test: pin folded QA coverage ids

SDK list helpers now send an empty params object when filters are omitted while preserving explicit invalid params for Gateway validation.\n\nVerification:\n- git diff --check origin/main...HEAD\n- node --check packages/sdk/src/client.ts\n- codex review --base origin/main\n- GitHub Actions CI release gate 27855603923 succeeded on 353f13c0d1

.agents/skills/channel-message-flows/SKILL.md

@@ -1,44 +1,34 @@
 ---
 name: channel-message-flows
-description: "Use when previewing local channel message flow fixtures."
+description: "Use when running QA Lab channel message flow evidence."
 ---
 
 # Channel Message Flows
 
-Use this from the OpenClaw repo root to send canned channel preview flows while iterating on message UX. These are real sends/edits/deletes against the configured channel target.
+Use this from the OpenClaw repo root to run the QA Lab evidence for Telegram
+draft/final delivery sequencing. This skill no longer launches a standalone
+script; the behavior is owned by the QA scenario and its Vitest-backed e2e test.
 
-## Telegram
+## QA Scenario
 
-Native Telegram `sendMessageDraft` tool progress, then a final answer:
+Run the scenario through QA Lab:
 
 ```bash
-node --import tsx scripts/dev/channel-message-flows.ts \
-  --channel telegram \
-  --target <telegram-chat-id> \
-  --flow working-final \
-  --duration-ms 20000
+pnpm openclaw qa suite --scenario channel-message-flows
 ```
 
-Thinking preview, then a final answer:
+Run the focused e2e test directly in a Codex worktree:
 
 ```bash
-node --import tsx scripts/dev/channel-message-flows.ts \
-  --channel telegram \
-  --target <telegram-chat-id> \
-  --flow thinking-final
+node scripts/run-vitest.mjs extensions/telegram/src/channel-message-flows.qa.e2e.test.ts
 ```
 
-## Options
+## References
 
-- `--account <accountId>`: Telegram account id when not using the default.
-- `--thread-id <id>`: Telegram forum topic/message thread id.
-- `--delay-ms <ms>`: Override preview update cadence.
-- `--duration-ms <ms>`: Simulated working duration for `working-final`.
-- `--final-text <text>`: Override the durable final message.
+- `qa/scenarios/channels/channel-message-flows.yaml`
+- `extensions/telegram/src/channel-message-flows.qa.e2e.test.ts`
+- `extensions/telegram/src/test-support/channel-message-flows.ts`
 
-## Notes
-
-- `--target` is the numeric Telegram chat id.
-- `working-final` exercises native Telegram `sendMessageDraft` with static `Working` status and sample tool progress.
-- `thinking-final` exercises formatted `Thinking` reasoning preview clearing before the final answer.
-- Only `--channel telegram` is implemented for now.
+The scenario covers `channels.streaming` as primary evidence and records
+secondary coverage for thread preservation, delivery ordering, and reasoning
+preview visibility.

.agents/skills/claw-score/SKILL.md

@@ -0,0 +1,178 @@
+---
+name: claw-score
+description: Audit or refresh OpenClaw maturity scorecard docs from root taxonomy, maturity scores, and QA evidence artifacts without using maintainer discrawl data or committed inventory reports.
+---
+
+# claw-score
+
+Use this skill when working on the OpenClaw maturity scorecard in this repo.
+This is the openclaw-local version of the maintainer `claw-score` workflow:
+it keeps the taxonomy and scorecard concepts, but excludes discrawl and the old
+committed `inventory/` report tree.
+
+## Authority
+
+This skill owns the operational workflow for:
+
+- `taxonomy.yaml`
+- `docs/maturity-scores.yaml`
+- `docs/concepts/qa-e2e-automation.md`
+- `qa/scenarios/index.yaml`
+
+Keep person-specific, maintainer-private, Discord archive, and discrawl facts
+out of this repo. If a score needs private evidence, use the redacted
+`qa-evidence.json` artifact shape generated by OpenClaw QA workflows.
+
+## Source Model
+
+- `taxonomy.yaml` is the hand-edited source of truth for surfaces, levels,
+  QA profiles, categories, feature coverage IDs, docs refs, LTS overrides, and
+  completeness-instruction paths.
+- Feature `coverageIds` are ANDed proof targets, not aliases. A feature may
+  list multiple IDs when each ID proves part of one capability.
+- Coverage IDs use dotted `namespace.behavior` form, with lowercase
+  alphanumeric/dash segments. Profile, surface, and category IDs may remain
+  dashed or dotted.
+- Keep categories and feature names unique, product-shaped, and broader than raw
+  coverage IDs. Do not promote generic IDs into standalone feature names.
+- Avoid duplicate coverage-ID bundles under different feature names in one
+  category.
+- `docs/maturity-scores.yaml` is the aggregate score source committed in this
+  repo. It is the only committed score data; do not add generated inventory
+  directories.
+- There is no committed maturity-doc renderer or `pnpm maturity:*` script in
+  this repo. Do not invent generated scorecard files; update the source YAML
+  and current docs directly.
+- `qa-evidence.json` artifacts provide per-run QA scorecard evidence. They can
+  enrich generated artifact docs, but they are not committed as inventory.
+
+## Commands
+
+Run from the openclaw repo root.
+
+Validate YAML structure after source edits:
+
+```bash
+node <<'NODE'
+const fs = require("node:fs");
+const YAML = require("yaml");
+for (const file of ["taxonomy.yaml", "docs/maturity-scores.yaml", "qa/scenarios/index.yaml"]) {
+  YAML.parse(fs.readFileSync(file, "utf8"));
+}
+NODE
+```
+
+Check docs when touching docs prose:
+
+```bash
+pnpm check:docs
+```
+
+Run focused QA/profile checks when changing coverage IDs or profile membership:
+
+```bash
+pnpm openclaw qa coverage --json
+```
+
+## Scoring Workflow
+
+When asked to score or refresh a surface:
+
+1. Read the surface in `taxonomy.yaml`.
+2. Read the surface completeness rubric under
+   `.agents/skills/claw-score/references/completeness/`.
+3. Gather public repo evidence from docs, source, tests, and QA scenario
+   metadata.
+4. Prefer existing `qa-evidence.json` artifacts for executed proof. Do not use
+   discrawl or unredacted private archives.
+5. Update `docs/maturity-scores.yaml` only when the score change is backed by
+   public or redacted artifact evidence.
+6. Run the YAML validation command from this skill.
+7. Run `pnpm check:docs` if docs prose changed, and focused QA coverage checks
+   if coverage IDs or profile membership changed.
+
+For subjective score changes, make the smallest defensible edit and leave the
+evidence path in the PR or task summary. Keep manual prose in current docs and
+keep score data in `docs/maturity-scores.yaml`.
+
+## Default Completeness Process
+
+Completeness is scored against the intended operator-visible workflow for each
+category, not against test breadth or implementation quality. The completeness
+reference files under `references/completeness/` define the category scope and
+any surface-specific variation from this default process.
+
+By default, Completeness measures how fully OpenClaw exposes the intended
+surface capability set to the user, operator, author, or maintainer persona for
+that surface. Score whether each category delivers the full expected workflow,
+including setup, normal use, status or inspection, recovery, and important
+platform, provider, channel, security, or lifecycle variants where they apply.
+
+Treat `Surface-Specific Scoring Questions` and `Surface-Specific Guidance` as
+higher-priority instructions for that surface. The surface instructions may
+flesh out, narrow, or intentionally conflict with the default ideas here; when
+they do, follow the surface instructions and make the score rationale reflect
+that surface-specific instruction. If a reference file does not include
+surface-specific questions or guidance, apply this default process to the
+surface's `Category Scope`.
+
+For each category, ask:
+
+- Can the intended user or operator complete the category workflow end to end?
+- Are the taxonomy features present as supported capabilities rather than
+  isolated implementation fragments?
+- Are the important lifecycle stages represented: setup, normal operation,
+  status/inspection, recovery, and upgrade or removal where relevant?
+- Are the important environment, provider, platform, channel, or security
+  branches present for this surface?
+- Do the known gaps leave major user-visible capability branches missing?
+
+Default guidance:
+
+- Favor higher Completeness when the category supports the full
+  operator-visible workflow described by taxonomy and category evidence.
+- Lower Completeness when only the happy path exists, when important variants
+  are undocumented or unimplemented, or when recovery/status paths are missing.
+- Do not lower Completeness because tests are thin; that is Coverage.
+- Do not lower Completeness because implementation quality is fragile; that is
+  Quality.
+
+Default Completeness bands:
+
+- `Lovable` (95-100): complete across expected workflows, variants, and
+  recovery branches, with only minor polish gaps.
+- `Stable` (80-95): the expected workflow set is broadly present, with only
+  bounded missing branches.
+- `Beta` (70-80): the main workflow exists, but meaningful branches or recovery
+  paths are still absent.
+- `Alpha` (50-70): only a partial capability set is present; users can complete
+  some core tasks but not the full expected workflow.
+- `Experimental` (0-50): the category exposes only fragments of the intended
+  capability.
+
+## Score Semantics
+
+- Coverage: public or redacted proof that the feature is exercised by docs,
+  tests, QA scenarios, live lanes, or release evidence.
+- Quality: reliability, maintainability, operator safety, and regression
+  confidence for the category.
+- Completeness: how much of the intended operator-visible workflow exists for
+  the category. Use the default completeness process plus any surface-specific
+  variation before changing this score.
+- LTS: derived from score thresholds and `human_lts_override`; do not hand-edit
+  generated Markdown to change LTS status.
+
+Bands:
+
+- `Lovable`: 95-100
+- `Stable`: 80-95
+- `Beta`: 70-80
+- `Alpha`: 50-70
+- `Experimental`: 0-50
+
+## Artifacts
+
+Do not add the maintainer repo's `docs/kevinslin/maturity-scorecard/inventory/`
+tree to openclaw. Evidence-enriched scorecard outputs belong in short-lived
+artifacts, not committed generated docs, unless this repo adds an explicit
+renderer/check workflow first.

.agents/skills/claw-score/references/completeness/agent-runtime-and-provider-execution.md

@@ -0,0 +1,16 @@
+# Agent Runtime Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`agent-runtime-and-provider-execution` surface.
+
+## Category Scope
+
+- Agent Turn Execution: Turn startup and runtime choice, Session and run coordination, Abort and terminal outcomes
+- External Runtimes and Subagents: External harness selection, CLI runtime aliases, Subagent turns, Runtime recovery
+- Hosted Provider Execution: Hosted provider turns, Provider-specific model options, Hosted tool use, Reasoning and cache controls, Hosted streaming and replies
+- Local and Self-hosted Providers: Local provider profiles, Tool-capability flags, Timeouts and context windows, Local smoke checks, Local failure handling
+- Model and Runtime Selection: Model reference selection, Provider and runtime overrides, Thinking and context settings, Invalid route recovery
+- Provider Auth: Login and API-key setup, Auth profile selection, Credential health checks, Auth failover, Provider fallback recovery, Rate-limit and capacity recovery, Missing-key and OAuth guidance, Restart and stale-route recovery, Structured provider diagnostics, Subagent credential propagation
+- Streaming and Progress: Streaming replies, Progress visibility
+- Tool Calls and Response Handling: Tool-call handling, Usage and response reporting, Failure recovery
+- Tool Execution Controls: Tool availability rules, Sandboxed exec behavior, Approval flow, Elevated execution, Tool safety controls, Delegated tool access

.agents/skills/claw-score/references/completeness/android-app.md

@@ -0,0 +1,14 @@
+# Android app Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`android-app` surface.
+
+## Category Scope
+
+- Media Capture: Camera and media capture
+- Mobile Chat: Chat tab
+- Connection Setup: Gateway discovery
+- Distribution: Public Google Play install path, Manual install path, Release smoke and startup performance
+- Settings: Settings sheet
+- Voice: Voice tab
+- Device Runtime: Background reconnect and presence, Device command availability

.agents/skills/claw-score/references/completeness/anthropic-provider-path.md

@@ -0,0 +1,12 @@
+# Anthropic provider path Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`anthropic-provider-path` surface.
+
+## Category Scope
+
+- Provider Auth and Recovery: API-key onboarding, Claude CLI credential reuse, Setup-token auth, Auth profile health, Model status, Usage windows, Cooldown/profile reporting, Long-context recovery, Fallback guidance
+- Model and Runtime Selection: Bundled Claude catalog, Canonical anthropic refs, Claude CLI compatibility, Model picker availability, Capability metadata, Runtime selection, Session continuity, MCP/tool bridge, Permission-mode mapping, Fallback prelude
+- Request Transport and Turn Semantics: API-key/OAuth transport, Messages payloads, Streaming decode, Usage and stop reasons, Abort/error handling, Tool-use blocks, Tool-result replay, Partial JSON recovery, Native thinking, Signed/redacted thinking replay
+- Prompt Cache and Context: Cache retention, System-prompt cache boundary, 1M context, Fast mode/service tier, Cache diagnostics
+- Media Inputs: Image input, PDF document input, Media model fallback, Image tool results

.agents/skills/claw-score/references/completeness/automation-cron-hooks-tasks-polling.md

@@ -0,0 +1,13 @@
+# Automation: cron, hooks, tasks, polling Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`automation-cron-hooks-tasks-polling` surface.
+
+## Category Scope
+
+- Cron Jobs: Create/edit/remove jobs, Schedule types, Timezone and stagger, Cron RPCs, Agent cron tool, Manual cron runs, Isolated cron execution, Model/provider preflight, Run history, Timeout and denial diagnostics, Chat announce delivery, Webhook delivery, Failure destinations, Skipped-run alerts, Delivery previews
+- Event Ingress: Telegram long polling, Telegram webhook mode, Zalo polling/webhook mode, Polling stall diagnostics, iMessage watch fallback, Gmail setup wizard, Watcher start/serve, Tailscale/public routing, Push token validation, Gmail event routing, POST /hooks/wake, POST /hooks/agent, Mapped hooks, Hook auth policy, Async dispatch
+- Automation Hooks: HOOK.md authoring, Hook discovery, Hook CLI management, Hook packs, Lifecycle event dispatch, api.on registration, Tool-call policy hooks, Message hooks, Session/lifecycle hooks, Plugin approval requests, cron_changed
+- Background Tasks and Flows: Task list/show/cancel, Task notifications, Task audit and maintenance, Chat task board, Task pressure status, Managed flows, Mirrored flows, openclaw tasks flow, Flow audit and maintenance, Plugin managedFlows
+- Heartbeat: Heartbeat scheduling, Active hours, Wake and cooldown handling, Due-only heartbeat tasks, Commitment check-ins
+- Polling Controls: openclaw message poll, Telegram polls, Teams polls, Poll flags, Channel capability gates, process poll, process log, Background process status, No-progress loop detection, Process input controls

.agents/skills/claw-score/references/completeness/browser-automation-and-exec-sandbox-tools.md

@@ -0,0 +1,10 @@
+# Browser automation and exec/sandbox tools Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`browser-automation-and-exec-sandbox-tools` surface.
+
+## Category Scope
+
+- Browser Automation: Browser Actions, Snapshots, Artifacts, Browser Plugin Service, Profiles, Browser Security, SSRF, Remote Control
+- Tool Invocation and Execution: Exec Routing, Process Lifecycle, Direct Tool Invoke API, Node System.run, Host Exec Approvals, Elevated Mode
+- Sandbox and Tool Policy: Sandbox Backends, Workspace Isolation, Sandboxed Browser, Codex Dynamic Tools, Tool Policy, Sandbox Tool Gates

.agents/skills/claw-score/references/completeness/browser-control-ui-and-webchat.md

@@ -0,0 +1,14 @@
+# Gateway Web App Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`browser-control-ui-and-webchat` surface.
+
+## Category Scope
+
+- Browser Realtime Talk: Browser Talk start/stop, Provider session selection, Gateway relay audio, Tool-call consults, Steer and cancel
+- Browser Access and Trust: Device pairing, Token/password auth, Tailscale Serve auth, Trusted proxy auth, Allowed origins/gatewayUrl
+- Configuration: Config snapshots, Schema form editing, Raw JSON editing, Base-hash guarded writes, Apply and restart
+- Browser UI: Gateway-hosted UI, Dashboard open/auth bootstrap, Base-path routing, Static asset recovery, Dev gatewayUrl target, PWA install metadata, Service worker updates, VAPID keys, Subscribe/unsubscribe, Test notifications
+- WebChat Conversations: Send and abort, Session and agent picker, Model/thinking controls, Attachments, Markdown/tool/media rendering, chat.history projection, chat.send lifecycle, Abort/partial retention, Injected assistant notes, Reconnect continuity, Hosted embeds, External embed gating, Assistant media tickets, Authenticated avatars, CSP image policy
+- Remote WebChat: macOS WebChat transport, SSH tunnel data plane, Direct ws/wss remote mode, Session continuity, Remote troubleshooting
+- Operator Console: Health/status/models, Live log tail, Update run/status, Activity summaries, RPC timing telemetry, Channels/login, Session manager and history, Cron, Skills/nodes, Exec approvals/agents

.agents/skills/claw-score/references/completeness/channel-framework.md

@@ -0,0 +1,15 @@
+# Channel framework Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`channel-framework` surface.
+
+## Category Scope
+
+- Channel Actions Commands and Approvals: Channel-native commands, Native command session target, Message actions, Message tool API discovery, Channel-native approval prompts
+- Channel Setup: Supported channel catalog, Channel status taxonomy in channels list, Setup/onboarding flows, Install-on-demand, Setup wizard metadata
+- Group Thread and Ambient Room Behavior: Group/channel session isolation, Mention-required, Native threads, Broadcast groups, Bot-loop protection
+- Inbound Access and Identity Gates: DM pairing, Group/channel allowlists, Access group expansion, Mention gating, Sanitized inbound identity/route projections
+- Media Attachments and Rich Channel Data: Inbound media normalization, Outbound direct text/media sends, Provider-specific channelData, Media roots
+- Outbound Delivery and Reply Pipeline: Automatic final reply delivery, Durable outbound send orchestration, Reply pipeline transforms, Provider outbound adapter bridge
+- Conversation Routing and Delivery: Inbound conversation routing, Session key construction, Agent binding precedence, Runtime conversation bindings, Thread/parent-child placement, Plugin registry resolution, Channel account startup, Whole-channel lifecycle controls, Config/secrets reload interactions, Auto-restart
+- Status Health and Operator Controls: channels.status, Channel health policy, Operator CLI controls, Status read-model

.agents/skills/claw-score/references/completeness/clawhub-and-external-plugin-distribution.md

@@ -0,0 +1,12 @@
+# ClawHub Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`clawhub-and-external-plugin-distribution` surface.
+
+## Category Scope
+
+- Publishing: ClawHub package publishing owner, OpenClaw-owned package release validation for ClawHub, Version bump gates, npm trusted publishing provenance, External code plugin package contract required, Skill package metadata, Skill publishing flow
+- Catalog Discovery: openclaw plugins search as the ClawHub, Search result metadata, Distinction between plugin search, Catalog lookup failure, Skill catalog search
+- Compatibility and Trust: openclaw.compat.pluginApi, ClawHub package compatibility validation, npm compatibility fallback to the newest, Official external plugin catalog behavior, Compatibility docs, Operator trust model for installing, ClawHub archive, npm integrity drift, Built-in dangerous-code scanner, ClawHub publishing review/hidden-release behavior as upstream, Skill archive safety, Skill audit signals
+- Plugin Lifecycle: Source prefixes, Bare package behavior during the launch, Explicit pinned versions, Managed install records that preserve source, Codex, Local, Marketplace list, Supported mapped features, Remote marketplace path safety, Update by plugin id, Reinstall vs update semantics, Downgrade, Uninstall config/index/policy/file cleanup, Gateway restart/reload requirements after, ClawHub skill installs, Skill upload install path, Skill dependency installers
+- Plugin Health: Per-plugin managed npm project, npm-pack local release-candidate installs, Dependency ownership between plugin packages, Peer dependency relinking, Legacy dependency root cleanup, plugins list, Local plugin index, Troubleshooting stale config, Runtime verification after Gateway

.agents/skills/claw-score/references/completeness/cli-install-update-onboard-doctor.md

@@ -0,0 +1,37 @@
+# CLI Surface Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`cli-install-update-onboard-doctor` surface.
+
+## Surface-Specific Scoring Questions
+
+For each category, ask:
+
+- Can a normal operator complete the job end to end from the CLI?
+- Are the expected environments represented where they matter for the category,
+  such as local installs, remote gateway use, supervised services, or
+  Windows/WSL2?
+- Are the main lifecycle stages present where relevant: setup, inspection,
+  change, repair, and upgrade?
+- Are common recovery and troubleshooting branches present, or does the
+  workflow dead-end after the happy path?
+- Are major documented operator expectations still unimplemented?
+
+## Surface-Specific Guidance
+
+Variation from the default completeness process:
+
+- Completeness is the CLI operator journey for installation, onboarding, configuration, repair, and upgrade across expected environments and recovery branches.
+- Score the CLI against the full operator journey, not only installation or the happy path.
+- Repair, migration, remote, and platform-specific branches are expected where a category exposes them.
+- For Windows and WSL2, score against the intended supported experience rather than parity with macOS/Linux internals.
+
+## Category Scope
+
+- CLI Setup: Installer scripts, Local prefix install, Package-manager installs, Supported Node runtime, Source checkout install, CLI entrypoint
+- Onboarding and Auth Setup: Guided onboarding, Targeted reconfiguration, Auth choices, Gateway auth storage, Remote onboarding
+- Plugin and Channel Setup: Channel picker, Plugin install sources, Channel account setup, Post-setup probes, Remote gateway caveat
+- Gateway Service Management: Foreground gateway runs, Service install and control, Service auth wiring, Drift and reinstall recovery, Service health checks
+- CLI Observability: Status snapshots, Health snapshots, Remote log tailing, Diagnostics export, Support-safe redaction
+- Doctor: Interactive repair, Config migration, Auth and SecretRef checks, Plugin validation and repair, Lint and JSON findings, Extra gateway discovery, Supervisor drift repair, Port and startup diagnosis, Runtime path checks, Restart guidance
+- Updates and Upgrades: Update channels, Install-kind switching, Managed gateway restart, Update status and RPC, Plugin convergence

