feat: enable exec tool for openclaw during sandbox setup

[sweetmantech]

Summary

• Adds group:runtime to tools.allow in openclaw.json during sandbox setup
• This gives the OpenClaw agent access to exec, bash, and process tools needed for cloning repos, running CLI commands, and setup scripts

Problem

OpenClaw agents in sandboxes were failing with "I don't have shell/exec access" because the default config didn't include the runtime tool group. All tasks requiring shell execution (clone repos, install CLI, setup sandbox/artist) were blocked.

Test plan

• New test: verifies group:runtime is added to tools.allow in openclaw.json
• All 7 existing setupOpenClaw tests pass

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Improved openclaw.json configuration initialization to ensure the tools section and coding profile are automatically established during setup.

• Tests

  • Added test case to verify that openclaw.json injection properly includes a tools profile containing coding tools.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added logic to setupOpenClaw.ts to create and configure a tools object with a coding profile in the injected openclaw.json configuration. A corresponding test case was added to verify the tools profile is properly included.

Changes

Cohort / File(s)	Summary
Tools Profile Setup src/sandboxes/setupOpenClaw.ts, src/sandboxes/__tests__/setupOpenClaw.test.ts	Added c.tools object initialization with profile = 'coding' in openclaw.json injection logic, and added test case to verify the coding tools profile is present in the configuration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• refactor: replace OpenCode with OpenClaw in sandbox setup #31: Modifies the same setupOpenClaw.ts file; this PR's tools profile setup is a direct addition to the OpenClaw configuration foundation implemented there.

Poem

🐰 A coding profile, neat and fine,
With tools aligned in perfect line,
The sandbox configured, tests all green,
The cleanest setup you've ever seen! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: enable exec tool for openclaw during sandbox setup' is directly related to the main change, which adds the coding profile to OpenClaw's tools configuration to grant access to exec and other runtime tools.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sweetmantech/myc-4396-tasks-enable-exec-tool-for-openclaw-during-sandbox-setup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/sandboxes/__tests__/setupOpenClaw.test.ts (1)

104-120: Consider a more precise assertion for the tools profile.

The test verifies that "tools" and "coding" strings appear in the script, but this is a weak assertion that could pass even if the actual assignment structure is wrong. A more precise check would verify the exact assignment pattern.

🔧 Suggested improvement for more precise assertion

     expect(injectCall).toBeDefined();
     const script = injectCall![0].args[1];
-    expect(script).toContain("tools");
-    expect(script).toContain("coding");
+    expect(script).toContain("c.tools = c.tools || {}");
+    expect(script).toContain("c.tools.profile = 'coding'");
   });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/sandboxes/__tests__/setupOpenClaw.test.ts` around lines 104 - 120, The
current test in setupOpenClaw.test.ts uses loose substring checks for "tools"
and "coding"; tighten it by locating the injected script (from
sandbox.runCommand.mock.calls via injectCall) and assert the exact assignment
pattern for the tools profile—either parse the script as JSON and assert
tools.profile === "coding" or use a strict regex that matches the assignment
(e.g., tools object with profile set to "coding"); update the assertions around
the injectCall and script variables in the it("sets coding tools profile in
openclaw.json", ...) test so it fails on malformed structure rather than just
substring presence.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/sandboxes/__tests__/setupOpenClaw.test.ts`:
- Around line 104-120: The current test in setupOpenClaw.test.ts uses loose
substring checks for "tools" and "coding"; tighten it by locating the injected
script (from sandbox.runCommand.mock.calls via injectCall) and assert the exact
assignment pattern for the tools profile—either parse the script as JSON and
assert tools.profile === "coding" or use a strict regex that matches the
assignment (e.g., tools object with profile set to "coding"); update the
assertions around the injectCall and script variables in the it("sets coding
tools profile in openclaw.json", ...) test so it fails on malformed structure
rather than just substring presence.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 638bcf8f-08ab-4dad-8921-e641b8b338d4

📥 Commits

Reviewing files that changed from the base of the PR and between 172d971 and 120f9fd.

📒 Files selected for processing (2)

• src/sandboxes/__tests__/setupOpenClaw.test.ts
• src/sandboxes/setupOpenClaw.ts