ContextEngine plugin runtime.subagent access intermittently unavailable during gateway requests in 2026.3.12

[threehotpot-bot]

Environment

• OpenClaw: 2026.3.12
• Plugin: @martian-engineering/lossless-claw 0.3.0 (contextEngine slot)
• Channel: Telegram webhook

Problem

Context engine plugins that use api.runtime.subagent for delegated expansion (spawning sub-agents from tool execution) intermittently lose access to subagent methods during normal Telegram gateway requests.

Error: Plugin runtime subagent methods are only available during a gateway request

This worked reliably on 2026.3.11.

Details

The lossless-claw plugin registers tools (lcm_expand_query) that need to spawn sub-agents via api.runtime.subagent.run(). On 3.12, the subagent runtime is sometimes available and sometimes not within the same session.

Gateway logs show that successful calls are logged under [gateway] prefix, while failed calls appear under [plugins] prefix — suggesting the AsyncLocalStorage-scoped runtime context is not consistently propagated to plugin tool execution.

Suspected cause

The 3.12 security change "stop unauthenticated plugin HTTP routes from inheriting synthetic admin gateway scopes when they call runtime.subagent.*" may be overly broad, affecting authenticated context engine plugin tool calls during legitimate gateway requests.

Expected behavior

Context engine plugins registered in the contextEngine slot should have stable access to api.runtime.subagent during tool execution within a gateway request, same as 3.11.

Related

• lcm_expand_query fails with "Plugin runtime subagent methods are only available during a gateway request" on OpenClaw 2026.3.12 Martian-Engineering/lossless-claw#59

[Ryce]

Intermittent subagent access failure is one of the worst kinds of bugs because it's hard to reproduce and silently loses work.

What makes this dangerous: When is intermittently unavailable, tool calls that depend on delegation either fail outright or — worse — silently skip the sub-agent spawn and return partial results. Your agent might think it completed a task that actually failed halfway through.

For anyone hitting this on 3.12:

1. Check your gateway logs for vs prefixes — if you see the same tool call logged under both prefixes, that's the AsyncLocalStorage context leak
2. Pin to 3.11 if your workflows depend on subagent delegation: npm i -g openclaw@2026.3.11
3. If you can't rollback immediately, reduce subagent-heavy workflows until the fix lands

Why this matters beyond the immediate bug: Context engine plugins that spawn sub-agents are often doing the most complex work in your setup — multi-step research, data processing, code generation. If that work is silently failing, you're accumulating stale or incomplete outputs without knowing it.

Habit that helps: If you rely on subagent workflows, keep a recent backup of your OpenClaw data directory. When things go wrong intermittently, the ability to diff your session files and memory against a known-good state is invaluable for understanding what actually completed and what didn't.

[steipete]

Closing this as implemented after Codex review.

Current main already implements the requested runtime propagation fix: gateway handlers now install a plugin runtime request scope, non-WS gateway paths like Telegram have a fallback gateway context for subagent dispatch, and plugin subagent calls are wrapped with plugin identity so fallback authorization does not drop context intermittently.

What I checked:

• Gateway handlers now run inside plugin runtime request scope: handleGatewayRequestWithScope wraps every gateway handler in withPluginRuntimeGatewayRequestScope(...), with an inline comment calling out context-engine tools spawning sub-agents during tool execution. (src/gateway/server-methods.ts:171, 7ac35b4f6900)
• Telegram/non-WS fallback context exists on main: server-plugins.ts explicitly documents fallback gateway context for non-WS paths like Telegram/WhatsApp, and dispatchGatewayMethod now uses scope?.context ?? getFallbackGatewayContext() instead of requiring AsyncLocalStorage-only scope. (src/gateway/server-plugins.ts:26, 7ac35b4f6900)
• Plugin identity is preserved for subagent runtime calls: The plugin registry proxies runtime.subagent.* through withPluginRuntimePluginIdScope(pluginId, ...), so fallback runs retain plugin identity instead of losing it outside the original request ALS scope. (src/plugins/registry.ts:1315, 7ac35b4f6900)
• Regression coverage for trusted fallback subagent runs: Tests cover fallback subagent runs with plugin identity and explicit override policy, plus least-privilege synthetic scopes for fallback dispatch. (src/gateway/server-plugins.test.ts:664, 7ac35b4f6900)
• ALS scope reuse is covered: gateway-request-scope.test.ts verifies the AsyncLocalStorage-backed scope survives module reloads and that plugin id attachment works, matching the issue's propagation concern. (src/plugins/runtime/gateway-request-scope.test.ts:52, 7ac35b4f6900)
• Fix commit is on main and not tied to a tagged release in this checkout: git show identifies commit 7ac35b4f69009490180a35bf404638d4280a4865 as the introducing change; git tag --contains 7ac35b4f returned no tag. (7ac35b4f6900)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 4630ce3d9e2f; fix evidence: commit 7ac35b4f6900.