






















@@ -0,0 +1,260 @@
1+---
2+summary: "Tool Search: compact large PI tool catalogs behind search, describe, and call"
3+title: "Tool Search"
4+read_when:
5+ - You want PI agents to use a large tool catalog without adding every tool schema to the prompt
6+ - You want OpenClaw tools, MCP tools, and client tools exposed through one compact PI surface
7+ - You are implementing or debugging tool discovery for PI runs
8+---
9+10+Tool Search gives PI agents one compact way to discover and call large tool
11+catalogs. It is useful when the run has many available tools but the model is
12+likely to need only a few of them.
13+14+When enabled for PI, the model receives one `tool_search_code` tool by default.
15+That tool runs a short JavaScript body in an isolated Node subprocess with an
16+`openclaw.tools` bridge:
17+18+```js
19+const hits = await openclaw.tools.search("create a GitHub issue");
20+const tool = await openclaw.tools.describe(hits[0].id);
21+return await openclaw.tools.call(tool.id, {
22+ title: "Crash on startup",
23+ body: "Steps to reproduce...",
24+});
25+```
26+27+The catalog can include OpenClaw tools, plugin tools, MCP tools, and
28+client-provided tools. The model does not see every full schema up front.
29+Instead, it searches compact descriptors, describes one selected tool when it
30+needs the exact schema, and calls that tool through OpenClaw.
31+32+Codex harness runs do not receive these OpenClaw Tool Search controls. OpenClaw
33+passes product capabilities to Codex as dynamic tools, and Codex owns native
34+code mode, native tool search, deferred dynamic tools, and nested tool calls.
35+36+## How a turn runs
37+38+At planning time the PI embedded runner builds the effective catalog for the
39+run:
40+41+1. Resolve the active tool policy for the agent, profile, sandbox, and session.
42+2. List eligible OpenClaw and plugin tools.
43+3. List eligible MCP tools through the session MCP runtime.
44+4. Add eligible client tools supplied for the current run.
45+5. Index compact descriptors for search.
46+6. Expose either the PI code bridge or the structured fallback tools to the
47+ model.
48+49+At execution time every real tool call returns to OpenClaw. The isolated Node
50+runtime does not hold plugin implementations, MCP client objects, or secrets.
51+`openclaw.tools.call(...)` crosses the bridge back into the Gateway, where the
52+normal policy, approval, hook, logging, and result handling still apply.
53+54+## Modes
55+56+`tools.toolSearch` has two model-facing modes:
57+58+- `code`: exposes `tool_search_code`, the default compact JavaScript bridge.
59+- `tools`: exposes `tool_search`, `tool_describe`, and `tool_call` as plain
60+ structured tools for providers that should not receive code.
61+62+Both modes use the same catalog and execution path. The only difference is the
63+shape the model sees. If the current runtime cannot launch the isolated Node
64+code-mode child process, the default `code` mode falls back to `tools` before
65+catalog compaction.
66+67+There is no separate source-selection config. When Tool Search is enabled, the
68+catalog includes eligible OpenClaw, MCP, and client tools after normal policy
69+filtering.
70+71+## Why this exists
72+73+Large catalogs are useful but expensive. Sending every tool schema to the model
74+makes the request larger, slows planning, and increases accidental tool
75+selection.
76+77+Tool Search changes the shape:
78+79+- direct tools: the model sees every selected schema before the first token
80+- Tool Search code mode: the model sees one compact code tool and a short API
81+ contract
82+- Tool Search tools mode: the model sees three compact structured fallback
83+ tools
84+- during the turn: the model loads only the tool schemas it actually needs
85+86+Direct tool exposure is still the right default for small catalogs. Tool Search
87+is best when one run can see many tools, especially from MCP servers or
88+client-provided app tools.
89+90+## API
91+92+`openclaw.tools.search(query, options?)`
93+94+Searches the effective catalog for the current run. Results are compact and safe
95+to put back into prompt context.
96+97+```js
98+const hits = await openclaw.tools.search("calendar event", { limit: 5 });
99+```
100+101+`openclaw.tools.describe(id)`
102+103+Loads full metadata for one search result, including the exact input schema.
104+105+```js
106+const calendarCreate = await openclaw.tools.describe("mcp:calendar:create_event");
107+```
108+109+`openclaw.tools.call(id, args)`
110+111+Calls a selected tool through OpenClaw.
