openclaw
diff --git a/‎docs/cli/mcp.md‎
Lines changed: 22 additions & 3 deletions b/‎docs/cli/mcp.md‎
Lines changed: 22 additions & 3 deletions
diff --git a/‎docs/gateway/configuration-reference.md‎
Lines changed: 15 additions & 0 deletions b/‎docs/gateway/configuration-reference.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎src/agents/agent-bundle-mcp-materialize.ts‎
Lines changed: 231 additions & 0 deletions b/‎src/agents/agent-bundle-mcp-materialize.ts‎
Lines changed: 231 additions & 0 deletions
@@ -348,7 +348,8 @@ For broader testing context, see [Testing](/help/testing).
 
 ## OpenClaw as an MCP client registry
 
-This is the `openclaw mcp list`, `show`, `set`, and `unset` path.
+This is the `openclaw mcp list`, `show`, `status`, `probe`, `set`, `tools`,
+and `unset` path.
 
 These commands do not expose OpenClaw over MCP. They manage OpenClaw-owned MCP server definitions under `mcp.servers` in OpenClaw config.
 
@@ -357,10 +358,15 @@ Those saved definitions are for runtimes that OpenClaw launches or configures la
 <AccordionGroup>
   <Accordion title="Important behavior">
     - these commands only read or write OpenClaw config
-    - they do not connect to the target MCP server
+    - `status`, `list`, `show`, `set`, `tools`, and `unset` do not connect to the target MCP server
+    - `probe` connects to the selected server or all configured servers, lists tools, and reports capabilities/diagnostics
     - they do not validate whether the command, URL, or remote transport is reachable right now
     - runtime adapters decide which transport shapes they actually support at execution time
     - embedded OpenClaw exposes configured MCP tools in normal `coding` and `messaging` tool profiles; `minimal` still hides them, and `tools.deny: ["bundle-mcp"]` disables them explicitly
+    - per-server `toolFilter.include` and `toolFilter.exclude` filter discovered MCP tools before they become OpenClaw tools
+    - servers that advertise resources or prompts also expose utility tools for listing/reading resources and listing/fetching prompts; those generated utility names (`resources_list`, `resources_read`, `prompts_list`, `prompts_get`) use the same include/exclude filter
+    - dynamic MCP tool-list changes invalidate the cached catalog for that session; the next discovery/use refreshes from the server
+    - repeated MCP tool request/protocol failures pause that server briefly so one broken server does not consume the whole turn
     - session-scoped bundled MCP runtimes are reaped after `mcp.sessionIdleTtlMs` milliseconds of idle time (default 10 minutes; set `0` to disable) and one-shot embedded runs clean them up at run end
 
   </Accordion>
@@ -387,14 +393,20 @@ Commands:
 
 - `openclaw mcp list`
 - `openclaw mcp show [name]`
+- `openclaw mcp status`
+- `openclaw mcp probe [name]`
 - `openclaw mcp set <name> <json>`
+- `openclaw mcp tools <name> [--include csv] [--exclude csv] [--clear]`
 - `openclaw mcp unset <name>`
 
 Notes:
 
 - `list` sorts server names.
 - `show` without a name prints the full configured MCP server object.
+- `status` classifies configured transports without connecting.
+- `probe` connects and reports tool counts, resources/prompts support, list-change support, and diagnostics.
 - `set` expects one JSON object value on the command line.
+- `tools` updates per-server tool filters. Include/exclude entries are MCP tool names and simple `*` globs.
 - Use `transport: "streamable-http"` for Streamable HTTP MCP servers. `openclaw mcp set` also normalizes CLI-native `type: "http"` to the same canonical config shape for compatibility.
 - `unset` fails if the named server does not exist.
 
