Title: Cron delivery origin should not seed live gateway sender identity for tool access-control
Summary
Cron jobs can store an origin or delivery target from a messaging platform. That origin is routing metadata, not a live inbound user identity. If the scheduler seeds gateway session identity from the stored origin before building an agent, access-control can incorrectly strip restricted toolsets from internal cron jobs.
Observed behavior
A cron job with explicit enabled_toolsets including web/file/terminal was created from a WhatsApp group origin. During execution, its saved tool schemas lacked expected tools such as web_search, terminal, and read_file, because access-control treated the job as a live message from the group.
Expected behavior
Cron execution should run as an internal scheduler context. Delivery routing should still use the stored destination, but the stored delivery origin should not be used as the live sender identity for tool-schema authorization.
Suggested fix
In cron/scheduler.py, set empty gateway session identity for cron execution and keep delivery routing in the existing HERMES_CRON_AUTO_DELIVER_* environment variables.
Regression tests
Add cron/tool-schema tests that verify a job's configured toolsets are not stripped just because its delivery origin is a group or non-owner gateway identity.
Title: Cron delivery origin should not seed live gateway sender identity for tool access-control
Summary
Cron jobs can store an
originor delivery target from a messaging platform. That origin is routing metadata, not a live inbound user identity. If the scheduler seeds gateway session identity from the stored origin before building an agent, access-control can incorrectly strip restricted toolsets from internal cron jobs.Observed behavior
A cron job with explicit
enabled_toolsetsincluding web/file/terminal was created from a WhatsApp group origin. During execution, its saved tool schemas lacked expected tools such asweb_search,terminal, andread_file, because access-control treated the job as a live message from the group.Expected behavior
Cron execution should run as an internal scheduler context. Delivery routing should still use the stored destination, but the stored delivery origin should not be used as the live sender identity for tool-schema authorization.
Suggested fix
In
cron/scheduler.py, set empty gateway session identity for cron execution and keep delivery routing in the existingHERMES_CRON_AUTO_DELIVER_*environment variables.Regression tests
Add cron/tool-schema tests that verify a job's configured toolsets are not stripped just because its delivery origin is a group or non-owner gateway identity.