Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: e418326
Co-authored-by: dsantoreis <[email protected]>
Co-authored-by: Evizero <[email protected]>
Reviewed-by: @Evizero

… thanks @rodrigouroz

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* Dependencies: make @discordjs/opus an optional peer

* Dependencies: bump node-llama-cpp peer to 3.16.2

* Dependencies: pin Google auth deps to warning-free versions

* CI: reduce Dependabot cooldown to 2 days

* CI: fix invalid Dependabot npm registry config

* CI: restore Dependabot npm registry with token auth

* Dependencies: remove global Google auth pnpm overrides

* CI: make Dependabot updates daily

* Dependencies: restore optional install semantics for @discordjs/opus

* CI: keep Docker Dependabot interval weekly

…nclaw#17874)

* feat(memory-lancedb): add custom baseUrl and dimensions support

* fix(memory-lancedb): strict model typing and safe dimension resolution

* style: fix formatting in memory-lancedb config

* fix(memory-lancedb): sync manifest schema with new embedding options

---------

Co-authored-by: OpenClaw Bot <[email protected]>

…nclaw#16930, openclaw#22441, openclaw#25088)

Landed from contributor PRs openclaw#16930, openclaw#22441, and openclaw#25088.

Co-authored-by: liweiguang <[email protected]>
Co-authored-by: EdwardWu7 <[email protected]>
Co-authored-by: MoerAI <[email protected]>

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini (fails in this environment at src/daemon/launchd.integration.test.ts beforeAll hook timeout; merged with Tak override)

Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

Land contributor PR openclaw#29032 by @maloqab with Slack native alias docs, integration tests, and changelog entry.

Co-authored-by: maloqab <[email protected]>

- Remove trailing blank line after Jonathan Taylor entry
- Escape underscore in @jlehman_ X handle

Fixes openclaw#29039

…nclaw#26050) thanks @bmendonca3

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: bmendonca3 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

… custom provider probes (openclaw#27380)

* fix(onboard): increase verification timeout and reduce max_tokens for custom provider probes

The onboard wizard sends a chat-completion request to verify custom
providers.  With max_tokens: 1024 and a 10 s timeout, large local
models (e.g. Qwen3.5-27B on llama.cpp) routinely time out because
the server needs to load the model and generate up to 1024 tokens
before responding.

Changes:
- Raise VERIFY_TIMEOUT_MS from 10 s to 30 s
- Lower max_tokens from 1024 to 1 (verification only needs a single
  token to confirm the API is reachable and the model ID is valid)
- Add explicit stream: false to both OpenAI and Anthropic probes

Closes openclaw#27346

Made-with: Cursor

* Changelog: note custom-provider onboarding verification fix

---------

Co-authored-by: Philipp Spiess <[email protected]>

When an agent triggers a gateway restart in supervised mode, the process
exits expecting launchd KeepAlive to respawn it. But ThrottleInterval
(default 10s, or 60s on older installs) can delay or prevent restart.

Now calls triggerOpenClawRestart() to issue an explicit launchctl
kickstart before exiting, ensuring immediate respawn. Falls back to
in-process restart if kickstart fails.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

…back

Co-authored-by: Cathryn Lavery <[email protected]>

* agents: auto-discover Ollama models without API key

* tests: cover Ollama autodiscovery warning behavior

openclaw#28295) thanks @zhoulongchao77

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: zhoulongchao77 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

…#27884) (openclaw#27928) thanks @joelnishanth

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: joelnishanth <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

…penclaw#28822)

Merged via squash.

Prepared head SHA: 83d4329
Co-authored-by: lailoo <[email protected]>
Co-authored-by: velvet-shark <[email protected]>
Reviewed-by: @velvet-shark

…ions in feishu_doc (openclaw#20304)

Co-authored-by: Tak Hoffman <[email protected]>

…I calls (openclaw#28907) thanks @Glucksberg

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Glucksberg <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

…penclaw#28269) thanks @Glucksberg

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Glucksberg <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

… / quota errors (openclaw#28494) thanks @guoqunabc

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: guoqunabc <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

)

Add an optional `header` parameter to `FeishuStreamingSession.start()`
so that streaming cards can display a colored title bar, matching the
appearance of non-streaming interactive cards.

The Card Kit API already supports `header` alongside `streaming_mode`,
but the current implementation omits it, producing headerless cards.

