fix(code-mode): sharpen exec tool description so models stop wasting turns rediscovering constraints

[Kaspre]

Problem

When OpenClaw code mode is enabled, the exec tool's description tells the model to use tools.search / describe / call to call enabled tools but does not state any of the runtime's actual constraints. In observed agent traces, the model burns turns rediscovering them:

• It tries language: "bash" because "code mode" reads as "any code"; gets rejected.
• It writes require('fs') (or another Node built-in) to do I/O; gets "code mode module access is disabled." and loops trying simpler constructs (let x = 1, bare expression) to figure out which patterns are allowed.
• It rediscovers, turn by turn, that Node modules are unavailable and that the catalog bridge is the only path to I/O.

Change and value

Sharpen the description so the model sees the constraints up front:

• Node modules and require / import are NOT available.
• The language field accepts only "javascript" or "typescript".
• The catalog bridge is the path for shell, file, network, or external action: tools.search(query) finds enabled catalog entries, then code should pass entry.id to tools.describe(entry.id) and tools.call(entry.id, args).
• Catalog calls still go only through enabled tools allowed by existing policy.

Parameter descriptions also state which symbols are in scope (tools, ALL_TOOLS) versus what is not (Node built-ins).

No runtime behavior changes — only the tool-card text the model sees.

Who's affected

All agents with code mode enabled (globally or per-agent), regardless of provider. Most directly: models that don't already know the catalog-bridge contract from training-set examples — typically smaller open-weight models routed through the Pi-embedded-runner.

Why now

Per-agent code mode shipped in 2026.5.18 (#83473). A controlled re-enable for evaluation surfaced sessions where the agent spent 6+ turns probing the same constraints before stabilizing on the bridge pattern. Description-only fixes are the cheapest path to reduce that floor; the rest of the friction is structural and will need separate work.

Implementation

src/agents/code-mode.ts — createCodeModeTools:

• exec tool description expanded with the three constraints.
• Bridge guidance uses the documented id-based flow: search for entries, then call describe / call with entry.id.
• code parameter description states scope explicitly (tools and ALL_TOOLS in scope; Node built-ins not).
• language parameter description states the enum.

src/agents/code-mode.test.ts:

• Adds regression coverage that the model-visible exec description and parameter descriptions keep those runtime constraints visible.

Real behavior proof

• Behavior or issue addressed: When code mode is enabled, models routed through the Pi-embedded-runner can waste turns rediscovering that language: "bash" is rejected, that require / import is unavailable, and that the tools.search / describe / call bridge is the path to I/O. The current exec description does not state any of those constraints; agents must discover them by trial and error at runtime.

• Real environment tested: OpenClaw 2026.5.18 stable (commit 50a2481); agent routed to ollama-cloud/kimi-k2.6 via the Pi-embedded-runner; tools.codeMode.enabled: true (per-agent override per fix(code-mode): honor agent scoped code mode #83473 schema). Same agent, same model, same prompt across before/after for the live delivery proof. Final-head schema readback was run from this PR branch at e75ca8e7bb34dfc76a6e6dc23397e571353a09e2. CI-shaped validation was run on the PR merge ref in Crabbox/GCP.

• Exact steps or command run after this patch:

  # Live delivery proof — same prompt before and after patching the running dist:
  PROBE='Without calling any tools, recite the description text of the `exec` tool exactly as it appears in your tool definitions. Quote it verbatim and reply with just that text.'
  
  openclaw agent --local --agent <pi-runtime-codemode-agent> --timeout 120 \
    --model ollama-cloud/kimi-k2.6 --thinking low \
    --session-id "cm-rbp-<phase>-$(date +%s)" \
    -m "$PROBE" --json
  