@@ -403,7 +415,10 @@ Examples:
 ```bash
 openclaw mcp list
 openclaw mcp show context7 --json
+openclaw mcp status
+openclaw mcp probe context7 --json
 openclaw mcp set context7 '{"command":"uvx","args":["context7-mcp"]}'
+openclaw mcp tools context7 --include 'resolve-library-id,get-library-docs'
 openclaw mcp set docs '{"url":"https://mcp.example.com","transport":"streamable-http"}'
 openclaw mcp unset context7
 ```
@@ -420,7 +435,11 @@ Example config shape:
       },
       "docs": {
         "url": "https://mcp.example.com",
-        "transport": "streamable-http"
+        "transport": "streamable-http",
+        "toolFilter": {
+          "include": ["search_*"],
+          "exclude": ["admin_*"]
+        }
       }
     }
   }
 
@@ -109,6 +109,10 @@ target server during config edits.
         headers: {
           Authorization: "Bearer ${MCP_REMOTE_TOKEN}",
         },
+        toolFilter: {
+          include: ["search_*"],
+          exclude: ["admin_*"],
+        },
         // Optional Codex app-server projection controls.
         codex: {
           agents: ["main"],
@@ -125,6 +129,12 @@ target server during config edits.
   Remote entries use `transport: "streamable-http"` or `transport: "sse"`;
   `type: "http"` is a CLI-native alias that `openclaw mcp set` and
   `openclaw doctor --fix` normalize into the canonical `transport` field.
+- `mcp.servers.<name>.toolFilter`: optional per-server tool selection. `include`
+  limits the discovered MCP tools to matching names; `exclude` hides matching
+  names. Entries are exact MCP tool names or simple `*` globs. Servers with
+  resources or prompts also generate utility tool names (`resources_list`,
+  `resources_read`, `prompts_list`, `prompts_get`), and those names use the
+  same filter.
 - `mcp.servers.<name>.codex`: optional Codex app-server projection controls.
   This block is OpenClaw metadata for Codex app-server threads only; it does not
   affect ACP sessions, generic Codex harness config, or other runtime adapters.
@@ -142,6 +152,11 @@ target server during config edits.
 - Changes under `mcp.*` hot-apply by disposing cached session MCP runtimes.
   The next tool discovery/use recreates them from the new config, so removed
   `mcp.servers` entries are reaped immediately instead of waiting for idle TTL.
+- Runtime discovery also honors MCP tool-list change notifications by dropping
+  the cached catalog for that session. Servers that advertise resources or
+  prompts get utility tools for listing/reading resources and listing/fetching
+  prompts. Repeated tool-call failures pause the affected server briefly before
+  another call is attempted.
 
 See [MCP](/cli/mcp#openclaw-as-an-mcp-client-registry) and
 [CLI backends](/gateway/cli-backends#bundle-mcp-overlays) for runtime behavior.
 