.agents/skills/claw-score/references/completeness/discord.md

@@ -0,0 +1,13 @@
+# Discord Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`discord` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Application and bot setup, Token and application ID configuration, Setup wizard and account inspection, Status, doctor, and intent checks, Multi-account bot configuration, Account monitor startup, Gateway WebSocket lifecycle, Reconnect and heartbeat handling, Rate limits and gateway metadata, Status, probe, and health-monitor recovery
+- Access and Identity: DM policy modes, Allowlist inheritance, Pairing-code approval, Sender authorization, Access-group authorization, Group DM authorization
+- Conversation Routing and Delivery: Guild and channel admission, Mention gating, Session key isolation, Configured and runtime routing, Inbound context visibility, Forum and media-channel thread posts, Thread actions, Target parsing, Thread context resolution, Thread-bound session routing, ACP agent routing, Routing lifecycle, Discord forum/media channel posts created as, CLI and message-tool thread actions, Discord target parsing for `channel:<id>`, Thread context resolution, Thread-bound session routing for `/focus`, `/unfocus`, `/agents`, `/session idle`, `/session max-age`, `sessions_spawn({ thread, ACP current-conversation bindings and ACP thread, Binding lifecycle behavior, Direct and thread sends, Text chunking and reply mode, Draft and progress edits, Mention and embed rendering, REST retry and final delivery, File uploads, Component file and media-gallery blocks, Video caption follow-up, Voice-message upload, Inbound attachment context
+- Media and Rich Content: Direct and thread sends, Text chunking and reply mode, Draft and progress edits, Mention and embed rendering, REST retry and final delivery, File uploads, Component file and media-gallery blocks, Video caption follow-up, Voice-message upload, Inbound attachment context, Direct and thread sends, Text chunking and reply mode, Draft and progress edits, Mention and embed rendering, REST retry and final delivery, File uploads, Component file and media-gallery blocks, Video caption follow-up, Voice-message upload, Inbound attachment context, Outbound file uploads from URLs and, Component v2 file and media-gallery blocks, Video caption handling and follow-up media-only delivery, Discord voice-message sends with OGG/Opus conversion, Inbound media/attachment-aware debounce behavior, Realtime voice-channel conversations, General text-only delivery
+- Native Controls and Approvals: Native slash command registration, Native slash command execution, Model Picker Commands, Components v2 messages, Callback TTL, Native Discord exec/plugin approvals, Sensitive owner-only command routing for prompts, Discord message actions, Action gates under channels.discord.actions.\*
+- Realtime Voice and Calls: Voice Channel Lifecycle, Auto-join and follow-users, Realtime voice modes, Wake, barge-in, and echo handling, Voice codec and DAVE recovery

.agents/skills/claw-score/references/completeness/docker-podman-hosting.md

@@ -0,0 +1,11 @@
+# Docker / Podman hosting Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`docker-podman-hosting` surface.
+
+## Category Scope
+
+- Container Setup: Local Image Setup Script, Docker Compose gateway, First-run onboarding, Docker-only first-run notes, Podman setup scripts and Quadlet template, Rootless Podman image setup
+- Container Operations: Host CLI routing into running Docker/Podman, Container Targeting, Container update/rebuild/restart guidance for Docker, Docker Compose, Gateway token generation, Ownership, Docker Compose, Container health endpoints, Provider/VPS Docker hosting docs, Docker VM persistence/update guidance, Operator-facing update
+- Image Release and Validation: Root Dockerfile build stages, Docker release workflow, Docker E2E package artifact generation, Docker E2E plan/scheduler scripts, Release-path install
+- Agent Sandbox and Tooling: Docker gateway setup, Docker-backed agent sandbox support, Container image dependency baking

.agents/skills/claw-score/references/completeness/feishu-qq-bot-wechat-yuanbao-zalo-zalo-personal-regional-channels.md

@@ -0,0 +1,11 @@
+# Feishu, QQ Bot, WeChat, Yuanbao, Zalo, Zalo Personal, regional channels Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`feishu-qq-bot-wechat-yuanbao-zalo-zalo-personal-regional-channels` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Docs channel index, Official external channel catalog entries, Core channel-plugin catalog, Channel setup wizard, Missing-plugin, Cross-channel ingress/access/refactor concerns, Feishu/Lark bot channel setup, WebSocket default mode, DM pairing, Message delivery, Feishu document, Multi-account credential handling, QQ Open Platform AppID/AppSecret setup, C2C private chat, Group activation, Rich media messages, Slash commands, Multi-account gateway connections, Tencent Yuanbao external channel, AppKey/AppSecret setup, DMs, Outbound queue strategy, Core-side official external catalog, Zalo Bot Creator / Marketplace bot, Long-polling default mode, Bot token, Group policy schema, Text, Status probes, WeChat/Weixin personal messaging, Plugin install, Direct-message pairing, Core-side catalog metadata, External sidecar/helper process behavior, zalouser channel plugin, QR login, DM pairing, Message send, Doctor/status checks for runtime availability, Explicit unofficial-account risk, QQ Open Platform AppID/AppSecret setup and, C2C private chat, Group activation, Inbound and outbound rich media including, Slash commands, Multi-account gateway connections, Tencent Yuanbao external channel `openclaw-plugin-yuanbao, AppKey/AppSecret setup, DMs, Outbound queue strategy, Core-side official external catalog, Zalo Bot Creator / Marketplace bot, Long-polling default mode and optional HTTPS, Bot token, Group policy schema and fail-closed group, Text, Status probes and troubleshooting for token/config/webhook problems, zalouser` channel plugin for Zalo Personal, QR login, DM pairing, Message send, Doctor/status checks for runtime availability and, Explicit unofficial-account risk and operator safeguards
+- Access and Identity: Feishu/Lark bot channel setup, WebSocket default mode, DM pairing, Message delivery, Feishu document, Multi-account credential handling, QQ Open Platform AppID/AppSecret setup, C2C private chat, Group activation, Rich media messages, Slash commands, Multi-account gateway connections, Tencent Yuanbao external channel, AppKey/AppSecret setup, DMs, Outbound queue strategy, Core-side official external catalog, Zalo Bot Creator / Marketplace bot, Long-polling default mode, Bot token, Group policy schema, Text, Status probes, WeChat/Weixin personal messaging, Plugin install, Direct-message pairing, Core-side catalog metadata, External sidecar/helper process behavior, zalouser channel plugin, QR login, DM pairing, Message send, Doctor/status checks for runtime availability, Explicit unofficial-account risk, QQ Open Platform AppID/AppSecret setup and, C2C private chat, Group activation, Inbound and outbound rich media including, Slash commands, Multi-account gateway connections, Tencent Yuanbao external channel `openclaw-plugin-yuanbao, AppKey/AppSecret setup, DMs, Outbound queue strategy, Core-side official external catalog, zalouser` channel plugin for Zalo Personal, QR login, DM pairing, Message send, Doctor/status checks for runtime availability and, Explicit unofficial-account risk and operator safeguards
+- Conversation Routing and Delivery: Feishu/Lark bot channel setup, WebSocket default mode, DM pairing, Message delivery, Feishu document, Multi-account credential handling, QQ Open Platform AppID/AppSecret setup, C2C private chat, Group activation, Rich media messages, Slash commands, Multi-account gateway connections, Tencent Yuanbao external channel, AppKey/AppSecret setup, DMs, Outbound queue strategy, Core-side official external catalog, Zalo Bot Creator / Marketplace bot, Long-polling default mode, Bot token, Group policy schema, Text, Status probes, WeChat/Weixin personal messaging, Plugin install, Direct-message pairing, Core-side catalog metadata, External sidecar/helper process behavior, zalouser channel plugin, QR login, DM pairing, Message send, Doctor/status checks for runtime availability, Explicit unofficial-account risk, QQ Open Platform AppID/AppSecret setup and, C2C private chat, Group activation, Inbound and outbound rich media including, Slash commands, Multi-account gateway connections, Tencent Yuanbao external channel `openclaw-plugin-yuanbao, AppKey/AppSecret setup, DMs, Outbound queue strategy, Core-side official external catalog, Zalo Bot Creator / Marketplace bot, Long-polling default mode and optional HTTPS, Bot token, Group policy schema and fail-closed group, Text, Status probes and troubleshooting for token/config/webhook problems, zalouser` channel plugin for Zalo Personal, QR login, DM pairing, Message send, Doctor/status checks for runtime availability and, Explicit unofficial-account risk and operator safeguards
+- Media and Rich Content: Feishu/Lark bot channel setup, WebSocket default mode, DM pairing, Message delivery, Feishu document, Multi-account credential handling, QQ Open Platform AppID/AppSecret setup, C2C private chat, Group activation, Rich media messages, Slash commands, Multi-account gateway connections, Tencent Yuanbao external channel, AppKey/AppSecret setup, DMs, Outbound queue strategy, Core-side official external catalog, Zalo Bot Creator / Marketplace bot, Long-polling default mode, Bot token, Group policy schema, Text, Status probes, QQ Open Platform AppID/AppSecret setup and, C2C private chat, Group activation, Inbound and outbound rich media including, Slash commands, Multi-account gateway connections, Zalo Bot Creator / Marketplace bot, Long-polling default mode and optional HTTPS, Bot token, Group policy schema and fail-closed group, Text, Status probes and troubleshooting for token/config/webhook problems

.agents/skills/claw-score/references/completeness/gateway-runtime.md

@@ -0,0 +1,43 @@
+# Gateway Runtime Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`gateway-runtime` surface.
+
+## Surface-Specific Scoring Questions
+
+For each category, ask:
+
+- Does the category cover the main happy path an operator or client needs?
+- Are the major deployment modes present where they matter for this category:
+  local, remote, node-mediated, supervised, or browser-facing?
+- Are the main lifecycle stages present where relevant: setup, normal use,
+  status/inspection, and recovery?
+- Are important security or policy branches present where the category implies
+  them?
+- Are obvious operator-visible holes or "not yet supported" branches still
+  missing?
+
+## Surface-Specific Guidance
+
+Variation from the default completeness process:
+
+- Completeness includes operator and connected-client workflows, major deployment modes, and recovery paths, not just gateway protocol capability.
+- Score the Gateway against the full operator and client journey, not just protocol primitives or one transport path.
+- Local, remote, node-mediated, supervised, and browser-facing modes matter when the category implies them.
+- Approval/policy variants and recovery or diagnostic paths count as completeness branches, not polish.
+
+## Category Scope
+
+- Approvals and Remote Execution: Exec approvals, Plugin approvals, Node exec approvals, Approved node execution, Approval mutation safety, Delivery fallback behavior
+- HTTP APIs: OpenAI-compatible APIs, Tool invocation API, Admin API access, Hook ingress
+- Hosted Web Surface: Control UI, WebChat hosting, Plugin web routes, Canvas and A2UI routes
+- Gateway RPC APIs and Events: Health APIs, Identity and presence APIs, Model APIs, Usage and memory APIs, Session APIs, Chat APIs, Channel APIs, Web login and wake APIs, Config and secrets APIs, Update and setup APIs, Agent and artifact APIs, Task and automation APIs, Tool and skill APIs, Request and event envelopes, Idempotent side effects, Method discovery, Event discovery, Accepted-then-final results, Event ordering, State refresh after gaps
+- Device Auth and Pairing: Shared-secret login, Trusted proxy auth, Private ingress mode, Device challenge signing, Device tokens, Setup-code bootstrap, Auth mismatch recovery, Device auth migration, Client pairing, Node pairing
+- Network Access and Discovery: Loopback and LAN access, Tailnet access, SSH tunnels, Endpoint discovery, Saved endpoints, TLS pinning
+- Nodes and Remote Capabilities: Node presence, Node capabilities, Node inventory, Node actions, Node events, Pending work delivery, Remote device capabilities, Remote host commands
+- Health, Diagnostics, and Repair: Health snapshots, Channel readiness, Stability diagnostics, Payload diagnostics, Diagnostics exports, Doctor checks, Log tailing
+- Protocol Compatibility: Published protocol schema, Runtime request validation, JSON Schema export, Swift client models, Version negotiation, Client transport defaults, Backward-compatible evolution
+- Roles and Permissions: Role negotiation, Operator permissions, Approval-gated actions, Untrusted node declarations, Event scoping
+- Gateway Lifecycle: Foreground startup, Service installation, Restart and stop, Service status, Bind and port settings, Config reload, Multi-gateway isolation
+- Security Controls: Non-loopback auth, Trusted proxy exceptions, Gateway and node trust boundaries, Trusted CIDR auto-approval, Fail-closed protocol handling, Remote execution safeguards
+- WebSocket Connection: WebSocket transport, Connect challenge, Connect request, Protocol version negotiation, hello-ok snapshot, Startup retry, Session limits, Plugin surface URLs

.agents/skills/claw-score/references/completeness/google-chat.md

@@ -0,0 +1,12 @@
+# Google Chat Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`google-chat` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Google Cloud project setup, Chat app configuration, Service account setup, Webhook audience and path, Workspace visibility and app status, Guided channel setup, Account resolution, Service account SecretRefs, Env file and inline credentials, Channel status and probes, Directory and mutable-id diagnostics, NPM and ClawHub install, Plugin docs and catalog routing, Channel aliases and labels, Operator status UI, Install/update metadata, Webhook path handling, Standard Chat token verification, Workspace add-on token verification, Audience and appPrincipal validation, Shared-path target selection, Auth rejection diagnostics, Account resolution, Service account SecretRefs, Env file and inline credentials, Channel status and probes, Directory and mutable-id diagnostics, NPM and ClawHub install, Plugin docs and catalog routing, Channel aliases and labels, Operator status UI, Install/update metadata, Webhook path handling, Standard Chat token verification, Workspace add-on token verification, Audience and appPrincipal binding, Shared-path target selection, Auth rejection diagnostics
+- Access and Identity: DM pairing approval, Sender allowlists, Google Chat identity matching, Direct session routing, Pairing diagnostics, Space allowlists, Mention gating, Sender access groups, Group session isolation, Bot-loop protection, Space diagnostics
+- Conversation Routing and Delivery: DM pairing approval, Sender allowlists, Google Chat identity matching, Direct session routing, Pairing diagnostics, Space allowlists, Mention gating, Sender access groups, Group session isolation, Bot-loop protection, Space diagnostics, Inbound attachments, Outbound media replies, Message upload action, Media source and size controls, Media receipts and thread placement, Text send action, Upload-file action, Reaction actions, Action capability gates, Approval sender matching, Thread-aware replies, Streaming and chunked replies, Typing placeholder lifecycle, Message-tool current-source replies, NO_REPLY cleanup, Markdown/text rendering, Thread-aware replies, Streaming and chunked replies, Typing placeholder lifecycle, Message-tool current-source replies, NO_REPLY cleanup, Markdown/text rendering
+- Media and Rich Content: Inbound attachments, Outbound media replies, Message upload action, Media source and size controls, Media receipts and thread placement, Text send action, Upload-file action, Reaction actions, Action capability gates, Approval sender matching, Thread-aware replies, Streaming and chunked replies, Typing placeholder lifecycle, Message-tool current-source replies, NO_REPLY cleanup, Markdown/text rendering
+- Native Controls and Approvals: Inbound attachments, Outbound media replies, Message upload action, Media source and size controls, Media receipts and thread placement, Text send action, Upload-file action, Reaction actions, Action capability gates, Approval sender matching, Thread-aware replies, Streaming and chunked replies, Typing placeholder lifecycle, Message-tool current-source replies, NO_REPLY cleanup, Markdown/text rendering

.agents/skills/claw-score/references/completeness/google-provider-path.md

@@ -0,0 +1,12 @@
+# Google provider path Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`google-provider-path` surface.
+
+## Category Scope
+
+- Provider Setup and Credentials: API key onboarding, Auth choice metadata, Gemini CLI OAuth setup, Vertex ADC setup, Daemon and fallback credentials, CLI runtime selection, OAuth login and refresh, Canonical Google model refs, CLI usage normalization, OAuth diagnostics
+- Model Routing and Endpoints: Catalog rows and aliases, Dynamic model resolution, Provider routing, Google-native config normalization, Model picker availability, Vertex provider selection, ADC/service-account auth, Project/location endpoints, Custom base URL policy, Compatibility boundaries
+- Direct Gemini Runtime: Direct Gemini chat, Multimodal inputs, Tool-call streaming, Usage and stop reasons, Thought-signature replay, Thinking-level mapping, Thought-signature replay, Tool turn ordering, Incomplete-turn recovery, Planning-only turn recovery
+- Media, Search, and Realtime: Bundled plugin distribution, Provider auto-enable metadata, Image and media adapters, Speech and realtime adapters, Search and generation tools, Realtime voice sessions, Constrained browser tokens, Audio and transcript events, Live tool calls, Session reconnects
+- Prompt Caching: Cache retention config, Managed cachedContents, Manual cachedContent handles, Cache usage accounting, Cache diagnostics and live proof

.agents/skills/claw-score/references/completeness/image-video-music-generation-tools.md

@@ -0,0 +1,12 @@
+# Image/video/music generation tools Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`image-video-music-generation-tools` surface.
+
+## Category Scope
+
+- Media Routing and Discovery: default media model config, per-call model refs and fallbacks, auth-backed tool discovery, action=list provider inspection
+- Task Lifecycle and Delivery: background task creation, task status/list/show/cancel, duplicate guards, progress keepalive, completion/failure wake, no-session inline fallback, local media persistence, MIME/filename inference, Hosted URL fallback, message-tool handoff, idempotent missing-media fallback, channel attachment proof
+- Image Generation: text-to-image, reference-image editing, output hints, action=status, provider attempt metadata, OpenAI/Codex OAuth, API-key OpenAI, OpenRouter/xAI/fal/LiteLLM/DeepInfra/Google/MiniMax/ComfyUI auth, provider error diagnostics
+- Video Generation: text-to-video, image-to-video, video-to-video, reference role validation, audio refs, typed providerOptions, queue-backed jobs, polling/timeout handling, Hosted URL download, provider skip explanations, returned asset metadata
+- Music Generation: prompt and lyrics input, instrumental mode, duration/format controls, image-reference edit lanes, generated audio outputs, provider fallback

.agents/skills/claw-score/references/completeness/imessage-bluebubbles.md

@@ -0,0 +1,12 @@
+# iMessage / BlueBubbles Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`imessage-bluebubbles` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Translate legacy config, Cut over safely, Handle migration caveats, Run local imsg, Run through SSH wrapper, Grant macOS permissions, Probe runtime health, Account setup prompts, Account status checks, Doctor repair checks, Account Config, Translate legacy config, Cut over safely, Handle migration caveats, Run local imsg, Run through SSH wrapper, Grant macOS permissions, Probe runtime health
+- Access and Identity: Authorize direct senders, Route direct conversations, Bind ACP sessions, Group Policy, Mentions, System Prompts, Group Policy, Mentions, System Prompts
+- Conversation Routing and Delivery: Watch live messages, Coalesce split-send DMs, Replay missed messages, Seed conversation history, Authorize direct senders, Route direct conversations, Bind ACP sessions, Group Policy, Mentions, System Prompts
+- Media and Rich Content: Media, Attachments, Remote Fetch, Chunking, Native Actions, Private API, Message Tool
+- Native Controls and Approvals: Native Approvals, Reactions, Operator Control, Media, Attachments, Remote Fetch, Chunking, Native Actions, Private API, Message Tool, Native Actions, Private API, Message Tool

.agents/skills/claw-score/references/completeness/ios-app.md

@@ -0,0 +1,15 @@
+# iOS app Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`ios-app` surface.
+
+## Category Scope
+
+- Media and Sharing: Camera list/snap/clip
+- Canvas and Screen: Canvas present/hide/navigate/eval/snapshot
+- Chat and Sessions: Chat sessions and operator controls
+- Gateway Setup and Diagnostics: Bonjour/local, Manual host/port, Gateway connect configuration persistence, TLS fingerprint trust prompt, Pairing approval, Pairing/auth diagnostics for users, Settings tab
+- Distribution: Internal preview status
+- Device Commands: Location modes, Device command handling
+- Notifications and Background: APNs registration and relay delivery
+- Voice: Voice wake

.agents/skills/claw-score/references/completeness/kubernetes-hosting.md

@@ -0,0 +1,29 @@
+# Kubernetes Hosting Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`kubernetes-hosting` surface.
+
+## Surface-Specific Scoring Questions
+
+For each category, ask:
+
+- Can an operator deploy and manage OpenClaw on Kubernetes end to end?
+- Are the taxonomy features present as supported manifests, commands, and docs rather than examples only?
+- Are setup, normal operation, status or inspection, redeploy, teardown, and secret rotation represented where relevant?
+- Are local Kind validation, namespace/image customization, provider secrets, and secure exposure branches covered?
+- Do known gaps leave major cluster-hosting capability branches missing?
+
+## Surface-Specific Guidance
+
+Variation from the default completeness process:
+
+- Completeness is the Kubernetes operator workflow for deployment, configuration, secrets, access, exposure, lifecycle, security posture, status, and recovery.
+- A complete Kubernetes category lets an operator deploy, expose, secure, update, troubleshoot, and remove the Gateway without relying on Docker-only assumptions.
+- Happy-path port-forwarding, missing secret/config rotation, or omitted exposed-service security posture are material completeness gaps.
+
+## Category Scope
+
+- Deployment Setup: Kustomize packaging, cluster prerequisites, quick deploy, manifest apply, and Kind validation.
+- Configuration and Secrets: agent instructions, Gateway config, provider secrets, secret rotation, and image/namespace customization.
+- Access and Exposure: port-forward access, service endpoint, ingress exposure, auth/TLS, and localhost posture.
+- Cluster Lifecycle: resource layout, state persistence, redeploy, teardown, and security context.

