diff --git a/docs/gateway/cli-backends.md b/docs/gateway/cli-backends.md index bcfe537c487..cfaf09299e9 100644 --- a/docs/gateway/cli-backends.md +++ b/docs/gateway/cli-backends.md @@ -243,10 +243,33 @@ CLI backend defaults are now part of the plugin surface: - Backend-specific config cleanup stays plugin-owned through the optional `normalizeConfig` hook. +## Bundle MCP overlays + +CLI backends still do **not** receive OpenClaw tool calls, but a backend can opt +into a generated MCP config overlay with `bundleMcp: true`. + +Current bundled behavior: + +- `claude-cli`: `bundleMcp: true` +- `codex-cli`: no bundle MCP overlay +- `google-gemini-cli`: no bundle MCP overlay + +When bundle MCP is enabled, OpenClaw: + +- loads enabled bundle-MCP servers for the current workspace +- merges them with any existing backend `--mcp-config` +- rewrites the CLI args to pass `--strict-mcp-config --mcp-config ` + +If no MCP servers are enabled, OpenClaw still injects a strict empty config. +That prevents background Claude CLI runs from inheriting ambient user/global MCP +servers unexpectedly. + ## Limitations - **No OpenClaw tools** (the CLI backend never receives tool calls). Some CLIs - may still run their own agent tooling. + may still run their own agent tooling. Backends with `bundleMcp: true` + can still receive a generated MCP config overlay for their own CLI-native MCP + support. - **Streaming is backend-specific**. Claude CLI forwards partial text from `stream-json`; other CLI backends may still be buffered until exit. - **Structured outputs** depend on the CLI’s JSON format. diff --git a/docs/help/testing.md b/docs/help/testing.md index 3def80e95f9..7ce83a221be 100644 --- a/docs/help/testing.md +++ b/docs/help/testing.md @@ -265,7 +265,7 @@ openclaw models list --json - `OPENCLAW_LIVE_CLI_BACKEND_IMAGE_ARG="--image"` to pass image file paths as CLI args instead of prompt injection. - `OPENCLAW_LIVE_CLI_BACKEND_IMAGE_MODE="repeat"` (or `"list"`) to control how image args are passed when `IMAGE_ARG` is set. - `OPENCLAW_LIVE_CLI_BACKEND_RESUME_PROBE=1` to send a second turn and validate resume flow. -- `OPENCLAW_LIVE_CLI_BACKEND_DISABLE_MCP_CONFIG=0` to keep Claude Code CLI MCP config enabled (default disables MCP config with a temporary empty file). +- `OPENCLAW_LIVE_CLI_BACKEND_DISABLE_MCP_CONFIG=0` to keep Claude Code CLI MCP config enabled (default injects a temporary strict empty `--mcp-config` so ambient/global MCP servers stay disabled during the smoke). Example: @@ -286,6 +286,7 @@ Notes: - The Docker runner lives at `scripts/test-live-cli-backend-docker.sh`. - It runs the live CLI-backend smoke inside the repo Docker image as the non-root `node` user, because Claude CLI rejects `bypassPermissions` when invoked as root. - For `claude-cli`, it installs the Linux `@anthropic-ai/claude-code` package into a cached writable prefix at `OPENCLAW_DOCKER_CLI_TOOLS_DIR` (default: `~/.cache/openclaw/docker-cli-tools`). +- For `claude-cli`, the live smoke injects a strict empty MCP config unless you set `OPENCLAW_LIVE_CLI_BACKEND_DISABLE_MCP_CONFIG=0`. - It copies `~/.claude` into the container when available, but on machines where Claude auth is backed by `ANTHROPIC_API_KEY`, it also preserves `ANTHROPIC_API_KEY` / `ANTHROPIC_API_KEY_OLD` for the child Claude CLI via `OPENCLAW_LIVE_CLI_BACKEND_PRESERVE_ENV`. ## Live: ACP bind smoke (`/acp spawn ... --bind here`)