From f011d0be28afbc7868f5e55c1117c779bd0a9f10 Mon Sep 17 00:00:00 2001
From: Jacob Tomlinson <jacobtomlinson@users.noreply.github.com>
Date: Mon, 30 Mar 2026 08:26:53 -0700
Subject: [PATCH] fix(gateway): treat OpenAI HTTP ingress as non-owner (#57769)

Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
---
 src/gateway/openai-http.test.ts | 2 ++
 src/gateway/openai-http.ts      | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/gateway/openai-http.test.ts b/src/gateway/openai-http.test.ts
index 5480135a9cf..6c6d12f4903 100644
--- a/src/gateway/openai-http.test.ts
+++ b/src/gateway/openai-http.test.ts
@@ -146,6 +146,7 @@ describe("OpenAI-compatible HTTP API (e2e)", () => {
             message?: string;
             extraSystemPrompt?: string;
             images?: Array<{ type: string; data: string; mimeType: string }>;
+            senderIsOwner?: boolean;
           }
         | undefined;
     const getFirstAgentMessage = () => getFirstAgentCall()?.message ?? "";
@@ -169,6 +170,7 @@ describe("OpenAI-compatible HTTP API (e2e)", () => {
         messages: [{ role: "user", content: message }],
       });
       expect(res.status).toBe(200);
+      expect(getFirstAgentCall()?.senderIsOwner).toBe(false);
       return (await res.json()) as Record<string, unknown>;
     };
 
diff --git a/src/gateway/openai-http.ts b/src/gateway/openai-http.ts
index 61e6c958765..138799f0698 100644
--- a/src/gateway/openai-http.ts
+++ b/src/gateway/openai-http.ts
@@ -117,8 +117,8 @@ function buildAgentCommandInput(params: {
     deliver: false as const,
     messageChannel: params.messageChannel,
     bestEffortDeliver: false as const,
-    // HTTP API callers are authenticated operator clients for this gateway context.
-    senderIsOwner: true as const,
+    // OpenAI-compatible HTTP ingress is external input and must not inherit owner-only tools.
+    senderIsOwner: false as const,
     allowModelOverride: true as const,
   };
 }