.agents/skills/claw-score/references/completeness/linux-companion-app.md

@@ -0,0 +1,12 @@
+# Linux companion app Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`linux-companion-app` surface.
+
+## Category Scope
+
+- App Distribution: Native app package, Distro package targets, Official release metadata
+- Gateway Connectivity: Local Gateway attach and status, Gateway pairing and auth, Remote mode, Local and remote resource boundaries
+- Chat and Sessions: Native Linux chat window, Transcript, Gateway chat transport
+- Desktop Capabilities: Linux desktop permissions, Secret storage, Sandbox/package posture, Linux native node identity, Host command execution, Desktop tools, Linux native Talk, Microphone capture, Native media permissions
+- Status and Diagnostics: Native Linux app readiness, Gateway health/status display, Log/transcript opening, Doctor/repair affordances, Linux tray/status item, Runtime status row, Desktop-environment integration

.agents/skills/claw-score/references/completeness/linux-gateway-host.md

@@ -0,0 +1,12 @@
+# Linux Gateway host Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`linux-gateway-host` surface.
+
+## Category Scope
+
+- Host Setup and Updates: Linux CLI install, Node runtime prerequisites, Package-manager policy, Update path
+- Gateway Runtime and Service Control: Foreground Gateway Runtime, Process Control, Systemd User Service Lifecycle setup, Systemd User Service Lifecycle operation, Systemd User Service Lifecycle status, Systemd User Service Lifecycle recovery
+- Remote Access and Security: Remote Network Exposure, TLS, Tailscale, Gateway exposure safeguards, Gateway authentication modes, Secret Handling
+- Diagnostics and Repair: Gateway diagnostic reports, Gateway log tailing, Doctor checks, Operator repair guidance
+- Deployment Targets: VPS, Container, Cloud Deployment Guidance

.agents/skills/claw-score/references/completeness/local-model-providers-ollama-vllm-sglang-lm-studio.md

@@ -0,0 +1,12 @@
+# Local model providers: Ollama, vLLM, SGLang, LM Studio Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`local-model-providers-ollama-vllm-sglang-lm-studio` surface.
+
+## Category Scope
+
+- Provider Setup, Lifecycle, and Diagnostics: Provider Selection, Onboarding, localService configuration, Process startup and readiness, Request leases and idle shutdown, Health checks and restart, Provider recipes, Local provider status, Backend reachability probes, Model availability errors, Memory readiness diagnostics, Provider troubleshooting docs
+- Native Provider Plugins: Ollama setup and model pulling, Model discovery, Streaming and vision, Ollama embeddings, Web-search support, LM Studio setup, Model discovery and auth, Model preload and JIT loading, Streaming compatibility, LM Studio embeddings
+- OpenAI-Compatible Runtime Compatibility: Bundled provider setup, Model Discovery Endpoint, Non-interactive configuration, vLLM thinking controls, OpenAI-compatible chat and tool semantics, SGLang compatibility guidance, Request Stream Compatibility, Tool Calling
+- Local Memory and Embeddings: Embedding provider selection, Memory search readiness, memoryFlush model override, Fallback lexical search, Provider mismatch guidance
+- Network Safety and Prompt Controls: Safety Network, Prompt Pressure Controls

.agents/skills/claw-score/references/completeness/long-tail-hosted-providers.md

@@ -0,0 +1,10 @@
+# Long-tail hosted providers Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`long-tail-hosted-providers` surface.
+
+## Category Scope
+
+- Hosted LLM Providers: Bedrock setup, Gateway/proxy routing, Copilot/OpenCode hosted access, Proxy capability diagnostics, Hosted text completion, Tool-call and streaming compatibility, Model catalog resolution, Provider-specific request shaping, Regional provider setup, Region and plan routing, Regional live smoke, Account prerequisite diagnostics
+- Hosted Media Providers: Image generation providers, Video generation providers, Music generation providers, Media mode coverage, Text-to-speech providers, Speech-to-text providers, Realtime transcription providers, Audio format diagnostics
+- Provider Operations: Provider directory, Provider install catalog, Model catalog metadata, Catalog parity checks, Provider setup descriptors, Auth profiles and aliases, Credential health probes, Key rotation and recovery, Direct provider smoke, Gateway live smoke, Models status probes, Fallback trace and repair

.agents/skills/claw-score/references/completeness/macos-companion-app.md

@@ -0,0 +1,14 @@
+# macOS companion app Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`macos-companion-app` surface.
+
+## Category Scope
+
+- Canvas: Canvas panel open/hide/navigate/eval/snapshot, Local custom URL scheme, A2UI host auto-navigation, Canvas enable/disable setting
+- Local Setup: Local mode Gateway attach/start/stop, LaunchAgent install/update/restart/uninstall, Existing-listener detection, Native first-run onboarding flow, CLI discovery, Local workspace selection, Onboarding WebChat session separation
+- Status and Settings: Menu-bar status, Activity state ingestion, Settings navigation, Health polling, Channels settings
+- Native Capabilities: Mac node session connection, system.run, Exec approval policy, Permission requests, TCC persistence
+- Remote Connections: Remote connection mode selection, SSH tunnel, Gateway discovery
+- Voice and Talk: Voice Wake runtime, Push-to-talk, Talk provider playback plan
+- WebChat: Native SwiftUI WebChat window, Gateway chat transport, Local and remote data-plane reuse

.agents/skills/claw-score/references/completeness/macos-gateway-host.md

@@ -0,0 +1,14 @@
+# macOS Gateway host Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`macos-gateway-host` surface.
+
+## Category Scope
+
+- CLI Setup: Hosted installer, Node 24 recommendation, App-triggered CLI install, Shell PATH and version-manager drift
+- Local Gateway Integration: App local/remote connection mode, App-managed Gateway LaunchAgent install/restart/uninstall, CLI install detection, Attach-to-existing local Gateway compatibility, Gateway endpoint, gateway.mode=local configuration, Loopback bind, Local app endpoint resolution, Bonjour discovery
+- Remote Gateway Mode: macOS app "Remote over SSH", SSH tunnel setup, Tailscale MagicDNS, Remote endpoint token/password/TLS fingerprint, Local node host startup
+- Gateway Service Lifecycle: Per-user Gateway LaunchAgent install, launchctl bootstrap, LaunchAgent labels, Gateway token/env handling, App-managed LaunchAgent handoff, openclaw update package/git handoff, Managed service refresh, Stale updater launchd job detection, openclaw uninstall, Stranded service recovery
+- Diagnostics and Observability: LaunchAgent log paths, openclaw gateway status --deep, Gateway silently stops responding, Stale updater jobs
+- Permissions and Native Capabilities: macOS TCC permission prompts/status, Native node capability exposure, system.run policy, Permission-driven support
+- Profiles and Isolation: Profile-specific LaunchAgent labels, Profile-specific state/config/workspace roots, Derived ports, Rescue bot setup, Extra Gateway process detection

.agents/skills/claw-score/references/completeness/matrix.md

@@ -0,0 +1,13 @@
+# Matrix Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`matrix` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Matrix plugin identity, Setup wizard, Account discovery, Matrix doctor warnings, Matrix probe/status, Shared Matrix client resolution, Monitor startup, Startup maintenance, Matrix doctor warnings, Matrix probe/status, Monitor startup, Startup maintenance
+- Access and Identity: DM policy, Direct-room classification, Inbound route selection across sender-bound DMs, Mention gates, Matrix thread reply routing, Persisted Matrix thread routing managers, ACP/subagent spawn hooks
+- Conversation Routing and Delivery: DM policy, Direct-room classification, Inbound route selection across sender-bound DMs, Mention gates, Matrix thread reply routing, Persisted Matrix thread routing managers, ACP/subagent spawn hooks, Channel action discovery, Message send/read/edit/delete, Profile media loading, Outbound Matrix text, Message presentation metadata, Inbound media failure handling, Message send/read/edit/delete, Profile media loading, Outbound Matrix text, Message presentation metadata, Inbound media failure handling
+- Media and Rich Content: Channel action discovery, Message send/read/edit/delete, Profile media loading, Outbound Matrix text, Message presentation metadata, Inbound media failure handling
+- Native Controls and Approvals: Channel action discovery, Message send/read/edit/delete, Profile media loading, Outbound Matrix text, Message presentation metadata, Inbound media failure handling, Matrix native exec, Origin target resolution from Matrix turn, Approver DM target resolution, Matrix approval metadata, Origin target resolution from Matrix turn, Approver DM target resolution, Matrix approval metadata
+- Encryption and Verification: Encryption setup, Encrypted media upload/download, Legacy state

.agents/skills/claw-score/references/completeness/mattermost-line-irc-nextcloud-talk-nostr-twitch-tlon-synology-chat.md

@@ -0,0 +1,11 @@
+# Mattermost, LINE, IRC, Nextcloud Talk, Nostr, Twitch, Tlon, Synology Chat Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`mattermost-line-irc-nextcloud-talk-nostr-twitch-tlon-synology-chat` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Mattermost bot account setup, WebSocket inbound monitoring, Outbound delivery, LINE Messaging API webhook setup, Signed inbound webhook events, Rich LINE payloads, Nextcloud Talk bot installation, Webhook ingress, Outbound markdown/text, Synology Chat incoming/outgoing webhook setup, Webhook token verification, Outbound text, IRC server/nick/TLS/NickServ setup, Raw IRC receive/send, Probe/status, Twitch bot account setup, Twitch IRC monitor/client lifecycle, Message tool send action, Nostr key setup, NIP-04 encrypted DM receive/send, Profile import/publish, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion, Nextcloud Talk bot installation, Webhook ingress, Outbound markdown/text, Synology Chat incoming/outgoing webhook setup, Webhook token verification, Outbound text and URL media delivery, Twitch bot account setup, Twitch IRC monitor/client lifecycle, Message tool send action, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion
+- Access and Identity: Mattermost bot account setup, WebSocket inbound monitoring, Outbound delivery, LINE Messaging API webhook setup, Signed inbound webhook events, Rich LINE payloads, Nextcloud Talk bot installation, Webhook ingress, Outbound markdown/text, Synology Chat incoming/outgoing webhook setup, Webhook token verification, Outbound text, IRC server/nick/TLS/NickServ setup, Raw IRC receive/send, Probe/status, Twitch bot account setup, Twitch IRC monitor/client lifecycle, Message tool send action, Nostr key setup, NIP-04 encrypted DM receive/send, Profile import/publish, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion, Synology Chat incoming/outgoing webhook setup, Webhook token verification, Outbound text and URL media delivery, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion
+- Conversation Routing and Delivery: Mattermost bot account setup, WebSocket inbound monitoring, Outbound delivery, LINE Messaging API webhook setup, Signed inbound webhook events, Rich LINE payloads, Nextcloud Talk bot installation, Webhook ingress, Outbound markdown/text, Synology Chat incoming/outgoing webhook setup, Webhook token verification, Outbound text, IRC server/nick/TLS/NickServ setup, Raw IRC receive/send, Probe/status, Twitch bot account setup, Twitch IRC monitor/client lifecycle, Message tool send action, Nostr key setup, NIP-04 encrypted DM receive/send, Profile import/publish, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion, Nextcloud Talk bot installation, Webhook ingress, Outbound markdown/text, Synology Chat incoming/outgoing webhook setup, Webhook token verification, Outbound text and URL media delivery, Twitch bot account setup, Twitch IRC monitor/client lifecycle, Message tool send action, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion
+- Media and Rich Content: LINE Messaging API webhook setup, Signed inbound webhook events, Rich LINE payloads, Nextcloud Talk bot installation, Webhook ingress, Outbound markdown/text, Synology Chat incoming/outgoing webhook setup, Webhook token verification, Outbound text, Nostr key setup, NIP-04 encrypted DM receive/send, Profile import/publish, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion, Tlon/Urbit ship URL/code setup, Urbit API auth/session, Rich text conversion

.agents/skills/claw-score/references/completeness/media-understanding-and-media-generation.md

@@ -0,0 +1,13 @@
+# Media understanding and media generation Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`media-understanding-and-media-generation` surface.
+
+## Category Scope
+
+- Media Intake and Access: Local and remote media references, MIME and type detection, Size caps and bounded reads, Safe remote fetch, Local root policy, Inbound media store, PDF/document extraction dispatch, QR and media helper classification
+- Channel Media Handling: Inbound attachment staging, Sandbox media rewrites, Reply media templating, Message-tool attachment delivery, Duplicate delivery suppression
+- Media Configuration: Media capability configuration
+- Text-to-Speech Delivery: TTS, Outbound Voice Audio Delivery
+- Media Understanding: Audio attachment selection, Batch STT provider and CLI fallback, Voice-note mention preflight, Transcript insertion and echo, Audio proxy and limit handling, Inbound image summarization, Active vision model bypass, Text-only model media offload, Vision provider fallback, Image and PDF input routing, Video Understanding, Direct Video Analysis
+- Media Generation: Image generation tool invocation, Provider and model selection, Reference image editing, Generated image task lifecycle, Generated image persistence and delivery, Music generation tool invocation, Provider and model selection, Lyrics, instrumental, duration, and format controls, Reference inputs where supported, Music task lifecycle and duplicate status, Generated audio persistence and delivery, Video generation tool invocation, Mode and provider capability selection, Reference image, video, and audio inputs, Provider option validation, Video task lifecycle and status, Generated video persistence and delivery

.agents/skills/claw-score/references/completeness/microsoft-teams.md

@@ -0,0 +1,12 @@
+# Microsoft Teams Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`microsoft-teams` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Teams CLI app creation, Bot registration and manifest upload, Credential configuration, Teams app install verification, Setup status, Probe and scope reporting, Teams app doctor, Webhook and health diagnostics, Operator repair paths, Text formatting and chunking, Adaptive and presentation cards, Progress streaming, Delivery receipts and errors, Queued and proactive replies, Webhook Runtime, SDK Lifecycle, Proactive Cloud Boundary, Setup status, Probe and scope reporting, Teams app doctor, Webhook and health diagnostics, Operator repair paths, Webhook Runtime, SDK Lifecycle, Proactive Cloud Boundary
+- Access and Identity: DM pairing, Stable sender identity, Allowlists and access groups, Invoke and command authorization, Teams-originated config writes, Bot Framework SSO invokes, Delegated token storage, Graph directory lookup, Member profile lookup, Bot Framework SSO invokes, Delegated token storage, Graph directory lookup, Member profile lookup
+- Conversation Routing and Delivery: Team and channel allowlists, Deterministic channel replies, Mention-gated group access, Session routing, Reply and thread context, Text formatting and chunking, Adaptive and presentation cards, Progress streaming, Delivery receipts and errors, Queued and proactive replies, Webhook Runtime, SDK Lifecycle, Proactive Cloud Boundary, Text formatting and chunking, Adaptive and presentation cards, Progress streaming, Delivery receipts and errors, Queued and proactive replies, Webhook Runtime, SDK Lifecycle, Proactive Cloud Boundary
+- Media and Rich Content: Inbound attachments, Graph-hosted media, File consent, SharePoint and OneDrive sharing, Media fetch safety
+- Native Controls and Approvals: Message action discovery, Polls and reactions, Read, edit, delete, and pin, Native approval cards, Feedback and group actions

.agents/skills/claw-score/references/completeness/multi-agent-orchestration.md

@@ -0,0 +1,31 @@
+# Multi-Agent Orchestration Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`multi-agent-orchestration` surface.
+
+## Surface-Specific Scoring Questions
+
+For each category, ask:
+
+- Can an operator configure and run the category workflow end to end?
+- Are the taxonomy features present as supported user paths rather than partial config fragments?
+- Are setup, normal operation, status or inspection, recovery, and removal paths represented where relevant?
+- Are channel, account, workspace, auth, task, and delegate variants covered where the category expects them?
+- Do known gaps leave major coordination or isolation branches missing?
+
+## Surface-Specific Guidance
+
+Variation from the default completeness process:
+
+- Completeness is the operator-facing system for setup, isolation, conversation routing, account routing, specialist lanes, delegate identity, status, recovery, and safe defaults.
+- A complete category lets multiple agents be created, isolated, routed, delegated, and inspected without implicit cross-agent leakage.
+- Undocumented config, nondeterministic routing, or unclear ownership of state, credentials, and outbound delivery are material completeness gaps.
+
+## Category Scope
+
+- Agent Setup: add agents, agent list/delete, identity files, non-interactive setup, and single-agent default.
+- Agent Isolation: workspace separation, state separation, auth separation, session separation, and tool profiles.
+- Conversation Routing: agent selection, route precedence, default fallback, peer overrides, and cross-channel examples.
+- Account Routing: multi-account setup, account selection, default accounts, account credentials, and delivery targets.
+- Specialist Lanes: lane contracts, background handoff, concurrency controls, priority controls, and coordinator handoff.
+- Delegate Identities: named delegates, authority model, delegate tiers, identity delegation, and organizational assistants.

.agents/skills/claw-score/references/completeness/native-windows-cli-and-gateway.md

@@ -0,0 +1,11 @@
+# Native Windows CLI and Gateway Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`native-windows-cli-and-gateway` surface.
+
+## Category Scope
+
+- Setup: PowerShell installer, Node and package-manager bootstrap, npm global install, Packaged CLI launcher, Windows command shims, openclaw onboard, Local Gateway config, Daemon install flags, Native-vs-WSL setup boundary
+- Gateway Management: openclaw gateway, Foreground runtime health/readiness, Windows-specific restart/signal, Unmanaged foreground mode, openclaw gateway install, Gateway launcher files, Scheduled Task runtime status, Startup-folder fallback, openclaw status, Windows service inspection, Post-install diagnostics
+- Networking: Native Windows host binding, netsh interface portproxy, Gateway status and probe output, Loopback, LAN, and WSL boundary
+- Updates: openclaw update on native Windows package, Managed Gateway stop/restart, Detached update handoff, Windows package locks

.agents/skills/claw-score/references/completeness/native-windows-companion-app.md

@@ -0,0 +1,12 @@
+# Native Windows companion app Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`native-windows-companion-app` surface.
+
+## Category Scope
+
+- Installation and Updates: Official app download, MSI/MSIX/App Installer/winget-style packaging, Windows architecture handling for x64, App release channel
+- Gateway Connection: App-managed local Gateway attach/start, Remote Gateway connection modes, Device/node pairing
+- Chat Sessions: Native Windows chat window, Gateway chat transport
+- Status and Repair: App health states, App-specific repair, Windows system tray app, Status indicators, App-specific notification permission
+- Desktop Tools and Permissions: Windows node identity, Host command execution, Desktop command policy, App approval prompts, Screen and media capture, Canvas host behavior, Windows shell integrations, App secrets, Windows ACL, Command approval

.agents/skills/claw-score/references/completeness/nix-install-path.md

@@ -0,0 +1,12 @@
+# Nix install path Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`nix-install-path` surface.
+
+## Category Scope
+
+- Install Handoff: Nix install overview, nix-openclaw source-of-truth, Install discoverability, Verification handoff
+- Plugin Lifecycle: Lifecycle command refusal, Declarative plugin selection, Nix-store plugin loading, Hardlink safety
+- Activation and App UX: Environment activation, macOS defaults activation, Runtime Nix-mode detection, Stable Nix defaults, Managed-by-Nix banner, Read-only config controls, Onboarding skip
+- Config and State: Immutable config guard, Config writer refusal, Agent-first Nix edits, Explicit config path, Writable state directory, Immutable-store config support, State integrity checks
+- Service Runtime and Guards: Nix profile PATH discovery, Profile precedence, Service PATH fallback, Trusted binary boundaries, Setup write refusal, Doctor repair refusal, Update handoff, Service lifecycle handoff

.agents/skills/claw-score/references/completeness/openai-codex-provider-path.md

@@ -0,0 +1,12 @@
+# OpenAI / Codex provider path Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`openai-codex-provider-path` surface.
+
+## Category Scope
+
+- Model and Auth: Canonical OpenAI Model Routing, Catalog, Codex OAuth Profiles, Subscription Usage, Doctor Diagnostics, Operator Repair
+- Responses and Tool Compatibility: Codex Responses Transport, Payload Compatibility, Tool Context, Capability Compatibility
+- Native Codex Harness: Native Codex App-server Harness, Thread Lifecycle
+- Image and Multimodal Input: Image Generation Editing, Multimodal Input
+- Voice and Realtime Audio: Realtime Voice Transcription, Speech

.agents/skills/claw-score/references/completeness/openclaw-app-sdk.md

@@ -0,0 +1,31 @@
+# OpenClaw App SDK Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`openclaw-app-sdk` surface.
+
+## Surface-Specific Scoring Questions
+
+For each category, ask:
+
+- Can an external app developer complete the category workflow using public SDK APIs?
+- Are the taxonomy features represented by stable client contracts rather than protocol-only fragments?
+- Are setup, authentication, streaming, result handling, error behavior, and compatibility expectations documented?
+- Are browser, Node, React, testing, and custom transport variants covered where the category expects them?
+- Do known gaps leave major external-app capability branches missing?
+
+## Surface-Specific Guidance
+
+Variation from the default completeness process:
+
+- Completeness is the external app-developer workflow from connection through agent runs, sessions, events, approvals, resources, compatibility, and operational error handling.
+- A complete SDK category exposes typed, documented, reusable client APIs instead of requiring low-level Gateway protocol work.
+- Manual Gateway frame construction or reliance on internal package shapes is a material completeness gap.
+
+## Category Scope
+
+- Client API: SDK entrypoints, namespace layout, package split, and app/plugin boundary.
+- Gateway Access: Gateway connect, URL and token config, auto gateway, custom transport, and scopes/redaction.
+- Agent Conversations: agent handles, agent runs, run results, session creation, session send, and session controls.
+- Events and Approvals: event stream, event envelope, replay cursors, approval callbacks, and questions.
+- Resource Helpers: models, ToolSpace, artifacts, tasks, and environments.
+- Compatibility: generated client, ergonomic wrappers, unsupported calls, schema alignment, and public package contract.

