#15983: feat(exec): support env field in tools.exec config

## Summary - Add `env?: Record<string, string>` to `ExecToolConfig` so users can configure default environment variables for exec commands in `openclaw.json` - Wire the config through `resolveExecConfig` → `createExecTool` → environment merge chain - Config-level env is merged between `process.env` and tool-call `params.env` (tool-call takes highest precedence) Closes #15974 ## Changes - `src/config/types.tools.ts`: Add `env` field to `ExecToolConfig` - `src/agents/bash-tools.exec.ts`: Add `env` to `ExecToolDefaults`, merge `defaults.env` into exec environment - `src/agents/pi-tools.ts`: Wire `env` through `resolveExecConfig` and `createExecTool` call ## Usage ```json "tools": { "exec": { "env": { "ANTHROPIC_AUTH_TOKEN": "sk-ant-...", "ANTHROPIC_BASE_URL": "https://..." } } } ``` ## Test plan - [ ] Verify TypeScript compilation passes - [ ] Verify exec commands receive configured env vars - [ ] Verify tool-call level `env` params override config-level values - [ ] Verify backward compatibility when `env` is not set 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Adds `env?: Record<string, string>` to `ExecToolConfig` so operators can set default environment variables for exec commands via `openclaw.json`. The config wiring through `resolveExecConfig` → `createExecTool` in `pi-tools.ts` follows existing patterns correctly. However, the env merge in `bash-tools.exec.ts` has two gaps: - **Sandbox path (default host)**: `defaults.env` is not passed to `buildSandboxEnv`, so config-level env vars are silently dropped when `host=sandbox` (the default). The feature effectively doesn't work for the most common configuration. - **Node host path**: `nodeEnv` is built from `params.env` only, so config-level env vars are not forwarded to remote nodes either. The gateway host path works correctly with the precedence chain: `process.env` < `defaults.env` < `params.env`. <h3>Confidence Score: 2/5</h3> - The feature works for gateway hosts but is silently broken for sandbox (default) and node hosts - Score of 2 because the config-level env vars are not applied in the sandbox path (default host) or node host path, meaning the feature doesn't work for the majority of use cases. The type definitions and config wiring are correct, but the core merge logic has two missing code paths. - Pay close attention to `src/agents/bash-tools.exec.ts` — the sandbox env build (line 302) and node env build (line 363) both need to incorporate `defaults.env` _{Last reviewed commit: bac4e8a} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->