feat(landing): mobile navigation, back-to-top, accessibility improvements

… was not being compiled

- Drop tasks and task_comments tables
- Remove task/comment controllers, routes, DB queries
- Remove BoardPage, TaskDetailSheet, CreateTaskDialog
- Remove stale-task-check daemon job
- Simplify notifications (message text instead of task/comment FKs)
- Default route now points to /secrets
- Navbar renamed to Harbor

…w#19, openclaw#20)

Issue openclaw#20 — Token Auth:
- Gateway accepts ctx_ API tokens in connect handshake
- Valid ctx_ tokens bypass device identity and pairing entirely
- Security role derived from token's role
- Added authMode field to connection (device/token)
- UI: SetupWizard and AuthDialog support token input
- UI: gateway.ts skips device identity for ctx_ tokens
- Stored in localStorage as cortex:authToken

Issue openclaw#19 — Auto-Approve First Device:
- First device on fresh install is auto-approved with admin role
- No manual approval needed for initial setup
- Audit logged as device.first-device-auto-approved
- securityRole field added to PairedDevice type

Also includes: invite system, pairing codes, QR pair modal

* feat(ui): Agent configuration experience — gateway hooks, file editors, LLM assist, auto-review

Major additions to the OpenClaw web UI:

Gateway Integration Layer:
- gateway-hooks.ts: React Query integration for all gateway RPC methods
- Typed query/mutation hooks for agents, config, models, sessions, skills, etc.
- Gateway event subscription hook for real-time updates

Agent Configuration Experience:
- AgentConfigPage: Tabbed config with progressive disclosure
- SoulEditor: SOUL.md editor with split view and markdown preview
- AgentFileEditor: Generic file editor for workspace files
- AgentOverviewConfig: Identity card, file health, suggestions
- Route: /agents/:agentId/configure

LLM Assist Panel:
- Conversational AI sidebar for configuration help
- Context-aware suggestions per config section
- Apply changes directly from suggestions

Auto-Review Panel:
- One-click config analysis with score/grade
- Actionable fix suggestions

Updated hooks and navigation to connect config flow.

* fix(ui): lint cleanup — remove unused imports, prefix unused params

- AutoReviewPanel: remove unused AnimatePresence, CardDescription; prefix unused params
- SkillConfigurator: remove unused AnimatePresence, Button; prefix agentId
- AgentConfigPage: remove unused AlertTriangle, RefreshCw, AGENT_FILES; wire SkillConfigurator into skills tab
- LLMAssistPanel: remove unused RefreshCw, ScrollArea, Separator; prefix agentId
- ModelBehaviorConfig: prefix unused isLoading param
- ModelSelector: remove unused Badge; prefix placeholder param
- useAgents: prefix unused isDefault param, fetchAgentsFromConfig fn

* perf(ui): split @xyflow into separate vendor chunk

@xyflow (React Flow for DAG visualization) was bundled into the vendor-react
chunk despite only being used on workstream/workflow pages. Moving it to
vendor-xyflow isolates 122 kB that's only loaded when needed.

Before: vendor-react 557 kB (everything)
After:  vendor-react 433 kB + vendor-xyflow 122 kB (lazy)

* feat(ui): content-shaped page skeletons for improved perceived performance

Add page-specific skeleton loading states that match actual content layout:
- HomeSkeleton: greeting, quick chat, agent grid, panel layout
- AgentListSkeleton: header + search + 3x3 card grid
- AgentDetailSkeleton: back nav, agent header, tabs, stats, content area
- ConversationListSkeleton: sidebar + empty state
- ChatThreadSkeleton: header, message bubbles pattern, input bar
- SettingsSkeleton: sidebar nav + settings content
- WorkstreamsSkeleton: header, filter tabs, workstream cards

Wire AgentDetailSkeleton into /agents/[agentId] route.

* fix(ui): UX polish — branding, cleanup, Skills route, container consistency

- Fix sidebar branding: 'Second Brain' → 'OpenClaw', logo initial 'S' → 'O'
- Remove 211 'use client' directives (Next.js artifact, meaningless in Vite)
- Fix homepage greeting: remove hardcoded 'User!' placeholder
- Normalize container patterns in Nodes and Jobs pages (remove redundant
  min-h-screen/max-w-7xl wrappers — AppShell already provides these)
- Add new /skills route with full CRUD: list, search, filter, enable/disable,
  install from URL/ClawhHub, uninstall, detail panel with config view
- Add Skills nav item to sidebar under Team section
- All changes use existing gateway hooks and API layer (no new APIs needed)
- Build passes cleanly (6.71s)

* feat(ui): mobile bottom navigation for responsive layout

- Add MobileBottomNav component with Home, Chat, Agents, Settings tabs
- 'More' tab opens full sidebar as a slide-out sheet
- Visible only on screens < md (768px), hidden on tablet/desktop
- Auto-hides on fullscreen pages (onboarding, unlock)
- Add bottom padding to content area on mobile to prevent nav overlap
- Respects safe-area-inset for notched devices
- Export from layout index

* feat(ui): add Logs route and mobile navigation improvements

- Add /logs route with log stream viewer (Power User mode)
  - Level filtering (trace/debug/info/warn/error/fatal) with counts
  - Search/filter by message or subsystem
  - Auto-scroll toggle, pause/resume stream
  - Export filtered logs as text file
  - Color-coded log levels with appropriate icons
  - Monospace font, compact density for log readability
- Add Logs nav item to sidebar Power User section
- Uses sample data for UI development; ready for gateway integration

* fix(ui): rebrand Second Brain → OpenClaw, use profile name on home page

- Sidebar: Updated logo text from 'Second Brain' to 'OpenClaw'
- Home page: Reads user display name from profile settings instead of hardcoded 'User!'
- Filesystem: Updated API endpoint and config references to openclaw.ai
- App.tsx: Updated sandbox page branding

Files changed:
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/components/layout/Sidebar.tsx
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/routes/index.tsx
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/routes/filesystem/index.tsx
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/App.tsx

* feat(ui): add /logs route — real-time gateway log streaming

- New route: /logs with polling-based log tail via gateway 'logs.tail' RPC
- Features: level filtering (trace/debug/info/warn/error/fatal), text search,
  auto-follow, pause/resume, export to JSONL, entry counts per level
- Dark terminal-style UI with color-coded log levels
- Added to sidebar Power User section with ScrollText icon
- Handles disconnected state gracefully

Files changed:
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/routes/logs/index.tsx (new)
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/components/layout/Sidebar.tsx
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/routeTree.gen.ts (auto-generated)

* feat(ui): add /analytics route — usage dashboard with token/cost/model/agent breakdowns

- New route: /analytics with gateway 'sessions.usage' + 'usage.cost' RPC
- Features: date range picker, stat cards (tokens/cost/messages/tools),
  daily bar charts (tokens + cost), model/agent/tool breakdowns with progress bars,
  full session table with sort-by-cost, expand/collapse
- Token and cost breakdown cards showing input/output/cache splits
- Responsive grid layout, loading skeletons, disconnected state
- Added to sidebar Power User section with BarChart3 icon

Files changed:
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/routes/analytics/index.tsx (new)
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/components/layout/Sidebar.tsx
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/routeTree.gen.ts (auto-generated)

* fix(ui): add TanStack Router errorComponent on root route

- RouteErrorComponent wraps ErrorFallback with router-aware recovery
- 'Try Again' invalidates the current route (re-fetches data)
- 'Go Home' navigates to / via router (no full page reload)
- Complements existing React ErrorBoundary for render-crash recovery

File changed:
- /Users/openclaw/openclaw-ui-redesign/apps/web/src/routes/__root.tsx

* a11y: skip nav, reduced motion, keyboard support, ARIA landmarks, live region announcer

- Add SkipNavLink + SkipNavContent for keyboard users to bypass sidebar (WCAG 2.4.1)
- Add ReducedMotionProvider wrapping app root — respects prefers-reduced-motion (WCAG 2.3.3)
- Add role/tabIndex/onKeyDown to 6 interactive non-button elements:
  ToolCategorySection, ConversationItem, MemoryCard (2 variants),
  agent-plan task toggle, GatewaySetupStep radio cards
- Add focus-visible ring styles to all fixed elements
- Add aria-label/role='navigation' to Sidebar landmark
- Add aria-expanded/aria-controls to expandable sections
- Add useAnnounce hook + useRouteAnnouncer for screen reader live regions
- Build verified: 7.03s, no errors

* a11y: route change announcer + dynamic document.title

- Announce navigation to screen readers via useAnnounce live region
- Update document.title on route changes (e.g. 'Settings — OpenClaw')
- Derives human-readable page name from URL path segment
- WCAG 4.1.3: Status Messages compliance

* feat(ui): agent activity feed widget on home dashboard

- New AgentActivityFeed component with real-time agent activity stream
- Shows agent avatar, activity type (7 types), description, relative timestamp
- Color-coded activity icons: session started, message sent, tool called,
  task completed, task failed, agent spawned, file edited
- Auto-refresh every 30s with live indicator pulse
- Proper empty state with guidance text
- ARIA: role=feed, role=article, aria-labels, semantic time elements
- Mock data hook (useAgentActivity) ready for real API swap
- Replaces placeholder widget on home page grid
- Build: 6.96s, no errors

* feat(ux): agent status indicators on avatars (openclaw#19)

Add reusable AgentStatusDot component with Framer Motion pulse
animations and useAgentStatus hook for deriving display status from
agent store data.

Status types:
- Online (green, slow pulse): active within last 5 minutes
- Busy (amber, fast pulse): currently processing or awaiting approval
- Offline (gray, static): inactive
- Error (red, static): error state

Integrated into:
- AgentAvatar (composed) — shared avatar used across the app
- AgentCard (compact + expanded variants) — home grid and agent list
- AgentSessionsIndicator — sidebar waiting-agents popover

Includes auto-expiry timer in useAgentStatus that transitions
online → offline when lastActive exceeds the 5-minute threshold.

* feat(ux): keyboard shortcuts discoverability badge (openclaw#18)

Changes landed in c6a1309 (co-committed with openclaw#19).

Summary of changes:
- apps/web/src/hooks/useShortcutsSeen.ts (new)
  localStorage-gated hook (key: oc_shortcuts_seen) tracking first-visit state

- apps/web/src/hooks/index.ts
  Export useShortcutsSeen from hooks barrel

- apps/web/src/providers/ShortcutsProvider.tsx
  Add ShortcutsContext exposing openShortcutsModal / shortcutsSeen / markShortcutsSeen;
  mark as seen whenever modal opens via keyboard, button, or command palette

- apps/web/src/providers/index.ts
  Export ShortcutsContext and useShortcutsContext

- apps/web/src/components/layout/Sidebar.tsx
  Add KeyboardShortcutsButton with Framer Motion pulsing dot + 'NEW' badge;
  button calls openShortcutsModal from context; dot/badge auto-dismiss on first open

- apps/web/src/components/composed/CommandPalette.tsx
  Add footer hint: 'Press ? to see all keyboard shortcuts'

* fix(a11y): dark mode color contrast improvements (openclaw#20)

- Remove all text-muted-foreground opacity modifiers (/40, /50, /60, /70, /80)
  that caused WCAG AA failures in dark mode. Replaced with full-opacity
  text-muted-foreground which passes at 6.16:1 on background and 5.81:1 on card.

- Add dark: overrides for hardcoded Tailwind gray/slate text colors:
  - text-gray-500 → dark:text-gray-400 (4.13:1→7.86:1)
  - text-gray-600 → dark:text-gray-400 (2.64:1→7.86:1)
  - text-slate-500 → dark:text-slate-400 (4.19:1→7.78:1)

Affected components: 25 files across composed, domain, and route layers.

Key contrast ratios (before → after on --background):
  muted-foreground/40:  1.88:1 → 6.16:1
  muted-foreground/50:  2.32:1 → 6.16:1
  muted-foreground/60:  2.85:1 → 6.16:1
  muted-foreground/70:  3.52:1 → 6.16:1
  muted-foreground/80:  4.27:1 → 6.16:1
  gray-500:             4.13:1 → 7.86:1 (via gray-400)
  gray-600:             2.64:1 → 7.86:1 (via gray-400)
  slate-500:            4.19:1 → 7.78:1 (via slate-400)

* feat(i18n): internationalization infrastructure with en/pt-BR/zh-CN/zh-TW (openclaw#11)

- Add react-i18next, i18next, i18next-browser-languagedetector dependencies
- Create i18n setup with language detection, localStorage persistence, en fallback
- Add 4 locale files (en, pt-BR, zh-CN, zh-TW) with ~75 key strings each:
  - common actions (Save, Cancel, Delete, Create, etc.)
  - navigation labels (Home, Conversations, Goals, Memories, etc.)
  - home dashboard greetings and section titles
  - settings section headings and appearance labels
  - error messages
  - agent status labels
- Import i18n initialization in main.tsx (before component tree)
- Integrate useTranslation in 5 key components:
  - Sidebar: all nav labels and section titles
  - AppearanceSection: all labels + language selector with 4 language options
  - HomePage: time-of-day greeting
  - SettingsPage: page title and subtitle
  - YouPage: page title and subtitle
- Language selector in You > Appearance with live switching

* feat(ui): Monaco editor component with lazy loading, fallback textarea, Cmd+S save binding

* fix(build): clear postcss.config.mjs — Tailwind v4 handled by @tailwindcss/vite plugin, not PostCSS

* chore: update pnpm-lock.yaml for @monaco-editor/react dependency

* feat(ui): activity heat map on agent-status route (openclaw#14)

* feat(ui): agent relationship graph visualization (openclaw#13)

- New route /agents/graph with live agent data from gateway
- Parses session key patterns to infer spawn/delegation edges
- ReagraphView integration with custom health-based node coloring
- CSS fallback tree view when reagraph unavailable
- Slide-in detail panel on node click: task, model, tokens, cost, links
- Stats bar: total agents, active count, tokens, cost
- Legend: health colors + spawn edge indicator
- Back link to /agents, 15s auto-refresh
- Added Network icon + Agent Graph link to sidebar Team section
- Removed duplicate Logs entry from Power User section

* feat(ui): chat-driven agent builder at /agents/new (openclaw#15)

- New /agents/new route: conversational interface for agent creation
- Split-panel: chat on left, live config preview on right
- NLP parser: extracts name, role, tags, model, personality from freetext
  - Keyword inference for 8 roles (Monitor, Researcher, Developer, etc.)
  - Domain tag extraction for 15 platforms (github, slack, discord, email, etc.)
  - Model preference detection (opus, haiku, gpt-4, gemini, grok)
  - Personality trait extraction (concise, thorough, friendly, etc.)
- Config preview: flash-highlights fields as they update (framer-motion)
- Tags: editable inline with + input and × remove button
- All fields manually editable in preview panel
- Readiness checklist: name + description = ready to create
- 5 suggested starter prompts (GitHub monitor, research, code review, etc.)
- Animated typing indicator while processing
- useCreateAgent() integration → navigates to agent config after creation
- 'Chat Builder' secondary button added to agents list page header
- Simple markdown renderer for **bold** and `code` in assistant messages

* fix(ui): correct createAgent status field + add Graph View link to agent-status header

- Chat builder: pass required status: 'offline' to createAgent.mutateAsync
  (Agent interface requires status, new agents start offline)
- Agent Status dashboard: add 'Graph View' ghost button linking to /agents/graph
  (natural navigation path from status dashboard → relationship graph)

* chore(ui): remove Next.js 'use client' directives from Vite project

8 files had 'use client' at the top — a Next.js App Router directive that is
meaningless in Vite/React. Strips as dead noise. No behavior change.

* docs: add approvals + milestone feed design doc

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* docs: add approvals + milestone feed implementation plan

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* docs: update plan with tsc-per-task, tests-only-at-end strategy

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(approvals): add ApprovalItem component

* feat(approvals): add ApprovalsQueue with compact/full modes and agent grouping

* feat(approvals): add MilestoneItem and MilestoneDetailPanel

* feat(ui): redesign layout, session view, and nav components

Redesigns the app shell, sidebar, nav items, session workspace, and agent
status pages with updated visual styling. Adds TerminalOverlay component
and updates NewSessionDialog, SessionHeader, and related routes.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(approvals): add MilestoneFeed with date grouping

* feat(approvals): add InboxPanel slide-out with compact approvals + milestones

* feat(approvals): add inbox icon + badge to sidebar

* feat(approvals): add /approvals page with full queue and milestone feed

* docs: add Configure tab redesign design doc

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix(ui): fix calendar icon color, reassign button, pill heights, and arrow styling

- Fix black native calendar picker icon on dark theme with CSS invert filter
- Add prominent Reassign button with UserCog icon to agent assignment card in RitualDetailPanel
- Align date/time content text with label text in schedule info cards (pl-6 indent)
- Normalize execution pill font size to text-xs so Status, Tool Calls, and Token/Cost share the same height
- Reduce TokenCostIndicator padding by 50% (px-3 py-1 → px-1.5 py-0.5)
- Improve arrow button visibility in Recent Executions with muted-foreground color

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* docs: add Configure tab redesign implementation plan

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* refactor(approvals): reuse GoalDetailPanel in MilestoneFeed with highlightMilestoneId prop

* fix(inbox): widen panel to 520px and add Open Inbox link in header

* feat(agents): add embedded prop to AgentConfigPage

* feat(agents): add AgentConfigureTab with nested builder/rituals/tools sub-tabs

* chore(agents): export AgentConfigureTab from barrel

* feat(agents): replace Rituals/Tools/Soul tabs with Configure nested tab panel

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(goals): add Edit button to Goal Details panel with working edit modal

- Add headerActions slot to DetailPanel so callsites can inject title-bar buttons
- Add Edit icon button in GoalDetailPanel title bar (visible without scrolling)
- Remove goal.status !== 'completed' guard so any goal can be edited
- Extend CreateGoalModal with edit mode: initialGoal prop pre-populates all fields,
  milestones preserve original IDs and completion state, title/CTA reflect edit context
- Wire GoalsPage: handleEdit opens the shared modal in edit mode via useUpdateGoal

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* chore(ids): consolidate all UUID generation to uuidv7

Replace crypto.randomUUID() in new.lazy.tsx and the custom generateUUID()
utility in gateway-client.ts with the project-standard uuidv7() from @/lib/ids.
Also convert WebSocket on* property handlers to addEventListener calls and
remove unused Card/CardContent imports surfaced during linting.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(assist): add rituals section prompts to LLMAssistPanel

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(sidebar): increase collapsed icon hit area and nav item spacing

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(agents): lift assist/review state and fix embedded padding in AgentConfigPage

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(agents): lift AI Assist and Auto Review to AgentConfigureTab level

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(agents): edit button navigates to configure tab, persist configureTab in URL

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* chore(agents): remove AgentSoulTab, consolidated into SoulEditor guided mode

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix(ui): follow-ups + ph1 tab config

Follow-ups:
- GoalDetailPanel: add pl-6 indent to Due Date + Created content text
- RitualScheduler: fix dark time input picker icon with CSS invert filter
- RitualDetailPanel: add Trigger quick-action to DetailPanel headerActions slot
- RitualsPage: wire onReassign → RitualAssignDialog (full agent reassignment flow)
- Export RitualAssignDialog + RitualAssignPayload from rituals barrel

Phase 1:
- Add src/config/agent-tabs.ts with AGENT_TABS config, isValidTab(), resolveTab(),
  and TAB_REDIRECTS backwards-compat map for old tab URL params

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(ui): ph5 inheritance system - useInheritanceStore, InheritanceBadge, InheritableField

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(ui): ph2 new tab components - AgentWorkTab, AgentChatTab, WorkSubNav

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(ui): ph4 persona tier system - FeatureGate, usePersonaStore, PersonaTierSection

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(ui): ph3 - wire 5-tab structure into $agentId route

Replaces local AgentDetailTab type with imported type + resolveTab() from
config/agent-tabs.ts. Swaps workstreams tab for work (AgentWorkTab with
WorkSubNav) and adds chat tab (AgentChatTab). Old URL params like
?tab=workstreams and ?tab=rituals are resolved to 'work' via TAB_REDIRECTS.
Section param threaded through for WorkSubNav sub-navigation.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(ui): ph6 - responsive tab triggers and MobileTabNav

Tab triggers now show icon+label stacked on mobile (grid-cols-5) and
side-by-side on sm+. MobileTabNav provides a fixed bottom nav bar on
mobile (hidden sm+) with the same 5-tab structure from AGENT_TABS.
Bottom padding added to page content to prevent overlap with the bar.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* test(agents): update AgentConfigureTab tests for rewritten component

* chore(agents): remove unused filesLoading destructure in AgentConfigureTab

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix(agents): sync AgentConfigureTab sub-tab with URL on back/forward navigation

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* chore(routes): remove orphaned /agents/$agentId/configure full-page route

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(ui): expand command palette - full action vocab + NL intent (task 2)

* feat(ui): live RPC-connected onboarding wizard (task 1)

* test(ui): ph8 unit tests for tab config, stores, and feature gate components

Add vitest setup fixes (in-memory localStorage mock + jsdom URL) to make
zustand persist middleware work in tests, and update usePersonaStore tests
to avoid replace=true state reset that strips action functions.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* feat(ui): visual agent config editor - identity/model/memory/thinking (task 3)

* Add isSlackId function to validate Slack IDs

* Refactor Slack ID validation to use normalizeSlackId

---------

Co-authored-by: Claude Sonnet 4.6 <[email protected]>

…penclaw#19)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

CRITICAL fixes:
- openclaw#1-2: HITL race conditions — _inFlight lock on Telegram + Dashboard API (409 Conflict)
- openclaw#3: Storage JSON.parse crash protection — backup corrupt files + reset to defaults
- openclaw#4: Lead Enrich waterfall — Apollo fallback when FullEnrich fails + email validation
- openclaw#5: Meeting Scheduler — remove hardcoded fallback, require CALCOM_USERNAME env
- openclaw#6: Self-Improve — clamp scoring weights 0-2.0
- openclaw#7: IMAP connection leak — destroy client on connect timeout

HIGH fixes:
- openclaw#8: Resend retry jitter — prevent thundering herd
- openclaw#9: Gmail SMTP circuit breaker per mailbox — 3 errors → 5min cooldown
- openclaw#10: Honeypot list reduced — keep real system addresses only
- openclaw#11: CRM pipeline cache TTL 30min
- openclaw#12: CRM contact dedup — check HubSpot before createContact
- openclaw#13: HubSpot 429 rate limit handling
- openclaw#14: Inbox UID marked AFTER classification (prevent data loss)
- openclaw#15: FlowFast leads cap 5000 with auto-purge
- openclaw#16: Brain action lock — _actionsInFlight Set
- openclaw#17: Self-Improve p-value threshold raised to 20 minimum samples
- openclaw#18: System Advisor disk parsing — numeric GB values
- openclaw#19: Invoice EUR format — fr-FR locale (12,50 €)
- openclaw#20: Draft quality gate — spam words, link check, min length

17 files changed, +248/-38 lines

Co-Authored-By: Claude Opus 4.6 <[email protected]>

Add the following audit findings:
- gateway.token_no_expiry (T-PERSIST-004)
- fs.config.inside_git_repo (T-ACCESS-003)
- env.dangerous_vars_set (T-DISC-004)
- tools.web_fetch.no_url_allowlist (T-EXFIL-001)
- gateway.no_message_rate_limit (T-IMPACT-002)

17 new tests, 91 existing tests pass (0 regressions).