.agents/skills/claw-score/references/completeness/openrouter-provider-path.md

@@ -0,0 +1,11 @@
+# OpenRouter provider path Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`openrouter-provider-path` surface.
+
+## Category Scope
+
+- Provider Setup and Auth: First-run setup, Default model selection, Provider plugin registration, Model-ref examples, OPENROUTER_API_KEY, Auth profiles and auth order, Status/probe and removal, Provider-entry SecretRef/API-key resolution, Gateway env inheritance, Static catalog rows, Dynamic /models discovery, openrouter/auto and nested refs, Free-model scan/probe, Model list/picker cache
+- Chat Runtime and Normalization: Chat completions route, Provider routing params, Per-model route overrides, Reasoning payload policy, Anthropic/Gemini/DeepSeek variants, Streamed content parsing, reasoning_details visible output, Tool-call delta preservation, Family-specific replay policy, Response-model and usage normalization, Attribution headers, Response-cache headers/TTL/clear, Anthropic cache-control markers, Cache usage mapping, Custom proxy exclusions
+- Provider Recovery and Diagnostics: Timeout/retry classification, Auth/billing/key-limit classification, Context overflow, Model fallback notices, Guarded fetch/pricing warnings
+- Media Generation and Speech: image_generate OpenRouter route, video_generate async jobs/polling/download, music_generate audio route, Text-to-speech, Speech-to-text transcription, Inbound media understanding, Generated artifact delivery

.agents/skills/claw-score/references/completeness/plugin-sdk-and-bundled-plugin-architecture.md

@@ -0,0 +1,40 @@
+# Plugin Surface Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`plugin-sdk-and-bundled-plugin-architecture` surface.
+
+## Surface-Specific Scoring Questions
+
+For each category, ask:
+
+- Can the intended plugin task be completed end to end by an author or
+  operator?
+- Are the important plugin variants present for this category, such as channel,
+  provider, tool, bundled, local, npm, or ClawHub flows?
+- Are the main lifecycle stages present where relevant: create, configure,
+  validate, run, update, and remove or roll back?
+- Are compatibility, approval, or safety branches present when the category
+  implies them?
+- Are important author/operator-visible gaps still forcing workarounds or
+  unsupported paths?
+
+## Surface-Specific Guidance
+
+Variation from the default completeness process:
+
+- Completeness is the plugin author or operator lifecycle for authoring, packaging, installing, running, approving, publishing, and testing plugins, not just SDK or runtime primitives.
+- Score the plugin surface against the full plugin journey, not only one import path, packaging mode, or runtime path.
+- Bundled-only support or support for only selected plugin families is incomplete when the category implies broader plugin capability.
+- Publishing and testing categories should include expected lifecycle support, not just raw commands or fixtures.
+
+## Category Scope
+
+- Authoring and Packaging plugins: Root SDK entrypoint, Focused SDK imports, Entrypoint discovery, Migration shims, Plugin manifest, Package metadata, Runtime compatibility, Validation feedback
+- Bundled plugins: Bundled plugin listing, Bundled source overlays, Packaged bundled plugins, Generated plugin inventory, Bundled channel IDs
+- Canvas plugin: Hosted Canvas and A2UI surfaces, Agent canvas tool, Node Canvas commands, Control UI embeds, Canvas documents, A2UI transport and snapshots
+- Installing and running plugins: Plugin setup, Runtime activation, Enable and disable, Safe load failures, Dependency repair, Install update and uninstall
+- Channel plugins: Inbound event handling, Outbound delivery, Ingress authorization, Destination resolution, Native approval prompts
+- Provider and tool plugins: Provider plugins, Tool plugins, Model catalogs, Provider auth, Web search and fetch, Mixed plugins
+- Plugin approvals: Approval requests, Native approval delivery, Same-chat fallbacks, Exec and plugin separation, Approval replay protection, Security helpers
+- Publishing plugins: Install sources, ClawHub publishing, npm publishing, Compatibility signaling, Update and rollback expectations, Third-party publication rules
+- Testing plugins: Test fixtures, Local test environment, Plugin runtime harness, Unit and integration scaffolds, Docker lifecycle suites, Smoke tests

.agents/skills/claw-score/references/completeness/raspberry-pi-small-linux-devices.md

@@ -0,0 +1,11 @@
+# Raspberry Pi / small Linux devices Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`raspberry-pi-small-linux-devices` surface.
+
+## Category Scope
+
+- Setup and Compatibility: Hardware and 64-bit OS requirements, Node runtime setup, OpenClaw install and onboarding, First-run verification, Supported Pi model selection, 64-bit ARM boundary, Unsupported device guidance, Slow-device caveats, npm/pnpm/Bun install modes, Installer architecture detection, Optional ARM binary checks, Fallback/build guidance
+- Remote Access and Auth: Headless API-key auth, Gateway shared-secret auth, Device pairing approvals, SecretRef handling, Token drift recovery, SSH tunnel dashboard access, Tailscale Serve/Funnel, Loopback/non-loopback exposure controls, Authenticated Control UI access
+- Gateway Runtime: Always-on Gateway process, Cloud model configuration, Channel startup, Gateway health/status, User service install, linger/boot persistence, Service drop-ins, Restart tuning, Status/log inspection, Backup/restore
+- Performance and Diagnostics: Swap and low-RAM tuning, USB SSD guidance, Compile cache/no-respawn settings, OOM/performance troubleshooting, Diagnostics bundles

.agents/skills/claw-score/references/completeness/security-auth-pairing-and-secrets.md

@@ -0,0 +1,13 @@
+# Security, auth, pairing, and secrets Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`security-auth-pairing-and-secrets` surface.
+
+## Category Scope
+
+- Approval Policy and Tool Safeguards: Approval Policy, Dangerous Tool Safeguards
+- Gateway Auth and Remote Access: Shared Gateway token/password auth, Gateway auth mode, Trusted-proxy identity, Tailscale Serve/Funnel, Bind and origin restrictions, WebSocket handshake auth, Operator-facing docs, Browser Control UI, Remote Client Trust
+- Channel Access Control: Channel Identity, Allowlists, Sender Pairing
+- Device and Node Pairing: Setup codes, Device identity creation, Device-token issuance, Device pairing approvals for operator, Operator scopes that gate pairing, Local Control UI, Auth migration, Operator-facing docs, Node Pairing, Capability Trust, Remote Exec Approvals
+- Plugin Trust: Plugin Installation Trust, Security Boundaries
+- Credential and Secret Hygiene: Provider Auth Profiles, API Key Health, Secrets Storage, Redaction, Configuration Hygiene

.agents/skills/claw-score/references/completeness/session-memory-and-context-engine.md

@@ -0,0 +1,17 @@
+# Session, memory, and context engine Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`session-memory-and-context-engine` surface.
+
+## Category Scope
+
+- CLI Session and Transcript Management: CLI Session, Transcript Management
+- Compaction, Pruning, and Token Pressure: Compaction, Pruning, Token Pressure
+- Context Engine and Runtime Assembly: Context Engine, Runtime Assembly
+- Cross-client History and Session Parity: Cross-client History, Session Parity
+- Diagnostics, Maintenance, and Recovery: Diagnostics, Maintenance, Recovery
+- Instruction Profile and Context Visibility: Instruction Profile, Context Visibility
+- Memory Backend Storage and Embedding Search: Memory Backend Storage, Embedding Search
+- Memory Files, Tools, and Active Memory: Memory Files, Tools, Active Memory
+- Session Routing and Conversation Binding: Session Routing, Conversation Binding
+- Transcript Persistence and Durability: Transcript Persistence, Durability

.agents/skills/claw-score/references/completeness/signal.md

@@ -0,0 +1,12 @@
+# Signal Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`signal` surface.
+
+## Category Scope
+
+- Setup and Account Health: QR link setup, SMS registration, Installer and binary setup, Container account provisioning, Status probes, Setup diagnostics, Account safety guardrails
+- Conversation Access and Routing: DM pairing, DM allowlists, Sender identity normalization, Group allowlists, Mention gates, Pending group history
+- Message Delivery and Actions: Text delivery targets, Media delivery and limits, Typing and read receipts, Styled/chunked output, Reaction action discovery, Add/remove reactions, Group reaction targeting
+- Native Approvals: Native approval routing, Reaction approval responses, Approver targeting
+- Transport: Native daemon transport, Container transport, API mode selection, Receive reconnect/readiness

.agents/skills/claw-score/references/completeness/slack.md

@@ -0,0 +1,12 @@
+# Slack Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`slack` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: App Install, Slack app credentials, Manifest, Scopes, Channel status diagnostics, Slack account status, Operator Repair, Socket, HTTP transport, Runtime Lifecycle, Socket, HTTP transport, Runtime Lifecycle, Channel status diagnostics, Slack account status, Operator Repair
+- Access and Identity: Channel allowlists, Thread routing, Session Isolation, DM Pairing, Sender Authorization
+- Conversation Routing and Delivery: Channel allowlists, Thread routing, Session Isolation, DM Pairing, Sender Authorization, Outbound Delivery, Streaming, Reactions, Media, Attachments, Files, Vision, Outbound Delivery, Streaming, Reactions, Media, Attachments, Files, Vision
+- Media and Rich Content: Outbound Delivery, Streaming, Reactions, Media, Attachments, Files, Vision
+- Native Controls and Approvals: Slash Commands, Native Command Routing, Interactive Replies, App Home, Assistant Events, Native Approvals, Actions, Security-sensitive Ops, Interactive Replies, App Home, Assistant Events, Native Approvals, Actions, Security-sensitive Ops

.agents/skills/claw-score/references/completeness/telegram.md

@@ -0,0 +1,12 @@
+# Telegram Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`telegram` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: BotFather token creation, TELEGRAM_BOT_TOKEN, Setup wizard credential capture, Startup getMe, Doctor/status surfacing, Named account configuration, CLI/message-tool targets, Directory adapters, Channel status, Account-scoped outbound, Long polling runner startup, Webhook listener startup, Reconnect, Restart, Named account configuration, Directory adapters and configured peers/groups for, Channel status, Account-scoped outbound, Long polling runner startup, Reconnect, Restart
+- Access and Identity: dmPolicy modes, Pairing-code approval, Numeric Telegram user ID normalization with telegram, allowFrom, Unauthorized DM, Group allowlists, Supergroup negative chat IDs, Forum topic session keys, ACP topic routing, Session key construction
+- Conversation Routing and Delivery: dmPolicy modes, Pairing-code approval, Numeric Telegram user ID normalization with telegram, allowFrom, Unauthorized DM, Group allowlists, Supergroup negative chat IDs, Forum topic session keys, ACP topic routing, Session key construction, Inbound media download, Voice notes, Location, Poll sending, Reactions, Text, Preview streaming, Reply threading tags, Durable outbound message recording, Voice notes, Poll sending, Reply threading tags, Durable outbound message recording
+- Media and Rich Content: Inbound media download, Voice notes, Location, Poll sending, Reactions, Text, Preview streaming, Reply threading tags, Durable outbound message recording, Voice notes, Poll sending, Reply threading tags, Durable outbound message recording, Inbound media download, Voice notes, Location and venue extraction into channel context, Poll sending, Reactions
+- Native Controls and Approvals: Inline keyboard rendering, Exec approvals in DMs, Message actions, Action capability discovery, Native setMyCommands startup sync, Command name/description normalization, Built-in commands, Command authorization in DMs, Model buttons, Native `setMyCommands` startup sync, Command name/description normalization, Built-in commands such as `/help`, Command authorization in DMs, Model buttons and command UI helpers

.agents/skills/claw-score/references/completeness/telemetry-diagnostics-and-observability.md

@@ -0,0 +1,12 @@
+# Observability Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`telemetry-diagnostics-and-observability` surface.
+
+## Category Scope
+
+- Health and Repair: Background health-monitor loop, Per-account enable/disable settings, Startup grace, Restart logging, openclaw doctor, Structured health checks, Core doctor checks, Plugin SDK doctor/health contracts, openclaw status, openclaw health, Gateway RPC health, Cached health snapshots
+- Logging: Rolling Gateway JSONL file logs, openclaw logs, Gateway RPC logs.tail, Redaction patterns and sinks, Trace correlation fields
+- Diagnostic Collection: openclaw gateway diagnostics export, openclaw gateway stability --bundle, Chat /diagnostics, Support zip composition, Bounded in-process stability recorder, openclaw gateway stability, Memory pressure events, Critical memory pressure snapshot option
+- Telemetry Export: Diagnostic event types, Async dispatch, W3C trace context creation, Plugin SDK diagnostic runtime exports, Model-call diagnostic events, diagnostics-otel plugin install, OTLP/HTTP traces, Trusted trace context, Model and runtime telemetry, diagnostics-prometheus plugin install, Gateway-authenticated GET /api/diagnostics/prometheus, Prometheus text exposition, Trusted diagnostic event subscription
+- Session Diagnostics: session.state, Diagnostic session activity snapshots, Model usage, Export of session signals to stability

.agents/skills/claw-score/references/completeness/tui-and-terminal-ux.md

@@ -0,0 +1,12 @@
+# TUI Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`tui-and-terminal-ux` surface.
+
+## Category Scope
+
+- Runtime Modes: Gateway TUI launch, Local chat launch, Terminal alias launch, Initial message launch, Launch option validation, Gateway connection, Gateway authentication, History load on attach, Reconnect visibility, Gateway command RPCs, Embedded local chat, Local auth flow, Config repair loop, Gateway-free recovery
+- Input and Commands: Message composition, Input history, Keyboard shortcuts, Paste and busy-submit handling, IME and AltGr handling, Slash Commands, Pickers, Settings
+- Session Management: Session Lifecycle, History, Resume
+- Local Shell Execution: Bang-command routing, Approval prompt, Command output display, Execution environment marker
+- Rendering and Output Safety: Streaming Message Rendering, Tool Cards, Terminal Rendering Primitives, Output Safety

.agents/skills/claw-score/references/completeness/voice-and-realtime-talk.md

@@ -0,0 +1,13 @@
+# Voice and realtime talk Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`voice-and-realtime-talk` surface.
+
+## Category Scope
+
+- Talk Providers: OpenAI Realtime voice backend bridge, Google Gemini Live backend bridge, Realtime voice provider SDK contracts, Provider diagnostics, Talk catalog, Talk provider config, Shared native config parsing
+- Realtime Talk Sessions: Agent consult handoff, Active Talk agent-run status, Talkback runtime behavior, Forced consult scheduling, Browser Talk start/stop UI, Browser WebRTC sessions, Browser relay mode, Browser tool-call forwarding, Realtime session controls, Gateway relay sessions, Audio-frame limits
+- Speech and Transcription: Voice directives, Talk speech playback, Transcription relay sessions, Realtime transcription providers, Native directive parsing
+- Native App Talk: macOS native Talk mode, iOS Talk mode, Android Talk mode, Shared Talk config
+- Voice Wake and Routing: Wake-word settings, Wake routing, macOS Voice Wake runtime, Mobile wake preferences
+- Talk Observability: Talk event logging, Session-log health, Live smoke output, Prometheus diagnostic counters, Operator visibility into setup

.agents/skills/claw-score/references/completeness/voice-call-channel.md

@@ -0,0 +1,12 @@
+# Voice Call channel Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`voice-call-channel` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Voice Call Channel, Voice Call Channel, Voice Call Channel
+- Access and Identity: Voice Call Channel
+- Conversation Routing and Delivery: Voice Call Channel
+- Media and Rich Content: Voice Call Channel, Voice Call Channel
+- Realtime Voice and Calls: Voice Call Channel, Voice Call Channel, Voice Call Channel, Voice Call Channel, Voice Call Channel

.agents/skills/claw-score/references/completeness/watchos-companion-surfaces.md

@@ -0,0 +1,12 @@
+# watchOS companion surfaces Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`watchos-companion-surfaces` surface.
+
+## Category Scope
+
+- Delivery and Recovery: APNs relay/direct registration as it affects, Silent push, Pending approval recovery IDs, Gateway-side iOS exec approval, iPhone-side WatchConnectivity transport, Watch-side receiver activation, Delivery fallback among reachable messages
+- Exec Approvals: Watch exec approval prompt, Watch approval list/detail UI, iPhone-side prompt caching
+- Distribution and Support: Watch app, Signing/profile variables, Public/support status, Changelog, Release metadata, Historical bug/regression themes relevant to scoring
+- Notifications and Replies: watch.status, Payload normalization, Mirrored iOS notification fallback when watch, Watch action buttons from generic prompt, Watch-to-iPhone reply payloads, iPhone-side dedupe, Mirrored iOS notification action
+- Watch App UI: Watch app entry point, Generic inbox, Persistent watch inbox state

.agents/skills/claw-score/references/completeness/web-search-tools.md

@@ -0,0 +1,11 @@
+# Web search tools Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`web-search-tools` surface.
+
+## Category Scope
+
+- Search Providers: API-backed providers, Keyless and self-hosted providers, Provider comparison and auto-detection, Provider-specific filters and extraction, Result normalization, OpenAI native web_search, Codex native web_search, Gemini grounding, Grok web grounding, Kimi web search, Provider-native citations, Model and filter routing, webSearchProviders, registerWebSearchProvider, webFetchProviders, registerWebFetchProvider, public-artifact loading, runtime resolution, contract tests
+- Setup and Diagnostics: Provider credentials, Default provider selection, Credential repair, Status checks, Quota errors, Cache controls, Provider diagnostics, Retry and fallback, Operator repair
+- Network Safety: Network Safety, SSRF, Redirects, Untrusted Content
+- Tool Availability and Fetch: web_search exposure, web_fetch exposure, x_search exposure, group:web policy, disabled-state diagnostics, provider/model gating, URL fetch, HTML extraction, PDF/text extraction, Safe truncation, Content citation handoff

.agents/skills/claw-score/references/completeness/whatsapp.md

@@ -0,0 +1,12 @@
+# WhatsApp Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`whatsapp` surface.
+
+## Category Scope
+
+- Channel Setup and Operations: Official @openclaw/whatsapp plugin metadata, openclaw plugin install whatsapp, Channel config schema, Baileys socket lifecycle, Operator troubleshooting, Baileys socket lifecycle, Operator troubleshooting for reconnect loops
+- Access and Identity: QR login, Baileys multi-file auth persistence, DM pairing challenge, Multi-account/default-account resolution, Direct-message dmPolicy, Sender identity extraction, Privacy controls for plugin hooks, Direct-message `dmPolicy`, Sender identity extraction, Privacy controls for plugin hooks and
+- Conversation Routing and Delivery: Group allowlists, Group session keys, Outbound text sends, Provider-accepted receipts, Outbound text sends, Provider-accepted receipts and durable delivery identifiers
+- Media and Rich Content: Inbound media download, Outbound image
+- Native Controls and Approvals: Native exec, Approver target resolution

.agents/skills/claw-score/references/completeness/windows-via-wsl2.md

@@ -0,0 +1,12 @@
+# Windows via WSL2 Completeness
+
+Use this rubric when assigning category Completeness scores for the
+`windows-via-wsl2` surface.
+
+## Category Scope
+
+- WSL Setup and Updates: WSL2 + Ubuntu installation, Node runtime, Linux install flow inside WSL2, WSL2 runtime boundary, WSL2 network-family requirements, Source install and build inside WSL2, openclaw update, npm/pnpm/git package-root, Managed systemd Gateway restart, Service metadata refresh, Package-manager caveats
+- Gateway Service Lifecycle: Onboarded systemd install, Gateway service install, systemd user unit rendering, WSL-aware systemd unavailable hints, Doctor service repair, WSL user-service linger, Systemd availability after Windows boot, Windows startup task for WSL, Verification before Windows sign-in, Clear expectations around PC power
+- Gateway Access and Exposure: Gateway token/password auth, Provider credentials, Gateway auth SecretRefs, Remote URL credential precedence, WSL virtual network, Windows portproxy setup, Windows Firewall rules, Reachable Gateway URLs, Loopback and LAN exposure, WSL2 IPv4 networking, Tailscale remote access
+- Diagnostics and Repair: openclaw doctor, openclaw status, openclaw logs, SecretRef, WSL/systemd unavailable hints, Operator repair guidance after WSL2 service
+- Browser and Control UI: WSL2 Gateway with Windows browser, Windows Control UI URL, Raw remote CDP to Windows Chrome, Host-local Chrome MCP, Browser profile cdpUrl, Layered diagnostics

.agents/skills/openclaw-changelog-update/SKILL.md

@@ -12,10 +12,10 @@ content, ordering, grouping, and attribution discipline.
 
 ## Goal
 
-Rewrite the target `CHANGELOG.md` version section from history, not from stale
-draft notes. Produce grouped user-facing release notes sorted by user interest
-while preserving every relevant issue/PR ref and every human `Thanks @...`
-attribution.
+Rebuild the target `CHANGELOG.md` version section from a complete, generated
+history manifest, not stale draft notes. Produce grouped user-facing release
+notes sorted by user interest while preserving every relevant issue/PR ref and
+every human `Thanks @...` attribution.
 
