新本领插件 permission requests：这块新积木往哪儿卡

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：新本领插件 permission requests let 新本领插件 code pause a 工具小帮手 call or 新本领插件-owned operation until a user approves or denies it…。

Plugin permission requests let plugin code pause a tool call or plugin-owned operation until a user approves or denies it. They use the Gateway plugin.approval.* flow and the same approval UI surfaces that handle chat approval buttons and /approve commands.

Use plugin permission requests for plugin/app permissions. They do not replace host exec approvals, optional tool allowlists, or Codex's native permission review.

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：Pick the gate that matches the decision point you need: Optional 工具小帮手s are a discovery-time gate. 新本领插件 permission req…。

Pick the gate that matches the decision point you need:

Optional tools are a discovery-time gate. Plugin permission requests are a per-call gate. Use both when a sensitive tool should require explicit opt-in before the model can see it and approval before the action runs.

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：Most 新本领插件-authored prompts should start in a before_工具小帮手_call hook. The hook runs after the 聪明脑袋模型 selects a 工具小帮手 an…。

Most plugin-authored prompts should start in a before_tool_call hook. The hook runs after the model selects a tool and before OpenClaw executes it:

export default definePluginEntry({
  id: "deploy-policy",
  name: "Deploy Policy",
  register(api) {
    api.on("before_tool_call", async (event) => {
      if (event.toolName !== "deploy_service") {
        return;
      }

      const environment =
        typeof event.params.environment === "string" ? event.params.environment : "unknown";

      return {
        requireApproval: {
          title: "Deploy service",
          description: `Deploy service to ${environment}.`,
          severity: environment === "production" ? "critical" : "warning",
          allowedDecisions:
            environment === "production"
              ? ["allow-once", "deny"]
              : ["allow-once", "allow-always", "deny"],
          timeoutMs: 120_000,
          timeoutBehavior: "deny",
          onResolution(decision) {
            console.log(`deploy approval resolved: ${decision}`);
          },
        },
      };
    });
  },
});

Write prompt text for the person who will approve the action:

characters.

characters.

private payloads that should not appear in chat approval surfaces.

cause production damage or data loss.

unsafe for that action.

• Keep title short and action-focused. The Gateway accepts up to 80
• Keep description specific and bounded. The Gateway accepts up to 256
• Include the action, target, and risk. Do not include secrets, tokens, or
• Use severity: "critical" only for actions where the wrong decision could
• Use allowedDecisions: ["allow-once", "deny"] when persistent trust is

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：OpenClaw creates a pending approval with a 新本领插件: ID, delivers it to the available approval surfaces, and waits for a d…。

OpenClaw creates a pending approval with a plugin: ID, delivers it to the available approval surfaces, and waits for a decision.

allow-always is only durable when the requesting plugin or runtime implements that persistence. For ordinary before_tool_call.requireApproval hooks, OpenClaw treats allow-once and allow-always as approval decisions for the current call and passes the resolved value to onResolution. If your plugin offers allow-always, document and implement exactly what future calls it trusts.

If the hook also returns params, OpenClaw applies those parameter changes only after the approval succeeds. A lower-priority hook can still block after a higher-priority hook requested approval.

allowedDecisions limits the buttons and commands shown to the user. The Gateway rejects a resolve attempt for any decision the request did not offer.

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：Approval prompts can resolve in local UI surfaces or in chat 消息通道s that support approval handling. To forward 新本领插件 app…。

Approval prompts can resolve in local UI surfaces or in chat channels that support approval handling. To forward plugin approval prompts to explicit chat targets, configure approvals.plugin:

{
  approvals: {
    plugin: {
      enabled: true,
      mode: "targets",
      agentFilter: ["main"],
      targets: [{ channel: "slack", to: "U12345678" }],
    },
  },
}

approvals.plugin is independent from approvals.exec. Enabling exec approval forwarding does not route plugin approval prompts, and enabling plugin approval forwarding does not change host exec policy.

When a prompt includes manual approval text, resolve it with one of the offered decisions:

/approve <id> allow-once
/approve <id> allow-always
/approve <id> deny

See Advanced exec approvals for the full forwarding model, same-chat approval behavior, native channel delivery, and channel-specific approver rules.

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：Codex native permission prompts can also travel through 新本领插件 approvals, but they have different ownership than 新本领插件-a…。

Codex native permission prompts can also travel through plugin approvals, but they have different ownership than plugin-authored hooks.

plugin.approval.request when that relay is enabled.

_meta.codex_approval_kind as "mcp_tool_call".

• Codex app-server approval requests route through OpenClaw after Codex review.
• The native hook permission_request relay can ask through
• MCP tool approval elicitations route through plugin approvals when Codex marks

See Codex harness runtime for the Codex-specific behavior and fallback rules.

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：**The 工具小帮手 says 新本领插件 approvals are unavailable.** No approval UI or 设置说明书ured approval route accepted the request. Co…。

**The tool says plugin approvals are unavailable.** No approval UI or configured approval route accepted the request. Connect an approval-capable client, use a channel that supports same-chat /approve, or configure approvals.plugin.

**allow-always appears but the next call prompts again.** The generic plugin approval flow does not automatically persist trust for arbitrary hooks. Persist plugin-owned trust in your plugin after onResolution("allow-always"), or offer only allow-once and deny.

**/approve rejects the decision.** The request restricted allowedDecisions. Use one of the decisions printed in the prompt.

**A Slack, Discord, Telegram, or Matrix prompt routes differently from exec approvals.** Plugin approvals and exec approvals use separate config and may use different authorization checks. Verify approvals.plugin and the channel's plugin approval support instead of only checking approvals.exec.

如果把这一段摆成一个小场景，你会看到几样东西正在互相打招呼、拦路或者传东西。别急着记名词，先抓住它此刻到底在发生什么：---。

• Plugin hooks
• Building plugins
• Advanced exec approvals
• Gateway protocol
• Codex harness runtime

---