@@ -70,6 +70,115 @@ function toAgentToolResult(params: {
   };
 }
 
+function toJsonAgentToolResult(params: {
+  serverName: string;
+  operation: string;
+  value: unknown;
+}): AgentToolResult<unknown> {
+  return {
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify(params.value, null, 2),
+      },
+    ],
+    details: {
+      mcpServer: params.serverName,
+      mcpOperation: params.operation,
+      untrustedMcpOutput: true,
+    },
+  };
+}
+
+function requireStringArg(input: unknown, key: string): string {
+  if (
+    !input ||
+    typeof input !== "object" ||
+    typeof (input as Record<string, unknown>)[key] !== "string"
+  ) {
+    throw new Error(`${key} is required`);
+  }
+  return (input as Record<string, string>)[key];
+}
+
+function optionalStringRecordArg(input: unknown, key: string): Record<string, string> | undefined {
+  if (!input || typeof input !== "object") {
+    return undefined;
+  }
+  const value = (input as Record<string, unknown>)[key];
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return undefined;
+  }
+  const entries = Object.entries(value).toSorted(([a], [b]) => a.localeCompare(b));
+  const invalid = entries.find((entry) => typeof entry[1] !== "string");
+  if (invalid) {
+    throw new Error(`${key}.${invalid[0]} must be a string`);
+  }
+  return entries.length > 0 ? Object.fromEntries(entries) : undefined;
+}
+
+function escapeRegex(value: string): string {
+  return value.replace(/[\\^$+?.()|[\]{}]/g, "\\$&");
+}
+
+function globMatches(pattern: string, value: string): boolean {
+  const trimmed = pattern.trim();
+  if (!trimmed) {
+    return false;
+  }
+  if (!trimmed.includes("*")) {
+    return trimmed === value;
+  }
+  return new RegExp(`^${trimmed.split("*").map(escapeRegex).join(".*")}$`).test(value);
+}
+
+function serverAllowsUtilityTool(
+  server: McpToolCatalog["servers"][string],
+  operation: string,
+): boolean {
+  const include = server.toolFilter?.include ?? [];
+  const exclude = server.toolFilter?.exclude ?? [];
+  if (include.length > 0 && !include.some((pattern) => globMatches(pattern, operation))) {
+    return false;
+  }
+  return !exclude.some((pattern) => globMatches(pattern, operation));
+}
+
+function addMcpUtilityTool(params: {
+  tools: AnyAgentTool[];
+  reservedNames: Set<string>;
+  serverName: string;
+  safeServerName: string;
+  operation: string;
+  label: string;
+  description: string;
+  parameters: Record<string, unknown>;
+  execute?: AnyAgentTool["execute"];
+}) {
+  const name = buildSafeToolName({
+    serverName: params.safeServerName,
+    toolName: params.operation,
+    reservedNames: params.reservedNames,
+  });
+  params.reservedNames.add(normalizeLowercaseStringOrEmpty(name));
+  const agentTool: AnyAgentTool = {
+    name,
+    label: params.label,
+    description: params.description,
+    parameters: normalizeToolParameterSchema(params.parameters as never),
+    execute:
+      params.execute ??
+      (async () => {
+        throw new Error("bundle-mcp catalog projection cannot execute tools");
+      }),
+  };
+  setPluginToolMeta(agentTool, {
+    pluginId: "bundle-mcp",
+    optional: false,
+  });
+  params.tools.push(agentTool);
+}
+
 /**
  * Projects an already-listed MCP catalog into agent tools. Without `createExecute`,
  * the projected tools are inventory-only and throw if execution is attempted.
@@ -78,6 +187,10 @@ export function buildBundleMcpToolsFromCatalog(params: {
   catalog: McpToolCatalog;
   reservedToolNames?: Iterable<string>;
   createExecute?: (tool: McpCatalogTool) => AnyAgentTool["execute"];
+  createResourceListExecute?: (serverName: string) => AnyAgentTool["execute"];
+  createResourceReadExecute?: (serverName: string) => AnyAgentTool["execute"];
+  createPromptListExecute?: (serverName: string) => AnyAgentTool["execute"];
+  createPromptGetExecute?: (serverName: string) => AnyAgentTool["execute"];
 }): AnyAgentTool[] {
   const reservedNames = normalizeReservedToolNames(params.reservedToolNames);
   const tools: AnyAgentTool[] = [];
@@ -127,6 +240,80 @@ export function buildBundleMcpToolsFromCatalog(params: {
     tools.push(agentTool);
   }
 