 ## Inputs
 
@@ -34,8 +34,37 @@ attribution.
    - `git log --first-parent --date=iso-strict --pretty=format:'%h%x09%ad%x09%s' <base-tag>..<target-ref>`
    - `git log --first-parent --grep='(#' --date=short --pretty=format:'%h%x09%ad%x09%s' <base-tag>..<target-ref>`
    - also inspect `--since='24 hours ago'` when main moved during the release.
-3. Read linked PRs/issues or diffs for ambiguous commits. Direct commits matter;
-   infer notes from subject, body, touched files, tests, and nearby commits.
+3. Generate the complete contribution record and editorial manifest before
+   writing grouped prose:
+
+   ```bash
+   node .agents/skills/openclaw-changelog-update/scripts/verify-release-notes.mjs \
+     --base <base-tag> \
+     --target <target-ref> \
+     --version <YYYY.M.PATCH> \
+     --manifest /tmp/openclaw-release-<YYYY.M.PATCH>.json \
+     --write-ledger
+   ```
+
+   - the manifest is the required input to the rewrite, not an after-the-fact
+     audit; it contains every referenced PR, eligible contributor credit,
+     inline issue context, every direct commit, and an editorial-eligibility
+     classification for PRs and direct commits
+   - for a historical backfill, add `--seed-ref <pre-backfill-ref>` once so
+     contribution records from the prior changelog are retained even when an
+     older merged commit omitted its PR number; the verifier excludes records
+     for work reverted after the base tag, including beta work reverted before
+     the stable release
+   - source PR discovery combines merged GitHub commit associations with merged
+     PR references explicitly present in active commit subjects/bodies so
+     cherry-picks and squash commits remain accounted for. Resolve every
+     association page and exclude PRs merged after the target release commit
+   - read the manifest before editing `### Highlights`, `### Changes`, or
+     `### Fixes`; do not carry old grouped prose forward without re-auditing it
+   - inspect linked PRs/issues or diffs for ambiguous commits. Direct commits
+     are editorial input, not public ledger rows; infer material user outcomes
+     from subject, body, touched files, tests, and nearby commits
+
 4. Rewrite one stable-base section only:
    - use `## YYYY.M.PATCH`
    - do not create beta-specific headings
@@ -44,10 +73,21 @@ attribution.
      section instead of deleting them
 5. Section shape:
    - `### Highlights`: 5-8 bullets, broad user wins first
+     - include only a clear user-visible capability or workflow unlock, a
+       material reliability/safety fix, a broad cross-surface improvement, or
+       a release-defining integration/compatibility milestone
+     - every highlight must say what changed for a user in one sentence; use
+       one user story per bullet and group its supporting PRs
+     - exclude tests, CI, refactors, docs, catalog churn, and implementation
+       detail unless the outcome is a material install/update, data-safety, or
+       widely visible user improvement
    - `### Changes`: new capabilities and behavior changes
    - `### Fixes`: user-facing fixes first, grouped by impact and surface
    - group related changes/fixes by surface and user impact; avoid one bullet
      per tiny commit when several commits tell one user-facing story
+   - `### Complete contribution record`: generated PR-first record after the
+     grouped prose; it is the exhaustive accounting surface, not a second
+     release summary
 6. Preserve attribution:
    - keep `#issue`, `(#PR)`, `Fixes #...`, and `Thanks @...`
    - every human-authored merged PR represented by a user-facing entry needs
@@ -62,17 +102,35 @@ attribution.
    - multiple `Thanks @...` handles in one bullet are expected; do not drop or
      collapse contributor credit just because the note is grouped
    - if one grouped bullet covers both direct commits and PRs, keep all PR refs
-     and thanks, plus any issue refs from the direct commits
-   - before finalizing, audit the final release-note body:
-     - extract all `#NNN` refs from the notes
-     - resolve which refs are PRs and collect human PR authors
-     - resolve issue refs used as bug/report refs and collect human reporters
-     - scan represented commits for `Co-authored-by`
-     - compare those handles to the final `Thanks @...` set
-     - fix every missing human credit or explicitly record why it is omitted
+     and thanks, plus any issue refs and human credit from the direct work
+   - issues remain normal inline `#NNN` references. Do not add a separate
+     linked-issues inventory. The generated PR record keeps source issues
+     inline as `Related #NNN` on the PR that shipped them
+   - when backfilling an older linked-issues inventory, preserve reporter
+     credit inline for every GitHub-confirmed closing PR relationship. Do not
+     infer a PR relationship from a generic cross-reference event, invent an
+     unrelated PR link for a standalone report, or recreate the retired
+     inventory
+   - the complete contribution record lists every merged source PR exactly once
+     as `**PR #NNN**`; source PRs include GitHub commit associations and merged
+     PR references explicitly present in active commit subjects/bodies. It
+     preserves author/co-author credit and any issue references in the original
+     title
+   - direct commits remain in the manifest with GitHub-resolved author,
+     co-author, issue, and editorial-eligibility data. They inform grouped
+     prose but are never rendered as a public `#### Direct commits` dump. Add
+     direct-commit credit to a grouped bullet only when it shares an explicit
+     closing issue reference or at least two distinctive subject terms
+   - the verifier rejects `docs`, `test`, `refactor`, `ci`, `build`, `chore`,
+     and `style` PRs in Highlights, Changes, or Fixes. Keep those internal
+     contributions in the complete PR record, but do not give them editorial
+     release-note space
+   - classify internal-only work from conventional prefixes and clear title
+     signals such as `QA`, `test`, `docs`, `refactor`, `lint`, or `CI`; an
+     untyped title is not automatically editorial
    - do not add GHSA references, advisory IDs, or security advisory slugs to
      changelog entries or GitHub release-note text unless explicitly requested
-   - never thank bots, `@openclaw`, `@clawsweeper`, or `@steipete`
+   - never thank bots, `@claude`, `@openclaw`, `@clawsweeper`, or `@steipete`
    - do not use GitHub's release contributor count as the source of truth; the
      changelog must carry the complete human credit set itself
 7. Sorting preference:
@@ -91,10 +149,50 @@ attribution.
    - if any compatibility `removeAfter` is on/before release date, resolve it
      or explicitly record the blocker before shipping
 10. Validate and ship:
-   - `git diff --check`
-   - for docs/changelog-only changes, no broad tests are required
-   - commit with `scripts/committer "docs(changelog): refresh YYYY.M.PATCH notes" CHANGELOG.md`
-   - push, pull/rebase if needed, then branch/rebase release from latest `main`
+
+- after the manifest-driven rewrite, regenerate and verify the complete
+  contribution record before committing:
+  ```bash
+  node .agents/skills/openclaw-changelog-update/scripts/verify-release-notes.mjs \
+    --base <base-tag> \
+    --target <target-ref> \
+    --version <YYYY.M.PATCH> \
+    --manifest /tmp/openclaw-release-<YYYY.M.PATCH>.json \
+    --write-ledger
+  ```
+- the command fails when any `#NNN` reference in release history or the
+  rendered release section cannot resolve, when reverted work is presented
+  as shipped, when a source PR is absent from the contribution record, when
+  direct commits are rendered as a public record dump, when non-editorial
+  PRs appear in grouped prose, or when an eligible PR author or known
+  co-author is missing from that PR's `Thanks @...` credit
+- when grouped prose names a PR, that same bullet must retain every
+  contributor and linked-reporter credit from its generated PR record
+- unqualified `#NNN` references resolve against `openclaw/openclaw`;
+  cross-repository references such as `openclaw/imsg#141` remain literal
+  text and must not be rewritten as local issue links
+- after the GitHub release or prerelease is published, verify every matching
+  release page against the same source section:
+  ```bash
+  node .agents/skills/openclaw-changelog-update/scripts/verify-release-notes.mjs \
+    --base <base-tag> \
+    --target <target-ref> \
+    --version <YYYY.M.PATCH> \
+    --release-tag v<YYYY.M.PATCH> \
+    --check-github
+  ```
+- add one `--release-tag` for every beta and stable page in the train; a
+  `### Release verification` tail is permitted, but any other body drift
+  fails the check; the GitHub body must begin with the complete
+  `## YYYY.M.PATCH` changelog section, including its heading
+- GitHub release bodies are limited to 125,000 characters. If the complete
+  source section plus an existing verification tail exceeds that limit, keep
+  the source section intact and omit the tail; never truncate the
+  contribution record
+- `git diff --check`
+- for docs/changelog-only changes, no broad tests are required
+- commit with `scripts/committer "docs(changelog): refresh YYYY.M.PATCH notes" CHANGELOG.md`
+- push, pull/rebase if needed, then branch/rebase release from latest `main`
 
 ## Quota / API Outage Rule
 

.agents/skills/openclaw-landable-bug-sweep/SKILL.md

@@ -107,16 +107,9 @@ Reject:
 
 ## PR Body Proof
 
-Use the repo PR template. Include these exact labels:
-
-```text
-Behavior addressed:
-Real environment tested:
-Exact steps or command run after this patch:
-Evidence after fix:
-Observed result after fix:
-What was not tested:
-```
+Use the repo PR template. Include authored `## What Problem This Solves` and
+`## Evidence` sections. Keep the body focused on intent and the most useful
+validation evidence; inspect the code, tests, and CI before judging correctness.
 
 ## Existing PR Rules
 

.agents/skills/release-openclaw-ci/SKILL.md

@@ -16,19 +16,33 @@ Use this with `$release-openclaw-maintainer` and `$openclaw-testing` when a rele
 - Watch one parent run plus compact child summaries. Avoid broad `gh run view` polling loops; REST quota is easy to burn.
 - Fetch logs only for failed or currently-blocking jobs. If quota is low, stop polling and wait for reset.
 - Treat live-provider flakes separately from code failures: prove key validity, provider HTTP status, retry evidence, and exact failing lane before editing code.
-- Anthropic release lanes support both API keys and OAuth. When API keys are
-  exhausted but a maintainer-owned OAuth token passes a live Anthropic probe,
-  set `ANTHROPIC_OAUTH_TOKEN` for provider/runtime lanes and
-  refreshable `OPENCLAW_CLAUDE_CREDENTIALS_JSON` or
-  `CLAUDE_CODE_OAUTH_TOKEN` for Claude CLI subscription lanes before rerunning
-  the matrix. Revalidate short-lived OAuth immediately before dispatch. Never
-  keep retrying a known exhausted API key. Live-cache validation must prefer
-  the proven OAuth token instead of leaving an exhausted API key first in the
-  runtime key pool.
+- A model-list response proves authentication, not billing or inference
+  entitlement. Mandatory live providers must pass a real completion probe
+  before release dispatch. Fix the credential first; do not add an alternate
+  auth path merely to bypass a failed release credential.
 - Full Release Validation parent monitors fail fast: once a required child job
   fails, the parent cancels the remaining child matrix and prints the failed
   job summary. Inspect that first red job instead of waiting for unrelated
   matrix tails.
+- In a sparse worktree or Testbox source sync, first confirm `package.json`,
+  `pnpm-lock.yaml`, and every source path the selected check reads. If any are
+  absent, that checkout cannot validate a release dependency or Docker lane:
+  stop and use the repo remote changed gate or a full task worktree. When the
+  inputs are present and a release fix changes `package.json` or
+  `pnpm-lock.yaml`, rebuild only the task-owned disposable box with
+  `CI=true pnpm install --frozen-lockfile`, then run an explicit
+  `require.resolve()` probe before Docker or focused tests. The CI flag permits
+  pnpm to recreate a prewarmed modules directory without an interactive
+  confirmation. Do not weaken the lockfile or label sparse-checkout failures
+  as product/Docker failures.
+- If the candidate is rebased or its base SHA changes after warmup, stop the
+  task-owned box and warm a fresh one before testing. Testbox source sync is
+  relative to the warmed source tree; continuing can mix an old base file with
+  a new candidate diff and produce false lockfile or Docker failures.
+- For a committed release candidate, warm the box with
+  `blacksmith testbox warmup ... --ref <candidate-branch-or-sha>`. Do not rely
+  on source sync to overlay committed branch changes onto the workflow's
+  default ref.
 
 ## Preflight
 
@@ -45,8 +59,8 @@ git rev-parse HEAD
 preflight. Inject those exact targeted keys first, then run the verifier; use
 ambient env only when it was already intentionally injected for this release.
 The script prints only provider status and HTTP class, never tokens.
-For Anthropic it prefers `ANTHROPIC_OAUTH_TOKEN` and validates it with bearer
-OAuth headers when present; otherwise it checks API-key-shaped credentials.
+The Anthropic check performs a tiny message completion so exhausted or
+non-billable credentials fail before the expensive release matrix.
 
 ## Dispatch
 
@@ -62,7 +76,7 @@ gh workflow run openclaw-performance.yml \
   -f repeat=3 \
   -f deep_profile=false \
   -f live_openai_candidate=false \
-  -f fail_on_regression=false
+  -f fail_on_regression=true
 ```
 
 - Do not wait for full release validation to start this early perf signal.
@@ -71,8 +85,9 @@ gh workflow run openclaw-performance.yml \
 - Call out any regression in the release proof. Treat a major regression as a
   release blocker until it is fixed, waived by the operator, or proven to be
   infrastructure noise.
-- Full Release Validation also records advisory product-performance evidence;
-  the early standalone run is for overlap and faster regression discovery.
+- Full Release Validation records blocking product-performance evidence. The
+  early standalone run is for overlap and faster regression discovery, but a
+  regression or missing child run blocks the parent validation.
 
 Prefer the trusted workflow on `main`, target the exact release SHA:
 
@@ -94,7 +109,7 @@ gh workflow run full-release-validation.yml \
   -f rerun_group=all
 ```
 
-Use `release_profile=stable` unless the operator explicitly asks for the broad advisory provider/media matrix. Use narrow `rerun_group` after focused fixes.
+Use `release_profile=stable` unless the operator explicitly asks for the broad advisory provider/media matrix. Stable and full profiles force the release soak; the beta profile may opt in with `run_release_soak=true`. Use narrow `rerun_group` after focused fixes.
 Publish with `openclaw-release-publish.yml` using `release_profile=from-validation`
 unless a maintainer intentionally wants to cross-check a specific profile; the
 publish workflow reads the effective profile from the full-validation manifest.
@@ -124,13 +139,25 @@ Stop watchers before ending the turn or switching strategy.
      --jq '.jobs[] | select(.conclusion=="failure" or .conclusion=="timed_out" or .conclusion=="cancelled") | [.databaseId,.name,.conclusion,.url] | @tsv'
    ```
 3. Fetch one failed job log. If rate-limited, note reset time and avoid more REST calls.
-4. For secret-looking failures, validate the provider endpoint from the same secret source before editing code.
-   For Docker CLI-backend failures, also validate
-   `OPENCLAW_CLAUDE_CREDENTIALS_JSON` or `CLAUDE_CODE_OAUTH_TOKEN` in a
-   clean-home Claude CLI probe; that lane should use subscription mode when
-   either credential exists.
+4. For secret-looking failures, validate a real completion from the same secret source before editing code. A successful model-list request is insufficient.
+   Claude CLI subscription credentials are a separate native auth path; prove
+   them in a clean-home CLI probe, never as a substitute for a required
+   Anthropic API-key lane.
 5. For live-cache failures, inspect whether it is missing/invalid key, empty text, provider refusal, timeout, or baseline miss. Do not weaken release gates without clear provider evidence.
 6. Fix narrowly, run local/changed proof, commit, push, rerun the smallest matching group.
+7. If a required PR CI run is capacity-stalled with queued jobs and no active
+   jobs, do not cancel unrelated work or accept a generic manual dispatch.
+   From the PR head branch, dispatch the explicit exact-SHA fallback:
+   `gh workflow run ci.yml --repo openclaw/openclaw --ref <pr-head-branch> -f
+target_ref=<full-pr-sha> -f include_android=true -f release_gate=true`.
+   It runs on GitHub-hosted runners and is accepted only when its run title is
+   `CI release gate <full-pr-sha>`. Record the stalled Blacksmith run and the
+   fallback run in release evidence.
+   If `Blacksmith Build Artifacts Testbox` is the only remaining required gate
+   and remains queued without a runner, that completed exact fallback may cover
+   it because CI's `build-artifacts` job already builds, packages, and smoke
+   tests the artifacts. Do not use this coverage after the artifact workflow
+   starts or completes non-successfully.
 
 ## Evidence
 

.agents/skills/release-openclaw-ci/scripts/verify-provider-secrets.mjs

@@ -1,17 +1,22 @@
 #!/usr/bin/env node
 /**
- * Release preflight helper that verifies required provider API keys can reach
- * their model-list endpoints without printing secret values.
+ * Release preflight helper that verifies required provider API keys without
+ * printing secret values. Anthropic must complete a prompt because model-list
+ * access does not prove billing or inference entitlement.
  */
 import process from "node:process";
 
 const args = new Map();
 for (let index = 2; index < process.argv.length; index += 1) {
   const arg = process.argv[index];
-  if (!arg.startsWith("--")) continue;
+  if (!arg.startsWith("--")) {
+    continue;
+  }
   const [key, inlineValue] = arg.slice(2).split("=", 2);
   const value = inlineValue ?? process.argv[index + 1];
-  if (inlineValue === undefined) index += 1;
+  if (inlineValue === undefined) {
+    index += 1;
+  }
   args.set(key, value);
 }
 
@@ -28,7 +33,9 @@ const timeoutMs = Number(args.get("timeout-ms") ?? 10_000);
 function envFirst(names) {
   for (const name of names) {
     const value = process.env[name]?.trim();
-    if (value) return { name, value };
+    if (value) {
+      return { name, value };
+    }
   }
   return undefined;
 }
@@ -42,15 +49,21 @@ async function checkProvider(id, config) {
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   try {
-    const headers = config.headers(secret);
+    const headers = config.headers(secret.value);
     const response = await fetch(config.url, {
+      body: config.body,
       headers,
+      method: config.method,
       signal: controller.signal,
     });
+    const responseBody = config.validateResponse
+      ? await response.json().catch(() => undefined)
+      : undefined;
+    const ok = response.ok && (!config.validateResponse || config.validateResponse(responseBody));
     return {
       id,
-      ok: response.ok,
-      status: response.ok ? "ok" : `http_${response.status}`,
+      ok,
+      status: response.ok ? (ok ? "ok" : "invalid_response") : `http_${response.status}`,
       env: secret.name,
     };
   } catch (error) {
@@ -69,32 +82,35 @@ const providers = {
   openai: {
     env: ["OPENAI_API_KEY"],
     url: "https://api.openai.com/v1/models",
-    headers: ({ value }) => ({ authorization: `Bearer ${value}` }),
+    headers: (token) => ({ authorization: `Bearer ${token}` }),
   },
   anthropic: {
-    env: ["ANTHROPIC_OAUTH_TOKEN", "ANTHROPIC_API_KEY", "ANTHROPIC_API_TOKEN"],
-    url: "https://api.anthropic.com/v1/models",
-    headers: ({ name, value }) =>
-      name === "ANTHROPIC_OAUTH_TOKEN"
-        ? {
-            "anthropic-beta": "oauth-2025-04-20",
-            "anthropic-version": "2023-06-01",
-            authorization: `Bearer ${value}`,
-          }
-        : {
-            "anthropic-version": "2023-06-01",
-            "x-api-key": value,
-          },
+    env: ["ANTHROPIC_API_KEY", "ANTHROPIC_API_TOKEN"],
+    url: "https://api.anthropic.com/v1/messages",
+    method: "POST",
+    body: JSON.stringify({
+      max_tokens: 8,
+      messages: [{ role: "user", content: "Reply with OK." }],
+      model: "claude-haiku-4-5",
+    }),
+    headers: (token) => ({
+      "anthropic-version": "2023-06-01",
+      "content-type": "application/json",
+      "x-api-key": token,
+    }),
+    validateResponse: (body) =>
+      Array.isArray(body?.content) &&
+      body.content.some((part) => typeof part?.text === "string" && part.text.trim()),
   },
   fireworks: {
     env: ["FIREWORKS_API_KEY"],
     url: "https://api.fireworks.ai/inference/v1/models",
-    headers: ({ value }) => ({ authorization: `Bearer ${value}` }),
+    headers: (token) => ({ authorization: `Bearer ${token}` }),
   },
   openrouter: {
     env: ["OPENROUTER_API_KEY"],
     url: "https://openrouter.ai/api/v1/models",
-    headers: ({ value }) => ({ authorization: `Bearer ${value}` }),
+    headers: (token) => ({ authorization: `Bearer ${token}` }),
   },
 };
 