Fixes openclaw#16, openclaw#17, openclaw#18, openclaw#19, openclaw#20

MOYENS (16):
- openclaw#1 generateReactiveFollowUp maxLength string vs number — aligne sur string
- openclaw#2 Multi-threading mort — filtre sur mappedLeads (avec score) au lieu de result.leads
- openclaw#3 _checkEmailSpecificity null safety — (prospectIntel || '').match()
- openclaw#4 totalContacts pre-dedup — utilise addedCount
- openclaw#5 Bounces tous hard_bounce — distinction soft/hard, soft = retry pas blacklist
- openclaw#8 _isSystemEmail includes() trop large — exact match + prefix patterns
- openclaw#10 sendBatch bypass warmup — recordSend dans domain-manager apres chaque envoi
- openclaw#11 Domain manager parsing ':' dans password — split limite a 4 segments
- openclaw#12 prospectDomains jamais nettoye — cleanup LRU max 2000 entries
- openclaw#13 trackNicheEvent('clicked') ignore — ajout compteur clicked
- openclaw#14 apStorage.getLeads() inexistant — utilise automailer storage.getEmails()
- openclaw#25 Interval HITL drafts jamais cleared — clearInterval dans gracefulShutdown

FAIBLES (9):
- openclaw#17 Retry skip prompt 25-35 mots → aligne sur 50-65 mots 4-blocs
- openclaw#18 _scoreAndFilter gate 60 mots → 80 mots (coherent avec prompts)
- openclaw#19 "curieux d'avoir ton retour" autorise dans follow-ups → remplace
- openclaw#20 seniorities priorite inversee → brain > config
- openclaw#21 data.growth jamais active → detecte via employee count + multi-country
- openclaw#23 Fallback plan non-pondere → utilise icp-loader.getNicheForCycle()
- campaign-engine: double updateEmailStatus pour opened → supprime appel redondant

Co-Authored-By: Claude Opus 4.6 <[email protected]>

…t-ui

feat: add auth, billing, and chat UI (Phases 1-4)

Merges 33 commits from work branch:
- WhatsApp login tool HTTP invoke (openclaw#21/openclaw#25)
- Audio inbound transcription for webchat (openclaw#21)
- TTS audio playback in chat (openclaw#22)
- /media endpoint for audio/image serving (openclaw#19)
- image_generate tool with Gemini (openclaw#20)
- imageReady/mediaReady event pipeline (openclaw#22)
- Chat.send internal routing simplification (openclaw#23)
- Silent reply filter removal (openclaw#24)
- ThinkingDefault shortcut (openclaw#26)

Conflict resolution:
- patches/README.md: unified numbering (our #2-18 + his openclaw#19-26)
- patches/verify-patches.sh: combined both check sets (24 total)
- server-methods/chat.ts: used work version as base (has media pipeline),
  route resolution removal from openclaw#23 is intentional for webchat

Build: clean. Patches: 24/24 passing.

Co-authored-by: Bob

Task openclaw#17: Scientific paper — 'Neural Preference Learning: Real-Time
Spiking Network Augmentation for Persistent LLM Agent Adaptation'
- 9 sections: intro, related work, architecture, methodology,
  implementation, evaluation framework, discussion, future work
- 11 academic references (RLHF, SNNs, MemGPT, cognitive architectures)
- Comparison tables (NPL vs RLHF vs MemGPT)
- Biological inspiration from Drosophila connectome

Task openclaw#18: Dedicated GitHub repo content (neural-preference-learning/)
- README with architecture diagram, feature table, citation
- Reference code: feature encoder, feedback detector, brain engine excerpt
- Example: basic feedback loop demonstration
- CITATION.cff, MIT License

Task openclaw#15: Neural Learning UI tab in Config page
Task openclaw#16: neural-feedback skill (SKILL.md)
Task openclaw#19: All changes mirrored to patch/files/

Implements openclaw#19 and openclaw#20 with runtime model-override application + verification tests.

…aw#19)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack): force threaded replies for direct messages

…aw#19)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack): force threaded replies for direct messages

…nclaw#29)

* Plugins/llm-task: migrate to scoped plugin-sdk imports

* Plugins/lobster: migrate to scoped plugin-sdk imports

* Plugins/matrix: migrate to scoped plugin-sdk imports

* Plugins/mattermost: migrate to scoped plugin-sdk imports

* Plugins/memory-core: migrate to scoped plugin-sdk imports

* Plugins/memory-lancedb: migrate to scoped plugin-sdk imports

* Plugins/minimax-portal-auth: migrate to scoped plugin-sdk imports

* Plugins/msteams: migrate to scoped plugin-sdk imports

* Plugins/nextcloud-talk: migrate to scoped plugin-sdk imports

* Plugins/nostr: migrate to scoped plugin-sdk imports

* Plugins/open-prose: migrate to scoped plugin-sdk imports

* Plugins/phone-control: migrate to scoped plugin-sdk imports

* Plugins/qwen-portal-auth: migrate to scoped plugin-sdk imports

* Plugins/synology-chat: migrate to scoped plugin-sdk imports

* Plugins/talk-voice: migrate to scoped plugin-sdk imports

* Plugins/test-utils: migrate to scoped plugin-sdk imports

* Plugins/thread-ownership: migrate to scoped plugin-sdk imports

* Plugins/tlon: migrate to scoped plugin-sdk imports

* Plugins/twitch: migrate to scoped plugin-sdk imports

* Plugins/voice-call: migrate to scoped plugin-sdk imports

* Plugins/whatsapp: migrate to scoped plugin-sdk imports

* Plugins/zalo: migrate to scoped plugin-sdk imports

* Plugins/zalouser: migrate to scoped plugin-sdk imports

* Chore: remove accidental .DS_Store artifact

* chore(docs): add plugins refactor changelog entry

* feat(ios): add Live Activity connection status + stale cleanup (#33591)

* feat(ios): add live activity connection status and cleanup

Add lock-screen/Dynamic Island connection health states and prune duplicate/stale activities before reuse. This intentionally excludes AI/title generation and heavier UX rewrites from #27488.

Co-authored-by: leepokai <[email protected]>

* fix(ios): treat ended live activities as inactive

* chore(changelog): add PR reference and author thanks

---------

Co-authored-by: leepokai <[email protected]>

* fix: kill stuck ACP child processes on startup and harden sessions in discord threads (#33699)

* Gateway: resolve agent.wait for chat.send runs

* Discord: harden ACP thread binding + listener timeout

* ACPX: handle already-exited child wait

* Gateway/Discord: address PR review findings

* Discord: keep ACP error-state thread bindings on startup

* gateway: make agent.wait dedupe bridge event-driven

* discord: harden ACP probe classification and cap startup fan-out

* discord: add cooperative timeout cancellation

* discord: fix startup probe concurrency helper typing

* plugin-sdk: avoid Windows root-alias shard timeout

* plugin-sdk: keep root alias reflection path non-blocking

* discord+gateway: resolve remaining PR review findings

* gateway+discord: fix codex review regressions

* Discord/Gateway: address Codex review findings

* Gateway: keep agent.wait lifecycle active with shared run IDs

* Discord: clean up status reactions on aborted runs

* fix: add changelog note for ACP/Discord startup hardening (#33699) (thanks @dutifulbob)

---------

Co-authored-by: Onur <[email protected]>

* fix: relay ACP sessions_spawn parent streaming (#34310) (thanks @vincentkoc) (#34310)

Co-authored-by: Onur Solmaz <[email protected]>

* fix(telegram): materialize dm draft final to avoid duplicates

* docs(changelog): credit @Brotherinlaw-13 for #34318

* fix: prevent nodes media base64 context bloat (#34332)

* fix: preserve raw media invoke for HTTP tool clients (#34365)

* fix(slack): route system events to bound agent sessions (#34045)

* fix(slack): route system events via binding-aware session keys

* fix(slack): pass sender to system event session resolver

* fix(slack): include sender context for interaction session routing

* fix(slack): include modal submitter in session routing

* test(slack): cover binding-aware system event routing

* test(slack): update interaction session key assertions

* test(slack): assert reaction session routing carries sender

* docs(changelog): note slack system event routing fix

* Update CHANGELOG.md

* Delete changelog/fragments directory

* fix(memory): serialize local embedding initialization to avoid duplicate model loads (#15639)

Merged via squash.

Prepared head SHA: a085fc21a8ba7163fffdb5de640dd4dc1ff5a88e
Co-authored-by: SubtleSpark <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(model): propagate custom provider headers to model objects (#27490)

Merged via squash.

Prepared head SHA: e4183b398fc7eb4c18b2b691cb0dd882ec993608
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(daemon): handle systemctl is-enabled exit 4 (not-found) on Ubuntu (#33634)

Merged via squash.

Prepared head SHA: 67dffc3ee239cd7b813cb200c3dd5475d9e203a6
Co-authored-by: Yuandiaodiaodiao <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(node-host): sync rawCommand with hardened argv after executable path pinning (#33137)

Merged via squash.

Prepared head SHA: a7987905f7ad6cf5fee286ffa81ceaad8297174f
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* Agents: add generic poll-vote action support

* fix(ollama): pass provider headers to Ollama stream function (#24285)

createOllamaStreamFn() only accepted baseUrl, ignoring custom headers
configured in models.providers.<provider>.headers. This caused 403
errors when Ollama endpoints are behind reverse proxies that require
auth headers (e.g. X-OLLAMA-KEY via HAProxy).

Add optional defaultHeaders parameter to createOllamaStreamFn() and
merge them into every fetch request. Provider headers from config are
now passed through at the call site in the embedded runner.

Fixes #24285

* test(ollama): add default header precedence coverage

* chore(changelog): add PR entry openclaw#24337 thanks @echoVic

* Outbound: allow text-only plugin adapters

* Outbound: avoid empty multi-media fallback sends

* chore(changelog): align outbound adapter entry openclaw#32788 thanks @liuxiaopai-ai

* fix(outbound): fail media-only text-only adapter fallback

* chore(changelog): clarify outbound media-only fallback openclaw#32788 thanks @liuxiaopai-ai

* fix(review): enforce behavioral sweep validation

* Fix gateway restart false timeouts on Debian/systemd (#34874)

* daemon(systemd): target sudo caller user scope

* test(systemd): cover sudo user scope commands

* infra(ports): fall back to ss when lsof missing

* test(ports): verify ss fallback listener detection

* cli(gateway): use probe fallback for restart health

* test(gateway): cover restart-health probe fallback

* Compaction/Safeguard: require structured summary headings (#25555)

Merged via squash.

Prepared head SHA: 0b1df34806a7b788261290be55760fd89220de53
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Fix Linux daemon install checks when systemd user bus env is missing (#34884)

* daemon(systemd): fall back to machine user scope when user bus is missing

* test(systemd): cover machine scope fallback for user-bus errors

* test(systemd): reset execFile mock state across cases

* test(systemd): make machine-user fallback assertion portable

* fix(daemon): keep root sudo path on direct user scope

* test(systemd): cover sudo root user-scope behavior

* ci: use resolvable bun version in setup-node-env

* agents: preserve totalTokens on request failure instead of using contextWindow (#34275)

Merged via squash.

Prepared head SHA: f9d111d0a79a07815d476356e98a28df3a0000ba
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix: align AGENTS.md template section names with post-compaction extraction (#25029) (#25098)

Merged via squash.

Prepared head SHA: 8cd6cc8049aab5a94d8a9d5fb08f2e792c4ac5fd
Co-authored-by: echoVic <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Changelog: add daemon systemd user-bus fallback entry (#34884)

* Changelog: add gateway restart health entry (#34874)

* fix: finalize spanish locale support

* fix: add spanish locale support (#35038) (thanks @DaoPromociones)

* fix(deps): patch hono transitive audit vulnerabilities

* fix(security): avoid prototype-chain account path checks (#34982)

Merged via squash.

Prepared head SHA: f89cc6a649959997fe1dec1e1c1bff9a61b2de98
Co-authored-by: HOYALIM <[email protected]>
Co-authored-by: dvrshil <[email protected]>
Reviewed-by: @dvrshil

* fix(deps): bump tar to 7.5.10

* docs(changelog): document dependency security fixes

* fix: restore auto-reply system events timeline (#34794) (thanks @anisoptera) (#34794)

Co-authored-by: Ayaan Zaidi <[email protected]>

* fix(feishu): comprehensive reply mechanism — outbound replyToId forwarding + topic-aware reply targeting (#33789)

* fix(feishu): comprehensive reply mechanism fix — outbound replyToId forwarding + topic-aware reply targeting

- Forward replyToId from ChannelOutboundContext through sendText/sendMedia
  to sendMessageFeishu/sendMarkdownCardFeishu/sendMediaFeishu, enabling
  reply-to-message via the message tool.

- Fix group reply targeting: use ctx.messageId (triggering message) in
  normal groups to prevent silent topic thread creation (#32980). Preserve
  ctx.rootId targeting for topic-mode groups (group_topic/group_topic_sender)
  and groups with explicit replyInThread config.

- Add regression tests for both fixes.

Fixes #32980
Fixes #32958
Related #19784

* fix: normalize Feishu delivery.to before comparing with messaging tool targets

- Add normalizeDeliveryTarget helper to strip user:/chat: prefixes for Feishu
- Apply normalization in matchesMessagingToolDeliveryTarget before comparison
- This ensures cron duplicate suppression works when session uses prefixed targets
  (user:ou_xxx) but messaging tool extract uses normalized bare IDs (ou_xxx)

Fixes review comment on PR #32755

(cherry picked from commit fc20106f16ccc88a5f02e58922bb7b7999fe9dcd)

* fix(feishu): catch thrown SDK errors for withdrawn reply targets

The Feishu Lark SDK can throw exceptions (SDK errors with .code or
AxiosErrors with .response.data.code) for withdrawn/deleted reply
targets, in addition to returning error codes in the response object.

Wrap reply calls in sendMessageFeishu and sendCardFeishu with
try-catch to handle thrown withdrawn/not-found errors (230011,
231003) and fall back to client.im.message.create, matching the
existing response-level fallback behavior.

Also extract sendFallbackDirect helper to deduplicate the
direct-send fallback block across both functions.

Closes #33496

(cherry picked from commit ad0901aec103a2c52f186686cfaf5f8ba54b4a48)

* feishu: forward outbound reply target context

(cherry picked from commit c129a691fcf552a1cebe1e8a22ea8611ffc3b377)

* feishu extension: tighten reply target fallback semantics

(cherry picked from commit f85ec610f267020b66713c09e648ec004b2e26f1)

* fix(feishu): align synthesized fallback typing and changelog attribution

* test(feishu): cover group_topic_sender reply targeting

---------

Co-authored-by: Xu Zimo <[email protected]>
Co-authored-by: Munem Hashmi <[email protected]>
Co-authored-by: bmendonca3 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(feishu): use msg_type media for mp4 video (fixes #33674) (#33720)

* fix(feishu): use msg_type media for mp4 video (fixes #33674)

* Feishu: harden streaming merge semantics and final reply dedupe

Use explicit streaming update semantics in the Feishu reply dispatcher:
treat onPartialReply payloads as snapshot updates and block fallback payloads
as delta chunks, then merge final text with the shared overlap-aware
mergeStreamingText helper before closing the stream.

Prevent duplicate final text delivery within the same dispatch cycle, and add
regression tests covering overlap snapshot merge, duplicate final suppression,
and block-as-delta behavior to guard against repeated/truncated output.

* fix(feishu): prefer message.reply for streaming cards in topic threads

* fix: reduce Feishu streaming card print_step to avoid duplicate rendering

Fixes openclaw/openclaw#33751

* Feishu: preserve media sends on duplicate finals and add media synthesis changelog

* Feishu: only dedupe exact duplicate final replies

* Feishu: use scoped plugin-sdk import in streaming-card tests

---------

Co-authored-by: 倪汉杰0668001185 <[email protected]>
Co-authored-by: zhengquanliu <[email protected]>
Co-authored-by: nick <[email protected]>
Co-authored-by: linhey <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): bypass pendingDescendantRuns guard for cron announce delivery (#35185)

* fix(agents): bypass pendingDescendantRuns guard for cron announce delivery

Standalone cron job completions were blocked from direct channel delivery
when the cron run had spawned subagents that were still registered as
pending. The pendingDescendantRuns guard exists for live orchestration
coordination and should not apply to fire-and-forget cron announce sends.

Thread the announceType through the delivery chain and skip both the
child-descendant and requester-descendant pending-run guards when the
announce originates from a cron job.

Closes #34966

* fix: ensure outbound session entry for cron announce with named agents (#32432)

Named agents may not have a session entry for their delivery target,
causing the announce flow to silently fail (delivered=false, no error).

Two fixes:
1. Call ensureOutboundSessionEntry when resolving the cron announce
   session key so downstream delivery can find channel metadata.
2. Fall back to direct outbound delivery when announce delivery fails
   to ensure cron output reaches the target channel.

Closes #32432

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* fix: guard announce direct-delivery fallback against suppression leaks (#32432)

The `!delivered` fallback condition was too broad — it caught intentional
suppressions (active subagents, interim messages, SILENT_REPLY_TOKEN) in
addition to actual announce delivery failures.  Add an
`announceDeliveryWasAttempted` flag so the direct-delivery fallback only
fires when `runSubagentAnnounceFlow` was actually called and failed.

Also remove the redundant `if (route)` guard in
`resolveCronAnnounceSessionKey` since `resolved` being truthy guarantees
`route` is non-null.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* fix(cron): harden announce synthesis follow-ups

---------

Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* Feishu: harden streaming merge semantics and final reply dedupe (#33245)

* Feishu: close duplicate final gap and cover routing precedence

* Feishu: resolve reviewer duplicate-final and routing feedback

* Feishu: tighten streaming send-mode option typing

* Feishu: fix reverse-overlap streaming merge ordering

* Feishu: align streaming final dedupe test expectation

* Feishu: allow distinct streaming finals while deduping repeats

---------

Co-authored-by: Tak Hoffman <[email protected]>

* fix: cron backup should preserve pre-edit snapshot (#35195) (#35234)

* fix(cron): avoid overwriting .bak during normalization

Fixes openclaw/openclaw#35195

* test(cron): preserve pre-edit bak snapshot in normalization path

---------

Co-authored-by: 0xsline <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(cron): stabilize restart catch-up replay semantics (#35351)

* Cron: stabilize restart catch-up replay semantics

* Cron: respect backoff in startup missed-run replay

* cron: narrow startup replay backoff guard (#35391)

* cron: unify stale-run recovery and preserve manual-run every anchors (#35363)

* cron: unify stale-run recovery and preserve manual every anchors

* cron: address unresolved review threads on recovery paths

* cron: remove duplicate timestamp helper after rebase

* refactor(telegram): remove unused webhook callback helper (#27816)

* fix(pr): make review claim step required

* fix(skills): deduplicate slash commands by skillName across all interfaces

Move skill-command deduplication by skillName from the Discord-only
`dedupeSkillCommandsForDiscord` into `listSkillCommandsForAgents` so
every interface (TUI, Slack, text) consistently sees a clean command
list without platform-specific workarounds.

When multiple agents share a skill with the same name the old code
emitted `github` + `github_2` and relied on Discord to collapse them.
Now `listSkillCommandsForAgents` returns only the first registration
per skillName, and the Discord-specific wrapper is removed.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* style: fix formatting in skill-commands.test.ts and provider.ts

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* style(skills): align formatting cleanup for dedupe changes

* chore(changelog): add dedupe note openclaw#27521 thanks @shivama205

* fix(agents): detect Venice provider proxying xAI/Grok models for schema cleaning (#35355)

Merged via squash.

Prepared head SHA: 8bfdec257bb6a6025cb69a0a213a433da32b15db
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(agents): decode HTML entities in xAI/Grok tool call arguments (#35276)

Merged via squash.

Prepared head SHA: c4445d2938898ded9c046614f9315dbda65ec573
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(agents): guard promoteThinkingTagsToBlocks against malformed content entries (#35143)

Merged via squash.

Prepared head SHA: 3971122f5fd27c66c8c9c5ce783f00e113b1f47b
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(web-ui): render Accounts schema node properly (#35380)

Co-authored-by: stakeswky <[email protected]>
Co-authored-by: liuxiaopai-ai <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): guard context pruning against malformed thinking blocks (#35146)

Merged via squash.

Prepared head SHA: a196a565b1b8e806ffbf85172bcf1128796b45a2
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(gateway): prevent internal route leakage in chat.send

Synthesis of routing fixes from #35321, #34635, and #35356 for internal-client reply safety.

- Require explicit `deliver: true` before inheriting any external delivery route.
- Keep webchat/TUI/UI-origin traffic on internal routing by default.
- Allow configured-main session inheritance only for non-Webchat/UI clients, and honor `session.mainKey`.
- Add regression tests for UI no-inherit, configured-main CLI inherit, and deliver-flag behavior.

Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Linux2010 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(gateway): pass actual version to Control UI client instead of dev (#35230)

* fix(gateway): pass actual version to Control UI client instead of "dev"

The GatewayClient, CLI WS client, and browser Control UI all sent
"dev" as their clientVersion during handshake, making it impossible
to distinguish builds in gateway logs and health snapshots.

- GatewayClient and CLI WS client now use the resolved VERSION constant
- Control UI reads serverVersion from the bootstrap endpoint and
  forwards it when connecting
- Bootstrap contract extended with serverVersion field

Closes #35209

* Gateway: fix control-ui version version-reporting consistency

* Control UI: guard deferred bootstrap connect after disconnect

* fix(ui): accept same-origin http and relative gateway URLs for client version

---------

Co-authored-by: Tak Hoffman <[email protected]>

* chore(pr): enforce changelog placement and reduce merge sync churn

* TTS: add baseUrl support to OpenAI TTS config (#34321)

Merged via squash.

Prepared head SHA: e9a10cf81d2021cf81091dfa81e13ffdbb6a540a
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* ACP: add persistent Discord channel and Telegram topic bindings (#34873)

* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <[email protected]>

* docs(telegram): recommend allowlist for single-user DM policy (#34841)

* docs(telegram): recommend allowlist for single-user bots

* docs(telegram): condense single-user allowlist note

---------

Co-authored-by: echoVic <[email protected]>

* fix(feishu): check response.ok before calling response.json() in streaming card (#35628)

Merged via squash.

Prepared head SHA: 62c3fec80d97cea9be344c0bef5358a0a5dc5560
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Mattermost: honor onmessage mention override and add gating diagnostics tests (#27160)

Merged via squash.

Prepared head SHA: 6cefb1d5bf3d6dfcec36c1cee3f9ea887f10c890
Co-authored-by: turian <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(subagents): strip leaked [[reply_to]] tags from completion announces (#34503)

* fix(subagents): strip reply tags from completion delivery text

* test(subagents): cover reply-tag stripping in cron completion sends

* changelog: note iMessage reply-tag stripping in completion announces

* Update CHANGELOG.md

* Apply suggestion from @greptile-apps[bot]

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* fix(cron): restore direct fallback after announce failure in best-effort mode (openclaw#36177)

Verified:
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <[email protected]>

* test(cron): add cross-channel announce fallback regression coverage (openclaw#36197)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <[email protected]>

* feat(mattermost): add interactive buttons support (#19957)

Merged via squash.

Prepared head SHA: 8a25e608729d0b9fd07bb0ee4219d199d9796dbe
Co-authored-by: tonydehnke <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(browser): remove deprecated --disable-blink-features=AutomationControlled flag

- Removes OpenClaw's default `--disable-blink-features=AutomationControlled` Chrome launch switch to avoid unsupported-flag warnings in newer Chrome (#35721).
- Preserves compatibility for older Chrome via `browser.extraArgs` override behavior (source analysis: #35770, #35728, #35727, #35885).
- Synthesis attribution: thanks @Sid-Qin, @kevinWangSheng, @ningding97, @Naylenv, @clawbie.

Source PR refs: #35734, #35770, #35728, #35727, #35885

Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: kevinWangSheng <[email protected]>
Co-authored-by: ningding97 <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: clawbie <[email protected]>
Co-authored-by: Takhoffman <[email protected]>

* fix(feishu): add HTTP timeout to prevent per-chat queue deadlocks (#36430)

When the Feishu API hangs or responds slowly, the sendChain never settles,
causing the per-chat queue to remain in a processing state forever and
blocking all subsequent messages in that thread. This adds a 30-second
default timeout to all Feishu HTTP requests by providing a timeout-aware
httpInstance to the Lark SDK client.

