fix: add missing allowAgents to agent defaults subagents schema

[Yida-Dev]

Summary

• subagents.allowAgents was defined in the per-agent runtime schema (zod-schema.agent-runtime.ts) but missing from the agent defaults schema (zod-schema.agent-defaults.ts) and its type definition (types.agent-defaults.ts)
• Because the defaults schema uses .strict(), any config containing agents.defaults.subagents.allowAgents was silently stripped during validation
• This meant sessions_spawn always saw an empty allowAgents array and rejected all spawn requests when configured via defaults
• Added allowAgents: z.array(z.string()).optional() to the defaults Zod schema and allowAgents?: string[] to the TypeScript type

Test plan

• Added test: schema accepts allowAgents with wildcard ["*"]
• Added test: schema accepts allowAgents with specific agent ids
• Added test: schema rejects non-string array values in allowAgents
• All existing tests pass

Closes #10031

🤖 Generated with Claude Code

Greptile Overview

Greptile Summary

This PR adds subagents.allowAgents to the agent defaults config surface so it is no longer dropped by the defaults .strict() Zod schema.

Concretely:

• Extends src/config/zod-schema.agent-defaults.ts so agents.defaults.subagents.allowAgents can be provided (as an optional string[]).
• Extends the corresponding TS type in src/config/types.agent-defaults.ts.
• Adds a small Vitest file to cover accept/reject behavior for allowAgents values.

This aligns the defaults schema/type with the already-supported per-agent runtime schema, allowing sessions_spawn to see the intended allowlist when configured via defaults.

Confidence Score: 4/5

• This PR looks safe to merge and is a narrow schema/type fix.
• Changes are limited to adding an optional field in the defaults schema/type plus straightforward schema parsing tests; no runtime logic changes. Only remaining uncertainty is local test execution in this environment (pnpm not available here), but the test code is simple and consistent with existing patterns.
• No files require special attention

[BuffMcBigHuge]

I discovered this issue as well.

[BuffMcBigHuge]

@Yida-Dev This method works: https://www.reddit.com/r/openclaw/comments/1qz2htl/sub_agents_with_entirely_separate_workspaces/

[mverrilli]

Confirmed this PR fixes my issue.

[Yida-Dev]

Glad to hear the fix works for you @mverrilli and @BuffMcBigHuge! Thanks for confirming. The missing allowAgents field in the defaults schema was indeed causing subagent configs to be silently rejected.

[ethduke]

Confirming this is still needed on 2026.2.19-2 (45d9b20), Linux/EC2.

Hit this tonight, agents.defaults.subagents.allowAgents rejected by schema validation, sessions_spawn returns forbidden (allowed: none). The per-agent workaround (putting allowAgents in agents.list[].subagents instead of defaults) works, but forces users to create an explicit agents.list entry even for single-agent setups.
This has been broken across every version since 2026.2.3-1. The fix here is correct and minimal. Would be great to get this merged — it's blocking multi-agent workflows for everyone using the defaults config path.

[haydonryan]

ALso hit this and really want this PR to be merged!

[MatiasMartinez90]

We are also blocked by this. Running a multi-agent setup with 5+ directors and workers communicating via Slack channels as a workaround because sessions_spawn with agentId fails. The allowAgents key in agents.defaults.subagents causes a schema validation error and CrashLoopBackOff. Would really appreciate this getting merged, it would simplify our entire agent-to-agent communication architecture. Thanks!

[openclaw-barnacle]

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[openclaw-barnacle]

Closing due to inactivity.
If you believe this PR should be revived, post in #pr-thunderdome-dangerzone on Discord to talk to a maintainer.
That channel is the escape hatch for high-quality PRs that get auto-closed.