@@ -115,7 +131,9 @@ let failed = false;
 for (const result of results) {
   const requiredLabel = required.has(result.id) ? "required" : "optional";
   console.log(`${result.id}: ${result.status} env=${result.env} ${requiredLabel}`);
-  if (required.has(result.id) && !result.ok) failed = true;
+  if (required.has(result.id) && !result.ok) {
+    failed = true;
+  }
 }
 
 if (failed) {

.agents/skills/release-openclaw-maintainer/SKILL.md

@@ -17,6 +17,10 @@ Use this skill for release and publish-time workflow. Load `$release-private` if
 - This skill should be sufficient to drive the normal release flow end-to-end.
 - Use the private maintainer release docs for credentials, recovery steps, and mac signing/notary specifics, and use `docs/reference/RELEASING.md` for public policy.
 - Core `openclaw` publish is manual `workflow_dispatch`; creating or pushing a tag does not publish by itself.
+- Do not edit the root `README.md` as release prep, release closeout, or a
+  substitute for release notes. Package-root README validation is a hard
+  packaging gate, but a release only changes README content when an actual
+  user-facing documentation contract changed.
 - Normal release work happens on a branch cut from `main`, not directly on
   `main`. Use `release/YYYY.M.PATCH` for the branch name.
 - If the operator asks for a release without saying stable/full, default to
@@ -76,6 +80,44 @@ Use this skill for release and publish-time workflow. Load `$release-private` if
   or clawgrit reports. Report regressions explicitly. A major regression is a
   release blocker unless the operator waives it or the data clearly proves
   infrastructure noise.
+- Heal CI before tagging or publishing. The exact candidate SHA must have green
+  `Full Release Validation`, including the root Dockerfile/install-smoke path.
+  Treat a red Docker, package, or release workflow lane as a release-branch
+  defect until the smallest correct fix is landed and proven; do not waive it
+  because npm preflight or another sibling lane passed.
+- Keep the canonical `scripts/pr` runner authoritative for prepare and merge
+  artifacts. A release-gate policy change may use focused candidate tests and
+  exact-SHA hosted CI for proof, but never route `prepare-*` or `merge-*`
+  through PR-controlled scripts or synthesize prepare artifacts to bootstrap
+  the change. If the current canonical gate cannot validate the new policy,
+  stop for explicit maintainer direction rather than weakening that boundary.
+- In maintainer Testbox mode, use `OPENCLAW_TESTBOX=1 scripts/pr prepare-run
+<PR>` only after the exact PR head has passed `CI` and every scheduled
+  hosted gate. For a workflow change, that means `Blacksmith Testbox`,
+  `Blacksmith ARM Testbox`, `Blacksmith Build Artifacts Testbox`, and
+  `Workflow Sanity`; only gates GitHub actually scheduled for that exact head
+  are required. This preserves the canonical prepare artifacts while avoiding
+  a redundant broad local suite. A
+  literal `CHANGELOG.md`-only head gets a clean diff check instead because
+  those workflows intentionally do not dispatch. Documentation and README
+  changes still require CI. If `merge-run` requires a mainline sync, run
+  `OPENCLAW_TESTBOX=1 scripts/pr prepare-sync-head <PR>`, wait for those hosted
+  gates on the newly pushed SHA, then run `prepare-run` again.
+- If an exact PR-head CI run has no active jobs because Blacksmith capacity is
+  stalled, a maintainer may dispatch the explicit GitHub-hosted fallback from
+  the PR head branch:
+  `gh workflow run ci.yml --repo openclaw/openclaw --ref <pr-head-branch> -f
+target_ref=<full-pr-sha> -f include_android=true -f release_gate=true`.
+  Use it only for an observed provider queue stall, never for failed CI or as a
+  routine shortcut. The run must be named `CI release gate <full-pr-sha>` and
+  pass on that exact SHA; the native hosted-gate verifier rejects generic manual
+  CI runs. If `Blacksmith Build Artifacts Testbox` is the only remaining
+  required gate and it is still queued without a runner, the same completed
+  fallback CI may cover it because its `build-artifacts` job builds, packages,
+  and smoke tests those artifacts. The verifier records that coverage. Never
+  use this coverage when the artifact workflow has started, failed, been
+  cancelled, or been skipped. Then rerun `OPENCLAW_TESTBOX=1 scripts/pr
+prepare-run <PR>`.
 - Generate the changelog before every beta, beta rerun, stable release, or
   stable rerun, before version/tag preparation. Use
   `$openclaw-changelog-update` for the rewrite. Do not continue release prep if
@@ -100,6 +142,34 @@ Use this skill for release and publish-time workflow. Load `$release-private` if
 - `dev`: moving head on `main`
 - When using a beta Git tag, publish npm with the matching beta version suffix so the plain version is not consumed or blocked
 
+## Close stable releases on main
+
+Stable publication is not complete until `main` carries the actual shipped release state.
+
+1. Start from fresh latest `main`. Audit `release/YYYY.M.PATCH` against it and
+   forward-port real fixes that are absent from `main`. Do not blindly merge
+   release-only compatibility, test, or validation adapters into newer `main`.
+2. Set `main` to the shipped stable version, not a speculative next train. Run
+   `pnpm release:prep` after the root version change, then
+   `pnpm deps:shrinkwrap:generate`.
+3. Make `CHANGELOG.md`'s `## YYYY.M.PATCH` section on `main` exactly match the
+   tagged release branch. Include the stable `appcast.xml` update when the mac
+   release published one.
+4. Do not add `YYYY.M.PATCH+1`, a beta version, or an empty future changelog
+   section to `main` until the operator explicitly starts that release train.
+5. Run `pnpm release:generated:check`, `pnpm deps:shrinkwrap:check`, and
+   `OPENCLAW_TESTBOX=1 pnpm check:changed`. Push, then verify `origin/main`
+   contains the shipped version and changelog before calling the stable release
+   done.
+6. Keep repository variables `RELEASE_ROLLBACK_DRILL_ID` and
+   `RELEASE_ROLLBACK_DRILL_DATE` current after each private rollback drill.
+   `openclaw-stable-main-closeout.yml` starts from the `main` push carrying the
+   shipped version, changelog, and appcast after stable publication, then binds
+   immutable evidence to the published tag. Do not declare stable complete
+   until it writes the immutable closeout manifest to the GitHub release. The
+   drill must be within 90 days; manual dispatch is only for repair/replay, and
+   private rollback commands remain in the maintainer-only runbook.
+
 ## Handle versions and release files consistently
 
 - Version locations include:
@@ -179,12 +249,20 @@ Use this skill for release and publish-time workflow. Load `$release-private` if
   section from history, not existing notes. Use the last reachable stable or
   beta release tag as the base, then inspect every commit through the target
   release SHA.
+- Generate `$openclaw-changelog-update`'s full contribution manifest before
+  the editorial rewrite. It is the required source for `### Highlights`,
+  `### Changes`, and `### Fixes`; do not preserve old grouped prose without
+  comparing it to the manifest's PRs, contributors, direct commits, and
+  unlinked commits.
 - The changelog rewrite is not optional for beta reruns: any `beta.N` after a
   rebase or backport must refresh the same stable-base `## YYYY.M.PATCH` section
   before the new version/tag commit.
 - Include both merged PR commits and direct commits on `main`. Direct commits
   matter: infer notes from their subject, body, touched files, linked issues,
   tests, and nearby code when no PR body exists.
+- Keep direct commits in the generated manifest and use them to shape grouped
+  user outcomes, but never dump them into `CHANGELOG.md` or GitHub release
+  bodies. The public complete record is PR-first and exhaustive for PRs.
 - Prefer PR bodies, issue links, review proof, and commit bodies over commit
   subjects alone. If a commit fixed an issue directly, the commit body should
   name the user-visible behavior, affected surface, issue ref, and credited
@@ -200,11 +278,36 @@ Use this skill for release and publish-time workflow. Load `$release-private` if
   `#issue`, `(#PR)`, `Fixes #...`, and every human `Thanks @...` handle.
   Multiple thanks in one bullet are expected when multiple contributor PRs are
   grouped.
+- Highlights earn their place only when they are a visible capability/workflow
+  unlock, a material reliability or safety repair, a broad user-facing
+  improvement, or a release-defining integration/compatibility change. Keep
+  five to eight user-outcome bullets; omit tests, CI, refactors, docs, and
+  implementation trivia unless their outcome materially affects users.
+- Do not give `docs`, `test`, `refactor`, `ci`, `build`, `chore`, or `style`
+  PRs/direct commits their own Highlights, Changes, or Fixes entry. They remain
+  accounted for in the PR record or manifest, but are not product release
+  content. Treat explicit internal title signals such as `QA`, `lint`, or
+  `testing` the same way even when the PR has no conventional prefix.
+- Use the generated `### Complete contribution record` as PR-first accounting:
+  every merged source PR appears once with author/co-author credit, including
+  PRs identified only by an explicit active-commit `#NNN` reference after a
+  cherry-pick or squash. Keep issues inline as `#NNN` in titles and grouped
+  prose; do not create a linked-issues inventory or a direct-commit listing.
+  When grouped prose names a PR, keep every contributor and linked-reporter
+  credit from that PR's record on the same bullet.
 - Changelog entries should be user-facing, not internal release-process notes.
 - GitHub release and prerelease bodies must use the full matching
   `CHANGELOG.md` version section, not highlights or an excerpt. When creating
   or editing a release, extract from `## YYYY.M.PATCH` through the line before the
   next level-2 heading and use that complete block as the release notes.
+- GitHub limits release bodies to 125,000 characters. If a historical
+  `### Release verification` tail would exceed that cap, omit the tail and keep
+  the complete changelog section; do not truncate the contribution record.
+- Before publishing or closing a release, run
+  `$openclaw-changelog-update`'s `verify-release-notes.mjs` with every stable
+  and beta release tag in the train. Do not publish or leave a page live when
+  it is missing a source-history reference, eligible human credit, or the
+  complete matching changelog body.
 - To update an existing GitHub Release body, resolve the numeric release id and
   patch that resource with the notes file as the `body` field:
   `gh api repos/openclaw/openclaw/releases/tags/vYYYY.M.PATCH --jq .id`, then
@@ -773,13 +876,13 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
     and `.dSYM.zip` artifacts to the existing GitHub release in
     `openclaw/openclaw`.
 32. For stable releases, download `macos-appcast-<tag>` from the successful
-    private mac run, update `appcast.xml` on `main`, and verify the feed. Merge
-    or cherry-pick release branch changes back to `main` after stable succeeds.
+    private mac run, update `appcast.xml` on `main`, verify the feed, then
+    complete the **Close stable releases on main** gate.
 33. For beta releases, publish the mac assets only when intentionally requested;
     expect no shared production
     `appcast.xml` artifact and do not update the shared production feed unless a
     separate beta feed exists.
-34. After publish, verify npm and the attached release artifacts.
+34. After stable main closeout, verify npm and the attached release artifacts.
 
 ## GHSA advisory work
 

.agents/skills/verify-release/SKILL.md

@@ -29,11 +29,17 @@ publish skill; use `$release-openclaw-maintainer` before changing release state.
    - Confirm release body has npm, CI, plugin npm, ClawHub, mac/appcast evidence
      links when expected.
    - Confirm assets expected for stable mac releases are uploaded: zip, dmg,
-     dSYM, dependency evidence when present.
+     dSYM, dependency evidence, immutable full-validation manifest,
+     postpublish evidence, and stable-main closeout manifest.
+   - Download each immutable evidence asset and its `.sha256` companion, then
+     verify the checksum before trusting the release record.
 2. Root npm:
    - `npm view openclaw@<VERSION> version dist-tags.latest dist.tarball dist.integrity time.<VERSION> --json`
    - `latest` must equal `<VERSION>` for stable.
    - Record tarball, integrity, publish time.
+   - Confirm the release postpublish evidence records
+     `npmRegistrySignaturesVerified: true` and
+     `npmProvenanceAttestationMatched: true`.
 3. Plugin publish set:
    - Get exact tag metadata from GitHub, not the local checkout when dirty:
      download `https://api.github.com/repos/openclaw/openclaw/tarball/v<VERSION>`
@@ -57,6 +63,9 @@ publish skill; use `$release-openclaw-maintainer` before changing release state.
      Full Release Validation, OpenClaw Release Checks, OpenClaw NPM Release,
      Plugin NPM Release, Plugin ClawHub Release, mac preflight/validation/publish
      when stable mac assets are expected.
+   - For stable, verify `OpenClaw Stable Main Closeout` succeeded and its
+     manifest records the matching release tag, current rollback drill, stable
+     soak, and blocking performance evidence.
    - Summarize only relevant successful/failed jobs; ignore routine skipped
      optional lanes unless the release body promised them.
 6. Published package smoke:

.github/CODEOWNERS

@@ -12,9 +12,14 @@
 /.github/workflows/codeql-android-critical-security.yml @openclaw/openclaw-secops
 /.github/workflows/codeql-critical-quality.yml @openclaw/openclaw-secops
 /.github/workflows/dependency-guard.yml @openclaw/openclaw-secops
+/.github/workflows/security-sensitive-guard.yml @openclaw/openclaw-secops
 /test/scripts/dependency-guard-workflow.test.ts @openclaw/openclaw-secops
 /test/scripts/dependency-guard-script.test.ts @openclaw/openclaw-secops
+/test/scripts/security-sensitive-guard-workflow.test.ts @openclaw/openclaw-secops
+/test/scripts/security-sensitive-guard-script.test.ts @openclaw/openclaw-secops
 /scripts/github/dependency-guard.mjs @openclaw/openclaw-secops
+/scripts/github/security-sensitive-guard.mjs @openclaw/openclaw-secops
+/.gitignore @openclaw/openclaw-secops
 /package-lock.json @openclaw/openclaw-secops
 /npm-shrinkwrap.json @openclaw/openclaw-secops
 /extensions/*/package-lock.json @openclaw/openclaw-secops

.github/actions/docker-e2e-plan/action.yml

@@ -113,7 +113,7 @@ runs:
 
     - name: Download OpenClaw Docker E2E package
       if: inputs.hydrate-artifacts == 'true' && steps.plan.outputs.needs_package == '1'
-      uses: actions/download-artifact@v8
+      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
       with:
         name: ${{ inputs.package-artifact-name }}
         path: .artifacts/docker-e2e-package

.github/actions/setup-node-env/action.yml

@@ -139,7 +139,7 @@ runs:
 
     - name: Save pnpm store cache
       if: ${{ inputs.install-deps == 'true' && inputs.use-actions-cache == 'true' && inputs.save-actions-cache == 'true' && runner.os != 'Windows' && steps.setup-pnpm.outputs.store-cache-hit != 'true' }}
-      uses: actions/cache/save@v5
+      uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
       with:
         path: ${{ steps.setup-pnpm.outputs.store-path }}
         key: ${{ steps.setup-pnpm.outputs.store-cache-primary-key }}

.github/actions/setup-pnpm-store-cache/action.yml

@@ -92,7 +92,7 @@ runs:
     - name: Restore pnpm store cache
       id: pnpm-store-cache
       if: ${{ inputs.use-actions-cache == 'true' && runner.os != 'Windows' }}
-      uses: actions/cache/restore@v5
+      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
       with:
         path: ${{ steps.pnpm-store.outputs.path }}
         key: pnpm-store-${{ runner.os }}-${{ runner.arch }}-${{ inputs.node-version }}-${{ hashFiles(inputs.package-manager-file) }}-${{ hashFiles(inputs.lockfile-path) }}

.github/codeql/codeql-network-ssrf-boundary-critical-security.yml

@@ -20,7 +20,7 @@ paths:
   - src/agents/tools/web-shared.ts
   - src/plugin-sdk/ssrf-policy.ts
   - src/web-fetch
-  - src/web/provider-runtime-shared.ts
+  - packages/web-content-core/src/provider-runtime-shared.ts
   - packages/memory-host-sdk/src/host/ssrf-policy.ts
   - packages/net-policy/src
 

.github/codeql/codeql-web-media-runtime-boundary-critical-quality.yml

@@ -16,7 +16,7 @@ query-filters:
 paths:
   - src/web-fetch
   - src/web-search
-  - src/web/provider-runtime-shared.ts
+  - packages/web-content-core/src/provider-runtime-shared.ts
   - src/media
   - src/media-understanding
   - src/image-generation

.github/labeler.yml

@@ -171,6 +171,10 @@
       - any-glob-to-any-file:
           - "extensions/zalo/**"
           - "docs/channels/zalo.md"
+"channel: zaloclawbot":
+  - changed-files:
+      - any-glob-to-any-file:
+          - "docs/channels/zaloclawbot.md"
 "channel: zalouser":
   - changed-files:
       - any-glob-to-any-file:

.github/pull_request_template.md

@@ -1,118 +1,57 @@
-## Summary
+<!--
+Optional linked context:
+Add a visible `Closes #<issue-number>` or `Related: #<issue-number>` line
+below this comment.
 
-What problem does this PR solve?
+Required PR title:
+type: user-facing description
+Use a parenthesized scope only when it adds clarity:
+fix(auth): login redirect loops when session cookie is expired
 
-Why does this matter now?
+Types: feat, fix, improve, refactor, docs, chore.
+For fixes, describe the user-visible symptom and trigger:
+fix: task list fails to load when user has no environments
+Avoid implementation details such as:
+fix: add null check to task query
+-->
 
-What is the intended outcome?
+## What Problem This Solves
 
-What is intentionally out of scope?
+<!--
+Describe the concrete user, product, or operational problem.
+For fixes, begin with:
+"Fixes an issue where users <do X> would <experience Y> when <condition>."
+or:
+"Resolves a problem where..."
 
-What does success look like?
+Name the affected UI surface or workflow. Do not describe the code-level cause here.
+-->
 
-What should reviewers focus on?
+## Why This Change Was Made
 
-<details>
-<summary>Summary guidance</summary>
+<!--
+In one or two sentences, explain the complete shipped solution, key design
+decisions, and relevant boundaries or non-goals. Include implementation detail
+only when it helps reviewers understand user-visible behavior or risk.
+Avoid file-by-file narration.
+-->
 
-This PR description is the contributor's durable explanation of the change. Write it for human maintainers first; ClawSweeper and Barnacle use the same text to understand intent, proof, risk, and current review state.
+## User Impact
 
-Describe the intent and outcome in 2-5 bullets. Avoid restating the diff; reviewers and bots can read the changed files.
+<!--
+State what users, operators, or developers can now do or expect. Lead with the
+concrete benefit and use user-facing language. If there is no user-visible
+impact, say so plainly.
+-->
 
-If this PR fixes a plugin beta-release blocker, title it `fix(<plugin-id>): beta blocker - <summary>` and link the matching `Beta blocker: <plugin-name> - <summary>` issue labeled `beta-blocker`. Contributors cannot label PRs, so the title is the PR-side signal for maintainers and automation.
+## Evidence
 
-</details>
+<!--
+Show the most useful proof that this change works. Screenshots, screencasts,
+terminal output, focused tests, CI results, live observations, redacted logs,
+and artifact links are all useful. Include before/after evidence for visual
+changes when it clarifies the result.
 
-## Linked context
-
-Which issue does this close?
-
-Closes #
-
-Which issues, PRs, or discussions are related?
-
-Related #
-
-Was this requested by a maintainer or owner?
-
-<details>
-<summary>Linked context guidance</summary>
-
-Link the issue, PR, discussion, maintainer request, or owner request that explains why this PR should exist. Maintainer context helps reviewers and automation distinguish intended work from drive-by churn.
-
-</details>
-
-## Real behavior proof (required for external PRs)
-
-- Behavior or issue addressed:
-- Real environment tested:
-- Exact steps or command run after this patch:
-- Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):
-- Observed result after fix:
-- What was not tested:
-- Proof limitations or environment constraints:
-- Before evidence (optional but encouraged):
-
-<details>
-<summary>Real behavior proof guidance</summary>
-
-External contributors must show after-fix evidence from a real OpenClaw setup. Unit tests, mocks, lint, typechecks, snapshots, and CI are supplemental only.
-
-Screenshots are encouraged even for CLI, console, text, or log changes. Terminal screenshots, copied live output, redacted runtime logs, recordings, and linked artifacts count.
-
-If your environment cannot produce the ideal proof, explain that under `Proof limitations or environment constraints` so reviewers and ClawSweeper can direct the next step properly.
-
-Be mindful of private information like IP addresses, API keys, phone numbers, non-public endpoints, or other private details when providing evidence.
-
-</details>
-
-## Tests and validation
-
-Which commands did you run?
-
-What regression coverage was added or updated?
-
-What failed before this fix, if known?
-
-If no test was added, why not?
-
-<details>
-<summary>Testing guidance</summary>
-
-List focused commands, not every incidental check. CI is useful support, but external PRs still need real behavior proof above when behavior changes.
-
-</details>
-
-## Risk checklist
-
-Did user-visible behavior change? (`Yes/No`)
-
-Did config, environment, or migration behavior change? (`Yes/No`)
-
-Did security, auth, secrets, network, or tool execution behavior change? (`Yes/No`)
-
-What is the highest-risk area?
-
-How is that risk mitigated?
-
-<details>
-<summary>Risk guidance</summary>
-
-Use this for author judgment that is not obvious from the diff. ClawSweeper can see touched files, but it cannot know which behavior you think is risky, why the risk is acceptable, or what mitigation reviewers should verify.
-
-</details>
-
-## Current review state
-
-What is the next action?
-
-What is still waiting on author, maintainer, CI, or external proof?
-
-Which bot or reviewer comments were addressed?
-
-<details>
-<summary>Review state guidance</summary>
-
-Keep this as the durable state for review progress. If useful information appears in comments, fold the current next action or blocker back here so maintainers and ClawSweeper do not need to reconstruct state from comment history.
-
-</details>
+Reviewers will inspect the code, tests, and CI. Use this section to make the
+validation easy to understand, not to restate the diff.
+-->

.github/workflows/auto-response.yml

@@ -25,24 +25,24 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ github.sha }}
           persist-credentials: false
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token
         continue-on-error: true
         with:
           app-id: "2729701"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token-fallback
         if: steps.app-token.outcome == 'failure'
         with:
           app-id: "2971289"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY_FALLBACK }}
       - name: Run Barnacle auto-response
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |

.github/workflows/ci-build-artifacts-testbox.yml

@@ -14,6 +14,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: ${{ github.event_name == 'pull_request' && format('{0}-pr-v1-{1}', github.workflow, github.event.pull_request.number) || format('{0}-manual-v1-{1}', github.workflow, github.run_id) }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
 
@@ -140,7 +144,7 @@ jobs:
 