Closes #36412

Co-authored-by: Ayane <[email protected]>

* fix(feishu): use probed botName for mention checks (#36391)

* Feishu: honor bot mentions by ID despite aliases (Fixes #36317) (#36333)

* Mattermost: switch plugin-sdk imports to scoped subpaths (openclaw#36480)

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(feishu): accept groupPolicy "allowall" as alias for "open" (#36358)

* fix(feishu): accept groupPolicy "allowall" as alias for "open"

When users configure groupPolicy: "allowall" in Feishu channel config,
the Zod schema rejects the value and the runtime policy check falls
through to the allowlist path.  With an empty allowFrom array, all group
messages are silently dropped despite the intended "allow all" semantics.

Accept "allowall" at the schema level (transform to "open") and add a
runtime guard in isFeishuGroupAllowed so the value is handled even if it
bypasses schema validation.

Closes #36312

Made-with: Cursor

* Feishu: tighten allowall alias handling and coverage

---------

Co-authored-by: Tak Hoffman <[email protected]>

* synthesis: fix Feishu group mention slash parsing

## Summary\n\nFeishu group slash command parsing is fixed for mentions and command probes across authorization paths.\n\nThis includes:\n- Normalizing bot mention text in group context for reliable slash detection in message parsing.\n- Adding command-probe normalization for group slash invocations.\n\nCo-authored-by: Sid Qin <[email protected]>\nCo-authored-by: Tak Hoffman <[email protected]>

* Feishu: normalize group slash command probing

- Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands are recognized in group routing.\n- Source PR: #36011\n- Contributor: @liuxiaopai-ai\n\nCo-authored-by: Tak Hoffman <[email protected]>\nCo-authored-by: liuxiaopai-ai <[email protected]>

* add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177)

Merged via squash.

Prepared head SHA: d9a2869ad69db9449336a2e2846bd9de0e647ac6
Co-authored-by: maweibin <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(feishu): avoid media regressions from global HTTP timeout (#36500)

* fix(feishu): avoid media regressions from global http timeout

* fix(feishu): source HTTP timeout from config

* fix(feishu): apply media timeout override to image uploads

* fix(feishu): invalidate cached client when timeout changes

* fix(feishu): clamp timeout values and cover image download

* Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094)

* fix(embedded): classify model_context_window_exceeded as context overflow, trigger compaction (#35934)

Merged via squash.

Prepared head SHA: 20fa77289c80b2807a6779a3df70440242bc18ca
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(agents): skip compaction API call when session has no real messages (#36451)

Merged via squash.

Prepared head SHA: 52dd6317895c7bd10855d2bd7dbbfc2f5279b68e
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(ui): catch marked.js parse errors to prevent Control UI crash (#36445)

- Prevent Control UI session render crashes when `marked.parse()` encounters pathological recursive markdown by safely falling back to escaped `<pre>` output.
- Tighten markdown fallback regression coverage and keep changelog attribution in sync for this crash-hardening path.

Co-authored-by: Bin Deng <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(session): archive old transcript on daily/scheduled reset to prevent orphaned files (#35493)

Merged via squash.

Prepared head SHA: 0d95549d752adecfc0b08d5cd55a8b8c75e264fe
Co-authored-by: byungsker <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(agents): set preserveSignatures to isAnthropic in resolveTranscriptPolicy (#32813)

Merged via squash.

Prepared head SHA: f522d21ca59a42abac554435a0aa646f6a34698d
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix: avoid false global rate-limit classification from generic cooldown text (#32972)

Merged via squash.

Prepared head SHA: 813c16f5afce415da130a917d9ce9f968912b477
Co-authored-by: stakeswky <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* refactor(agents): share failover HTTP status classification (#36615)

* fix(agents): classify transient failover statuses consistently

* fix(agents): preserve legacy failover status mapping

* fix(failover): narrow service-unavailable to require overload indicator (#32828) (#36646)

Merged via squash.

Prepared head SHA: 46fb4306127972d7635f371fd9029fbb9baff236
Co-authored-by: jnMetaCode <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* Compaction/Safeguard: add summary quality audit retries (#25556)

Merged via squash.

Prepared head SHA: be473efd1635616ebbae6e649d542ed50b4a827f
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* test(agents): add provider-backed failover regressions (#36735)

* test(agents): add provider-backed failover fixtures

* test(agents): cover more provider error docs

* test(agents): tighten provider doc fixtures

* Docs: add Slack typing reaction fallback

* Docs: update gateway config reference for Slack and TTS

* Docs: clarify OpenAI-compatible TTS endpoints

* Docs: document Control UI locale support

* Docs: cover heartbeat, cron, and plugin route updates

* fix(ui): bump dompurify to 3.3.2 (#36781)

* UI: bump dompurify to 3.3.2

* Deps: refresh dompurify lockfile

* UI: hoist lifecycle connect test mocks (#36788)

* fix(agents): classify insufficient_quota 400s as billing (#36783)

* feat: append UTC time alongside local time in shared Current time lines (#32423)

Merged via squash.

Prepared head SHA: 9e8ec13933b5317e7cff3f0bc048de515826c31a
Co-authored-by: jriff <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(config): prevent RangeError in merged schema cache key generation

Fix merged schema cache key generation for high-cardinality plugin/channel metadata by hashing incrementally instead of serializing one large aggregate string.

Includes changelog entry for the user-visible regression fix.

Co-authored-by: Tak Hoffman <[email protected]>
Co-authored-by: Bill <[email protected]>

* fix(slack): propagate mediaLocalRoots through Slack send path

Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain.

- pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction`
- add and forward `mediaLocalRoots` in Slack action context/send path
- pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement
- add changelog entry with attribution for this behavior fix

Co-authored-by: 2233admin <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(slack): preserve dedupe while recovering dropped app_mention (#34937)

This PR fixes Slack mention loss without reintroducing duplicate dispatches.

- Preserve seen-message dedupe at ingress to prevent duplicate processing.
- Allow a one-time app_mention retry only when the paired message event was previously dropped before dispatch.
- Add targeted race tests for both recovery and duplicate-prevention paths.

Co-authored-by: littleben <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* README: add algal to contributors list (#2046)

* fix: decouple Discord inbound worker timeout from listener timeout (#36602) (thanks @dutifulbob) (#36602)

Co-authored-by: Onur Solmaz <[email protected]>

* plugins: enforce prompt hook policy with runtime validation (#36567)

Merged via squash.

Prepared head SHA: 6b9d883b6ae33628235fb02ce39c0d0f46a065bb
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(memory): avoid destructive qmd collection rebinds

* Harden Telegram poll gating and schema consistency (#36547)

Merged via squash.

Prepared head SHA: f77824419e3d166f727474a9953a063a2b4547f2
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(browser): close tracked tabs on session cleanup (#36666)

* Diffs: restore system prompt guidance (#36904)

Merged via squash.

Prepared head SHA: 1b3be3c87957c068473d5c86b9efba4a1a8503f2
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(routing): avoid full binding rescans in resolveAgentRoute (#36915)

* fix(gateway): honor insecure ws override for remote hostnames

* fix(llm-task): load runEmbeddedPiAgent from dist/extensionAPI in installs

* fix(auth): harden openai-codex oauth login path

* feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing (#36683)

* fix(acp): normalize unicode flags and Telegram topic binding

* feat(telegram/acp): restore topic-bound ACP and session bindings

* fix(acpx): clarify permission-denied guidance

* feat(telegram/acp): pin spawn bind notice in topics

* docs(telegram): document ACP topic thread binding behavior

* refactor(reply): share Telegram conversation-id resolver

* fix(telegram/acp): preserve bound session routing semantics

* fix(telegram): respect binding persistence and expiry reporting

* refactor(telegram): simplify binding lifecycle persistence

* fix(telegram): bind acp spawns in direct messages

* fix: document telegram ACP topic binding changelog (#36683) (thanks @huntharo)

---------

Co-authored-by: Onur <[email protected]>

* fix(gateway): preserve streamed prefixes across tool boundaries

* fix(tui): prevent stale model indicator after /model

* Memory: handle SecretRef keys in doctor embeddings (#36835)

Merged via squash.

Prepared head SHA: c1a3d0caae60115d886e8bfc9983c9533c773f04
Co-authored-by: joshavant <[email protected]>
Co-authored-by: joshavant <[email protected]>
Reviewed-by: @joshavant

* fix(openai-codex): request required oauth api scopes (#24720)

* fix(memory-flush): ban timestamped variant files in default flush prompt (#34951)

Merged via squash.

Prepared head SHA: efadda4988b460e6da07be72994d4951d64239d0
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(tui): render final event error when assistant output is empty (#14687)

* feat(agents): flush reply pipeline before compaction wait (#35489)

Merged via squash.

Prepared head SHA: 7dbbcc510b74b0e8d35eb750d24575e34b5d769a
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(secrets): harden api key normalization for ByteString headers

* fix(slack): remove double mrkdwn conversion in native streaming path

Remove redundant text normalization from Slack native streaming markdown_text flow so Markdown formatting is preserved.

Synthesis context: overlaps reviewed from #34931, #34759, #34716, #34682, #34814.

Co-authored-by: littleben <[email protected]>
Co-authored-by: dunamismax <[email protected]>
Co-authored-by: Octane <[email protected]>
Co-authored-by: Mitsuyuki Osabe <[email protected]>
Co-authored-by: Kai <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(kimi-coding): normalize anthropic tool payload format

* fix(slack): thread channel ID through inbound context for reactions (#34831)

Slack reaction/thread context routing fixes via canonical synthesis of #34831.

Co-authored-by: Tak <[email protected]>

* fix(heartbeat): pin HEARTBEAT.md reads to workspace path

* fix(subagents): recover announce cleanup after kill/complete race

* feat(hooks): emit compaction lifecycle hooks (#16788)

* fix(auth): harden openai-codex oauth refresh fallback

* fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry (#35080)

Thanks @tyler6204

* fix(agents): avoid synthetic tool-result writes on idle-timeout cleanup

* fix(agent): harden undici stream timeouts for long openai-completions runs

* fix(slack): record app_mention retry key before dedupe check (#37033)

- Prime app_mention retry allowance before dedupe so near-simultaneous message/app_mention races do not drop valid mentions.
- Prevent duplicate dispatch when app_mention wins the race and message prepare later succeeds.
- Prune dispatched mention keys and add regression coverage for both dropped and successful in-flight message outcomes.

Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): honor explicit rate-limit cooldown probes in fallback runs

* fix(agents): allow configured ollama endpoints without dummy api keys

* fix(memory): recover qmd updates from duplicate document constraints

* Doctor: warn on implicit heartbeat directPolicy (#36789)

* Changelog: note heartbeat directPolicy doctor warning

* Tests: cover heartbeat directPolicy doctor warning

* Doctor: warn on implicit heartbeat directPolicy

* Tests: cover per-agent heartbeat directPolicy warning

* Update CHANGELOG.md

* Plugins: clarify registerHttpHandler migration errors (#36794)

* Changelog: note plugin HTTP route migration diagnostics

* Tests: cover registerHttpHandler migration diagnostics

* Plugins: clarify registerHttpHandler migration errors

* Tests: cover registerHttpHandler diagnostic edge cases

* Plugins: tighten registerHttpHandler migration hint

* fix(memory): repair qmd collection name conflicts during ensure

* fix(memory): handle qmd search results without docid

* Plugins: avoid false integrity drift prompts on unpinned updates (#37179)

* Plugins: skip drift prompts for unpinned updates

* Plugins: cover unpinned integrity update behavior

* Changelog: add #37179 release note

* Delete changelog/fragments directory

* Update CHANGELOG.md

* fix(whatsapp): remove implicit [openclaw] self-chat prefix

* fix: remove config.schema from agent gateway tool (#7382)

Merged via squash.

Prepared head SHA: f34a7780690a941936b31899e2d096b8a07f4afc
Co-authored-by: kakuteki <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* feat(openai): add gpt-5.4 support for API and Codex OAuth (#36590)

* feat(openai): add gpt-5.4 support and priority processing

* feat(openai-codex): add gpt-5.4 oauth support

* fix(openai): preserve provider overrides in gpt-5.4 fallback

* fix(openai-codex): keep xhigh for gpt-5.4 default

* fix(models): preserve configured overrides in list output

* fix(models): close gpt-5.4 integration gaps

* fix(openai): scope service tier to public api

* fix(openai): complete prep followups for gpt-5.4 support (#36590) (thanks @dorukardahan)

---------

Co-authored-by: Tyler Yust <[email protected]>

* fix(tui): preserve credential-like tokens in render sanitization

* CLI: make read-only SecretRef status flows degrade safely (#37023)

* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics

* chore(changelog): update for #37023

Signed-off-by: joshavant <[email protected]>

* fix(agents): disable usage streaming chunks on non-native openai-completions

* feat(nano-banana-pro): add --aspect-ratio flag to generate_image.py (#28159)

* feat(nano-banana-pro): add --aspect-ratio flag to generate_image.py

* Nano Banana: allow all supported aspect ratios

* Docs: expand nano banana aspect ratio options

---------

Co-authored-by: Vincent Koc <[email protected]>

* fix(gateway): support image_url in OpenAI chat completions (#34068)

* fix(gateway): parse image_url in openai chat completions

* test(gateway): cover openai chat completions image_url flows

* docs(changelog): note openai image_url chat completions fix (#17685)

* fix(gateway): harden openai image_url parsing and limits

* test(gateway): add openai image_url regression coverage

* docs(changelog): expand #17685 openai chat completions note

* Gateway: make OpenAI image_url URL fetch opt-in and configurable

* Diagnostics: redact image base64 payload data in trace logs

* Changelog: note OpenAI image_url hardening follow-ups

* Gateway: enforce OpenAI image_url total budget incrementally

* Gateway: scope OpenAI image_url extraction to the active turn

* Update CHANGELOG.md

* fix(agents): avoid xAI web_search tool-name collisions

* fix: clear Telegram DM draft after materialize (#36746) (thanks @joelnishanth)

* Fix Control UI duplicate iMessage replies for internal webchat turns (#36151)

* Auto-reply: avoid routing external replies from internal webchat turns

* Auto-reply tests: cover internal webchat non-routing with external origin metadata

* Changelog: add Control UI iMessage duplicate-reply fix note

* Auto-reply context: track explicit deliver routes

* Gateway chat: mark explicit external deliver routes in context

* Auto-reply: preserve explicit deliver routes for internal webchat turns

* Auto-reply tests: cover explicit deliver routes from internal webchat turns

* Gateway chat tests: assert explicit deliver route context tagging

* fix: enforce 600 perms for cron store and run logs (#36078)

* fix: enforce secure permissions for cron store and run logs

* fix(cron): enforce dir perms and gate posix tests on windows

* Cron store tests: cover existing directory permission hardening

* Cron run-log tests: cover existing directory permission hardening

* Changelog: note cron file permission hardening

---------

Co-authored-by: linhey <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>

* fix(tui): accept canonical session-key aliases in chat event routing

* Gateway: normalize OpenAI stream chunk text

* Gateway: coerce chat deliverable route boolean

* fix(web_search): align brave language codes with API

* Respect source channel for agent event surfacing (#36030)

* fix(session): prefer webchat routes for direct ui turns (#37135)

* Gateway: discriminate input sources

* Cron: migrate legacy provider delivery hints

* Cron: stabilize runs-one-shot migration tests

* fix(memory): retry mcporter after Windows EINVAL spawn

* fix(onboarding): guard daemon status probe on headless linux

* Gateway: add path-scoped config schema lookup (#37266)

Merged via squash.

Prepared head SHA: 0c4d187f6fb66f2799d4047585d6368e433c883a
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* docs(changelog): add pr entry

* fix(ci): restore protocol and schema checks (#37470)

* Fix failover for zhipuai 1310 Weekly/Monthly Limit Exhausted (#33813)

Merged via squash.

Prepared head SHA: 3dc441e58de48913720cf7b6137fa761758d8344
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix(openai-codex-oauth): stop mutating authorize url scopes

* Update CHANGELOG.md

* fix(auth): remove bogus codex oauth responses probe

* docs(changelog): fold codex oauth fix notes

* docs(changelog): add codex oauth pr reference (#37558)

* fix(security:PLA-697): block local secret scratch files from commits

* feat: add dev EKS deployment for openclaw SRE container

* fix: stabilize slack socket mode in dev eks runtime

* fix(eks): reuse monitoring incident auth for openclaw-sre

* feat(deploy): add grafana env guards and prod deploy wrapper

* fix(security): redact tool outputs and enforce secret-safe runtime defaults

* feat(sre): harden heartbeat routing and enrich triage signals

* docs: add SRE hybrid intelligence design

Three-layer architecture to improve bot reasoning quality:
- Layer 1: Service knowledge (auto-discovery + overlays + incident memory)
- Layer 2: Multi-stage reasoning chain (triage → hypothesize → causal chain → action plan → cross-review)
- Layer 3: Incident learning loop (structured cards, overlay suggestions, feedback signals)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* feat(sandbox): add boundary cli to common runtime image

* docs(sre): finalize hybrid intelligence design v19 after 18 Codex review rounds

Iteratively hardened the design through 18 adversarial Codex review rounds,
resolving 60+ findings (15+ CRITICAL, 45+ HIGH). Key fixes include:
- Decoupled incident_id (pre-Step11 immutable) from card_id (LLM-derived)
- Unified evidence/memory sanitization via shared _strip_instruction_tokens
- Fixed rerun interval default (3600s > heartbeat 1800s) to prevent every-cycle re-runs
- Added Phase 2 cross-review gap note and dual-column depth table
- Overlay suggestion idempotency via deterministic suggestion_key + upsert
- Decoupled chain timeout from legacy budget check
- Added predicate alignment docs for L3 pre-check vs L3 gate
- Adopted dynamic evidence_completeness denominator matching existing code
- Added scope note clarifying design vs current implementation

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* feat(sre): complete hybrid intelligence rollout and bot hardening

* fix(sre): harden slack reasoning, dual chain, and deploy auth/runtime

* ci: add ecr release pipeline and infra-helm image update trigger

* ci: switch workflows to github-hosted runners

* ci: allow manual ecr env target and use updater v4

* ci: remove windows jobs from workflow

* chore(pla-678): update fallback auth fixture and plan docs

* fix(pla-678): preserve control-ui host-header fallback in dev config

* refactor(pla-678): remove local sre chart and require infra-helm

* refactor(pla-678): remove direct eks deploy scripts

* ci(pla-678): remove labeler workflow

* ci(pla-678): refresh checks after disabling labeler

* build: install boundary CLI in SRE runtime image

* fix(slack:PLA-678): keep one thread lane across users

* fix(sre-skill): enforce live db-query runbook in dev seed

* fix(slack): ignore bot thread history when seeding new sessions

* fix(slack): force retry on repeated thread questions

* fix(sre-skill): require retry on repeated db requests

* docs(sre-skill): make retry policy generic across repeated asks

* fix(sre:PLA-678): enforce live linear ticket updates

* fix(sre:PLA-678): use [PLATFORM] Backlog linear project

* fix(sre:PLA-678): label linked linear tickets as openclaw-sre

* fix(sre:PLA-678): auto-label linked linear tickets for auto-pr

* test(sre:PLA-678): make tracking label test executable

* fix(slack:PLA-678): remove status-final completion banner (#16)

* fix(slack:PLA-678): enable direct file attachments from agent replies (#17)

* fix(slack:PLA-678): remove status-final completion banner

* fix(slack): enable direct file attachments from agent replies

* refactor(sre:PLA-678): remove local deploy config mirror (#18)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack:PLA-678): force DM replies into per-message threads (#19)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack): force threaded replies for direct messages

* feat(cron:PLA-678): use conversation history in self-improve runs (#20)

* fix(slack:PLA-678): improve progress update readability (#21)

* fix(ci:PLA-678): restore main release pipeline health (#22)

* fix(ci:PLA-678): restore main release pipeline health

* fix(ci:PLA-678): harden auto-response token fallback

* fix(ci:PLA-678): pin setup-bun to published release

* test(ci:PLA-678): align slack thread session expectations

* fix(sre:PLA-678): harden Slack reply delivery and image release flow (#23)

* fix(slack:PLA-678): harden thread-scoped reply delivery

* fix(slack:PLA-678): satisfy lint after rebase

* ci(release:PLA-678): move image release to cached ecr flow

* ci(release:PLA-678): use official docker build actions

* fix(slack:PLA-722): preserve progress updates during final-answer gating (#24)

* fix(sre:PLA-724): restore ECR runtime image toolchain (#25)

* fix(failover): classify HTTP 402 as rate_limit when payload indicates usage limit (#30484) (#36802)

* fix(failover): classify HTTP 402 as rate_limit when payload indicates usage limit (#30484)

Some providers (notably Anthropic Claude Max plan) surface temporary
usage/rate-limit failures as HTTP 402 instead of 429. Before this change,
all 402s were unconditionally mapped to 'billing', which produced a
misleading 'run out of credits' warning for Max plan users who simply
hit their usage window.

This follows the same pattern introduced for HTTP 400 in #36783: check
the error message for an explicit rate-limit signal before falling back
to the default status-code classification.

- classifyFailoverReasonFromHttpStatus now returns 'rate_limit' for 402
  when isRateLimitErrorMessage matches the payload text
- Added regression tests covering both the rate-limit and billing paths
  on 402

* fix: narrow 402 rate-limit matcher to prevent billing misclassification

The original implementation used isRateLimitErrorMessage(), which matches
phrases like 'quota exceeded' that legitimately appear in billing errors.

This commit replaces it with a narrow, 402-specific matcher that requires
BOTH retry language (try again/retry/temporary/cooldown) AND limit
terminology (usage limit/rate limit/organization usage).

Prevents misclassification of errors like:
'HTTP 402: exceeded quota, please add credits' -> billing (not rate_limit)

Added regression test for the ambiguous case.

---------

Co-authored-by: Val Alexander <[email protected]>

* fix(mattermost): allow reachable interaction callback URLs (#37543)

Merged via squash.

