#tools.allow allowlist contains unknown entries (apply_patch, discord). These entries won't match any

1 messages · Page 1 of 1 (latest)

swift jolt
#

As per title

rare lotusBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

median moonBOT
# swift jolt As per title

That warning is coming from OpenClaw’s tool-policy resolver: you have a tools.allow somewhere (often under channels.discord.guilds.<id>.tools.allow or global tools.allow) that includes entries OpenClaw doesn’t currently consider valid/loaded tools:

  • apply_patch: exists, but is experimental and off by default. It only becomes available if you explicitly enable it under tools.exec.applyPatch.enabled (OpenAI / OpenAI Codex only).
  • discord: in current builds, Discord “do Discord things” is typically under the generic message tool (or group:messaging). So discord in an allowlist often won’t match anything and triggers this warning.

What to do (pick what matches your intent):

  1. If you just want the warning gone: remove apply_patch / discord from that tools.allow.

  2. If you want to allow Discord messaging actions in that scope: use:

  • message (or group:messaging) instead of discord.
  1. If you actually want apply_patch: enable it in config, e.g.
{
  tools: {
# 
    exec: {
      applyPatch: { enabled: true }
    }
  }
}

(optional: add applyPatch.allowModels if you want to restrict which models can use it)

If you paste:

  • your openclaw --version
  • the snippet of your config around the place you set tools.allow (global + the channels.discord.guilds... part if present)

…I can tell you the exact minimal change to make it match what you want. Docs refs: https://docs.openclaw.ai/tools and https://docs.openclaw.ai/channels/discord

swift jolt
#

i have

    profile: "full",
    allow: ["*"],
    deny: ["web_search", "browser", "canvas", "image"],
    exec: {
      backgroundMs: 10000,
      timeoutSec: 1800,
      cleanupMs: 1800000,
      applyPatch: { enabled: true }
    },

and

  "plugins": {
    "entries": {
      "discord": {enabled: true},
      "memory-core": {enabled: true},
      "internet": {
        "enabled": true,
        "config": { "baseUrl": "http://localhost:8080" }
      },
    }
  },

and

  "channels": {
    "discord": {
      "enabled": true,
      "token": "<token>",
      "groupPolicy": "open"
    }
  },

how many more places do i need discord haha

median moonBOT
# swift jolt i have ```json5 profile: "full", allow: ["*"], deny: ["web_search",...

You don’t need to “enable Discord more” — that warning is almost certainly not about channels.discord.enabled.

It’s complaining about an allowlist somewhere that contains the strings:

  • discord (there is no tool named discord in tool policy; Discord is a channel. For “send messages / react / etc” the tool is message / group:messaging.)
  • apply_patch (only exists if your build supports it + it’s enabled; and even then you generally don’t need to list it if you already have allow: ["*"].)

Two common causes:

1) You’re not editing the config the service is actually running

Run and paste:

openclaw --version
openclaw gateway status

gateway status will show what config the daemon is using (people often edit one file, but the service is pointed at another). If they differ, openclaw doctor usually offers to fix it.

#

2) You have another tool-policy override somewhere that still lists ["apply_patch","discord"]

Even if your global tools block is allow: ["*"], you can still have overrides in e.g.:

  • agents.list[].tools.allow
  • channels.discord.guilds.<id>.tools.allow
  • channels.discord.guilds.<id>.channels.<channel>.tools.allow

Best way to find it is to grep the actual config path (from gateway status), e.g.:

rg -n 'tools\\.allow|apply_patch|"discord"' /path/to/openclaw.json

If you paste the gateway status output + the matching config snippet that rg finds, I can tell you exactly what line to change (usually: remove discord from tools.allow — it won’t ever match).

swift jolt
#

there is a plugin called discord that adds a variety of featuers. I believe that uses a dedicated discord tool to do things such as react to messages, no?

median moonBOT
# swift jolt there is a plugin called discord that adds a variety of featuers. I believe that...

Nope — the discord plugin is the Discord channel implementation, not a plugin that registers an agent tool named discord.

In current OpenClaw, “do Discord stuff” (send, react, pins, threads, etc.) is exposed to the agent via the generic message tool (or group:messaging). The Discord channel/plugin is what executes those message actions on Discord.

So:

  • Putting "discord" in tools.allow won’t enable anything, because there is no tool/plugin-tool bundle named discord to enable → you get the “unknown entries” warning.
  • To control what the agent can do on Discord, use channels.discord.actions (e.g. reactions, pins, threads, search, etc.) plus tool policy for message.

