Exec: mark child command env with OPENCLAW_CLI (#41411)

src/agents/sandbox-create-args.test.ts

@@ -1,4 +1,5 @@
 import { describe, expect, it } from "vitest";
+import { OPENCLAW_CLI_ENV_VALUE } from "../infra/openclaw-exec-env.js";
 import { buildSandboxCreateArgs } from "./sandbox/docker.js";
 import type { SandboxDockerConfig } from "./sandbox/types.js";
 
@@ -113,7 +114,14 @@ describe("buildSandboxCreateArgs", () => {
         "1.5",
       ]),
     );
-    expect(args).toEqual(expect.arrayContaining(["--env", "LANG=C.UTF-8"]));
+    expect(args).toEqual(
+      expect.arrayContaining([
+        "--env",
+        "LANG=C.UTF-8",
+        "--env",
+        `OPENCLAW_CLI=${OPENCLAW_CLI_ENV_VALUE}`,
+      ]),
+    );
 
     const ulimitValues: string[] = [];
     for (let i = 0; i < args.length; i += 1) {

src/agents/sandbox/docker.ts

@@ -162,6 +162,7 @@ export function execDockerRaw(
 }
 
 import { formatCliCommand } from "../../cli/command-format.js";
+import { markOpenClawExecEnv } from "../../infra/openclaw-exec-env.js";
 import { defaultRuntime } from "../../runtime.js";
 import { computeSandboxConfigHash } from "./config-hash.js";
 import { DEFAULT_SANDBOX_IMAGE } from "./constants.js";
@@ -365,7 +366,7 @@ export function buildSandboxCreateArgs(params: {
   if (params.cfg.user) {
     args.push("--user", params.cfg.user);
   }
-  const envSanitization = sanitizeEnvVars(params.cfg.env ?? {});
+  const envSanitization = sanitizeEnvVars(markOpenClawExecEnv(params.cfg.env ?? {}));
   if (envSanitization.blocked.length > 0) {
     log.warn(`Blocked sensitive environment variables: ${envSanitization.blocked.join(", ")}`);
   }