echoVic
diff --git a/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/gateway/configuration.md‎
Lines changed: 13 additions & 0 deletions b/‎docs/gateway/configuration.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎docs/gateway/troubleshooting.md‎
Lines changed: 16 additions & 0 deletions b/‎docs/gateway/troubleshooting.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎extensions/bluebubbles/index.ts‎
Lines changed: 2 additions & 0 deletions b/‎extensions/bluebubbles/index.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎extensions/copilot-proxy/index.ts‎
Lines changed: 3 additions & 0 deletions b/‎extensions/copilot-proxy/index.ts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎extensions/discord/index.ts‎
Lines changed: 2 additions & 0 deletions b/‎extensions/discord/index.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎extensions/google-antigravity-auth/index.ts‎
Lines changed: 2 additions & 0 deletions b/‎extensions/google-antigravity-auth/index.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎extensions/google-gemini-cli-auth/index.ts‎
Lines changed: 3 additions & 0 deletions b/‎extensions/google-gemini-cli-auth/index.ts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎extensions/imessage/index.ts‎
Lines changed: 2 additions & 0 deletions b/‎extensions/imessage/index.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎extensions/matrix/index.ts‎
Lines changed: 2 additions & 0 deletions b/‎extensions/matrix/index.ts‎
Lines changed: 2 additions & 0 deletions
@@ -4,6 +4,9 @@ Docs: https://docs.clawd.bot
 
 ## 2026.1.19-1
 
+### Breaking
+- **BREAKING:** Reject invalid/unknown config entries and refuse to start the gateway for safety; run `clawdbot doctor --fix` to repair. 
+
 ### Changes
 - Usage: add `/usage cost` summaries and macOS menu cost submenu with daily charting.
 
 
@@ -17,6 +17,19 @@ If the file is missing, Clawdbot uses safe-ish defaults (embedded Pi agent + per
 
 > **New to configuration?** Check out the [Configuration Examples](/gateway/configuration-examples) guide for complete examples with detailed explanations!
 
+## Strict config validation
+
+Clawdbot only accepts configurations that fully match the schema.
+Unknown keys, malformed types, or invalid values cause the Gateway to **refuse to start** for safety.
+
+When validation fails:
+- The Gateway does not boot.
+- Only diagnostic commands are allowed (for example: `clawdbot doctor`, `clawdbot logs`, `clawdbot health`, `clawdbot status`, `clawdbot service`, `clawdbot help`).
+- Run `clawdbot doctor` to see the exact issues.
+- Run `clawdbot doctor --fix` (or `--yes`) to apply migrations/repairs.
+
+Doctor never writes changes unless you explicitly opt into `--fix`/`--yes`.
+
 ## Schema + UI hints
 
 The Gateway exposes a JSON Schema representation of the config via `config.schema` for UI editors.
 
@@ -326,6 +326,22 @@ Clawdbot keeps conversation history in memory.
 
 ## Common troubleshooting
 
+### “Gateway won’t start — configuration invalid”
+
+Clawdbot now refuses to start when the config contains unknown keys, malformed values, or invalid types.
+This is intentional for safety.
+
+Fix it with Doctor:
+```bash
+clawdbot doctor
+clawdbot doctor --fix
+```
+
+Notes:
+- `clawdbot doctor` reports every invalid entry.
+- `clawdbot doctor --fix` applies migrations/repairs and rewrites the config.
+- Diagnostic commands like `clawdbot logs`, `clawdbot health`, `clawdbot status`, and `clawdbot service` still run even if the config is invalid.
+
 ### “All models failed” — what should I check first?
 
 - **Credentials** present for the provider(s) being tried (auth profiles + env vars).
 
