When should I pick fork versus isolated for sessions_spawn?

Fork carries forward the transcript fragments needed for PR context and recent agreements, which keeps routine reviews aligned with the parent intent. Isolated starts clean for suspicious input or exploratory scans where inheriting full history would widen the blast radius.

How do gateway Bearer tokens relate to sub-agent lanes?

The same tenant Bearer crosses the gateway; children run on a subagent lane while effective capability is tightened with gateway policy and session patch operations so owner-grade admin tools do not auto-escalate into leaf reviewers.

Why is sessions_spawn missing even though my token works for chat?

Session tools often remain on a default deny list. The tool must be explicitly allowed in the same policy surface as the Bearer scope; otherwise the model never sees sessions_spawn in its tool catalog.

2026 OpenClaw + sessions_spawn: Remote Mac fork context, code review isolation & failure summaries

Agent orchestration only lands in production when heavy code review work moves into child sessions. In OpenClaw 2026.4.x, the Session tool sessions_spawn accepts an optional forked context (or a clean isolated context) so the parent keeps a thin control plane while reviewers chew through diffs. Pair that with a short-lived gateway Bearer, explicit allow rules for Session tools, a spawn depth cap, and a fixed JSON failure envelope, and the same pattern works on a dedicated remote Mac as it does on a laptop—without streaming entire child transcripts back into the main conversation.

On this page: Scenarios · Fork versus isolated · Isolation boundary · Gateway tokens · Failure relay template · Minimal steps · FAQ

After CrewAI routing, AutoGen behind the gateway, and Task Brain identity splits, this note closes the loop on child session isolation: what the gateway token actually authorizes, why sessions_spawn can disappear from the catalog, and how operators keep orchestrator nodes distinct from leaf reviewers. Purchase, pricing, and the Help Center stay public—no login required to browse SKUs or docs.

Where this pattern earns its keep

Use sessions_spawn when a single long-lived orchestration session would otherwise ingest enormous review artifacts—full file reads, linter dumps, or multi-hop tool traces—while still needing a single accountable parent to merge outcomes. Typical fits include nightly PR sweeps on a remote Apple Silicon host, multi-repository audits with bounded paths, and “reviewer plus fixer” graphs where only the orchestrator may open higher-risk write tools. The 2026.4.x line makes the context mode explicit: you choose whether the child inherits a curated slice of the parent transcript (fork) or starts from a tightened task payload alone (isolated), which is the same decision you would make when forking a thread in a chat product—except here the fork is a governed runtime boundary enforced by OpenClaw Session tooling rather than a copy/paste prompt.

Staying aligned with the 2026.4.x release notes matters because minor CLI differences change which Session tools surface by default and how spawn metadata (for example runId and childSessionKey) is emitted for audit trails. Treat openclaw --version as part of your incident timeline alongside gateway logs.

Three ways teams still burn time

First, they paste entire diff transcripts into the parent model, blowing token budgets and conditioning the orchestrator on noise. Second, they mint a valid Bearer yet leave sessions_spawn on a default deny list for HTTP tools/invoke, so debugging stalls on empty tool catalogs or confusing 401 trails. Third, they allow unbounded recursion: a reviewer spawns another reviewer, picks up write-capable tools, and suddenly “read-only review” becomes “drive-by refactor.” The fixes are mechanical—child sessions, explicit allows, depth limits—but only if the platform knobs are set before the agents run.

Choosing fork versus isolated context

Release-aligned behavior treats context: "fork" and context: "isolated" as complementary switches, not good-versus-bad modes. Match the mode to the threat model and to how much conversational state the child truly needs.

Mode	Inherits	Best for	Watchouts
`fork`	Selected transcript fragments the orchestrator marks as relevant	Standard PR review where the child should mirror the latest human agreement	Narrow the task payload so private instructions do not over-share
`isolated`	Principally the task text and tool policy, not full parent history	Untrusted prompts, plugin discovery sweeps, batch sampling	Add explicit checklists to the task to offset missing context

Isolation boundary: what crosses, what stops

Shared across the boundary is gateway authorization for the tenant plus whatever transcript slice fork deliberately carries. Stopped at the boundary should be full child transcripts, unnecessary tool visibility, and the privilege to recurse indefinitely. Session tooling documents sessions_spawn as non-blocking in the orchestration sense: you receive identifiers such as runId and childSessionKey for correlation while work continues in the child lane. Operationally, make leaf reviewers read-mostly: drop nested sessions_spawn, strip repository-wide delete tools, and keep static analysis plus scoped reads.

