Skip to content

Commit 3495563

Browse files
dsantoreisyts15mcaxtr
authored
fix(sandbox): pass real workspace to sessions_spawn when workspaceAccess is ro (openclaw#40757)
Merged via squash. Prepared head SHA: 0e8b27b Co-authored-by: dsantoreis <[email protected]> Co-authored-by: mcaxtr <[email protected]> Reviewed-by: @mcaxtr
1 parent 9d403fd commit 3495563

File tree

5 files changed

+399
-1
lines changed

5 files changed

+399
-1
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ Docs: https://docs.openclaw.ai
5353
- Telegram/network env-proxy: apply configured transport policy to proxied HTTPS dispatchers as well as direct `NO_PROXY` bypasses, so resolver-scoped IPv4 fallback and network settings work consistently for env-proxied Telegram traffic. (#40740) Thanks @sircrumpet.
5454
- Agents/memory flush: forward `memoryFlushWritePath` through `runEmbeddedPiAgent` so memory-triggered flush turns keep the append-only write guard without aborting before tool setup. Follows up on #38574. (#41761) Thanks @frankekn.
5555
- CI/CodeQL Swift toolchain: select Xcode 26.1 before installing Swift build tools so the CodeQL Swift job uses Swift tools 6.2 on `macos-latest`. (#41787) thanks @BunsDev.
56+
- Sandbox/subagents: pass the real configured workspace through `sessions_spawn` inheritance when a parent agent runs in a copied-workspace sandbox, so child `/agent` mounts point at the configured workspace instead of the parent sandbox copy. (#40757) Thanks @dsantoreis.
5657

5758
## 2026.3.8
5859

src/agents/openclaw-tools.ts

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,9 +70,19 @@ export function createOpenClawTools(
7070
senderIsOwner?: boolean;
7171
/** Ephemeral session UUID — regenerated on /new and /reset. */
7272
sessionId?: string;
73+
/**
74+
* Workspace directory to pass to spawned subagents for inheritance.
75+
* Defaults to workspaceDir. Use this to pass the actual agent workspace when the
76+
* session itself is running in a copied-workspace sandbox (`ro` or `none`) so
77+
* subagents inherit the real workspace path instead of the sandbox copy.
78+
*/
79+
spawnWorkspaceDir?: string;
7380
} & SpawnedToolContext,
7481
): AnyAgentTool[] {
7582
const workspaceDir = resolveWorkspaceRoot(options?.workspaceDir);
83+
const spawnWorkspaceDir = resolveWorkspaceRoot(
84+
options?.spawnWorkspaceDir ?? options?.workspaceDir,
85+
);
7686
const runtimeWebTools = getActiveRuntimeWebToolsMetadata();
7787
const imageTool = options?.agentDir?.trim()
7888
? createImageTool({
@@ -182,7 +192,7 @@ export function createOpenClawTools(
182192
agentGroupSpace: options?.agentGroupSpace,
183193
sandboxed: options?.sandboxed,
184194
requesterAgentIdOverride: options?.requesterAgentIdOverride,
185-
workspaceDir,
195+
workspaceDir: spawnWorkspaceDir,
186196
}),
187197
createSubagentsTool({
188198
agentSessionKey: options?.agentSessionKey,

0 commit comments

Comments
 (0)