From 92aed3168aca565502f6c08dd58baf1e1d2924ca Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sat, 4 Apr 2026 20:09:24 +0100 Subject: [PATCH] docs: refresh core tool catalog mirrors --- docs/gateway/configuration-reference.md | 38 ++++++++++--------- .../sandbox-vs-tool-policy-vs-elevated.md | 7 +++- docs/help/faq.md | 2 +- docs/tools/index.md | 14 ++++--- docs/tools/web-fetch.md | 2 +- 5 files changed, 35 insertions(+), 28 deletions(-) diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index 9dc87f01a05..4ee94c9f8c7 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -1897,27 +1897,29 @@ Defaults for Talk mode (macOS/iOS/Android). Local onboarding defaults new local configs to `tools.profile: "coding"` when unset (existing explicit profiles are preserved). -| Profile | Includes | -| ----------- | ----------------------------------------------------------------------------------------- | -| `minimal` | `session_status` only | -| `coding` | `group:fs`, `group:runtime`, `group:sessions`, `group:memory`, `image` | -| `messaging` | `group:messaging`, `sessions_list`, `sessions_history`, `sessions_send`, `session_status` | -| `full` | No restriction (same as unset) | +| Profile | Includes | +| ----------- | ------------------------------------------------------------------------------------------------------------- | +| `minimal` | `session_status` only | +| `coding` | `group:fs`, `group:runtime`, `group:web`, `group:sessions`, `group:memory`, `cron`, `image`, `image_generate` | +| `messaging` | `group:messaging`, `sessions_list`, `sessions_history`, `sessions_send`, `session_status` | +| `full` | No restriction (same as unset) | ### Tool groups -| Group | Tools | -| ------------------ | ---------------------------------------------------------------------------------------- | -| `group:runtime` | `exec`, `process` (`bash` is accepted as an alias for `exec`) | -| `group:fs` | `read`, `write`, `edit`, `apply_patch` | -| `group:sessions` | `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status` | -| `group:memory` | `memory_search`, `memory_get` | -| `group:web` | `web_search`, `web_fetch` | -| `group:ui` | `browser`, `canvas` | -| `group:automation` | `cron`, `gateway` | -| `group:messaging` | `message` | -| `group:nodes` | `nodes` | -| `group:openclaw` | All built-in tools (excludes provider plugins) | +| Group | Tools | +| ------------------ | ----------------------------------------------------------------------------------------------------------------------- | +| `group:runtime` | `exec`, `process`, `code_execution` (`bash` is accepted as an alias for `exec`) | +| `group:fs` | `read`, `write`, `edit`, `apply_patch` | +| `group:sessions` | `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `sessions_yield`, `subagents`, `session_status` | +| `group:memory` | `memory_search`, `memory_get` | +| `group:web` | `web_search`, `x_search`, `web_fetch` | +| `group:ui` | `browser`, `canvas` | +| `group:automation` | `cron`, `gateway` | +| `group:messaging` | `message` | +| `group:nodes` | `nodes` | +| `group:agents` | `agents_list` | +| `group:media` | `image`, `image_generate`, `tts` | +| `group:openclaw` | All built-in tools (excludes provider plugins) | ### `tools.allow` / `tools.deny` diff --git a/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md b/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md index aa7fe6876aa..66f86094b14 100644 --- a/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md +++ b/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md @@ -85,14 +85,17 @@ Tool policies (global, agent, sandbox) support `group:*` entries that expand to Available groups: -- `group:runtime`: `exec`, `bash`, `process` +- `group:runtime`: `exec`, `bash`, `process`, `code_execution` - `group:fs`: `read`, `write`, `edit`, `apply_patch` -- `group:sessions`: `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `session_status` +- `group:sessions`: `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`, `sessions_yield`, `subagents`, `session_status` - `group:memory`: `memory_search`, `memory_get` +- `group:web`: `web_search`, `x_search`, `web_fetch` - `group:ui`: `browser`, `canvas` - `group:automation`: `cron`, `gateway` - `group:messaging`: `message` - `group:nodes`: `nodes` +- `group:agents`: `agents_list` +- `group:media`: `image`, `image_generate`, `tts` - `group:openclaw`: all built-in OpenClaw tools (excludes provider plugins) ## Elevated: exec-only "run on host" diff --git a/docs/help/faq.md b/docs/help/faq.md index 57bba4f1943..339b96ae605 100644 --- a/docs/help/faq.md +++ b/docs/help/faq.md @@ -1570,7 +1570,7 @@ for usage/billing and raise limits as needed. Notes: - - If you use allowlists, add `web_search`/`web_fetch` or `group:web`. + - If you use allowlists, add `web_search`/`web_fetch`/`x_search` or `group:web`. - `web_fetch` is enabled by default (unless explicitly disabled). - Daemons read env vars from `~/.openclaw/.env` (or the service environment). diff --git a/docs/tools/index.md b/docs/tools/index.md index b1b5ef5cd99..ce678ff8386 100644 --- a/docs/tools/index.md +++ b/docs/tools/index.md @@ -106,12 +106,12 @@ config. Deny always wins over allow. `tools.profile` sets a base allowlist before `allow`/`deny` is applied. Per-agent override: `agents.list[].tools.profile`. -| Profile | What it includes | -| ----------- | ------------------------------------------- | -| `full` | All tools (default) | -| `coding` | File I/O, runtime, sessions, memory, image | -| `messaging` | Messaging, session list/history/send/status | -| `minimal` | `session_status` only | +| Profile | What it includes | +| ----------- | -------------------------------------------------------- | +| `full` | All tools (default) | +| `coding` | Files, runtime, web, sessions, memory, cron, image tools | +| `messaging` | Messaging, session list/history/send/status | +| `minimal` | `session_status` only | ### Tool groups @@ -128,6 +128,8 @@ Use `group:*` shorthands in allow/deny lists: | `group:automation` | cron, gateway | | `group:messaging` | message | | `group:nodes` | nodes | +| `group:agents` | agents_list | +| `group:media` | image, image_generate, tts | | `group:openclaw` | All built-in OpenClaw tools (excludes plugin tools) | `sessions_history` returns a bounded, safety-filtered recall view. It strips diff --git a/docs/tools/web-fetch.md b/docs/tools/web-fetch.md index 84e1a18b383..012880f5409 100644 --- a/docs/tools/web-fetch.md +++ b/docs/tools/web-fetch.md @@ -126,7 +126,7 @@ If you use tool profiles or allowlists, add `web_fetch` or `group:web`: { tools: { allow: ["web_fetch"], - // or: allow: ["group:web"] (includes both web_fetch and web_search) + // or: allow: ["group:web"] (includes web_fetch, web_search, and x_search) }, } ```