Example (if you want to allow messaging but disable reactions):

channels: {
  discord: {
    actions: {
      messages: true,
      reactions: false,
# 
    }
  }
}

On apply_patch: the tool name is apply_patch, but it’s experimental + OpenAI/Codex-only. If you’re not on an OpenAI(-Codex) model for that run, it can still show up as “unknown” in allowlists even if you set tools.exec.applyPatch.enabled.

If you want, paste the exact config snippet where you set a guild/channel-specific tools.allow (the warning label says “Discord Guild #tools.allow”, which usually means a channels.discord.guilds...tools...allow override somewhere).

swift jolt
#

does openai mean it just has to be using openai responses api?

median moonBOT
# swift jolt does openai mean it just has to be using openai responses api?

No — “OpenAI” here means the agent turn is running on an OpenAI-family provider/model, not “any provider that happens to speak the OpenAI Responses API”.

For apply_patch, OpenClaw gates it to OpenAI / OpenAI Codex models only (because the feature relies on OpenAI-specific support). So it works when the model you’re actually using for that run is something like:

  • openai/<something> (e.g. openai/gpt-5.2)
  • or openai-codex/<something> (Codex)

If you’re using Anthropic/MiniMax/OpenRouter/etc for the agent run, apply_patch won’t be considered available even if tools.exec.applyPatch.enabled: true.

If you paste your openclaw models status + which model your Discord agent is using, we can confirm whether your Discord turns are actually hitting an OpenAI model.

swift jolt
#

"plugins": {
"entries": {
"discord": {enabled: true},
"memory-core": {enabled: true},

are discord and memory-core built in plugins? or are those made up

median moonBOT
# swift jolt "plugins": { "entries": { "discord": {enabled: true}, "memory-co...

They’re real.

  • discord is an official bundled channel plugin shipped with OpenClaw (it’s what implements channels.discord).

    • It does not register an agent tool named discord — it just registers the Discord channel. Discord actions (send/react/etc) are gated via channels.discord.actions and executed through the generic message tool surface.

  • memory-core is an official bundled memory plugin (kind: memory) that registers the memory_search + memory_get tools. It’s also the default memory slot (plugins.slots.memory defaults to "memory-core").

You can verify on your box with:

openclaw plugins list
openclaw plugins info discord
openclaw plugins info memory-core

So: not made up — but also, adding "discord" to tools.allow won’t help, because it’s not a tool name in the current tool policy system.

swift jolt
#

explain to me the
sendPolicy: { default: "allow", rules: [{ action: "deny", match: { channel: "discord", chatType: "group" } }], },
section

median moonBOT
# swift jolt explain to me the ` sendPolicy: { default: "allow", rules: [{ a...

That block is session send policy: a global “where am I allowed to deliver messages?” filter.

sendPolicy: {
  default: "allow",
  rules: [
    { action: "deny", match: { channel: "discord", chatType: "group" } }
  ],
},

What it means:

  • default: "allow"
    If no rule matches, OpenClaw is allowed to send/deliver as normal.

  • rules

#

Each rule matches an outbound delivery target and then either allows or denys it.
Match fields you can use include:

  • channel: e.g. "discord", "telegram", "slack", etc.

  • chatType: "direct" (DMs) vs "group" (servers/groups) vs "room" (some platforms)

  • keyPrefix: e.g. "cron:" to target cron sessions

  • This specific rule:
    { channel: "discord", chatType: "group" } → deny sending to Discord guild/group contexts.
    Result: the bot can still receive messages in Discord guild channels, but when it tries to deliver a reply there, it will be blocked. Discord DMs (chatType: "direct") are still allowed.

Typical reasons to use it:

  • “Never speak in Discord servers, DM-only”
  • “Let crons run but don’t let them post into chat” (via match: { keyPrefix: "cron:" })

Important: this is unrelated to the tools.allow warning you were seeing earlier — that warning is about tool allowlists, while sendPolicy is about message delivery.

swift jolt
#

does userTimezone: "America/New York", have spaces or not

median moonBOT
swift jolt
#

if i have one agent in list[] and its id is main, will openclaw be sure to load that agent every time?

median moonBOT
# swift jolt if i have one agent in list[] and its id is main, will openclaw be sure to load ...

Yes.

OpenClaw picks an agent per inbound message via deterministic routing:

  1. bindings[] matches (peer/guild/team/account/channel), else
  2. default agent = agents.list[].default, else first entry in agents.list, else fallback to "main".

So if your agents.list contains only one agent and it’s { id: "main" }, that agent will be the default every time (unless you add a bindings[] rule that routes messages somewhere else later).

If you want to make it explicit/future-proof (once you add more agents), set:

agents: {
list: [{ id: "main", default: true }]
}