github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 12:44:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): enforce sandbox inheritance for sessions_spawn

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 01:10:39 +00:00
parent 6a1eedf10b
commit b9aa2d436b
6 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/agents/subagent-spawn.ts
View File

@@ -13,6 +13,7 @@ import { normalizeDeliveryContext } from "../utils/delivery-context.js";
import { resolveAgentConfig } from "./agent-scope.js";
import { AGENT_LANE_SUBAGENT } from "./lanes.js";
import { resolveSubagentSpawnModelSelection } from "./model-selection.js";
import { resolveSandboxRuntimeStatus } from "./sandbox/runtime-status.js";
import { buildSubagentSystemPrompt } from "./subagent-announce.js";
import { getSubagentDepthFromSessionStore } from "./subagent-depth.js";
import { countActiveRunsForSession, registerSubagentRun } from "./subagent-registry.js";
@@ -269,6 +270,21 @@ export async function spawnSubagentDirect(
}
}
const childSessionKey = `agent:${targetAgentId}:subagent:${crypto.randomUUID()}`;
const requesterRuntime = resolveSandboxRuntimeStatus({
cfg,
sessionKey: requesterInternalKey,
});
const childRuntime = resolveSandboxRuntimeStatus({
cfg,
sessionKey: childSessionKey,
});
if (requesterRuntime.sandboxed && !childRuntime.sandboxed) {
return {
status: "forbidden",
error:
"Sandboxed sessions cannot spawn unsandboxed subagents. Set a sandboxed target agent or use the same agent runtime.",
};
}
const childDepth = callerDepth + 1;
const spawnedByKey = requesterInternalKey;
const targetAgentConfig = resolveAgentConfig(cfg, targetAgentId);