fix(tools): skip denied optional media factories

[dorukardahan]

Summary

• Pass explicit tool denylist entries into OpenClaw tool factory planning.
• Skip optional image, video, music, and PDF factories when the effective policy already denies those tools.
• Add regression coverage for denylist-aware factory planning and the pi-tools handoff.

Why

I hit this on my VPS while investigating gateway latency. A cron and agent turn spent about 5.1 s in openclaw-tools:pdf-tool during core-plugin-tools prep, even though the tool was not needed for that run.

Current main already avoids optional media and PDF factories when an explicit allowlist cannot expose them. This PR adds the matching denylist side, so tools that will be filtered out later are not built on the hot path.

This is intentionally narrower than #73039 and complementary to #76728. It does not memoize factory output.

Helps #76606 and #76500.

Tests

• pnpm test src/agents/openclaw-tools.media-factory-plan.test.ts src/agents/pi-tools.create-openclaw-coding-tools.test.ts
• pnpm exec oxfmt --check --threads=1 CHANGELOG.md src/agents/openclaw-tools.ts src/agents/pi-tools.ts src/agents/tool-policy.ts src/agents/openclaw-tools.media-factory-plan.test.ts src/agents/pi-tools.create-openclaw-coding-tools.test.ts
• git diff --check
• pnpm tsgo:core:test
• pnpm check:changed

Real-world validation

On my OpenClaw VPS, adding an explicit tools allowlist for the cron-heavy agent removed the unwanted pdf-tool prep path. After hot reload, an 8 minute observation window had no new prep stages, no pdf-tool prep logs, and no Slack disconnect or DNS error logs.

AI-assisted

Yes. I used Codex, reviewed the diff, and ran the tests above.

[dorukardahan]

@codex review

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR threads explicit tool denylists into optional media/PDF factory planning, forwards them from createOpenClawCodingTools, adds regression coverage, and records a changelog entry.

Reproducibility: yes. Current main passes allowlists into optional factory planning but leaves denylists to the later policy pipeline, so a denied optional media/PDF tool can still be constructed before filtering.

Next step before merge
No repair lane is needed because I found no blocking patch defect; the next action is ordinary maintainer review and CI on the PR head.

Security
Cleared: The diff changes in-process tool policy planning, tests, and changelog text only; it does not broaden permissions or alter CI, dependencies, secrets, packaging, or code-download paths.

Review details

Best possible solution:

Land the narrow denylist-aware planning change after CI, while keeping broader factory memoization and no-tools semantics in the existing related work.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main passes allowlists into optional factory planning but leaves denylists to the later policy pipeline, so a denied optional media/PDF tool can still be constructed before filtering.

Is this the best way to solve the issue?

Yes. The PR reuses the existing policy matcher semantics, forwards the same explicit policy inputs earlier, and avoids taking on the broader memoization design.

What I checked:

• Current main is allowlist-only in media factory planning: resolveOptionalMediaToolFactoryPlan accepts toolAllowlist and checks image/video/music/pdf against that allowlist, but current main has no parallel denylist input before creating the optional factories. (src/agents/openclaw-tools.ts:157, 7f6798094ce9)
• Current pi-tools only forwards allowlists to factory planning: createOpenClawCodingTools currently collects explicit allowlist entries and passes pluginToolAllowlist into createOpenClawTools; denied tools are filtered later by the policy pipeline. (src/agents/pi-tools.ts:608, 7f6798094ce9)
• Policy contract says deny wins: The tools docs state that tools.allow / tools.deny control callable tools and that deny always wins over allow, matching the PR's early-planning direction. Public docs: docs/tools/index.md. (docs/tools/index.md:124, 7f6798094ce9)
• PR adds focused regression coverage: The provided PR diff adds denylist-aware optional media factory planning tests and a createOpenClawCodingTools handoff test that expects pluginToolDenylist to be passed to OpenClaw tool creation. (src/agents/openclaw-tools.media-factory-plan.test.ts:247, 0e43d97b7d30)
• Related performance scope is accounted for: The PR body scopes this as narrower than perf(tools): memoize media + web tool factories in createOpenClawTools #73039, complementary to the merged PDF-cache work in fix(pdf-tool): cache model config resolution per agentDir to avoid 10-12s event-loop stalls (#76644) #76728, and helpful for the agent-turn latency reports in core-plugin-tools takes ~30s per turn; no apparent supported no-tools mode for agentTurn #76606 and pdf-tool adds ~3.5s overhead per agent run from eager pdfjs-dist import in core-plugin-tool stages #76500. (0e43d97b7d30)

Likely related people:

• shakkernerd: The prior ClawSweeper review context ties recent optional media factory planning and manifest-backed availability work to this contributor, which is the exact helper this PR extends. (role: introduced adjacent behavior; confidence: medium; commits: 44afab628eb5, 186b8e44dce2, 3cf1dd982ba0; files: src/agents/openclaw-tools.ts, src/agents/openclaw-tools.media-factory-plan.test.ts)
• hclsys: The merged fix(pdf-tool): cache model config resolution per agentDir to avoid 10-12s event-loop stalls (#76644) #76728 PDF-tool performance fix is in the same optional PDF factory path and appears on current main as recent history for the affected files. (role: recent adjacent maintainer; confidence: high; commits: 02b1075a57; files: src/agents/openclaw-tools.ts, src/agents/tools/pdf-tool.ts)
• obviyus: The prior review context links recent plugin-only allowlist/tool-construction work to the same pi-tools handoff path that this PR updates for denylists. (role: adjacent owner; confidence: medium; commits: 02d7ad482083; files: src/agents/pi-tools.ts)
• steipete: Local history and the PR timeline show recent maintenance across the affected agent tool files plus the latest force-pushed PR commit adjusting wildcard denylist behavior. (role: recent maintainer; confidence: high; commits: 96b574f486e7, 0e43d97b7d30; files: src/agents/openclaw-tools.ts, src/agents/pi-tools.ts, src/agents/tool-policy.ts)

Remaining risk / open question:

• I did not rerun the PR's Vitest, formatter, typecheck, or changed-gate commands in this read-only sweep.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 7f6798094ce9.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Bravo.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[steipete]

Landed via rebase onto main.

• Gate: pnpm test src/agents/openclaw-tools.media-factory-plan.test.ts src/agents/pi-tools.create-openclaw-coding-tools.test.ts; pnpm exec oxfmt --check --threads=1 CHANGELOG.md src/agents/openclaw-tools.ts src/agents/openclaw-tools.media-factory-plan.test.ts src/agents/pi-tools.ts src/agents/tool-policy.ts src/agents/pi-tools.create-openclaw-coding-tools.test.ts; git diff --check; Testbox pnpm check:changed (tbx_01kqq98wtsrzvdqe5hp87waezk). Exact-head PR CI was green on 0e43d97b7d3014a1abd8eb2d8fa2c9aed28997d6 before merge.
• Source head: 0e43d97
• Landed commits: 0739cb19b7 and fb9030ff67

Thanks @dorukardahan!

[dorukardahan]

Thanks for landing it and for the clean rebase.

i checked the landed commits. The main behavior i wanted is still there: optional media and pdf factories stay skipped when not allowed, but explicit allowed tools still work.

The extra gate looks good to me.