openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/experiments/onboarding-config-protocol.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/experiments/onboarding-config-protocol.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/tools/index.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/tools/index.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/agents/openclaw-gateway-tool.test.ts‎
Lines changed: 53 additions & 0 deletions b/‎src/agents/openclaw-gateway-tool.test.ts‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎src/agents/system-prompt.test.ts‎
Lines changed: 3 additions & 1 deletion b/‎src/agents/system-prompt.test.ts‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/agents/system-prompt.ts‎
Lines changed: 2 additions & 1 deletion b/‎src/agents/system-prompt.ts‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/agents/tools/gateway-tool.ts‎
Lines changed: 13 additions & 2 deletions b/‎src/agents/tools/gateway-tool.ts‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎src/config/schema.test.ts‎
Lines changed: 31 additions & 1 deletion b/‎src/config/schema.test.ts‎
Lines changed: 31 additions & 1 deletion
@@ -39,6 +39,7 @@ Docs: https://docs.openclaw.ai
 - TUI/final-error rendering fallback: when a chat `final` event has no renderable assistant content but includes envelope `errorMessage`, render the formatted error text instead of collapsing to `"(no output)"`, preserving actionable failure context in-session. (#14687) Thanks @Mquarmoc.
 - OpenAI Codex OAuth/login hardening: fail OAuth completion early when the returned token is missing `api.responses.write`, and allow `openclaw models auth login --provider openai-codex` to use the built-in OAuth path even when no provider plugins are installed. (#36660) Thanks @driesvints.
 - OpenAI Codex OAuth/scope request parity: augment the OAuth authorize URL with required API scopes (`api.responses.write`, `model.request`, `api.model.read`) before browser handoff so OAuth tokens include runtime model/request permissions expected by OpenAI API calls. (#24720) Thanks @Skippy-Gunboat.
+- Agents/config schema lookup: add `gateway` tool action `config.schema.lookup` so agents can inspect one config path at a time before edits without loading the full schema into prompt context.
 - Onboarding/API key input hardening: strip non-Latin1 Unicode artifacts from normalized secret input (while preserving Latin-1 content and internal spaces) so malformed copied API keys cannot trigger HTTP header `ByteString` construction crashes; adds regression coverage for shared normalization and MiniMax auth header usage. (#24496) Thanks @fa6maalassaf.
 - Kimi Coding/Anthropic tools compatibility: normalize `anthropic-messages` tool payloads to OpenAI-style `tools[].function` + compatible `tool_choice` when targeting Kimi Coding endpoints, restoring tool-call workflows that regressed after v2026.3.2. (#37038) Thanks @mochimochimochi-hub.
 - Heartbeat/workspace-path guardrails: append explicit workspace `HEARTBEAT.md` path guidance (and `docs/heartbeat.md` avoidance) to heartbeat prompts so heartbeat runs target workspace checklists reliably across packaged install layouts. (#37037) Thanks @stofancy.
 
@@ -23,11 +23,13 @@ Purpose: shared onboarding + config surfaces across CLI, macOS app, and Web UI.
 - `wizard.cancel` params: `{ sessionId }`
 - `wizard.status` params: `{ sessionId }`
 - `config.schema` params: `{}`
+- `config.schema.lookup` params: `{ path }`
 
 Responses (shape)
 
 - Wizard: `{ sessionId, done, step?, status?, error? }`
 - Config schema: `{ schema, uiHints, version, generatedAt }`
+- Config schema lookup: `{ path, schema, hint?, hintPath?, children[] }`
 
 ## UI Hints
 
 
@@ -453,13 +453,15 @@ Restart or apply updates to the running Gateway process (in-place).
 Core actions:
 
 - `restart` (authorizes + sends `SIGUSR1` for in-process restart; `openclaw gateway` restart in-place)
+- `config.schema.lookup` (inspect one config path at a time without loading the full schema into prompt context)
 - `config.get`
 - `config.apply` (validate + write config + restart + wake)
 - `config.patch` (merge partial update + restart + wake)
 - `update.run` (run update + restart + wake)
 
 Notes:
 
+- `config.schema.lookup` expects a targeted dot path such as `gateway.auth` or `agents.list.*.heartbeat`.
 - Use `delayMs` (defaults to 2000) to avoid interrupting an in-flight reply.
 - `config.schema` remains available to internal Control UI flows and is not exposed through the agent `gateway` tool.
 - `restart` is enabled by default; set `commands.restart: false` to disable it.
 
