fix(plugins): respect allowlist for web provider fallback

2026-05-06 18:20:44 +00:00 · 2026-05-04 09:09:17 +01:00
parent f738663c79
commit 3ed569ac3c
10 changed files with 167 additions and 10 deletions
--- a/docs/tools/plugin.md
+++ b/docs/tools/plugin.md
@@ -264,6 +264,7 @@ Looking for third-party plugins? See [Community Plugins](/plugins/community).
 | ---------------- | --------------------------------------------------------- |
 | `enabled`        | Master toggle (default: `true`)                           |
 | `allow`          | Plugin allowlist (optional)                               |
+| `bundledMode`    | Bundled plugin allowlist mode (`compat` by default)       |
 | `deny`           | Plugin denylist (optional; deny wins)                     |
 | `load.paths`     | Extra plugin files/directories                            |
 | `slots`          | Exclusive slot selectors (e.g. `memory`, `contextEngine`) |
@@ -275,6 +276,12 @@ tool name. If a tool allowlist references plugin tools, add the owning plugin id
 to `plugins.allow` or remove `plugins.allow`; `openclaw doctor` warns about this
 shape.

+`plugins.bundledMode` defaults to `"compat"` so older configs keep legacy
+bundled provider behavior. Set it to `"respect-allow"` when a restrictive
+`plugins.allow` inventory should also block omitted bundled provider plugins,
+including runtime web-search provider discovery. An empty `plugins.allow` is
+still treated as unset/open.
+
 Config changes made through `/plugins enable` or `/plugins disable` trigger an
 in-process Gateway plugin reload. New agent turns rebuild their tool list from
 the refreshed plugin registry. Source-changing operations such as install,