Prepared head SHA: 4d593731be5a5dcbf3106d596b38acfeb8cf0aa8
Co-authored-by: mukhtharcm <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

---------

Signed-off-by: joshavant <[email protected]>
Co-authored-by: Gustavo Madeira Santana <[email protected]>
Co-authored-by: Mariano <[email protected]>
Co-authored-by: leepokai <[email protected]>
Co-authored-by: Bob <[email protected]>
Co-authored-by: Onur <[email protected]>
Co-authored-by: Ayaan Zaidi <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>
Co-authored-by: huangcj <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: Sid <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Co-authored-by: a <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Shakker <[email protected]>
Co-authored-by: liuxiaopai-ai <[email protected]>
Co-authored-by: Rodrigo Uroz <[email protected]>
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Co-authored-by: Kai <[email protected]>
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: 青雲 <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Darshil <[email protected]>
Co-authored-by: Ho Lim <[email protected]>
Co-authored-by: dvrshil <[email protected]>
Co-authored-by: Isis Anisoptera <[email protected]>
Co-authored-by: Madoka <[email protected]>
Co-authored-by: Xu Zimo <[email protected]>
Co-authored-by: Munem Hashmi <[email protected]>
Co-authored-by: bmendonca3 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>
Co-authored-by: Nhj <[email protected]>
Co-authored-by: 倪汉杰0668001185 <[email protected]>
Co-authored-by: zhengquanliu <[email protected]>
Co-authored-by: nick <[email protected]>
Co-authored-by: linhey <[email protected]>
Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: rexl2018 <[email protected]>
Co-authored-by: sline <[email protected]>
Co-authored-by: 0xsline <[email protected]>
Co-authored-by: Harold Hunt <[email protected]>
Co-authored-by: Shivam <[email protected]>
Co-authored-by: 不做了睡大觉 <[email protected]>
Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Linux2010 <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Joseph Turian <[email protected]>
Co-authored-by: turian <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Tony Dehnke <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: kevinWangSheng <[email protected]>
Co-authored-by: ningding97 <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: clawbie <[email protected]>
Co-authored-by: Takhoffman <[email protected]>
Co-authored-by: Ayane <[email protected]>
Co-authored-by: Ayane <[email protected]>
Co-authored-by: StingNing <[email protected]>
Co-authored-by: maweibin <[email protected]>
Co-authored-by: maweibin <[email protected]>
Co-authored-by: Josh Avant <[email protected]>
Co-authored-by: Bin Deng <[email protected]>
Co-authored-by: Byungsker <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Co-authored-by: Altay <[email protected]>
Co-authored-by: jiangnan <[email protected]>
Co-authored-by: jnMetaCode <[email protected]>
Co-authored-by: Jacob Riff <[email protected]>
Co-authored-by: jriff <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: Bill <[email protected]>
Co-authored-by: 2233admin <[email protected]>
Co-authored-by: 2233admin <[email protected]>
Co-authored-by: littleben <[email protected]>
Co-authored-by: littleben <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Vignesh Natarajan <[email protected]>
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: dunamismax <[email protected]>
Co-authored-by: Octane <[email protected]>
Co-authored-by: Mitsuyuki Osabe <[email protected]>
Co-authored-by: Tak <[email protected]>
Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: Hinata Kaga (samon) <[email protected]>
Co-authored-by: dorukardahan <[email protected]>
Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: Brenner Spear <[email protected]>
Co-authored-by: aerelune <[email protected]>
Co-authored-by: Frank Yang <[email protected]>
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: Vignesh <[email protected]>
Co-authored-by: OpenClaw SRE Bot <[email protected]>
Co-authored-by: Xinhua Gu <[email protected]>
Co-authored-by: Val Alexander <[email protected]>

)

* Plugins/matrix: migrate to scoped plugin-sdk imports

* Plugins/mattermost: migrate to scoped plugin-sdk imports

* Plugins/memory-core: migrate to scoped plugin-sdk imports

* Plugins/memory-lancedb: migrate to scoped plugin-sdk imports

* Plugins/minimax-portal-auth: migrate to scoped plugin-sdk imports

* Plugins/msteams: migrate to scoped plugin-sdk imports

* Plugins/nextcloud-talk: migrate to scoped plugin-sdk imports

* Plugins/nostr: migrate to scoped plugin-sdk imports

* Plugins/open-prose: migrate to scoped plugin-sdk imports

* Plugins/phone-control: migrate to scoped plugin-sdk imports

* Plugins/qwen-portal-auth: migrate to scoped plugin-sdk imports

* Plugins/synology-chat: migrate to scoped plugin-sdk imports

* Plugins/talk-voice: migrate to scoped plugin-sdk imports

* Plugins/test-utils: migrate to scoped plugin-sdk imports

* Plugins/thread-ownership: migrate to scoped plugin-sdk imports

* Plugins/tlon: migrate to scoped plugin-sdk imports

* Plugins/twitch: migrate to scoped plugin-sdk imports

* Plugins/voice-call: migrate to scoped plugin-sdk imports

* Plugins/whatsapp: migrate to scoped plugin-sdk imports

* Plugins/zalo: migrate to scoped plugin-sdk imports

* Plugins/zalouser: migrate to scoped plugin-sdk imports

* Chore: remove accidental .DS_Store artifact

* chore(docs): add plugins refactor changelog entry

* feat(ios): add Live Activity connection status + stale cleanup (#33591)

* feat(ios): add live activity connection status and cleanup

Add lock-screen/Dynamic Island connection health states and prune duplicate/stale activities before reuse. This intentionally excludes AI/title generation and heavier UX rewrites from #27488.

Co-authored-by: leepokai <[email protected]>

* fix(ios): treat ended live activities as inactive

* chore(changelog): add PR reference and author thanks

---------

Co-authored-by: leepokai <[email protected]>

* fix: kill stuck ACP child processes on startup and harden sessions in discord threads (#33699)

* Gateway: resolve agent.wait for chat.send runs

* Discord: harden ACP thread binding + listener timeout

* ACPX: handle already-exited child wait

* Gateway/Discord: address PR review findings

* Discord: keep ACP error-state thread bindings on startup

* gateway: make agent.wait dedupe bridge event-driven

* discord: harden ACP probe classification and cap startup fan-out

* discord: add cooperative timeout cancellation

* discord: fix startup probe concurrency helper typing

* plugin-sdk: avoid Windows root-alias shard timeout

* plugin-sdk: keep root alias reflection path non-blocking

* discord+gateway: resolve remaining PR review findings

* gateway+discord: fix codex review regressions

* Discord/Gateway: address Codex review findings

* Gateway: keep agent.wait lifecycle active with shared run IDs

* Discord: clean up status reactions on aborted runs

* fix: add changelog note for ACP/Discord startup hardening (#33699) (thanks @dutifulbob)

---------

Co-authored-by: Onur <[email protected]>

* fix: relay ACP sessions_spawn parent streaming (#34310) (thanks @vincentkoc) (#34310)

Co-authored-by: Onur Solmaz <[email protected]>

* fix(telegram): materialize dm draft final to avoid duplicates

* docs(changelog): credit @Brotherinlaw-13 for #34318

* fix: prevent nodes media base64 context bloat (#34332)

* fix: preserve raw media invoke for HTTP tool clients (#34365)

* fix(slack): route system events to bound agent sessions (#34045)

* fix(slack): route system events via binding-aware session keys

* fix(slack): pass sender to system event session resolver

* fix(slack): include sender context for interaction session routing

* fix(slack): include modal submitter in session routing

* test(slack): cover binding-aware system event routing

* test(slack): update interaction session key assertions

* test(slack): assert reaction session routing carries sender

* docs(changelog): note slack system event routing fix

* Update CHANGELOG.md

* Delete changelog/fragments directory

* fix(memory): serialize local embedding initialization to avoid duplicate model loads (#15639)

Merged via squash.

Prepared head SHA: a085fc21a8ba7163fffdb5de640dd4dc1ff5a88e
Co-authored-by: SubtleSpark <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(model): propagate custom provider headers to model objects (#27490)

Merged via squash.

Prepared head SHA: e4183b398fc7eb4c18b2b691cb0dd882ec993608
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(daemon): handle systemctl is-enabled exit 4 (not-found) on Ubuntu (#33634)

Merged via squash.

Prepared head SHA: 67dffc3ee239cd7b813cb200c3dd5475d9e203a6
Co-authored-by: Yuandiaodiaodiao <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(node-host): sync rawCommand with hardened argv after executable path pinning (#33137)

Merged via squash.

Prepared head SHA: a7987905f7ad6cf5fee286ffa81ceaad8297174f
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* Agents: add generic poll-vote action support

* fix(ollama): pass provider headers to Ollama stream function (#24285)

createOllamaStreamFn() only accepted baseUrl, ignoring custom headers
configured in models.providers.<provider>.headers. This caused 403
errors when Ollama endpoints are behind reverse proxies that require
auth headers (e.g. X-OLLAMA-KEY via HAProxy).

Add optional defaultHeaders parameter to createOllamaStreamFn() and
merge them into every fetch request. Provider headers from config are
now passed through at the call site in the embedded runner.

Fixes #24285

* test(ollama): add default header precedence coverage

* chore(changelog): add PR entry openclaw#24337 thanks @echoVic

* Outbound: allow text-only plugin adapters

* Outbound: avoid empty multi-media fallback sends

* chore(changelog): align outbound adapter entry openclaw#32788 thanks @liuxiaopai-ai

* fix(outbound): fail media-only text-only adapter fallback

* chore(changelog): clarify outbound media-only fallback openclaw#32788 thanks @liuxiaopai-ai

* fix(review): enforce behavioral sweep validation

* Fix gateway restart false timeouts on Debian/systemd (#34874)

* daemon(systemd): target sudo caller user scope

* test(systemd): cover sudo user scope commands

* infra(ports): fall back to ss when lsof missing

* test(ports): verify ss fallback listener detection

* cli(gateway): use probe fallback for restart health

* test(gateway): cover restart-health probe fallback

* Compaction/Safeguard: require structured summary headings (#25555)

Merged via squash.

Prepared head SHA: 0b1df34806a7b788261290be55760fd89220de53
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Fix Linux daemon install checks when systemd user bus env is missing (#34884)

* daemon(systemd): fall back to machine user scope when user bus is missing

* test(systemd): cover machine scope fallback for user-bus errors

* test(systemd): reset execFile mock state across cases

* test(systemd): make machine-user fallback assertion portable

* fix(daemon): keep root sudo path on direct user scope

* test(systemd): cover sudo root user-scope behavior

* ci: use resolvable bun version in setup-node-env

* agents: preserve totalTokens on request failure instead of using contextWindow (#34275)

Merged via squash.

Prepared head SHA: f9d111d0a79a07815d476356e98a28df3a0000ba
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix: align AGENTS.md template section names with post-compaction extraction (#25029) (#25098)

Merged via squash.

Prepared head SHA: 8cd6cc8049aab5a94d8a9d5fb08f2e792c4ac5fd
Co-authored-by: echoVic <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Changelog: add daemon systemd user-bus fallback entry (#34884)

* Changelog: add gateway restart health entry (#34874)

* fix: finalize spanish locale support

* fix: add spanish locale support (#35038) (thanks @DaoPromociones)

* fix(deps): patch hono transitive audit vulnerabilities

* fix(security): avoid prototype-chain account path checks (#34982)

Merged via squash.

Prepared head SHA: f89cc6a649959997fe1dec1e1c1bff9a61b2de98
Co-authored-by: HOYALIM <[email protected]>
Co-authored-by: dvrshil <[email protected]>
Reviewed-by: @dvrshil

* fix(deps): bump tar to 7.5.10

* docs(changelog): document dependency security fixes

* fix: restore auto-reply system events timeline (#34794) (thanks @anisoptera) (#34794)

Co-authored-by: Ayaan Zaidi <[email protected]>

* fix(feishu): comprehensive reply mechanism — outbound replyToId forwarding + topic-aware reply targeting (#33789)

* fix(feishu): comprehensive reply mechanism fix — outbound replyToId forwarding + topic-aware reply targeting

- Forward replyToId from ChannelOutboundContext through sendText/sendMedia
  to sendMessageFeishu/sendMarkdownCardFeishu/sendMediaFeishu, enabling
  reply-to-message via the message tool.

- Fix group reply targeting: use ctx.messageId (triggering message) in
  normal groups to prevent silent topic thread creation (#32980). Preserve
  ctx.rootId targeting for topic-mode groups (group_topic/group_topic_sender)
  and groups with explicit replyInThread config.

- Add regression tests for both fixes.

Fixes #32980
Fixes #32958
Related #19784

* fix: normalize Feishu delivery.to before comparing with messaging tool targets

- Add normalizeDeliveryTarget helper to strip user:/chat: prefixes for Feishu
- Apply normalization in matchesMessagingToolDeliveryTarget before comparison
- This ensures cron duplicate suppression works when session uses prefixed targets
  (user:ou_xxx) but messaging tool extract uses normalized bare IDs (ou_xxx)

Fixes review comment on PR #32755

(cherry picked from commit fc20106f16ccc88a5f02e58922bb7b7999fe9dcd)

* fix(feishu): catch thrown SDK errors for withdrawn reply targets

The Feishu Lark SDK can throw exceptions (SDK errors with .code or
AxiosErrors with .response.data.code) for withdrawn/deleted reply
targets, in addition to returning error codes in the response object.

Wrap reply calls in sendMessageFeishu and sendCardFeishu with
try-catch to handle thrown withdrawn/not-found errors (230011,
231003) and fall back to client.im.message.create, matching the
existing response-level fallback behavior.

Also extract sendFallbackDirect helper to deduplicate the
direct-send fallback block across both functions.

Closes #33496

(cherry picked from commit ad0901aec103a2c52f186686cfaf5f8ba54b4a48)

* feishu: forward outbound reply target context

(cherry picked from commit c129a691fcf552a1cebe1e8a22ea8611ffc3b377)

* feishu extension: tighten reply target fallback semantics

(cherry picked from commit f85ec610f267020b66713c09e648ec004b2e26f1)

* fix(feishu): align synthesized fallback typing and changelog attribution

* test(feishu): cover group_topic_sender reply targeting

---------

Co-authored-by: Xu Zimo <[email protected]>
Co-authored-by: Munem Hashmi <[email protected]>
Co-authored-by: bmendonca3 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(feishu): use msg_type media for mp4 video (fixes #33674) (#33720)

* fix(feishu): use msg_type media for mp4 video (fixes #33674)

* Feishu: harden streaming merge semantics and final reply dedupe

Use explicit streaming update semantics in the Feishu reply dispatcher:
treat onPartialReply payloads as snapshot updates and block fallback payloads
as delta chunks, then merge final text with the shared overlap-aware
mergeStreamingText helper before closing the stream.

Prevent duplicate final text delivery within the same dispatch cycle, and add
regression tests covering overlap snapshot merge, duplicate final suppression,
and block-as-delta behavior to guard against repeated/truncated output.

* fix(feishu): prefer message.reply for streaming cards in topic threads

* fix: reduce Feishu streaming card print_step to avoid duplicate rendering

Fixes openclaw/openclaw#33751

* Feishu: preserve media sends on duplicate finals and add media synthesis changelog

* Feishu: only dedupe exact duplicate final replies

* Feishu: use scoped plugin-sdk import in streaming-card tests

---------

Co-authored-by: 倪汉杰0668001185 <[email protected]>
Co-authored-by: zhengquanliu <[email protected]>
Co-authored-by: nick <[email protected]>
Co-authored-by: linhey <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): bypass pendingDescendantRuns guard for cron announce delivery (#35185)

* fix(agents): bypass pendingDescendantRuns guard for cron announce delivery

Standalone cron job completions were blocked from direct channel delivery
when the cron run had spawned subagents that were still registered as
pending. The pendingDescendantRuns guard exists for live orchestration
coordination and should not apply to fire-and-forget cron announce sends.

Thread the announceType through the delivery chain and skip both the
child-descendant and requester-descendant pending-run guards when the
announce originates from a cron job.

Closes #34966

* fix: ensure outbound session entry for cron announce with named agents (#32432)

Named agents may not have a session entry for their delivery target,
causing the announce flow to silently fail (delivered=false, no error).

Two fixes:
1. Call ensureOutboundSessionEntry when resolving the cron announce
   session key so downstream delivery can find channel metadata.
2. Fall back to direct outbound delivery when announce delivery fails
   to ensure cron output reaches the target channel.

Closes #32432

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* fix: guard announce direct-delivery fallback against suppression leaks (#32432)

The `!delivered` fallback condition was too broad — it caught intentional
suppressions (active subagents, interim messages, SILENT_REPLY_TOKEN) in
addition to actual announce delivery failures.  Add an
`announceDeliveryWasAttempted` flag so the direct-delivery fallback only
fires when `runSubagentAnnounceFlow` was actually called and failed.

Also remove the redundant `if (route)` guard in
`resolveCronAnnounceSessionKey` since `resolved` being truthy guarantees
`route` is non-null.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* fix(cron): harden announce synthesis follow-ups

---------

Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* Feishu: harden streaming merge semantics and final reply dedupe (#33245)

* Feishu: close duplicate final gap and cover routing precedence

* Feishu: resolve reviewer duplicate-final and routing feedback

* Feishu: tighten streaming send-mode option typing

* Feishu: fix reverse-overlap streaming merge ordering

* Feishu: align streaming final dedupe test expectation

* Feishu: allow distinct streaming finals while deduping repeats

---------

Co-authored-by: Tak Hoffman <[email protected]>

* fix: cron backup should preserve pre-edit snapshot (#35195) (#35234)

* fix(cron): avoid overwriting .bak during normalization

Fixes openclaw/openclaw#35195

* test(cron): preserve pre-edit bak snapshot in normalization path

---------

Co-authored-by: 0xsline <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(cron): stabilize restart catch-up replay semantics (#35351)

* Cron: stabilize restart catch-up replay semantics

* Cron: respect backoff in startup missed-run replay

* cron: narrow startup replay backoff guard (#35391)

* cron: unify stale-run recovery and preserve manual-run every anchors (#35363)

* cron: unify stale-run recovery and preserve manual every anchors

* cron: address unresolved review threads on recovery paths

* cron: remove duplicate timestamp helper after rebase

* refactor(telegram): remove unused webhook callback helper (#27816)

* fix(pr): make review claim step required

* fix(skills): deduplicate slash commands by skillName across all interfaces

Move skill-command deduplication by skillName from the Discord-only
`dedupeSkillCommandsForDiscord` into `listSkillCommandsForAgents` so
every interface (TUI, Slack, text) consistently sees a clean command
list without platform-specific workarounds.

When multiple agents share a skill with the same name the old code
emitted `github` + `github_2` and relied on Discord to collapse them.
Now `listSkillCommandsForAgents` returns only the first registration
per skillName, and the Discord-specific wrapper is removed.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* style: fix formatting in skill-commands.test.ts and provider.ts

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* style(skills): align formatting cleanup for dedupe changes

* chore(changelog): add dedupe note openclaw#27521 thanks @shivama205

* fix(agents): detect Venice provider proxying xAI/Grok models for schema cleaning (#35355)

Merged via squash.

Prepared head SHA: 8bfdec257bb6a6025cb69a0a213a433da32b15db
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(agents): decode HTML entities in xAI/Grok tool call arguments (#35276)

Merged via squash.

Prepared head SHA: c4445d2938898ded9c046614f9315dbda65ec573
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(agents): guard promoteThinkingTagsToBlocks against malformed content entries (#35143)

Merged via squash.

Prepared head SHA: 3971122f5fd27c66c8c9c5ce783f00e113b1f47b
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(web-ui): render Accounts schema node properly (#35380)

Co-authored-by: stakeswky <[email protected]>
Co-authored-by: liuxiaopai-ai <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): guard context pruning against malformed thinking blocks (#35146)

Merged via squash.

Prepared head SHA: a196a565b1b8e806ffbf85172bcf1128796b45a2
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(gateway): prevent internal route leakage in chat.send

Synthesis of routing fixes from #35321, #34635, and #35356 for internal-client reply safety.

- Require explicit `deliver: true` before inheriting any external delivery route.
- Keep webchat/TUI/UI-origin traffic on internal routing by default.
- Allow configured-main session inheritance only for non-Webchat/UI clients, and honor `session.mainKey`.
- Add regression tests for UI no-inherit, configured-main CLI inherit, and deliver-flag behavior.

Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Linux2010 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(gateway): pass actual version to Control UI client instead of dev (#35230)

* fix(gateway): pass actual version to Control UI client instead of "dev"

The GatewayClient, CLI WS client, and browser Control UI all sent
"dev" as their clientVersion during handshake, making it impossible
to distinguish builds in gateway logs and health snapshots.

- GatewayClient and CLI WS client now use the resolved VERSION constant
- Control UI reads serverVersion from the bootstrap endpoint and
  forwards it when connecting
- Bootstrap contract extended with serverVersion field

Closes #35209

* Gateway: fix control-ui version version-reporting consistency

* Control UI: guard deferred bootstrap connect after disconnect

* fix(ui): accept same-origin http and relative gateway URLs for client version

---------

Co-authored-by: Tak Hoffman <[email protected]>

* chore(pr): enforce changelog placement and reduce merge sync churn

* TTS: add baseUrl support to OpenAI TTS config (#34321)

Merged via squash.

Prepared head SHA: e9a10cf81d2021cf81091dfa81e13ffdbb6a540a
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* ACP: add persistent Discord channel and Telegram topic bindings (#34873)

* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <[email protected]>

* docs(telegram): recommend allowlist for single-user DM policy (#34841)

* docs(telegram): recommend allowlist for single-user bots

* docs(telegram): condense single-user allowlist note

---------

Co-authored-by: echoVic <[email protected]>

* fix(feishu): check response.ok before calling response.json() in streaming card (#35628)

Merged via squash.

Prepared head SHA: 62c3fec80d97cea9be344c0bef5358a0a5dc5560
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Mattermost: honor onmessage mention override and add gating diagnostics tests (#27160)

Merged via squash.

Prepared head SHA: 6cefb1d5bf3d6dfcec36c1cee3f9ea887f10c890
Co-authored-by: turian <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(subagents): strip leaked [[reply_to]] tags from completion announces (#34503)

* fix(subagents): strip reply tags from completion delivery text

* test(subagents): cover reply-tag stripping in cron completion sends

* changelog: note iMessage reply-tag stripping in completion announces

* Update CHANGELOG.md

* Apply suggestion from @greptile-apps[bot]

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* fix(cron): restore direct fallback after announce failure in best-effort mode (openclaw#36177)

Verified:
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <[email protected]>

* test(cron): add cross-channel announce fallback regression coverage (openclaw#36197)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <[email protected]>

* feat(mattermost): add interactive buttons support (#19957)

Merged via squash.

Prepared head SHA: 8a25e608729d0b9fd07bb0ee4219d199d9796dbe
Co-authored-by: tonydehnke <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(browser): remove deprecated --disable-blink-features=AutomationControlled flag

- Removes OpenClaw's default `--disable-blink-features=AutomationControlled` Chrome launch switch to avoid unsupported-flag warnings in newer Chrome (#35721).
- Preserves compatibility for older Chrome via `browser.extraArgs` override behavior (source analysis: #35770, #35728, #35727, #35885).
- Synthesis attribution: thanks @Sid-Qin, @kevinWangSheng, @ningding97, @Naylenv, @clawbie.

Source PR refs: #35734, #35770, #35728, #35727, #35885

Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: kevinWangSheng <[email protected]>
Co-authored-by: ningding97 <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: clawbie <[email protected]>
Co-authored-by: Takhoffman <[email protected]>

* fix(feishu): add HTTP timeout to prevent per-chat queue deadlocks (#36430)

When the Feishu API hangs or responds slowly, the sendChain never settles,
causing the per-chat queue to remain in a processing state forever and
blocking all subsequent messages in that thread. This adds a 30-second
default timeout to all Feishu HTTP requests by providing a timeout-aware
httpInstance to the Lark SDK client.

Closes #36412

Co-authored-by: Ayane <[email protected]>

* fix(feishu): use probed botName for mention checks (#36391)

* Feishu: honor bot mentions by ID despite aliases (Fixes #36317) (#36333)

* Mattermost: switch plugin-sdk imports to scoped subpaths (openclaw#36480)

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(feishu): accept groupPolicy "allowall" as alias for "open" (#36358)

* fix(feishu): accept groupPolicy "allowall" as alias for "open"

When users configure groupPolicy: "allowall" in Feishu channel config,
the Zod schema rejects the value and the runtime policy check falls
through to the allowlist path.  With an empty allowFrom array, all group
messages are silently dropped despite the intended "allow all" semantics.

Accept "allowall" at the schema level (transform to "open") and add a
runtime guard in isFeishuGroupAllowed so the value is handled even if it
bypasses schema validation.

Closes #36312

Made-with: Cursor

* Feishu: tighten allowall alias handling and coverage

---------

Co-authored-by: Tak Hoffman <[email protected]>

* synthesis: fix Feishu group mention slash parsing

## Summary\n\nFeishu group slash command parsing is fixed for mentions and command probes across authorization paths.\n\nThis includes:\n- Normalizing bot mention text in group context for reliable slash detection in message parsing.\n- Adding command-probe normalization for group slash invocations.\n\nCo-authored-by: Sid Qin <[email protected]>\nCo-authored-by: Tak Hoffman <[email protected]>

* Feishu: normalize group slash command probing

- Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands are recognized in group routing.\n- Source PR: #36011\n- Contributor: @liuxiaopai-ai\n\nCo-authored-by: Tak Hoffman <[email protected]>\nCo-authored-by: liuxiaopai-ai <[email protected]>

* add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177)

Merged via squash.

