let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: scope process sessions per agent

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-07 23:35:04 +01:00
parent 48a333d9d5
commit 5b97feaaa5
8 changed files with 166 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -29,6 +29,7 @@
- Sandbox: add `agent.sandbox.workspaceAccess` (`none`/`ro`/`rw`) to control agent workspace visibility inside the container; `ro` hard-disables `write`/`edit`. - Sandbox: add `agent.sandbox.workspaceAccess` (`none`/`ro`/`rw`) to control agent workspace visibility inside the container; `ro` hard-disables `write`/`edit`.
- Routing: allow per-agent sandbox overrides (including `workspaceAccess` and `sandbox.tools`) plus per-agent tool policies in multi-agent configs. Thanks @pasogott for PR #380. - Routing: allow per-agent sandbox overrides (including `workspaceAccess` and `sandbox.tools`) plus per-agent tool policies in multi-agent configs. Thanks @pasogott for PR #380.
- Tools: make per-agent tool policies override global defaults and run bash synchronously when `process` is disallowed. - Tools: make per-agent tool policies override global defaults and run bash synchronously when `process` is disallowed.
- Tools: scope `process` sessions per agent to prevent cross-agent visibility.
- Cron: clamp timer delay to avoid TimeoutOverflowWarning. Thanks @emanuelst for PR #412. - Cron: clamp timer delay to avoid TimeoutOverflowWarning. Thanks @emanuelst for PR #412.
- Web UI: allow reconnect + password URL auth for the control UI and always scrub auth params from the URL. Thanks @oswalpalash for PR #414. - Web UI: allow reconnect + password URL auth for the control UI and always scrub auth params from the URL. Thanks @oswalpalash for PR #414.
- ClawdbotKit: fix SwiftPM resource bundling path for `tool-display.json`. Thanks @fcatuhe for PR #398. - ClawdbotKit: fix SwiftPM resource bundling path for `tool-display.json`. Thanks @fcatuhe for PR #398.

1
docs/gateway/background-process.md
View File

@@ -51,6 +51,7 @@ Notes:
- Only backgrounded sessions are listed/persisted in memory. - Only backgrounded sessions are listed/persisted in memory.
- Sessions are lost on process restart (no disk persistence). - Sessions are lost on process restart (no disk persistence).
- Session logs are only saved to chat history if you run `process poll/log` and the tool result is recorded. - Session logs are only saved to chat history if you run `process poll/log` and the tool result is recorded.
- `process` is scoped per agent; it only sees sessions started by that agent.
- `process list` includes a derived `name` (command verb + target) for quick scans. - `process list` includes a derived `name` (command verb + target) for quick scans.
- `process log` uses line-based `offset`/`limit` (omit `offset` to grab the last N lines). - `process log` uses line-based `offset`/`limit` (omit `offset` to grab the last N lines).

1
docs/tools/bash.md
View File

@@ -9,6 +9,7 @@ read_when:
Run shell commands in the workspace. Supports foreground + background execution via `process`. Run shell commands in the workspace. Supports foreground + background execution via `process`.
If `process` is disallowed, `bash` runs synchronously and ignores `yieldMs`/`background`. If `process` is disallowed, `bash` runs synchronously and ignores `yieldMs`/`background`.
Background sessions are scoped per agent; `process` only sees sessions from the same agent.
## Parameters ## Parameters

1
docs/tools/index.md
View File

@@ -53,6 +53,7 @@ Core actions:
Notes: Notes:
- `poll` returns new output and exit status when complete. - `poll` returns new output and exit status when complete.
- `log` supports line-based `offset`/`limit` (omit `offset` to grab the last N lines). - `log` supports line-based `offset`/`limit` (omit `offset` to grab the last N lines).
- `process` is scoped per agent; sessions from other agents are not visible.
### `browser` ### `browser`
Control the dedicated clawd browser. Control the dedicated clawd browser.

