agents/clawdbot-tools.agents.test.ts
@ -157,4 +157,44 @@ describe("agents_list", () => {
    const research = agents?.find((agent) => agent.id === "research");
    expect(research?.configured).toBe(false);
  });
+
+  it("uses requesterAgentIdOverride when resolving allowlists", async () => {
+    configOverride = {
+      session: {
+        mainKey: "main",
+        scope: "per-sender",
+      },
+      agents: {
+        list: [
+          {
+            id: "cron-owner",
+            subagents: {
+              allowAgents: ["research"],
+            },
+          },
+          {
+            id: "research",
+            name: "Research",
+          },
+        ],
+      },
+    };
+
+    const tool = createClawdbotTools({
+      agentSessionKey: "cron:job-1",
+      requesterAgentIdOverride: "cron-owner",
+    }).find((candidate) => candidate.name === "agents_list");
+    if (!tool) throw new Error("missing agents_list tool");
+
+    const result = await tool.execute("call5", {});
+    const agents = (
+      result.details as {
+        agents?: Array<{ id: string }>;
+      }
+    ).agents;
+    expect(agents?.map((agent) => agent.id)).toEqual(["cron-owner", "research"]);
+    expect(result.details).toMatchObject({
+      requester: "cron-owner",
+    });
+  });
 });
--- a/src/agents/clawdbot-tools.subagents.sessions-spawn-normalizes-allowlisted-agent-ids.test.ts
+++ b/src/agents/clawdbot-tools.subagents.sessions-spawn-normalizes-allowlisted-agent-ids.test.ts
@ -87,6 +87,52 @@ describe("clawdbot-tools: subagents", () => {
    });
    expect(childSessionKey?.startsWith("agent:research:subagent:")).toBe(true);
  });
+
+  it("sessions_spawn honors requesterAgentIdOverride for cron sessions", async () => {
+    resetSubagentRegistryForTests();
+    callGatewayMock.mockReset();
+    configOverride = {
+      session: {
+        mainKey: "main",
+        scope: "per-sender",
+      },
+      agents: {
+        list: [
+          {
+            id: "cron-owner",
+            subagents: {
+              allowAgents: ["research"],
+            },
+          },
+        ],
+      },
+    };
+
+    callGatewayMock.mockImplementation(async (opts: unknown) => {
+      const request = opts as { method?: string; params?: unknown };
+      if (request.method === "agent") {
+        return { runId: "run-2", status: "accepted", acceptedAt: 5200 };
+      }
+      return {};
+    });
+
+    const tool = createClawdbotTools({
+      agentSessionKey: "cron:job-1",
+      requesterAgentIdOverride: "cron-owner",
+      agentChannel: "whatsapp",
+    }).find((candidate) => candidate.name === "sessions_spawn");
+    if (!tool) throw new Error("missing sessions_spawn tool");
+
+    const result = await tool.execute("call11", {
+      task: "do thing",
+      agentId: "research",
+    });
+
+    expect(result.details).toMatchObject({
+      status: "accepted",
+      runId: "run-2",
+    });
+  });
  it("sessions_spawn forbids cross-agent spawning when not allowed", async () => {
    resetSubagentRegistryForTests();
    callGatewayMock.mockReset();
--- a/src/agents/clawdbot-tools.ts
+++ b/src/agents/clawdbot-tools.ts
@ -150,10 +150,12 @@ export function createClawdbotTools(options?: {
      config: options?.config,
      workspaceDir: options?.workspaceDir,
      agentDir: options?.agentDir,
-      agentId: resolveSessionAgentId({
-        sessionKey: options?.agentSessionKey,
-        config: options?.config,
-      }),
+      agentId:
+        options?.requesterAgentIdOverride ??
+        resolveSessionAgentId({
+          sessionKey: options?.agentSessionKey,
+          config: options?.config,
+        }),
      sessionKey: options?.agentSessionKey,
      messageChannel: options?.agentChannel,
      agentAccountId: options?.agentAccountId,
--- a/src/agents/pi-tools.ts
+++ b/src/agents/pi-tools.ts
@ -293,6 +293,7 @@ export function createClawdbotCodingTools(options?: {
      agentGroupChannel: options?.groupChannel ?? null,
      agentGroupSpace: options?.groupSpace ?? null,
      agentDir: options?.agentDir,
+      requesterAgentIdOverride: agentId,
      sandboxRoot,
      workspaceDir: options?.workspaceDir,
      sandboxed: !!sandbox,
--- a/src/agents/tools/agents-list-tool.ts
+++ b/src/agents/tools/agents-list-tool.ts
@ -41,7 +41,9 @@ export function createAgentsListTool(opts?: {
            })
          : alias;
      const requesterAgentId = normalizeAgentId(
-        opts?.requesterAgentIdOverride ?? parseAgentSessionKey(requesterInternalKey)?.agentId ?? DEFAULT_AGENT_ID,
+        opts?.requesterAgentIdOverride ??
+          parseAgentSessionKey(requesterInternalKey)?.agentId ??
+          DEFAULT_AGENT_ID,
      );

      const allowAgents = resolveAgentConfig(cfg, requesterAgentId)?.subagents?.allowAgents ?? [];
--- a/src/auto-reply/reply/get-reply-inline-actions.ts
+++ b/src/auto-reply/reply/get-reply-inline-actions.ts
@ -170,6 +170,7 @@ export async function handleInlineActions(params: {
        agentAccountId: (ctx as { AccountId?: string }).AccountId,
        agentTo: ctx.OriginatingTo ?? ctx.To,
        agentThreadId: ctx.MessageThreadId ?? undefined,
+        requesterAgentIdOverride: agentId,
        agentDir,
        workspaceDir,
        config: cfg,
--- a/src/gateway/tools-invoke-http.ts
+++ b/src/gateway/tools-invoke-http.ts
@ -148,6 +148,7 @@ export async function handleToolsInvokeHttpRequest(
    agentSessionKey: sessionKey,
    agentChannel: messageChannel ?? undefined,
    agentAccountId: accountId,
+    requesterAgentIdOverride: agentId,
    config: cfg,
    pluginToolAllowlist: collectExplicitAllowlist([
      profilePolicy,