* fix(xai): gate billed tools by active provider Co-authored-by: 丁宇婷0668001435 <ding.yuting@xydigit.com> * chore: remove contributor changelog entry --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
5.7 KiB
summary, read_when, title
| summary | read_when | title | |||
|---|---|---|---|---|---|
| code_execution: run sandboxed remote Python analysis with xAI |
|
Code execution |
code_execution runs sandboxed remote Python analysis on xAI's Responses API
(https://api.x.ai/v1/responses, same endpoint x_search uses). It is
registered by the bundled xai plugin under the tools contract.
| Property | Value |
|---|---|
| Tool name | code_execution |
| Provider plugin | xai (bundled, enabledByDefault: true) |
| Auth | xAI auth profile, XAI_API_KEY, or plugins.entries.xai.config.webSearch.apiKey |
| Default model | grok-4.3 |
| Default timeout | 30 seconds |
Default maxTurns |
unset (xAI applies its own internal limit) |
Use it for calculations, tabulation, quick statistics, and chart-style
analysis, including data returned by x_search or web_search. It has no
access to local files, your shell, your repo, or paired devices, and it does
not persist state between calls, so treat each call as ephemeral analysis, not
a notebook session. For fresh X data, run x_search
first and pipe the result in.
For local execution, use exec instead.
Setup
OAuth requires an eligible SuperGrok or X Premium subscription (device-code verification, so it works from remote hosts without a localhost callback):```bash
openclaw models auth login --provider xai --method oauth
```
During a fresh install, the same choice is available in onboarding:
```bash
openclaw onboard --install-daemon --auth-choice xai-oauth
```
Or an API key:
```bash
openclaw models auth login --provider xai --method api-key
export XAI_API_KEY=xai-...
```
Or via config:
```json5
{
plugins: {
entries: {
xai: {
config: {
webSearch: {
apiKey: "xai-...",
},
},
},
},
},
}
```
Any of these three also power `x_search` and Grok `web_search`.
With `enabled` omitted, `code_execution` is exposed only when the active
model's provider is `xai` and xAI credentials resolve. For an active model
with a known non-xAI provider, set
`plugins.entries.xai.config.codeExecution.enabled` to `true` to opt in to
cross-provider use. If the active model provider is missing or unresolved,
the tool stays hidden. Set `enabled` to `false` to disable it for every
provider. xAI credentials are always required.
Use the same block to override the model, turn cap, or timeout:
```json5
{
plugins: {
entries: {
xai: {
config: {
codeExecution: {
enabled: true, // required for a known non-xAI model provider
model: "grok-4.3", // override the default xAI code-execution model
maxTurns: 2, // optional cap on internal tool turns
timeoutSeconds: 30, // request timeout (default: 30)
},
},
},
},
},
}
```
```bash
openclaw gateway restart
```
`code_execution` appears in the agent's tool list once the xAI plugin
re-registers and the provider, enablement, and auth checks above pass.
How to use it
Make the analysis intent explicit; the tool takes a single task parameter,
so send the full request and any inline data in one prompt:
Use code_execution to calculate the 7-day moving average for these numbers: ...
Use x_search to find posts mentioning OpenClaw this week, then use code_execution to count them by day.
Use web_search to gather the latest AI benchmark numbers, then use code_execution to compare percent changes.
Errors
Without auth, the tool returns a structured JSON error (not a thrown exception), so the agent can self-correct:
{
"error": "missing_xai_api_key",
"message": "code_execution needs xAI credentials. Run `openclaw onboard --auth-choice xai-oauth` to sign in with Grok, run `openclaw onboard --auth-choice xai-api-key`, set `XAI_API_KEY` in the Gateway environment, or configure `plugins.entries.xai.config.webSearch.apiKey`.",
"docs": "https://docs.openclaw.ai/tools/code-execution"
}