* refactor: move slash commands to .claude/commands/dev/

* chore: remove old .claude/dev/ directory

---------

Co-authored-by: Claude <[email protected]>

…tions

Replaces non-atomic `fs.writeFile()` calls in `persistTranscript()` and
`persistDescription()` with atomic temp-file-then-rename pattern. This
prevents data corruption when concurrent webhook processing writes to
the same sidecar file.

Implementation:
- Created shared `atomicWriteFile()` utility in `src/utils/atomic-write.ts`
- Uses unique temp file with UUID suffix for each write operation
- POSIX-guaranteed atomic `fs.rename()` to final location
- Automatic cleanup of temp files on error
- Comprehensive unit tests covering atomic behavior, concurrent writes,
  error handling, and edge cases (9 tests, all passing)

Fixes:
- Race condition when duplicate webhooks process same media file
- Data corruption from interrupted writes leaving partial UTF-8 sequences
- Last-write-wins now atomic (no partial states visible)

Resolves openclaw#5 (todos/005-pending-p1-race-condition-sidecar-files.md)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

Updated todo file status from pending to resolved after implementing
atomic write pattern for sidecar file creation.

Implemented:
- Atomic write utility with comprehensive tests
- Applied to both transcription and video sidecar persistence
- All acceptance criteria met
- 9 unit tests passing

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

- Decision #5: Distill into TypeScript with Rust portability in mind
- Decision #6: Minimal viable agent is CLI + Claude + file tools
- Removed answered questions from Open Questions section

https://claude.ai/code/session_0171xZCAV5r6yGGgzMpGDDDP

Validates decision #5 (TypeScript with Rust portability):
- Rust library using napi-rs for Node.js bindings
- TypeScript wrapper that matches original interface
- 44 tests pass for both implementations (88 total)

Architecture: TypeScript handles async orchestration (summarizer callback),
Rust handles pure computation (token estimation, metadata extraction).

Files:
- crates/compaction/src/lib.rs - Rust implementation
- src/compaction/rust.ts - TypeScript wrapper
- src/compaction/rust.test.ts - Equivalent tests for Rust impl

https://claude.ai/code/session_011TWuFG2PPSUU497XsRQYwy

…ames-in-security-extensions

Fix implementations to use the correct tool names.

Create Issue openclaw#5 documenting the technical inaccuracy of deployment instructions that were incorrectly claiming the project was Python-based when it's actually a Node.js project.

Ω₀=0.02
F2✓ (documenting the error)
F7✓ (acknowledging technical inaccuracies)

…iner, Postgres traces, cost budgets, phase restructuring

Factsheet changes (12 architecture critiques):
- Add users table with auth provider (openclaw#1)
- Change all TEXT PKs to native UUID type (openclaw#2)
- Remove orphaned session_id from Task/TaskCommand/TaskResult (openclaw#3)
- Replace per-task containers with single shared Docker container (openclaw#4)
- Phase injection queue: in-memory Phase 1, Redis Phase 2+ (openclaw#5)
- Decouple Board Sync DB writes from WebSocket broadcasting (openclaw#6)
- Move trace storage from JSONL+index to Postgres-only (openclaw#7)
- Add chat_messages escalation to agent context (openclaw#8)
- Normalize discussion_messages into separate table (openclaw#9)
- Add PolicyEngine facade with single evaluate() entry point (openclaw#10)
- Add per-plugin Zod validation schemas for SourceConfig (openclaw#11)
- Add CostPolicy with token/cost budgets and cost_usage table (openclaw#12)

Blueprint changes (4 implementation improvements):
- Split Phase 1 into 4 sub-phases (1a-1d)
- Reorder: API skeleton before agent loop
- Defer frontend to Phase 5
- Add packages/shared for types and schemas

DB schema: 17 tables → 20 tables (added users, traces, discussion_messages, cost_usage)

https://claude.ai/code/session_01V2xvGqZqX6JKPGQeXyNMQW

The "pulling yourself up by your own hair" story perfectly
illustrates OpenClaw's self-development: AI using itself to
improve itself.

Added ASCII art and connection to real git history showing
Shadow, CLAWDINATOR, Jarvis commits.

