fix(sandbox): use materialized skill paths in command prompts

brokemac79 · brokemac79 · commit 801d8125773d · 2026-06-10T01:08:45.000+01:00
diff --git a/src/agents/embedded-agent-runner/sandbox-skills.test.ts b/src/agents/embedded-agent-runner/sandbox-skills.test.ts
@@ -96,7 +96,7 @@ describe("resolveSandboxSkillRuntimeInputs", () => {
   });
 
   it("rebuilds sandbox prompts from materialized skill paths", async () => {
-      const root = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-sandbox-skills-"));
+    const root = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-sandbox-skills-"));
     try {
       const effectiveWorkspace = path.join(root, "workspace");
       const materializedWorkspace = path.join(root, "state", "sandbox-skills");
@@ -160,7 +160,9 @@ describe("resolveSandboxSkillRuntimeInputs", () => {
       });
 
       expect(prompt).toContain("/workspace/.openclaw/sandbox-skills/skills/demo/SKILL.md");
-      expect(prompt.replaceAll("\\", "/")).not.toContain(materializedWorkspace.replaceAll("\\", "/"));
+      expect(prompt.replaceAll("\\", "/")).not.toContain(
+        materializedWorkspace.replaceAll("\\", "/"),
+      );
       expect(prompt).not.toContain(hostSkillPath);
       expect(prompt).not.toContain("plugin-skills");
       expect(prompt.replaceAll("\\", "/")).not.toContain("/skills/canvas/SKILL.md");
diff --git a/src/agents/sandbox.resolveSandboxContext.test.ts b/src/agents/sandbox.resolveSandboxContext.test.ts
@@ -409,11 +409,50 @@ describe("resolveSandboxContext", () => {
     expect(syncOptions?.config).toBe(cfg);
     expect(syncOptions?.agentId).toBe("main");
     expect(syncOptions?.eligibility).toEqual({ remote: { note: "test-remote" } });
+    expect(result?.skillsWorkspaceDir).toBe(syncOptions?.targetWorkspaceDir);
+    expect(result?.workspaceAccess).toBe("rw");
+    expect(result?.skillsEligibility).toEqual({ remote: { note: "test-remote" } });
     await expect(
       fs.readFile(path.join(userOwnedSandboxSkillsDir, "SKILL.md"), "utf8"),
     ).resolves.toBe("# User owned\n");
   }, 15_000);
 
+  it("uses the SSH backend remote workspace for sandbox workspace info", async () => {
+    syncSkillsToWorkspaceMock.mockClear();
+    const workspaceDir = await createSandboxFixtureDir("ssh-workspace");
+    const cfg: OpenClawConfig = {
+      agents: {
+        defaults: {
+          sandbox: {
+            mode: "all",
+            backend: "ssh",
+            scope: "session",
+            workspaceAccess: "rw",
+            ssh: {
+              target: "ssh.example.test",
+              workspaceRoot: "/remote/openclaw",
+            },
+          },
+        },
+      },
+    };
+
+    const result = await ensureSandboxWorkspaceForSession({
+      config: cfg,
+      sessionKey: "agent:main:main",
+      workspaceDir,
+    });
+
+    expect(result?.workspaceDir).toBe(workspaceDir);
+    expect(result?.containerWorkdir).toMatch(
+      /^\/remote\/openclaw\/openclaw-ssh-agent-main-main-[a-f0-9]{8}\/workspace$/,
+    );
+    expect(result?.containerWorkdir).not.toBe("/workspace");
+    expect(result?.skillsWorkspaceDir).toContain(
+      path.join(".openclaw", "sandbox", "skills-workspaces"),
+    );
+  }, 15_000);
+
   it("materializes skills for shared writable sandboxes even when roots match", async () => {
     syncSkillsToWorkspaceMock.mockClear();
     const workspaceDir = await createSandboxFixtureDir("shared-workspace");
diff --git a/src/agents/sandbox/context.ts b/src/agents/sandbox/context.ts
@@ -26,6 +26,7 @@ import { createSandboxFsBridge } from "./fs-bridge.js";
 import { updateRegistry } from "./registry.js";
 import { resolveSandboxRuntimeStatus } from "./runtime-status.js";
 import { resolveSandboxScopeKey, resolveSandboxWorkspaceDir } from "./shared.js";
+import { resolveSshRuntimePaths } from "./ssh-backend.js";
 import type { SandboxContext, SandboxDockerConfig, SandboxWorkspaceInfo } from "./types.js";
 import { resolveMaterializedSandboxSkillsWorkspaceDir } from "./workspace-mounts.js";
 import { ensureSandboxWorkspace } from "./workspace.js";
@@ -178,6 +179,16 @@ function resolveSandboxSession(params: { config?: OpenClawConfig; sessionKey?: s
   return { rawSessionKey, runtime, cfg };
 }
 