  # Final-head schema readback at e75ca8e7bb:
  node --import tsx -e 'import { createCodeModeTools } from "./src/agents/code-mode.ts"; import { createToolSearchCatalogRef } from "./src/agents/tool-search.ts"; const config = { tools: { codeMode: true } }; const [execTool] = createCodeModeTools({ config, runtimeConfig: config, sessionId: "schema-proof", sessionKey: "agent:main:main", runId: "schema-proof", catalogRef: createToolSearchCatalogRef() }); console.log(execTool.description);'
  
  # Remote merge-ref validation in Crabbox/GCP:
  pnpm install --frozen-lockfile --reporter=append-only
  pnpm build
  pnpm tsgo:core:test
  pnpm check:changed

• Evidence after fix: Live agent dispatches (recitation probe, fresh sessions) at 2026-05-19T20:28Z (before-patch dist) and 2026-05-19T20:42Z (after-patch dist) returned the following final payloads.

  Before (main dist; agent reads OLD description):

  Run JavaScript or TypeScript in OpenClaw code mode. Use ALL_TOOLS and tools.search/describe/call inside the code to discover and call enabled tools.
  

  No statement that require / import is blocked. No statement that language rejects values other than javascript / typescript. The model has to discover these by trying them.

  Live delivery after initial patch (dist patched to this PR's description block; agent reads NEW description):

  Run JavaScript or TypeScript in OpenClaw code mode. Node.js modules and `require`/`import` are NOT available — for any shell, file, network, or external action, use the catalog bridge from inside your code: `tools.search(query)` to find tools, `tools.describe(name)` for the input schema, then `tools.call(name, args)`. The `language` field accepts only "javascript" or "typescript"; do not pass "bash", "shell", or other values.
  

  The live recitation proved the model receives the model-visible description unchanged.

  Final head schema readback (e75ca8e7bb; source code path that builds the model-visible tool schema):

  Run JavaScript or TypeScript in OpenClaw code mode. Node.js modules and `require`/`import` are NOT available — for any shell, file, network, or external action, use enabled catalog tools allowed by policy from inside your code: `tools.search(query)` to find catalog entries, `tools.describe(entry.id)` for the input schema, then `tools.call(entry.id, args)`. The `language` field accepts only "javascript" or "typescript"; do not pass "bash", "shell", or other values.
  

  Final-head source assertions also checked the code parameter mentions tools, ALL_TOOLS, and unavailable Node built-ins, and that language says it must be "javascript" or "typescript".

  Remote merge-ref validation (Crabbox/GCP, us-east1-b, PR merge ref containing e75ca8e7bb): pnpm install --frozen-lockfile --reporter=append-only, pnpm build, pnpm tsgo:core:test, and pnpm check:changed all exited 0. pnpm check:changed selected the core and coreTests lanes, typechecked both, linted 8652 files with 217 rules using 1 thread, and reported 0 warnings / 0 errors. Cleanup check found no remaining crabbox-* GCP instances.

• Observed result after fix: The live recitation proves the generated exec description reaches the model as its tool-card text. The final PR head now emits the safer id-based bridge wording from the same createCodeModeTools schema path, so agents see the constraints up front without being steered toward ambiguous name-based describe / call handles.

• What was not tested: A multi-trial controlled A/B measuring the rate-of-rediscovery reduction (turns spent attempting language: "bash", require(), etc., before stabilizing on the bridge pattern). The proof confirms delivery and final schema text; behavioral impact would need many trials on a model that exhibits the rediscovery loop reliably (an earlier observed instance was a real session that looped 6+ turns on code mode module access is disabled after attempting require('fs')).

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
This PR expands the model-visible code-mode exec, code, and language schema descriptions and adds a regression test asserting those runtime constraints stay visible.

