fix(doctor): validate tool schemas for configured agents

vincentkoc · vincentkoc · commit 748510b7a3e1 · 2026-05-28T02:17:43.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -22,6 +22,7 @@ Docs: https://docs.openclaw.ai
 ### Fixes
 
 - Security/CLI/runtime: harden hostname normalization for repeated trailing dots, block side-effecting command wrappers, reject unsafe Node runtime env overrides, reject loose numeric CLI and gateway options, require admin approval for node device-role pairing, and reject no-auth Tailscale exposure. (#87305, #87292, #87308, #87146) Thanks @pgondhi987.
+- Doctor: validate runtime tool schemas for every configured embedded agent while skipping ACP-only profiles, so bad non-default plugin or MCP tools are reported before assistant turns.
 - Telegram: route `sendMessage` action replies through durable outbound delivery so completed agent responses remain retryable when the gateway send path times out. (#87261) Thanks @mbelinky.
 - Matrix/auto-reply: keep draft previews mention-inert, preserve final mention delivery, send mention finals normally, await shared DM notices, ignore filename-embedded MXIDs, and suppress reasoning-prefixed `NO_REPLY` responses.
 - Agents/providers: add OpenAI-compatible cache retention, forward cached token usage in chat completions, preserve runtime context before active user turns, strip stale Anthropic thinking, load Claude CLI OAuth for Pi auth profiles, avoid false Codex runtime live switches, and quarantine unsupported tool schemas. (#82062, #87167, #86855)
diff --git a/src/flows/doctor-core-checks.runtime.test.ts b/src/flows/doctor-core-checks.runtime.test.ts
@@ -91,7 +91,7 @@ describe("doctor runtime tool schema checks", () => {
       checkId: "core/doctor/runtime-tool-schemas",
       severity: "error",
       message:
-        "Tool dofbot__dofbot_move_angles from plugin bundle-mcp has an unsupported input schema for runtime projection.",
+        "Agent main tool dofbot__dofbot_move_angles from plugin bundle-mcp has an unsupported input schema for runtime projection.",
       path: "mcp.servers",
       target: "dofbot__dofbot_move_angles",
       requirement: 'dofbot__dofbot_move_angles.parameters.type must be "object"',
@@ -101,6 +101,128 @@ describe("doctor runtime tool schema checks", () => {
     expect(mocks.disposeBundleRuntime).toHaveBeenCalledTimes(1);
   });
 