       - name: Restore dist build cache
         id: dist-cache
-        uses: actions/cache/restore@v5
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: |
             .artifacts/build-all-cache/
@@ -175,7 +179,7 @@ jobs:
 
       - name: Save dist build cache
         if: steps.dist-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v5
+        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: |
             .artifacts/build-all-cache/
@@ -210,7 +214,6 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          ANTHROPIC_OAUTH_TOKEN: ${{ secrets.ANTHROPIC_OAUTH_TOKEN }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
           FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}

.github/workflows/ci-check-arm-testbox.yml

@@ -13,6 +13,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: ${{ github.event_name == 'pull_request' && format('{0}-pr-v1-{1}', github.workflow, github.event.pull_request.number) || format('{0}-manual-v1-{1}', github.workflow, github.run_id) }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
   PNPM_CONFIG_STORE_DIR: "/tmp/openclaw-pnpm-store"
@@ -128,7 +132,6 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          ANTHROPIC_OAUTH_TOKEN: ${{ secrets.ANTHROPIC_OAUTH_TOKEN }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
           FACTORY_API_KEY: ${{ secrets.FACTORY_API_KEY }}

.github/workflows/ci-check-testbox.yml

@@ -6,6 +6,10 @@ on:
         type: string
         description: "Testbox session ID"
         required: true
+      timeout_minutes:
+        type: number
+        description: "Maximum GitHub job runtime for long Testbox commands"
+        default: 120
   pull_request:
     paths:
       - ".github/workflows/**"
@@ -13,6 +17,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: ${{ github.event_name == 'pull_request' && format('{0}-pr-v1-{1}', github.workflow, github.event.pull_request.number) || format('{0}-manual-v1-{1}', github.workflow, github.run_id) }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
   PNPM_CONFIG_STORE_DIR: "/tmp/openclaw-pnpm-store"
@@ -25,7 +33,7 @@ jobs:
       contents: read
     name: "check"
     runs-on: blacksmith-32vcpu-ubuntu-2404
-    timeout-minutes: 30
+    timeout-minutes: ${{ fromJSON(inputs.timeout_minutes || '30') }}
     steps:
       - name: Begin Testbox
         uses: useblacksmith/begin-testbox@233448af4bfdc6fca509a7f0974411ac6d8a8043
@@ -113,7 +121,6 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          ANTHROPIC_OAUTH_TOKEN: ${{ secrets.ANTHROPIC_OAUTH_TOKEN }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
           FACTORY_API_KEY: ${{ secrets.FACTORY_API_KEY }}

.github/workflows/ci.yml

@@ -13,6 +13,11 @@ on:
         required: false
         default: false
         type: boolean
+      release_gate:
+        description: Run an exact-SHA maintainer release-gate fallback when PR CI is capacity-stalled.
+        required: false
+        default: false
+        type: boolean
   push:
     branches: [main]
     paths-ignore:
@@ -26,6 +31,8 @@ on:
 permissions:
   contents: read
 
+run-name: ${{ github.event_name == 'workflow_dispatch' && inputs.release_gate && format('CI release gate {0}', inputs.target_ref) || 'CI' }}
+
 concurrency:
   group: ${{ github.event_name == 'workflow_dispatch' && format('{0}-manual-v1-{1}', github.workflow, github.run_id) || (github.event_name == 'pull_request' && format('{0}-v7-{1}', github.workflow, github.event.pull_request.number) || (github.repository == 'openclaw/openclaw' && format('{0}-v7-{1}', github.workflow, github.ref) || format('{0}-v7-{1}-{2}', github.workflow, github.ref, github.sha))) }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' || (github.event_name == 'push' && github.repository == 'openclaw/openclaw' && github.ref == 'refs/heads/main') }}
@@ -75,6 +82,23 @@ jobs:
       run_android_job: ${{ steps.manifest.outputs.run_android_job }}
       android_matrix: ${{ steps.manifest.outputs.android_matrix }}
     steps:
+      - name: Validate release-gate dispatch
+        if: github.event_name == 'workflow_dispatch' && inputs.release_gate
+        env:
+          TARGET_REF: ${{ inputs.target_ref }}
+        run: |
+          set -euo pipefail
+
+          if [[ ! "$TARGET_REF" =~ ^[0-9a-f]{40}$ ]]; then
+            echo "release_gate requires target_ref to be a full commit SHA" >&2
+            exit 1
+          fi
+
+          if [[ "$GITHUB_SHA" != "$TARGET_REF" ]]; then
+            echo "release_gate must run from the branch at target_ref" >&2
+            exit 1
+          fi
+
       - name: Checkout
         env:
           CHECKOUT_REPO: ${{ github.repository }}
@@ -159,7 +183,7 @@ jobs:
           OPENCLAW_CI_DOCS_CHANGED: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.docs_scope.outputs.docs_changed }}
           OPENCLAW_CI_RUN_NODE: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_node || 'false' }}
           OPENCLAW_CI_RUN_MACOS: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_macos || 'false' }}
-          OPENCLAW_CI_RUN_ANDROID: ${{ github.event_name == 'workflow_dispatch' && inputs.include_android && 'true' || steps.changed_scope.outputs.run_android || 'false' }}
+          OPENCLAW_CI_RUN_ANDROID: ${{ github.event_name == 'workflow_dispatch' && (inputs.release_gate || inputs.include_android) && 'true' || steps.changed_scope.outputs.run_android || 'false' }}
           OPENCLAW_CI_RUN_WINDOWS: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_windows || 'false' }}
           OPENCLAW_CI_RUN_NODE_FAST_ONLY: ${{ github.event_name == 'workflow_dispatch' && 'false' || steps.changed_scope.outputs.run_node_fast_only || 'false' }}
           OPENCLAW_CI_RUN_NODE_FAST_PLUGIN_CONTRACTS: ${{ github.event_name == 'workflow_dispatch' && 'false' || steps.changed_scope.outputs.run_node_fast_plugin_contracts || 'false' }}
@@ -598,7 +622,7 @@ jobs:
           install-bun: "false"
 
       - name: Restore build-all step cache
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: .artifacts/build-all-cache
           key: ${{ runner.os }}-build-all-v3-${{ hashFiles('package.json', 'pnpm-lock.yaml', 'npm-shrinkwrap.json', 'packages/plugin-sdk/package.json', 'packages/llm-core/package.json', 'packages/model-catalog-core/package.json', 'packages/memory-host-sdk/package.json', 'scripts/build-all.mjs', 'scripts/write-plugin-sdk-entry-dts.ts', 'scripts/lib/plugin-sdk-entries.mjs', 'tsconfig.json', 'tsconfig.plugin-sdk.dts.json', 'src/plugin-sdk/**', 'packages/llm-core/src/**', 'packages/model-catalog-core/src/**', 'packages/memory-host-sdk/src/**', 'src/types/**', 'src/video-generation/dashscope-compatible.ts', 'src/video-generation/types.ts', 'scripts/copy-export-html-templates.ts', 'scripts/lib/copy-assets.ts', 'src/auto-reply/reply/export-html/**') }}
@@ -607,7 +631,7 @@ jobs:
 
       - name: Restore dist build cache
         id: dist_build_cache
-        uses: actions/cache/restore@v5
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: |
             dist/
@@ -630,14 +654,14 @@ jobs:
         run: tar --posix -cf dist-runtime-build.tar.zst --use-compress-program zstdmt dist dist-runtime
 
       - name: Upload built runtime artifacts
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: dist-runtime-build
           path: dist-runtime-build.tar.zst
           retention-days: 1
 
       - name: Upload bundled plugin asset artifacts
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: bundled-plugin-assets
           path: |
@@ -668,7 +692,7 @@ jobs:
 
       - name: Upload startup memory report
         if: always()
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: startup-memory
           path: .artifacts/startup-memory/
@@ -720,11 +744,6 @@ jobs:
               node scripts/run-vitest.mjs run --config test/vitest/vitest.full-core-support-boundary.config.ts
           fi
 
-          if [ "$RUN_GATEWAY_WATCH" = "true" ]; then
-            start_check "gateway-watch" \
-              node scripts/check-gateway-watch-regression.mjs --skip-build
-          fi
-
           for index in "${!pids[@]}"; do
             name="${names[$index]}"
             log="${logs[$index]}"
@@ -742,6 +761,21 @@ jobs:
             results["$name"]="$result"
           done
 
+          if [ "$RUN_GATEWAY_WATCH" = "true" ]; then
+            log="${RUNNER_TEMP}/gateway-watch.log"
+            echo "starting gateway-watch: node scripts/check-gateway-watch-regression.mjs --skip-build"
+            if node scripts/check-gateway-watch-regression.mjs --skip-build >"$log" 2>&1; then
+              result="success"
+            else
+              result="failure"
+            fi
+
+            echo "::group::gateway-watch log"
+            cat "$log"
+            echo "::endgroup::"
+            results["gateway-watch"]="$result"
+          fi
+
           for name in channels core-support-boundary gateway-watch; do
             echo "${name}-result=${results[$name]}" >> "$GITHUB_OUTPUT"
           done
@@ -757,7 +791,7 @@ jobs:
 
       - name: Save dist build cache
         if: steps.dist_build_cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v5
+        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         continue-on-error: true
         with:
           path: |
@@ -769,7 +803,7 @@ jobs:
 
       - name: Upload gateway watch regression artifacts
         if: always() && needs.preflight.outputs.run_check_additional == 'true'
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: gateway-watch-regression
           path: .local/gateway-watch-regression/
@@ -850,10 +884,10 @@ jobs:
               ;;
             contracts-plugins-ci-routing)
               pnpm test:contracts:plugins
-              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/changed-lanes.test.ts test/scripts/run-vitest.test.ts test/scripts/test-projects.test.ts
+              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/changed-lanes.test.ts test/scripts/ci-workflow-guards.test.ts test/scripts/run-vitest.test.ts test/scripts/test-projects.test.ts
               ;;
             ci-routing)
-              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/changed-lanes.test.ts test/scripts/run-vitest.test.ts test/scripts/test-projects.test.ts
+              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/changed-lanes.test.ts test/scripts/ci-workflow-guards.test.ts test/scripts/run-vitest.test.ts test/scripts/test-projects.test.ts
               ;;
             bun-launcher)
               OPENCLAW_TEST_BUN_LAUNCHER=1 pnpm test test/openclaw-launcher.e2e.test.ts
@@ -1339,7 +1373,7 @@ jobs:
 
       - name: Upload deadcode reports
         if: ${{ always() && matrix.task == 'dependencies' }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: deadcode-reports
           path: .artifacts/deadcode
@@ -1428,7 +1462,7 @@ jobs:
       - name: Cache extension package boundary artifacts
         id: extension-package-boundary-cache
         if: matrix.group == 'extension-package-boundary'
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: |
             dist/plugin-sdk
@@ -1696,7 +1730,7 @@ jobs:
           git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
 
       - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
         with:
           python-version: "3.12"
 
@@ -1965,7 +1999,7 @@ jobs:
           echo "key=$toolchain_key" >> "$GITHUB_OUTPUT"
 
       - name: Cache SwiftPM
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: ~/Library/Caches/org.swift.swiftpm
           key: ${{ runner.os }}-swiftpm-${{ hashFiles('apps/macos/Package.resolved') }}
@@ -1974,7 +2008,7 @@ jobs:
 
       - name: Cache Swift build directory
         id: swift-build-cache
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: apps/macos/.build
           key: ${{ runner.os }}-swift-build-v2-${{ steps.swift-toolchain.outputs.key }}-${{ hashFiles('apps/macos/Package.swift', 'apps/macos/Package.resolved', 'apps/macos/Sources/**', 'apps/macos/Tests/**', 'apps/shared/OpenClawKit/Package.swift', 'apps/shared/OpenClawKit/Sources/**', 'apps/swabble/Package.swift', 'apps/swabble/Sources/**') }}
@@ -2105,7 +2139,7 @@ jobs:
           exit 1
 
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5
         with:
           distribution: temurin
           # Keep sdkmanager on the stable JDK path for Linux CI runners.
@@ -2117,7 +2151,7 @@ jobs:
             apps/android/gradle/libs.versions.toml
 
       - name: Cache Android SDK
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: ~/.android-sdk
           key: ${{ runner.os }}-android-sdk-v1-cmdline-14742923-platform-37.0-build-tools-36.0.0
@@ -2204,7 +2238,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Checkout timing summary helper
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || needs.preflight.outputs.checkout_revision || github.sha }}
           fetch-depth: 1
@@ -2220,7 +2254,7 @@ jobs:
           cat ci-timings-summary.txt >> "$GITHUB_STEP_SUMMARY"
 
       - name: Upload CI timing summary
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: ci-timings-summary
           path: ci-timings-summary.txt

.github/workflows/codeql-android-critical-security.yml

@@ -6,7 +6,7 @@ on:
     - cron: "0 7 * * *"
 
 concurrency:
-  group: codeql-android-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
+  group: codeql-android-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || format('ref-{0}', github.ref) }}
   cancel-in-progress: false
 
 env:

.github/workflows/codeql-critical-quality.yml

@@ -136,7 +136,7 @@ on:
     - cron: "30 6 * * *"
 
 concurrency:
-  group: codeql-critical-quality-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }}
+  group: codeql-critical-quality-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('ref-{0}', github.ref) }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 env:

.github/workflows/codeql-macos-critical-security.yml

@@ -6,7 +6,7 @@ on:
     - cron: "0 8 * * 1"
 
 concurrency:
-  group: codeql-macos-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
+  group: codeql-macos-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || format('ref-{0}', github.ref) }}
   cancel-in-progress: false
 
 env:

.github/workflows/codeql.yml

@@ -32,7 +32,7 @@ on:
     - cron: "0 6 * * *"
 
 concurrency:
-  group: codeql-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }}
+  group: codeql-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('ref-{0}', github.ref) }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 env:

.github/workflows/control-ui-locale-refresh.yml

@@ -35,7 +35,7 @@ jobs:
       locales_json: ${{ steps.plan.outputs.locales_json }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -112,7 +112,7 @@ jobs:
     name: Refresh ${{ matrix.locale }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: true
           submodules: false

.github/workflows/crabbox-hydrate.yml

@@ -45,12 +45,12 @@ jobs:
     runs-on: [self-hosted, "${{ inputs.crabbox_runner_label }}"]
     timeout-minutes: 120
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
 
       - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: "24"
 
@@ -328,12 +328,12 @@ jobs:
     runs-on: [self-hosted, "${{ inputs.crabbox_runner_label }}"]
     timeout-minutes: 120
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
 
       - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: "24"
 
@@ -561,7 +561,7 @@ jobs:
     runs-on: [self-hosted, "${{ inputs.crabbox_runner_label }}"]
     timeout-minutes: 120
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
 
@@ -663,7 +663,6 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          ANTHROPIC_OAUTH_TOKEN: ${{ secrets.ANTHROPIC_OAUTH_TOKEN }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
           FACTORY_API_KEY: ${{ secrets.FACTORY_API_KEY }}

.github/workflows/docker-release.yml

@@ -49,7 +49,7 @@ jobs:
           fi
 
       - name: Checkout selected tag
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: refs/tags/${{ inputs.tag }}
           fetch-depth: 0
@@ -83,7 +83,7 @@ jobs:
       browser_digest: ${{ steps.build-browser.outputs.digest }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
           fetch-depth: 0
@@ -293,7 +293,7 @@ jobs:
       browser_digest: ${{ steps.build-browser.outputs.digest }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
           fetch-depth: 0
@@ -500,7 +500,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
           fetch-depth: 0
@@ -595,7 +595,7 @@ jobs:
       packages: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           fetch-depth: 1
 

.github/workflows/docs-agent.yml

@@ -33,7 +33,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: main
           fetch-depth: 0

.github/workflows/docs-sync-publish.yml

@@ -25,13 +25,13 @@ jobs:
 
       - name: Checkout source repo
         if: env.OPENCLAW_DOCS_SYNC_TOKEN != ''
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           fetch-depth: 0
 
       - name: Checkout ClawHub docs source
         if: env.OPENCLAW_DOCS_SYNC_TOKEN != ''
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           repository: openclaw/clawhub
           path: clawhub-source
@@ -41,7 +41,7 @@ jobs:
 
       - name: Setup Node
         if: env.OPENCLAW_DOCS_SYNC_TOKEN != ''
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: "24.x"
 

.github/workflows/docs.yml

@@ -24,7 +24,7 @@ jobs:
     timeout-minutes: 20
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           fetch-depth: 1
           fetch-tags: false
@@ -37,7 +37,7 @@ jobs:
           install-bun: "false"
 
       - name: Checkout ClawHub docs source
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           repository: openclaw/clawhub
           path: clawhub-source

.github/workflows/duplicate-after-merge.yml

@@ -35,8 +35,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - name: Close confirmed duplicates
         env:
           APPLY: ${{ inputs.apply }}

.github/workflows/full-release-validation.yml

@@ -36,7 +36,7 @@ on:
           - stable
           - full
       run_release_soak:
-        description: Run exhaustive live/Docker and upgrade-survivor soak lanes; forced on for release_profile=full
+        description: Run exhaustive live/Docker and upgrade-survivor soak lanes; forced on for stable and full release profiles
         required: false
         default: false
         type: boolean
@@ -130,7 +130,7 @@ jobs:
       sha: ${{ steps.resolve.outputs.sha }}
     steps:
       - name: Checkout trusted workflow helper
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ github.ref_name }}
           path: workflow
@@ -158,7 +158,7 @@ jobs:
           PACKAGE_ACCEPTANCE_PACKAGE_SPEC: ${{ inputs.package_acceptance_package_spec }}
           CODEX_PLUGIN_SPEC: ${{ inputs.codex_plugin_spec }}
           RELEASE_PROFILE: ${{ inputs.release_profile }}
-          RUN_RELEASE_SOAK: ${{ inputs.run_release_soak || inputs.release_profile == 'full' }}
+          RUN_RELEASE_SOAK: ${{ inputs.run_release_soak || inputs.release_profile == 'stable' || inputs.release_profile == 'full' }}
           RERUN_GROUP: ${{ inputs.rerun_group }}
           LIVE_SUITE_FILTER: ${{ inputs.live_suite_filter }}
           CROSS_OS_SUITE_FILTER: ${{ inputs.cross_os_suite_filter }}
@@ -234,7 +234,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout target SHA
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ needs.resolve_target.outputs.sha }}
           fetch-depth: 1
@@ -537,7 +537,7 @@ jobs:
           PROVIDER: ${{ inputs.provider }}
           MODE: ${{ inputs.mode }}
           RELEASE_PROFILE: ${{ inputs.release_profile }}
-          RUN_RELEASE_SOAK: ${{ inputs.run_release_soak || inputs.release_profile == 'full' }}
+          RUN_RELEASE_SOAK: ${{ inputs.run_release_soak || inputs.release_profile == 'stable' || inputs.release_profile == 'full' }}
           RERUN_GROUP: ${{ inputs.rerun_group }}
           LIVE_SUITE_FILTER: ${{ inputs.live_suite_filter }}
           CROSS_OS_SUITE_FILTER: ${{ inputs.cross_os_suite_filter }}
@@ -780,7 +780,7 @@ jobs:
       source_sha: ${{ steps.package.outputs.source_sha }}
     steps:
       - name: Checkout trusted workflow ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: true
           ref: ${{ github.ref_name }}
@@ -826,7 +826,7 @@ jobs:
           } >> "$GITHUB_STEP_SUMMARY"
 
       - name: Upload release package artifact
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: release-package-under-test
           path: |
@@ -1017,9 +1017,12 @@ jobs:
             echo "- Repeat: \`3\`"
             echo "- Deep profile: \`false\`"
             echo "- Live OpenAI candidate: \`false\`"
-            echo "- Release impact: advisory"
+            echo "- Release impact: blocking"
           } >> "$GITHUB_STEP_SUMMARY"
 
+          dispatch_id="full-release-validation-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
+          dispatch_run_name="OpenClaw Performance ${dispatch_id}"
+
           dispatch_output="$(gh_with_retry workflow run openclaw-performance.yml \
             --ref "$CHILD_WORKFLOW_REF" \
             -f target_ref="$TARGET_SHA" \
@@ -1027,17 +1030,27 @@ jobs:
             -f repeat=3 \
             -f deep_profile=false \
             -f live_openai_candidate=false \
-            -f fail_on_regression=false)"
+            -f fail_on_regression=true \
+            -f dispatch_id="$dispatch_id")"
           printf '%s\n' "$dispatch_output"
-          run_id="$(
-            printf '%s\n' "$dispatch_output" |
-              sed -nE 's#.*actions/runs/([0-9]+).*#\1#p' |
-              tail -n 1
-          )"
+
+          run_id=""
+          for _ in $(seq 1 60); do
+            run_id="$(
+              DISPATCH_RUN_NAME="$dispatch_run_name" gh_with_retry api -X GET "repos/${GITHUB_REPOSITORY}/actions/workflows/openclaw-performance.yml/runs" \
+                -F event=workflow_dispatch \
+                -F per_page=100 \
+                --jq '.workflow_runs | map(select(.display_title == env.DISPATCH_RUN_NAME)) | sort_by(.created_at) | reverse | .[0].id // empty'
+            )"
+            if [[ -n "$run_id" ]]; then
+              break
+            fi
+            sleep 5
+          done
 
           if [[ -z "$run_id" ]]; then
-            echo "::warning::gh workflow run openclaw-performance.yml did not return an Actions run URL; refusing to guess from recent workflow_dispatch runs."
-            exit 0
+            echo "::error::Could not find dispatched run for ${dispatch_run_name}." >&2
+            exit 1
           fi
 
           echo "Dispatched openclaw-performance.yml: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}"
@@ -1072,8 +1085,9 @@ jobs:
           echo "url=${url}" >> "$GITHUB_OUTPUT"
           echo "conclusion=${conclusion}" >> "$GITHUB_OUTPUT"
           if [[ "$conclusion" != "success" ]]; then
-            echo "::warning::OpenClaw Performance is advisory and ended with ${conclusion}: ${url}"
+            echo "::error::OpenClaw Performance ended with ${conclusion}: ${url}"
             gh_with_retry run view "$run_id" --json jobs --jq '.jobs[] | select(.conclusion != "success" and .conclusion != "skipped") | {name, conclusion, url}' || true
+            exit 1
           fi
 
   summary:
@@ -1364,6 +1378,7 @@ jobs:
           normal_ci_required=0
           plugin_prerelease_required=0
           release_checks_required=0
+          performance_required=0
           if [[ "$RERUN_GROUP" == "all" && "$DOCKER_RUNTIME_ASSETS_PREFLIGHT_RESULT" != "success" ]]; then
             echo "::error::Docker runtime-assets preflight ended with ${DOCKER_RUNTIME_ASSETS_PREFLIGHT_RESULT}."
             failed=1
@@ -1371,6 +1386,7 @@ jobs:
             normal_ci_required=1
             plugin_prerelease_required=1
             release_checks_required=1
+            performance_required=1
           else
             case "$RERUN_GROUP" in
               ci)
@@ -1382,6 +1398,9 @@ jobs:
               release-checks|install-smoke|cross-os|live-e2e|package|qa|qa-parity|qa-live)
                 release_checks_required=1
                 ;;
+              performance)
+                performance_required=1
+                ;;
             esac
           fi
 
