fix(schema): accept tools.codeMode at agent-entry scope (#83388)

[hclsys]

Fixes #83388.

docs/reference/code-mode.md describes tools.codeMode.enabled: true as settable at "the agent or runtime config", but AgentToolsSchema in src/config/zod-schema.agent-runtime.ts is .strict() and didn't include codeMode. Only the top-level ToolsSchema accepted it. Gateway startup rejected the documented per-agent shape with agents.list.0.tools: Unrecognized key: "codeMode".

This patch adds codeMode: CodeModeSchema to AgentToolsSchema, mirroring the top-level schema. CodeModeSchema already supports the boolean shorthand and the full options object (enabled/runtime/mode/languages/timeoutMs/memoryLimitBytes/...). strict() is preserved on the inner schema, so unknown nested keys still reject.

Per-agent enablement enables the testing/rollout pattern the issue requests: turn on code mode for a single agent without forcing fleet-wide behavior change.

Changes

• src/config/zod-schema.agent-runtime.ts: add codeMode: CodeModeSchema to AgentToolsSchema. 5-line comment referencing code-mode: AgentToolsSchema rejects "codeMode" key but docs say agent-level config works #83388.
• src/config/zod-schema.agent-defaults.test.ts: 1 new regression case covering boolean shorthand, {enabled: true} shape, full options object, and a negative-control (unknown nested key still rejected).

Real behavior proof

• Behavior or issue addressed: Gateway rejected the documented per-agent shape { id: "test-agent", tools: { codeMode: { enabled: true } } } with Unrecognized key: "codeMode".

• Real environment tested: Local Node 22.x with the actual zod/v4 package from a sibling scout checkout (/tmp/openclaw_scout/node_modules/zod/v4/index.cjs). Probe at /tmp/probe_83388.mjs rebuilds the relevant pieces (CodeModeSchema union of boolean + strict object, an OLD AgentToolsSchema-shaped strict object without codeMode, and a NEW one with it) and parses 5 inputs against both.

• Exact steps or command run after this patch: node /tmp/probe_83388.mjs

• Evidence after fix:

OLD parse {codeMode:{enabled:true}}: REJECT
NEW parse {codeMode:{enabled:true}}: ACCEPT
PASS: OLD rejects per-agent codeMode (bug confirmed)
PASS: NEW accepts {enabled:true}
PASS: NEW accepts true (boolean form)
PASS: NEW rejects unknown nested key (strict preserved)
PASS: NEW accepts full object form

ALL CASES PASS

• Observed result after fix: AgentEntrySchema.safeParse({ id: "...", tools: { codeMode: { enabled: true } } }) now returns success: true. The boolean shorthand codeMode: true and the full options object are also accepted (mirroring the top-level shape). Unknown nested keys still reject because CodeModeSchema's inner object is .strict() — this is the negative-control assertion.

• What was not tested: End-to-end gateway restart against a real config file with a per-agent codeMode block. The new vitest case covers the schema-level public contract (AgentEntrySchema.safeParse); the probe covers the zod-package-level behavior in isolation; the gateway config-validation path consumes the same AgentEntrySchema so this fix transitively unblocks the startup path the issue describes.

Audit (per CLAUDE rules)

• Existing-helper check: Reuses the existing CodeModeSchema declared at line 590 of the same file (the schema the top-level ToolsSchema already uses). No new schema definition. PASS
• Shared-helper caller check: AgentToolsSchema is file-local (no export). Consumed at exactly one site: AgentEntrySchema at line 1009. Adding an optional key doesn't break existing consumers — they continue to omit codeMode. PASS
• Broader-fix rival scan: No open PRs touching AgentToolsSchema / codeMode schema as of branch SHA. PASS

[clawsweeper]

Codex review: needs real behavior proof before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR adds codeMode: CodeModeSchema to the per-agent tools schema and adds a regression test for accepted per-agent code-mode shapes.

