vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 18:20:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
905da8bd6b7831cd9b9040319190e48d5076d29b
openclaw/extensions/lobster
History
kirkluokun 905da8bd6b fix(lobster): forward approvalId alongside resumeToken in tool envelope 
@clawdbot/lobster/core returns both resumeToken and approvalId when a
workflow step needs approval, but the lobster plugin was dropping
approvalId in three places: normalizeEnvelope, the tool schema, and the
embedded-runner resume branch.

Agents forced to round-trip the ~155-byte base64url resumeToken across
tool calls are one stray truncation away from "Invalid token". The
8-hex approvalId is a disk-indexed alias (~/.lobster/state/approval_*
.json) — stable and escape-safe.

Changes are additive: token-based resume keeps working unchanged,
callers just gain an approvalId path.
2026-04-21 05:32:13 +01:00
..
src
fix(lobster): forward approvalId alongside resumeToken in tool envelope
2026-04-21 05:32:13 +01:00
index.ts
Lobster: add managed TaskFlow mode (#61555)
2026-04-06 01:37:26 +02:00
openclaw.plugin.json
package.json
chore: release 2026.4.20
2026-04-20 13:16:40 +01:00
README.md
Lobster: import published core runtime (#64755)
2026-04-13 20:38:46 +02:00
runtime-api.ts
refactor(plugin-sdk): formalize runtime contract barrels
2026-03-20 09:30:34 -07:00
SKILL.md
tsconfig.json
chore(plugins): bulk add package boundary tsconfig rollout
2026-04-07 08:48:23 +01:00

README.md

Lobster (plugin)

Adds the lobster agent tool as an optional plugin tool.

What this is

  • Lobster is a standalone workflow shell (typed JSON-first pipelines + approvals/resume).
  • This plugin integrates Lobster with OpenClaw without core changes.

Enable

Because this tool can trigger side effects (via workflows), it is registered with optional: true.

Enable it in an agent allowlist:

{
  "agents": {
    "list": [
      {
        "id": "main",
        "tools": {
          "allow": [
            "lobster" // plugin id (enables all tools from this plugin)
          ]
        }
      }
    ]
  }
}

Using openclaw.invoke (Lobster → OpenClaw tools)

Some Lobster pipelines may include a openclaw.invoke step to call back into OpenClaw tools/plugins (for example: gog for Google Workspace, gh for GitHub, message.send, etc.).

For this to work, the OpenClaw Gateway must expose the tool bridge endpoint and the target tool must be allowed by policy:

  • OpenClaw provides an HTTP endpoint: POST /tools/invoke.
  • The request is gated by gateway auth (e.g. Authorization: Bearer … when token auth is enabled).
  • The invoked tool is gated by tool policy (global + per-agent + provider + group policy). If the tool is not allowed, OpenClaw returns 404 Tool not available.

Allowlisting recommended

To avoid letting workflows call arbitrary tools, set a tight allowlist on the agent that will be used by openclaw.invoke.

Example (allow only a small set of tools):

{
  "agents": {
    "list": [
      {
        "id": "main",
        "tools": {
          "allow": ["lobster", "web_fetch", "web_search", "gog", "gh"],
          "deny": ["gateway"],
        },
      },
    ],
  },
}

Notes:

  • If tools.allow is omitted or empty, it behaves like "allow everything (except denied)". For a real allowlist, set a non-empty allow.
  • Tool names depend on which plugins you have installed/enabled.

Security

  • Runs Lobster in process via the published @clawdbot/lobster/core runtime.
  • Does not manage OAuth/tokens.
  • Uses timeouts, stdout caps, and strict JSON envelope parsing.
Reference in New Issue View Git Blame Copy Permalink