When automation also uses openclaw agent --spawn for one-off children, treat that as a separate lane with its own correlation labels so nightly review graphs do not cross-contaminate ad-hoc CLI runs.

Gateway Bearer tokens versus tool visibility

A dashboard Bearer is the ticket through the gateway, but it is not a substitute for per-tool policy. Many deployments keep Session tools behind an explicit allow path because they can create new runtime surfaces. The orchestrator profile should see sessions_spawn and related Session helpers; leaf profiles should not inherit those entries even if the raw token string could technically authenticate—use gateway rules and session patches to enforce least privilege on the child lane.

If your integration calls tools over HTTP rather than inside an agent turn, you must mirror the same allow for sessions_spawn and implement your own retry semantics; in-agent tool spawning remains the most predictable integration surface because the model, tool catalog, and gateway policy share one coherent turn boundary.

Failure summary relay template (JSON contract)

Parent sessions should merge structured summaries, not raw completions. Pick stable field names once and require children to return only this envelope (plus optional citations that respect redaction rules).

{
  "kind": "review_round_summary",
  "correlation": "runId-or-request-id",
  "verdict": "pass|fail|needs_human",
  "top_findings": ["...", "..."],
  "failure": {
    "class": "timeout|tool_denied|schema|gateway_401|unknown",
    "retryable": true,
    "message": "single human-readable line"
  }
}

The orchestration layer can branch on failure.class, attach correlation to gateway logs, and route needs_human into ticketing without ever importing the child’s full scratchpad. For timeouts, log the same correlation on both parent and child to avoid chasing ghosts across processes on the remote Mac.

Minimal reproducible steps (six checkpoints)

Install Node.js 22 or newer (LTS recommended). Confirm with node -v before touching OpenClaw.
Upgrade the CLI to the 2026.4.x channel your runbook pins—commonly npm install -g [email protected]—and verify openclaw --version against the release notes.
Run openclaw doctor on the remote host to fix gateway URLs, trust stores, workspace permissions, and proxy variables; archive the output next to your first successful spawn log.
Mint a short-lived tenant Bearer and ensure the orchestration agent’s tool manifest lists Session tools, including sessions_spawn. For HTTP tools/invoke, lift sessions_spawn from default deny with the smallest rule that matches your scope.
Set maxSpawnDepth and allowAgents so only orchestrator identities recurse. In the task, specify repository paths, forbidden commands, and required outputs. Pass context: "fork" or "isolated" according to the table above.
Return only the JSON envelope through sessions_yield or your agreed callback path; merge fields in the parent and verify a deliberate 401 plus a forced timeout produce summaries that line up with gateway telemetry.

These checkpoints are the operational backbone for agent orchestration on a remote Mac: they separate “model smart” from “platform deterministic,” which is what lets you sleep through overnight review batches.

Three principles to keep posted

Fork versus isolated is an explicit trade between review fidelity and blast-radius containment—document the choice per workflow.
Bearer tokens prove identity; tool allowlists and depth caps define what identity is allowed to do.
Fixed-field JSON turns chaotic child runs into signals your orchestrator, CI, and humans can action without rereading raw logs.

FAQ

When must I use isolated context? Whenever the input may be hostile or when the task should not inherit privileged instructions—think untrusted attachments, wide plugin scans, or cross-tenant benchmarks—even if the host is “just” a rented Mac mini.

We see 401s but the token is fresh—what gives? Correlate gateway denials with tool policy: Session tools may be blocked even when chat completions succeed under the same Bearer.

Does shrinking the model fix runaway spawns? No. Depth limits and tool visibility are control-plane concerns; smaller weights do not replace them.

Bottom line: Pin Node 22+, run openclaw doctor on 2026.4.x, align gateway Bearer scope with an explicit sessions_spawn allow, choose fork or isolated context for each review lane, and relay only the JSON failure summary upward. That is the shortest path to dependable sub-agent orchestration on a remote Mac.

2026 OpenClaw in practice: enable sub-agents on a remote Mac—minimal steps for sessions_spawn fork context, isolated code review, and failure summary relay (2026.4.x)