fix(sessions): clarify cross-agent visibility guidance

[sahibzada-allahyar]

What changed

• Updated cross-agent session visibility errors to name both required controls instead of only tools.sessions.visibility=all.
• Updated session access tests for the new operator-facing guidance.

Fixes #90443

Real behavior proof

• Behavior or issue addressed: Cross-agent session access denial now tells the operator both required controls. Before this PR, the session visibility guard only told operators to set tools.sessions.visibility=all; after this PR, it also names tools.agentToAgent.enabled=true and the allow list requirement.

• Real environment tested: Local OpenClaw source checkout on Darwin 25.5.0 arm64, Node v26.0.0, pnpm 11.2.2, branch fastino-90443-session-visibility-diagnostics.

• Exact steps or command run after this patch:

  1. Ran a local source-checkout behavior probe through createSessionVisibilityRowChecker for a cross-agent send check with visibility: "tree".
  2. Ran pnpm test src/agents/tools/sessions-access.test.ts.
  3. Ran git diff --check HEAD~1..HEAD.

• Evidence after fix: Terminal transcript from the local source-checkout behavior probe:

  $ pnpm exec tsx --eval 'import { createAgentToAgentPolicy, createSessionVisibilityRowChecker } from "./src/plugin-sdk/session-visibility.ts"; const checker = createSessionVisibilityRowChecker({ action: "send", requesterSessionKey: "agent:main", visibility: "tree", a2aPolicy: createAgentToAgentPolicy({ tools: { agentToAgent: { enabled: false } } }) }); console.log(checker.check({ key: "agent:ops", agentId: "ops" }));'
  {
    allowed: false,
    status: 'forbidden',
    error: 'Session send visibility is restricted. Set tools.sessions.visibility=all and tools.agentToAgent.enabled=true (with allow list) to allow cross-agent access.'
  }
  

  Supplemental focused test output:

  Test Files  1 passed (1)
  Tests  27 passed (27)
  [test] passed 1 Vitest shard in 3.43s
  

• Observed result after fix: The real session visibility guard path now returns the corrected cross-agent guidance including both tools.sessions.visibility=all and tools.agentToAgent.enabled=true (with allow list).

• What was not tested: No live multi-agent gateway run with separate Jarvis/Billy credentials. No doctor command behavior changed; this PR only changes the session-access denial guidance path.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 4, 2026, 8:40 PM ET / 00:40 UTC.

Summary
The PR updates the shared session visibility denial message and focused session-access expectations so cross-agent visibility guidance names both tools.sessions.visibility=all and tools.agentToAgent.enabled=true with an allow list.

PR surface: Source +2, Tests 0. Total +2 across 2 files.

Reproducibility: yes. Source inspection shows current main returns the older single-knob cross-agent visibility denial, and the PR body includes an after-fix terminal probe that hits the real helper path for the reported send guidance.

Review metrics: none identified.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Next step before merge

• [P2] No repair lane is needed; the PR has no blocking review finding and can proceed through normal maintainer merge checks.

Security
Cleared: The diff only changes TypeScript error copy and focused tests; it does not touch dependencies, workflows, secrets, permissions, package metadata, or code execution paths.

Review details

Best possible solution:

Land the central helper message update after standard checks; keep any broader doctor/config lint ideas from the linked issue as separate follow-up only if maintainers still want them.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main returns the older single-knob cross-agent visibility denial, and the PR body includes an after-fix terminal probe that hits the real helper path for the reported send guidance.

Is this the best way to solve the issue?

Yes. Updating the shared session visibility helper is the narrow maintainable fix because list, history, send, and status all consume that central decision path instead of carrying separate copied messages.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against edb920b857ce.

Label changes

Label changes:

• add P2: This is a normal user-facing diagnostics fix for session tooling with limited blast radius and a linked P2 session-state report.
• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes a local source-checkout terminal transcript invoking the real session visibility helper after the patch and showing the corrected denial message, plus focused test output.
• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes a local source-checkout terminal transcript invoking the real session visibility helper after the patch and showing the corrected denial message, plus focused test output.
• remove rating: 🧂 unranked krab: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.
• remove status: 📣 needs proof: Current PR status label is status: 👀 ready for maintainer look.

Label justifications:

• P2: This is a normal user-facing diagnostics fix for session tooling with limited blast radius and a linked P2 session-state report.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes a local source-checkout terminal transcript invoking the real session visibility helper after the patch and showing the corrected denial message, plus focused test output.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes a local source-checkout terminal transcript invoking the real session visibility helper after the patch and showing the corrected denial message, plus focused test output.

Evidence reviewed

PR surface:

Source +2, Tests 0. Total +2 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	6	4	+2
Tests	1	2	2	0
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	8	6	+2

What I checked:

• PR diff: The proposed commit changes crossVisibilityMessage to use one shared suffix mentioning both required controls and updates two focused session-access expectations that exercise the shared helper. (src/plugin-sdk/session-visibility.ts:238, cdacc32b5245)
• Current main behavior: Current main returns the older single-knob tools.sessions.visibility=all message from crossVisibilityMessage, and createSessionVisibilityRowChecker uses that message whenever a target is cross-agent and visibility is not all. (src/plugin-sdk/session-visibility.ts:238, edb920b857ce)
• Config contract alignment: The public config docs and schema help already state that tools.sessions.visibility=all still requires tools.agentToAgent, so the revised denial guidance matches the documented contract. Public docs: docs/gateway/config-tools.md. (docs/gateway/config-tools.md:389, edb920b857ce)
• Caller path: The list, history, send, and status session tools route visibility failures through createSessionVisibilityRowChecker or createSessionVisibilityGuard, so the central helper is the right narrow surface for this copy fix. (src/agents/tools/sessions-send-tool.ts:499, edb920b857ce)
• Real behavior proof: The PR body includes an after-fix terminal transcript from a local source checkout invoking createSessionVisibilityRowChecker for a cross-agent send check and showing the corrected denial text; it also reports the focused session-access test passing. (src/plugin-sdk/session-visibility.ts:293, cdacc32b5245)
• History provenance: Blame and pickaxe history show the current session visibility policy and denial-message helper were introduced with commit 8cb093e7a9e5b774267096c04792f1e015405235, which also added the adjacent tests and config docs. (src/plugin-sdk/session-visibility.ts:238, 8cb093e7a9e5)

Likely related people:

• steipete: git blame and git log -S point to commit 8cb093e7a9e5b774267096c04792f1e015405235 as the introduction of the session visibility helper, A2A policy checks, adjacent tests, and config documentation touched by this PR. (role: introduced behavior and recent area contributor; confidence: high; commits: 8cb093e7a9e5; files: src/plugin-sdk/session-visibility.ts, src/agents/tools/sessions-access.test.ts, docs/gateway/config-tools.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[sahibzada-allahyar]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26988081057
• Updated: 2026-06-05T00:40:40.468Z