@@ -1,4 +1,5 @@
 import type { ClawdbotPluginApi } from "clawdbot/plugin-sdk";
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
 
 import { bluebubblesPlugin } from "./src/channel.js";
 import { handleBlueBubblesWebhookRequest } from "./src/monitor.js";
@@ -8,6 +9,7 @@ const plugin = {
   id: "bluebubbles",
   name: "BlueBubbles",
   description: "BlueBubbles channel plugin (macOS app)",
+  configSchema: emptyPluginConfigSchema(),
   register(api: ClawdbotPluginApi) {
     setBlueBubblesRuntime(api.runtime);
     api.registerChannel({ plugin: bluebubblesPlugin });
 
@@ -1,3 +1,5 @@
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
+
 const DEFAULT_BASE_URL = "http://localhost:3000/v1";
 const DEFAULT_API_KEY = "n/a";
 const DEFAULT_CONTEXT_WINDOW = 128_000;
@@ -61,6 +63,7 @@ const copilotProxyPlugin = {
   id: "copilot-proxy",
   name: "Copilot Proxy",
   description: "Local Copilot Proxy (VS Code LM) provider plugin",
+  configSchema: emptyPluginConfigSchema(),
   register(api) {
     api.registerProvider({
       id: "copilot-proxy",
 
@@ -1,4 +1,5 @@
 import type { ClawdbotPluginApi } from "clawdbot/plugin-sdk";
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
 
 import { discordPlugin } from "./src/channel.js";
 import { setDiscordRuntime } from "./src/runtime.js";
@@ -7,6 +8,7 @@ const plugin = {
   id: "discord",
   name: "Discord",
   description: "Discord channel plugin",
+  configSchema: emptyPluginConfigSchema(),
   register(api: ClawdbotPluginApi) {
     setDiscordRuntime(api.runtime);
     api.registerChannel({ plugin: discordPlugin });
 
@@ -1,6 +1,7 @@
 import { createHash, randomBytes } from "node:crypto";
 import { readFileSync } from "node:fs";
 import { createServer } from "node:http";
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
 
 // OAuth constants - decoded from pi-ai's base64 encoded values to stay in sync
 const decode = (s: string) => Buffer.from(s, "base64").toString();
@@ -360,6 +361,7 @@ const antigravityPlugin = {
   id: "google-antigravity-auth",
   name: "Google Antigravity Auth",
   description: "OAuth flow for Google Antigravity (Cloud Code Assist)",
+  configSchema: emptyPluginConfigSchema(),
   register(api) {
     api.registerProvider({
       id: "google-antigravity",
 
@@ -1,3 +1,5 @@
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
+
 import { loginGeminiCliOAuth } from "./oauth.js";
 
 const PROVIDER_ID = "google-gemini-cli";
@@ -14,6 +16,7 @@ const geminiCliPlugin = {
   id: "google-gemini-cli-auth",
   name: "Google Gemini CLI Auth",
   description: "OAuth flow for Gemini CLI (Google Code Assist)",
+  configSchema: emptyPluginConfigSchema(),
   register(api) {
     api.registerProvider({
       id: PROVIDER_ID,
 
@@ -1,4 +1,5 @@
 import type { ClawdbotPluginApi } from "clawdbot/plugin-sdk";
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
 
 import { imessagePlugin } from "./src/channel.js";
 import { setIMessageRuntime } from "./src/runtime.js";
@@ -7,6 +8,7 @@ const plugin = {
   id: "imessage",
   name: "iMessage",
   description: "iMessage channel plugin",
+  configSchema: emptyPluginConfigSchema(),
   register(api: ClawdbotPluginApi) {
     setIMessageRuntime(api.runtime);
     api.registerChannel({ plugin: imessagePlugin });
 
@@ -1,4 +1,5 @@
 import type { ClawdbotPluginApi } from "clawdbot/plugin-sdk";
+import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
 
 import { matrixPlugin } from "./src/channel.js";
 import { setMatrixRuntime } from "./src/runtime.js";
@@ -7,6 +8,7 @@ const plugin = {
   id: "matrix",
   name: "Matrix",
   description: "Matrix channel plugin (matrix-js-sdk)",
+  configSchema: emptyPluginConfigSchema(),
   register(api: ClawdbotPluginApi) {
     setMatrixRuntime(api.runtime);
     api.registerChannel({ plugin: matrixPlugin });