From 761738f96d2fce509ddae905a0616b4087ff6762 Mon Sep 17 00:00:00 2001
From: Eva <eva@100yen.org>
Date: Fri, 1 May 2026 20:29:34 +0700
Subject: [PATCH] fix: scope session entry policy context

---
 docs/.generated/plugin-sdk-api-baseline.sha256              | 4 ++--
 src/agents/pi-tools.before-tool-call.ts                     | 2 +-
 .../contracts/session-entry-projection.contract.test.ts     | 5 ++++-
 src/plugins/hook-types.ts                                   | 1 -
 src/plugins/trusted-tool-policy.ts                          | 6 ++++--
 5 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/docs/.generated/plugin-sdk-api-baseline.sha256 b/docs/.generated/plugin-sdk-api-baseline.sha256
index ec88a2caead..c46acc8bb81 100644
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-cbeddff94b5dc510178b4a33433bac8ac00691ccd71f490abf359c9348a5b3e4  plugin-sdk-api-baseline.json
-0d8ee33684cea3cf0f0f564419bf3378b7cfdd2c1a3798e621bcec3e7e219109  plugin-sdk-api-baseline.jsonl
+b7044c16230d4ed03b2d7f39a6443174bfdbf424868cc173f45bd6e90539bce1  plugin-sdk-api-baseline.json
+7770b6b656780180bdc4c363e23054815709f4744515d89f709c14c0e1f84d9b  plugin-sdk-api-baseline.jsonl
diff --git a/src/agents/pi-tools.before-tool-call.ts b/src/agents/pi-tools.before-tool-call.ts
index b0595e8f3cc..86e2b119469 100644
--- a/src/agents/pi-tools.before-tool-call.ts
+++ b/src/agents/pi-tools.before-tool-call.ts
@@ -479,7 +479,6 @@ export async function runBeforeToolCallHook(args: {
     const toolContext = {
       toolName,
       ...(args.ctx?.agentId && { agentId: args.ctx.agentId }),
-      ...(args.ctx?.config && { config: args.ctx.config }),
       ...(args.ctx?.sessionKey && { sessionKey: args.ctx.sessionKey }),
       ...(args.ctx?.sessionId && { sessionId: args.ctx.sessionId }),
       ...(args.ctx?.runId && { runId: args.ctx.runId }),
@@ -494,6 +493,7 @@ export async function runBeforeToolCallHook(args: {
         ...(args.toolCallId && { toolCallId: args.toolCallId }),
       },
       toolContext,
+      args.ctx?.config ? { config: args.ctx.config } : undefined,
     );
     if (trustedPolicyResult?.block) {
       return {
diff --git a/src/plugins/contracts/session-entry-projection.contract.test.ts b/src/plugins/contracts/session-entry-projection.contract.test.ts
index bc49ad0b425..8e78f136efa 100644
--- a/src/plugins/contracts/session-entry-projection.contract.test.ts
+++ b/src/plugins/contracts/session-entry-projection.contract.test.ts
@@ -262,6 +262,7 @@ describe("plugin session extension SessionEntry projection", () => {
 
   it("exposes scoped session extension reads to trusted tool policies", async () => {
     const seen: unknown[] = [];
+    const seenConfig: unknown[] = [];
     const { config, registry } = createPluginRegistryFixture();
     registerTestPlugin({
       registry,
@@ -281,6 +282,7 @@ describe("plugin session extension SessionEntry projection", () => {
           description: "inspect session extension",
           evaluate(_event, ctx) {
             seen.push(ctx.getSessionExtension?.("policy"));
+            seenConfig.push((ctx as { config?: unknown }).config);
             return undefined;
           },
         });
@@ -321,8 +323,8 @@ describe("plugin session extension SessionEntry projection", () => {
               {
                 toolName: "apply_patch",
                 sessionKey: "agent:main:main",
-                config: tempConfig as never,
               },
+              { config: tempConfig as never },
             ),
           ).resolves.toBeUndefined();
 
@@ -347,6 +349,7 @@ describe("plugin session extension SessionEntry projection", () => {
     }
 
     expect(seen).toEqual([{ gate: "open" }, undefined]);
+    expect(seenConfig).toEqual([undefined, undefined]);
   });
 
   it("does not touch top-level SessionEntry slots when sessionEntrySlotKey is omitted", async () => {
diff --git a/src/plugins/hook-types.ts b/src/plugins/hook-types.ts
index 6c1153dcd8b..996e41b88e9 100644
--- a/src/plugins/hook-types.ts
+++ b/src/plugins/hook-types.ts
@@ -398,7 +398,6 @@ export type PluginHookReplyDispatchResult = {
 
 export type PluginHookToolContext = {
   agentId?: string;
-  config?: OpenClawConfig;
   sessionKey?: string;
   sessionId?: string;
   runId?: string;
diff --git a/src/plugins/trusted-tool-policy.ts b/src/plugins/trusted-tool-policy.ts
index 52c8b2edc41..4577e7bd1b0 100644
--- a/src/plugins/trusted-tool-policy.ts
+++ b/src/plugins/trusted-tool-policy.ts
@@ -1,3 +1,4 @@
+import type { OpenClawConfig } from "../config/types.openclaw.js";
 import type {
   PluginHookBeforeToolCallEvent,
   PluginHookBeforeToolCallResult,
@@ -10,6 +11,7 @@ import { getActivePluginRegistry } from "./runtime.js";
 export async function runTrustedToolPolicies(
   event: PluginHookBeforeToolCallEvent,
   ctx: PluginHookToolContext,
+  options?: { config?: OpenClawConfig },
 ): Promise<PluginHookBeforeToolCallResult | undefined> {
   const policies = getActivePluginRegistry()?.trustedToolPolicies ?? [];
   let adjustedParams = event.params;
@@ -26,12 +28,12 @@ export async function runTrustedToolPolicies(
         if (sessionExtensionCache.has(cacheKey)) {
           return sessionExtensionCache.get(cacheKey) as T | undefined;
         }
-        if (!ctx.config) {
+        if (!options?.config) {
           sessionExtensionCache.set(cacheKey, undefined);
           return undefined;
         }
         const value = getPluginSessionExtensionSync<T>({
-          cfg: ctx.config,
+          cfg: options.config,
           pluginId: registration.pluginId,
           sessionKey: ctx.sessionKey,
           namespace: normalizedNamespace,