Co-Authored-By: Claude Opus 4.5 <[email protected]>

…oad scanning

Phase 1 complete implementation of the Skill Guard system:

Core changes (4 files, ~110 lines):
- src/config/types.skills.ts: Add SkillGuardConfig, SkillStoreConfig types
- src/config/zod-schema.ts: Add guard validation schema (strict mode)
- src/agents/skills/load-guard.ts: New guard registration point
- src/agents/skills/workspace.ts: Insert guard evaluation in loadSkillEntries()

Extension (extensions/skill-guard/, 7 files, ~650 lines):
- cloud-client.ts: Multi-store manifest fetch with ETag/304 + fallback
- hash-cache.ts: In-memory + disk manifest cache
- verify-engine.ts: Full-directory SHA256 verification + sideload scanning
- audit-logger.ts: JSONL audit trail
- index.ts: Plugin entry wiring everything together
- types.ts: Cloud API response type definitions

Tests (51 tests, all passing):
- load-guard.test.ts: Guard registration/unregistration (4 tests)
- zod-schema.guard.test.ts: Config validation (9 tests)
- verify-engine.test.ts: All acceptance criteria (12 tests)
- hash-cache.test.ts: Cache persistence (5 tests)
- audit-logger.test.ts: JSONL logging (3 tests)
- cloud-client.test.ts: HTTP client behavior (6 tests)
- smoke.test.ts: E2E with Python mock store server (12 tests)

Smoke infrastructure:
- test/smoke/skill-guard-server.py: Zero-dep Python mock store API

All 11 acceptance criteria verified:
  openclaw#1 guard.enabled=false → all load
  openclaw#2 store skill hash match → pass
  openclaw#3 tampered file → blocked
  openclaw#4 injected file → blocked
  openclaw#5 blocklisted → blocked
  openclaw#6 sideload clean → pass
  openclaw#7 sideload critical + block-critical → blocked
  openclaw#8 sideload critical + warn → warning only
  openclaw#9 cloud down + cache → uses cache
  openclaw#10 cloud down + no cache → degrade allow
  openclaw#11 100 skills < 500ms → performance OK

Existing security tests (69) verified: zero regression.

Co-authored-by: Cursor <[email protected]>

Add comprehensive tests to close remaining refactor risks identified in
code-inspection.md. New coverage includes:

- Gateway mirror + A2A announce integration (Gap openclaw#1): 5 tests
- Role/source attribution interface contract (Gap openclaw#2): test.fails
- Config variations with vi.doMock pattern (Gap openclaw#9): 5 tests
- Tool restriction enforcement (Gap openclaw#5): 5 tests
- Concurrency/race safeguard (Gap openclaw#6): 5 tests + strategy docs

Total: 65 tests across 5 files (all passing)

Files:
- a2a-integration.regression.test.ts (new)
- config-variation.regression.test.ts (new)
- send-a2a-announce.integration.test.ts (new)
- Updated: a2a-flow, sessions-send-async, README, QC report

Co-authored-by: Cursor <[email protected]>

…d key support

## Summary
- Added deterministic idempotencyKey injection for side-effect tools (sessions_send,
  sessions_spawn, message, browser, nodes, canvas) during cron runs.
- Key is derived from runId + toolName + stable-stringified params (SHA-256).
- Only activates for cron-prefixed runIds; non-cron runs are unaffected.
- sessions_send now honors a provided idempotencyKey instead of always generating a UUID.
- Threaded runId through tool creation pipeline (pi-tools → attempt → tool-definition-adapter).
- Added contract tests: deterministic injection + sessions_send key passthrough.
- Updated existing before-tool-call tests with runId context.

## Why
- Cron retries after restarts were duplicating sends and tool calls because each retry
  generated a new random idempotency key. Deriving the key from the stable cron runId
  ensures replays produce the same key, enabling downstream dedupe. (Red-team risk openclaw#5)

## Systems
- agents (pi-tools, pi-tools.before-tool-call, pi-tool-definition-adapter,
  pi-embedded-runner, sessions-send-tool)

## Agent
- agent: MIS

Co-authored-by: Cursor <[email protected]>

When groupPolicy: 'allowlist' and groups config has specific group JID
entries, those JIDs act as a group allowlist — anyone in approved groups
can chat, while groupAllowFrom only gates slash command authorization.
Falls back to legacy sender-based filtering when no groups entries exist.

Updates:
- docs/channels/groups.md: updated flowchart, added config example openclaw#5
- docs/channels/whatsapp.md: noted dual behavior in Groups section
- docs/gateway/security/index.md: explained dual groups behavior in
  allowlist terminology section with config example

- health-manager: use resolveConfigDir() for health-stats.json path (Critical #1)

- health-manager: replace console.error with subsystem logger (Minor #3)

- health-manager: document async load race condition (Minor #2)

- bindings: use resolveConfigDir() for routing.json path (Minor #5)

…oad scanning

Phase 1 complete implementation of the Skill Guard system:

Core changes (4 files, ~110 lines):
- src/config/types.skills.ts: Add SkillGuardConfig, SkillStoreConfig types
- src/config/zod-schema.ts: Add guard validation schema (strict mode)
- src/agents/skills/load-guard.ts: New guard registration point
- src/agents/skills/workspace.ts: Insert guard evaluation in loadSkillEntries()

