… and docs (openclaw#16761)

Add inline file attachment support for sessions_spawn (subagent runtime only):

- Schema: attachments[] (name, content, encoding, mimeType) and attachAs.mountPath hint
- Materialization: files written to .openclaw/attachments/<uuid>/ with manifest.json
- Validation: strict base64 decode, filename checks, size limits, duplicate detection
- Transcript redaction: sanitizeToolCallInputs redacts attachment content from persisted transcripts
- Lifecycle cleanup: safeRemoveAttachmentsDir with symlink-safe path containment check
- Config: tools.sessions_spawn.attachments (enabled, maxFiles, maxFileBytes, maxTotalBytes, retainOnSessionKeep)
- Registry: attachmentsDir/attachmentsRootDir/retainAttachmentsOnKeep on SubagentRunRecord
- ACP rejection: attachments rejected for runtime=acp with clear error message
- Docs: updated tools/index.md, concepts/session-tool.md, configuration-reference.md
- Tests: 85 new/updated tests across 5 test files

Fixes:
- Guard fs.rm in materialization catch block with try/catch (review concern #1)
- Remove unreachable fallback in safeRemoveAttachmentsDir (review concern #7)
- Move attachment cleanup out of retry path to avoid timing issues with announce loop

Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: napetrov <[email protected]>

- #1: Fix capabilities query param — use append() for repeated params instead of join()
- #4: Fix isConfigured — require hostname instead of registryUrl (default localhost OK)
- #5: Add deregister on stopAccount — store registryClient+agentId per account
- #7: Heartbeat re-registration — after 3 failures, deregister + re-register
- #10: Read pilotPort from config in resolveAccount
- #11: Remove unused execFile import from send.ts
- #12: Fix ENOENT race condition — use spawn event instead of setTimeout(500ms)
- #13: heartbeat checkReady — only require Pilot daemon if pilotPort configured
- #17: Verified daemon.ts imports — both spawn and execFile are used (no change)
- openclaw#18: Client reuse — store registryClient per account, reuse in gateway methods
- Also: Add API key support (registryApiKey config + X-Registry-Key header)
- Also: Add ok/error fields to SearchResult type

- get_agent: increase search limit to 25 to avoid missing exact hostname match
- search: clamp limit to 1-50 range, cap capabilities to 20 max

Per Codex review (issues #1 and #2)

CRITICAL:
- #1: Fix InboxMessage.from type from number to string (Pilot address)
- #2: Fix parseNodeIdFromPilotAddress to extract only last hex group
- #3: Rebuild hostnameToNodeId cache from Convex on startup
- #4: Fix AgentNetworkConfig → AgentRegistryConfig type reference
- #5: Track processed message hashes to prevent re-processing on clear failure

HIGH:
- #7: Change default pollIntervalSeconds from 300 to 15
- #8: Fix startDaemon regex to match Pilot address format (0:xxxx.xxxx.xxxx)
- #9: Use registerAgent() for re-registration to preserve enriched metadata
- #10: Fix search query param from 'query' to 'q'
- #12: handleRefresh supports optional accountId, refreshes all if omitted
- #13: Move spawn import to top-level, remove 7 inline dynamic imports
- #14: Mark inbox tool action as debug-only (poll loop handles processing)

MEDIUM:
- #15: Add installation_id to PilotPeer interface and agentToPeer
- #16: Use exact /by-hostname/ endpoint for get_agent action
- #17: Add LRU-style eviction to hostnameToNodeId (max 1000 entries)
- openclaw#18: Add mutex (isPolling flag) to executePollCycle
- openclaw#19: Add lifecycle comments to startDaemon/stopDaemon (container vs local)
- openclaw#20: Pass gatewayToken in fetchNetworkMetadata Convex query
- openclaw#21: Wrap sendText fallback in try/catch with error handling
- openclaw#23: Document sendMessage JSON vs raw text design intent