+  it("reports unsupported schemas exposed only to a non-default configured agent", async () => {
+    mocks.createOpenClawCodingTools.mockImplementation((options) =>
+      options?.agentId === "worker"
+        ? [tool("dofbot_move_angles", { type: "array", items: { type: "number" } })]
+        : [tool("healthy", { type: "object", properties: {} })],
+    );
+
+    await expect(
+      collectRuntimeToolSchemaFindings({
+        agents: {
+          list: [
+            { id: "main", default: true, workspace: "/tmp/shared-workspace" },
+            { id: "worker", workspace: "/tmp/shared-workspace" },
+          ],
+        },
+      }),
+    ).resolves.toContainEqual({
+      checkId: "core/doctor/runtime-tool-schemas",
+      severity: "error",
+      message:
+        "Agent worker tool dofbot_move_angles has an unsupported input schema for runtime projection.",
+      path: "tools.dofbot_move_angles",
+      target: "dofbot_move_angles",
+      requirement: 'dofbot_move_angles.parameters.type must be "object"',
+      fixHint:
+        "Disable or update the offending plugin/tool so its parameters are a JSON object schema, then rerun doctor.",
+    });
+    expect(mocks.createOpenClawCodingTools).toHaveBeenCalledWith(
+      expect.objectContaining({ agentId: "main" }),
+    );
+    expect(mocks.createOpenClawCodingTools).toHaveBeenCalledWith(
+      expect.objectContaining({ agentId: "worker" }),
+    );
+    expect(mocks.createBundleMcpToolRuntime).toHaveBeenCalledTimes(1);
+    expect(mocks.disposeBundleRuntime).toHaveBeenCalledTimes(1);
+  });
+
+  it("skips ACP-only agents because they do not use embedded tool projection", async () => {
+    mocks.createOpenClawCodingTools.mockImplementation((options) =>
+      options?.agentId === "acp-worker"
+        ? [tool("dofbot_move_angles", { type: "array", items: { type: "number" } })]
+        : [tool("healthy", { type: "object", properties: {} })],
+    );
+    mocks.createBundleMcpToolRuntime.mockImplementation(
+      async (options: { workspaceDir: string }) => ({
+        tools: options.workspaceDir.includes("acp")
+          ? [bundleMcpTool("dofbot__bad", { type: "array", items: { type: "number" } })]
+          : [],
+        dispose: mocks.disposeBundleRuntime,
+      }),
+    );
+
+    await expect(
+      collectRuntimeToolSchemaFindings({
+        agents: {
+          list: [
+            { id: "main", default: true, workspace: "/tmp/main-workspace" },
+            {
+              id: "acp-worker",
+              workspace: "/tmp/acp-workspace",
+              runtime: { type: "acp" },
+            },
+          ],
+        },
+      }),
+    ).resolves.toEqual([]);
+    expect(mocks.createOpenClawCodingTools).toHaveBeenCalledTimes(1);
+    expect(mocks.createOpenClawCodingTools).toHaveBeenCalledWith(
+      expect.objectContaining({ agentId: "main" }),
+    );
+    expect(mocks.createBundleMcpToolRuntime).toHaveBeenCalledTimes(1);
+    expect(mocks.createBundleMcpToolRuntime).toHaveBeenCalledWith(
+      expect.objectContaining({ workspaceDir: expect.stringContaining("main-workspace") }),
+    );
+  });
+
+  it("loads bundled MCP runtime once per distinct agent workspace", async () => {
+    mocks.createOpenClawCodingTools.mockReturnValue([]);
+    mocks.createBundleMcpToolRuntime.mockImplementation(
+      async (options: { workspaceDir: string }) => ({
+        tools: options.workspaceDir.includes("worker")
+          ? [
+              bundleMcpTool("dofbot__dofbot_move_angles", {
+                type: "array",
+                items: { type: "number" },
+              }),
+            ]
+          : [bundleMcpTool("healthy", { type: "object", properties: {} })],
+        dispose: mocks.disposeBundleRuntime,
+      }),
+    );
+
+    await expect(
+      collectRuntimeToolSchemaFindings({
+        agents: {
+          list: [
+            { id: "main", default: true, workspace: "/tmp/main-workspace" },
+            { id: "worker", workspace: "/tmp/worker-workspace" },
+          ],
+        },
+      }),
+    ).resolves.toContainEqual({
+      checkId: "core/doctor/runtime-tool-schemas",
+      severity: "error",
+      message:
+        "Agent worker tool dofbot__dofbot_move_angles from plugin bundle-mcp has an unsupported input schema for runtime projection.",
+      path: "mcp.servers",
+      target: "dofbot__dofbot_move_angles",
+      requirement: 'dofbot__dofbot_move_angles.parameters.type must be "object"',
+      fixHint:
+        "Disable or update the offending MCP server/tool so its parameters are a JSON object schema, then rerun doctor.",
+    });
+    expect(mocks.createBundleMcpToolRuntime).toHaveBeenCalledTimes(2);
+    expect(mocks.createBundleMcpToolRuntime).toHaveBeenCalledWith(
+      expect.objectContaining({ workspaceDir: expect.stringContaining("main-workspace") }),
+    );
+    expect(mocks.createBundleMcpToolRuntime).toHaveBeenCalledWith(
+      expect.objectContaining({ workspaceDir: expect.stringContaining("worker-workspace") }),
+    );
+    expect(mocks.disposeBundleRuntime).toHaveBeenCalledTimes(2);
+  });
+
   it("does not report bundle MCP schemas filtered out by the final runtime tool policy", async () => {
     mocks.createBundleMcpToolRuntime.mockResolvedValueOnce({
       tools: [
diff --git a/src/flows/doctor-core-checks.runtime.ts b/src/flows/doctor-core-checks.runtime.ts