3
src/agents/bash-process-registry.ts
View File

@@ -18,6 +18,7 @@ export type ProcessStatus = "running" | "completed" | "failed" | "killed";
export interface ProcessSession { export interface ProcessSession {
id: string; id: string;
command: string; command: string;
scopeKey?: string;
child?: ChildProcessWithoutNullStreams; child?: ChildProcessWithoutNullStreams;
pid?: number; pid?: number;
startedAt: number; startedAt: number;
@@ -38,6 +39,7 @@ export interface ProcessSession {
export interface FinishedSession { export interface FinishedSession {
id: string; id: string;
command: string; command: string;
scopeKey?: string;
startedAt: number; startedAt: number;
endedAt: number; endedAt: number;
cwd?: string; cwd?: string;
@@ -126,6 +128,7 @@ function moveToFinished(session: ProcessSession, status: ProcessStatus) {
finishedSessions.set(session.id, { finishedSessions.set(session.id, {
id: session.id, id: session.id,
command: session.command, command: session.command,
scopeKey: session.scopeKey,
startedAt: session.startedAt, startedAt: session.startedAt,
endedAt: Date.now(), endedAt: Date.now(),
cwd: session.cwd, cwd: session.cwd,

32
src/agents/bash-tools.test.ts
View File

@@ -185,4 +185,36 @@ describe("bash tool backgrounding", () => {
const textBlock = log.content.find((c) => c.type === "text"); const textBlock = log.content.find((c) => c.type === "text");
expect(textBlock?.text).toBe("beta"); expect(textBlock?.text).toBe("beta");
}); });
it("scopes process sessions by scopeKey", async () => {
const bashA = createBashTool({ backgroundMs: 10, scopeKey: "agent:alpha" });
const processA = createProcessTool({ scopeKey: "agent:alpha" });
const bashB = createBashTool({ backgroundMs: 10, scopeKey: "agent:beta" });
const processB = createProcessTool({ scopeKey: "agent:beta" });
const resultA = await bashA.execute("call1", {
command: 'node -e "setTimeout(() => {}, 50)"',
background: true,
});
const resultB = await bashB.execute("call2", {
command: 'node -e "setTimeout(() => {}, 50)"',
background: true,
});
const sessionA = (resultA.details as { sessionId: string }).sessionId;
const sessionB = (resultB.details as { sessionId: string }).sessionId;
const listA = await processA.execute("call3", { action: "list" });
const sessionsA = (
listA.details as { sessions: Array<{ sessionId: string }> }
).sessions;
expect(sessionsA.some((s) => s.sessionId === sessionA)).toBe(true);
expect(sessionsA.some((s) => s.sessionId === sessionB)).toBe(false);
const pollB = await processB.execute("call4", {
action: "poll",
sessionId: sessionA,
});
expect(pollB.details.status).toBe("failed");
});
}); });

