fix(plugins): rename bundled allowlist discovery policy

2026-05-06 09:20:43 +00:00 · 2026-05-04 09:42:37 +01:00
parent 76e0bcd2de
commit 41257a5f6f
20 changed files with 114 additions and 63 deletions
--- a/docs/.generated/config-baseline.sha256
+++ b/docs/.generated/config-baseline.sha256
@@ -1,4 +1,4 @@
-ddea4f1ae40a4099baa9f216cdae69ac35a5e93aa254903227ce168e2fd5b8db  config-baseline.json
-b6b71095384ad98410bbfd520eebac43e244aeb47761c74325ff133be6ccd858  config-baseline.core.json
+14558f9777b400fe4a1ef163a44e90ac0c59b56920ceb24b99675647d19d73a8  config-baseline.json
+0c46cd7aeae83eb3afddd19209bf3520cecccc265903b2fe001ce458bc592ea5  config-baseline.core.json
 cd7c0c7fb1435bc7e59099e9ac334462d5ad444016e9ab4512aae63a238f78dc  config-baseline.channel.json
 9832b30a696930a3da7efccf38073137571e1b66cae84e54d747b733fdafcc54  config-baseline.plugin.json
--- a/docs/gateway/configuration-reference.md
+++ b/docs/gateway/configuration-reference.md
@@ -166,7 +166,7 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and
  plugins: {
    enabled: true,
    allow: ["voice-call"],
-    bundledMode: "compat",
+    bundledDiscovery: "compat",
    deny: [],
    load: {
      paths: ["~/Projects/oss/voice-call-plugin"],
@@ -188,8 +188,8 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and
 - Discovery accepts native OpenClaw plugins plus compatible Codex bundles and Claude bundles, including manifestless Claude default-layout bundles.
 - **Config changes require a gateway restart.**
 - `allow`: optional allowlist (only listed plugins load). `deny` wins.
- `bundledMode`: defaults to `"compat"` for legacy bundled provider activation.
-  Use `"respect-allow"` when a non-empty `plugins.allow` should also gate
+- `bundledDiscovery`: defaults to `"compat"` for legacy bundled provider activation.
+  Use `"allowlist"` when a non-empty `plugins.allow` should also gate
  bundled provider plugins, including web-search runtime providers.
 - `plugins.entries.<id>.apiKey`: plugin-level API key convenience field (when supported by the plugin).
 - `plugins.entries.<id>.env`: plugin-scoped env var map.
--- a/docs/gateway/doctor.md
+++ b/docs/gateway/doctor.md
@@ -169,7 +169,9 @@ That stages grounded durable candidates into the short-term dreaming store while
    Doctor also warns when `plugins.allow` is non-empty and tool policy uses
    wildcard or plugin-owned tool entries. `tools.allow: ["*"]` only matches tools
    from plugins that actually load; it does not bypass the exclusive plugin
-    allowlist.
+    allowlist. If bundled provider discovery is still in legacy compatibility
+    mode, doctor also points to the stricter `plugins.bundledDiscovery:
+    "allowlist"` setting.

  </Accordion>
  <Accordion title="2. Legacy config key migrations">
--- a/docs/tools/plugin.md
+++ b/docs/tools/plugin.md
@@ -260,15 +260,15 @@ Looking for third-party plugins? See [Community Plugins](/plugins/community).
 }
 ```

-| Field            | Description                                               |
-| ---------------- | --------------------------------------------------------- |
-| `enabled`        | Master toggle (default: `true`)                           |
-| `allow`          | Plugin allowlist (optional)                               |
-| `bundledMode`    | Bundled plugin allowlist mode (`compat` by default)       |
-| `deny`           | Plugin denylist (optional; deny wins)                     |
-| `load.paths`     | Extra plugin files/directories                            |
-| `slots`          | Exclusive slot selectors (e.g. `memory`, `contextEngine`) |
-| `entries.\<id\>` | Per-plugin toggles + config                               |
+| Field              | Description                                               |
+| ------------------ | --------------------------------------------------------- |
+| `enabled`          | Master toggle (default: `true`)                           |
+| `allow`            | Plugin allowlist (optional)                               |
+| `bundledDiscovery` | Bundled plugin discovery mode (`compat` by default)       |
+| `deny`             | Plugin denylist (optional; deny wins)                     |
+| `load.paths`       | Extra plugin files/directories                            |
+| `slots`            | Exclusive slot selectors (e.g. `memory`, `contextEngine`) |
+| `entries.\<id\>`   | Per-plugin toggles + config                               |

 `plugins.allow` is exclusive. When it is non-empty, only listed plugins can load
 or expose tools, even if `tools.allow` contains `"*"` or a specific plugin-owned
@@ -276,8 +276,8 @@ tool name. If a tool allowlist references plugin tools, add the owning plugin id
 to `plugins.allow` or remove `plugins.allow`; `openclaw doctor` warns about this
 shape.

-`plugins.bundledMode` defaults to `"compat"` so older configs keep legacy
-bundled provider behavior. Set it to `"respect-allow"` when a restrictive
+`plugins.bundledDiscovery` defaults to `"compat"` so older configs keep legacy
+bundled provider behavior. Set it to `"allowlist"` when a restrictive
 `plugins.allow` inventory should also block omitted bundled provider plugins,
 including runtime web-search provider discovery. An empty `plugins.allow` is
 still treated as unset/open.