Reproducibility: yes. for the source-level tool-card gap: current main's createCodeModeTools description lacks constraints that readCode, prepareSource, the worker bridge, and docs already define. No high-confidence reproduction was established for the broader statistical turn-saving claim.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Summary: Good normal PR quality: small aligned patch, sufficient live-output proof, focused regression coverage, and no blocking findings.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🌱 uncommon Frosted Patch Peep

       /\  .---.  /\         
      /  \/     \/  \        
     /   ( -   - )   \       
    |       ._.       |      
    |   /|  ===  |\   |      
     \  \|______/|/  /       
      '._  `--'  _.'         
         '-.__.-'            
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🌱 uncommon.
Trait: sparkles near resolved comments.
Image traits: location proof lagoon; accessory green check lantern; palette charcoal, cyan, and signal green; mood calm; pose standing beside its cracked shell; shell translucent glimmer shell; lighting bright celebratory glints; background tiny artifact crates.
How to hatch it: once this PR reaches status: 👀 ready for maintainer look or status: 🚀 automerge armed, the PR author or a maintainer can comment @clawsweeper hatch to turn this ASCII egg into its generated creature image.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Frosted Patch Peep in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchable usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (live_output): The PR body provides before/after live agent recitation output plus final-head schema readback proving the changed description reaches the model-visible tool schema.

Risk before merge
Why this matters: - The proof demonstrates delivery of the new tool-card text, but not a controlled multi-trial reduction in wasted model turns; the efficiency impact remains inferential.

Maintainer options:

1. Decide the mitigation before merge
   Land the narrow schema-copy and regression-test change if maintainers accept the wording, leaving quantified model-behavior measurement to follow-up work.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No repair lane is needed; there are no blocking review findings and the remaining action is ordinary maintainer review and merge workflow.

Security
Cleared: The diff only changes model-facing description strings and a colocated test; it adds no dependencies, workflow changes, secret handling, or new code execution path.

Review details

Best possible solution:

Land the narrow schema-copy and regression-test change if maintainers accept the wording, leaving quantified model-behavior measurement to follow-up work.

Do we have a high-confidence way to reproduce the issue?

Yes for the source-level tool-card gap: current main's createCodeModeTools description lacks constraints that readCode, prepareSource, the worker bridge, and docs already define. No high-confidence reproduction was established for the broader statistical turn-saving claim.

Is this the best way to solve the issue?

Yes; changing the model-visible schema text and adding a focused regression test is the narrowest maintainable solution because the runtime enforcement and documentation already exist.

Label justifications:

• P3: This is a low-risk code-mode ergonomics and test improvement with no runtime behavior or compatibility change.

What I checked:

• Current main schema gap: Current main's exec tool description only tells models to use ALL_TOOLS and tools.search/describe/call; it does not mention unavailable Node modules, rejected shell languages, or id-based bridge use. (src/agents/code-mode.ts:829, a059309a9f9a)
• Runtime language and module constraints: readCode rejects non-javascript/typescript language values and prepareSource rejects import/require patterns with code mode module access is disabled. (src/agents/code-mode.ts:299, a059309a9f9a)
• Bridge contract matches the proposed wording: The QuickJS worker exposes tools.search, tools.describe, tools.call, and ALL_TOOLS, while docs describe the id-based tools.describe(files[0].id) and tools.call(fileRead.id, ...) flow. (src/agents/code-mode.worker.ts:160, a059309a9f9a)
• PR head implementation: The PR head updates the schema description to state unavailable Node modules, the allowed language enum, and the tools.search to tools.describe(entry.id) to tools.call(entry.id, args) bridge path. (src/agents/code-mode.ts:829, e75ca8e7bb34)
• PR head test coverage: The added test asserts the model-visible exec and parameter descriptions continue to mention Node-module unavailability, tools, ALL_TOOLS, id-based describe/call, and the language enum. (src/agents/code-mode.test.ts:248, e75ca8e7bb34)
• Real behavior proof in PR body: The PR body includes before/after live agent recitation output showing the patched tool description reaches the model, final-head schema readback at e75ca8e7bb34dfc76a6e6dc23397e571353a09e2, and remote Crabbox/GCP validation for install, build, tsgo:core:test, and check:changed. (e75ca8e7bb34)

