Summary
Owner-only tools (cron, gateway) are never available to agents in the normal message flow because senderIsOwner is not forwarded to runEmbeddedPiAgent.
Root Cause
resolveCommandAuthorization() correctly determines senderIsOwner: true, and get-reply-run.ts correctly stores it in followupRun.run.senderIsOwner. However, the helper functions that construct parameters for runEmbeddedPiAgent omit it:
agent-runner-utils.ts:buildEmbeddedRunBaseParams() — copies many properties from params.run but omits senderIsOwnerfollowup-runner.ts — manually lists properties from queued.run but omits senderIsOwnerqueue/types.ts:FollowupRun["run"] — the type definition is missing senderIsOwner
Because senderIsOwner arrives as undefined at pi-tools.ts, the guard options?.senderIsOwner === true evaluates to false, and applyOwnerOnlyToolPolicy strips all owner-only tools.
Reproduction
- Configure an agent with
tools.allow: ["cron"] and commands.ownerAllowFrom set to a valid sender ID
- Send a message from that sender asking the agent to schedule a cron reminder
- The cron tool is not available to the agent despite the sender being correctly identified as owner
Debug logging confirms:
[AUTH] ownerList=["1846655641"] senderCandidates=["1846655641"] matchedSender=1846655641
[TOOLS] senderIsOwner=false ownerOnlyTools=['cron','gateway']
Fix
Three one-line changes:
src/auto-reply/reply/queue/types.ts — add to FollowupRun["run"]:
src/auto-reply/reply/agent-runner-utils.ts — add to buildEmbeddedRunBaseParams return:
senderIsOwner: params.run.senderIsOwner,
src/auto-reply/reply/followup-runner.ts — add to runEmbeddedPiAgent call:
senderIsOwner: queued.run.senderIsOwner,
Environment
Summary
Owner-only tools (
cron,gateway) are never available to agents in the normal message flow becausesenderIsOwneris not forwarded torunEmbeddedPiAgent.Root Cause
resolveCommandAuthorization()correctly determinessenderIsOwner: true, andget-reply-run.tscorrectly stores it infollowupRun.run.senderIsOwner. However, the helper functions that construct parameters forrunEmbeddedPiAgentomit it:agent-runner-utils.ts:buildEmbeddedRunBaseParams()— copies many properties fromparams.runbut omitssenderIsOwnerfollowup-runner.ts— manually lists properties fromqueued.runbut omitssenderIsOwnerqueue/types.ts:FollowupRun["run"]— the type definition is missingsenderIsOwnerBecause
senderIsOwnerarrives asundefinedatpi-tools.ts, the guardoptions?.senderIsOwner === trueevaluates tofalse, andapplyOwnerOnlyToolPolicystrips all owner-only tools.Reproduction
tools.allow: ["cron"]andcommands.ownerAllowFromset to a valid sender IDDebug logging confirms:
Fix
Three one-line changes:
src/auto-reply/reply/queue/types.ts— add toFollowupRun["run"]:src/auto-reply/reply/agent-runner-utils.ts— add tobuildEmbeddedRunBaseParamsreturn:src/auto-reply/reply/followup-runner.ts— add torunEmbeddedPiAgentcall:Environment