Prepared head SHA: d9a2869ad69db9449336a2e2846bd9de0e647ac6
Co-authored-by: maweibin <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(feishu): avoid media regressions from global HTTP timeout (#36500)

* fix(feishu): avoid media regressions from global http timeout

* fix(feishu): source HTTP timeout from config

* fix(feishu): apply media timeout override to image uploads

* fix(feishu): invalidate cached client when timeout changes

* fix(feishu): clamp timeout values and cover image download

* Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094)

* fix(embedded): classify model_context_window_exceeded as context overflow, trigger compaction (#35934)

Merged via squash.

Prepared head SHA: 20fa77289c80b2807a6779a3df70440242bc18ca
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(agents): skip compaction API call when session has no real messages (#36451)

Merged via squash.

Prepared head SHA: 52dd6317895c7bd10855d2bd7dbbfc2f5279b68e
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(ui): catch marked.js parse errors to prevent Control UI crash (#36445)

- Prevent Control UI session render crashes when `marked.parse()` encounters pathological recursive markdown by safely falling back to escaped `<pre>` output.
- Tighten markdown fallback regression coverage and keep changelog attribution in sync for this crash-hardening path.

Co-authored-by: Bin Deng <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(session): archive old transcript on daily/scheduled reset to prevent orphaned files (#35493)

Merged via squash.

Prepared head SHA: 0d95549d752adecfc0b08d5cd55a8b8c75e264fe
Co-authored-by: byungsker <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(agents): set preserveSignatures to isAnthropic in resolveTranscriptPolicy (#32813)

Merged via squash.

Prepared head SHA: f522d21ca59a42abac554435a0aa646f6a34698d
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix: avoid false global rate-limit classification from generic cooldown text (#32972)

Merged via squash.

Prepared head SHA: 813c16f5afce415da130a917d9ce9f968912b477
Co-authored-by: stakeswky <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* refactor(agents): share failover HTTP status classification (#36615)

* fix(agents): classify transient failover statuses consistently

* fix(agents): preserve legacy failover status mapping

* fix(failover): narrow service-unavailable to require overload indicator (#32828) (#36646)

Merged via squash.

Prepared head SHA: 46fb4306127972d7635f371fd9029fbb9baff236
Co-authored-by: jnMetaCode <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* Compaction/Safeguard: add summary quality audit retries (#25556)

Merged via squash.

Prepared head SHA: be473efd1635616ebbae6e649d542ed50b4a827f
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* test(agents): add provider-backed failover regressions (#36735)

* test(agents): add provider-backed failover fixtures

* test(agents): cover more provider error docs

* test(agents): tighten provider doc fixtures

* Docs: add Slack typing reaction fallback

* Docs: update gateway config reference for Slack and TTS

* Docs: clarify OpenAI-compatible TTS endpoints

* Docs: document Control UI locale support

* Docs: cover heartbeat, cron, and plugin route updates

* fix(ui): bump dompurify to 3.3.2 (#36781)

* UI: bump dompurify to 3.3.2

* Deps: refresh dompurify lockfile

* UI: hoist lifecycle connect test mocks (#36788)

* fix(agents): classify insufficient_quota 400s as billing (#36783)

* feat: append UTC time alongside local time in shared Current time lines (#32423)

Merged via squash.

Prepared head SHA: 9e8ec13933b5317e7cff3f0bc048de515826c31a
Co-authored-by: jriff <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(config): prevent RangeError in merged schema cache key generation

Fix merged schema cache key generation for high-cardinality plugin/channel metadata by hashing incrementally instead of serializing one large aggregate string.

Includes changelog entry for the user-visible regression fix.

Co-authored-by: Tak Hoffman <[email protected]>
Co-authored-by: Bill <[email protected]>

* fix(slack): propagate mediaLocalRoots through Slack send path

Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain.

- pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction`
- add and forward `mediaLocalRoots` in Slack action context/send path
- pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement
- add changelog entry with attribution for this behavior fix

Co-authored-by: 2233admin <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(slack): preserve dedupe while recovering dropped app_mention (#34937)

This PR fixes Slack mention loss without reintroducing duplicate dispatches.

- Preserve seen-message dedupe at ingress to prevent duplicate processing.
- Allow a one-time app_mention retry only when the paired message event was previously dropped before dispatch.
- Add targeted race tests for both recovery and duplicate-prevention paths.

Co-authored-by: littleben <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* README: add algal to contributors list (#2046)

* fix: decouple Discord inbound worker timeout from listener timeout (#36602) (thanks @dutifulbob) (#36602)

Co-authored-by: Onur Solmaz <[email protected]>

* plugins: enforce prompt hook policy with runtime validation (#36567)

Merged via squash.

Prepared head SHA: 6b9d883b6ae33628235fb02ce39c0d0f46a065bb
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(memory): avoid destructive qmd collection rebinds

* Harden Telegram poll gating and schema consistency (#36547)

Merged via squash.

Prepared head SHA: f77824419e3d166f727474a9953a063a2b4547f2
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(browser): close tracked tabs on session cleanup (#36666)

* Diffs: restore system prompt guidance (#36904)

Merged via squash.

Prepared head SHA: 1b3be3c87957c068473d5c86b9efba4a1a8503f2
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(routing): avoid full binding rescans in resolveAgentRoute (#36915)

* fix(gateway): honor insecure ws override for remote hostnames

* fix(llm-task): load runEmbeddedPiAgent from dist/extensionAPI in installs

* fix(auth): harden openai-codex oauth login path

* feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing (#36683)

* fix(acp): normalize unicode flags and Telegram topic binding

* feat(telegram/acp): restore topic-bound ACP and session bindings

* fix(acpx): clarify permission-denied guidance

* feat(telegram/acp): pin spawn bind notice in topics

* docs(telegram): document ACP topic thread binding behavior

* refactor(reply): share Telegram conversation-id resolver

* fix(telegram/acp): preserve bound session routing semantics

* fix(telegram): respect binding persistence and expiry reporting

* refactor(telegram): simplify binding lifecycle persistence

* fix(telegram): bind acp spawns in direct messages

* fix: document telegram ACP topic binding changelog (#36683) (thanks @huntharo)

---------

Co-authored-by: Onur <[email protected]>

* fix(gateway): preserve streamed prefixes across tool boundaries

* fix(tui): prevent stale model indicator after /model

* Memory: handle SecretRef keys in doctor embeddings (#36835)

Merged via squash.

Prepared head SHA: c1a3d0caae60115d886e8bfc9983c9533c773f04
Co-authored-by: joshavant <[email protected]>
Co-authored-by: joshavant <[email protected]>
Reviewed-by: @joshavant

* fix(openai-codex): request required oauth api scopes (#24720)

* fix(memory-flush): ban timestamped variant files in default flush prompt (#34951)

Merged via squash.

Prepared head SHA: efadda4988b460e6da07be72994d4951d64239d0
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(tui): render final event error when assistant output is empty (#14687)

* feat(agents): flush reply pipeline before compaction wait (#35489)

Merged via squash.

Prepared head SHA: 7dbbcc510b74b0e8d35eb750d24575e34b5d769a
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(secrets): harden api key normalization for ByteString headers

* fix(slack): remove double mrkdwn conversion in native streaming path

Remove redundant text normalization from Slack native streaming markdown_text flow so Markdown formatting is preserved.

Synthesis context: overlaps reviewed from #34931, #34759, #34716, #34682, #34814.

Co-authored-by: littleben <[email protected]>
Co-authored-by: dunamismax <[email protected]>
Co-authored-by: Octane <[email protected]>
Co-authored-by: Mitsuyuki Osabe <[email protected]>
Co-authored-by: Kai <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(kimi-coding): normalize anthropic tool payload format

* fix(slack): thread channel ID through inbound context for reactions (#34831)

Slack reaction/thread context routing fixes via canonical synthesis of #34831.

Co-authored-by: Tak <[email protected]>

* fix(heartbeat): pin HEARTBEAT.md reads to workspace path

* fix(subagents): recover announce cleanup after kill/complete race

* feat(hooks): emit compaction lifecycle hooks (#16788)

* fix(auth): harden openai-codex oauth refresh fallback

* fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry (#35080)

Thanks @tyler6204

* fix(agents): avoid synthetic tool-result writes on idle-timeout cleanup

* fix(agent): harden undici stream timeouts for long openai-completions runs

* fix(slack): record app_mention retry key before dedupe check (#37033)

- Prime app_mention retry allowance before dedupe so near-simultaneous message/app_mention races do not drop valid mentions.
- Prevent duplicate dispatch when app_mention wins the race and message prepare later succeeds.
- Prune dispatched mention keys and add regression coverage for both dropped and successful in-flight message outcomes.

Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): honor explicit rate-limit cooldown probes in fallback runs

* fix(agents): allow configured ollama endpoints without dummy api keys

* fix(memory): recover qmd updates from duplicate document constraints

* Doctor: warn on implicit heartbeat directPolicy (#36789)

* Changelog: note heartbeat directPolicy doctor warning

* Tests: cover heartbeat directPolicy doctor warning

* Doctor: warn on implicit heartbeat directPolicy

* Tests: cover per-agent heartbeat directPolicy warning

* Update CHANGELOG.md

* Plugins: clarify registerHttpHandler migration errors (#36794)

* Changelog: note plugin HTTP route migration diagnostics

* Tests: cover registerHttpHandler migration diagnostics

* Plugins: clarify registerHttpHandler migration errors

* Tests: cover registerHttpHandler diagnostic edge cases

* Plugins: tighten registerHttpHandler migration hint

* fix(memory): repair qmd collection name conflicts during ensure

* fix(memory): handle qmd search results without docid

* Plugins: avoid false integrity drift prompts on unpinned updates (#37179)

* Plugins: skip drift prompts for unpinned updates

* Plugins: cover unpinned integrity update behavior

* Changelog: add #37179 release note

* Delete changelog/fragments directory

* Update CHANGELOG.md

* fix(whatsapp): remove implicit [openclaw] self-chat prefix

* fix: remove config.schema from agent gateway tool (#7382)

Merged via squash.

Prepared head SHA: f34a7780690a941936b31899e2d096b8a07f4afc
Co-authored-by: kakuteki <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* feat(openai): add gpt-5.4 support for API and Codex OAuth (#36590)

* feat(openai): add gpt-5.4 support and priority processing

* feat(openai-codex): add gpt-5.4 oauth support

* fix(openai): preserve provider overrides in gpt-5.4 fallback

* fix(openai-codex): keep xhigh for gpt-5.4 default

* fix(models): preserve configured overrides in list output

* fix(models): close gpt-5.4 integration gaps

* fix(openai): scope service tier to public api

* fix(openai): complete prep followups for gpt-5.4 support (#36590) (thanks @dorukardahan)

---------

Co-authored-by: Tyler Yust <[email protected]>

* fix(tui): preserve credential-like tokens in render sanitization

* CLI: make read-only SecretRef status flows degrade safely (#37023)

* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics

* chore(changelog): update for #37023

Signed-off-by: joshavant <[email protected]>

* fix(agents): disable usage streaming chunks on non-native openai-completions

* feat(nano-banana-pro): add --aspect-ratio flag to generate_image.py (#28159)

* feat(nano-banana-pro): add --aspect-ratio flag to generate_image.py

* Nano Banana: allow all supported aspect ratios

* Docs: expand nano banana aspect ratio options

---------

Co-authored-by: Vincent Koc <[email protected]>

* fix(gateway): support image_url in OpenAI chat completions (#34068)

* fix(gateway): parse image_url in openai chat completions

* test(gateway): cover openai chat completions image_url flows

* docs(changelog): note openai image_url chat completions fix (#17685)

* fix(gateway): harden openai image_url parsing and limits

* test(gateway): add openai image_url regression coverage

* docs(changelog): expand #17685 openai chat completions note

* Gateway: make OpenAI image_url URL fetch opt-in and configurable

* Diagnostics: redact image base64 payload data in trace logs

* Changelog: note OpenAI image_url hardening follow-ups

* Gateway: enforce OpenAI image_url total budget incrementally

* Gateway: scope OpenAI image_url extraction to the active turn

* Update CHANGELOG.md

* fix(agents): avoid xAI web_search tool-name collisions

* fix: clear Telegram DM draft after materialize (#36746) (thanks @joelnishanth)

* Fix Control UI duplicate iMessage replies for internal webchat turns (#36151)

* Auto-reply: avoid routing external replies from internal webchat turns

* Auto-reply tests: cover internal webchat non-routing with external origin metadata

* Changelog: add Control UI iMessage duplicate-reply fix note

* Auto-reply context: track explicit deliver routes

* Gateway chat: mark explicit external deliver routes in context

* Auto-reply: preserve explicit deliver routes for internal webchat turns

* Auto-reply tests: cover explicit deliver routes from internal webchat turns

* Gateway chat tests: assert explicit deliver route context tagging

* fix: enforce 600 perms for cron store and run logs (#36078)

* fix: enforce secure permissions for cron store and run logs

* fix(cron): enforce dir perms and gate posix tests on windows

* Cron store tests: cover existing directory permission hardening

* Cron run-log tests: cover existing directory permission hardening

* Changelog: note cron file permission hardening

---------

Co-authored-by: linhey <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>

* fix(tui): accept canonical session-key aliases in chat event routing

* Gateway: normalize OpenAI stream chunk text

* Gateway: coerce chat deliverable route boolean

* fix(web_search): align brave language codes with API

* Respect source channel for agent event surfacing (#36030)

* fix(session): prefer webchat routes for direct ui turns (#37135)

* Gateway: discriminate input sources

* Cron: migrate legacy provider delivery hints

* Cron: stabilize runs-one-shot migration tests

* fix(memory): retry mcporter after Windows EINVAL spawn

* fix(onboarding): guard daemon status probe on headless linux

* Gateway: add path-scoped config schema lookup (#37266)

Merged via squash.

Prepared head SHA: 0c4d187f6fb66f2799d4047585d6368e433c883a
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* docs(changelog): add pr entry

* fix(ci): restore protocol and schema checks (#37470)

* Fix failover for zhipuai 1310 Weekly/Monthly Limit Exhausted (#33813)

Merged via squash.

Prepared head SHA: 3dc441e58de48913720cf7b6137fa761758d8344
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix(openai-codex-oauth): stop mutating authorize url scopes

* Update CHANGELOG.md

* fix(auth): remove bogus codex oauth responses probe

* docs(changelog): fold codex oauth fix notes

* docs(changelog): add codex oauth pr reference (#37558)

* fix(security:PLA-697): block local secret scratch files from commits

* feat: add dev EKS deployment for openclaw SRE container

* fix: stabilize slack socket mode in dev eks runtime

* fix(eks): reuse monitoring incident auth for openclaw-sre

* feat(deploy): add grafana env guards and prod deploy wrapper

* fix(security): redact tool outputs and enforce secret-safe runtime defaults

* feat(sre): harden heartbeat routing and enrich triage signals

* docs: add SRE hybrid intelligence design

Three-layer architecture to improve bot reasoning quality:
- Layer 1: Service knowledge (auto-discovery + overlays + incident memory)
- Layer 2: Multi-stage reasoning chain (triage → hypothesize → causal chain → action plan → cross-review)
- Layer 3: Incident learning loop (structured cards, overlay suggestions, feedback signals)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* feat(sandbox): add boundary cli to common runtime image

* docs(sre): finalize hybrid intelligence design v19 after 18 Codex review rounds

Iteratively hardened the design through 18 adversarial Codex review rounds,
resolving 60+ findings (15+ CRITICAL, 45+ HIGH). Key fixes include:
- Decoupled incident_id (pre-Step11 immutable) from card_id (LLM-derived)
- Unified evidence/memory sanitization via shared _strip_instruction_tokens
- Fixed rerun interval default (3600s > heartbeat 1800s) to prevent every-cycle re-runs
- Added Phase 2 cross-review gap note and dual-column depth table
- Overlay suggestion idempotency via deterministic suggestion_key + upsert
- Decoupled chain timeout from legacy budget check
- Added predicate alignment docs for L3 pre-check vs L3 gate
- Adopted dynamic evidence_completeness denominator matching existing code
- Added scope note clarifying design vs current implementation

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* feat(sre): complete hybrid intelligence rollout and bot hardening

* fix(sre): harden slack reasoning, dual chain, and deploy auth/runtime

* ci: add ecr release pipeline and infra-helm image update trigger

* ci: switch workflows to github-hosted runners

* ci: allow manual ecr env target and use updater v4

* ci: remove windows jobs from workflow

* chore(pla-678): update fallback auth fixture and plan docs

* fix(pla-678): preserve control-ui host-header fallback in dev config

* refactor(pla-678): remove local sre chart and require infra-helm

* refactor(pla-678): remove direct eks deploy scripts

* ci(pla-678): remove labeler workflow

* ci(pla-678): refresh checks after disabling labeler

* build: install boundary CLI in SRE runtime image

* fix(slack:PLA-678): keep one thread lane across users

* fix(sre-skill): enforce live db-query runbook in dev seed

* fix(slack): ignore bot thread history when seeding new sessions

* fix(slack): force retry on repeated thread questions

* fix(sre-skill): require retry on repeated db requests

* docs(sre-skill): make retry policy generic across repeated asks

* fix(sre:PLA-678): enforce live linear ticket updates

* fix(sre:PLA-678): use [PLATFORM] Backlog linear project

* fix(sre:PLA-678): label linked linear tickets as openclaw-sre

* fix(sre:PLA-678): auto-label linked linear tickets for auto-pr

* test(sre:PLA-678): make tracking label test executable

* fix(slack:PLA-678): remove status-final completion banner (#16)

* fix(slack:PLA-678): enable direct file attachments from agent replies (#17)

* fix(slack:PLA-678): remove status-final completion banner

* fix(slack): enable direct file attachments from agent replies

* refactor(sre:PLA-678): remove local deploy config mirror (#18)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack:PLA-678): force DM replies into per-message threads (#19)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack): force threaded replies for direct messages

* feat(cron:PLA-678): use conversation history in self-improve runs (#20)

* fix(slack:PLA-678): improve progress update readability (#21)

* fix(ci:PLA-678): restore main release pipeline health (#22)

* fix(ci:PLA-678): restore main release pipeline health

* fix(ci:PLA-678): harden auto-response token fallback

* fix(ci:PLA-678): pin setup-bun to published release

* test(ci:PLA-678): align slack thread session expectations

* fix(sre:PLA-678): harden Slack reply delivery and image release flow (#23)

* fix(slack:PLA-678): harden thread-scoped reply delivery

* fix(slack:PLA-678): satisfy lint after rebase

* ci(release:PLA-678): move image release to cached ecr flow

* ci(release:PLA-678): use official docker build actions

* fix(slack:PLA-722): preserve progress updates during final-answer gating (#24)

* fix(sre:PLA-724): restore ECR runtime image toolchain (#25)

* fix(failover): classify HTTP 402 as rate_limit when payload indicates usage limit (#30484) (#36802)

* fix(failover): classify HTTP 402 as rate_limit when payload indicates usage limit (#30484)

Some providers (notably Anthropic Claude Max plan) surface temporary
usage/rate-limit failures as HTTP 402 instead of 429. Before this change,
all 402s were unconditionally mapped to 'billing', which produced a
misleading 'run out of credits' warning for Max plan users who simply
hit their usage window.

This follows the same pattern introduced for HTTP 400 in #36783: check
the error message for an explicit rate-limit signal before falling back
to the default status-code classification.

- classifyFailoverReasonFromHttpStatus now returns 'rate_limit' for 402
  when isRateLimitErrorMessage matches the payload text
- Added regression tests covering both the rate-limit and billing paths
  on 402

* fix: narrow 402 rate-limit matcher to prevent billing misclassification

The original implementation used isRateLimitErrorMessage(), which matches
phrases like 'quota exceeded' that legitimately appear in billing errors.

This commit replaces it with a narrow, 402-specific matcher that requires
BOTH retry language (try again/retry/temporary/cooldown) AND limit
terminology (usage limit/rate limit/organization usage).

Prevents misclassification of errors like:
'HTTP 402: exceeded quota, please add credits' -> billing (not rate_limit)

Added regression test for the ambiguous case.

---------

Co-authored-by: Val Alexander <[email protected]>

* fix(mattermost): allow reachable interaction callback URLs (#37543)

Merged via squash.

Prepared head SHA: 4d593731be5a5dcbf3106d596b38acfeb8cf0aa8
Co-authored-by: mukhtharcm <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(cron:PLA-740): audit previous-day self-improve sessions

---------

Signed-off-by: joshavant <[email protected]>
Co-authored-by: Gustavo Madeira Santana <[email protected]>
Co-authored-by: Mariano <[email protected]>
Co-authored-by: leepokai <[email protected]>
Co-authored-by: Bob <[email protected]>
Co-authored-by: Onur <[email protected]>
Co-authored-by: Ayaan Zaidi <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>
Co-authored-by: huangcj <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: Sid <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Co-authored-by: a <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Shakker <[email protected]>
Co-authored-by: liuxiaopai-ai <[email protected]>
Co-authored-by: Rodrigo Uroz <[email protected]>
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Co-authored-by: Kai <[email protected]>
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: 青雲 <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Darshil <[email protected]>
Co-authored-by: Ho Lim <[email protected]>
Co-authored-by: dvrshil <[email protected]>
Co-authored-by: Isis Anisoptera <[email protected]>
Co-authored-by: Madoka <[email protected]>
Co-authored-by: Xu Zimo <[email protected]>
Co-authored-by: Munem Hashmi <[email protected]>
Co-authored-by: bmendonca3 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>
Co-authored-by: Nhj <[email protected]>
Co-authored-by: 倪汉杰0668001185 <[email protected]>
Co-authored-by: zhengquanliu <[email protected]>
Co-authored-by: nick <[email protected]>
Co-authored-by: linhey <[email protected]>
Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: rexl2018 <[email protected]>
Co-authored-by: sline <[email protected]>
Co-authored-by: 0xsline <[email protected]>
Co-authored-by: Harold Hunt <[email protected]>
Co-authored-by: Shivam <[email protected]>
Co-authored-by: 不做了睡大觉 <[email protected]>
Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Linux2010 <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Joseph Turian <[email protected]>
Co-authored-by: turian <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Tony Dehnke <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: kevinWangSheng <[email protected]>
Co-authored-by: ningding97 <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: clawbie <[email protected]>
Co-authored-by: Takhoffman <[email protected]>
Co-authored-by: Ayane <[email protected]>
Co-authored-by: Ayane <[email protected]>
Co-authored-by: StingNing <[email protected]>
Co-authored-by: maweibin <[email protected]>
Co-authored-by: maweibin <[email protected]>
Co-authored-by: Josh Avant <[email protected]>
Co-authored-by: Bin Deng <[email protected]>
Co-authored-by: Byungsker <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Co-authored-by: Altay <[email protected]>
Co-authored-by: jiangnan <[email protected]>
Co-authored-by: jnMetaCode <[email protected]>
Co-authored-by: Jacob Riff <[email protected]>
Co-authored-by: jriff <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: Bill <[email protected]>
Co-authored-by: 2233admin <[email protected]>
Co-authored-by: 2233admin <[email protected]>
Co-authored-by: littleben <[email protected]>
Co-authored-by: littleben <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Vignesh Natarajan <[email protected]>
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: dunamismax <[email protected]>
Co-authored-by: Octane <[email protected]>
Co-authored-by: Mitsuyuki Osabe <[email protected]>
Co-authored-by: Tak <[email protected]>
Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: Hinata Kaga (samon) <[email protected]>
Co-authored-by: dorukardahan <[email protected]>
Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: Brenner Spear <[email protected]>
Co-authored-by: aerelune <[email protected]>
Co-authored-by: Frank Yang <[email protected]>
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: Vignesh <[email protected]>
Co-authored-by: OpenClaw SRE Bot <[email protected]>
Co-authored-by: Xinhua Gu <[email protected]>
Co-authored-by: Val Alexander <[email protected]>

…openclaw#31)

* Plugins/memory-lancedb: migrate to scoped plugin-sdk imports

* Plugins/minimax-portal-auth: migrate to scoped plugin-sdk imports

* Plugins/msteams: migrate to scoped plugin-sdk imports

* Plugins/nextcloud-talk: migrate to scoped plugin-sdk imports

* Plugins/nostr: migrate to scoped plugin-sdk imports

* Plugins/open-prose: migrate to scoped plugin-sdk imports

* Plugins/phone-control: migrate to scoped plugin-sdk imports

* Plugins/qwen-portal-auth: migrate to scoped plugin-sdk imports

* Plugins/synology-chat: migrate to scoped plugin-sdk imports

* Plugins/talk-voice: migrate to scoped plugin-sdk imports

* Plugins/test-utils: migrate to scoped plugin-sdk imports

* Plugins/thread-ownership: migrate to scoped plugin-sdk imports

* Plugins/tlon: migrate to scoped plugin-sdk imports

* Plugins/twitch: migrate to scoped plugin-sdk imports

* Plugins/voice-call: migrate to scoped plugin-sdk imports

* Plugins/whatsapp: migrate to scoped plugin-sdk imports

* Plugins/zalo: migrate to scoped plugin-sdk imports

* Plugins/zalouser: migrate to scoped plugin-sdk imports

* Chore: remove accidental .DS_Store artifact

* chore(docs): add plugins refactor changelog entry

* feat(ios): add Live Activity connection status + stale cleanup (#33591)

* feat(ios): add live activity connection status and cleanup

Add lock-screen/Dynamic Island connection health states and prune duplicate/stale activities before reuse. This intentionally excludes AI/title generation and heavier UX rewrites from #27488.