@@ -11,6 +11,27 @@ vi.mock("./tools/gateway.js", () => ({
     if (method === "config.get") {
       return { hash: "hash-1" };
     }
+    if (method === "config.schema.lookup") {
+      return {
+        path: "gateway.auth",
+        schema: {
+          type: "object",
+        },
+        hint: { label: "Gateway Auth" },
+        hintPath: "gateway.auth",
+        children: [
+          {
+            key: "token",
+            path: "gateway.auth.token",
+            type: "string",
+            required: true,
+            hasChildren: false,
+            hint: { label: "Token", sensitive: true },
+            hintPath: "gateway.auth.token",
+          },
+        ],
+      };
+    }
     return { ok: true };
   }),
   readGatewayCallOptions: vi.fn(() => ({})),
@@ -166,4 +187,36 @@ describe("gateway tool", () => {
       expect(params).toMatchObject({ timeoutMs: 20 * 60_000 });
     }
   });
+
+  it("returns a path-scoped schema lookup result", async () => {
+    const { callGatewayTool } = await import("./tools/gateway.js");
+    const tool = requireGatewayTool();
+
+    const result = await tool.execute("call5", {
+      action: "config.schema.lookup",
+      path: "gateway.auth",
+    });
+
+    expect(callGatewayTool).toHaveBeenCalledWith("config.schema.lookup", expect.any(Object), {
+      path: "gateway.auth",
+    });
+    expect(result.details).toMatchObject({
+      ok: true,
+      result: {
+        path: "gateway.auth",
+        hintPath: "gateway.auth",
+        children: [
+          expect.objectContaining({
+            key: "token",
+            path: "gateway.auth.token",
+            required: true,
+            hintPath: "gateway.auth.token",
+          }),
+        ],
+      },
+    });
+    const schema = (result.details as { result?: { schema?: { properties?: unknown } } }).result
+      ?.schema;
+    expect(schema?.properties).toBeUndefined();
+  });
 });
@@ -443,10 +443,12 @@ describe("buildAgentSystemPrompt", () => {
     });
 
     expect(prompt).toContain("## OpenClaw Self-Update");
+    expect(prompt).toContain("config.schema.lookup");
     expect(prompt).toContain("config.apply");
     expect(prompt).toContain("config.patch");
     expect(prompt).toContain("update.run");
-    expect(prompt).not.toContain("config.schema");
+    expect(prompt).not.toContain("Use config.schema to");
+    expect(prompt).not.toContain("config.schema, config.apply");
   });
 
   it("includes skills guidance when skills prompt is present", () => {
 
@@ -482,7 +482,8 @@ export function buildAgentSystemPrompt(params: {
       ? [
           "Get Updates (self-update) is ONLY allowed when the user explicitly asks for it.",
           "Do not run config.apply or update.run unless the user explicitly requests an update or config change; if it's not explicit, ask first.",
-          "Actions: config.get, config.apply (validate + write full config, then restart), config.patch (partial update, merges with existing), update.run (update deps or git, then restart).",
+          "Use config.schema.lookup with a specific dot path to inspect only the relevant config subtree before making config changes or answering config-field questions; avoid guessing field names/types.",
+          "Actions: config.schema.lookup, config.get, config.apply (validate + write full config, then restart), config.patch (partial update, merges with existing), update.run (update deps or git, then restart).",
           "After restart, OpenClaw pings the last active session automatically.",
         ].join("\n")
       : "",
 
