From 394fd87c2c491790c1f79d6eb37ba40de7178cbc Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Fri, 13 Mar 2026 15:37:21 +0000
Subject: [PATCH] fix: clarify gated core tool warnings

---
 CHANGELOG.md                            |  1 +
 src/agents/tool-policy-pipeline.test.ts | 25 +++++++++++++++++++++
 src/agents/tool-policy-pipeline.ts      | 30 ++++++++++++++++++++++---
 3 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b1cf0c9e98..cae46427d1e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,7 @@ Docs: https://docs.openclaw.ai
 - Control UI/insecure auth: preserve explicit shared token and password auth on plain-HTTP Control UI connects so LAN and reverse-proxy sessions no longer drop shared auth before the first WebSocket handshake. (#45088) Thanks @velvet-shark.
 - macOS/onboarding: avoid self-restarting freshly bootstrapped launchd gateways and give new daemon installs longer to become healthy, so `openclaw onboard --install-daemon` no longer false-fails on slower Macs and fresh VM snapshots.
 - Agents/compaction: preserve safeguard compaction summary language continuity via default and configurable custom instructions so persona drift is reduced after auto-compaction. (#10456) Thanks @keepitmello.
+- Agents/tool warnings: distinguish gated core tools like `apply_patch` from plugin-only unknown entries in `tools.profile` warnings, so unavailable core tools now report current runtime/provider/model/config gating instead of suggesting a missing plugin.
 
 ## 2026.3.12
 
diff --git a/src/agents/tool-policy-pipeline.test.ts b/src/agents/tool-policy-pipeline.test.ts
index 9d0a9d5846f..70d4301d42a 100644
--- a/src/agents/tool-policy-pipeline.test.ts
+++ b/src/agents/tool-policy-pipeline.test.ts
@@ -45,6 +45,31 @@ describe("tool-policy-pipeline", () => {
     expect(warnings[0]).toContain("unknown entries (wat)");
   });
 
+  test("warns gated core tools as unavailable instead of plugin-only unknowns", () => {
+    const warnings: string[] = [];
+    const tools = [{ name: "exec" }] as unknown as DummyTool[];
+    applyToolPolicyPipeline({
+      // oxlint-disable-next-line typescript/no-explicit-any
+      tools: tools as any,
+      // oxlint-disable-next-line typescript/no-explicit-any
+      toolMeta: () => undefined,
+      warn: (msg) => warnings.push(msg),
+      steps: [
+        {
+          policy: { allow: ["apply_patch"] },
+          label: "tools.profile (coding)",
+          stripPluginOnlyAllowlist: true,
+        },
+      ],
+    });
+    expect(warnings.length).toBe(1);
+    expect(warnings[0]).toContain("unknown entries (apply_patch)");
+    expect(warnings[0]).toContain(
+      "shipped core tools but unavailable in the current runtime/provider/model/config",
+    );
+    expect(warnings[0]).not.toContain("unless the plugin is enabled");
+  });
+
   test("applies allowlist filtering when core tools are explicitly listed", () => {
     const tools = [{ name: "exec" }, { name: "process" }] as unknown as DummyTool[];
     const filtered = applyToolPolicyPipeline({
diff --git a/src/agents/tool-policy-pipeline.ts b/src/agents/tool-policy-pipeline.ts
index d3304a020d6..70a7bddaf29 100644
--- a/src/agents/tool-policy-pipeline.ts
+++ b/src/agents/tool-policy-pipeline.ts
@@ -1,5 +1,6 @@
 import { filterToolsByPolicy } from "./pi-tools.policy.js";
 import type { AnyAgentTool } from "./pi-tools.types.js";
+import { isKnownCoreToolId } from "./tool-catalog.js";
 import {
   buildPluginToolGroups,
   expandPolicyWithPluginGroups,
@@ -91,9 +92,15 @@ export function applyToolPolicyPipeline(params: {
       const resolved = stripPluginOnlyAllowlist(policy, pluginGroups, coreToolNames);
       if (resolved.unknownAllowlist.length > 0) {
         const entries = resolved.unknownAllowlist.join(", ");
-        const suffix = resolved.strippedAllowlist
-          ? "Ignoring allowlist so core tools remain available. Use tools.alsoAllow for additive plugin tool enablement."
-          : "These entries won't match any tool unless the plugin is enabled.";
+        const gatedCoreEntries = resolved.unknownAllowlist.filter((entry) =>
+          isKnownCoreToolId(entry),
+        );
+        const otherEntries = resolved.unknownAllowlist.filter((entry) => !isKnownCoreToolId(entry));
+        const suffix = describeUnknownAllowlistSuffix({
+          strippedAllowlist: resolved.strippedAllowlist,
+          hasGatedCoreEntries: gatedCoreEntries.length > 0,
+          hasOtherEntries: otherEntries.length > 0,
+        });
         params.warn(
           `tools: ${step.label} allowlist contains unknown entries (${entries}). ${suffix}`,
         );
@@ -106,3 +113,20 @@ export function applyToolPolicyPipeline(params: {
   }
   return filtered;
 }
+
+function describeUnknownAllowlistSuffix(params: {
+  strippedAllowlist: boolean;
+  hasGatedCoreEntries: boolean;
+  hasOtherEntries: boolean;
+}): string {
+  const preface = params.strippedAllowlist
+    ? "Ignoring allowlist so core tools remain available."
+    : "";
+  const detail =
+    params.hasGatedCoreEntries && params.hasOtherEntries
+      ? "Some entries are shipped core tools but unavailable in the current runtime/provider/model/config; other entries won't match any tool unless the plugin is enabled."
+      : params.hasGatedCoreEntries
+        ? "These entries are shipped core tools but unavailable in the current runtime/provider/model/config."
+        : "These entries won't match any tool unless the plugin is enabled.";
+  return preface ? `${preface} ${detail}` : detail;
+}