Co-authored-by: leepokai <[email protected]>

* fix(ios): treat ended live activities as inactive

* chore(changelog): add PR reference and author thanks

---------

Co-authored-by: leepokai <[email protected]>

* fix: kill stuck ACP child processes on startup and harden sessions in discord threads (#33699)

* Gateway: resolve agent.wait for chat.send runs

* Discord: harden ACP thread binding + listener timeout

* ACPX: handle already-exited child wait

* Gateway/Discord: address PR review findings

* Discord: keep ACP error-state thread bindings on startup

* gateway: make agent.wait dedupe bridge event-driven

* discord: harden ACP probe classification and cap startup fan-out

* discord: add cooperative timeout cancellation

* discord: fix startup probe concurrency helper typing

* plugin-sdk: avoid Windows root-alias shard timeout

* plugin-sdk: keep root alias reflection path non-blocking

* discord+gateway: resolve remaining PR review findings

* gateway+discord: fix codex review regressions

* Discord/Gateway: address Codex review findings

* Gateway: keep agent.wait lifecycle active with shared run IDs

* Discord: clean up status reactions on aborted runs

* fix: add changelog note for ACP/Discord startup hardening (#33699) (thanks @dutifulbob)

---------

Co-authored-by: Onur <[email protected]>

* fix: relay ACP sessions_spawn parent streaming (#34310) (thanks @vincentkoc) (#34310)

Co-authored-by: Onur Solmaz <[email protected]>

* fix(telegram): materialize dm draft final to avoid duplicates

* docs(changelog): credit @Brotherinlaw-13 for #34318

* fix: prevent nodes media base64 context bloat (#34332)

* fix: preserve raw media invoke for HTTP tool clients (#34365)

* fix(slack): route system events to bound agent sessions (#34045)

* fix(slack): route system events via binding-aware session keys

* fix(slack): pass sender to system event session resolver

* fix(slack): include sender context for interaction session routing

* fix(slack): include modal submitter in session routing

* test(slack): cover binding-aware system event routing

* test(slack): update interaction session key assertions

* test(slack): assert reaction session routing carries sender

* docs(changelog): note slack system event routing fix

* Update CHANGELOG.md

* Delete changelog/fragments directory

* fix(memory): serialize local embedding initialization to avoid duplicate model loads (#15639)

Merged via squash.

Prepared head SHA: a085fc21a8ba7163fffdb5de640dd4dc1ff5a88e
Co-authored-by: SubtleSpark <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(model): propagate custom provider headers to model objects (#27490)

Merged via squash.

Prepared head SHA: e4183b398fc7eb4c18b2b691cb0dd882ec993608
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(daemon): handle systemctl is-enabled exit 4 (not-found) on Ubuntu (#33634)

Merged via squash.

Prepared head SHA: 67dffc3ee239cd7b813cb200c3dd5475d9e203a6
Co-authored-by: Yuandiaodiaodiao <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(node-host): sync rawCommand with hardened argv after executable path pinning (#33137)

Merged via squash.

Prepared head SHA: a7987905f7ad6cf5fee286ffa81ceaad8297174f
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* Agents: add generic poll-vote action support

* fix(ollama): pass provider headers to Ollama stream function (#24285)

createOllamaStreamFn() only accepted baseUrl, ignoring custom headers
configured in models.providers.<provider>.headers. This caused 403
errors when Ollama endpoints are behind reverse proxies that require
auth headers (e.g. X-OLLAMA-KEY via HAProxy).

Add optional defaultHeaders parameter to createOllamaStreamFn() and
merge them into every fetch request. Provider headers from config are
now passed through at the call site in the embedded runner.

Fixes #24285

* test(ollama): add default header precedence coverage

* chore(changelog): add PR entry openclaw#24337 thanks @echoVic

* Outbound: allow text-only plugin adapters

* Outbound: avoid empty multi-media fallback sends

* chore(changelog): align outbound adapter entry openclaw#32788 thanks @liuxiaopai-ai

* fix(outbound): fail media-only text-only adapter fallback

* chore(changelog): clarify outbound media-only fallback openclaw#32788 thanks @liuxiaopai-ai

* fix(review): enforce behavioral sweep validation

* Fix gateway restart false timeouts on Debian/systemd (#34874)

* daemon(systemd): target sudo caller user scope

* test(systemd): cover sudo user scope commands

* infra(ports): fall back to ss when lsof missing

* test(ports): verify ss fallback listener detection

* cli(gateway): use probe fallback for restart health

* test(gateway): cover restart-health probe fallback

* Compaction/Safeguard: require structured summary headings (#25555)

Merged via squash.

Prepared head SHA: 0b1df34806a7b788261290be55760fd89220de53
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Fix Linux daemon install checks when systemd user bus env is missing (#34884)

* daemon(systemd): fall back to machine user scope when user bus is missing

* test(systemd): cover machine scope fallback for user-bus errors

* test(systemd): reset execFile mock state across cases

* test(systemd): make machine-user fallback assertion portable

* fix(daemon): keep root sudo path on direct user scope

* test(systemd): cover sudo root user-scope behavior

* ci: use resolvable bun version in setup-node-env

* agents: preserve totalTokens on request failure instead of using contextWindow (#34275)

Merged via squash.

Prepared head SHA: f9d111d0a79a07815d476356e98a28df3a0000ba
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix: align AGENTS.md template section names with post-compaction extraction (#25029) (#25098)

Merged via squash.

Prepared head SHA: 8cd6cc8049aab5a94d8a9d5fb08f2e792c4ac5fd
Co-authored-by: echoVic <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Changelog: add daemon systemd user-bus fallback entry (#34884)

* Changelog: add gateway restart health entry (#34874)

* fix: finalize spanish locale support

* fix: add spanish locale support (#35038) (thanks @DaoPromociones)

* fix(deps): patch hono transitive audit vulnerabilities

* fix(security): avoid prototype-chain account path checks (#34982)

Merged via squash.

Prepared head SHA: f89cc6a649959997fe1dec1e1c1bff9a61b2de98
Co-authored-by: HOYALIM <[email protected]>
Co-authored-by: dvrshil <[email protected]>
Reviewed-by: @dvrshil

* fix(deps): bump tar to 7.5.10

* docs(changelog): document dependency security fixes

* fix: restore auto-reply system events timeline (#34794) (thanks @anisoptera) (#34794)

Co-authored-by: Ayaan Zaidi <[email protected]>

* fix(feishu): comprehensive reply mechanism — outbound replyToId forwarding + topic-aware reply targeting (#33789)

* fix(feishu): comprehensive reply mechanism fix — outbound replyToId forwarding + topic-aware reply targeting

- Forward replyToId from ChannelOutboundContext through sendText/sendMedia
  to sendMessageFeishu/sendMarkdownCardFeishu/sendMediaFeishu, enabling
  reply-to-message via the message tool.

- Fix group reply targeting: use ctx.messageId (triggering message) in
  normal groups to prevent silent topic thread creation (#32980). Preserve
  ctx.rootId targeting for topic-mode groups (group_topic/group_topic_sender)
  and groups with explicit replyInThread config.

- Add regression tests for both fixes.

Fixes #32980
Fixes #32958
Related #19784

* fix: normalize Feishu delivery.to before comparing with messaging tool targets

- Add normalizeDeliveryTarget helper to strip user:/chat: prefixes for Feishu
- Apply normalization in matchesMessagingToolDeliveryTarget before comparison
- This ensures cron duplicate suppression works when session uses prefixed targets
  (user:ou_xxx) but messaging tool extract uses normalized bare IDs (ou_xxx)

Fixes review comment on PR #32755

(cherry picked from commit fc20106f16ccc88a5f02e58922bb7b7999fe9dcd)

* fix(feishu): catch thrown SDK errors for withdrawn reply targets

The Feishu Lark SDK can throw exceptions (SDK errors with .code or
AxiosErrors with .response.data.code) for withdrawn/deleted reply
targets, in addition to returning error codes in the response object.

Wrap reply calls in sendMessageFeishu and sendCardFeishu with
try-catch to handle thrown withdrawn/not-found errors (230011,
231003) and fall back to client.im.message.create, matching the
existing response-level fallback behavior.

Also extract sendFallbackDirect helper to deduplicate the
direct-send fallback block across both functions.

Closes #33496

(cherry picked from commit ad0901aec103a2c52f186686cfaf5f8ba54b4a48)

* feishu: forward outbound reply target context

(cherry picked from commit c129a691fcf552a1cebe1e8a22ea8611ffc3b377)

* feishu extension: tighten reply target fallback semantics

(cherry picked from commit f85ec610f267020b66713c09e648ec004b2e26f1)

* fix(feishu): align synthesized fallback typing and changelog attribution

* test(feishu): cover group_topic_sender reply targeting

---------

Co-authored-by: Xu Zimo <[email protected]>
Co-authored-by: Munem Hashmi <[email protected]>
Co-authored-by: bmendonca3 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(feishu): use msg_type media for mp4 video (fixes #33674) (#33720)

* fix(feishu): use msg_type media for mp4 video (fixes #33674)

* Feishu: harden streaming merge semantics and final reply dedupe

Use explicit streaming update semantics in the Feishu reply dispatcher:
treat onPartialReply payloads as snapshot updates and block fallback payloads
as delta chunks, then merge final text with the shared overlap-aware
mergeStreamingText helper before closing the stream.

Prevent duplicate final text delivery within the same dispatch cycle, and add
regression tests covering overlap snapshot merge, duplicate final suppression,
and block-as-delta behavior to guard against repeated/truncated output.

* fix(feishu): prefer message.reply for streaming cards in topic threads

* fix: reduce Feishu streaming card print_step to avoid duplicate rendering

Fixes openclaw/openclaw#33751

* Feishu: preserve media sends on duplicate finals and add media synthesis changelog

* Feishu: only dedupe exact duplicate final replies

* Feishu: use scoped plugin-sdk import in streaming-card tests

---------

Co-authored-by: 倪汉杰0668001185 <[email protected]>
Co-authored-by: zhengquanliu <[email protected]>
Co-authored-by: nick <[email protected]>
Co-authored-by: linhey <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): bypass pendingDescendantRuns guard for cron announce delivery (#35185)

* fix(agents): bypass pendingDescendantRuns guard for cron announce delivery

Standalone cron job completions were blocked from direct channel delivery
when the cron run had spawned subagents that were still registered as
pending. The pendingDescendantRuns guard exists for live orchestration
coordination and should not apply to fire-and-forget cron announce sends.

Thread the announceType through the delivery chain and skip both the
child-descendant and requester-descendant pending-run guards when the
announce originates from a cron job.

Closes #34966

* fix: ensure outbound session entry for cron announce with named agents (#32432)

Named agents may not have a session entry for their delivery target,
causing the announce flow to silently fail (delivered=false, no error).

Two fixes:
1. Call ensureOutboundSessionEntry when resolving the cron announce
   session key so downstream delivery can find channel metadata.
2. Fall back to direct outbound delivery when announce delivery fails
   to ensure cron output reaches the target channel.

Closes #32432

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* fix: guard announce direct-delivery fallback against suppression leaks (#32432)

The `!delivered` fallback condition was too broad — it caught intentional
suppressions (active subagents, interim messages, SILENT_REPLY_TOKEN) in
addition to actual announce delivery failures.  Add an
`announceDeliveryWasAttempted` flag so the direct-delivery fallback only
fires when `runSubagentAnnounceFlow` was actually called and failed.

Also remove the redundant `if (route)` guard in
`resolveCronAnnounceSessionKey` since `resolved` being truthy guarantees
`route` is non-null.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* fix(cron): harden announce synthesis follow-ups

---------

Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* Feishu: harden streaming merge semantics and final reply dedupe (#33245)

* Feishu: close duplicate final gap and cover routing precedence

* Feishu: resolve reviewer duplicate-final and routing feedback

* Feishu: tighten streaming send-mode option typing

* Feishu: fix reverse-overlap streaming merge ordering

* Feishu: align streaming final dedupe test expectation

* Feishu: allow distinct streaming finals while deduping repeats

---------

Co-authored-by: Tak Hoffman <[email protected]>

* fix: cron backup should preserve pre-edit snapshot (#35195) (#35234)

* fix(cron): avoid overwriting .bak during normalization

Fixes openclaw/openclaw#35195

* test(cron): preserve pre-edit bak snapshot in normalization path

---------

Co-authored-by: 0xsline <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(cron): stabilize restart catch-up replay semantics (#35351)

* Cron: stabilize restart catch-up replay semantics

* Cron: respect backoff in startup missed-run replay

* cron: narrow startup replay backoff guard (#35391)

* cron: unify stale-run recovery and preserve manual-run every anchors (#35363)

* cron: unify stale-run recovery and preserve manual every anchors

* cron: address unresolved review threads on recovery paths

* cron: remove duplicate timestamp helper after rebase

* refactor(telegram): remove unused webhook callback helper (#27816)

* fix(pr): make review claim step required

* fix(skills): deduplicate slash commands by skillName across all interfaces

Move skill-command deduplication by skillName from the Discord-only
`dedupeSkillCommandsForDiscord` into `listSkillCommandsForAgents` so
every interface (TUI, Slack, text) consistently sees a clean command
list without platform-specific workarounds.

When multiple agents share a skill with the same name the old code
emitted `github` + `github_2` and relied on Discord to collapse them.
Now `listSkillCommandsForAgents` returns only the first registration
per skillName, and the Discord-specific wrapper is removed.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* style: fix formatting in skill-commands.test.ts and provider.ts

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* style(skills): align formatting cleanup for dedupe changes

* chore(changelog): add dedupe note openclaw#27521 thanks @shivama205

* fix(agents): detect Venice provider proxying xAI/Grok models for schema cleaning (#35355)

Merged via squash.

Prepared head SHA: 8bfdec257bb6a6025cb69a0a213a433da32b15db
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(agents): decode HTML entities in xAI/Grok tool call arguments (#35276)

Merged via squash.

Prepared head SHA: c4445d2938898ded9c046614f9315dbda65ec573
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(agents): guard promoteThinkingTagsToBlocks against malformed content entries (#35143)

Merged via squash.

Prepared head SHA: 3971122f5fd27c66c8c9c5ce783f00e113b1f47b
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(web-ui): render Accounts schema node properly (#35380)

Co-authored-by: stakeswky <[email protected]>
Co-authored-by: liuxiaopai-ai <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): guard context pruning against malformed thinking blocks (#35146)

Merged via squash.

Prepared head SHA: a196a565b1b8e806ffbf85172bcf1128796b45a2
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* fix(gateway): prevent internal route leakage in chat.send

Synthesis of routing fixes from #35321, #34635, and #35356 for internal-client reply safety.

- Require explicit `deliver: true` before inheriting any external delivery route.
- Keep webchat/TUI/UI-origin traffic on internal routing by default.
- Allow configured-main session inheritance only for non-Webchat/UI clients, and honor `session.mainKey`.
- Add regression tests for UI no-inherit, configured-main CLI inherit, and deliver-flag behavior.

Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Linux2010 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(gateway): pass actual version to Control UI client instead of dev (#35230)

* fix(gateway): pass actual version to Control UI client instead of "dev"

The GatewayClient, CLI WS client, and browser Control UI all sent
"dev" as their clientVersion during handshake, making it impossible
to distinguish builds in gateway logs and health snapshots.

- GatewayClient and CLI WS client now use the resolved VERSION constant
- Control UI reads serverVersion from the bootstrap endpoint and
  forwards it when connecting
- Bootstrap contract extended with serverVersion field

Closes #35209

* Gateway: fix control-ui version version-reporting consistency

* Control UI: guard deferred bootstrap connect after disconnect

* fix(ui): accept same-origin http and relative gateway URLs for client version

---------

Co-authored-by: Tak Hoffman <[email protected]>

* chore(pr): enforce changelog placement and reduce merge sync churn

* TTS: add baseUrl support to OpenAI TTS config (#34321)

Merged via squash.

Prepared head SHA: e9a10cf81d2021cf81091dfa81e13ffdbb6a540a
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Reviewed-by: @shakkernerd

* ACP: add persistent Discord channel and Telegram topic bindings (#34873)

* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <[email protected]>

* docs(telegram): recommend allowlist for single-user DM policy (#34841)

* docs(telegram): recommend allowlist for single-user bots

* docs(telegram): condense single-user allowlist note

---------

Co-authored-by: echoVic <[email protected]>

* fix(feishu): check response.ok before calling response.json() in streaming card (#35628)

Merged via squash.

Prepared head SHA: 62c3fec80d97cea9be344c0bef5358a0a5dc5560
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* Mattermost: honor onmessage mention override and add gating diagnostics tests (#27160)

Merged via squash.

Prepared head SHA: 6cefb1d5bf3d6dfcec36c1cee3f9ea887f10c890
Co-authored-by: turian <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(subagents): strip leaked [[reply_to]] tags from completion announces (#34503)

* fix(subagents): strip reply tags from completion delivery text

* test(subagents): cover reply-tag stripping in cron completion sends

* changelog: note iMessage reply-tag stripping in completion announces

* Update CHANGELOG.md

* Apply suggestion from @greptile-apps[bot]

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* fix(cron): restore direct fallback after announce failure in best-effort mode (openclaw#36177)

Verified:
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <[email protected]>

* test(cron): add cross-channel announce fallback regression coverage (openclaw#36197)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <[email protected]>

* feat(mattermost): add interactive buttons support (#19957)

Merged via squash.

Prepared head SHA: 8a25e608729d0b9fd07bb0ee4219d199d9796dbe
Co-authored-by: tonydehnke <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(browser): remove deprecated --disable-blink-features=AutomationControlled flag

- Removes OpenClaw's default `--disable-blink-features=AutomationControlled` Chrome launch switch to avoid unsupported-flag warnings in newer Chrome (#35721).
- Preserves compatibility for older Chrome via `browser.extraArgs` override behavior (source analysis: #35770, #35728, #35727, #35885).
- Synthesis attribution: thanks @Sid-Qin, @kevinWangSheng, @ningding97, @Naylenv, @clawbie.

Source PR refs: #35734, #35770, #35728, #35727, #35885

Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: kevinWangSheng <[email protected]>
Co-authored-by: ningding97 <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: clawbie <[email protected]>
Co-authored-by: Takhoffman <[email protected]>

* fix(feishu): add HTTP timeout to prevent per-chat queue deadlocks (#36430)

When the Feishu API hangs or responds slowly, the sendChain never settles,
causing the per-chat queue to remain in a processing state forever and
blocking all subsequent messages in that thread. This adds a 30-second
default timeout to all Feishu HTTP requests by providing a timeout-aware
httpInstance to the Lark SDK client.

Closes #36412

Co-authored-by: Ayane <[email protected]>

* fix(feishu): use probed botName for mention checks (#36391)

* Feishu: honor bot mentions by ID despite aliases (Fixes #36317) (#36333)

* Mattermost: switch plugin-sdk imports to scoped subpaths (openclaw#36480)

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(feishu): accept groupPolicy "allowall" as alias for "open" (#36358)

* fix(feishu): accept groupPolicy "allowall" as alias for "open"

When users configure groupPolicy: "allowall" in Feishu channel config,
the Zod schema rejects the value and the runtime policy check falls
through to the allowlist path.  With an empty allowFrom array, all group
messages are silently dropped despite the intended "allow all" semantics.

Accept "allowall" at the schema level (transform to "open") and add a
runtime guard in isFeishuGroupAllowed so the value is handled even if it
bypasses schema validation.

Closes #36312

Made-with: Cursor

* Feishu: tighten allowall alias handling and coverage

---------

Co-authored-by: Tak Hoffman <[email protected]>

* synthesis: fix Feishu group mention slash parsing

## Summary\n\nFeishu group slash command parsing is fixed for mentions and command probes across authorization paths.\n\nThis includes:\n- Normalizing bot mention text in group context for reliable slash detection in message parsing.\n- Adding command-probe normalization for group slash invocations.\n\nCo-authored-by: Sid Qin <[email protected]>\nCo-authored-by: Tak Hoffman <[email protected]>

* Feishu: normalize group slash command probing

- Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands are recognized in group routing.\n- Source PR: #36011\n- Contributor: @liuxiaopai-ai\n\nCo-authored-by: Tak Hoffman <[email protected]>\nCo-authored-by: liuxiaopai-ai <[email protected]>

* add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177)

Merged via squash.

Prepared head SHA: d9a2869ad69db9449336a2e2846bd9de0e647ac6
Co-authored-by: maweibin <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(feishu): avoid media regressions from global HTTP timeout (#36500)

* fix(feishu): avoid media regressions from global http timeout

* fix(feishu): source HTTP timeout from config

* fix(feishu): apply media timeout override to image uploads

* fix(feishu): invalidate cached client when timeout changes

* fix(feishu): clamp timeout values and cover image download

* Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094)

* fix(embedded): classify model_context_window_exceeded as context overflow, trigger compaction (#35934)

Merged via squash.

Prepared head SHA: 20fa77289c80b2807a6779a3df70440242bc18ca
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(agents): skip compaction API call when session has no real messages (#36451)

Merged via squash.

Prepared head SHA: 52dd6317895c7bd10855d2bd7dbbfc2f5279b68e
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(ui): catch marked.js parse errors to prevent Control UI crash (#36445)

- Prevent Control UI session render crashes when `marked.parse()` encounters pathological recursive markdown by safely falling back to escaped `<pre>` output.
- Tighten markdown fallback regression coverage and keep changelog attribution in sync for this crash-hardening path.

Co-authored-by: Bin Deng <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(session): archive old transcript on daily/scheduled reset to prevent orphaned files (#35493)

Merged via squash.

Prepared head SHA: 0d95549d752adecfc0b08d5cd55a8b8c75e264fe
Co-authored-by: byungsker <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(agents): set preserveSignatures to isAnthropic in resolveTranscriptPolicy (#32813)

Merged via squash.

