sessions_spawn(runtime="subagent") should honor explicit cwd for same-workspace delegated execution

[glfruit]

Summary

In OpenClaw 2026.5.6, native sessions_spawn(runtime="subagent") did not honor an explicit cwd when delegating to another agent. This blocked same-workspace delegated execution / handoff absorption flows where a TL/session needs a worker agent to operate in the requester workspace rather than the worker default workspace.

Related older reports appear to be closed, but this reproduced on a current 2026.5.6 runtime in a cross-agent same-workspace canary.

Related: #42712, #43900, #40825

Reproduction

From an agent/session whose workspace is different from the target worker agent default workspace, spawn a native subagent with an explicit cwd:

sessions_spawn({
  runtime: "subagent",
  agentId: "code-specialist",
  cwd: "/Users/.../.openclaw/workspace-daily-devops",
  sandbox: "inherit",
  task: "print pwd, then write/read tmp/handoff-canary/same-workspace-runtime-fix.txt"
})

Expected behavior

The child subagent process/session should run with pwd exactly equal to the explicit cwd:

/Users/.../.openclaw/workspace-daily-devops

Relative tool paths should resolve inside that cwd, so same-workspace handoff absorption can be done without cross-workspace writes.

Actual behavior

Before the local fix, the native subagent did not honor the explicit cwd for this delegated execution path. The worker landed outside the requested requester workspace, which blocked the canary and prevented a safe same-workspace handoff absorption workflow.

Impact

This breaks an important multi-agent/TL workflow:

• TL/requester needs to delegate implementation to a worker agent.
• The worker must write only inside the requester workspace.
• Cross-workspace writes are disallowed for safety.
• If cwd is ignored, there is no safe path for the worker to perform same-workspace edits.

Local fix direction

A local owned-package fix made the native subagent path pass/honor the spawned workspace cwd internally, and a canary passed afterward.

Passing canary after local fix:

same_workspace_runtime_fix_canary=PASS
observed_pwd=/Users/.../.openclaw/workspace-daily-devops
file=tmp/handoff-canary/same-workspace-runtime-fix.txt

Local validation included unit tests around subagent spawn workspace/cwd behavior.

Environment

• OpenClaw: 2026.5.6
• Node: v22.22.0
• OS: macOS / Darwin arm64
• Channel: Telegram group session + native subagent runtime

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still exposes and reads sessions_spawn.cwd, but the native runtime="subagent" path drops it before spawnSubagentDirect, and the two known fix PRs for this behavior are closed unmerged rather than shipped.

Reproducibility: yes. at source level: call sessions_spawn with runtime="subagent", a different agentId, and explicit cwd; current main reads cwd but never forwards it into native spawn params, so it cannot affect workspace inheritance. I did not run the live macOS/Telegram canary in this read-only review.

Next step
This is a narrow source-proven bug with closed unmerged fix attempts and no current implementation candidate for the exact behavior.

Security
Needs attention: The requested fix changes spawned-run workspace selection, so it must preserve the internal-only Gateway boundary and avoid broad arbitrary workspace steering.

Review details

Best possible solution:

Implement focused native-subagent cwd handling that carries explicit cwd as spawn state, resolves one child workspace for metadata and attachments, keeps Gateway agent params schema-clean, and adds regression plus live-behavior proof.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: call sessions_spawn with runtime="subagent", a different agentId, and explicit cwd; current main reads cwd but never forwards it into native spawn params, so it cannot affect workspace inheritance. I did not run the live macOS/Telegram canary in this read-only review.

Is this the best way to solve the issue?

Yes, the narrow maintainable direction is to thread cwd through SpawnSubagentParams as explicit native spawn state and reuse the resolved workspace without expanding public Gateway params. The older context-workspace shortcut in #58112 is not the best fix because it can still lose to cross-agent fallback and diverge from attachments.

