Agents: cover subagent memory tool policy

2026-03-28 18:44:51 -07:00 · 2026-03-28 18:44:51 -07:00 · 9c185faba9
parent 6c85c82ba3
commit 9c185faba9
2 changed files with 21 additions and 5 deletions
--- a/src/agents/pi-tools.policy.test.ts
+++ b/src/agents/pi-tools.policy.test.ts
@ -99,6 +99,22 @@ describe("resolveSubagentToolPolicy depth awareness", () => {
    expect(isToolAllowedByPolicyName("sessions_send", policy)).toBe(false);
  });

+  it("applies configured deny to memory tools even though they are allowed by default", () => {
+    const cfg = {
+      agents: { defaults: { subagents: { maxSpawnDepth: 2 } } },
+      tools: {
+        subagents: {
+          tools: {
+            deny: ["memory_search", "memory_get"],
+          },
+        },
+      },
+    } as unknown as OpenClawConfig;
+    const policy = resolveSubagentToolPolicy(cfg, 1);
+    expect(isToolAllowedByPolicyName("memory_search", policy)).toBe(false);
+    expect(isToolAllowedByPolicyName("memory_get", policy)).toBe(false);
+  });
+
  it("does not create a restrictive allowlist when only alsoAllow is configured", () => {
    const cfg = {
      agents: { defaults: { subagents: { maxSpawnDepth: 2 } } },
@ -129,12 +145,12 @@ describe("resolveSubagentToolPolicy depth awareness", () => {
    expect(isToolAllowedByPolicyName("sessions_history", policy)).toBe(true);
  });

-  it("depth-1 orchestrator still denies gateway, cron, memory", () => {
+  it("depth-1 orchestrator still denies gateway and cron but allows memory tools", () => {
    const policy = resolveSubagentToolPolicy(baseCfg, 1);
    expect(isToolAllowedByPolicyName("gateway", policy)).toBe(false);
    expect(isToolAllowedByPolicyName("cron", policy)).toBe(false);
-    expect(isToolAllowedByPolicyName("memory_search", policy)).toBe(false);
-    expect(isToolAllowedByPolicyName("memory_get", policy)).toBe(false);
+    expect(isToolAllowedByPolicyName("memory_search", policy)).toBe(true);
+    expect(isToolAllowedByPolicyName("memory_get", policy)).toBe(true);
  });

  it("depth-2 leaf denies sessions_spawn", () => {
@ -206,6 +222,8 @@ describe("resolveSubagentToolPolicy depth awareness", () => {
    const policy = resolveSubagentToolPolicyForSession(cfg, "agent:main:subagent:flat-leaf");
    expect(isToolAllowedByPolicyName("sessions_spawn", policy)).toBe(false);
    expect(isToolAllowedByPolicyName("subagents", policy)).toBe(false);
+    expect(isToolAllowedByPolicyName("memory_search", policy)).toBe(true);
+    expect(isToolAllowedByPolicyName("memory_get", policy)).toBe(true);
  });

  it("defaults to leaf behavior when no depth is provided", () => {
--- a/src/agents/pi-tools.policy.ts
+++ b/src/agents/pi-tools.policy.ts
@ -30,8 +30,6 @@ const SUBAGENT_TOOL_DENY_ALWAYS = [
  // Status/scheduling - main agent coordinates
  "session_status",
  "cron",
-  // Memory - pass relevant info in spawn prompt instead
-  // (removed: memory_search, memory_get — read-only, essential for multi-agent setups)
  // Direct session sends - subagents communicate through announce chain
  "sessions_send",
 ];