From 4ca35cf57c0431b35d6ecc3aaa29ef70b0ee9291 Mon Sep 17 00:00:00 2001
From: Lauren ten Hoor <laurentenhoor@gmail.com>
Date: Mon, 9 Feb 2026 23:05:48 +0800
Subject: [PATCH] feat: add tool restrictions to DevClaw agents in plugin
 config

---
 lib/setup.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/setup.ts b/lib/setup.ts
index 02ac4b2..6254b94 100644
--- a/lib/setup.ts
+++ b/lib/setup.ts
@@ -277,6 +277,7 @@ async function resolveWorkspacePath(agentId: string): Promise<string> {
 
 /**
  * Write DevClaw model tier config and devClawAgentIds to openclaw.json plugins section.
+ * Also adds tool restrictions (deny sessions_spawn) to DevClaw agents.
  * Read-modify-write to preserve existing config.
  */
 async function writePluginConfig(
@@ -307,6 +308,17 @@ async function writePluginConfig(
     if (!existing.includes(agentId)) {
       config.plugins.entries.devclaw.config.devClawAgentIds = [...existing, agentId];
     }
+
+    // Add tool restrictions (deny sessions_spawn) to the agent
+    const agent = config.agents?.list?.find((a: { id: string }) => a.id === agentId);
+    if (agent) {
+      if (!agent.tools) {
+        agent.tools = {};
+      }
+      agent.tools.deny = ["sessions_spawn"];
+      // Clear any conflicting allow list
+      delete agent.tools.allow;
+    }
   }
 
   // Atomic write