diff --git a/docs/automation/cron-jobs.md b/docs/automation/cron-jobs.md index 78de499b5d0..9af16a72f7f 100644 --- a/docs/automation/cron-jobs.md +++ b/docs/automation/cron-jobs.md @@ -198,6 +198,7 @@ Common `agentTurn` fields: - `model` / `thinking`: optional overrides (see below). - `timeoutSeconds`: optional timeout override. - `lightContext`: optional lightweight bootstrap mode for jobs that do not need workspace bootstrap file injection. +- `toolsAllow`: optional array of tool names to restrict which tools the job can use (e.g. `["exec", "read", "write"]`). Delivery config: @@ -380,7 +381,8 @@ Notes: - `"current"` is resolved to `"session:"` at creation time. - Custom sessions (`session:xxx`) maintain persistent context across runs. - Optional fields: `agentId`, `description`, `enabled`, `deleteAfterRun` (defaults to true for `at`), - `delivery`. + `delivery`, `toolsAllow`. +- `toolsAllow`: optional array of tool names to restrict which tools the job can use (e.g. `["exec", "read"]`). Omit or set `null` to use all tools. - `wakeMode` defaults to `"now"` when omitted. ### cron.update params @@ -667,6 +669,19 @@ openclaw cron edit --agent ops openclaw cron edit --clear-agent ``` +Tool allowlists (restrict which tools a job can use): + +```bash +# Only allow exec and read tools for this job +openclaw cron add --name "Scoped job" --cron "0 8 * * *" --session isolated --message "Run scoped checks" --tools exec,read + +# Update an existing job's tool allowlist +openclaw cron edit --tools exec,read,write + +# Remove a tool allowlist (use all tools) +openclaw cron edit --clear-tools +``` + Manual run (force is the default, use `--due` to only run when due): ```bash diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index 62113f1e49c..dfa06043ef8 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -923,6 +923,7 @@ Time format in system prompt. Default: `auto` (OS preference). primary: "anthropic/claude-opus-4-6", fallbacks: ["openai/gpt-5-mini"], }, + params: { cacheRetention: "long" }, // global default provider params pdfMaxBytesMb: 10, pdfMaxPages: 20, thinkingDefault: "low", @@ -957,7 +958,8 @@ Time format in system prompt. Default: `auto` (OS preference). - `elevatedDefault`: default elevated-output level for agents. Values: `"off"`, `"on"`, `"ask"`, `"full"`. Default: `"on"`. - `model.primary`: format `provider/model` (e.g. `anthropic/claude-opus-4-6`). If you omit the provider, OpenClaw assumes `anthropic` (deprecated). - `models`: the configured model catalog and allowlist for `/model`. Each entry can include `alias` (shortcut) and `params` (provider-specific, for example `temperature`, `maxTokens`, `cacheRetention`, `context1m`). -- `params` merge precedence (config): `agents.defaults.models["provider/model"].params` is the base, then `agents.list[].params` (matching agent id) overrides by key. +- `params`: global default provider parameters applied to all models. Set at `agents.defaults.params` (e.g. `{ cacheRetention: "long" }`). +- `params` merge precedence (config): `agents.defaults.params` (global base) is overridden by `agents.defaults.models["provider/model"].params` (per-model), then `agents.list[].params` (matching agent id) overrides by key. See [Prompt Caching](/reference/prompt-caching) for details. - Config writers that mutate these fields (for example `/models set`, `/models set-image`, and fallback add/remove commands) save canonical object form and preserve existing fallback lists when possible. - `maxConcurrent`: max parallel agent runs across sessions (each session still serialized). Default: 4.