[Bug]: Cross-agent orchestration can be blocked by default session visibility after upgrade

[ramitrkar-hash]

Summary

After upgrading to 2026.6.1, direct Jarvis -> Billy orchestration attempts were blocked before reaching Billy with:

Session send visibility is restricted. Set tools.sessions.visibility=all to allow cross-agent access.

This is confusing because the local config already allowed Jarvis to delegate to Billy through agents.list[].subagents.allowAgents, and Billy was alive via heartbeat. The failure looked like "Billy is flaky/dead" from the operator side, but the clean direct health-check call was rejected by session visibility policy before it reached Billy.

Environment

• OpenClaw: 2026.6.1 (2e08f0f)
• Previous version before upgrade: 2026.5.18 (50a2481)
• Platform: macOS arm64
• Gateway: LaunchAgent, loopback 127.0.0.1:18789
• Agents: main/Jarvis, billy, farber, scout, maverick, lumbergh
• Jarvis subagent config already included:

"subagents": {
  "allowAgents": ["billy", "farber", "scout", "maverick", "lumbergh"]
}

Observed behavior

Jarvis attempted a direct health-check style call to Billy's main session (agent:billy:main) and OpenClaw rejected it with:

Session send visibility is restricted. Set tools.sessions.visibility=all to allow cross-agent access.

This happened while Billy heartbeat was still alive, so the issue was not that Billy was missing. It was a policy/runtime gate blocking direct cross-agent session access.

A second layer exists in 6.1: the schema says tools.sessions.visibility=all controls cross-session visibility, but cross-agent access also requires tools.agentToAgent.

Relevant schema/docs text in the built runtime:

tools.sessions.visibility: Controls which sessions can be targeted by sessions_list/sessions_history/sessions_send. ("tree" default = current session + spawned subagent sessions; "self" = only current; "agent" = any session in the current agent id; "all" = any session; cross-agent still requires tools.agentToAgent).

Local recovery patch/config

To restore intentional Jarvis -> Billy/direct specialist access, I backed up config and added explicit scoped policy:

"tools": {
  "sessions": {
    "visibility": "all"
  },
  "agentToAgent": {
    "enabled": true,
    "allow": [
      "main",
      "billy",
      "farber",
      "scout",
      "maverick",
      "lumbergh"
    ]
  }
}

Then:

openclaw config validate
openclaw gateway restart --wait 120s
openclaw health --json
openclaw channels status --json

Validation after restart:

• config validates
• Gateway health OK
• Discord Jarvis/main connected after startup stagger
• no plugin load errors

Expected behavior

One of these should happen for multi-agent orchestration configs:

1. If agents.list[].subagents.allowAgents permits a target agent, direct agent-to-agent/session-send orchestration should either work automatically or produce a clear migration hint that mentions both required knobs: tools.sessions.visibility=all and tools.agentToAgent.enabled=true / tools.agentToAgent.allow.
2. openclaw doctor / config validate should warn when an agent has cross-agent delegation configured but the session tools policy blocks direct cross-agent send/history/status operations.
3. The error should not imply that only tools.sessions.visibility=all is required when tools.agentToAgent can be the next blocker.

Actual behavior

The first operator-visible failure only mentioned tools.sessions.visibility=all. It did not mention that cross-agent sends also need tools.agentToAgent, nor did doctor/config validation flag the mismatch between allowed subagents and blocked session sends.

Impact

Operators can misdiagnose this as target-agent failure or model/provider instability. In this case Billy also had separate provider timeout issues, but the direct Jarvis -> Billy health-check failure was OpenClaw-side policy gating, not CrofAI/model behavior.

Suggested fix

• Improve the forbidden error for cross-agent session send/history/status to include both required controls when applicable.
• Add a doctor/config lint for subagents.allowAgents or multi-agent orchestration configs where tools.sessions.visibility and tools.agentToAgent would block direct cross-agent access.
• Consider a migration prompt or guided config command for intentional multi-agent operators to enable a scoped tools.agentToAgent.allow list safely instead of requiring broad manual discovery.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 11, 2026, 3:19 PM ET / 19:19 UTC.

Summary
Codex review failed: retryable codex transport failure (exit 1).

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.
• Share version, platform, channel/provider, and relevant config details.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model internal, reasoning high; reviewed against 9827490f5f73.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.
• remove P2: Current review triage priority is none.
• remove clawsweeper:fix-shape-clear: Current issue advisory state no longer selects this label.
• remove clawsweeper:queueable-fix: Current issue advisory state no longer selects this label.
• remove clawsweeper:source-repro: Current issue advisory state no longer selects this label.
• remove impact:session-state: Current review selected no impact labels.
• remove issue-rating: 🦞 diamond lobster: Current issue advisory state no longer selects this label.

Evidence reviewed

What I checked:

• failure reason: retryable codex transport failure.
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stderr: cal OpenClaw source checkout on Darwin 25.5.0 arm64, Node v26.0.0, pnpm 11.2.2, branch fastino-90443-session-visibility-diagnostics.\n- Exact steps or command run after this patch:\n 1. Ran a local source-checkout behavior probe through createSessionVisibilityRowChecker for a cross-agent send check with visibility: \"tree\".\n 2. Ran pnpm test src/agents/tools/sessions-access.test.ts.\n 3. Ran git diff --check HEAD~1..HEAD.\n- Evidence after fix: Terminal transcript from the local source-checkout behavior probe:\n\n text\n $ pnpm exec tsx --eval 'import { createAgentToAgentPolicy, createSessionVisibilityRowChecker } from \"./src/plugin-sdk/session-visibility.ts\"; const checker = createSessionVisibilityRowChecker({ action: \"send\", requesterSessionKey: \"agent:main\", visibility: \"tree\", a2aPolicy: createAgentToAgentPolicy({ tools: { agentToAgent: { enabled: false } } }) }); console.log(checker.check({ key: \"agent:ops\", agentId: \"ops\" }));'\n {\n allowed: false,\n status: 'forbidden',\n error: 'Session send visibility is restricted. Set tools.sessions.visibility=all and tools.agentToAgent.enabled=true (with allow list) to allow cross-agent access.'\n }\n \n\n Supplemental focused test output:\n\n text\n Test Files 1 passed (1)\n Tests 27 passed (27)\n [test] passed 1 Vitest shard in 3.43s\n \n- Observed result after fix: The real session visibility guard path no.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.