Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix [Feature]: POST /tools/invoke HTTP API does not include exec, read, write, edit tools [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#54391Fetched 2026-04-08 01:28:12
View on GitHub
Comments
0
Participants
1
Timeline
3
Reactions
1
Author
Schultz-coderSchultz-coder
Participants
Schultz-coderSchultz-coder
Timeline (top)
closed ×1labeled ×1locked ×1

/tools/invoke HTTP API should include exec, read, write, edit tools for direct tool invocation without LLM token consumption.

Error Message

Response: {"ok":false,"error":{"type":"not_found","message":"Tool not available: exec"}}

Root Cause

  1. Use /v1/chat/completions endpoint which consumes LLM tokens
  2. Connect via WebSocket which is more complex The gateway.tools.allow configuration cannot fix this because the tools are never created in the first place.

Fix Action

Fix / Workaround

Affected users: All users who want to invoke exec/read/write/edit via HTTP API Severity: Blocks workflow - no way to directly execute commands or read/write files via HTTP Frequency: Always - the tools are never available Consequence: Wasted LLM tokens when using /v1/chat/completions workaround Blocked automation/integration use cases Forced to use more complex WebSocket approach

const subagentFiltered = applyToolPolicyPipeline({ tools: createOpenClawTools({...}), // Missing exec, read, write, edit // ... }); Workaround (consumes tokens):

RAW_BUFFERClick to expand / collapse

Summary

/tools/invoke HTTP API should include exec, read, write, edit tools for direct tool invocation without LLM token consumption.

Problem to solve

The /tools/invoke HTTP endpoint uses createOpenClawTools() which does not include coding tools (exec, read, write, edit, process). These tools are only available in createOpenClawCodingTools() used for agent sessions.

This makes it impossible to directly invoke exec or file tools via HTTP API. Users must either:

  1. Use /v1/chat/completions endpoint which consumes LLM tokens
  2. Connect via WebSocket which is more complex The gateway.tools.allow configuration cannot fix this because the tools are never created in the first place.

Proposed solution

Include coding tools in the /tools/invoke endpoint, controlled by:

Option A: Respect tools.profile setting (if "coding", include coding tools)

Option B: Add new config gateway.http.toolsIncludeCoding: true

Option C: Always include coding tools but respect gateway.tools.deny for restrictions

Expected behavior:

Should work when tools.profile is "coding" (default for local setup)

curl -X POST "http://localhost:18789/tools/invoke"
-H "Authorization: Bearer TOKEN"
-d '{"tool":"exec","args":{"command":"echo hello"}}'

Response: {"ok":true,"result":"hello\n"}

Alternatives considered

  1. Use /v1/chat/completions - Works but consumes LLM tokens for every tool call
  2. WebSocket connection - More complex, requires maintaining a persistent connection
  3. Configure gateway.tools.allow - Does not work, tools are not created by createOpenClawTools()

Impact

Affected users: All users who want to invoke exec/read/write/edit via HTTP API Severity: Blocks workflow - no way to directly execute commands or read/write files via HTTP Frequency: Always - the tools are never available Consequence: Wasted LLM tokens when using /v1/chat/completions workaround Blocked automation/integration use cases Forced to use more complex WebSocket approach

Evidence/examples

Reproduction:

curl -sS -X POST "http://localhost:18789/tools/invoke"
-H "Authorization: Bearer TOKEN"
-H "Content-Type: application/json"
-d '{"tool":"exec","args":{"command":"echo hello"}}'

Response: {"ok":false,"error":{"type":"not_found","message":"Tool not available: exec"}}

Root cause in source code (gateway-cli-C2ZZYgwu.js):

const subagentFiltered = applyToolPolicyPipeline({ tools: createOpenClawTools({...}), // Missing exec, read, write, edit // ... }); Workaround (consumes tokens):

openclaw config set gateway.http.endpoints.chatCompletions.enabled true

curl -X POST "http://localhost:18789/v1/chat/completions"
-H "Authorization: Bearer TOKEN"
-d '{"model":"openclaw:main","messages":[{"role":"user","content":"run: echo hello"}]}'

Additional information

No response

extent analysis

Fix Plan

To fix the issue, we need to modify the /tools/invoke endpoint to include coding tools. We will implement Option C: Always include coding tools but respect gateway.tools.deny for restrictions.

Step-by-Step Solution

  1. Modify the createOpenClawTools function: Update the gateway-cli-C2ZZYgwu.js file to use createOpenClawCodingTools instead of createOpenClawTools.
const subagentFiltered = applyToolPolicyPipeline({
  tools: createOpenClawCodingTools({/* ... */}),  // Include exec, read, write, edit
  // ...
});
  1. Respect gateway.tools.deny restrictions: Ensure that the applyToolPolicyPipeline function still respects the gateway.tools.deny configuration to prevent unauthorized tool access.
const deniedTools = getDeniedTools(); // Assume this function returns the denied tools from config
const subagentFiltered = applyToolPolicyPipeline({
  tools: createOpenClawCodingTools({/* ... */}).filter(tool => !deniedTools.includes(tool.name)),
  // ...
});
  1. Test the updated endpoint: Use the provided curl command to test the updated /tools/invoke endpoint.
curl -X POST "http://localhost:18789/tools/invoke" \
  -H "Authorization: Bearer TOKEN" \
  -d '{"tool":"exec","args":{"command":"echo hello"}}'

Expected response: {"ok":true,"result":"hello\n"}

Verification

To verify that the fix worked, test the /tools/invoke endpoint with different tools (e.g., exec, read, write, edit) and ensure that they are executed correctly without consuming LLM tokens.

Extra Tips

  • Make sure to update the documentation to reflect the changes to the /tools/invoke endpoint.
  • Consider adding additional logging or monitoring to track tool usage and detect potential security issues.
  • Review the gateway.tools.deny configuration to ensure that it is properly set up to restrict access to sensitive tools.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#runtime error#dependency conflict#environment setup#docker error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - 💡(How to fix) Fix [Feature]: POST /tools/invoke HTTP API does not include exec, read, write, edit tools [1 participants]