(cherry picked from commit 1b234b9)

(cherry picked from commit 274af04)

(cherry picked from commit 31ee442)

Preserve Control UI scopes through the device-auth bypass path, normalize implied operator device-auth scopes, ignore cached under-scoped operator tokens, and degrade read-backed main pages gracefully when a connection truly lacks operator.read.

Co-authored-by: Val Alexander <[email protected]>
(cherry picked from commit 3e2b3bd)

(cherry picked from commit 8de94ab)

(cherry picked from commit 96ed010)

(cherry picked from commit d2a1b24)

(cherry picked from commit d5dc6b6)

(cherry picked from commit e25fa44)

(cherry picked from commit ee1d4eb)

(cherry picked from commit 01e4845)

(cherry picked from commit 118abfb)

(cherry picked from commit 13894ec)

(cherry picked from commit 1886fe5)

(cherry picked from commit 198c248)

(cherry picked from commit 1d986f1)

(cherry picked from commit 1f85c9a)

(cherry picked from commit 268e036)

…nclaw#42931) (openclaw#47148)

When auth is completely disabled (mode=none), requiring device pairing
for Control UI operator sessions adds friction without security value
since any client can already connect without credentials.

Add authMode parameter to shouldSkipControlUiPairing so the bypass
fires only for Control UI + operator role + auth.mode=none. This avoids
the openclaw#43478 regression where a top-level OR disabled pairing for ALL
websocket clients.

(cherry picked from commit 26e0a3e)

(cherry picked from commit 29b9e21)

(cherry picked from commit 2f58647)

…reset

(cherry picked from commit 3066607)

(cherry picked from commit 31c8bb9)

(cherry picked from commit 383c61e)

(cherry picked from commit 43838b1)

(cherry picked from commit 445ff02)

(cherry picked from commit 4ab016a)

(cherry picked from commit 4ac355b)

(cherry picked from commit 4aec20d)

emitChatFinal frees buffers on clean run completion, and the
maintenance timer sweeps abortedRuns after ABORTED_RUN_TTL_MS. But
runs that get stuck (e.g. LLM timeout without triggering clean
lifecycle end) are never aborted and their string buffers persist
indefinitely. This is the direct trigger for the StringAdd_CheckNone
OOM crash reported in the issue.

Add a stale buffer sweep in the maintenance timer that cleans up
buffers, deltaSentAt, and deltaLastBroadcastLen for any run not
updated within ABORTED_RUN_TTL_MS, regardless of abort status.

Closes openclaw#51821

(cherry picked from commit 550deb8)

(cherry picked from commit 5acf6ca)

…enclaw#36645)

`chat.inject` called `appendAssistantTranscriptMessage` with
`createIfMissing: false`, causing a hard error when the transcript
file did not exist on disk despite having a valid `transcriptPath`
in session metadata. This commonly happens with ACP oneshot/run
sessions where the session entry is created but the transcript file
is not yet materialized.

The fix is a one-character change: `createIfMissing: true`. The
`ensureTranscriptFile` helper already handles directory creation
and file initialization safely.

Fixes openclaw#36170

Co-authored-by: Claude Opus 4.6 <[email protected]>
(cherry picked from commit 5c73ed6)

(cherry picked from commit 5eaa146)

- Add stubs for upstream-only modules (channel-plugin-ids, provider-registry, synthesizeSpeech)
- Fix OpenClawConfig → RemoteClawConfig in talk.ts
- Add resolveHookClientIpConfig export to hooks.ts
- Add missing TtsConfig fields (microsoft, openai.speed/instructions)
- Fix chatThinkingLevel as optional on ChatState
- Fix test type annotations (dedupe Map, connect-policy booleans, abort helpers)
- Add missing imports (getReplyFromConfig, GatewayRequestError, startConnect helper)

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>