fix(plugins): respect allowlist for web provider fallback

2026-05-06 19:00:45 +00:00 · 2026-05-04 09:09:17 +01:00
parent f738663c79
commit 3ed569ac3c
10 changed files with 167 additions and 10 deletions
--- a/docs/.generated/config-baseline.sha256
+++ b/docs/.generated/config-baseline.sha256
@@ -1,4 +1,4 @@
-2c78fb7af01e2ee9e919be5ab7b675347b36cae1e347f97fd2640a6f7c72f3ac  config-baseline.json
-31ec333df9f8b92c7656ac7107cecd5860dd02e08f7e18c7c674dc47a8811baa  config-baseline.core.json
+ddea4f1ae40a4099baa9f216cdae69ac35a5e93aa254903227ce168e2fd5b8db  config-baseline.json
+b6b71095384ad98410bbfd520eebac43e244aeb47761c74325ff133be6ccd858  config-baseline.core.json
 cd7c0c7fb1435bc7e59099e9ac334462d5ad444016e9ab4512aae63a238f78dc  config-baseline.channel.json
 9832b30a696930a3da7efccf38073137571e1b66cae84e54d747b733fdafcc54  config-baseline.plugin.json
--- a/docs/gateway/configuration-reference.md
+++ b/docs/gateway/configuration-reference.md
@@ -166,6 +166,7 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and
  plugins: {
    enabled: true,
    allow: ["voice-call"],
+    bundledMode: "compat",
    deny: [],
    load: {
      paths: ["~/Projects/oss/voice-call-plugin"],
@@ -187,6 +188,9 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and
 - Discovery accepts native OpenClaw plugins plus compatible Codex bundles and Claude bundles, including manifestless Claude default-layout bundles.
 - **Config changes require a gateway restart.**
 - `allow`: optional allowlist (only listed plugins load). `deny` wins.
+- `bundledMode`: defaults to `"compat"` for legacy bundled provider activation.
+  Use `"respect-allow"` when a non-empty `plugins.allow` should also gate
+  bundled provider plugins, including web-search runtime providers.
 - `plugins.entries.<id>.apiKey`: plugin-level API key convenience field (when supported by the plugin).
 - `plugins.entries.<id>.env`: plugin-scoped env var map.
 - `plugins.entries.<id>.hooks.allowPromptInjection`: when `false`, core blocks `before_prompt_build` and ignores prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride`. Applies to native plugin hooks and supported bundle-provided hook directories.
--- a/docs/tools/plugin.md
+++ b/docs/tools/plugin.md
@@ -264,6 +264,7 @@ Looking for third-party plugins? See [Community Plugins](/plugins/community).
 | ---------------- | --------------------------------------------------------- |
 | `enabled`        | Master toggle (default: `true`)                           |
 | `allow`          | Plugin allowlist (optional)                               |
+| `bundledMode`    | Bundled plugin allowlist mode (`compat` by default)       |
 | `deny`           | Plugin denylist (optional; deny wins)                     |
 | `load.paths`     | Extra plugin files/directories                            |
 | `slots`          | Exclusive slot selectors (e.g. `memory`, `contextEngine`) |
@@ -275,6 +276,12 @@ tool name. If a tool allowlist references plugin tools, add the owning plugin id
 to `plugins.allow` or remove `plugins.allow`; `openclaw doctor` warns about this
 shape.

+`plugins.bundledMode` defaults to `"compat"` so older configs keep legacy
+bundled provider behavior. Set it to `"respect-allow"` when a restrictive
+`plugins.allow` inventory should also block omitted bundled provider plugins,
+including runtime web-search provider discovery. An empty `plugins.allow` is
+still treated as unset/open.
+
 Config changes made through `/plugins enable` or `/plugins disable` trigger an
 in-process Gateway plugin reload. New agent turns rebuild their tool list from
 the refreshed plugin registry. Source-changing operations such as install,