This change is fully backward-compatible: when `header` is not provided,
behavior is identical to before.

Closes openclaw#13267 (partial)

Co-authored-by: Claude Opus 4.6 <[email protected]>

…9456)

## Summary
- honor Feishu wildcard group policy fallback via `channels.feishu.groups["*"]` when no explicit group entry matches
- keep exact and case-insensitive explicit group matches higher precedence than wildcard fallback
- add changelog credit and TypeScript-safe test assertions

## Verification
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Wayne Pika <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

Co-authored-by: Kai <[email protected]>

* feat(feishu): parse post rich text as markdown

* chore: rerun ci

* Feishu: resolve post parser rebase conflicts and gate fixes

---------

Co-authored-by: Wilson Liu <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

- Respect groupConfig.enabled flag (was parsed but never enforced)
- Fix misleading log: group allowlist rejection now logs group ID and
  policy instead of sender open_id

…ages (openclaw#21786)

* feat(feishu): extract embedded video/media from post (rich text) messages

Previously, parsePostContent() only extracted embedded images (img tags)
from rich text posts, ignoring embedded video/audio (media tags). Users
sending post messages with embedded videos would not have the media
downloaded or forwarded to the agent.

Changes:
- Extend parsePostContent() to also collect media tags with file_key
- Return new mediaKeys array alongside existing imageKeys
- Update resolveFeishuMediaList() to download embedded media files
  from post messages using the messageResource API
- Add appropriate logging for embedded media discovery and download

* Feishu: keep embedded post media payloads type-safe

* Feishu: format post parser after media tag extraction

---------

Co-authored-by: laopuhuluwa <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

…tsapp (openclaw#27366)

* fix(tts): use opus format and enable voice bubbles for feishu and whatsapp

Previously only Telegram received opus output and had `shouldVoice=true`.
Feishu and WhatsApp also support voice-bubble playback and require opus audio,
but were falling back to mp3 with `audioAsVoice=false`.

- Extract VOICE_BUBBLE_CHANNELS set (telegram, feishu, whatsapp)
- resolveOutputFormat: return TELEGRAM_OUTPUT (opus) for all voice-bubble channels
- shouldVoice: enable for all voice-bubble channels, not just telegram
- Update test to cover feishu and whatsapp cases

* Changelog: add TTS voice-bubble channel coverage note

---------

Co-authored-by: Ning Hu <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

…openclaw#29299)

* CLI: seed Ollama provider on apiKey set

* Tests: cover Ollama apiKey config set path

…penclaw#29279)

* Gateway: allow Google Fonts stylesheet and font CDN in Control UI CSP

* Tests: assert Control UI CSP allows required Google Fonts origins

* Gateway: fix CSP comment for Google Fonts allowlist intent

* Tests: split dedicated Google Fonts CSP assertion

…penclaw#29579)

…penclaw#28477)

* fix(doctor): detect groupPolicy=allowlist with empty groupAllowFrom

The existing `detectEmptyAllowlistPolicy` check only covers
`dmPolicy="allowlist"` with empty `allowFrom`. After the .26 security
hardening (`resolveDmGroupAccessDecision` fails closed on empty
allowlists), `groupPolicy="allowlist"` without `groupAllowFrom` or
`allowFrom` silently drops all group/channel messages with only a
verbose-level log.

Add a parallel check: when `groupPolicy` is `"allowlist"` and neither
`groupAllowFrom` nor `allowFrom` has entries, surface a doctor warning
with remediation steps.

Closes openclaw#27552

* fix: align empty-array semantics with runtime resolveGroupAllowFromSources

The runtime treats groupAllowFrom: [] as unset and falls back to
allowFrom, but the doctor check used ?? which treats [] as authoritative.
This caused a false warning when groupAllowFrom was explicitly empty but
allowFrom had entries.

Match runtime behavior: treat empty groupAllowFrom arrays as unset
before falling back to allowFrom.

* fix: scope group allowlist check to sender-based channels only

* fix: align doctor group allowlist semantics (openclaw#28477) (thanks @tonydehnke)

---------

Co-authored-by: mukhtharcm <[email protected]>

…) (thanks @kunalk16)

…loss on reconnect

The initSessionState function was using the raw session key from resolveSessionKey()
while all read paths use resolveSessionStoreKey() which canonicalizes the key.
This mismatch caused sessions to be orphaned after gateway restart/reconnect.

Fixes openclaw#29683