Extension (extensions/skill-guard/, 7 files, ~650 lines):
- cloud-client.ts: Multi-store manifest fetch with ETag/304 + fallback
- hash-cache.ts: In-memory + disk manifest cache
- verify-engine.ts: Full-directory SHA256 verification + sideload scanning
- audit-logger.ts: JSONL audit trail
- index.ts: Plugin entry wiring everything together
- types.ts: Cloud API response type definitions

Tests (51 tests, all passing):
- load-guard.test.ts: Guard registration/unregistration (4 tests)
- zod-schema.guard.test.ts: Config validation (9 tests)
- verify-engine.test.ts: All acceptance criteria (12 tests)
- hash-cache.test.ts: Cache persistence (5 tests)
- audit-logger.test.ts: JSONL logging (3 tests)
- cloud-client.test.ts: HTTP client behavior (6 tests)
- smoke.test.ts: E2E with Python mock store server (12 tests)

Smoke infrastructure:
- test/smoke/skill-guard-server.py: Zero-dep Python mock store API

All 11 acceptance criteria verified:
  openclaw#1 guard.enabled=false → all load
  openclaw#2 store skill hash match → pass
  openclaw#3 tampered file → blocked
  openclaw#4 injected file → blocked
  openclaw#5 blocklisted → blocked
  openclaw#6 sideload clean → pass
  openclaw#7 sideload critical + block-critical → blocked
  openclaw#8 sideload critical + warn → warning only
  openclaw#9 cloud down + cache → uses cache
  openclaw#10 cloud down + no cache → degrade allow
  openclaw#11 100 skills < 500ms → performance OK

Existing security tests (69) verified: zero regression.

Co-authored-by: Cursor <[email protected]>

)

- Add optional AUTH_TOKEN bearer auth for agent/chat routes (openclaw#2)
- DRY CI with composite action, replace npx bun with setup-bun (openclaw#3, openclaw#4)
- Fix smoke test URL to use CF_WORKER_SUBDOMAIN secret (openclaw#5)
- Deduplicate types: import canonical model types in landscape-loader (openclaw#6, openclaw#7)
- Fix C4 direction logic to respect actual integration direction (openclaw#8)
- Add edges connecting current→target nodes in comparison diagram (openclaw#9)
- Add agents CDN version sync comment in index.html (openclaw#11)
- Add missing landscape directory guard in bundle script (openclaw#12)
- Update wrangler compatibility_date to 2026-02-13 (openclaw#13)
- Rename prebuild to predev/predeploy in package.json (openclaw#14)
- Remove sk- prefix from .dev.vars.example placeholder (openclaw#15)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

…dflare Worker (#1)

* ArchiClaw Phase 1: foundation scaffold, data model, skills, and harness

Add the ArchiClaw enterprise architecture management foundation:

- Zod schemas for all EA data types (application passports, capabilities,
  data entities, change requests, domains, integrations, ADRs, IDs)
- ID generation system with domain-prefixed sequential IDs (FIN-APP-001)
- Landscape directory structure with config, templates, registries
- Landscape validation (schema compliance, ID uniqueness, cross-refs)
- Mermaid render wrapper using beautiful-mermaid with Archimate theming
- 3 initial skills: interview, passport-manage, landscape-query
- Evaluation harness framework with per-skill scoring and examples
- 5 seeded applications (SAP ERP, SAP BPC, TM1, Workday HR, Salesforce CRM)
  with passports, context diagrams, data matrices
- 5 data entities, 10 capabilities, 5 integrations across 5 domains
- 58 tests passing across 8 test files

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* ArchiClaw: address PR #1 review feedback

- Add TODO comment on nextId() race condition (file locking needed)
- Add negative landscape validation tests (duplicate IDs, folder mismatch,
  broken cross-refs, sequence counter exceeded)
- Clarify eval harness test names to "eval fixtures" with comments
- Wrap readIdSequences/writeIdSequences in try-catch with descriptive messages
- Validate IdSequencesSchema keys against EntityTypeSchema via refine()
- Fix CLI entrypoint detection in runner.ts using path.resolve()
- Fill empty domain lead fields with placeholder names
- Add expandTemplate() utility with tests
- Add render CLI (src/archiclaw/render/cli.ts) and update skill SKILL.md files
  with rendering documentation sections

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* ArchiClaw: add entire.io session tracking, entire skill, and enhance skill-creator

* ArchiClaw: address PR #1 review feedback (phantom refs, validation cross-refs, mermaid nits)

* ArchiClaw: deploy as Cloudflare Worker (Agents SDK)

* ArchiClaw: add Teams outgoing webhook integration (query-only MVP)

Pattern-matching dispatcher routes @mentions to landscape accessors for
sub-second responses without LLM. HMAC-SHA256 validation via CF Workers
Web Crypto API. Adaptive Card v1.5 responses for rich Teams rendering.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

* ArchiClaw: address review feedback for Cloudflare Worker deploy (469580b)