177
src/agents/bash-tools.ts
View File

@@ -59,10 +59,12 @@ export type BashToolDefaults = {
sandbox?: BashSandboxConfig; sandbox?: BashSandboxConfig;
elevated?: BashElevatedDefaults; elevated?: BashElevatedDefaults;
allowBackground?: boolean; allowBackground?: boolean;
scopeKey?: string;
}; };
export type ProcessToolDefaults = { export type ProcessToolDefaults = {
cleanupMs?: number; cleanupMs?: number;
scopeKey?: string;
}; };
export type BashSandboxConfig = { export type BashSandboxConfig = {
@@ -251,6 +253,7 @@ export function createBashTool(
const session = { const session = {
id: sessionId, id: sessionId,
command: params.command, command: params.command,
scopeKey: defaults?.scopeKey,
child, child,
pid: child?.pid, pid: child?.pid,
startedAt, startedAt,
@@ -471,6 +474,9 @@ export function createProcessTool(
if (defaults?.cleanupMs !== undefined) { if (defaults?.cleanupMs !== undefined) {
setJobTtlMs(defaults.cleanupMs); setJobTtlMs(defaults.cleanupMs);
} }
const scopeKey = defaults?.scopeKey;
const isInScope = (session?: { scopeKey?: string } | null) =>
!scopeKey || session?.scopeKey === scopeKey;
return { return {
name: "process", name: "process",
@@ -488,32 +494,36 @@ export function createProcessTool(
}; };
if (params.action === "list") { if (params.action === "list") {
const running = listRunningSessions().map((s) => ({ const running = listRunningSessions()
sessionId: s.id, .filter((s) => isInScope(s))
status: "running", .map((s) => ({
pid: s.pid ?? undefined, sessionId: s.id,
startedAt: s.startedAt, status: "running",
runtimeMs: Date.now() - s.startedAt, pid: s.pid ?? undefined,
cwd: s.cwd, startedAt: s.startedAt,
command: s.command, runtimeMs: Date.now() - s.startedAt,
name: deriveSessionName(s.command), cwd: s.cwd,
tail: s.tail, command: s.command,
truncated: s.truncated, name: deriveSessionName(s.command),
})); tail: s.tail,
const finished = listFinishedSessions().map((s) => ({ truncated: s.truncated,
sessionId: s.id, }));
status: s.status, const finished = listFinishedSessions()
startedAt: s.startedAt, .filter((s) => isInScope(s))
endedAt: s.endedAt, .map((s) => ({
runtimeMs: s.endedAt - s.startedAt, sessionId: s.id,
cwd: s.cwd, status: s.status,
command: s.command, startedAt: s.startedAt,
name: deriveSessionName(s.command), endedAt: s.endedAt,
tail: s.tail, runtimeMs: s.endedAt - s.startedAt,
truncated: s.truncated, cwd: s.cwd,
exitCode: s.exitCode ?? undefined, command: s.command,
exitSignal: s.exitSignal ?? undefined, name: deriveSessionName(s.command),
})); tail: s.tail,
truncated: s.truncated,
exitCode: s.exitCode ?? undefined,
exitSignal: s.exitSignal ?? undefined,
}));
const lines = [...running, ...finished] const lines = [...running, ...finished]
.sort((a, b) => b.startedAt - a.startedAt) .sort((a, b) => b.startedAt - a.startedAt)
.map((s) => { .map((s) => {
@@ -547,34 +557,38 @@ export function createProcessTool(
const session = getSession(params.sessionId); const session = getSession(params.sessionId);
const finished = getFinishedSession(params.sessionId); const finished = getFinishedSession(params.sessionId);
const scopedSession = isInScope(session) ? session : undefined;
const scopedFinished = isInScope(finished) ? finished : undefined;
switch (params.action) { switch (params.action) {
case "poll": { case "poll": {
if (!session) { if (!scopedSession) {
if (finished) { if (scopedFinished) {
return { return {
content: [ content: [
{ {
type: "text", type: "text",
text: text:
(finished.tail || (scopedFinished.tail ||
`(no output recorded${ `(no output recorded${
finished.truncated ? " — truncated to cap" : "" scopedFinished.truncated ? " — truncated to cap" : ""
})`) + })`) +
`\n\nProcess exited with ${ `\n\nProcess exited with ${
finished.exitSignal scopedFinished.exitSignal
? `signal ${finished.exitSignal}` ? `signal ${scopedFinished.exitSignal}`
: `code ${finished.exitCode ?? 0}` : `code ${scopedFinished.exitCode ?? 0}`
}.`, }.`,
}, },
], ],
details: { details: {
status: status:
finished.status === "completed" ? "completed" : "failed", scopedFinished.status === "completed"
? "completed"
: "failed",
sessionId: params.sessionId, sessionId: params.sessionId,
exitCode: finished.exitCode ?? undefined, exitCode: scopedFinished.exitCode ?? undefined,
aggregated: finished.aggregated, aggregated: scopedFinished.aggregated,
name: deriveSessionName(finished.command), name: deriveSessionName(scopedFinished.command),
}, },
}; };
} }
@@ -588,7 +602,7 @@ export function createProcessTool(
details: { status: "failed" }, details: { status: "failed" },
}; };
} }
if (!session.backgrounded) { if (!scopedSession.backgrounded) {
return { return {
content: [ content: [
{ {
@@ -599,17 +613,17 @@ export function createProcessTool(
details: { status: "failed" }, details: { status: "failed" },
}; };
} }
const { stdout, stderr } = drainSession(session); const { stdout, stderr } = drainSession(scopedSession);
const exited = session.exited; const exited = scopedSession.exited;
const exitCode = session.exitCode ?? 0; const exitCode = scopedSession.exitCode ?? 0;
const exitSignal = session.exitSignal ?? undefined; const exitSignal = scopedSession.exitSignal ?? undefined;
if (exited) { if (exited) {
const status = const status =
exitCode === 0 && exitSignal == null ? "completed" : "failed"; exitCode === 0 && exitSignal == null ? "completed" : "failed";
markExited( markExited(
session, scopedSession,
session.exitCode ?? null, scopedSession.exitCode ?? null,
session.exitSignal ?? null, scopedSession.exitSignal ?? null,
status, status,
); );
} }
@@ -639,15 +653,15 @@ export function createProcessTool(
status, status,
sessionId: params.sessionId, sessionId: params.sessionId,
exitCode: exited ? exitCode : undefined, exitCode: exited ? exitCode : undefined,
aggregated: session.aggregated, aggregated: scopedSession.aggregated,