+function resolveSandboxWorkspaceInfoWorkdir(params: {
+  cfg: ReturnType<typeof resolveSandboxConfigForAgent>;
+  scopeKey: string;
+}): string {
+  if (params.cfg.backend === "ssh") {
+    return resolveSshRuntimePaths(params.cfg.ssh.workspaceRoot, params.scopeKey).remoteWorkspaceDir;
+  }
+  return params.cfg.docker.workdir;
+}
+
 export async function resolveSandboxContext(params: {
   config?: OpenClawConfig;
   sessionKey?: string;
@@ -308,16 +319,20 @@ export async function ensureSandboxWorkspaceForSession(params: {
   }
   const { rawSessionKey, cfg, runtime } = resolved;
 
-  const { workspaceDir } = await ensureSandboxWorkspaceLayout({
-    cfg,
-    agentId: runtime.agentId,
-    rawSessionKey,
-    config: params.config,
-    workspaceDir: params.workspaceDir,
-  });
+  const { scopeKey, skillsEligibility, skillsWorkspaceDir, workspaceDir } =
+    await ensureSandboxWorkspaceLayout({
+      cfg,
+      agentId: runtime.agentId,
+      rawSessionKey,
+      config: params.config,
+      workspaceDir: params.workspaceDir,
+    });
 
   return {
     workspaceDir,
-    containerWorkdir: cfg.docker.workdir,
+    containerWorkdir: resolveSandboxWorkspaceInfoWorkdir({ cfg, scopeKey }),
+    skillsWorkspaceDir,
+    ...(skillsEligibility ? { skillsEligibility } : {}),
+    workspaceAccess: cfg.workspaceAccess,
   };
 }
diff --git a/src/agents/sandbox/ssh-backend.ts b/src/agents/sandbox/ssh-backend.ts
@@ -333,7 +333,10 @@ async function isExistingDirectory(dir: string): Promise<boolean> {
   }
 }
 
-function resolveSshRuntimePaths(workspaceRoot: string, scopeKey: string): ResolvedSshRuntimePaths {
+export function resolveSshRuntimePaths(
+  workspaceRoot: string,
+  scopeKey: string,
+): ResolvedSshRuntimePaths {
   const runtimeId = buildSshSandboxRuntimeId(scopeKey);
   const runtimeRootDir = path.posix.join(workspaceRoot, runtimeId);
   return {
diff --git a/src/agents/sandbox/types.ts b/src/agents/sandbox/types.ts
@@ -1,3 +1,4 @@
+import type { SkillEligibilityContext } from "../../skills/types.js";
 /**
  * Sandbox runtime configuration and context types.
  *
@@ -6,7 +7,6 @@
 import type { SandboxBackendHandle, SandboxBackendId } from "./backend-handle.types.js";
 import type { SandboxFsBridge } from "./fs-bridge.types.js";
 import type { SandboxDockerConfig } from "./types.docker.js";
-import type { SkillEligibilityContext } from "../../skills/types.js";
 
 export type { SandboxDockerConfig } from "./types.docker.js";
 
@@ -116,4 +116,7 @@ export type SandboxContext = {
 export type SandboxWorkspaceInfo = {
   workspaceDir: string;
   containerWorkdir: string;
+  skillsWorkspaceDir?: string;
+  skillsEligibility?: SkillEligibilityContext;
+  workspaceAccess?: SandboxWorkspaceAccess;
 };
diff --git a/src/auto-reply/reply/commands-system-prompt.test.ts b/src/auto-reply/reply/commands-system-prompt.test.ts
@@ -1,10 +1,17 @@
 // Tests system prompt command output and bundled prompt section selection.
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { resolveSessionAgentIds } from "../../agents/agent-scope.js";
 import { createOpenClawCodingTools } from "../../agents/agent-tools.js";
 import { resolveBootstrapContextForRun } from "../../agents/bootstrap-files.js";
-import { resolveSandboxRuntimeStatus } from "../../agents/sandbox.js";
+import {
+  ensureSandboxWorkspaceForSession,
+  resolveSandboxRuntimeStatus,
+} from "../../agents/sandbox.js";
 import { buildAgentSystemPrompt } from "../../agents/system-prompt.js";
+import { resolveReusableWorkspaceSkillSnapshot } from "../../skills/runtime/session-snapshot.js";
 import { resolveCommandsSystemPromptBundle } from "./commands-system-prompt.js";
 import type { HandleCommandsParams } from "./commands-types.js";
 
@@ -20,6 +27,7 @@ vi.mock("../../agents/bootstrap-files.js", () => ({
 }));
 
 vi.mock("../../agents/sandbox.js", () => ({
+  ensureSandboxWorkspaceForSession: vi.fn(async () => null),
   resolveSandboxRuntimeStatus: vi.fn(() => ({ sandboxed: false, mode: "off" })),
 }));
 
