[Bug] tools.profile (coding) warns about apply_patch as unknown entry on non-OpenAI providers

[Adam-Researchh]

Summary

When using the built-in coding tools profile with a non-OpenAI provider (e.g. Anthropic), the gateway logs a warning on every session init:

[tools] tools.profile (coding) allowlist contains unknown entries (apply_patch).
These entries won't match any tool unless the plugin is enabled.

This fires repeatedly — on every session start, reset, and tool policy evaluation.

Root Cause

The coding profile's allowlist includes apply_patch (which is an OpenAI-specific tool for multi-file patches). When the active provider is Anthropic/Claude, apply_patch is never registered as a tool, so stripPluginOnlyAllowlist() in tool-policy-pipeline.ts flags it as an unknown entry.

The tool IS in DEFAULT_TOOL_ALLOW and TRUSTED_TOOL_RESULT_MEDIA, so it's intentionally part of the ecosystem — it's just provider-specific.

Impact

• Warning noise in logs on every session lifecycle event
• Confusing for users who haven't configured anything custom — the warning suggests misconfiguration but it's the built-in profile
• Makes it harder to spot real warnings in log output

Expected Behavior

Provider-specific tools in built-in profiles should either:

1. Be silently ignored when the provider doesn't support them (no warning)
2. Be conditionally included in the profile based on the active provider
3. At minimum, the warning should be downgraded to debug level for built-in profile entries

Reproduction

1. Set tools.profile: "coding" in openclaw.json (or use it as default)
2. Use any non-OpenAI provider (e.g. anthropic/claude-sonnet-4-6)
3. Start a session
4. Check gateway.err.log — warning appears

Environment

• OpenClaw 2026.3.7
• Provider: anthropic/claude-opus-4-6
• Config: tools.profile: "coding", tools.exec.security: "full"

[Adam-Researchh]

Correction: This warning also fires on OpenAI/Codex providers (GPT 5.4 via openai-codex), not just non-OpenAI. Log evidence:

2026-03-08T23:00:00.132-04:00 [tools] tools.profile (coding) allowlist contains unknown entries (apply_patch, cron).

This was during an active openai-codex/gpt-5.4 session. So apply_patch is not being registered as a tool on any provider in 2026.3.7, despite being listed in DEFAULT_TOOL_ALLOW and TRUSTED_TOOL_RESULT_MEDIA.

Also notable: cron appears as unknown in some entries too (likely before the cron tool registers on startup — similar race condition to the mnemosyne context engine load-order issue we reported in #40527).

[Adam-Researchh]

Updated Root Cause (after source investigation)

GPT 5.4 was right to flag this. apply_patch is an experimental, gated tool — not just a provider compatibility issue.

The gating logic (line 70907 in reply-C5LKjXcC.js):

const applyPatchEnabled = !!applyPatchConfig?.enabled 
  && isOpenAIProvider(options?.modelProvider) 
  && isApplyPatchAllowedForModel({
    modelProvider: options?.modelProvider,
    modelId: options?.modelId,
    allowModels: applyPatchConfig?.allowModels
  });

Three conditions must ALL be true:

1. tools.exec.applyPatch.enabled: true in config (we don't have this)
2. Provider must be OpenAI or OpenAI-Codex (isOpenAIProvider() check)
3. Model must match applyPatch.allowModels whitelist

Since we never set tools.exec.applyPatch.enabled: true, the tool never registers on ANY provider — OpenAI or not. That's why it shows as "unknown" universally.

Config to enable (per #17087):

{
  "tools": {
    "exec": {
      "applyPatch": { "enabled": true, "allowModels": ["gpt-5.2", "gpt-5.4"] }
    }
  }
}

But even with enabled: true, it would ONLY work on OpenAI models (hardcoded isOpenAIProvider() check). #17087 is the feature request to generalize it to all providers.

The real fix is already in PR #38849

PR #38849 (fix(agents): clarify unavailable core tool warnings) teaches the warning pipeline to distinguish between truly unknown tools vs known-but-unavailable-in-this-context tools. This would downgrade the warning to something like "allowlist includes known tools unavailable in this runtime context (apply_patch)" instead of the current misleading "unknown entries" message.

This issue is effectively a duplicate of what #38849 addresses. Linking for reference.

[Adam-Researchh]

Closing — this is effectively covered by existing work:

• PR fix(agents): clarify unavailable core tool warnings #38849 fixes the misleading warning message ("unknown entries" → "known tools unavailable in this runtime context")
• Feature: Generalize apply_patch to all model providers (not just OpenAI) #17087 tracks generalizing apply_patch beyond OpenAI-only providers

Root cause: apply_patch is an experimental, triple-gated tool (applyPatch.enabled + OpenAI provider + model allowlist). The coding profile includes it in its allowlist, but the tool never registers unless explicitly opted in. The warning is technically correct but poorly worded — #38849 addresses that.