name: deriveSessionName(session.command), name: deriveSessionName(scopedSession.command),
}, },
}; };
} }
case "log": { case "log": {
if (session) { if (scopedSession) {
if (!session.backgrounded) { if (!scopedSession.backgrounded) {
return { return {
content: [ content: [
{ {
@@ -659,31 +673,31 @@ export function createProcessTool(
}; };
} }
const { slice, totalLines, totalChars } = sliceLogLines( const { slice, totalLines, totalChars } = sliceLogLines(
session.aggregated, scopedSession.aggregated,
params.offset, params.offset,
params.limit, params.limit,
); );
return { return {
content: [{ type: "text", text: slice || "(no output yet)" }], content: [{ type: "text", text: slice || "(no output yet)" }],
details: { details: {
status: session.exited ? "completed" : "running", status: scopedSession.exited ? "completed" : "running",
sessionId: params.sessionId, sessionId: params.sessionId,
total: totalLines, total: totalLines,
totalLines, totalLines,
totalChars, totalChars,
truncated: session.truncated, truncated: scopedSession.truncated,
name: deriveSessionName(session.command), name: deriveSessionName(scopedSession.command),
}, },
}; };
} }
if (finished) { if (scopedFinished) {
const { slice, totalLines, totalChars } = sliceLogLines( const { slice, totalLines, totalChars } = sliceLogLines(
finished.aggregated, scopedFinished.aggregated,
params.offset, params.offset,
params.limit, params.limit,
); );
const status = const status =
finished.status === "completed" ? "completed" : "failed"; scopedFinished.status === "completed" ? "completed" : "failed";
return { return {
content: [ content: [
{ type: "text", text: slice || "(no output recorded)" }, { type: "text", text: slice || "(no output recorded)" },
@@ -694,10 +708,10 @@ export function createProcessTool(
total: totalLines, total: totalLines,
totalLines, totalLines,
totalChars, totalChars,
truncated: finished.truncated, truncated: scopedFinished.truncated,
exitCode: finished.exitCode ?? undefined, exitCode: scopedFinished.exitCode ?? undefined,
exitSignal: finished.exitSignal ?? undefined, exitSignal: scopedFinished.exitSignal ?? undefined,
name: deriveSessionName(finished.command), name: deriveSessionName(scopedFinished.command),
}, },
}; };
} }
@@ -713,7 +727,7 @@ export function createProcessTool(
} }
case "write": { case "write": {
if (!session) { if (!scopedSession) {
return { return {
content: [ content: [
{ {
@@ -724,7 +738,7 @@ export function createProcessTool(
details: { status: "failed" }, details: { status: "failed" },
}; };
} }
if (!session.backgrounded) { if (!scopedSession.backgrounded) {
return { return {
content: [ content: [
{ {
@@ -735,7 +749,10 @@ export function createProcessTool(
details: { status: "failed" }, details: { status: "failed" },
}; };
} }
if (!session.child?.stdin || session.child.stdin.destroyed) { if (
!scopedSession.child?.stdin ||
scopedSession.child.stdin.destroyed
) {
return { return {
content: [ content: [
{ {
@@ -747,13 +764,13 @@ export function createProcessTool(
}; };
} }
await new Promise<void>((resolve, reject) => { await new Promise<void>((resolve, reject) => {
session.child?.stdin.write(params.data ?? "", (err) => { scopedSession.child?.stdin.write(params.data ?? "", (err) => {
if (err) reject(err); if (err) reject(err);
else resolve(); else resolve();
}); });
}); });
if (params.eof) { if (params.eof) {
session.child.stdin.end(); scopedSession.child.stdin.end();
} }
return { return {
content: [ content: [
@@ -767,13 +784,15 @@ export function createProcessTool(
details: { details: {
status: "running", status: "running",
sessionId: params.sessionId, sessionId: params.sessionId,
name: session ? deriveSessionName(session.command) : undefined, name: scopedSession
? deriveSessionName(scopedSession.command)
: undefined,
}, },
}; };
} }
case "kill": { case "kill": {
if (!session) { if (!scopedSession) {
return { return {
content: [ content: [
{ {
@@ -784,7 +803,7 @@ export function createProcessTool(
details: { status: "failed" }, details: { status: "failed" },
}; };
} }
if (!session.backgrounded) { if (!scopedSession.backgrounded) {
return { return {
content: [ content: [
{ {
@@ -795,21 +814,23 @@ export function createProcessTool(
details: { status: "failed" }, details: { status: "failed" },
}; };
} }
killSession(session); killSession(scopedSession);
markExited(session, null, "SIGKILL", "failed"); markExited(scopedSession, null, "SIGKILL", "failed");
return { return {
content: [ content: [
{ type: "text", text: `Killed session ${params.sessionId}.` }, { type: "text", text: `Killed session ${params.sessionId}.` },
], ],
details: { details: {
status: "failed", status: "failed",
name: session ? deriveSessionName(session.command) : undefined, name: scopedSession
? deriveSessionName(scopedSession.command)
: undefined,
}, },
}; };
} }
case "clear": { case "clear": {
if (finished) { if (scopedFinished) {
deleteSession(params.sessionId); deleteSession(params.sessionId);
return { return {
content: [ content: [
@@ -830,20 +851,22 @@ export function createProcessTool(
} }
case "remove": { case "remove": {
if (session) { if (scopedSession) {
killSession(session); killSession(scopedSession);
markExited(session, null, "SIGKILL", "failed"); markExited(scopedSession, null, "SIGKILL", "failed");
return { return {
content: [ content: [
{ type: "text", text: `Removed session ${params.sessionId}.` }, { type: "text", text: `Removed session ${params.sessionId}.` },
], ],
details: { details: {
status: "failed", status: "failed",
name: session ? deriveSessionName(session.command) : undefined, name: scopedSession
? deriveSessionName(scopedSession.command)
: undefined,
}, },
}; };
} }
if (finished) { if (scopedFinished) {
deleteSession(params.sessionId); deleteSession(params.sessionId);
return { return {
content: [ content: [

