tools.toolSearch.
When enabled for OpenClaw runs, the model receives one tool_search_code tool
by default. That tool runs a short JavaScript body in an isolated Node
subprocess with an openclaw.tools bridge:
How a turn runs
At planning time the OpenClaw embedded runner builds the effective catalog for the run:- Resolve the active tool policy for the agent, profile, sandbox, and session.
- List eligible OpenClaw and plugin tools.
- List eligible MCP tools through the session MCP runtime.
- Add eligible client tools supplied for the current run.
- Index compact descriptors for search.
- Expose the OpenClaw code bridge, the structured fallback tools, or the compact directory surface to the model.
openclaw.tools.call(...) crosses the bridge back into the Gateway, where the
normal policy, approval, hook, logging, and result handling still apply.
Modes
tools.toolSearch has three model-facing modes:
code: exposestool_search_code, the default compact JavaScript bridge.tools: exposestool_search,tool_describe, andtool_callas plain structured tools for providers that should not receive code.directory: exposestool_search,tool_describe, andtool_callplus a bounded prompt directory of available tool names and descriptions for providers that should see tool names without every full schema. OpenClaw can also expose a small bounded set of likely or required tool schemas directly for the current turn.
code mode falls back to tools before catalog
compaction. In directory mode, client-provided tools stay directly visible
for the current run while OpenClaw tools, plugin tools, and MCP tools can be
compacted behind the directory catalog. A direct call to an exact hidden
directory name is hydrated from that same authorized catalog before execution.
All modes are experimental. Prefer direct tool exposure for small OpenClaw tool
catalogs, and prefer the Codex-native stable surfaces for Codex harness runs.
There is no separate source-selection config. When Tool Search is enabled, the
catalog includes eligible OpenClaw, MCP, and client tools after normal policy
filtering.
Why this exists
Large catalogs are useful but expensive. Sending every tool schema to the model makes the request larger, slows planning, and increases accidental tool selection. Tool Search changes the shape:- direct tools: the model sees every selected schema before the first token
- Tool Search code mode: the model sees one compact code tool and a short API contract
- Tool Search tools mode: the model sees three compact structured fallback tools
- Tool Search directory mode: the model sees a bounded directory plus search/describe/call controls and a small bounded set of likely or required schemas
- during the turn: the model can load remaining schemas as needed
API
openclaw.tools.search(query, options?)
Searches the effective catalog for the current run. Results are compact and safe
to put back into prompt context.
openclaw.tools.describe(id)
Loads full metadata for one search result, including the exact input schema.
openclaw.tools.call(id, args)
Calls a selected tool through OpenClaw.
tool_searchtool_describetool_call
tool_searchtool_describetool_call
tool_search to find them. If
the model requests an exact hidden directory tool name directly, OpenClaw
hydrates it from the authorized catalog before normal execution.
Directory-mode client tool names must not collide with OpenClaw, plugin, or MCP
tool names because exact deferred dispatch uses those names.
Runtime boundary
The code bridge runs in a short-lived Node subprocess. The subprocess starts with Node permission mode enabled, an empty environment, no filesystem or network grants, and no child-process or worker grants. OpenClaw enforces a parent-process wall-clock timeout and kills the subprocess on timeout, including after async continuations. The runtime exposes only:console.log,console.warn, andconsole.erroropenclaw.tools.searchopenclaw.tools.describeopenclaw.tools.call
- tool allow and deny policies
- per-agent and per-sandbox tool restrictions
- channel/runtime tool policy
- approval hooks
- plugin
before_tool_callhooks - session identity, logs, and telemetry
Config
Enable Tool Search for OpenClaw runs with the default code bridge:codeTimeoutMs to 1000-60000, maxSearchLimit to 1-50, and
searchDefaultLimit to 1..maxSearchLimit.
Disable it:
Prompt and telemetry
Tool Search records enough telemetry to compare it with direct tool exposure:- total serialized tool and prompt bytes sent to the harness
- catalog size and source breakdown
- search, describe, and call counts
- final tool calls executed through OpenClaw
- selected tool ids and sources
- how many tool schemas the model saw up front
- how many search and describe operations it performed
- which final tool was called
- whether the result came from OpenClaw, MCP, or a client tool
E2E validation
The QA Lab gateway scenario proves both paths with the OpenClaw runtime:- Direct mode can call the fake plugin tool.
- Tool Search can call the same fake plugin tool.
- Direct mode exposes the fake plugin tool schemas directly to the provider.
- Tool Search exposes only the compact bridge.
- The Tool Search request payload is smaller for the large fake catalog.
- Session logs show the expected tool-call counts and bridged call telemetry.
Failure behavior
Tool Search should fail closed:- if a tool is not in the effective policy, search should not return it
- if a selected tool becomes unavailable,
tool_callshould fail - if policy or approval blocks execution, the call result should report that block instead of bypassing it
- if the code bridge cannot create an isolated runtime, use
mode: "tools"or disable Tool Search for that deployment