fix: preserve session policy extension lookup

2026-05-06 19:00:45 +00:00 · 2026-05-02 01:21:42 +07:00
parent e0f8843e7a
commit 2d5357d7bc
5 changed files with 24 additions and 6 deletions
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-b7044c16230d4ed03b2d7f39a6443174bfdbf424868cc173f45bd6e90539bce1  plugin-sdk-api-baseline.json
-7770b6b656780180bdc4c363e23054815709f4744515d89f709c14c0e1f84d9b  plugin-sdk-api-baseline.jsonl
+c04717506cb856f1ca3f8ddbc95dd4616fcdcc34c0115a26474210b45c745223  plugin-sdk-api-baseline.json
+f30ff6ca7323f486f78760a60004cc6296af77962a7b5377cde3aea5aae5dbdb  plugin-sdk-api-baseline.jsonl
--- a/extensions/codex/src/app-server/dynamic-tools.ts
+++ b/extensions/codex/src/app-server/dynamic-tools.ts
@@ -6,6 +6,7 @@ import {
  extractToolResultMediaArtifact,
  filterToolResultMediaUrls,
  HEARTBEAT_RESPONSE_TOOL_NAME,
+  type EmbeddedRunAttemptParams,
  isToolWrappedWithBeforeToolCallHook,
  isMessagingTool,
  isMessagingToolSendAction,
@@ -47,6 +48,7 @@ export function createCodexDynamicToolBridge(params: {
  signal: AbortSignal;
  hookContext?: {
    agentId?: string;
+    config?: EmbeddedRunAttemptParams["config"];
    sessionId?: string;
    sessionKey?: string;
    runId?: string;
--- a/extensions/codex/src/app-server/run-attempt.ts
+++ b/extensions/codex/src/app-server/run-attempt.ts
@@ -425,6 +425,7 @@ export async function runCodexAppServerAttempt(
    signal: runAbortController.signal,
    hookContext: {
      agentId: sessionAgentId,
+      config: params.config,
      sessionId: params.sessionId,
      sessionKey: sandboxSessionKey,
      runId: params.runId,
--- a/src/plugins/contracts/session-entry-projection.contract.test.ts
+++ b/src/plugins/contracts/session-entry-projection.contract.test.ts
@@ -606,8 +606,8 @@ describe("plugin session extension SessionEntry projection", () => {
      { gate: "open" },
      { gate: "second" },
      undefined,
-      undefined,
-      undefined,
+      { gate: "open" },
+      { gate: "second" },
      undefined,
    ]);
    expect(seenConfig).toEqual([undefined, undefined]);
--- a/src/plugins/trusted-tool-policy.ts
+++ b/src/plugins/trusted-tool-policy.ts
@@ -1,3 +1,4 @@
+import { getRuntimeConfig } from "../config/config.js";
 import type { OpenClawConfig } from "../config/types.openclaw.js";
 import type {
  PluginHookBeforeToolCallEvent,
@@ -18,6 +19,19 @@ export async function runTrustedToolPolicies(
  let hasAdjustedParams = false;
  let approval: PluginHookBeforeToolCallResult["requireApproval"];
  const sessionExtensionStateCache = new Map<string, Record<string, PluginJsonValue> | undefined>();
+  let resolvedSessionConfig: OpenClawConfig | undefined = options?.config;
+  let didResolveSessionConfig = Boolean(options?.config);
+  const resolveSessionConfig = (): OpenClawConfig | undefined => {
+    if (!didResolveSessionConfig) {
+      didResolveSessionConfig = true;
+      try {
+        resolvedSessionConfig = getRuntimeConfig();
+      } catch {
+        resolvedSessionConfig = undefined;
+      }
+    }
+    return resolvedSessionConfig;
+  };
  for (const registration of policies) {
    const policyCtx: PluginHookToolContext = {
      ...ctx,
@@ -26,11 +40,12 @@ export async function runTrustedToolPolicies(
        const normalizedNamespace = namespace.trim();
        const cacheKey = registration.pluginId;
        if (!sessionExtensionStateCache.has(cacheKey)) {
+          const config = ctx.sessionKey ? resolveSessionConfig() : undefined;
          sessionExtensionStateCache.set(
            cacheKey,
-            options?.config
+            config
              ? getPluginSessionExtensionStateSync({
-                  cfg: options.config,
+                  cfg: config,
                  pluginId: registration.pluginId,
                  sessionKey: ctx.sessionKey,
                })