Reproducibility: yes. Current-main source shows the documented agents.list[].tools.codeMode path enters strict AgentToolsSchema without codeMode, and the runtime activation path reads only root config.tools.codeMode.

PR rating
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🧂 unranked krab
Summary: Not merge-ready because the patch is incomplete for runtime behavior and the supplied proof does not demonstrate the actual changed OpenClaw path.

Rank-up moves:

• Wire active-agent tools.codeMode into code-mode activation and OpenAI payload enforcement.
• Update AgentToolsConfig and focused tests so schema, type, and runtime behavior agree.
• Add redacted real behavior proof from a gateway or CLI run showing per-agent config accepted and the model-visible tools reduced to exec and wait.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs stronger real behavior proof before merge: The PR body includes terminal output from a manually rebuilt zod probe, but it does not run the changed OpenClaw code or a real gateway/config path after the patch. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge
Why this matters: - Merging this as-is would change the reported config from rejected to accepted-but-ineffective for per-agent code mode, which can leave normal tools visible when the operator expected the exec/wait security boundary.

• The supplied proof does not run the changed OpenClaw module or a gateway config, so it does not demonstrate the actual after-fix behavior.
• The schema change would leave AgentToolsConfig out of sync with accepted config, creating a stale typed contract for callers and tests.

Maintainer choices:

1. (recommended) Fix the PR before merge with ClawSweeper automerge:

@clawsweeper automerge
Special instructions: Revise the PR to make `agents.list[].tools.codeMode` a complete contract: schema, `AgentToolsConfig`, active-agent runtime resolution, payload enforcement, and after-fix gateway or CLI proof showing agent-only code mode produces `exec` and `wait`.

2. Accept the merge risk explicitly:

Merge as-is only if maintainers intentionally accept this risk: Revise the PR to make `agents.list[].tools.codeMode` a complete contract: schema, `AgentToolsConfig`, active-agent runtime resolution, payload enforcement, and after-fix gateway or CLI proof showing agent-only code mode produces `exec` and `wait`.

3. Stop automation and require a human merge decision:

Do not automerge this PR. Ask a maintainer to decide whether to require changes, merge anyway, or close the PR as not worth the risk: Revise the PR to make `agents.list[].tools.codeMode` a complete contract: schema, `AgentToolsConfig`, active-agent runtime resolution, payload enforcement, and after-fix gateway or CLI proof showing agent-only code mode produces `exec` and `wait`.

Next step before merge
The PR needs author or maintainer revision because schema acceptance is incomplete and the external contributor proof is insufficient, so ClawSweeper repair should not take over before the real-behavior gate is satisfied.

Security
Needs attention: The patch touches a security-sensitive tool-surface gate and currently accepts an agent-level code-mode config without making that config enforce the exec/wait boundary.

Review findings

• [P1] Wire per-agent code mode into runtime activation — src/config/zod-schema.agent-runtime.ts:711
• [P2] Keep the typed agent tools contract aligned — src/config/zod-schema.agent-runtime.ts:711

Review details

Best possible solution:

Revise the PR to make agents.list[].tools.codeMode a complete contract: schema, AgentToolsConfig, active-agent runtime resolution, payload enforcement, and after-fix gateway or CLI proof showing agent-only code mode produces exec and wait.

Do we have a high-confidence way to reproduce the issue?

Yes. Current-main source shows the documented agents.list[].tools.codeMode path enters strict AgentToolsSchema without codeMode, and the runtime activation path reads only root config.tools.codeMode.

Is this the best way to solve the issue?

No. Accepting the key in the schema is necessary but not sufficient because the selected agent's override is not used by code-mode activation or the OpenAI payload guard.

