PR #81401: fix: inherit agents.defaults.agentRuntime in subagent runtime resolution [AI-assisted]

• Repository: openclaw/openclaw
• Author: luyao618
• State: closed | merged: False
• Link: https://github.com/openclaw/openclaw/pull/81401

Description (problem / solution / changelog)

🤖 AI-assisted (built with Codex via Hermes orchestration). Test level: fully tested. Prompt summary available on request.

Summary

• Problem: resolveModelRuntimePolicy never falls back to agents.defaults.agentRuntime, so subagents silently bypass the configured runtime (e.g. claude-cli) and use the embedded HTTP runner instead — routing API calls to the wrong billing bucket (Extra Usage instead of Max/Pro subscription). One billing failure sets a 24h lockout in auth-state.json that blocks all providers.
• Why it matters: Any Claude Max/Pro user with subagents loses all agent functionality for up to 24 hours with no warning and no auto-recovery.
• What changed: Added agents.defaults.agentRuntime as the final fallback in resolveModelRuntimePolicy(), after per-model and per-provider checks. Added unit tests covering the inheritance chain.
• What did NOT change (scope boundary): No changes to the embedded HTTP runner, provider auth, billing lockout logic, or startup warnings. The fix is limited to the runtime resolution fallback chain.

Change Type (select all)

• Bug fix

Scope (select all touched areas)

• Agents

Linked Issue/PR

• Closes #81395
• This PR fixes a bug or regression

Root Cause

• Root cause: resolveModelRuntimePolicy resolution chain checked agent model entries, provider config, and model config for agentRuntime, but never consulted agents.defaults.agentRuntime as a final fallback. The defaults-level runtime was only used for per-model entries under agents.defaults.models.*, not as a standalone cascade target.
• Missing detection / guardrail: No unit test validated the full inheritance chain for agentRuntime resolution. No startup warning when agents.defaults.agentRuntime is set but subagents would not inherit it.
• Contributing context (if known): The model-runtime-policy module was likely written before agents.defaults.agentRuntime became the primary configuration surface, and the fallback was never added.

Regression Test Plan

• Coverage level that should have caught this:
  • Unit test
• Target test or file: src/agents/model-runtime-policy.test.ts
• Scenario the test should lock in: When agents.defaults.agentRuntime.id is set and no per-model or per-provider runtime is configured, resolveModelRuntimePolicy returns the defaults-level policy as fallback.
• Why this is the smallest reliable guardrail: The resolution function is pure (config in, policy out) — a unit test directly validates the cascade without needing gateway or subprocess infrastructure.
• Existing test that already covers this (if any): N/A — no prior test file existed for this module.
• If no new test is added, why not: N/A — new test added.

User-visible / Behavior Changes

Subagents now correctly inherit agents.defaults.agentRuntime when no per-model or per-provider override is set. Users who set agents.defaults.agentRuntime.id = "claude-cli" no longer need to redundantly configure subagent runtime separately.

Security Impact (required)

• New permissions/capabilities? No
• This fix corrects runtime routing so that subagents use the intended authentication path (CLI OAuth) rather than falling back to direct API access. No new permissions or capabilities are introduced; the fix narrows behavior to match the user's configured intent.

Changed files

• src/agents/model-runtime-policy.test.ts (added, +81/-0)
• src/agents/model-runtime-policy.ts (modified, +4/-0)

PR #81406: fix(agents): inherit agentRuntime from agent entry and agents.defaults

• Repository: openclaw/openclaw
• Author: mturac
• State: closed | merged: False
• Link: https://github.com/openclaw/openclaw/pull/81406

Description (problem / solution / changelog)

Summary

Subagents were ignoring the agentRuntime configuration set at agents.defaults or per-agent level, falling back to direct HTTP instead of the configured runtime (e.g., claude-cli).

This caused subagents to bypass the CLI runtime, hit the Extra Usage quota instead of the Max/Pro subscription, and trigger 24h auth lockout on billing errors.

