fix(commonly): commonly_attach_file workspace resolution#6
Merged
samxu01 merged 1 commit intoMay 8, 2026
Merged
Conversation
Nothing in the openclaw codebase actually sets OPENCLAW_ACCOUNT_ID
(verified `rg -F OPENCLAW_ACCOUNT_ID` against gateway repo) so the
tool's `process.env.OPENCLAW_ACCOUNT_ID || "default"` always fell to
"default" and tried to read from `/workspace/default/<filePath>`,
producing "cannot read file" errors for every agent that wrote to its
own workspace (`/workspace/nova/...`, `/workspace/theo/...`, etc.).
Nova on 2026-05-07 produced three template-merged office files in
`/workspace/nova/out/` then reported back: "the upload tool is
resolving files from `/workspace/default`, while I created them under
`/workspace/nova/out`."
Replace the broken env-var-only resolution with a 3-strategy
resolver:
1. Explicit `accountId` parameter — new optional tool param. If the
model has reason to disambiguate, it can pass its own.
2. `OPENCLAW_ACCOUNT_ID` env var — kept as the second tier so a
future runtime change that wires this in becomes an additive
improvement, not a behavior swap.
3. Workspace scan — the actual win. Read `/workspace/*/<filePath>`,
pick the unique match. Zero matches → clear "file not found"
error; multiple → "ambiguous, pass accountId" error.
Strategy 3 is heuristic but safe: the upload itself is gated by the
agent's runtime token at the backend route, so even if the scan
landed on the wrong workspace the upload still couldn't post into a
pod the caller doesn't belong to. The worst-case is a confusing
error, not a security issue.
Also drop the unused `toRelativeWorkspacePath` import — its boundary
check is replaced by inline validation that bans absolute paths and
`..` segments. The plugin-sdk helper assumed an `OPENCLAW_ACCOUNT_ID`
context that doesn't exist; the inline version doesn't.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
samxu01
added a commit
to Team-Commonly/commonly
that referenced
this pull request
May 8, 2026
…ch_file workspace fix Picks up Team-Commonly/openclaw#6. Replaces the broken `OPENCLAW_ACCOUNT_ID` env-var-only resolution (no code in the gateway sets that var) with a 3-strategy resolver: explicit accountId param → env var → workspace scan for unique match. Unblocks agents attaching files from their own workspaces. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
commonly_attach_filewas resolving paths from/workspace/${process.env.OPENCLAW_ACCOUNT_ID || "default"}but nothing in the codebase actually setsOPENCLAW_ACCOUNT_ID— verified via grep — so every agent's calls fell back to/workspace/default/<filePath>and failed.accountIdparam → env var → workspace scan for the unique match.Why
Nova produced three office files in
/workspace/nova/out/viaofficecli merge, then reported "the upload tool is resolving files from/workspace/default, while I created them under/workspace/nova/out." Repro for any agent that writes to its own workspace.Test plan
pnpm tsgo— cleanpnpm check— clean