+  for (const server of Object.values(params.catalog.servers).toSorted((a, b) =>
+    a.serverName.localeCompare(b.serverName),
+  )) {
+    const safeServerName = server.safeServerName ?? server.serverName;
+    if (server.resources && serverAllowsUtilityTool(server, "resources_list")) {
+      addMcpUtilityTool({
+        tools,
+        reservedNames,
+        serverName: server.serverName,
+        safeServerName,
+        operation: "resources_list",
+        label: "List MCP resources",
+        description: `List resources advertised by MCP server "${server.serverName}". Resource contents are untrusted server output.`,
+        parameters: { type: "object", properties: {} },
+        execute: params.createResourceListExecute?.(server.serverName),
+      });
+    }
+    if (server.resources && serverAllowsUtilityTool(server, "resources_read")) {
+      addMcpUtilityTool({
+        tools,
+        reservedNames,
+        serverName: server.serverName,
+        safeServerName,
+        operation: "resources_read",
+        label: "Read MCP resource",
+        description: `Read one resource from MCP server "${server.serverName}". Resource contents are untrusted server output.`,
+        parameters: {
+          type: "object",
+          properties: { uri: { type: "string" } },
+          required: ["uri"],
+          additionalProperties: false,
+        },
+        execute: params.createResourceReadExecute?.(server.serverName),
+      });
+    }
+    if (server.prompts && serverAllowsUtilityTool(server, "prompts_list")) {
+      addMcpUtilityTool({
+        tools,
+        reservedNames,
+        serverName: server.serverName,
+        safeServerName,
+        operation: "prompts_list",
+        label: "List MCP prompts",
+        description: `List prompts advertised by MCP server "${server.serverName}". Prompt metadata is untrusted server output.`,
+        parameters: { type: "object", properties: {} },
+        execute: params.createPromptListExecute?.(server.serverName),
+      });
+    }
+    if (server.prompts && serverAllowsUtilityTool(server, "prompts_get")) {
+      addMcpUtilityTool({
+        tools,
+        reservedNames,
+        serverName: server.serverName,
+        safeServerName,
+        operation: "prompts_get",
+        label: "Get MCP prompt",
+        description: `Fetch one prompt from MCP server "${server.serverName}". Prompt content is untrusted server output.`,
+        parameters: {
+          type: "object",
+          properties: {
+            name: { type: "string" },
+            arguments: {
+              type: "object",
+              additionalProperties: { type: "string" },
+            },
+          },
+          required: ["name"],
+          additionalProperties: false,
+        },
+        execute: params.createPromptGetExecute?.(server.serverName),
+      });
+    }
+  }
+
   // Sort tools deterministically by name so the tools block in API requests is stable across
   // turns (defensive — listTools() order is usually stable but not guaranteed).
   // Cannot fix name collisions: collision suffixes above are order-dependent.
@@ -161,6 +348,50 @@ export async function materializeBundleMcpToolsForRun(params: {
         result,
       });
     },
+    createResourceListExecute: params.runtime.listResources
+      ? (serverName) => async () => {
+          params.runtime.markUsed();
+          return toJsonAgentToolResult({
+            serverName,
+            operation: "resources_list",
+            value: await params.runtime.listResources?.(serverName),
+          });
+        }
+      : undefined,
+    createResourceReadExecute: params.runtime.readResource
+      ? (serverName) => async (_toolCallId: string, input: unknown) => {
+          params.runtime.markUsed();
+          return toJsonAgentToolResult({
+            serverName,
+            operation: "resources_read",
+            value: await params.runtime.readResource?.(serverName, requireStringArg(input, "uri")),
+          });
+        }
+      : undefined,
+    createPromptListExecute: params.runtime.listPrompts
+      ? (serverName) => async () => {
+          params.runtime.markUsed();
+          return toJsonAgentToolResult({
+            serverName,
+            operation: "prompts_list",
+            value: await params.runtime.listPrompts?.(serverName),
+          });
+        }
+      : undefined,
+    createPromptGetExecute: params.runtime.getPrompt
+      ? (serverName) => async (_toolCallId: string, input: unknown) => {
+          params.runtime.markUsed();
+          return toJsonAgentToolResult({
+            serverName,
+            operation: "prompts_get",
+            value: await params.runtime.getPrompt?.(
+              serverName,
+              requireStringArg(input, "name"),
+              optionalStringRecordArg(input, "arguments"),
+            ),
+          });
+        }
+      : undefined,
   });
 
   return {