Changes

• Added checks for agents.list[].agentRuntime and agents.defaults.agentRuntime in resolveModelRuntimePolicy() before the provider-level fallback
• Updated type ModelRuntimePolicySource to include "agent" | "defaults" sources
• Updated tests to verify the new behavior instead of verifying legacy ignore behavior

Resolution Chain

model-entry agentRuntime → agent-level agentRuntime → defaults agentRuntime → provider model config → provider config

Testing

All affected tests pass:

• src/agents/harness/selection.test.ts — 38/38 ✅
• src/agents/harness/ — 380/380 ✅
• src/agents/subagent-spawn.test.ts — 44/44 ✅

Fix

Fixes #81395

Changed files

• src/agents/harness/policy.ts (modified, +1/-1)
• src/agents/harness/selection.test.ts (modified, +5/-4)
• src/agents/model-runtime-policy.ts (modified, +19/-1)

PR #81421: fix(agents): inherit default agent runtime policy

• Repository: openclaw/openclaw
• Author: honor2030
• State: open | merged: False
• Link: https://github.com/openclaw/openclaw/pull/81421

Description (problem / solution / changelog)

Summary

• Teach the agent runtime policy layer to inherit agents.defaults.agentRuntime after explicit provider/model settings.
• Propagate the new defaults runtime source through harness policy/runtime metadata.
• Add regression coverage for default runtime inheritance and update agent-list expectations so default runtime is honored while legacy per-agent runtime overrides stay ignored.

Context

agents.defaults.agentRuntime is part of the config surface, but the runtime policy path fell back to the implicit auto runtime when no explicit model/provider runtime was set. That meant subagent/harness execution could ignore a workspace-wide default runtime even though the config schema accepted it.

Test Plan

• CI follow-up: adjusted doctor-session-state-providers route-state expectation so explicit agents.defaults.agentRuntime wins over legacy OPENCLAW_AGENT_RUNTIME env fallback; local focused suite: 4 files / 18 tests passed.
• RED: kept the new regression test and temporarily removed the implementation changes; src/agents/harness/policy.test.ts failed with runtime: "auto" / runtimeSource: "implicit" instead of runtime: "claude-cli" / runtimeSource: "defaults".
• GREEN: direct Vitest run for src/agents/harness/policy.test.ts and src/agents/tools/agents-list-tool.test.ts passed: 3 files, 11 tests.
• Type check: node scripts/run-tsgo.mjs -p tsconfig.core.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/core.tsbuildinfo
• Type check: node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.core.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/core-test.tsbuildinfo
• Change check: node scripts/check-changed.mjs --dry-run

Real behavior proof

• Behavior or issue addressed: A subagent/harness runtime policy now inherits the workspace-level agents.defaults.agentRuntime when no provider/model runtime override is set, instead of falling back to implicit auto.

• Real environment tested: Local OpenClaw checkout on macOS, branch fix/subagent-default-agent-runtime, commit b44208b61a2cc6106a6ccf8907cc24651b20f6bf, Node v23.11.0. The command invoked the real resolveAgentHarnessPolicy implementation from the patched source.

• Exact steps or command run after this patch:

  PATH=/opt/homebrew/bin:/opt/homebrew/sbin:$PATH node_modules/.bin/tsx -e "import { resolveAgentHarnessPolicy } from './src/agents/harness/policy.ts'; const config = { agents: { defaults: { model: 'anthropic/claude-sonnet-4-6', agentRuntime: { id: 'claude-cli' }, subagents: { allowAgents: ['worker'] } }, list: [{ id: 'main', default: true }, { id: 'worker' }] } }; const policy = resolveAgentHarnessPolicy({ provider: 'anthropic', modelId: 'claude-sonnet-4-6', config, agentId: 'worker', sessionKey: 'agent:main:worker' }); console.log(JSON.stringify({ scenario: 'subagent-default-runtime', policy }, null, 2)); if (policy.runtime !== 'claude-cli' || policy.runtimeSource !== 'defaults') process.exit(1);"

• Evidence after fix: Terminal output copied from the local OpenClaw checkout after the patch:

  {
    "scenario": "subagent-default-runtime",
    "policy": {
      "runtime": "claude-cli",
      "runtimeSource": "defaults"
    }
  }

• Observed result after fix: The real policy resolver returned runtime: "claude-cli" and runtimeSource: "defaults", confirming that agents.defaults.agentRuntime is now consumed by the runtime policy path.

• What was not tested: No full external agent runtime process was launched; this PR is limited to the config/policy selection path and its metadata/test coverage.

Fixes #81395

Changed files

• src/agents/agent-runtime-metadata.ts (modified, +1/-1)
• src/agents/harness/policy.test.ts (added, +76/-0)
• src/agents/harness/policy.ts (modified, +1/-1)
• src/agents/model-runtime-policy.ts (modified, +4/-1)
• src/agents/tools/agents-list-tool.test.ts (modified, +2/-2)
• src/commands/doctor-session-state-providers.test.ts (modified, +2/-2)