diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 84c2b87b1..f69928162 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "a167acee6792bd479f2084a4bee0b545e49c1db4", - "syncedAt": "2026-05-04T22:42:32.917Z" + "sha": "d3628792825956702be7a6253061b96d976c623d", + "syncedAt": "2026-05-04T22:51:21.509Z" } diff --git a/docs/.generated/config-baseline.sha256 b/docs/.generated/config-baseline.sha256 index 2a1b74860..1bc9162c2 100644 --- a/docs/.generated/config-baseline.sha256 +++ b/docs/.generated/config-baseline.sha256 @@ -1,4 +1,4 @@ -2c78fb7af01e2ee9e919be5ab7b675347b36cae1e347f97fd2640a6f7c72f3ac config-baseline.json -31ec333df9f8b92c7656ac7107cecd5860dd02e08f7e18c7c674dc47a8811baa config-baseline.core.json +2566cb33c48abf3884d44cc605e3fe23ee3dc3e998c29fe86dfe773faf58cb52 config-baseline.json +eab2f8a9af31910e26874209330d10ca46afd910cba88beda8a48fe6b9831159 config-baseline.core.json cd7c0c7fb1435bc7e59099e9ac334462d5ad444016e9ab4512aae63a238f78dc config-baseline.channel.json 9832b30a696930a3da7efccf38073137571e1b66cae84e54d747b733fdafcc54 config-baseline.plugin.json diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index 1afaa8d85..789bc97c3 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -166,6 +166,7 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and plugins: { enabled: true, allow: ["voice-call"], + bundledDiscovery: "allowlist", deny: [], load: { paths: ["~/Projects/oss/voice-call-plugin"], @@ -187,6 +188,10 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and - Discovery accepts native OpenClaw plugins plus compatible Codex bundles and Claude bundles, including manifestless Claude default-layout bundles. - **Config changes require a gateway restart.** - `allow`: optional allowlist (only listed plugins load). `deny` wins. +- `bundledDiscovery`: defaults to `"allowlist"` for new configs, so a non-empty + `plugins.allow` also gates bundled provider plugins, including web-search + runtime providers. Doctor writes `"compat"` for migrated legacy allowlist + configs to preserve existing bundled provider behavior until you opt in. - `plugins.entries..apiKey`: plugin-level API key convenience field (when supported by the plugin). - `plugins.entries..env`: plugin-scoped env var map. - `plugins.entries..hooks.allowPromptInjection`: when `false`, core blocks `before_prompt_build` and ignores prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride`. Applies to native plugin hooks and supported bundle-provided hook directories. diff --git a/docs/gateway/doctor.md b/docs/gateway/doctor.md index aaf68a221..35389f89d 100644 --- a/docs/gateway/doctor.md +++ b/docs/gateway/doctor.md @@ -169,7 +169,9 @@ That stages grounded durable candidates into the short-term dreaming store while Doctor also warns when `plugins.allow` is non-empty and tool policy uses wildcard or plugin-owned tool entries. `tools.allow: ["*"]` only matches tools from plugins that actually load; it does not bypass the exclusive plugin - allowlist. + allowlist. Doctor writes `plugins.bundledDiscovery: "compat"` for migrated + legacy allowlist configs to preserve existing bundled provider behavior, and + then points to the stricter `"allowlist"` setting. diff --git a/docs/tools/plugin.md b/docs/tools/plugin.md index 54d924315..007bc7cf2 100644 --- a/docs/tools/plugin.md +++ b/docs/tools/plugin.md @@ -260,14 +260,15 @@ Looking for third-party plugins? See [Community Plugins](/plugins/community). } ``` -| Field | Description | -| ---------------- | --------------------------------------------------------- | -| `enabled` | Master toggle (default: `true`) | -| `allow` | Plugin allowlist (optional) | -| `deny` | Plugin denylist (optional; deny wins) | -| `load.paths` | Extra plugin files/directories | -| `slots` | Exclusive slot selectors (e.g. `memory`, `contextEngine`) | -| `entries.\` | Per-plugin toggles + config | +| Field | Description | +| ------------------ | --------------------------------------------------------- | +| `enabled` | Master toggle (default: `true`) | +| `allow` | Plugin allowlist (optional) | +| `bundledDiscovery` | Bundled plugin discovery mode (`allowlist` by default) | +| `deny` | Plugin denylist (optional; deny wins) | +| `load.paths` | Extra plugin files/directories | +| `slots` | Exclusive slot selectors (e.g. `memory`, `contextEngine`) | +| `entries.\` | Per-plugin toggles + config | `plugins.allow` is exclusive. When it is non-empty, only listed plugins can load or expose tools, even if `tools.allow` contains `"*"` or a specific plugin-owned @@ -275,6 +276,13 @@ tool name. If a tool allowlist references plugin tools, add the owning plugin id to `plugins.allow` or remove `plugins.allow`; `openclaw doctor` warns about this shape. +`plugins.bundledDiscovery` defaults to `"allowlist"` for new configs, so a +restrictive `plugins.allow` inventory also blocks omitted bundled provider +plugins, including runtime web-search provider discovery. Doctor stamps older +restrictive allowlist configs with `"compat"` during migration so upgrades keep +legacy bundled provider behavior until the operator opts into the stricter mode. +An empty `plugins.allow` is still treated as unset/open. + Config changes made through `/plugins enable` or `/plugins disable` trigger an in-process Gateway plugin reload. New agent turns rebuild their tool list from the refreshed plugin registry. Source-changing operations such as install,