37
src/agents/pi-tools.ts
View File

@@ -432,6 +432,25 @@ function filterToolsByPolicy(
}); });
} }
function resolveEffectiveToolPolicy(params: {
config?: ClawdbotConfig;
sessionKey?: string;
}) {
const agentId = params.sessionKey
? resolveAgentIdFromSessionKey(params.sessionKey)
: undefined;
const agentConfig =
params.config && agentId
? resolveAgentConfig(params.config, agentId)
: undefined;
const hasAgentTools = agentConfig?.tools !== undefined;
const globalTools = params.config?.agent?.tools;
return {
agentId,
policy: hasAgentTools ? agentConfig?.tools : globalTools,
};
}
function isToolAllowedByPolicy(name: string, policy?: SandboxToolPolicy) { function isToolAllowedByPolicy(name: string, policy?: SandboxToolPolicy) {
if (!policy) return true; if (!policy) return true;
const deny = new Set(normalizeToolNames(policy.deny)); const deny = new Set(normalizeToolNames(policy.deny));
@@ -613,16 +632,12 @@ export function createClawdbotCodingTools(options?: {
}): AnyAgentTool[] { }): AnyAgentTool[] {
const bashToolName = "bash"; const bashToolName = "bash";
const sandbox = options?.sandbox?.enabled ? options.sandbox : undefined; const sandbox = options?.sandbox?.enabled ? options.sandbox : undefined;
const agentConfig = const { agentId, policy: effectiveToolsPolicy } = resolveEffectiveToolPolicy({
options?.sessionKey && options?.config config: options?.config,
? resolveAgentConfig( sessionKey: options?.sessionKey,
options.config, });
resolveAgentIdFromSessionKey(options.sessionKey), const scopeKey =
) options?.bash?.scopeKey ?? (agentId ? `agent:${agentId}` : undefined);
: undefined;
const hasAgentTools = agentConfig?.tools !== undefined;
const globalTools = options?.config?.agent?.tools;
const effectiveToolsPolicy = hasAgentTools ? agentConfig?.tools : globalTools;
const subagentPolicy = const subagentPolicy =
isSubagentSessionKey(options?.sessionKey) && options?.sessionKey isSubagentSessionKey(options?.sessionKey) && options?.sessionKey
? resolveSubagentToolPolicy(options.config) ? resolveSubagentToolPolicy(options.config)
@@ -649,6 +664,7 @@ export function createClawdbotCodingTools(options?: {
const bashTool = createBashTool({ const bashTool = createBashTool({
...options?.bash, ...options?.bash,
allowBackground, allowBackground,
scopeKey,
sandbox: sandbox sandbox: sandbox
? { ? {
containerName: sandbox.containerName, containerName: sandbox.containerName,
@@ -660,6 +676,7 @@ export function createClawdbotCodingTools(options?: {
}); });
const processTool = createProcessTool({ const processTool = createProcessTool({
cleanupMs: options?.bash?.cleanupMs, cleanupMs: options?.bash?.cleanupMs,
scopeKey,
}); });
const tools: AnyAgentTool[] = [ const tools: AnyAgentTool[] = [
...base, ...base,