Problem:
Plugin tools registered via the plugin system were silently unavailable
in subagent sessions even when explicitly listed in
tools.subagents.tools.alsoAllow. Users following the documented alsoAllow
pattern would add the config, observe no error, but find their subagents
unable to call the plugin tools they expected.
Root cause (three places):
1. resolveSubagentToolPolicyForSession() in pi-tools.policy.ts returned
{ allow, deny } and dropped alsoAllow off the object entirely. When
only alsoAllow was configured (no explicit allow list), allow remained
undefined and alsoAllow entries were lost before reaching
collectExplicitAllowlist().
2. collectExplicitAllowlist() in tool-policy.ts only iterated policy.allow.
The ToolPolicyLike type also lacked the alsoAllow field entirely.
3. expandPolicyWithPluginGroups() reconstructed the policy as { allow, deny }
and silently discarded alsoAllow — a latent footgun for callers that
expect the transformed policy to still carry the field.
Fix:
- sandbox/types.ts: add alsoAllow to SandboxToolPolicy so the field is
recognized throughout the policy pipeline at the type level.
- tool-policy.ts (ToolPolicyLike): add alsoAllow field.
- tool-policy.ts (collectExplicitAllowlist): merge policy.allow and
policy.alsoAllow before iterating so both sources contribute to the
plugin tool allowlist passed to resolvePluginTools().
- tool-policy.ts (expandPolicyWithPluginGroups): pass alsoAllow through
the expansion so the field is not silently dropped on transformed policies.
- pi-tools.policy.ts (resolveSubagentToolPolicyForSession): preserve
alsoAllow on the returned object. allow stays undefined in the
alsoAllow-only case (correct for access gating via filterToolsByPolicy),
but alsoAllow is no longer discarded before collectExplicitAllowlist().
- tool-policy.test.ts: add six unit tests directly exercising
collectExplicitAllowlist with allow-only, alsoAllow-only, both, empty,
undefined, and multi-policy inputs.
Impact:
With this fix, the documented config pattern works as intended:
tools:
subagents:
tools:
alsoAllow: ["openrag_search"]
All 65 existing and new tool-policy and pi-tools.policy tests pass.
No behavior change for callers that only use policy.allow.
- Added a test to ensure no warnings for legacy Brave config when bundled web search allowlist compatibility is applied.
- Updated validation logic to incorporate compatibility configuration for bundled web search plugins.
- Refactored the ensureRegistry function to utilize the new compatibility handling.
* test: align extension runtime mocks with plugin-sdk
Update stale extension tests to mock the plugin-sdk runtime barrels that production code now imports, and harden the Signal tool-result harness around system-event assertions so the channels lane matches current extension boundaries.
Regeneration-Prompt: |
Verify the failing channels-lane tests against current origin/main in an isolated worktree before changing anything. If the failures reproduce on main, keep the fix test-only unless production behavior is clearly wrong. Recent extension refactors moved Telegram, WhatsApp, and Signal code onto plugin-sdk runtime barrels, so update stale tests that still mock old core module paths to intercept the seams production code now uses. For Signal reaction notifications, avoid brittle assertions that depend on shared queued system-event state when a direct harness spy on enqueue behavior is sufficient. Preserve scope: only touch the failing tests and their local harness, then rerun the reproduced targeted tests plus the full channels lane and repo check gate.
* test: fix extension test drift on main
* fix: lazy-load bundled web search plugin registry
* test: make matrix sweeper failure injection portable
* fix: split heavy matrix runtime-api seams
* fix: simplify bundled web search id lookup
* test: tolerate windows env key casing
Reuse pi-ai's Anthropic client injection seam for streaming, and add
the OpenClaw-side provider discovery, auth, model catalog, and tests
needed to expose anthropic-vertex cleanly.
Signed-off-by: sallyom <somalley@redhat.com>