Prepared head SHA: f522d21ca59a42abac554435a0aa646f6a34698d
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix: avoid false global rate-limit classification from generic cooldown text (#32972)

Merged via squash.

Prepared head SHA: 813c16f5afce415da130a917d9ce9f968912b477
Co-authored-by: stakeswky <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* refactor(agents): share failover HTTP status classification (#36615)

* fix(agents): classify transient failover statuses consistently

* fix(agents): preserve legacy failover status mapping

* fix(failover): narrow service-unavailable to require overload indicator (#32828) (#36646)

Merged via squash.

Prepared head SHA: 46fb4306127972d7635f371fd9029fbb9baff236
Co-authored-by: jnMetaCode <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* Compaction/Safeguard: add summary quality audit retries (#25556)

Merged via squash.

Prepared head SHA: be473efd1635616ebbae6e649d542ed50b4a827f
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* test(agents): add provider-backed failover regressions (#36735)

* test(agents): add provider-backed failover fixtures

* test(agents): cover more provider error docs

* test(agents): tighten provider doc fixtures

* Docs: add Slack typing reaction fallback

* Docs: update gateway config reference for Slack and TTS

* Docs: clarify OpenAI-compatible TTS endpoints

* Docs: document Control UI locale support

* Docs: cover heartbeat, cron, and plugin route updates

* fix(ui): bump dompurify to 3.3.2 (#36781)

* UI: bump dompurify to 3.3.2

* Deps: refresh dompurify lockfile

* UI: hoist lifecycle connect test mocks (#36788)

* fix(agents): classify insufficient_quota 400s as billing (#36783)

* feat: append UTC time alongside local time in shared Current time lines (#32423)

Merged via squash.

Prepared head SHA: 9e8ec13933b5317e7cff3f0bc048de515826c31a
Co-authored-by: jriff <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(config): prevent RangeError in merged schema cache key generation

Fix merged schema cache key generation for high-cardinality plugin/channel metadata by hashing incrementally instead of serializing one large aggregate string.

Includes changelog entry for the user-visible regression fix.

Co-authored-by: Tak Hoffman <[email protected]>
Co-authored-by: Bill <[email protected]>

* fix(slack): propagate mediaLocalRoots through Slack send path

Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain.

- pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction`
- add and forward `mediaLocalRoots` in Slack action context/send path
- pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement
- add changelog entry with attribution for this behavior fix

Co-authored-by: 2233admin <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(slack): preserve dedupe while recovering dropped app_mention (#34937)

This PR fixes Slack mention loss without reintroducing duplicate dispatches.

- Preserve seen-message dedupe at ingress to prevent duplicate processing.
- Allow a one-time app_mention retry only when the paired message event was previously dropped before dispatch.
- Add targeted race tests for both recovery and duplicate-prevention paths.

Co-authored-by: littleben <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* README: add algal to contributors list (#2046)

* fix: decouple Discord inbound worker timeout from listener timeout (#36602) (thanks @dutifulbob) (#36602)

Co-authored-by: Onur Solmaz <[email protected]>

* plugins: enforce prompt hook policy with runtime validation (#36567)

Merged via squash.

Prepared head SHA: 6b9d883b6ae33628235fb02ce39c0d0f46a065bb
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(memory): avoid destructive qmd collection rebinds

* Harden Telegram poll gating and schema consistency (#36547)

Merged via squash.

Prepared head SHA: f77824419e3d166f727474a9953a063a2b4547f2
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(browser): close tracked tabs on session cleanup (#36666)

* Diffs: restore system prompt guidance (#36904)

Merged via squash.

Prepared head SHA: 1b3be3c87957c068473d5c86b9efba4a1a8503f2
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* fix(routing): avoid full binding rescans in resolveAgentRoute (#36915)

* fix(gateway): honor insecure ws override for remote hostnames

* fix(llm-task): load runEmbeddedPiAgent from dist/extensionAPI in installs

* fix(auth): harden openai-codex oauth login path

* feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing (#36683)

* fix(acp): normalize unicode flags and Telegram topic binding

* feat(telegram/acp): restore topic-bound ACP and session bindings

* fix(acpx): clarify permission-denied guidance

* feat(telegram/acp): pin spawn bind notice in topics

* docs(telegram): document ACP topic thread binding behavior

* refactor(reply): share Telegram conversation-id resolver

* fix(telegram/acp): preserve bound session routing semantics

* fix(telegram): respect binding persistence and expiry reporting

* refactor(telegram): simplify binding lifecycle persistence

* fix(telegram): bind acp spawns in direct messages

* fix: document telegram ACP topic binding changelog (#36683) (thanks @huntharo)

---------

Co-authored-by: Onur <[email protected]>

* fix(gateway): preserve streamed prefixes across tool boundaries

* fix(tui): prevent stale model indicator after /model

* Memory: handle SecretRef keys in doctor embeddings (#36835)

Merged via squash.

Prepared head SHA: c1a3d0caae60115d886e8bfc9983c9533c773f04
Co-authored-by: joshavant <[email protected]>
Co-authored-by: joshavant <[email protected]>
Reviewed-by: @joshavant

* fix(openai-codex): request required oauth api scopes (#24720)

* fix(memory-flush): ban timestamped variant files in default flush prompt (#34951)

Merged via squash.

Prepared head SHA: efadda4988b460e6da07be72994d4951d64239d0
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(tui): render final event error when assistant output is empty (#14687)

* feat(agents): flush reply pipeline before compaction wait (#35489)

Merged via squash.

Prepared head SHA: 7dbbcc510b74b0e8d35eb750d24575e34b5d769a
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman

* fix(secrets): harden api key normalization for ByteString headers

* fix(slack): remove double mrkdwn conversion in native streaming path

Remove redundant text normalization from Slack native streaming markdown_text flow so Markdown formatting is preserved.

Synthesis context: overlaps reviewed from #34931, #34759, #34716, #34682, #34814.

Co-authored-by: littleben <[email protected]>
Co-authored-by: dunamismax <[email protected]>
Co-authored-by: Octane <[email protected]>
Co-authored-by: Mitsuyuki Osabe <[email protected]>
Co-authored-by: Kai <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>

* fix(kimi-coding): normalize anthropic tool payload format

* fix(slack): thread channel ID through inbound context for reactions (#34831)

Slack reaction/thread context routing fixes via canonical synthesis of #34831.

Co-authored-by: Tak <[email protected]>

* fix(heartbeat): pin HEARTBEAT.md reads to workspace path

* fix(subagents): recover announce cleanup after kill/complete race

* feat(hooks): emit compaction lifecycle hooks (#16788)

* fix(auth): harden openai-codex oauth refresh fallback

* fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry (#35080)

Thanks @tyler6204

* fix(agents): avoid synthetic tool-result writes on idle-timeout cleanup

* fix(agent): harden undici stream timeouts for long openai-completions runs

* fix(slack): record app_mention retry key before dedupe check (#37033)

- Prime app_mention retry allowance before dedupe so near-simultaneous message/app_mention races do not drop valid mentions.
- Prevent duplicate dispatch when app_mention wins the race and message prepare later succeeds.
- Prune dispatched mention keys and add regression coverage for both dropped and successful in-flight message outcomes.

Co-authored-by: Tak Hoffman <[email protected]>

* fix(agents): honor explicit rate-limit cooldown probes in fallback runs

* fix(agents): allow configured ollama endpoints without dummy api keys

* fix(memory): recover qmd updates from duplicate document constraints

* Doctor: warn on implicit heartbeat directPolicy (#36789)

* Changelog: note heartbeat directPolicy doctor warning

* Tests: cover heartbeat directPolicy doctor warning

* Doctor: warn on implicit heartbeat directPolicy

* Tests: cover per-agent heartbeat directPolicy warning

* Update CHANGELOG.md

* Plugins: clarify registerHttpHandler migration errors (#36794)

* Changelog: note plugin HTTP route migration diagnostics

* Tests: cover registerHttpHandler migration diagnostics

* Plugins: clarify registerHttpHandler migration errors

* Tests: cover registerHttpHandler diagnostic edge cases

* Plugins: tighten registerHttpHandler migration hint

* fix(memory): repair qmd collection name conflicts during ensure

* fix(memory): handle qmd search results without docid

* Plugins: avoid false integrity drift prompts on unpinned updates (#37179)

* Plugins: skip drift prompts for unpinned updates

* Plugins: cover unpinned integrity update behavior

* Changelog: add #37179 release note

* Delete changelog/fragments directory

* Update CHANGELOG.md

* fix(whatsapp): remove implicit [openclaw] self-chat prefix

* fix: remove config.schema from agent gateway tool (#7382)

Merged via squash.

Prepared head SHA: f34a7780690a941936b31899e2d096b8a07f4afc
Co-authored-by: kakuteki <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* feat(openai): add gpt-5.4 support for API and Codex OAuth (#36590)

* feat(openai): add gpt-5.4 support and priority processing

* feat(openai-codex): add gpt-5.4 oauth support

* fix(openai): preserve provider overrides in gpt-5.4 fallback

* fix(openai-codex): keep xhigh for gpt-5.4 default

* fix(models): preserve configured overrides in list output

* fix(models): close gpt-5.4 integration gaps

* fix(openai): scope service tier to public api

* fix(openai): complete prep followups for gpt-5.4 support (#36590) (thanks @dorukardahan)

---------

Co-authored-by: Tyler Yust <[email protected]>

* fix(tui): preserve credential-like tokens in render sanitization

* CLI: make read-only SecretRef status flows degrade safely (#37023)

* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics

* chore(changelog): update for #37023

Signed-off-by: joshavant <[email protected]>

* fix(agents): disable usage streaming chunks on non-native openai-completions

* feat(nano-banana-pro): add --aspect-ratio flag to generate_image.py (#28159)

* feat(nano-banana-pro): add --aspect-ratio flag to generate_image.py

* Nano Banana: allow all supported aspect ratios

* Docs: expand nano banana aspect ratio options

---------

Co-authored-by: Vincent Koc <[email protected]>

* fix(gateway): support image_url in OpenAI chat completions (#34068)

* fix(gateway): parse image_url in openai chat completions

* test(gateway): cover openai chat completions image_url flows

* docs(changelog): note openai image_url chat completions fix (#17685)

* fix(gateway): harden openai image_url parsing and limits

* test(gateway): add openai image_url regression coverage

* docs(changelog): expand #17685 openai chat completions note

* Gateway: make OpenAI image_url URL fetch opt-in and configurable

* Diagnostics: redact image base64 payload data in trace logs

* Changelog: note OpenAI image_url hardening follow-ups

* Gateway: enforce OpenAI image_url total budget incrementally

* Gateway: scope OpenAI image_url extraction to the active turn

* Update CHANGELOG.md

* fix(agents): avoid xAI web_search tool-name collisions

* fix: clear Telegram DM draft after materialize (#36746) (thanks @joelnishanth)

* Fix Control UI duplicate iMessage replies for internal webchat turns (#36151)

* Auto-reply: avoid routing external replies from internal webchat turns

* Auto-reply tests: cover internal webchat non-routing with external origin metadata

* Changelog: add Control UI iMessage duplicate-reply fix note

* Auto-reply context: track explicit deliver routes

* Gateway chat: mark explicit external deliver routes in context

* Auto-reply: preserve explicit deliver routes for internal webchat turns

* Auto-reply tests: cover explicit deliver routes from internal webchat turns

* Gateway chat tests: assert explicit deliver route context tagging

* fix: enforce 600 perms for cron store and run logs (#36078)

* fix: enforce secure permissions for cron store and run logs

* fix(cron): enforce dir perms and gate posix tests on windows

* Cron store tests: cover existing directory permission hardening

* Cron run-log tests: cover existing directory permission hardening

* Changelog: note cron file permission hardening

---------

Co-authored-by: linhey <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>

* fix(tui): accept canonical session-key aliases in chat event routing

* Gateway: normalize OpenAI stream chunk text

* Gateway: coerce chat deliverable route boolean

* fix(web_search): align brave language codes with API

* Respect source channel for agent event surfacing (#36030)

* fix(session): prefer webchat routes for direct ui turns (#37135)

* Gateway: discriminate input sources

* Cron: migrate legacy provider delivery hints

* Cron: stabilize runs-one-shot migration tests

* fix(memory): retry mcporter after Windows EINVAL spawn

* fix(onboarding): guard daemon status probe on headless linux

* Gateway: add path-scoped config schema lookup (#37266)

Merged via squash.

Prepared head SHA: 0c4d187f6fb66f2799d4047585d6368e433c883a
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

* docs(changelog): add pr entry

* fix(ci): restore protocol and schema checks (#37470)

* Fix failover for zhipuai 1310 Weekly/Monthly Limit Exhausted (#33813)

Merged via squash.

Prepared head SHA: 3dc441e58de48913720cf7b6137fa761758d8344
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix(openai-codex-oauth): stop mutating authorize url scopes

* Update CHANGELOG.md

* fix(auth): remove bogus codex oauth responses probe

* docs(changelog): fold codex oauth fix notes

* docs(changelog): add codex oauth pr reference (#37558)

* fix(security:PLA-697): block local secret scratch files from commits

* feat: add dev EKS deployment for openclaw SRE container

* fix: stabilize slack socket mode in dev eks runtime

* fix(eks): reuse monitoring incident auth for openclaw-sre

* feat(deploy): add grafana env guards and prod deploy wrapper

* fix(security): redact tool outputs and enforce secret-safe runtime defaults

* feat(sre): harden heartbeat routing and enrich triage signals

* docs: add SRE hybrid intelligence design

Three-layer architecture to improve bot reasoning quality:
- Layer 1: Service knowledge (auto-discovery + overlays + incident memory)
- Layer 2: Multi-stage reasoning chain (triage → hypothesize → causal chain → action plan → cross-review)
- Layer 3: Incident learning loop (structured cards, overlay suggestions, feedback signals)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* feat(sandbox): add boundary cli to common runtime image

* docs(sre): finalize hybrid intelligence design v19 after 18 Codex review rounds

Iteratively hardened the design through 18 adversarial Codex review rounds,
resolving 60+ findings (15+ CRITICAL, 45+ HIGH). Key fixes include:
- Decoupled incident_id (pre-Step11 immutable) from card_id (LLM-derived)
- Unified evidence/memory sanitization via shared _strip_instruction_tokens
- Fixed rerun interval default (3600s > heartbeat 1800s) to prevent every-cycle re-runs
- Added Phase 2 cross-review gap note and dual-column depth table
- Overlay suggestion idempotency via deterministic suggestion_key + upsert
- Decoupled chain timeout from legacy budget check
- Added predicate alignment docs for L3 pre-check vs L3 gate
- Adopted dynamic evidence_completeness denominator matching existing code
- Added scope note clarifying design vs current implementation

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* feat(sre): complete hybrid intelligence rollout and bot hardening

* fix(sre): harden slack reasoning, dual chain, and deploy auth/runtime

* ci: add ecr release pipeline and infra-helm image update trigger

* ci: switch workflows to github-hosted runners

* ci: allow manual ecr env target and use updater v4

* ci: remove windows jobs from workflow

* chore(pla-678): update fallback auth fixture and plan docs

* fix(pla-678): preserve control-ui host-header fallback in dev config

* refactor(pla-678): remove local sre chart and require infra-helm

* refactor(pla-678): remove direct eks deploy scripts

* ci(pla-678): remove labeler workflow

* ci(pla-678): refresh checks after disabling labeler

* build: install boundary CLI in SRE runtime image

* fix(slack:PLA-678): keep one thread lane across users

* fix(sre-skill): enforce live db-query runbook in dev seed

* fix(slack): ignore bot thread history when seeding new sessions

* fix(slack): force retry on repeated thread questions

* fix(sre-skill): require retry on repeated db requests

* docs(sre-skill): make retry policy generic across repeated asks

* fix(sre:PLA-678): enforce live linear ticket updates

* fix(sre:PLA-678): use [PLATFORM] Backlog linear project

* fix(sre:PLA-678): label linked linear tickets as openclaw-sre

* fix(sre:PLA-678): auto-label linked linear tickets for auto-pr

* test(sre:PLA-678): make tracking label test executable

* fix(slack:PLA-678): remove status-final completion banner (#16)

* fix(slack:PLA-678): enable direct file attachments from agent replies (#17)

* fix(slack:PLA-678): remove status-final completion banner

* fix(slack): enable direct file attachments from agent replies

* refactor(sre:PLA-678): remove local deploy config mirror (#18)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack:PLA-678): force DM replies into per-message threads (#19)

* fix: compact oversized auto-generated pr bodies

* fix(sre): add built-in linear incident memory provider

* feat(sre): add erpc helper with flo secret query

* fix(sre): enforce canonical rpc.morpho.dev erpc endpoint

* refactor(sre): remove local deploy config mirror

* fix(slack): force threaded replies for direct messages

* feat(cron:PLA-678): use conversation history in self-improve runs (#20)

* fix(slack:PLA-678): improve progress update readability (#21)

* fix(ci:PLA-678): restore main release pipeline health (#22)

* fix(ci:PLA-678): restore main release pipeline health

* fix(ci:PLA-678): harden auto-response token fallback

* fix(ci:PLA-678): pin setup-bun to published release

* test(ci:PLA-678): align slack thread session expectations

* fix(sre:PLA-678): harden Slack reply delivery and image release flow (#23)

* fix(slack:PLA-678): harden thread-scoped reply delivery

* fix(slack:PLA-678): satisfy lint after rebase

* ci(release:PLA-678): move image release to cached ecr flow

* ci(release:PLA-678): use official docker build actions

* fix(slack:PLA-722): preserve progress updates during final-answer gating (#24)

* fix(sre:PLA-724): restore ECR runtime image toolchain (#25)

* fix(failover): classify HTTP 402 as rate_limit when payload indicates usage limit (#30484) (#36802)

* fix(failover): classify HTTP 402 as rate_limit when payload indicates usage limit (#30484)

Some providers (notably Anthropic Claude Max plan) surface temporary
usage/rate-limit failures as HTTP 402 instead of 429. Before this change,
all 402s were unconditionally mapped to 'billing', which produced a
misleading 'run out of credits' warning for Max plan users who simply
hit their usage window.

This follows the same pattern introduced for HTTP 400 in #36783: check
the error message for an explicit rate-limit signal before falling back
to the default status-code classification.

- classifyFailoverReasonFromHttpStatus now returns 'rate_limit' for 402
  when isRateLimitErrorMessage matches the payload text
- Added regression tests covering both the rate-limit and billing paths
  on 402

* fix: narrow 402 rate-limit matcher to prevent billing misclassification

The original implementation used isRateLimitErrorMessage(), which matches
phrases like 'quota exceeded' that legitimately appear in billing errors.

This commit replaces it with a narrow, 402-specific matcher that requires
BOTH retry language (try again/retry/temporary/cooldown) AND limit
terminology (usage limit/rate limit/organization usage).

Prevents misclassification of errors like:
'HTTP 402: exceeded quota, please add credits' -> billing (not rate_limit)

Added regression test for the ambiguous case.

---------

Co-authored-by: Val Alexander <[email protected]>

* fix(mattermost): allow reachable interaction callback URLs (#37543)

Merged via squash.

Prepared head SHA: 4d593731be5a5dcbf3106d596b38acfeb8cf0aa8
Co-authored-by: mukhtharcm <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Reviewed-by: @mukhtharcm

* fix(auth): prefer Anthropic API key over stale OAuth profiles

* fix(runtime): raise default agent timeout to one hour

* feat(runtime): support direct env fallback for agent timeout

---------

Signed-off-by: joshavant <[email protected]>
Co-authored-by: Gustavo Madeira Santana <[email protected]>
Co-authored-by: Mariano <[email protected]>
Co-authored-by: leepokai <[email protected]>
Co-authored-by: Bob <[email protected]>
Co-authored-by: Onur <[email protected]>
Co-authored-by: Ayaan Zaidi <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>
Co-authored-by: huangcj <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: Sid <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: shakkernerd <[email protected]>
Co-authored-by: a <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Shakker <[email protected]>
Co-authored-by: liuxiaopai-ai <[email protected]>
Co-authored-by: Rodrigo Uroz <[email protected]>
Co-authored-by: rodrigouroz <[email protected]>
Co-authored-by: jalehman <[email protected]>
Co-authored-by: Kai <[email protected]>
Co-authored-by: RealKai42 <[email protected]>
Co-authored-by: 青雲 <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Darshil <[email protected]>
Co-authored-by: Ho Lim <[email protected]>
Co-authored-by: dvrshil <[email protected]>
Co-authored-by: Isis Anisoptera <[email protected]>
Co-authored-by: Madoka <[email protected]>
Co-authored-by: Xu Zimo <[email protected]>
Co-authored-by: Munem Hashmi <[email protected]>
Co-authored-by: bmendonca3 <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>
Co-authored-by: Nhj <[email protected]>
Co-authored-by: 倪汉杰0668001185 <[email protected]>
Co-authored-by: zhengquanliu <[email protected]>
Co-authored-by: nick <[email protected]>
Co-authored-by: linhey <[email protected]>
Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: rexl2018 <[email protected]>
Co-authored-by: sline <[email protected]>
Co-authored-by: 0xsline <[email protected]>
Co-authored-by: Harold Hunt <[email protected]>
Co-authored-by: Shivam <[email protected]>
Co-authored-by: 不做了睡大觉 <[email protected]>
Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: alexyyyander <[email protected]>
Co-authored-by: Octane0411 <[email protected]>
Co-authored-by: Linux2010 <[email protected]>
Co-authored-by: echoVic <[email protected]>
Co-authored-by: Joseph Turian <[email protected]>
Co-authored-by: turian <[email protected]>
Co-authored-by: mukhtharcm <[email protected]>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Tony Dehnke <[email protected]>
Co-authored-by: Sid-Qin <[email protected]>
Co-authored-by: kevinWangSheng <[email protected]>
Co-authored-by: ningding97 <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: clawbie <[email protected]>
Co-authored-by: Takhoffman <[email protected]>
Co-authored-by: Ayane <[email protected]>
Co-authored-by: Ayane <[email protected]>
Co-authored-by: StingNing <[email protected]>
Co-authored-by: maweibin <[email protected]>
Co-authored-by: maweibin <[email protected]>
Co-authored-by: Josh Avant <[email protected]>
Co-authored-by: Bin Deng <[email protected]>
Co-authored-by: Byungsker <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Co-authored-by: Altay <[email protected]>
Co-authored-by: jiangnan <[email protected]>
Co-authored-by: jnMetaCode <[email protected]>
Co-authored-by: Jacob Riff <[email protected]>
Co-authored-by: jriff <[email protected]>
Co-authored-by: Naylenv <[email protected]>
Co-authored-by: Bill <[email protected]>
Co-authored-by: 2233admin <[email protected]>
Co-authored-by: 2233admin <[email protected]>
Co-authored-by: littleben <[email protected]>
Co-authored-by: littleben <[email protected]>
Co-authored-by: OpenClaw Agent <[email protected]>
Co-authored-by: Vignesh Natarajan <[email protected]>
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: zerone0x <[email protected]>
Co-authored-by: dunamismax <[email protected]>
Co-authored-by: Octane <[email protected]>
Co-authored-by: Mitsuyuki Osabe <[email protected]>
Co-authored-by: Tak <[email protected]>
Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: Hinata Kaga (samon) <[email protected]>
Co-authored-by: dorukardahan <[email protected]>
Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: Brenner Spear <[email protected]>
Co-authored-by: aerelune <[email protected]>
Co-authored-by: Frank Yang <[email protected]>
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: zhouhe-xydt <[email protected]>
Co-authored-by: Vignesh <[email protected]>
Co-authored-by: OpenClaw SRE Bot <[email protected]>
Co-authored-by: Xinhua Gu <[email protected]>
Co-authored-by: Val Alexander <[email protected]>

…law#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

…law#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

Co-Authored-By: Claude Sonnet 4.6 (1M context) <[email protected]>

…law#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

…law#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

CRITICAL:
- #1: Fix InboxMessage.from type from number to string (Pilot address)
- #2: Fix parseNodeIdFromPilotAddress to extract only last hex group
- #3: Rebuild hostnameToNodeId cache from Convex on startup
- #4: Fix AgentNetworkConfig → AgentRegistryConfig type reference
- #5: Track processed message hashes to prevent re-processing on clear failure

HIGH:
- #7: Change default pollIntervalSeconds from 300 to 15
- #8: Fix startDaemon regex to match Pilot address format (0:xxxx.xxxx.xxxx)
- #9: Use registerAgent() for re-registration to preserve enriched metadata
- #10: Fix search query param from 'query' to 'q'
- #12: handleRefresh supports optional accountId, refreshes all if omitted
- #13: Move spawn import to top-level, remove 7 inline dynamic imports
- #14: Mark inbox tool action as debug-only (poll loop handles processing)

MEDIUM:
- #15: Add installation_id to PilotPeer interface and agentToPeer
- #16: Use exact /by-hostname/ endpoint for get_agent action
- #17: Add LRU-style eviction to hostnameToNodeId (max 1000 entries)
- openclaw#18: Add mutex (isPolling flag) to executePollCycle
- openclaw#19: Add lifecycle comments to startDaemon/stopDaemon (container vs local)
- openclaw#20: Pass gatewayToken in fetchNetworkMetadata Convex query
- openclaw#21: Wrap sendText fallback in try/catch with error handling
- openclaw#23: Document sendMessage JSON vs raw text design intent

…law#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

…law#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

* feat: add QQ Bot channel extension

* fix(qqbot): add setupWizard to runtime plugin for onboard re-entry

* fix: fix review

* fix: fix review

* chore: sync lockfile and config-docs baseline for qqbot extension

* refactor: 移除图床服务器相关代码

* fix

* docs: 新增 QQ Bot 插件文档并修正链接路径

* refactor: remove credential backup functionality and update setup logic

- Deleted the credential backup module to streamline the codebase.
- Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs.
- Simplified slash commands by removing unused hot upgrade compatibility checks and related functions.
- Adjusted types to use SecretInput for client secrets in QQBot configuration.
- Modified bundled plugin metadata to allow additional properties in the config schema.

