[Feature Request] Per-model tool policies for safe fallback behavior

[neilofneils404]

Problem

Currently, tool policies are static configuration that apply globally regardless of which model is active. This creates a dilemma:

• Small local models (≤300B params) are blocked as fallbacks when web tools are enabled, even though they could safely handle most tasks
• Manual workaround requires editing config + restarting the gateway when switching between models
• Users can't leverage local fallbacks for cost savings without sacrificing web tool access on primary models

Use Case

Users with mixed model setups want to:

• Use expensive API models (Claude, GPT-5) with full tool access for complex work
• Fall back to local/smaller models for basic chat when API credits run out
• Have the local model run safely (without web tools) without manual intervention
• Automatically restore full tool access when the API model is available again

Proposed Solution

Support per-model tool policies via tools.byModel or similar:

{
  "agents": {
    "defaults": {
      "model": {
        "primary": "anthropic/claude-sonnet-4-5",
        "fallbacks": ["ollama/gpt-oss:20b"]
      }
    }
  },
  "tools": {
    "web": {
      "search": { "enabled": true }
    },
    "byModel": {
      "ollama/gpt-oss:20b": {
        "deny": ["web_search", "web_fetch", "browser"]
      }
    }
  }
}

When OpenClaw switches models (whether via fallback, explicit switch, or any other mechanism), it would:

1. Check if the active model has specific tool restrictions
2. Merge/apply those restrictions on top of the base tool policy
3. Restore base policy when switching back

Current Workaround

None that's practical. Users must either:

• Manually edit config when credits run out (then restart gateway)
• Remove web tools entirely (losing functionality on capable models)
• Not use local fallbacks at all

Benefits

• Safe fallback behavior - small models can serve as backup without security risks
• Cost optimization - users can ride out API credit exhaustion without service interruption
• No manual intervention - tool policies adjust automatically based on active model
• Backwards compatible - only applies when tools.byModel is configured

Related

• Related to [Feature Request] Natural language model switching in conversation #6717 (natural language model switching)
• Complements the existing security policy that blocks small models + web tools
• Would make local fallbacks actually usable in real-world scenarios

Environment

• OpenClaw 2026.2.1
• Primary: anthropic/claude-sonnet-4-5
• Fallback candidate: ollama/gpt-oss:20b (currently blocked by security policy)

[ebwagner]

👍 This would be really useful. We're running a mixed setup (Opus 4.6 primary, local Ollama fallback) and currently handle this with manual task-based routing — only spawning local models for trusted-input tasks. Per-model tool policies would let us put Ollama in the actual fallback chain safely. Looking forward to this.

[PaulMDiaz]

Use case: Diagnostic fallback when primary provider is unavailable

I'd like to use a local model (Qwen 3.5 35B) as a last-resort fallback — not to continue full autonomous operation, but to help diagnose why my primary models (Anthropic) are failing.

This morning I hit Anthropic rate limits at 4am, and all three fallbacks failed (rate limit cascade + auth cooldown + misconfigured model name). Having a local model available in read-only mode would have let me:

• Read logs and status
• Understand what went wrong
• Get instructions for manual fixes

Without being able to:

• Execute commands that modify state
• Send external messages
• Write/edit files

The proposed tools.byModel with a deny list would be perfect for this:

{
  "tools": {
    "byModel": {
      "ollama/qwen3.5:35b": {
        "deny": ["exec", "write", "edit", "message", "gateway"]
      }
    }
  }
}

This would make local fallbacks genuinely useful for resilience without the security risks of giving a smaller model full tool access.

[steipete]

Closing this as implemented after Codex review.
Current main already supports per-model tool policy overrides via tools.byProvider keys that can be either a provider id or a full provider/model id, which covers the requested safe-fallback use case.
What I checked:

• Config type documents provider/model keys: AgentToolsConfig.byProvider is documented as accepting overrides keyed by either a provider id or provider/model.
  So I’m closing this as already implemented rather than keeping a duplicate issue open.
  Review notes: reviewed against a2221d6b4709; fix evidence: release 2026.1.12.