Thanks to visit codestin.com
Credit goes to github.com

Skip to content

gateway: add /tools/invoke HTTP endpoint #1575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steipete merged 3 commits into from
Jan 24, 2026
Merged

gateway: add /tools/invoke HTTP endpoint #1575

steipete merged 3 commits into from
Jan 24, 2026

Conversation

@vignesh07
Copy link
Contributor

@vignesh07 vignesh07 commented Jan 24, 2026
edited
Loading

What

Adds a new HTTP endpoint POST /tools/invoke that can execute a Clawdbot agent tool (core or plugin) on behalf of a caller. This unblocks Lobster’s clawd.invoke bridge (tool/action/args) without needing to go through the OpenAI-compatible chat endpoints.

Request body:

{
  "tool": "sessions_list",
  "action": "json",
  "args": {
    "limit": 10
  },
  "sessionKey": "main"
}

Response:

{
  "ok": true,
  "result": { "...": "tool result" }
}

Policy & security

  • Uses existing gateway auth (Authorization: Bearer …) via authorizeGatewayConnect.
  • Enforces tool allow/deny policies derived from config + per-agent policies and group policy inheritance (when caller supplies channel/account headers).
  • Only merges the top-level action into tool args when the tool’s schema actually declares an action property (avoids breaking tools like llm-task that don’t use actions).

Threat model

  • Risk: Adds a direct tool execution surface; if exposed without auth, could allow arbitrary tool invocation (including filesystem or messaging).
  • Mitigations: Endpoint is gated by the same gateway auth mechanism as other HTTP surfaces. Tool execution is restricted by tool policy (global + agent + provider + group).
  • Residual risk: Operators who set gateway.auth.mode=none and bind publicly could still be vulnerable (same as other HTTP endpoints); recommend loopback bind or token auth.

Tests

  • src/gateway/tools-invoke-http.test.ts covers success path, auth rejection, and policy-based tool unavailability.

steipete added a commit that referenced this pull request Jan 24, 2026
@steipete
fix: document tools invoke + honor main session key (#1575) (thanks @…
de0f87c 
…vignesh07)
@steipete steipete force-pushed the feat/tools-invoke-http branch from 364666f to de0f87c Compare January 24, 2026 09:29
@steipete steipete force-pushed the feat/tools-invoke-http branch from de0f87c to 2573539 Compare January 24, 2026 09:29
@steipete steipete merged commit d73e8ec into main Jan 24, 2026
18 of 20 checks passed
@steipete steipete deleted the feat/tools-invoke-http branch January 24, 2026 09:29
@steipete
Copy link
Contributor

steipete commented Jan 24, 2026

Landed via temp rebase onto main.

  • Gate: pnpm lint && pnpm build && pnpm test
  • Land commit: d73e8ec
  • Merge commit: d73e8ec

Thanks @vignesh07!

mcinteerj pushed a commit to mcinteerj/moltbot that referenced this pull request Jan 25, 2026
@steipete
fix: document tools invoke + honor main session key (openclaw#1575) (…
db55229 
…thanks @vignesh07)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vignesh07 @steipete