fix(plugins): default bundled discovery to allowlist

2026-05-06 11:50:43 +00:00 · 2026-05-04 22:46:39 +01:00
parent 55df2d4598
commit b2096d19ec
19 changed files with 185 additions and 77 deletions
--- a/docs/.generated/config-baseline.sha256
+++ b/docs/.generated/config-baseline.sha256
@@ -1,4 +1,4 @@
-0fc1b2f75e34ab92274067cdd6bfcfeac01c5b898a3aa355cfa1c3a5ec18bd5d  config-baseline.json
-0a6a2493d90ffe6204be807a8bc12dcf34f854602cc1c5e3c4917fed902d310e  config-baseline.core.json
+02987f4cecb64a98170b61c925fd7b16a22b276abfb261f9281b42f613ded923  config-baseline.json
+de5a6f65ef09dc23453a2e12512e41c133c941519e0ebef7f2946e4a24265d17  config-baseline.core.json
 cd7c0c7fb1435bc7e59099e9ac334462d5ad444016e9ab4512aae63a238f78dc  config-baseline.channel.json
 9832b30a696930a3da7efccf38073137571e1b66cae84e54d747b733fdafcc54  config-baseline.plugin.json
--- a/docs/gateway/configuration-reference.md
+++ b/docs/gateway/configuration-reference.md
@@ -166,7 +166,7 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and
  plugins: {
    enabled: true,
    allow: ["voice-call"],
-    bundledDiscovery: "compat",
+    bundledDiscovery: "allowlist",
    deny: [],
    load: {
      paths: ["~/Projects/oss/voice-call-plugin"],
@@ -188,9 +188,10 @@ See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and
 - Discovery accepts native OpenClaw plugins plus compatible Codex bundles and Claude bundles, including manifestless Claude default-layout bundles.
 - **Config changes require a gateway restart.**
 - `allow`: optional allowlist (only listed plugins load). `deny` wins.
- `bundledDiscovery`: defaults to `"compat"` for legacy bundled provider activation.
-  Use `"allowlist"` when a non-empty `plugins.allow` should also gate
-  bundled provider plugins, including web-search runtime providers.
+- `bundledDiscovery`: defaults to `"allowlist"` for new configs, so a non-empty
+  `plugins.allow` also gates bundled provider plugins, including web-search
+  runtime providers. Doctor writes `"compat"` for migrated legacy allowlist
+  configs to preserve existing bundled provider behavior until you opt in.
 - `plugins.entries.<id>.apiKey`: plugin-level API key convenience field (when supported by the plugin).
 - `plugins.entries.<id>.env`: plugin-scoped env var map.
 - `plugins.entries.<id>.hooks.allowPromptInjection`: when `false`, core blocks `before_prompt_build` and ignores prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride`. Applies to native plugin hooks and supported bundle-provided hook directories.
--- a/docs/gateway/doctor.md
+++ b/docs/gateway/doctor.md
@@ -169,9 +169,9 @@ That stages grounded durable candidates into the short-term dreaming store while
    Doctor also warns when `plugins.allow` is non-empty and tool policy uses
    wildcard or plugin-owned tool entries. `tools.allow: ["*"]` only matches tools
    from plugins that actually load; it does not bypass the exclusive plugin
-    allowlist. If bundled provider discovery is still in legacy compatibility
-    mode, doctor also points to the stricter `plugins.bundledDiscovery:
-    "allowlist"` setting.
+    allowlist. Doctor writes `plugins.bundledDiscovery: "compat"` for migrated
+    legacy allowlist configs to preserve existing bundled provider behavior, and
+    then points to the stricter `"allowlist"` setting.

  </Accordion>
  <Accordion title="2. Legacy config key migrations">
--- a/docs/tools/plugin.md
+++ b/docs/tools/plugin.md
@@ -264,7 +264,7 @@ Looking for third-party plugins? See [Community Plugins](/plugins/community).
 | ------------------ | --------------------------------------------------------- |
 | `enabled`          | Master toggle (default: `true`)                           |
 | `allow`            | Plugin allowlist (optional)                               |
-| `bundledDiscovery` | Bundled plugin discovery mode (`compat` by default)       |
+| `bundledDiscovery` | Bundled plugin discovery mode (`allowlist` by default)    |
 | `deny`             | Plugin denylist (optional; deny wins)                     |
 | `load.paths`       | Extra plugin files/directories                            |
 | `slots`            | Exclusive slot selectors (e.g. `memory`, `contextEngine`) |
@@ -276,11 +276,12 @@ tool name. If a tool allowlist references plugin tools, add the owning plugin id
 to `plugins.allow` or remove `plugins.allow`; `openclaw doctor` warns about this
 shape.

-`plugins.bundledDiscovery` defaults to `"compat"` so older configs keep legacy
-bundled provider behavior. Set it to `"allowlist"` when a restrictive
-`plugins.allow` inventory should also block omitted bundled provider plugins,
-including runtime web-search provider discovery. An empty `plugins.allow` is
-still treated as unset/open.
+`plugins.bundledDiscovery` defaults to `"allowlist"` for new configs, so a
+restrictive `plugins.allow` inventory also blocks omitted bundled provider
+plugins, including runtime web-search provider discovery. Doctor stamps older
+restrictive allowlist configs with `"compat"` during migration so upgrades keep
+legacy bundled provider behavior until the operator opts into the stricter mode.
+An empty `plugins.allow` is still treated as unset/open.

 Config changes made through `/plugins enable` or `/plugins disable` trigger an
 in-process Gateway plugin reload. New agent turns rebuild their tool list from