* feat: 添加本地媒体路径解析功能，修正 QQBot 媒体路径处理

* feat: 添加本地媒体路径解析功能，修正 QQBot 媒体路径处理

* feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup

- Deleted the qqbot-media and qqbot-remind skills documentation files.
- Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations.
- Implemented tests for local media path remapping, verifying correct resolution of media file paths.
- Removed obsolete channel and remind tools, streamlining the codebase.

* feat: 更新 QQBot 配置模式，添加音频格式和账户定义

* feat: 添加 QQBot 频道管理和定时提醒技能，更新媒体路径解析功能

* fix

* feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引

* feat: update reminder and qq channel skills

* feat: 更新remind工具投递目标地址格式

* feat: Refactor QQBot payload handling and improve code documentation

- Simplified and clarified the structure of payload interfaces for Cron reminders and media messages.
- Enhanced the parsing function to provide clearer error messages and improved validation.
- Updated platform utility functions for better cross-platform compatibility and clearer documentation.
- Improved text parsing utilities for better readability and consistency in emoji representation.
- Optimized upload cache management with clearer comments and reduced redundancy.
- Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation.

* OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift

> [email protected] check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw
> node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check

[bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts
 ELIFECYCLE  Command failed with exit code 1.
 ELIFECYCLE  Command failed with exit code 1.

* feat: 添加 QQBot 渠道配置及相关账户设置

* fix(qqbot): resolve 14 high-priority bugs from PR #52986 review

DM routing (7 fixes):
- #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId)
- #2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId}
- #3: sendTextChunks adds DM branch
- #4: sendMarkdownReply adds DM branch for text and Base64 images
- #5: parseAndSendMediaTags maps DM to targetType:dm + guildId
- #6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field
- #7: handleImage/Audio/Video/FilePayload add DM branches

Other high-priority fixes:
- #8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment
- #9: broadcastMessage uses groupOpenid instead of member_openid for group users
- #10: Unify KnownUser storage - proactive.ts delegates to known-users.ts
- #11: Remove invalid recordKnownUser calls for guild/DM users
- #12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook
- #13: sendPhoto channel unsupported returns error field
- #14: sendTextAfterMedia adds channel and dm branches

Type fixes:
- DeliverEventContext adds guildId field
- MediaTargetContext.targetType adds dm variant
- sendPlainTextReply imgMediaTarget adds DM branch

* fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR #52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- #15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- #16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- #17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- #18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- #19: isCronExpression validates each token starts with a cron-valid character
- #20: --token format validation rejects malformed input without colon separator
- #21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

* test(qqbot): add focused tests for slash command authorization path

- Unauthorized sender rejected for /bot-logs (requireAuth: true)
- Authorized sender allowed for /bot-logs
- Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders
- Unknown slash commands return null (passthrough)
- Non-slash messages return null
- Usage query (/bot-logs ?) also gated by auth check

* fix(qqbot): align global TTS fallback with framework config resolution

- Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core
  resolveTtsConfig logic: check auto !== 'off', fall back to legacy
  enabled boolean, default to off when neither is set.
- Add pre-check in reply-dispatcher before calling globalTextToSpeech to
  avoid unnecessary TTS calls and noisy error logs when TTS is not
  configured.
- Remove inline as any casts; use OpenClawConfig type throughout.
- Refactor handleAudioPayload into flat early-return structure with
  unified send path (plugin TTS → global fallback → send).

* fix(qqbot): break ESM circular dependency causing multi-account startup crash

The bundled gateway chunk had a circular static import on the channel
chunk (gateway -> outbound-deliver -> channel, while channel dynamically
imports gateway). When two accounts start concurrently via Promise.all,
the first dynamic import triggers module graph evaluation; the circular
reference causes api exports (including runDiagnostics) to resolve as
undefined before the module finishes evaluating.

Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new
text-utils.ts leaf module. outbound-deliver.ts now imports from
text-utils.ts, breaking the cycle. channel.ts re-exports for backward
compatibility.

* fix(qqbot): serialize gateway module import to prevent multi-account startup race

When multiple accounts start concurrently via Promise.all, each calls
await import('./gateway.js') independently. Due to ESM circular
dependencies in the bundled output, the first import can resolve
transitive exports as undefined before module evaluation completes.

Fix: cache the dynamic import promise in a module-level variable so all
concurrent startAccount calls share the same import, ensuring the
gateway module is fully evaluated before any account uses it.

* refactor(qqbot): remove startup greeting logic

Remove getStartupGreetingPlan and related startup greeting delivery:
- Delete startup-greeting.ts (greeting plan, marker persistence)
- Delete admin-resolver.ts (admin resolution, greeting dispatch)
- Remove startup greeting calls from gateway READY/RESUMED handlers
- Remove isFirstReadyGlobal flag and adminCtx

* fix(qqbot): skip octal escape decoding for Windows local paths

Windows paths like C:\Users\1\file.txt contain backslash-digit sequences
that were incorrectly matched as octal escape sequences and decoded,
corrupting the file path. Detect Windows local paths (drive letter or UNC
prefix) and skip the octal decoding step for them.

* fix bot issue

* feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile

* docs: 添加 QQBot 配置和消息处理的设计说明

* rebase

* fix(qqbot): align slash-command auth with shared command-auth model

Route requireAuth:true slash commands (e.g. /bot-logs) through the
framework's api.registerCommand() so resolveCommandAuthorization()
applies commands.allowFrom.qqbot precedence and qqbot: prefix
normalization before any handler runs.

- slash-commands.ts: registerCommand() now auto-routes by requireAuth
  into two maps (commands / frameworkCommands); getFrameworkCommands()
  exports the auth-required set for framework registration; bot-help
  lists both maps
- index.ts: registerFull() iterates getFrameworkCommands() and calls
  api.registerCommand() for each; handler derives msgType from ctx.from,
  sends file attachments via sendDocument, supports multi-account via
  ctx.accountId
- gateway.ts (inbound): replace raw allowFrom string comparison with
  qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and
  uppercase before matching event.senderId
- gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized
  is true (requireAuth:true commands never reach matchSlashCommand)
- command-auth.test.ts: add regression tests for qqbot: prefix
  normalization in the inbound commandAuthorized computation
- slash-commands.test.ts: update /bot-logs tests to expect null
  (command routed to framework, not in local registry)

* rebase and solve conflict

* fix(qqbot): preserve mixed env setup credentials

---------

Co-authored-by: yuehuali <[email protected]>
Co-authored-by: walli <[email protected]>
Co-authored-by: WideLee <[email protected]>
Co-authored-by: Frank Yang <[email protected]>

* feat: add QQ Bot channel extension

* fix(qqbot): add setupWizard to runtime plugin for onboard re-entry

* fix: fix review

* fix: fix review

* chore: sync lockfile and config-docs baseline for qqbot extension

* refactor: 移除图床服务器相关代码

* fix

* docs: 新增 QQ Bot 插件文档并修正链接路径

* refactor: remove credential backup functionality and update setup logic

- Deleted the credential backup module to streamline the codebase.
- Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs.
- Simplified slash commands by removing unused hot upgrade compatibility checks and related functions.
- Adjusted types to use SecretInput for client secrets in QQBot configuration.
- Modified bundled plugin metadata to allow additional properties in the config schema.

* feat: 添加本地媒体路径解析功能，修正 QQBot 媒体路径处理

* feat: 添加本地媒体路径解析功能，修正 QQBot 媒体路径处理

* feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup

- Deleted the qqbot-media and qqbot-remind skills documentation files.
- Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations.
- Implemented tests for local media path remapping, verifying correct resolution of media file paths.
- Removed obsolete channel and remind tools, streamlining the codebase.

* feat: 更新 QQBot 配置模式，添加音频格式和账户定义

* feat: 添加 QQBot 频道管理和定时提醒技能，更新媒体路径解析功能

* fix

* feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引

* feat: update reminder and qq channel skills

* feat: 更新remind工具投递目标地址格式

* feat: Refactor QQBot payload handling and improve code documentation

- Simplified and clarified the structure of payload interfaces for Cron reminders and media messages.
- Enhanced the parsing function to provide clearer error messages and improved validation.
- Updated platform utility functions for better cross-platform compatibility and clearer documentation.
- Improved text parsing utilities for better readability and consistency in emoji representation.
- Optimized upload cache management with clearer comments and reduced redundancy.
- Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation.

* OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift

> [email protected] check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw
> node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check

[bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts
 ELIFECYCLE  Command failed with exit code 1.
 ELIFECYCLE  Command failed with exit code 1.

* feat: 添加 QQBot 渠道配置及相关账户设置

* fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review

DM routing (7 fixes):
- #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId)
- openclaw#2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId}
- openclaw#3: sendTextChunks adds DM branch
- openclaw#4: sendMarkdownReply adds DM branch for text and Base64 images
- openclaw#5: parseAndSendMediaTags maps DM to targetType:dm + guildId
- openclaw#6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field
- openclaw#7: handleImage/Audio/Video/FilePayload add DM branches

Other high-priority fixes:
- openclaw#8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment
- openclaw#9: broadcastMessage uses groupOpenid instead of member_openid for group users
- openclaw#10: Unify KnownUser storage - proactive.ts delegates to known-users.ts
- openclaw#11: Remove invalid recordKnownUser calls for guild/DM users
- openclaw#12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook
- openclaw#13: sendPhoto channel unsupported returns error field
- openclaw#14: sendTextAfterMedia adds channel and dm branches

Type fixes:
- DeliverEventContext adds guildId field
- MediaTargetContext.targetType adds dm variant
- sendPlainTextReply imgMediaTarget adds DM branch

* fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

* test(qqbot): add focused tests for slash command authorization path

- Unauthorized sender rejected for /bot-logs (requireAuth: true)
- Authorized sender allowed for /bot-logs
- Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders
- Unknown slash commands return null (passthrough)
- Non-slash messages return null
- Usage query (/bot-logs ?) also gated by auth check

* fix(qqbot): align global TTS fallback with framework config resolution

- Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core
  resolveTtsConfig logic: check auto !== 'off', fall back to legacy
  enabled boolean, default to off when neither is set.
- Add pre-check in reply-dispatcher before calling globalTextToSpeech to
  avoid unnecessary TTS calls and noisy error logs when TTS is not
  configured.
- Remove inline as any casts; use OpenClawConfig type throughout.
- Refactor handleAudioPayload into flat early-return structure with
  unified send path (plugin TTS → global fallback → send).

* fix(qqbot): break ESM circular dependency causing multi-account startup crash

The bundled gateway chunk had a circular static import on the channel
chunk (gateway -> outbound-deliver -> channel, while channel dynamically
imports gateway). When two accounts start concurrently via Promise.all,
the first dynamic import triggers module graph evaluation; the circular
reference causes api exports (including runDiagnostics) to resolve as
undefined before the module finishes evaluating.

Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new
text-utils.ts leaf module. outbound-deliver.ts now imports from
text-utils.ts, breaking the cycle. channel.ts re-exports for backward
compatibility.

* fix(qqbot): serialize gateway module import to prevent multi-account startup race

When multiple accounts start concurrently via Promise.all, each calls
await import('./gateway.js') independently. Due to ESM circular
dependencies in the bundled output, the first import can resolve
transitive exports as undefined before module evaluation completes.

Fix: cache the dynamic import promise in a module-level variable so all
concurrent startAccount calls share the same import, ensuring the
gateway module is fully evaluated before any account uses it.

* refactor(qqbot): remove startup greeting logic

Remove getStartupGreetingPlan and related startup greeting delivery:
- Delete startup-greeting.ts (greeting plan, marker persistence)
- Delete admin-resolver.ts (admin resolution, greeting dispatch)
- Remove startup greeting calls from gateway READY/RESUMED handlers
- Remove isFirstReadyGlobal flag and adminCtx

* fix(qqbot): skip octal escape decoding for Windows local paths

Windows paths like C:\Users\1\file.txt contain backslash-digit sequences
that were incorrectly matched as octal escape sequences and decoded,
corrupting the file path. Detect Windows local paths (drive letter or UNC
prefix) and skip the octal decoding step for them.

* fix bot issue

* feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile

* docs: 添加 QQBot 配置和消息处理的设计说明

* rebase

* fix(qqbot): align slash-command auth with shared command-auth model

Route requireAuth:true slash commands (e.g. /bot-logs) through the
framework's api.registerCommand() so resolveCommandAuthorization()
applies commands.allowFrom.qqbot precedence and qqbot: prefix
normalization before any handler runs.

- slash-commands.ts: registerCommand() now auto-routes by requireAuth
  into two maps (commands / frameworkCommands); getFrameworkCommands()
  exports the auth-required set for framework registration; bot-help
  lists both maps
- index.ts: registerFull() iterates getFrameworkCommands() and calls
  api.registerCommand() for each; handler derives msgType from ctx.from,
  sends file attachments via sendDocument, supports multi-account via
  ctx.accountId
- gateway.ts (inbound): replace raw allowFrom string comparison with
  qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and
  uppercase before matching event.senderId
- gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized
  is true (requireAuth:true commands never reach matchSlashCommand)
- command-auth.test.ts: add regression tests for qqbot: prefix
  normalization in the inbound commandAuthorized computation
- slash-commands.test.ts: update /bot-logs tests to expect null
  (command routed to framework, not in local registry)

* rebase and solve conflict

* fix(qqbot): preserve mixed env setup credentials

---------

Co-authored-by: yuehuali <[email protected]>
Co-authored-by: walli <[email protected]>
Co-authored-by: WideLee <[email protected]>
Co-authored-by: Frank Yang <[email protected]>

* feat: add QQ Bot channel extension

* fix(qqbot): add setupWizard to runtime plugin for onboard re-entry

* fix: fix review

* fix: fix review

* chore: sync lockfile and config-docs baseline for qqbot extension

* refactor: 移除图床服务器相关代码

* fix

* docs: 新增 QQ Bot 插件文档并修正链接路径

* refactor: remove credential backup functionality and update setup logic

- Deleted the credential backup module to streamline the codebase.
- Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs.
- Simplified slash commands by removing unused hot upgrade compatibility checks and related functions.
- Adjusted types to use SecretInput for client secrets in QQBot configuration.
- Modified bundled plugin metadata to allow additional properties in the config schema.

* feat: 添加本地媒体路径解析功能，修正 QQBot 媒体路径处理

* feat: 添加本地媒体路径解析功能，修正 QQBot 媒体路径处理

* feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup

- Deleted the qqbot-media and qqbot-remind skills documentation files.
- Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations.
- Implemented tests for local media path remapping, verifying correct resolution of media file paths.
- Removed obsolete channel and remind tools, streamlining the codebase.

* feat: 更新 QQBot 配置模式，添加音频格式和账户定义

* feat: 添加 QQBot 频道管理和定时提醒技能，更新媒体路径解析功能

* fix

* feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引

* feat: update reminder and qq channel skills

* feat: 更新remind工具投递目标地址格式

* feat: Refactor QQBot payload handling and improve code documentation

- Simplified and clarified the structure of payload interfaces for Cron reminders and media messages.
- Enhanced the parsing function to provide clearer error messages and improved validation.
- Updated platform utility functions for better cross-platform compatibility and clearer documentation.
- Improved text parsing utilities for better readability and consistency in emoji representation.
- Optimized upload cache management with clearer comments and reduced redundancy.
- Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation.

* OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift

> [email protected] check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw
> node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check

[bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts
 ELIFECYCLE  Command failed with exit code 1.
 ELIFECYCLE  Command failed with exit code 1.

* feat: 添加 QQBot 渠道配置及相关账户设置

* fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review

DM routing (7 fixes):
- #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId)
- openclaw#2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId}
- openclaw#3: sendTextChunks adds DM branch
- openclaw#4: sendMarkdownReply adds DM branch for text and Base64 images
- openclaw#5: parseAndSendMediaTags maps DM to targetType:dm + guildId
- openclaw#6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field
- openclaw#7: handleImage/Audio/Video/FilePayload add DM branches

Other high-priority fixes:
- openclaw#8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment
- openclaw#9: broadcastMessage uses groupOpenid instead of member_openid for group users
- openclaw#10: Unify KnownUser storage - proactive.ts delegates to known-users.ts
- openclaw#11: Remove invalid recordKnownUser calls for guild/DM users
- openclaw#12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook
- openclaw#13: sendPhoto channel unsupported returns error field
- openclaw#14: sendTextAfterMedia adds channel and dm branches

Type fixes:
- DeliverEventContext adds guildId field
- MediaTargetContext.targetType adds dm variant
- sendPlainTextReply imgMediaTarget adds DM branch

* fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review

Blocker-1: Remove unused dmPolicy config knob
- dmPolicy was declared in schema/types/plugin.json but never consumed at runtime
- Removed from config-schema.ts, types.ts, and openclaw.plugin.json
- allowFrom remains active (already wired into framework command-auth)

Blocker-2: Gate sensitive slash commands with allowFrom authorization
- SlashCommand interface adds requireAuth?: boolean
- SlashCommandContext adds commandAuthorized: boolean
- /bot-logs set to requireAuth: true (reads local log files)
- matchSlashCommand rejects unauthorized senders for requireAuth commands
- trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config

Medium-priority fixes:
- openclaw#15: Strip non-HTTP/non-local markdown image tags to prevent path leakage
- openclaw#16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa
- openclaw#17: getAdminMarkerFile sanitizes accountId to prevent path traversal
- openclaw#18: URGENT_COMMANDS uses exact match instead of startsWith prefix match
- openclaw#19: isCronExpression validates each token starts with a cron-valid character
- openclaw#20: --token format validation rejects malformed input without colon separator
- openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable

* test(qqbot): add focused tests for slash command authorization path

- Unauthorized sender rejected for /bot-logs (requireAuth: true)
- Authorized sender allowed for /bot-logs
- Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders
- Unknown slash commands return null (passthrough)
- Non-slash messages return null
- Usage query (/bot-logs ?) also gated by auth check

* fix(qqbot): align global TTS fallback with framework config resolution

- Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core
  resolveTtsConfig logic: check auto !== 'off', fall back to legacy
  enabled boolean, default to off when neither is set.
- Add pre-check in reply-dispatcher before calling globalTextToSpeech to
  avoid unnecessary TTS calls and noisy error logs when TTS is not
  configured.
- Remove inline as any casts; use OpenClawConfig type throughout.
- Refactor handleAudioPayload into flat early-return structure with
  unified send path (plugin TTS → global fallback → send).

* fix(qqbot): break ESM circular dependency causing multi-account startup crash

The bundled gateway chunk had a circular static import on the channel
chunk (gateway -> outbound-deliver -> channel, while channel dynamically
imports gateway). When two accounts start concurrently via Promise.all,
the first dynamic import triggers module graph evaluation; the circular
reference causes api exports (including runDiagnostics) to resolve as
undefined before the module finishes evaluating.

Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new
text-utils.ts leaf module. outbound-deliver.ts now imports from
text-utils.ts, breaking the cycle. channel.ts re-exports for backward
compatibility.

* fix(qqbot): serialize gateway module import to prevent multi-account startup race

When multiple accounts start concurrently via Promise.all, each calls
await import('./gateway.js') independently. Due to ESM circular
dependencies in the bundled output, the first import can resolve
transitive exports as undefined before module evaluation completes.

Fix: cache the dynamic import promise in a module-level variable so all
concurrent startAccount calls share the same import, ensuring the
gateway module is fully evaluated before any account uses it.

* refactor(qqbot): remove startup greeting logic

Remove getStartupGreetingPlan and related startup greeting delivery:
- Delete startup-greeting.ts (greeting plan, marker persistence)
- Delete admin-resolver.ts (admin resolution, greeting dispatch)
- Remove startup greeting calls from gateway READY/RESUMED handlers
- Remove isFirstReadyGlobal flag and adminCtx

* fix(qqbot): skip octal escape decoding for Windows local paths

Windows paths like C:\Users\1\file.txt contain backslash-digit sequences
that were incorrectly matched as octal escape sequences and decoded,
corrupting the file path. Detect Windows local paths (drive letter or UNC
prefix) and skip the octal decoding step for them.

* fix bot issue

* feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile

* docs: 添加 QQBot 配置和消息处理的设计说明

* rebase

* fix(qqbot): align slash-command auth with shared command-auth model

Route requireAuth:true slash commands (e.g. /bot-logs) through the
framework's api.registerCommand() so resolveCommandAuthorization()
applies commands.allowFrom.qqbot precedence and qqbot: prefix
normalization before any handler runs.

- slash-commands.ts: registerCommand() now auto-routes by requireAuth
  into two maps (commands / frameworkCommands); getFrameworkCommands()
  exports the auth-required set for framework registration; bot-help
  lists both maps
- index.ts: registerFull() iterates getFrameworkCommands() and calls
  api.registerCommand() for each; handler derives msgType from ctx.from,
  sends file attachments via sendDocument, supports multi-account via
  ctx.accountId
- gateway.ts (inbound): replace raw allowFrom string comparison with
  qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and
  uppercase before matching event.senderId
- gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized
  is true (requireAuth:true commands never reach matchSlashCommand)
- command-auth.test.ts: add regression tests for qqbot: prefix
  normalization in the inbound commandAuthorized computation
- slash-commands.test.ts: update /bot-logs tests to expect null
  (command routed to framework, not in local registry)

* rebase and solve conflict

* fix(qqbot): preserve mixed env setup credentials

---------

Co-authored-by: yuehuali <[email protected]>
Co-authored-by: walli <[email protected]>
Co-authored-by: WideLee <[email protected]>
Co-authored-by: Frank Yang <[email protected]>