Implements Solution 1 from todos/010 to prevent orphaned sidecar
accumulation:
- Add SIDECAR_PATTERNS constant for known sidecar types
- Update cleanOldMedia() to delete sidecars with parent media files
- Add recursive directory support and directory filtering
- Add comprehensive unit tests for sidecar cleanup

Resolves issue openclaw#10 (orphaned sidecar files)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

…aeMYE

Add search, filtering, and sorting to sessions table

…iner, Postgres traces, cost budgets, phase restructuring

Factsheet changes (12 architecture critiques):
- Add users table with auth provider (openclaw#1)
- Change all TEXT PKs to native UUID type (openclaw#2)
- Remove orphaned session_id from Task/TaskCommand/TaskResult (openclaw#3)
- Replace per-task containers with single shared Docker container (openclaw#4)
- Phase injection queue: in-memory Phase 1, Redis Phase 2+ (openclaw#5)
- Decouple Board Sync DB writes from WebSocket broadcasting (openclaw#6)
- Move trace storage from JSONL+index to Postgres-only (openclaw#7)
- Add chat_messages escalation to agent context (openclaw#8)
- Normalize discussion_messages into separate table (openclaw#9)
- Add PolicyEngine facade with single evaluate() entry point (openclaw#10)
- Add per-plugin Zod validation schemas for SourceConfig (openclaw#11)
- Add CostPolicy with token/cost budgets and cost_usage table (openclaw#12)

Blueprint changes (4 implementation improvements):
- Split Phase 1 into 4 sub-phases (1a-1d)
- Reorder: API skeleton before agent loop
- Defer frontend to Phase 5
- Add packages/shared for types and schemas

DB schema: 17 tables → 20 tables (added users, traces, discussion_messages, cost_usage)

https://claude.ai/code/session_01V2xvGqZqX6JKPGQeXyNMQW

…oad scanning

Phase 1 complete implementation of the Skill Guard system:

Core changes (4 files, ~110 lines):
- src/config/types.skills.ts: Add SkillGuardConfig, SkillStoreConfig types
- src/config/zod-schema.ts: Add guard validation schema (strict mode)
- src/agents/skills/load-guard.ts: New guard registration point
- src/agents/skills/workspace.ts: Insert guard evaluation in loadSkillEntries()

Extension (extensions/skill-guard/, 7 files, ~650 lines):
- cloud-client.ts: Multi-store manifest fetch with ETag/304 + fallback
- hash-cache.ts: In-memory + disk manifest cache
- verify-engine.ts: Full-directory SHA256 verification + sideload scanning
- audit-logger.ts: JSONL audit trail
- index.ts: Plugin entry wiring everything together
- types.ts: Cloud API response type definitions

Tests (51 tests, all passing):
- load-guard.test.ts: Guard registration/unregistration (4 tests)
- zod-schema.guard.test.ts: Config validation (9 tests)
- verify-engine.test.ts: All acceptance criteria (12 tests)
- hash-cache.test.ts: Cache persistence (5 tests)
- audit-logger.test.ts: JSONL logging (3 tests)
- cloud-client.test.ts: HTTP client behavior (6 tests)
- smoke.test.ts: E2E with Python mock store server (12 tests)

Smoke infrastructure:
- test/smoke/skill-guard-server.py: Zero-dep Python mock store API

All 11 acceptance criteria verified:
  openclaw#1 guard.enabled=false → all load
  openclaw#2 store skill hash match → pass
  openclaw#3 tampered file → blocked
  openclaw#4 injected file → blocked
  openclaw#5 blocklisted → blocked
  openclaw#6 sideload clean → pass
  openclaw#7 sideload critical + block-critical → blocked
  openclaw#8 sideload critical + warn → warning only
  openclaw#9 cloud down + cache → uses cache
  openclaw#10 cloud down + no cache → degrade allow
  openclaw#11 100 skills < 500ms → performance OK

Existing security tests (69) verified: zero regression.

Co-authored-by: Cursor <[email protected]>

…oad scanning

Phase 1 complete implementation of the Skill Guard system:

Core changes (4 files, ~110 lines):
- src/config/types.skills.ts: Add SkillGuardConfig, SkillStoreConfig types
- src/config/zod-schema.ts: Add guard validation schema (strict mode)
- src/agents/skills/load-guard.ts: New guard registration point
- src/agents/skills/workspace.ts: Insert guard evaluation in loadSkillEntries()

Extension (extensions/skill-guard/, 7 files, ~650 lines):
- cloud-client.ts: Multi-store manifest fetch with ETag/304 + fallback
- hash-cache.ts: In-memory + disk manifest cache
- verify-engine.ts: Full-directory SHA256 verification + sideload scanning
- audit-logger.ts: JSONL audit trail
- index.ts: Plugin entry wiring everything together
- types.ts: Cloud API response type definitions

Tests (51 tests, all passing):
- load-guard.test.ts: Guard registration/unregistration (4 tests)
- zod-schema.guard.test.ts: Config validation (9 tests)
- verify-engine.test.ts: All acceptance criteria (12 tests)
- hash-cache.test.ts: Cache persistence (5 tests)
- audit-logger.test.ts: JSONL logging (3 tests)
- cloud-client.test.ts: HTTP client behavior (6 tests)
- smoke.test.ts: E2E with Python mock store server (12 tests)

Smoke infrastructure:
- test/smoke/skill-guard-server.py: Zero-dep Python mock store API

All 11 acceptance criteria verified:
  openclaw#1 guard.enabled=false → all load
  openclaw#2 store skill hash match → pass
  openclaw#3 tampered file → blocked
  openclaw#4 injected file → blocked
  openclaw#5 blocklisted → blocked
  openclaw#6 sideload clean → pass
  openclaw#7 sideload critical + block-critical → blocked
  openclaw#8 sideload critical + warn → warning only
  openclaw#9 cloud down + cache → uses cache
  openclaw#10 cloud down + no cache → degrade allow
  openclaw#11 100 skills < 500ms → performance OK

Existing security tests (69) verified: zero regression.

Co-authored-by: Cursor <[email protected]>

… log dashboard docs

Co-Authored-By: Claude Opus 4.6 <[email protected]>

Improvements completed:
- #1 A2A conversation index (O(1) lookup, 24 tests)
- #2 A2A durable jobs (JobManager + Reaper + Orchestrator, 43 tests)
- openclaw#3 task-tool.ts modularization (5 modules, 2296→45 LOC facade, 147 tests)
- openclaw#4 continuation state machine Phase 1 (pure decision functions, 56 tests)
- openclaw#5 gateway composition (6 init modules, 737→565 LOC, 80→48 imports)
- openclaw#7 A2A per-agent concurrency gate (semaphore + config, 25 tests)
- openclaw#8 structured handoff payload (types + parser, 42 tests)
- openclaw#9 coordination invariants test suite (TC-01~07, 22 tests)
- openclaw#11 subagent-task lifecycle (delegation manager + verify tool, 135 tests)
- openclaw#12 task enforcement bypass fix (session-scoped + stale cleanup, 20 tests)

N/A: openclaw#6 (DI already via GatewayRequestContext), openclaw#10 (partially resolved by #2)
Deferred: openclaw#4 Phase 2-5 (high risk, Phase 1 delivers core value)

Total: 514 new tests, 0 regressions, 11 implementation docs

…aw#10) from feat/reasoning-default into main

Reviewed-on: https://gitea.hosting-cloud.net/dreamit/zulip-claw/pulls/10