- Add optional AUTH_TOKEN bearer auth for agent/chat routes (openclaw#2)
- DRY CI with composite action, replace npx bun with setup-bun (openclaw#3, openclaw#4)
- Fix smoke test URL to use CF_WORKER_SUBDOMAIN secret (openclaw#5)
- Deduplicate types: import canonical model types in landscape-loader (openclaw#6, openclaw#7)
- Fix C4 direction logic to respect actual integration direction (openclaw#8)
- Add edges connecting current→target nodes in comparison diagram (openclaw#9)
- Add agents CDN version sync comment in index.html (openclaw#11)
- Add missing landscape directory guard in bundle script (openclaw#12)
- Update wrangler compatibility_date to 2026-02-13 (openclaw#13)
- Rename prebuild to predev/predeploy in package.json (openclaw#14)
- Remove sk- prefix from .dev.vars.example placeholder (openclaw#15)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

---------

Co-authored-by: KristjanAkk <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>

#5)

* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.

openclaw#5)

* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.

openclaw#5)

* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.

openclaw#5)

* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.

openclaw#5)

* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.

openclaw#5)

* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.

The Browser Relay extension frequently loses connection and fails to
recover, requiring manual re-attach. This adds 5 fixes:

1. Don't detach debugger sessions on WebSocket drop — keep them alive
   and re-announce when WS reconnects
2. Auto-reconnect with exponential backoff (1s → 30s cap) + jitter
3. Persist state to chrome.storage.session for MV3 worker restart
   recovery, with debugger re-attach on restore
4. Tab lifecycle cleanup via onRemoved/onReplaced listeners
5. Keepalive alarm (every 4 min) to prevent MV3 worker termination
   and detect stale debugger sessions

manifest.json: add 'alarms' permission for fix openclaw#5.

Tested with 12+ hours continuous uptime on Edge, surviving gateway
restarts, sleeping tabs, and automated cron runs.

Fixes openclaw#15099

Browser LLMs (ChatGPT draft + Claude refinement) produce informal headers
like "openclaw#5 – Product Name", "Quick Reset", "Conclusion + CTA" instead of
formal [PRODUCT_5], [RETENTION_RESET], [CONCLUSION] markers. This caused
the parser to report 0 words / 0 sections and lose all metadata.

Adds normalize_section_markers() that converts informal markers to formal
ones, integrates it into extract_script_body() and _validate_existing_script(),
and updates extract_metadata() to handle browser Claude output format
(Avatar Intro Script header, parenthetical meta-instructions, plain
thumbnail headlines).

Co-Authored-By: Claude Opus 4.6 <[email protected]>

- getPage(): coalesce concurrent launches into one promise to prevent
  multiple browser processes spawning under load (openclaw#1)
- isAuthUrl(): replace substring match with hostname check to eliminate
  false positives on URLs containing '/signin' (openclaw#2)
- SPA stale content: switch goto waitUntil to 'load' and wait for note
  container before querying checkboxes so navigation between notes does
  not return items from the previous note (openclaw#3)
- extractUncheckedItems(): accept timeoutMs param and use it for both
  waitForSelector calls instead of a hardcoded 8s value (openclaw#4)
- openLoginBrowser(): store login context in this.loginContext so
  getPage() blocks while a login browser is open; session cleanup is
  owned by the returned done promise (openclaw#5)
- /keep status: check fs.existsSync(profileDir) and report actual
  session state instead of a static hint (openclaw#6)

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

Improvements completed:
- #1 A2A conversation index (O(1) lookup, 24 tests)
- #2 A2A durable jobs (JobManager + Reaper + Orchestrator, 43 tests)
- openclaw#3 task-tool.ts modularization (5 modules, 2296→45 LOC facade, 147 tests)
- openclaw#4 continuation state machine Phase 1 (pure decision functions, 56 tests)
- openclaw#5 gateway composition (6 init modules, 737→565 LOC, 80→48 imports)
- openclaw#7 A2A per-agent concurrency gate (semaphore + config, 25 tests)
- openclaw#8 structured handoff payload (types + parser, 42 tests)
- openclaw#9 coordination invariants test suite (TC-01~07, 22 tests)
- openclaw#11 subagent-task lifecycle (delegation manager + verify tool, 135 tests)
- openclaw#12 task enforcement bypass fix (session-scoped + stale cleanup, 20 tests)

N/A: openclaw#6 (DI already via GatewayRequestContext), openclaw#10 (partially resolved by #2)
Deferred: openclaw#4 Phase 2-5 (high risk, Phase 1 delivers core value)

Total: 514 new tests, 0 regressions, 11 implementation docs

Picks up type export fixes from api-beta PRs openclaw#4 and openclaw#5

Picks up type export fixes from api-beta PRs openclaw#4 and openclaw#5