Likely related people:

• Galin Iliev: git blame on the current createCodeModeTools schema and nearby tests points to the commit that added the current code-mode files in this checkout. (role: introduced/current implementation history; confidence: medium; commits: 57ec361682e2; files: src/agents/code-mode.ts, src/agents/code-mode.test.ts)
• Kaspre: The provided GitHub context shows Kaspre authored the recently merged per-agent code-mode PR that this wording change builds on, so they have recent domain context beyond this proposal. (role: recent code-mode contributor; confidence: medium; commits: fd8877b5fde3; files: src/agents/code-mode.ts, src/config/schema.help.ts, docs/reference/code-mode.md)
• Peter Steinberger: git shortlog over the sampled agent/code-mode/embedded-runner paths shows Peter as the largest adjacent contributor, and the latest stable release commit is also under this area history. (role: adjacent area contributor; confidence: medium; commits: 50a2481652b6; files: src/agents/code-mode.ts, src/agents/tool-search.ts, src/agents/pi-embedded-runner/run/attempt.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against a059309a9f9a.

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper automerge is enabled.

• Head: e75ca8e7bb34
• Label: clawsweeper:automerge
• Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875
• Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

• 2026-05-19 23:51:40 UTC review queued e75ca8e7bb34 (queued)

• 2026-05-19 23:53:53 UTC repair queued e75ca8e7bb34 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875

• 2026-05-19 23:58:31 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875 automerge-openclaw-openclaw-84269

• 2026-05-19 23:58:47 UTC validation plan (passed) in 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-19 23:58:59 UTC Codex write preflight (passed) in 28s Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875 danger-full-access

• 2026-05-20 00:04:57 UTC Codex edit 1 dce1545a5e2f (complete) in 6m 27s Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875 exit 0

• 2026-05-20 00:07:55 UTC validation and review 1 ae25826f0f54 (complete) in 9m 25s Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875 already-current

• 2026-05-20 00:08:37 UTC repair finished ae25826f0f54 (opened) in 10m 6s Run: https://github.com/openclaw/clawsweeper/actions/runs/26132498875 open_fix_pr

[Takhoffman]

@clawsweeper hatch

[clawsweeper]

🦞👀
ClawSweeper PR egg hatch requested.

I queued a comment sync for this PR. If the egg is hatchable, ClawSweeper will generate the image once and update the existing review comment.
Action: PR egg hatch queued (workflow sweep.yml, event repository_dispatch).
The ASCII egg stays as the fallback.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🌱 uncommon Frosted Patch Peep

       _..------.._          
    .-'  .-.  .-.  '-.       
   /    ( * )( * )    \      
  |        .--.        |     
  |   <\   ====   />   |     
   \    '.______.'    /      
    '-._   ____   _.-'       
        `-.____.-'           
       __/|_||_|\__          
      /__.'    '.__\         
       .-----------.         
      '-------------'        

Rarity: 🌱 uncommon.
Trait: sparkles near resolved comments.
Image traits: location proof lagoon; accessory green check lantern; palette charcoal, cyan, and signal green; mood calm; pose standing beside its cracked shell; shell translucent glimmer shell; lighting bright celebratory glints; background tiny artifact crates.
How to hatch it: once this PR reaches status: 👀 ready for maintainer look or status: 🚀 automerge armed, the PR author or a maintainer can comment @clawsweeper hatch to turn this ASCII egg into its generated creature image.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Frosted Patch Peep in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchable usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the work here. ClawSweeper could not write to the source branch, so it opened a replacement PR rather than letting the fix drift. attribution still points back here.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #84368
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
This closeout is intentional for this run: the replacement PR is now the active review lane.
The replacement PR carries the original credit trail forward.
Co-author credit kept:

• @Kaspre: Co-authored-by: Kaspre 36520309+Kaspre@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against ae25826.