@@ -34,6 +34,7 @@ function resolveBaseHashFromSnapshot(snapshot: unknown): string | undefined {
 const GATEWAY_ACTIONS = [
   "restart",
   "config.get",
+  "config.schema.lookup",
   "config.apply",
   "config.patch",
   "update.run",
@@ -47,10 +48,12 @@ const GatewayToolSchema = Type.Object({
   // restart
   delayMs: Type.Optional(Type.Number()),
   reason: Type.Optional(Type.String()),
-  // config.get, config.apply, update.run
+  // config.get, config.schema.lookup, config.apply, update.run
   gatewayUrl: Type.Optional(Type.String()),
   gatewayToken: Type.Optional(Type.String()),
   timeoutMs: Type.Optional(Type.Number()),
+  // config.schema.lookup
+  path: Type.Optional(Type.String()),
   // config.apply, config.patch
   raw: Type.Optional(Type.String()),
   baseHash: Type.Optional(Type.String()),
@@ -73,7 +76,7 @@ export function createGatewayTool(opts?: {
     name: "gateway",
     ownerOnly: true,
     description:
-      "Restart, apply config, or update the gateway in-place (SIGUSR1). Use config.patch for safe partial config updates (merges with existing). Use config.apply only when replacing entire config. Both trigger restart after writing. Always pass a human-readable completion message via the `note` parameter so the system can deliver it to the user after restart.",
+      "Restart, inspect a specific config schema path, apply config, or update the gateway in-place (SIGUSR1). Use config.schema.lookup with a targeted dot path before config edits. Use config.patch for safe partial config updates (merges with existing). Use config.apply only when replacing entire config. Both trigger restart after writing. Always pass a human-readable completion message via the `note` parameter so the system can deliver it to the user after restart.",
     parameters: GatewayToolSchema,
     execute: async (_toolCallId, args) => {
       const params = args as Record<string, unknown>;
@@ -171,6 +174,14 @@ export function createGatewayTool(opts?: {
         const result = await callGatewayTool("config.get", gatewayOpts, {});
         return jsonResult({ ok: true, result });
       }
+      if (action === "config.schema.lookup") {
+        const path = readStringParam(params, "path", {
+          required: true,
+          label: "path",
+        });
+        const result = await callGatewayTool("config.schema.lookup", gatewayOpts, { path });
+        return jsonResult({ ok: true, result });
+      }
       if (action === "config.apply") {
         const { raw, baseHash, sessionKey, note, restartDelayMs } =
           await resolveConfigWriteParams();
 
@@ -1,5 +1,5 @@
 import { beforeAll, describe, expect, it } from "vitest";
-import { buildConfigSchema } from "./schema.js";
+import { buildConfigSchema, lookupConfigSchema } from "./schema.js";
 import { applyDerivedTags, CONFIG_TAGS, deriveTagsForPath } from "./schema.tags.js";
 
 describe("config schema", () => {
@@ -202,4 +202,34 @@ describe("config schema", () => {
       }
     }
   });
+
+  it("looks up a config schema path with immediate child summaries", () => {
+    const lookup = lookupConfigSchema(baseSchema, "gateway.auth");
+    expect(lookup?.path).toBe("gateway.auth");
+    expect(lookup?.hintPath).toBe("gateway.auth");
+    expect(lookup?.children.some((child) => child.key === "token")).toBe(true);
+    const tokenChild = lookup?.children.find((child) => child.key === "token");
+    expect(tokenChild?.path).toBe("gateway.auth.token");
+    expect(tokenChild?.hint?.sensitive).toBe(true);
+    expect(tokenChild?.hintPath).toBe("gateway.auth.token");
+    const schema = lookup?.schema as { properties?: unknown } | undefined;
+    expect(schema?.properties).toBeUndefined();
+  });
+
+  it("matches wildcard ui hints for concrete lookup paths", () => {
+    const lookup = lookupConfigSchema(baseSchema, "agents.list.0.identity.avatar");
+    expect(lookup?.path).toBe("agents.list.0.identity.avatar");
+    expect(lookup?.hintPath).toBe("agents.list.*.identity.avatar");
+    expect(lookup?.hint?.help).toContain("workspace-relative path");
+  });
+
+  it("normalizes bracketed lookup paths", () => {
+    const lookup = lookupConfigSchema(baseSchema, "agents.list[0].identity.avatar");
+    expect(lookup?.path).toBe("agents.list.0.identity.avatar");
+    expect(lookup?.hintPath).toBe("agents.list.*.identity.avatar");
+  });
+
+  it("returns null for missing config schema paths", () => {
+    expect(lookupConfigSchema(baseSchema, "gateway.notReal.path")).toBeNull();
+  });
 });