112+113+```js
114+await openclaw.tools.call(calendarCreate.id, {
115+ summary: "Planning",
116+ start: "2026-05-09T14:00:00Z",
117+});
118+```
119+120+The structured fallback mode exposes the same operations as tools:
121+122+- `tool_search`
123+- `tool_describe`
124+- `tool_call`
125+126+## Runtime boundary
127+128+The code bridge runs in a short-lived Node subprocess. The subprocess starts
129+with Node permission mode enabled, an empty environment, no filesystem or
130+network grants, and no child-process or worker grants. OpenClaw enforces a
131+parent-process wall-clock timeout and kills the subprocess on timeout, including
132+after async continuations.
133+134+The runtime exposes only:
135+136+- `console.log`, `console.warn`, and `console.error`
137+- `openclaw.tools.search`
138+- `openclaw.tools.describe`
139+- `openclaw.tools.call`
140+141+Normal OpenClaw behavior still applies to final calls:
142+143+- tool allow and deny policies
144+- per-agent and per-sandbox tool restrictions
145+- owner-only gating
146+- approval hooks
147+- plugin `before_tool_call` hooks
148+- session identity, logs, and telemetry
149+150+## Config
151+152+Enable Tool Search for PI runs with the default code bridge:
153+154+```bash
155+openclaw config set tools.toolSearch true
156+```
157+158+Equivalent JSON:
159+160+```json5
161+{
162+ tools: {
163+ toolSearch: true,
164+ },
165+}
166+```
167+168+Use the structured fallback tools instead for PI runs:
169+170+```json5
171+{
172+ tools: {
173+ toolSearch: {
174+ mode: "tools",
175+ },
176+ },
177+}
178+```
179+180+Tune code-mode timeout and search result limits:
181+182+```json5
183+{
184+ tools: {
185+ toolSearch: {
186+ mode: "code",
187+ codeTimeoutMs: 10000,
188+ searchDefaultLimit: 8,
189+ maxSearchLimit: 20,
190+ },
191+ },
192+}
193+```
194+195+Disable it:
196+197+```json5
198+{
199+ tools: {
200+ toolSearch: false,
201+ },
202+}
203+```
204+205+## Prompt and telemetry
206+207+Tool Search records enough telemetry to compare it with direct tool exposure:
208+209+- total serialized tool and prompt bytes sent to the harness
210+- catalog size and source breakdown
211+- search, describe, and call counts
212+- final tool calls executed through OpenClaw
213+- selected tool ids and sources
214+215+Session logs should make it possible to answer:
216+217+- how many tool schemas the model saw up front
218+- how many search and describe operations it performed
219+- which final tool was called
220+- whether the result came from OpenClaw, MCP, or a client tool
221+222+## E2E validation
223+224+The gateway E2E runner proves both paths with the PI harness:
225+226+```bash
227+node --import tsx scripts/tool-search-gateway-e2e.ts
228+```
229+230+It creates a temporary fake plugin with a large tool catalog, starts the mock
231+OpenAI provider, starts a Gateway once in direct mode and once with Tool Search
232+enabled, then compares provider request payloads and session logs.
233+234+The regression proves:
235+236+1. Direct mode can call the fake plugin tool.
237+2. Tool Search can call the same fake plugin tool.
238+3. Direct mode exposes the fake plugin tool schemas directly to the provider.
239+4. Tool Search exposes only the compact bridge.
240+5. The Tool Search request payload is smaller for the large fake catalog.
241+6. Session logs show the expected tool-call counts and bridged call telemetry.
242+243+## Failure behavior
244+245+Tool Search should fail closed:
246+247+- if a tool is not in the effective policy, search should not return it
248+- if a selected tool becomes unavailable, `tool_call` should fail
249+- if policy or approval blocks execution, the call result should report that
250+ block instead of bypassing it
251+- if the code bridge cannot create an isolated runtime, use `mode: "tools"` or
252+ disable Tool Search for that deployment
253+254+## Related
255+256+- [Tools and plugins](/tools)
257+- [Multi-agent sandbox and tools](/tools/multi-agent-sandbox-tools)
258+- [Exec tool](/tools/exec)
259+- [ACP agents setup](/tools/acp-agents-setup)
260+- [Building plugins](/plugins/building-plugins)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。