fix(config): honor SPAWN_ALLOWLIST for sessions_spawn (#79490)

Jefsky · cursoragent · Jefsky · commit 389b46eb14a0 · 2026-05-10T01:55:03.000+08:00
Reads OPENCLAW_SPAWN_ALLOWLIST then SPAWN_ALLOWLIST and applies them to
agents.defaults.subagents.allowAgents during config load (env wins).

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/src/config/io.ts b/src/config/io.ts
@@ -101,6 +101,7 @@ import {
   type RuntimeConfigWriteNotification,
 } from "./runtime-snapshot.js";
 import { resolveShellEnvExpectedKeys } from "./shell-env-expected-keys.js";
+import { applySpawnAllowlistEnvOverlay } from "./spawn-allowlist-env.js";
 import type { OpenClawConfig, ConfigFileSnapshot, LegacyConfigIssue } from "./types.js";
 import {
   validateConfigObjectRawWithPlugins,
@@ -1242,6 +1243,7 @@ export function createConfigIO(
     }
 
     applyConfigEnvVars(cfg, deps.env);
+    applySpawnAllowlistEnvOverlay(cfg, deps.env);
 
     const enabled = shouldEnableShellEnvFallback(deps.env) || cfg.env?.shellEnv?.enabled === true;
     if (enabled && !shouldDeferShellEnvFallback(deps.env)) {
diff --git a/src/config/spawn-allowlist-env.test.ts b/src/config/spawn-allowlist-env.test.ts
@@ -0,0 +1,61 @@
+import { describe, expect, it } from "vitest";
+import {
+  applySpawnAllowlistEnvOverlay,
+  resolveSpawnAllowlistFromProcessEnv,
+} from "./spawn-allowlist-env.js";
+import type { OpenClawConfig } from "./types.openclaw.js";
+
+describe("resolveSpawnAllowlistFromProcessEnv", () => {
+  it("reads OPENCLAW_SPAWN_ALLOWLIST", () => {
+    expect(resolveSpawnAllowlistFromProcessEnv({ OPENCLAW_SPAWN_ALLOWLIST: "*" })).toEqual(["*"]);
+  });
+
+  it("falls back to SPAWN_ALLOWLIST", () => {
+    expect(resolveSpawnAllowlistFromProcessEnv({ SPAWN_ALLOWLIST: "*" })).toEqual(["*"]);
+  });
+
+  it("parses comma-separated ids", () => {
+    expect(resolveSpawnAllowlistFromProcessEnv({ SPAWN_ALLOWLIST: " alpha, beta " })).toEqual([
+      "alpha",
+      "beta",
+    ]);
+  });
+
+  it("parses JSON string arrays", () => {
+    expect(resolveSpawnAllowlistFromProcessEnv({ SPAWN_ALLOWLIST: '["a","b"]' })).toEqual([
+      "a",
+      "b",
+    ]);
+  });
+
+  it("prefers OPENCLAW_ over unprefixed", () => {
+    expect(
+      resolveSpawnAllowlistFromProcessEnv({
+        OPENCLAW_SPAWN_ALLOWLIST: "fast",
+        SPAWN_ALLOWLIST: "slow",
+      }),
+    ).toEqual(["fast"]);
+  });
+});
+
+describe("applySpawnAllowlistEnvOverlay", () => {
+  it("writes agents.defaults.subagents.allowAgents when env set", () => {
+    const cfg = {} as OpenClawConfig;
+    applySpawnAllowlistEnvOverlay(cfg, { SPAWN_ALLOWLIST: "*" });
+    expect(cfg.agents?.defaults?.subagents?.allowAgents).toEqual(["*"]);
+  });
+
+  it("overwrites existing config allowAgents when env set (Docker precedence)", () => {
+    const cfg = {
+      agents: { defaults: { subagents: { allowAgents: ["legacy"] } } },
+    } as OpenClawConfig;
+    applySpawnAllowlistEnvOverlay(cfg, { SPAWN_ALLOWLIST: "x,y" });
+    expect(cfg.agents?.defaults?.subagents?.allowAgents).toEqual(["x", "y"]);
+  });
+
+  it("noop when unset", () => {
+    const cfg = { agents: { defaults: {} } } as OpenClawConfig;
+    applySpawnAllowlistEnvOverlay(cfg, {});
+    expect(cfg.agents?.defaults?.subagents?.allowAgents).toBeUndefined();
+  });
+});
diff --git a/src/config/spawn-allowlist-env.ts b/src/config/spawn-allowlist-env.ts
@@ -0,0 +1,53 @@
+import { normalizeOptionalString } from "../shared/string-coerce.js";
+import type { OpenClawConfig } from "./types.openclaw.js";
+
+/**
+ * Parses `OPENCLAW_SPAWN_ALLOWLIST` or `SPAWN_ALLOWLIST` for Docker deployments (#79490).
+ * When set, applies to `agents.defaults.subagents.allowAgents` unless already configured on disk —
+ * callers should only invoke the overlay path when JSON did not specify `allowAgents`.
+ */
+export function resolveSpawnAllowlistFromProcessEnv(env: NodeJS.ProcessEnv): string[] | undefined {
+  const raw =
+    normalizeOptionalString(env.OPENCLAW_SPAWN_ALLOWLIST) ??
+    normalizeOptionalString(env.SPAWN_ALLOWLIST);
+  if (!raw) {
+    return undefined;
+  }
+  const trimmed = raw.trim();
+  if (!trimmed) {
+    return undefined;
+  }
+  if (trimmed === "*") {
+    return ["*"];
+  }
+  if (trimmed.startsWith("[")) {
+    try {
+      const parsed = JSON.parse(trimmed) as unknown;
+      if (Array.isArray(parsed)) {
+        const ids = parsed
+          .filter((entry): entry is string => typeof entry === "string")
+          .map((entry) => entry.trim())
+          .filter(Boolean);
+        return ids.length > 0 ? ids : undefined;
+      }
+    } catch {
+      // Fall through to comma-separated parsing for mis-quoted JSON-ish values.
+    }
+  }
+  const split = trimmed
+    .split(",")
+    .map((segment) => segment.trim())
+    .filter(Boolean);
+  return split.length > 0 ? split : undefined;
+}
+
+export function applySpawnAllowlistEnvOverlay(cfg: OpenClawConfig, env: NodeJS.ProcessEnv): void {
+  const fromEnv = resolveSpawnAllowlistFromProcessEnv(env);
+  if (!fromEnv) {
+    return;
+  }
+  cfg.agents ??= {};
+  cfg.agents.defaults ??= {};
+  cfg.agents.defaults.subagents ??= {};
+  cfg.agents.defaults.subagents.allowAgents = fromEnv;
+}