Full review comments:

• [P1] Wire per-agent code mode into runtime activation — src/config/zod-schema.agent-runtime.ts:711
  Adding codeMode here makes the per-agent config validate, but the run path still calls resolveCodeModeConfig(params.config), and that helper only reads root config.tools.codeMode. With only agents.list[].tools.codeMode.enabled set, the gateway can start while code mode remains disabled, leaving normal tools visible instead of the documented exec/wait surface. Please resolve the active agent's code-mode config for activation and payload enforcement, then test that agent-only config actually changes the model tool list.
  Confidence: 0.92
• [P2] Keep the typed agent tools contract aligned — src/config/zod-schema.agent-runtime.ts:711
  The schema now accepts agents.list[].tools.codeMode, but AgentToolsConfig still has no codeMode?: CodeModeConfig field. That leaves TypeScript callers and generated config surfaces out of sync with the parser, so the PR should update the exported config type alongside the schema.
  Confidence: 0.88

Overall correctness: patch is incorrect
Overall confidence: 0.91

Security concerns:

• [high] Avoid accepting no-op code-mode security config — src/config/zod-schema.agent-runtime.ts:711
  Code mode is documented as hiding normal tools behind exec and wait, but this patch only accepts the per-agent key. Since runtime activation still reads root tools.codeMode, an operator can believe agent-level code mode is active while normal tools remain exposed.
  Confidence: 0.9

Acceptance criteria:

• node scripts/run-vitest.mjs src/config/zod-schema.agent-defaults.test.ts src/agents/code-mode.test.ts src/agents/pi-embedded-runner/openai-stream-wrappers.test.ts src/agents/pi-embedded-runner/run/attempt.test.ts
• Redacted gateway or CLI run with only agents.list[].tools.codeMode.enabled=true showing startup succeeds and provider-visible tools are exec,wait for that agent.

What I checked:

• PR diff is schema-only for runtime behavior: The diff adds codeMode: CodeModeSchema to AgentToolsSchema and tests AgentEntrySchema.safeParse, but it does not change runtime code-mode resolution or exported config types. (src/config/zod-schema.agent-runtime.ts:711, f9bfa5d12d0e)
• Docs promise agent-level code-mode config: The current docs say tools.codeMode.enabled: true can be added to the agent or runtime config, making the reported per-agent shape part of the user-facing contract. Public docs: docs/reference/code-mode.md. (docs/reference/code-mode.md:67, cd15ce35a0ee)
• Current main rejects the per-agent key before this PR: AgentToolsSchema is strict and currently lists per-agent tools fields without codeMode; AgentEntrySchema wires agents.list[].tools to that strict schema, while top-level ToolsSchema includes codeMode. (src/config/zod-schema.agent-runtime.ts:703, cd15ce35a0ee)
• Runtime activation still reads root tools config: readCodeModeRawConfig reads only config.tools.codeMode, and embedded runs call resolveCodeModeConfig(params.config), so accepting agents.list[].tools.codeMode alone does not activate code mode for the selected agent. (src/agents/code-mode.ts:124, cd15ce35a0ee)
• Config type surface remains unaligned: AgentToolsConfig omits codeMode, while top-level ToolsConfig includes codeMode?: CodeModeConfig; the PR would make schema and TypeScript config contracts diverge. (src/config/types.tools.ts:362, cd15ce35a0ee)
• Linked issue remains open and references this PR: The related issue describes the same docs/schema mismatch and remains open with this PR as the closing implementation candidate.

Likely related people:

• steipete: Merged feature history for the affected code-mode runtime, schema, docs, tests, and type surface comes from [codex] Add generic OpenClaw code mode #80600. (role: code-mode feature owner; confidence: high; commits: b0c9278ffd2e, bd4da03e68df, 0db097936568; files: src/agents/code-mode.ts, src/config/zod-schema.agent-runtime.ts, src/config/types.tools.ts)
• pashpashpash: Reviewed the original generic code-mode PR and called out the OpenClaw-versus-Codex harness boundary, which is relevant to code-mode activation and tool-surface behavior. (role: feature-boundary reviewer; confidence: medium; commits: f61a088a9d81; files: src/agents/code-mode.ts, src/agents/pi-embedded-runner/openai-stream-wrappers.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against cd15ce35a0ee.