#16776: feat(gateway): agent-scoped access for kOS collaborators
app: web-ui
gateway
stale
size: M
Cluster:
Device Pairing and Gateway Fixes
Implements Track B Task 1 from docs/specs/agent-scoped-access.md — scope enforcement middleware for agents.list filtering, agent-targeted RPC gating, collaborator role support.
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
Implements agent-scoped access control for the collaborator role. Adds a new `FORBIDDEN` error code, introduces scope utility functions (`connectionHasAgentAccess`, `connectionIsOwner`, `filterAgentsForConnection`), and enforces access control across agent CRUD operations and file access. The `agents.list` handler filters results based on scopes, and mutating operations (`agents.create`, `agents.update`, `agents.delete`) restrict collaborators to owner/operator roles only.
The implementation follows a defense-in-depth approach: method-level authorization in `server-methods.ts` whitelists specific RPCs for collaborators, then handler-level enforcement validates scopes and roles. Comprehensive E2E tests verify filtering, backward compatibility with empty scopes, and FORBIDDEN responses for unauthorized operations.
**Critical Issue:** The previous thread correctly identified that `agent` and `agent.wait` RPCs are missing from the collaborator whitelist (lines 114-126 in `server-methods.ts`). This blocks the primary use case - collaborators cannot send messages to their scoped agents. These methods need to be whitelisted, then scope enforcement should be added in the `agent` handler to validate `agentId` against scopes.
<h3>Confidence Score: 2/5</h3>
- This PR has a critical functional gap that breaks the primary use case for collaborators.
- The implementation is well-structured with proper tests and follows security best practices for what it does implement. However, the missing `agent` RPC whitelist entry means collaborators cannot message agents - the core workflow this feature should enable. This makes the PR incomplete for its stated purpose.
- `src/gateway/server-methods.ts` requires adding `agent` and `agent.wait` to the collaborator whitelist, and `src/gateway/server-methods/agent.ts` needs scope enforcement added to the `agent` handler.
<sub>Last reviewed commit: 03af441</sub>
<!-- greptile_other_comments_section -->
<!-- /greptile_comment -->
Most Similar PRs
#12802: fix(gateway): default unscoped operator connections to read-only
by yubrew · 2026-02-09
73.9%
#23039: fix: subagent announce fails with pairing required due to missing o...
by ascott · 2026-02-21
73.2%
#10748: feat: Add sessions.spawn gateway method for direct subagent spawning
by fox-openclaw · 2026-02-06
72.1%
#21651: fix(gateway): token fallback + operator.admin scope superset in pai...
by lan17 · 2026-02-20
71.6%
#12998: feat(agents): Add parallel sub-agent execution with concurrency con...
by trevorgordon981 · 2026-02-10
71.0%
#22365: fix(gateway): auto-approve loopback scope upgrades
by AIflow-Labs · 2026-02-21
70.8%
#7874: docs: add public/untrusted agent profile
by ichbinlucaskim · 2026-02-03
70.7%
#23690: fix(gateway): subagent sessions fail with pairing required on loopb...
by yinghaosang · 2026-02-22
70.6%
#23361: Gateway: reject scope assertions without identity binding
by bmendonca3 · 2026-02-22
70.6%
#20806: fix(security): enforce per-agent message send scope in multi-tenant...
by zerone0x · 2026-02-19
70.4%