#22022: fix: propagate senderIsOwner to agent loop
size: XS
Cluster:
Error Handling Improvements
## Summary
- Add `senderIsOwner` to `FollowupRun["run"]` type in `queue/types.ts`
- Include `senderIsOwner` in `buildEmbeddedRunBaseParams` return object in `agent-runner-utils.ts`
- Update test to verify `senderIsOwner` passes through
## Problem
`senderIsOwner` is correctly computed in `command-auth.ts` and set on `FollowupRun.run` in `get-reply-run.ts`, but `buildEmbeddedRunBaseParams` doesn't include it in its return object. This causes `applyOwnerOnlyToolPolicy` to always receive `senderIsOwner=undefined` (falsy), filtering out all ownerOnly tools (`cron`, `gateway`) for every sender — including the actual owner.
## Test plan
- [x] `vitest run src/auto-reply/reply/agent-runner-utils.test.ts` — 3 tests pass
- [x] `vitest run --config vitest.e2e.config.ts src/agents/tool-policy.e2e.test.ts` — 20 tests pass
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
Fixes critical authorization bug where `senderIsOwner` wasn't propagated through the agent loop, causing owner-only tools (`cron`, `gateway`) to be incorrectly filtered for all senders including owners.
- Added `senderIsOwner` to `FollowupRun["run"]` type
- Updated `buildEmbeddedRunBaseParams` to include `senderIsOwner` in return object
- Test verifies the field propagates correctly
The fix ensures `applyOwnerOnlyToolPolicy` receives the correct authorization value, restoring access to owner-only tools for authorized users.
<h3>Confidence Score: 5/5</h3>
- This PR is safe to merge - it fixes a critical security bug with a minimal, well-tested change
- The fix is simple and surgical: adding one missing field to a type definition and including it in the return object. The change directly addresses the described bug where owner authorization wasn't propagating. Test coverage validates the fix, and the change follows existing patterns in the codebase.
- No files require special attention
<sub>Last reviewed commit: 328ee85</sub>
<!-- greptile_other_comments_section -->
<sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#8175: fix: suppress raw API errors for non-owners
by Rakshi2609 · 2026-02-03
76.0%
#22845: Pass agentDir through cron and followup embedded runs
by seilk · 2026-02-21
75.5%
#19011: fix(discord): enforce owner checks for privileged message actions
by coygeek · 2026-02-17
73.6%
#10975: fix: add missing clientTools parameter to runEmbeddedAttempt call
by xamdel · 2026-02-07
72.7%
#19385: fix: pass authProfileId from cron session to runEmbeddedPiAgent
by gigi-trifle · 2026-02-17
72.7%
#18193: fix: default elevatedDefault to 'off' instead of 'on' (#18177)
by lailoo · 2026-02-16
72.2%
#21861: fix: selective context gating for OWNER_ONLY privacy tags (#11900)
by Asm3r96 · 2026-02-20
72.1%
#11816: fix(cron): forward agent-specific exec config to isolated cron sess...
by AnonO6 · 2026-02-08
72.0%
#12786: fix: drop heartbeat runs that arrive while another run is active
by mcaxtr · 2026-02-09
71.9%
#7758: fix: prevent opts closure reuse across messages in shared followup ...
by Alexwang-sol · 2026-02-03
71.8%