From 56799a21be721f7582f5b8c8eca14dfc8bb9de6d Mon Sep 17 00:00:00 2001 From: Ameno Osman Date: Wed, 21 Jan 2026 08:34:04 -0800 Subject: [PATCH 1/2] macOS: allow SSH agents without identity file --- apps/macos/Sources/Clawdbot/CommandResolver.swift | 9 ++++++--- apps/macos/Sources/Clawdbot/RemotePortTunnel.swift | 8 ++++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/apps/macos/Sources/Clawdbot/CommandResolver.swift b/apps/macos/Sources/Clawdbot/CommandResolver.swift index 117930710..7661c48f1 100644 --- a/apps/macos/Sources/Clawdbot/CommandResolver.swift +++ b/apps/macos/Sources/Clawdbot/CommandResolver.swift @@ -284,13 +284,16 @@ enum CommandResolver { var args: [String] = [ "-o", "BatchMode=yes", - "-o", "IdentitiesOnly=yes", "-o", "StrictHostKeyChecking=accept-new", "-o", "UpdateHostKeys=yes", ] if parsed.port > 0 { args.append(contentsOf: ["-p", String(parsed.port)]) } - if !settings.identity.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty { - args.append(contentsOf: ["-i", settings.identity]) + let identity = settings.identity.trimmingCharacters(in: .whitespacesAndNewlines) + if !identity.isEmpty { + // Only use IdentitiesOnly when an explicit identity file is provided. + // This allows 1Password SSH agent and other SSH agents to provide keys. + args.append(contentsOf: ["-o", "IdentitiesOnly=yes"]) + args.append(contentsOf: ["-i", identity]) } let userHost = parsed.user.map { "\($0)@\(parsed.host)" } ?? parsed.host args.append(userHost) diff --git a/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift b/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift index ccbeb6e8d..8eaee1c05 100644 --- a/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift +++ b/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift @@ -72,7 +72,6 @@ final class RemotePortTunnel { } var args: [String] = [ "-o", "BatchMode=yes", - "-o", "IdentitiesOnly=yes", "-o", "ExitOnForwardFailure=yes", "-o", "StrictHostKeyChecking=accept-new", "-o", "UpdateHostKeys=yes", @@ -84,7 +83,12 @@ final class RemotePortTunnel { ] if parsed.port > 0 { args.append(contentsOf: ["-p", String(parsed.port)]) } let identity = settings.identity.trimmingCharacters(in: .whitespacesAndNewlines) - if !identity.isEmpty { args.append(contentsOf: ["-i", identity]) } + if !identity.isEmpty { + // Only use IdentitiesOnly when an explicit identity file is provided. + // This allows 1Password SSH agent and other SSH agents to provide keys. + args.append(contentsOf: ["-o", "IdentitiesOnly=yes"]) + args.append(contentsOf: ["-i", identity]) + } let userHost = parsed.user.map { "\($0)@\(parsed.host)" } ?? parsed.host args.append(userHost) From fd918bf6bf6ecaf8c09c488969ec39e4402551b9 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Wed, 21 Jan 2026 17:32:00 +0000 Subject: [PATCH 2/2] fix: allow SSH agent auth without identity file (#1384) (thanks @ameno-) --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 056498694..be5093e3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ Docs: https://docs.clawd.bot ### Fixes - Nodes tool: include agent/node/gateway context in tool failure logs to speed approval debugging. - macOS: exec approvals now respect wildcard agent allowlists (`*`). +- macOS: allow SSH agent auth when no identity file is set. (#1384) Thanks @ameno-. - UI: remove the chat stop button and keep the composer aligned to the bottom edge. - Typing: start instant typing indicators at run start so DMs and mentions show immediately. - Configure: restrict the model allowlist picker to OAuth-compatible Anthropic models and preselect Opus 4.5.