fix: address tool policy review feedback

amknight · amknight · commit 8630375ad3b4 · 2026-04-30T22:10:50.000+10:00
diff --git a/src/agents/pi-tools.policy.ts b/src/agents/pi-tools.policy.ts
@@ -27,7 +27,11 @@ import {
   type SubagentSessionRole,
 } from "./subagent-capabilities.js";
 import { isToolAllowedByPolicies, isToolAllowedByPolicyName } from "./tool-policy-match.js";
-import { normalizeToolName } from "./tool-policy.js";
+import {
+  mergeAlsoAllowPolicy,
+  normalizeToolName,
+  resolveToolProfilePolicy,
+} from "./tool-policy.js";
 
 /**
  * Tools always denied for sub-agents regardless of depth.
@@ -426,12 +430,18 @@ export function resolveEffectiveToolPolicy(params: {
   const explicitProfileAlsoAllow =
     resolveExplicitProfileAlsoAllow(agentTools) ?? resolveExplicitProfileAlsoAllow(globalTools);
 
-  // Warn affected users about removed implicit grants (#47487).
+  // Warn affected users about removed implicit grants (#47487), but only when
+  // the active profile/explicit alsoAllow do not already grant those tools.
   if (profile) {
     const implicitGrants = detectImplicitProfileGrants({ globalTools, agentTools });
     if (implicitGrants) {
-      const alreadyCovered = new Set(explicitProfileAlsoAllow ?? []);
-      const uncovered = implicitGrants.filter((t) => !alreadyCovered.has(t));
+      const profilePolicy = mergeAlsoAllowPolicy(
+        resolveToolProfilePolicy(profile),
+        explicitProfileAlsoAllow,
+      );
+      const uncovered = implicitGrants.filter(
+        (toolName) => !isToolAllowedByPolicyName(toolName, profilePolicy),
+      );
       if (uncovered.length > 0) {
         logWarn(
           `tools policy: profile "${profile}"${agentId ? ` (agent "${agentId}")` : ""} has ` +
diff --git a/src/media/local-roots.test.ts b/src/media/local-roots.test.ts
@@ -154,14 +154,26 @@ describe("local media roots", () => {
       shouldContainPictures: false,
     },
     {
-      name: "widens media roots again when messaging-profile agents explicitly enable filesystem tools",
+      name: "does not widen media roots when messaging-profile agents only configure filesystem guards",
       stateDir: path.join("/tmp", "openclaw-messaging-fs-media-roots-state"),
       cfg: {
         tools: {
           profile: "messaging",
           fs: { workspaceOnly: false },
         },
       },
+      shouldContainPictures: false,
+    },
+    {
+      name: "widens media roots when messaging-profile agents explicitly allow reads",
+      stateDir: path.join("/tmp", "openclaw-messaging-read-media-roots-state"),
+      cfg: {
+        tools: {
+          profile: "messaging",
+          alsoAllow: ["read"] as string[],
+          fs: { workspaceOnly: false },
+        },
+      },
       shouldContainPictures: true,
     },
   ] as const)("$name", ({ stateDir, cfg, shouldContainPictures }) => {