@@ -130,6 +138,12 @@ describe("resolveCommandsSystemPromptBundle", () => {
     vi.clearAllMocks();
     createOpenClawCodingToolsMock.mockClear();
     createOpenClawCodingToolsMock.mockReturnValue([]);
+    vi.mocked(ensureSandboxWorkspaceForSession).mockResolvedValue(null);
+    vi.mocked(resolveReusableWorkspaceSkillSnapshot).mockReturnValue({
+      snapshot: { prompt: "", skills: [], resolvedSkills: [] },
+      shouldRefresh: false,
+      snapshotVersion: "test-snapshot",
+    } as never);
   });
 
   it("opts command tool builds into gateway subagent binding", async () => {
@@ -254,6 +268,69 @@ describe("resolveCommandsSystemPromptBundle", () => {
     expect(sandboxInfo?.elevated?.fullAccessBlockedReason).toBe("host-policy");
   });
 
+  it("uses materialized sandbox skill paths for sandbox command prompts", async () => {
+    const root = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-command-sandbox-skills-"));
+    try {
+      const workspaceDir = path.join(root, "workspace");
+      const skillsWorkspaceDir = path.join(root, "state", "sandbox-skills");
+      const skillDir = path.join(skillsWorkspaceDir, "skills", "gog");
+      await fs.mkdir(skillDir, { recursive: true });
+      await fs.writeFile(
+        path.join(skillDir, "SKILL.md"),
+        ["---", "name: gog", "description: Gog skill", "---", "# Gog", ""].join("\n"),
+        "utf8",
+      );
+      const params = makeParams();
+      params.workspaceDir = workspaceDir;
+      vi.mocked(resolveSandboxRuntimeStatus).mockReturnValue({
+        sandboxed: true,
+        mode: "workspace-write",
+      } as never);
+      vi.mocked(ensureSandboxWorkspaceForSession).mockResolvedValue({
+        workspaceDir,
+        containerWorkdir: "/workspace",
+        skillsWorkspaceDir,
+        skillsEligibility: {
+          remote: {
+            platforms: ["linux"],
+            hasBin: () => true,
+            hasAnyBin: () => true,
+            note: "sandbox",
+          },
+        },
+        workspaceAccess: "rw",
+      } as never);
+      vi.mocked(resolveReusableWorkspaceSkillSnapshot).mockReturnValue({
+        snapshot: {
+          prompt:
+            "<available_skills>~/.npm-global/lib/node_modules/openclaw/skills/gog/SKILL.md</available_skills>",
+          skills: [],
+          resolvedSkills: [],
+        },
+        shouldRefresh: false,
+        snapshotVersion: "host-snapshot",
+      } as never);
+
+      const result = await resolveCommandsSystemPromptBundle(params);
+
+      expect(result.skillsPrompt).toContain(
+        "/workspace/.openclaw/sandbox-skills/skills/gog/SKILL.md",
+      );
+      expect(result.skillsPrompt).not.toContain("~/.npm-global");
+      expect(vi.mocked(resolveReusableWorkspaceSkillSnapshot)).not.toHaveBeenCalled();
+      const promptParams = requireFirstArg(
+        vi.mocked(buildAgentSystemPrompt),
+        "buildAgentSystemPrompt",
+      );
+      expect(promptParams.skillsPrompt).toContain(
+        "/workspace/.openclaw/sandbox-skills/skills/gog/SKILL.md",
+      );
+      expect(String(promptParams.skillsPrompt)).not.toContain("~/.npm-global");
+    } finally {
+      await fs.rm(root, { recursive: true, force: true });
+    }
+  });
+
   it("uses config-backed prompt settings for the target agent", async () => {
     vi.mocked(resolveSandboxRuntimeStatus).mockReturnValue({
       sandboxed: false,
diff --git a/src/auto-reply/reply/commands-system-prompt.ts b/src/auto-reply/reply/commands-system-prompt.ts

Original file line number	Diff line number	Diff line change
`@@ -333,7 +333,10 @@ async function isExistingDirectory(dir: string): Promise<boolean> {`
`333`	`333`	`}`
`334`	`334`	`}`
`335`	`335`
`336`		`-function resolveSshRuntimePaths(workspaceRoot: string, scopeKey: string): ResolvedSshRuntimePaths {`
	`336`	`+export function resolveSshRuntimePaths(`
	`337`	`+ workspaceRoot: string,`
	`338`	`+ scopeKey: string,`
	`339`	`+): ResolvedSshRuntimePaths {`
`337`	`340`	`const runtimeId = buildSshSandboxRuntimeId(scopeKey);`
`338`	`341`	`const runtimeRootDir = path.posix.join(workspaceRoot, runtimeId);`
`339`	`342`	`return {`