Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix [Bug]: `nodes` tool unavailable in Telegram group session despite being in sandbox allow list [1 comments, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#56846Fetched 2026-04-08 01:47:01
View on GitHub
Comments
1
Participants
1
Timeline
5
Reactions
0
Author
ajtran303ajtran303
Participants
ajtran303ajtran303
Timeline (top)
labeled ×2closed ×1commented ×1locked ×1

After updating to 2026.3.28 (which includes the sandbox alsoAllow fix, #54492), the nodes tool still cannot be used in a Telegram group (non-main) session. The sandbox explain command shows nodes in the effective allow list and sandbox mode is off, but the tool is never registered in the session's tool set. The runtime emits a warning that nodes is a "shipped core tool but unavailable in the current runtime/provider/model/config." No config combination tried (explicit tool names, byProvider, per-group overrides, workspaceAccess) resolved this.

Error Message

warn tools: group tools.allow allowlist contains unknown entries (nodes).

Root Cause

After updating to 2026.3.28 (which includes the sandbox alsoAllow fix, #54492), the nodes tool still cannot be used in a Telegram group (non-main) session. The sandbox explain command shows nodes in the effective allow list and sandbox mode is off, but the tool is never registered in the session's tool set. The runtime emits a warning that nodes is a "shipped core tool but unavailable in the current runtime/provider/model/config." No config combination tried (explicit tool names, byProvider, per-group overrides, workspaceAccess) resolved this.

Fix Action

Fix / Workaround

Sandbox tool policy: allow (global): exec, process, read, write, edit, apply_patch, image, sessions_list, sessions_history, sessions_send, sessions_spawn, sessions_yield, subagents, session_status, nodes deny (default): browser, canvas, cron, gateway, telegram, ...

Code Example

warn tools: group tools.allow allowlist contains unknown entries (nodes).
These entries are shipped core tools but unavailable in the current runtime/provider/model/config.

---

agentId: main
sessionKey: agent:main:telegram:group:-ID
mainSessionKey: agent:main:main
runtime: direct
mode: off  scope: agent  perSession: false
workspaceAccess: none  workspaceRoot: /Users/user/.openclaw/sandboxes

Sandbox tool policy:
  allow (global): exec, process, read, write, edit, apply_patch, image,
                  sessions_list, sessions_history, sessions_send, sessions_spawn,
                  sessions_yield, subagents, session_status, nodes
  deny (default): browser, canvas, cron, gateway, telegram, ...

---
RAW_BUFFERClick to expand / collapse

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

After updating to 2026.3.28 (which includes the sandbox alsoAllow fix, #54492), the nodes tool still cannot be used in a Telegram group (non-main) session. The sandbox explain command shows nodes in the effective allow list and sandbox mode is off, but the tool is never registered in the session's tool set. The runtime emits a warning that nodes is a "shipped core tool but unavailable in the current runtime/provider/model/config." No config combination tried (explicit tool names, byProvider, per-group overrides, workspaceAccess) resolved this.

Steps to reproduce

  1. Configure a Telegram group session with alsoAllow: ["nodes"] in all applicable locations:
    • tools.sandbox.tools.alsoAllow
    • tools.byProvider.telegram.alsoAllow
    • channels.telegram.groups.<id>.tools.alsoAllow
  2. Start a fresh session (/new) in the Telegram group.
  3. Ask the agent to use the nodes tool (e.g. run a file operation on a paired node).

Expected behavior

The nodes tool is available in the Telegram group session. sandbox explain shows it in the allow list; the runtime should honor that and register the tool.

Actual behavior

The agent does not receive the nodes tool. Runtime log:

warn tools: group tools.allow allowlist contains unknown entries (nodes).
These entries are shipped core tools but unavailable in the current runtime/provider/model/config.

sandbox explain for the session:

agentId: main
sessionKey: agent:main:telegram:group:-ID
mainSessionKey: agent:main:main
runtime: direct
mode: off  scope: agent  perSession: false
workspaceAccess: none  workspaceRoot: /Users/user/.openclaw/sandboxes

Sandbox tool policy:
  allow (global): exec, process, read, write, edit, apply_patch, image,
                  sessions_list, sessions_history, sessions_send, sessions_spawn,
                  sessions_yield, subagents, session_status, nodes
  deny (default): browser, canvas, cron, gateway, telegram, ...

Policy layer is correct. Tool registration is not happening.

OpenClaw version

2026.3.28

Operating system

macOS (Darwin 25.3.0, arm64) — Mac mini M1

Install method

No response

Model

anthropic/claude-sonnet-4-6

Provider / routing chain

Anthropic API (direct, api_key auth) → main agent → Telegram group session (agent:main:telegram:group:-ID) → non-main runtime, mode: off, runtime: direct

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

extent analysis

Fix Plan

To resolve the issue with the nodes tool not being registered in the Telegram group session, follow these steps:

  • Update the tools.sandbox.tools.alsoAllow configuration to include the nodes tool with its fully qualified name, which might be core/nodes or a similar prefix.
  • Ensure that the tools.byProvider.telegram.alsoAllow and channels.telegram.groups.<id>.tools.alsoAllow configurations also include the fully qualified name of the nodes tool.
  • Verify that there are no typos or incorrect names in the alsoAllow lists.

Example configuration update:

tools:
  sandbox:
    tools:
      alsoAllow:
        - core/nodes
  byProvider:
    telegram:
      alsoAllow:
        - core/nodes
channels:
  telegram:
    groups:
      <id>:
        tools:
          alsoAllow:
            - core/nodes
  • Restart the session or reload the configuration to apply the changes.

Verification

To verify that the fix worked, run the sandbox explain command in the Telegram group session and check that the nodes tool is included in the allow list. Then, try to use the nodes tool in the session to confirm that it is registered and functional.

Extra Tips

  • Make sure to check the OpenClaw documentation for the correct fully qualified name of the nodes tool, as it may vary depending on the version or configuration.
  • If the issue persists, try to enable debug logging to get more detailed information about the tool registration process.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

The nodes tool is available in the Telegram group session. sandbox explain shows it in the allow list; the runtime should honor that and register the tool.

#api#device allocation#model download#tokenizer error#prompt formatting

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING