Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix Support toolsBySender for DM channels (Signal, Telegram, etc.) [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#53760Fetched 2026-04-08 01:23:46
View on GitHub
Comments
0
Participants
1
Timeline
0
Reactions
0
Author
ziggy-brozeziggy-broze
Participants
ziggy-brozeziggy-broze

toolsBySender currently works for group/channel contexts (IRC, Slack, MS Teams, Discord) but is not available for DM-level policies on channels like Signal and Telegram.

For agents that accept DMs from multiple senders via an allowlist (dmPolicy: "allowlist"), there is no config-level way to restrict tool access per sender in DMs. The only option is prose-level instructions in workspace files, which lack enforcement guarantees.

Root Cause

toolsBySender currently works for group/channel contexts (IRC, Slack, MS Teams, Discord) but is not available for DM-level policies on channels like Signal and Telegram.

For agents that accept DMs from multiple senders via an allowlist (dmPolicy: "allowlist"), there is no config-level way to restrict tool access per sender in DMs. The only option is prose-level instructions in workspace files, which lack enforcement guarantees.

Fix Action

Fix / Workaround

Current Workaround

Code Example

{
  "channels": {
    "signal": {
      "dmPolicy": "allowlist",
      "allowFrom": ["+1OWNER", "+1PEER"],
      "toolsBySender": {
        "*": { "deny": ["group:openclaw"] },
        "+1OWNER": {}
      }
    }
  }
}
RAW_BUFFERClick to expand / collapse

Description

toolsBySender currently works for group/channel contexts (IRC, Slack, MS Teams, Discord) but is not available for DM-level policies on channels like Signal and Telegram.

For agents that accept DMs from multiple senders via an allowlist (dmPolicy: "allowlist"), there is no config-level way to restrict tool access per sender in DMs. The only option is prose-level instructions in workspace files, which lack enforcement guarantees.

Use Case

An agent owner wants to:

  • Grant full tool access to themselves (the owner)
  • Deny all tools to other allowlisted senders (peers, colleagues, etc.)

This is a common pattern for agents that serve as a personal assistant to one person but are also reachable by others in a limited capacity (conversational only, no tool use).

Proposed Behavior

Allow toolsBySender at the channel DM level, e.g.:

{
  "channels": {
    "signal": {
      "dmPolicy": "allowlist",
      "allowFrom": ["+1OWNER", "+1PEER"],
      "toolsBySender": {
        "*": { "deny": ["group:openclaw"] },
        "+1OWNER": {}
      }
    }
  }
}

The * wildcard would deny all tools by default; the owner entry (empty object = no restrictions) would override for that sender.

Current Workaround

Prose-level constraints in workspace files (e.g., AGENTS.md) instructing the agent not to use tools when the sender is a peer. This works but is not enforced at the platform level.

Environment

  • Channels affected: Signal, Telegram (any channel supporting DM allowlists)
  • OpenClaw version: 2026.2.22-2

extent analysis

Fix Plan

To implement toolsBySender at the channel DM level, follow these steps:

  • Update the channel configuration to include toolsBySender with a wildcard (*) to deny all tools by default.
  • Add specific sender configurations to override the default denial.

Example configuration:

{
  "channels": {
    "signal": {
      "dmPolicy": "allowlist",
      "allowFrom": ["+1OWNER", "+1PEER"],
      "toolsBySender": {
        "*": { "deny": ["group:openclaw"] },
        "+1OWNER": {}
      }
    }
  }
}
  • Update the agent code to parse the toolsBySender configuration and enforce tool access restrictions based on the sender.

Example code snippet (in JavaScript):

const getToolAccess = (sender, channelConfig) => {
  const toolsBySender = channelConfig.toolsBySender;
  const senderConfig = toolsBySender[sender] || toolsBySender['*'];
  if (senderConfig.deny) {
    return senderConfig.deny;
  }
  return []; // no restrictions
};

// Example usage:
const channelConfig = {
  // ...
  "toolsBySender": {
    "*": { "deny": ["group:openclaw"] },
    "+1OWNER": {}
  }
};

const sender = "+1OWNER";
const deniedTools = getToolAccess(sender, channelConfig);
console.log(deniedTools); // []

Verification

To verify that the fix worked, test the following scenarios:

  • Send a message from the owner (+1OWNER) and verify that they have access to all tools.
  • Send a message from a peer (+1PEER) and verify that they are denied access to all tools.

Extra Tips

  • Make sure to update the documentation to reflect the new toolsBySender configuration option.
  • Consider adding additional logging or monitoring to track tool access attempts and denied requests.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#model download#tokenizer error#prompt formatting#chain error#conversation history

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - 💡(How to fix) Fix Support toolsBySender for DM channels (Signal, Telegram, etc.) [1 participants]