fix(sandbox): pass real workspace to sessions_spawn when workspaceAccess is ro

2026-04-18 09:07:26 +00:00 · 2026-03-09 05:48:40 +01:00
parent 9d403fd415
commit 26a6a96748
3 changed files with 25 additions and 1 deletions
--- a/src/agents/openclaw-tools.ts
+++ b/src/agents/openclaw-tools.ts
@@ -70,9 +70,19 @@ export function createOpenClawTools(
    senderIsOwner?: boolean;
    /** Ephemeral session UUID — regenerated on /new and /reset. */
    sessionId?: string;
+    /**
+     * Workspace directory to pass to spawned subagents for inheritance.
+     * Defaults to workspaceDir. Use this to pass the actual agent workspace when the
+     * session itself is running in a copied-workspace sandbox (`ro` or `none`) so
+     * subagents inherit the real workspace path instead of the sandbox copy.
+     */
+    spawnWorkspaceDir?: string;
  } & SpawnedToolContext,
 ): AnyAgentTool[] {
  const workspaceDir = resolveWorkspaceRoot(options?.workspaceDir);
+  const spawnWorkspaceDir = resolveWorkspaceRoot(
+    options?.spawnWorkspaceDir ?? options?.workspaceDir,
+  );
  const runtimeWebTools = getActiveRuntimeWebToolsMetadata();
  const imageTool = options?.agentDir?.trim()
    ? createImageTool({
@@ -182,7 +192,7 @@ export function createOpenClawTools(
      agentGroupSpace: options?.agentGroupSpace,
      sandboxed: options?.sandboxed,
      requesterAgentIdOverride: options?.requesterAgentIdOverride,
-      workspaceDir,
+      workspaceDir: spawnWorkspaceDir,
    }),
    createSubagentsTool({
      agentSessionKey: options?.agentSessionKey,
--- a/src/agents/pi-embedded-runner/run/attempt.ts
+++ b/src/agents/pi-embedded-runner/run/attempt.ts
@@ -869,6 +869,10 @@ export async function runEmbeddedAttempt(
          runId: params.runId,
          agentDir,
          workspaceDir: effectiveWorkspace,
+          // When running inside a read-only sandbox, effectiveWorkspace is the sandbox copy.
+          // Spawned subagents should inherit the real workspace, not the temporary sandbox dir.
+          spawnWorkspaceDir:
+            sandbox?.enabled && sandbox.workspaceAccess !== "rw" ? resolvedWorkspace : undefined,
          config: params.config,
          trigger: params.trigger,
          memoryFlushWritePath: params.memoryFlushWritePath,
--- a/src/agents/pi-tools.ts
+++ b/src/agents/pi-tools.ts
@@ -215,6 +215,13 @@ export function createOpenClawCodingTools(options?: {
  memoryFlushWritePath?: string;
  agentDir?: string;
  workspaceDir?: string;
+  /**
+   * Workspace directory that spawned subagents should inherit.
+   * When running inside a read-only sandbox, workspaceDir is the sandbox copy but
+   * subagents should inherit the real agent workspace, not the temporary sandbox dir.
+   * Defaults to workspaceDir when not set.
+   */
+  spawnWorkspaceDir?: string;
  config?: OpenClawConfig;
  abortSignal?: AbortSignal;
  /**
@@ -499,6 +506,9 @@ export function createOpenClawCodingTools(options?: {
      sandboxFsBridge,
      fsPolicy,
      workspaceDir: workspaceRoot,
+      spawnWorkspaceDir: options?.spawnWorkspaceDir
+        ? resolveWorkspaceRoot(options.spawnWorkspaceDir)
+        : undefined,
      sandboxed: !!sandbox,
      config: options?.config,
      pluginToolAllowlist: collectExplicitAllowlist([