From 631102e71413e13cfb701368711db342d732e8f1 Mon Sep 17 00:00:00 2001
From: Jake <mcinteerj@gmail.com>
Date: Thu, 12 Feb 2026 14:55:12 +1300
Subject: [PATCH] fix(agents): scope process/exec tools to sessionKey for
 isolation (#4887)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 5d30672e756cc10a6cda90f5bc55cf4812b7d1d6
Co-authored-by: mcinteerj <3613653+mcinteerj@users.noreply.github.com>
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Reviewed-by: @Takhoffman
---
 src/agents/pi-tools.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/agents/pi-tools.ts b/src/agents/pi-tools.ts
index 0508cda22e7..811d4708742 100644
--- a/src/agents/pi-tools.ts
+++ b/src/agents/pi-tools.ts
@@ -212,7 +212,10 @@ export function createOpenClawCodingTools(options?: {
     providerProfilePolicy,
     providerProfileAlsoAllow,
   );
-  const scopeKey = options?.exec?.scopeKey ?? (agentId ? `agent:${agentId}` : undefined);
+  // Prefer sessionKey for process isolation scope to prevent cross-session process visibility/killing.
+  // Fallback to agentId if no sessionKey is available (e.g. legacy or global contexts).
+  const scopeKey =
+    options?.exec?.scopeKey ?? options?.sessionKey ?? (agentId ? `agent:${agentId}` : undefined);
   const subagentPolicy =
     isSubagentSessionKey(options?.sessionKey) && options?.sessionKey
       ? resolveSubagentToolPolicy(options.config)