Security: enforce ACP sandbox inheritance for sessions_spawn (#32254)

* Security: enforce ACP sandbox inheritance in sessions_spawn

* fix: add changelog attribution for ACP sandbox inheritance (#32254) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>

src/agents/tools/sessions-spawn-tool.test.ts

@@ -116,6 +116,31 @@ describe("sessions_spawn tool", () => {
     expect(hoisted.spawnSubagentDirectMock).not.toHaveBeenCalled();
   });
 
+  it("forwards ACP sandbox options and requester sandbox context", async () => {
+    const tool = createSessionsSpawnTool({
+      agentSessionKey: "agent:main:subagent:parent",
+      sandboxed: true,
+    });
+
+    await tool.execute("call-2b", {
+      runtime: "acp",
+      task: "investigate",
+      agentId: "codex",
+      sandbox: "require",
+    });
+
+    expect(hoisted.spawnAcpDirectMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        task: "investigate",
+        sandbox: "require",
+      }),
+      expect.objectContaining({
+        agentSessionKey: "agent:main:subagent:parent",
+        sandboxed: true,
+      }),
+    );
+  });
+
   it("rejects attachments for ACP runtime", async () => {
     const tool = createSessionsSpawnTool({
       agentSessionKey: "agent:main:main",

src/agents/tools/sessions-spawn-tool.ts

@@ -134,6 +134,7 @@ export function createSessionsSpawnTool(opts?: {
             cwd,
             mode: mode && ACP_SPAWN_MODES.includes(mode) ? mode : undefined,
             thread,
+            sandbox,
           },
           {
             agentSessionKey: opts?.agentSessionKey,
@@ -141,6 +142,7 @@ export function createSessionsSpawnTool(opts?: {
             agentAccountId: opts?.agentAccountId,
             agentTo: opts?.agentTo,
             agentThreadId: opts?.agentThreadId,
+            sandboxed: opts?.sandboxed,
           },
         );
         return jsonResult(result);