Security concerns:

• [medium] Constrain native cwd workspace plumbing — src/agents/subagent-spawn.ts:1087
  Honoring native subagent cwd by leaking workspaceDir into public Gateway agent params or by using a raw context shortcut can reintroduce workspace-boundary bugs; carry it as explicit spawn state and strip internal metadata before the Gateway call.
  Confidence: 0.88

Acceptance criteria:

• pnpm test src/agents/tools/sessions-spawn-tool.test.ts src/agents/spawned-context.test.ts src/agents/subagent-spawn.workspace.test.ts
• pnpm check:changed
• Capture redacted live native sessions_spawn({ runtime: "subagent", cwd: ... }) output showing the child observed pwd equals the requested cwd before landing.

What I checked:

• Current main exposes cwd: sessions_spawn includes cwd in the tool schema and reads it from params before runtime dispatch. (src/agents/tools/sessions-spawn-tool.ts:175, 7c4f60757204)
• ACP path forwards cwd: The ACP runtime call passes cwd into spawnAcpDirect, so the parameter is already part of the sessions_spawn contract for that runtime. (src/agents/tools/sessions-spawn-tool.ts:389, 7c4f60757204)
• Native path omits cwd: The native spawnSubagentDirect params object passes task/model/runtime fields but does not include the parsed cwd value. (src/agents/tools/sessions-spawn-tool.ts:476, 7c4f60757204)
• Native params cannot carry cwd: SpawnSubagentParams has no cwd field, so the parsed tool parameter cannot reach native workspace resolution. (src/agents/subagent-spawn.ts:123, 7c4f60757204)
• Cross-agent resolution still drops caller workspace: For cross-agent native spawns, current main intentionally passes undefined for inherited caller workspace, so without a separate native cwd parameter the target agent workspace wins. (src/agents/subagent-spawn.ts:1087, 7c4f60757204)
• Workspace helper has the needed precedence: resolveSpawnedWorkspaceInheritance already prefers explicitWorkspaceDir before target/requester workspace fallback; the missing piece is native cwd threading. (src/agents/spawned-context.ts:55, 7c4f60757204)

Likely related people:

• steipete: Current blame for the checked-out agent spawn files points to the central config mutation refactor, and history shows repeated recent work on subagent spawn and test seams plus the landed parent-workspace inheritance change. (role: recent area contributor; confidence: high; commits: 756379b11ddf, ab54532c8f42, 7b36fa7672; files: src/agents/subagent-spawn.ts, src/agents/tools/sessions-spawn-tool.ts, src/agents/spawned-context.ts)
• vincentkoc: Authored the merged Gateway boundary work that keeps spawned workspace overrides internal, which any native cwd implementation must preserve. (role: adjacent gateway boundary contributor; confidence: high; commits: 46a332385d11; files: src/gateway/protocol/schema/agent.ts, src/gateway/server-methods/agent.ts, src/agents/subagent-spawn.ts)
• moshehbenavraham: Authored the merged cross-agent target-workspace fix whose inheritance rule currently beats explicit cwd on the native path. (role: introduced adjacent workspace behavior; confidence: high; commits: 55e79adf6916; files: src/agents/spawned-context.ts, src/agents/subagent-spawn.ts, src/agents/subagent-spawn.workspace.test.ts)
• jasonQin6: Opened the earlier subagent workspace inheritance PR later landed into main, touching the same spawn/tool context lineage. (role: source contributor for parent workspace inheritance; confidence: medium; commits: ab54532c8f42; files: src/agents/subagent-spawn.ts, src/agents/tools/sessions-spawn-tool.ts)
• mcaxtr: Merged or closed the earlier cross-agent workspace cluster as fixed by the target-agent workspace behavior, making them relevant for routing this distinct explicit-cwd follow-up. (role: adjacent merger and issue closer; confidence: medium; commits: 55e79adf6916; files: src/agents/subagent-spawn.ts, src/agents/subagent-spawn.workspace.test.ts)

Remaining risk / open question:

• No live macOS or Telegram same-workspace canary was run during this read-only review; the reproduction is source-level against current main.
• A fix must keep workspace metadata internal and avoid leaking workspaceDir into Gateway method="agent" params; Gateway rejects workspaceDir when it leaks into method="agent" params during subagent spawn #79841 tracks that adjacent boundary.
• Attachment materialization currently resolves the target agent workspace independently, so a cwd fix should avoid making child workspace, run metadata, and attachment location diverge.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 7c4f60757204.