feat: Tree tool for directory exploration

Tasks completed: 2/2
- Task 1: Port grammY fetch cast + spoiler tags (commits #34, #100)
- Task 2: Port command truncation to 100 limit (commits #161, #162)

SUMMARY: .planning/phases/14-telegram-channels/14-01-SUMMARY.md

Resolves five issues identified in code review of feat/hitl-gateway:

1. Wire approvalManager into HitlGateway lifecycle
   checkAndGate now calls approvalManager.create()+register() so callers
   can block on approvalManager.awaitDecision(requestId). recordDecision
   now calls approvalManager.resolve() to unblock them. Previously the
   in-memory promise lifecycle was completely disconnected from the SQLite
   store, meaning any caller awaiting a decision would hang forever.

2. Require policy to be present for authorization in recordDecision
   Previously, if request.policyId was not in policiesById, the entire
   authorization block was silently skipped, allowing any actor to
   approve/deny with no role or actor checks. Now returns an explicit
   error when the policy is not found.

3. Fix expireRequest escalation threshold to measure from expiresAtMs
   afterTimeoutMs is documented as 'after the timeout' but was measured
   from createdAtMs, causing escalation to fire well before the request
   even expired. Now measures from expiresAtMs so afterTimeoutMs=30_000
   means 'escalate 30s after the approval window closes'.

4. Reject decisions on requests past their expiresAtMs deadline
   recordDecision only checked request.status, not the clock. Without a
   running timeout sweep (Phase 5), status stays 'pending' past expiry,
   so a late approver could bypass the timeout policy. Now returns an
   explicit 'expired' error when the deadline has passed.

5. Fix listPendingRequests to query by status instead of post-filter
   The prior implementation fetched the latest 100 records and filtered
   in memory, silently dropping pending requests older than openclaw#100. Now
   queries each status (pending, escalated) explicitly with limit=500.

Additional fixes:
- Fix requireDifferentActor type in HitlPolicyDefinition: string|boolean
  -> boolean, consistent with types.approvals.ts and the Zod schema.
- Fix extractShellCommandFromArgv to join all args after cmd.exe /c
  instead of taking only argv[idx+1], so multi-token cmd.exe commands
  are validated and matched correctly against rawCommand.
- Add HitlEscalationSchema + maxApprovalChainDepth to zod-schema.approvals
  to resolve schema/type drift between runtime types and Zod validation.
- Add test coverage for all fixed behaviors (31 gateway tests total).

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

Resolves five issues identified in code review of feat/hitl-gateway:

1. Wire approvalManager into HitlGateway lifecycle
   checkAndGate now calls approvalManager.create()+register() so callers
   can block on approvalManager.awaitDecision(requestId). recordDecision
   now calls approvalManager.resolve() to unblock them. Previously the
   in-memory promise lifecycle was completely disconnected from the SQLite
   store, meaning any caller awaiting a decision would hang forever.

2. Require policy to be present for authorization in recordDecision
   Previously, if request.policyId was not in policiesById, the entire
   authorization block was silently skipped, allowing any actor to
   approve/deny with no role or actor checks. Now returns an explicit
   error when the policy is not found.

3. Fix expireRequest escalation threshold to measure from expiresAtMs
   afterTimeoutMs is documented as 'after the timeout' but was measured
   from createdAtMs, causing escalation to fire well before the request
   even expired. Now measures from expiresAtMs so afterTimeoutMs=30_000
   means 'escalate 30s after the approval window closes'.

4. Reject decisions on requests past their expiresAtMs deadline
   recordDecision only checked request.status, not the clock. Without a
   running timeout sweep (Phase 5), status stays 'pending' past expiry,
   so a late approver could bypass the timeout policy. Now returns an
   explicit 'expired' error when the deadline has passed.

5. Fix listPendingRequests to query by status instead of post-filter
   The prior implementation fetched the latest 100 records and filtered
   in memory, silently dropping pending requests older than openclaw#100. Now
   queries each status (pending, escalated) explicitly with limit=500.

Additional fixes:
- Fix requireDifferentActor type in HitlPolicyDefinition: string|boolean
  -> boolean, consistent with types.approvals.ts and the Zod schema.
- Fix extractShellCommandFromArgv to join all args after cmd.exe /c
  instead of taking only argv[idx+1], so multi-token cmd.exe commands
  are validated and matched correctly against rawCommand.
- Add HitlEscalationSchema + maxApprovalChainDepth to zod-schema.approvals
  to resolve schema/type drift between runtime types and Zod validation.
- Add test coverage for all fixed behaviors (31 gateway tests total).

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

…penclaw#100)

feat(skills): add Trello skill for board/list/card management

Pink Tray Icon on Linux

- Add SSH key retry logic (3 attempts, 15s delay) to handle transient VPS unreachability (openclaw#110)
- Add SSH auth verification before proceeding with deploy
- Pin [email protected] to avoid npm install failures (openclaw#109)
- Add error handling for json5 install step
- Add config verification logging for safeBins and model persistence (openclaw#97, openclaw#100)

Fixes: openclaw#110, openclaw#109, openclaw#97, openclaw#100
Sprint: 1.6

…b_actions/actions/create-github-app-token-2.2.1

chore(deps): bump actions/create-github-app-token from 1.12.0 to 2.2.1

…openclaw#100)

Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.2.1 to 3.0.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@29824e6...f8d387b)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sjhu <[email protected]>

MiniMax M2 models (including M2.7) are trained heavily on Chinese data
and occasionally leak CJK (Chinese/Japanese/Korean) ideographs and
punctuation into non-CJK language outputs (German, English, etc.).

This is a known model-level bug:
- GitHub MiniMax-M2 Issue openclaw#100 (Korean → Chinese leakage)
- OpenClaw Issue openclaw#17121 (Japanese → Chinese/Russian leakage)
- MiniMax-M2 Issue openclaw#55 (CJK/Latin punctuation confusion)

System prompt instructions alone cannot reliably prevent this because
the leakage originates at the token probability level, not from the
model ignoring instructions.

Changes:
- Add stripLeakedCjkChars() post-processing filter that detects when
  text is predominantly non-CJK (<20% CJK ideographs by character
  count) and strips stray CJK characters + replaces CJK punctuation
  with Latin equivalents
- Wire into all three text sanitization paths:
  1. extractAssistantText (pi-embedded-utils.ts) -- final message
  2. sanitizeTextContent (sessions-helpers.ts) -- subagent/session text
  3. emitBlockChunk (pi-embedded-subscribe.ts) -- streaming chunks
- Safety: text with >20% CJK content is left untouched (intentional
  CJK language use)
- 17 tests covering German, English, mixed content, intentional CJK
  preservation, edge cases

Fixes openclaw#17121