…Term (openclaw#42849)

* Terminal: measure grapheme display width

* Tests: cover grapheme terminal width

* Terminal: wrap table cells by grapheme width

* Tests: cover emoji table alignment

* Terminal: refine table wrapping and width handling

* Terminal: stop shrinking CLI tables by one column

* Skills: use Terminal-safe emoji in list output

* Changelog: note terminal skills table fixes

* Skills: normalize emoji presentation across outputs

* Terminal: consume unsupported escape bytes in tables

device.token.rotate accepted attacker-controlled scopes and forwarded
them to rotateDeviceToken without verifying the caller held those
scopes. A pairing-scoped token could rotate up to operator.admin on
any already-paired device whose approvedScopes included admin.

Add a caller-scope subsetting check before rotateDeviceToken: the
requested scopes must be a subset of client.connect.scopes via the
existing roleScopesAllow helper. Reject with missing scope: <scope>
if not.

Also add server.device-token-rotate-authz.test.ts covering both the
priv-esc path and the admin-to-node-invoke chain.

Fixes GHSA-4jpw-hj22-2xmc

Plugin subagent dispatch used a hardcoded synthetic client carrying
operator.admin, operator.approvals, and operator.pairing for all
runtime.subagent.* calls. Plugin HTTP routes with auth:"plugin" require
no gateway auth by design, so an unauthenticated external request could
drive admin-only gateway methods (sessions.delete, agent.run) through
the subagent runtime.

Propagate the real gateway client into the plugin runtime request scope
when one is available. Plugin HTTP routes now run inside a scoped
runtime client: auth:"plugin" routes receive a non-admin synthetic
operator.write client; gateway-authenticated routes retain admin-capable
scopes. The security boundary is enforced at the HTTP handler level.

Fixes GHSA-xw77-45gv-p728

The nodes tool was missing from OWNER_ONLY_TOOL_NAME_FALLBACKS in
tool-policy.ts. applyOwnerOnlyToolPolicy() correctly removed gateway
and cron for non-owners but kept nodes, which internally issues
privileged gateway calls: node.pair.approve (operator.pairing) and
node.invoke (operator.write).

A non-owner sender could approve pending node pairings and invoke
arbitrary node commands, extending to system.run on paired nodes.

Add nodes to the fallback owner-only set. Non-owners no longer receive
the nodes tool after policy application; owners retain it.

Fixes GHSA-r26r-9hxr-r792

Add Ollama as a auth provider in onboarding with Cloud + Local mode
selection, browser-based sign-in via /api/me, smart model suggestions
per mode, and graceful fallback when the default model is unavailable.

- Extract shared ollama-models.ts
- Auto-pull missing models during onboarding
- Non-interactive mode support for CI/automation

Closes openclaw#8239
Closes openclaw#3494

Co-Authored-By: Jeffrey Morgan <[email protected]>

…@BruceMacD)

* Fix env proxy bootstrap for model traffic

* Address proxy dispatcher review followups

* Fix proxy env precedence for empty lowercase vars

…enclaw#41763)

Merged via squash.

Prepared head SHA: c094083
Co-authored-by: obviyus <[email protected]>
Co-authored-by: obviyus <[email protected]>
Reviewed-by: @obviyus

…ma (openclaw#39226)

Merged via squash.

Prepared head SHA: 775e306
Co-authored-by: ademczuk <[email protected]>
Co-authored-by: obviyus <[email protected]>
Reviewed-by: @obviyus

…5578)

Merged via squash.

Prepared head SHA: 39e8e9a
Co-authored-by: ingyukoh <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

… actions schema (openclaw#35498)

Merged via squash.

Prepared head SHA: 631fc14
Co-authored-by: ingyukoh <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

…penclaw#40409)

Merged via squash.

Prepared head SHA: c88f89c
Co-authored-by: ademczuk <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

Merged via squash.

Prepared head SHA: c57b1f8
Co-authored-by: BillChirico <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

…enclaw#42911)

Merged via squash.

Prepared head SHA: bebf670
Co-authored-by: VibhorGautam <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

openclaw#35608)

Merged via squash.

Prepared head SHA: e62b88b
Co-authored-by: ingyukoh <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

openclaw#40616)

Merged via squash.

Prepared head SHA: 0517936
Co-authored-by: ingyukoh <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

Merged via squash.

Prepared head SHA: 70613e0
Co-authored-by: gumadeiras <[email protected]>
Co-authored-by: gumadeiras <[email protected]>
Reviewed-by: @gumadeiras

…#43205)

Merged via squash.

Prepared head SHA: 1f6b10b
Co-authored-by: Squabble9 <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix: restore web tools to coding profile

* fix: tighten tool catalog regression assertion

* test(gateway): widen before tool hook mock typing

* chore: update pnpm.lock

* Slack: route reply blocks through outbound adapter

* Slack: cover Block Kit outbound payloads

* Changelog: add Slack Block Kit agent reply entry

…penclaw#44597)

Process messageData via handleDeltaEvent for both delta and final states
before resolving the turn, so ACP clients no longer drop the last visible
assistant text when the gateway sends the final message body on the
terminal chat event.

Closes openclaw#15377
Based on openclaw#17615

Co-authored-by: PJ Eby <[email protected]>

Merged via squash.

Prepared head SHA: 145a7b7
Co-authored-by: Cypherm <[email protected]>
Co-authored-by: jalehman <[email protected]>
Reviewed-by: @jalehman