@@ -1415,6 +1434,12 @@ jobs:
             check_child "npm_telegram" "$NPM_TELEGRAM_RUN_ID" 1 || failed=1
           fi
 
+          if [[ "$PERFORMANCE_RESULT" == "skipped" && -z "${PERFORMANCE_RUN_ID// }" ]]; then
+            check_child "product_performance" "" "$performance_required" || failed=1
+          else
+            check_child "product_performance" "$PERFORMANCE_RUN_ID" "$performance_required" || failed=1
+          fi
+
           summarize_child_timing "normal_ci" "$NORMAL_CI_RUN_ID"
           summarize_child_timing "plugin_prerelease" "$PLUGIN_PRERELEASE_RUN_ID"
           summarize_child_timing "release_checks" "$RELEASE_CHECKS_RUN_ID"
@@ -1426,6 +1451,7 @@ jobs:
             summarize_failed_child "plugin_prerelease" "$PLUGIN_PRERELEASE_RUN_ID"
             summarize_failed_child "release_checks" "$RELEASE_CHECKS_RUN_ID"
             summarize_failed_child "npm_telegram" "$NPM_TELEGRAM_RUN_ID"
+            summarize_failed_child "product_performance" "$PERFORMANCE_RUN_ID"
           fi
 
           exit "$failed"
@@ -1512,12 +1538,13 @@ jobs:
           TARGET_SHA: ${{ needs.resolve_target.outputs.sha }}
           RELEASE_PROFILE: ${{ inputs.release_profile }}
           RERUN_GROUP: ${{ inputs.rerun_group }}
-          RUN_RELEASE_SOAK: ${{ inputs.run_release_soak || inputs.release_profile == 'full' }}
+          RUN_RELEASE_SOAK: ${{ inputs.run_release_soak || inputs.release_profile == 'stable' || inputs.release_profile == 'full' }}
           NORMAL_CI_RUN_ID: ${{ needs.normal_ci.outputs.run_id }}
           PLUGIN_PRERELEASE_RUN_ID: ${{ needs.plugin_prerelease.outputs.run_id }}
           RELEASE_CHECKS_RUN_ID: ${{ needs.release_checks.outputs.run_id }}
           NPM_TELEGRAM_RUN_ID: ${{ needs.npm_telegram.outputs.run_id }}
           PERFORMANCE_RUN_ID: ${{ needs.performance.outputs.run_id }}
+          PERFORMANCE_CONCLUSION: ${{ needs.performance.outputs.conclusion }}
         run: |
           set -euo pipefail
           manifest_dir="${RUNNER_TEMP}/full-release-validation"
@@ -1537,8 +1564,9 @@ jobs:
             --arg releaseChecksRunId "$RELEASE_CHECKS_RUN_ID" \
             --arg npmTelegramRunId "$NPM_TELEGRAM_RUN_ID" \
             --arg performanceRunId "$PERFORMANCE_RUN_ID" \
+            --arg performanceConclusion "$PERFORMANCE_CONCLUSION" \
             '{
-              version: 1,
+              version: 2,
               workflowName: $workflowName,
               runId: $runId,
               runAttempt: $runAttempt,
@@ -1548,18 +1576,26 @@ jobs:
               releaseProfile: $releaseProfile,
               rerunGroup: $rerunGroup,
               runReleaseSoak: $runReleaseSoak,
+              controls: {
+                stableSoakRequired: ($releaseProfile == "stable" or $releaseProfile == "full"),
+                performanceBlocking: true
+              },
               childRuns: {
                 normalCi: $normalCiRunId,
                 pluginPrerelease: $pluginPrereleaseRunId,
                 releaseChecks: $releaseChecksRunId,
                 npmTelegram: $npmTelegramRunId,
-                productPerformance: $performanceRunId
+                productPerformance: {
+                  runId: $performanceRunId,
+                  conclusion: $performanceConclusion,
+                  blocking: true
+                }
               }
             }' > "${manifest_dir}/full-release-validation-manifest.json"
 
       - name: Upload release validation manifest
         if: ${{ success() }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: full-release-validation-${{ github.run_id }}
           path: ${{ runner.temp }}/full-release-validation

.github/workflows/install-smoke.yml

@@ -56,7 +56,7 @@ jobs:
       dockerfile_image: ${{ steps.manifest.outputs.dockerfile_image }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           fetch-depth: 1
@@ -106,7 +106,7 @@ jobs:
       DOCKER_BUILD_RECORD_UPLOAD: "false"
     steps:
       - name: Checkout CLI
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           persist-credentials: false
@@ -217,7 +217,7 @@ jobs:
       DOCKER_BUILD_RECORD_UPLOAD: "false"
     steps:
       - name: Checkout CLI
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           persist-credentials: false
@@ -289,7 +289,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout CLI
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           persist-credentials: false
@@ -305,7 +305,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout CLI
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           persist-credentials: false
@@ -411,7 +411,7 @@ jobs:
       DOCKER_BUILD_RECORD_UPLOAD: "false"
     steps:
       - name: Checkout CLI
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           persist-credentials: false
@@ -476,19 +476,21 @@ jobs:
       - name: Run Rocky Linux installer smoke
         run: |
           timeout --kill-after=30s 20m docker run --rm \
+            --platform linux/amd64 \
             -e OPENCLAW_NO_ONBOARD=1 \
             -e OPENCLAW_NO_PROMPT=1 \
             -v "$PWD/scripts/install.sh:/tmp/install.sh:ro" \
-            rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6 \
+            rockylinux:9@sha256:d644d203142cd5b54ad2a83a203e1dee68af2229f8fe32f52a30c6e1d3c3a9e0 \
             bash -lc 'dnf install -y -q ca-certificates tar gzip xz findutils which sudo >/dev/null && bash /tmp/install.sh --install-method npm --version latest --no-onboard --no-prompt --verify && openclaw --version'
 
       - name: Run Rocky Linux CLI installer smoke
         run: |
           timeout --kill-after=30s 20m docker run --rm \
+            --platform linux/amd64 \
             -e OPENCLAW_NO_ONBOARD=1 \
             -e OPENCLAW_NO_PROMPT=1 \
             -v "$PWD/scripts/install-cli.sh:/tmp/install-cli.sh:ro" \
-            rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6 \
+            rockylinux:9@sha256:d644d203142cd5b54ad2a83a203e1dee68af2229f8fe32f52a30c6e1d3c3a9e0 \
             bash -lc 'dnf install -y -q ca-certificates tar gzip xz findutils which sudo >/dev/null && bash /tmp/install-cli.sh --prefix /tmp/openclaw-cli --version latest --no-onboard && /tmp/openclaw-cli/bin/openclaw --version'
 
   bun_global_install_smoke:
@@ -497,7 +499,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout CLI
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           persist-credentials: false
@@ -536,7 +538,7 @@ jobs:
       DOCKER_BUILD_RECORD_UPLOAD: "false"
     steps:
       - name: Checkout CLI
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.ref || github.ref }}
           persist-credentials: false

.github/workflows/ios-periphery-comment.yml

@@ -24,7 +24,7 @@ jobs:
       github.event.workflow_run.name == 'iOS Periphery Dead Code'
     steps:
       - name: Upsert Periphery PR comment
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const fs = require("node:fs");

.github/workflows/ios-periphery.yml

@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: Detect changed paths
         id: scope
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             if (context.eventName === "workflow_dispatch") {
@@ -65,7 +65,7 @@ jobs:
     timeout-minutes: 45
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           fetch-depth: 1
           fetch-tags: false
@@ -216,7 +216,7 @@ jobs:
 
       - name: Upload Periphery report
         if: always()
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: ios-periphery-dead-code-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ runner.temp }}/ios-periphery

.github/workflows/labeler.yml

@@ -32,25 +32,25 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token
         continue-on-error: true
         with:
           app-id: "2729701"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token-fallback
         if: steps.app-token.outcome == 'failure'
         with:
           app-id: "2971289"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY_FALLBACK }}
-      - uses: actions/labeler@v6
+      - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6
         with:
           configuration-path: .github/labeler.yml
           repo-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           sync-labels: true
       - name: Apply PR size label
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |
@@ -139,7 +139,7 @@ jobs:
               labels: [targetSizeLabel],
             });
       - name: Apply maintainer or trusted-contributor label
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |
@@ -210,7 +210,7 @@ jobs:
             //   });
             // }
       - name: Apply beta-blocker title label
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |
@@ -263,7 +263,7 @@ jobs:
               });
             }
       - name: Apply too-many-prs label
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |
@@ -466,20 +466,20 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token
         continue-on-error: true
         with:
           app-id: "2729701"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token-fallback
         if: steps.app-token.outcome == 'failure'
         with:
           app-id: "2971289"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY_FALLBACK }}
       - name: Backfill PR labels
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |
@@ -765,20 +765,20 @@ jobs:
       issues: write
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token
         continue-on-error: true
         with:
           app-id: "2729701"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         id: app-token-fallback
         if: steps.app-token.outcome == 'failure'
         with:
           app-id: "2971289"
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY_FALLBACK }}
       - name: Apply maintainer or trusted-contributor label
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |
@@ -849,7 +849,7 @@ jobs:
             //   });
             // }
       - name: Apply beta-blocker title label
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
           script: |

.github/workflows/live-media-runner-image.yml

@@ -26,8 +26,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - name: Login to GHCR
         uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
         with:

.github/workflows/macos-release.yml

@@ -43,7 +43,7 @@ jobs:
           fi
 
       - name: Checkout selected tag
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: refs/tags/${{ inputs.tag }}
           fetch-depth: 0

.github/workflows/maintainer-command-reactions.yml

@@ -21,7 +21,7 @@ jobs:
       MAINTAINER_COMMAND_REACTIONS: ${{ vars.MAINTAINER_COMMAND_REACTIONS || '/autoclose,/clawsweeper autoclose,/clawsweeper automerge,/merge,/land,/landpr' }}
     steps:
       - name: React to maintainer slash command
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const comment = context.payload.comment;

.github/workflows/mantis-discord-smoke.yml

@@ -37,7 +37,7 @@ jobs:
     steps:
       - name: Require maintainer-level repository access
         id: permission
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const allowed = new Set(["admin", "maintain", "write"]);
@@ -68,7 +68,7 @@ jobs:
       trusted_reason: ${{ steps.validate.outputs.trusted_reason }}
     steps:
       - name: Checkout selected ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           ref: ${{ inputs.ref }}
@@ -131,7 +131,7 @@ jobs:
     environment: qa-live-shared
     steps:
       - name: Checkout selected ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
@@ -166,7 +166,7 @@ jobs:
 
       - name: Upload Mantis artifacts
         if: always()
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: mantis-discord-smoke-${{ github.run_id }}-${{ github.run_attempt }}
           path: .artifacts/qa-e2e/mantis/

.github/workflows/mantis-discord-status-reactions.yml

@@ -56,7 +56,7 @@ jobs:
     steps:
       - name: Require maintainer-level repository access
         id: permission
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const allowed = new Set(["admin", "maintain", "write"]);
@@ -91,7 +91,7 @@ jobs:
     steps:
       - name: Resolve refs and target PR
         id: resolve
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const defaultBaseline = "0bf06e953fdda290799fc9fb9244a8f67fdae593";
@@ -179,7 +179,7 @@ jobs:
       candidate_revision: ${{ steps.validate.outputs.candidate_revision }}
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -245,7 +245,7 @@ jobs:
     environment: qa-live-shared
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -260,7 +260,7 @@ jobs:
         run: pnpm build
 
       - name: Setup Go for Crabbox CLI
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version: "1.26.x"
           cache: false
@@ -535,7 +535,7 @@ jobs:
       - name: Upload Mantis status reaction artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: mantis-discord-status-reactions-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}
@@ -545,7 +545,7 @@ jobs:
       - name: Create Mantis GitHub App token
         id: mantis_app_token
         if: ${{ always() && needs.resolve_request.outputs.pr_number != '' }}
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         with:
           app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}
           private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}
@@ -590,7 +590,7 @@ jobs:
       issues: write
     steps:
       - name: Remove workflow eyes reaction
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const { owner, repo } = context.repo;

.github/workflows/mantis-discord-thread-attachment.yml

@@ -56,7 +56,7 @@ jobs:
     steps:
       - name: Require maintainer-level repository access
         id: permission
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const allowed = new Set(["admin", "maintain", "write"]);
@@ -91,7 +91,7 @@ jobs:
     steps:
       - name: Resolve refs and target PR
         id: resolve
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const defaultBaseline = "synthetic-reverted-thread-filepath-fix";
@@ -177,7 +177,7 @@ jobs:
       candidate_revision: ${{ steps.validate.outputs.candidate_revision }}
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -235,7 +235,7 @@ jobs:
       output_dir: ${{ steps.run_mantis.outputs.output_dir }}
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -250,7 +250,7 @@ jobs:
         run: pnpm build
 
       - name: Setup Go for Crabbox CLI
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version: "1.26.x"
           cache: false
@@ -543,7 +543,7 @@ jobs:
       - name: Upload Mantis thread attachment artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: mantis-discord-thread-attachment-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}
@@ -553,7 +553,7 @@ jobs:
       - name: Create Mantis GitHub App token
         id: mantis_app_token
         if: ${{ always() && needs.resolve_request.outputs.pr_number != '' }}
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         with:
           app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}
           private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}
@@ -612,7 +612,7 @@ jobs:
       issues: write
     steps:
       - name: Remove workflow eyes reaction
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const { owner, repo } = context.repo;

.github/workflows/mantis-slack-desktop-smoke.yml

@@ -81,7 +81,7 @@ jobs:
     steps:
       - name: Require maintainer-level repository access
         id: permission
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const allowed = new Set(["admin", "maintain", "write"]);
@@ -111,7 +111,7 @@ jobs:
       candidate_revision: ${{ steps.validate.outputs.candidate_revision }}
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -165,7 +165,7 @@ jobs:
     environment: qa-live-shared
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -180,7 +180,7 @@ jobs:
         run: pnpm build
 
       - name: Cache Mantis candidate pnpm store
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: |
             ~/.local/share/pnpm/store
@@ -190,7 +190,7 @@ jobs:
             mantis-slack-pnpm-${{ runner.os }}-${{ env.NODE_VERSION }}-
 
       - name: Setup Go for Crabbox CLI
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version: "1.26.x"
           cache: false
@@ -453,7 +453,7 @@ jobs:
       - name: Upload Mantis Slack desktop artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: mantis-slack-desktop-smoke-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}
@@ -463,7 +463,7 @@ jobs:
       - name: Create Mantis GitHub App token
         id: mantis_app_token
         if: ${{ always() && inputs.pr_number != '' }}
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         with:
           app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}
           private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}

.github/workflows/mantis-telegram-desktop-proof.yml

@@ -79,7 +79,7 @@ jobs:
     steps:
       - name: Require maintainer-level repository access
         id: permission
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             if (context.eventName === "pull_request_target") {
@@ -125,7 +125,7 @@ jobs:
     steps:
       - name: Resolve refs and target PR
         id: resolve
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const eventName = context.eventName;
@@ -223,7 +223,7 @@ jobs:
       candidate_trust: ${{ steps.validate.outputs.candidate_trust }}
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: main
           persist-credentials: false
@@ -350,7 +350,7 @@ jobs:
           done
 
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -362,7 +362,7 @@ jobs:
           install-bun: "true"
 
       - name: Setup Go for Crabbox CLI
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version: "1.26.x"
           cache: false
@@ -551,7 +551,7 @@ jobs:
       - name: Upload Mantis Telegram desktop artifacts
         id: upload_artifact
         if: ${{ always() && steps.inspect.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: mantis-telegram-desktop-proof-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.inspect.outputs.output_dir }}
@@ -561,7 +561,7 @@ jobs:
       - name: Create Mantis GitHub App token
         id: mantis_app_token
         if: ${{ always() && needs.resolve_request.outputs.pr_number != '' }}
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         with:
           app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}
           private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}
@@ -620,7 +620,7 @@ jobs:
     environment: qa-live-shared
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
 
@@ -663,7 +663,7 @@ jobs:
 
       - name: Create Mantis GitHub App token
         id: mantis_app_token
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         with:
           app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}
           private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}
@@ -709,7 +709,7 @@ jobs:
       issues: write
     steps:
       - name: Remove workflow eyes reaction
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const { owner, repo } = context.repo;

.github/workflows/mantis-telegram-live.yml

@@ -68,7 +68,7 @@ jobs:
     steps:
       - name: Require maintainer-level repository access
         id: permission
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const allowed = new Set(["admin", "maintain", "write"]);
@@ -105,7 +105,7 @@ jobs:
     steps:
       - name: Resolve refs and target PR
         id: resolve
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const eventName = context.eventName;
@@ -209,7 +209,7 @@ jobs:
       candidate_revision: ${{ steps.validate.outputs.candidate_revision }}
     steps:
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -312,7 +312,7 @@ jobs:
           done
 
       - name: Checkout harness ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -327,7 +327,7 @@ jobs:
         run: pnpm build
 
       - name: Cache Mantis candidate pnpm store
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: |
             ~/.local/share/pnpm/store
@@ -337,7 +337,7 @@ jobs:
             mantis-telegram-pnpm-${{ runner.os }}-${{ env.NODE_VERSION }}-
 
       - name: Setup Go for Crabbox CLI
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version: "1.26.x"
           cache: false
@@ -501,7 +501,7 @@ jobs:
       - name: Upload Mantis Telegram artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: mantis-telegram-live-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}
@@ -511,7 +511,7 @@ jobs:
       - name: Create Mantis GitHub App token
         id: mantis_app_token
         if: ${{ always() && needs.resolve_request.outputs.pr_number != '' }}
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
         with:
           app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}
           private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}
@@ -572,7 +572,7 @@ jobs:
       issues: write
     steps:
       - name: Remove workflow eyes reaction
-        uses: actions/github-script@v9
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           script: |
             const { owner, repo } = context.repo;

.github/workflows/npm-telegram-beta-e2e.yml

@@ -120,7 +120,7 @@ jobs:
       DOCKER_BUILD_RECORD_UPLOAD: "false"
     steps:
       - name: Checkout dispatch ref
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: ${{ inputs.harness_ref || github.sha }}
           fetch-depth: 1
@@ -190,14 +190,14 @@ jobs:
 
       - name: Download package-under-test artifact
         if: inputs.package_artifact_name != '' && inputs.package_artifact_run_id == ''
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: ${{ inputs.package_artifact_name }}
           path: .artifacts/telegram-package-under-test
 
       - name: Download package-under-test artifact from release run
         if: inputs.package_artifact_name != '' && inputs.package_artifact_run_id != ''
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: ${{ inputs.package_artifact_name }}
           path: .artifacts/telegram-package-under-test
@@ -268,7 +268,7 @@ jobs:
 
       - name: Upload npm Telegram E2E artifacts
         if: always()
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: npm-telegram-beta-e2e-${{ github.run_id }}-${{ github.run_attempt }}
           path: .artifacts/qa-e2e/

.github/workflows/openclaw-cross-os-release-checks-reusable.yml

@@ -332,7 +332,7 @@ jobs:
           esac
 
       - name: Checkout workflow repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           repository: ${{ env.OPENCLAW_REPOSITORY }}
           ref: ${{ steps.workflow_ref.outputs.value }}
@@ -342,7 +342,7 @@ jobs:
 
       - name: Checkout public source ref
         if: inputs.candidate_artifact_name == ''
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           repository: ${{ env.OPENCLAW_REPOSITORY }}
           ref: ${{ inputs.ref }}
@@ -352,7 +352,7 @@ jobs:
           submodules: recursive
 
       - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 
@@ -379,14 +379,14 @@ jobs:
 
       - name: Download current-run candidate artifact
         if: inputs.candidate_artifact_name != '' && inputs.candidate_artifact_run_id == ''
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: ${{ inputs.candidate_artifact_name }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare/package
 
       - name: Download previous-run candidate artifact
         if: inputs.candidate_artifact_name != '' && inputs.candidate_artifact_run_id != ''
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: ${{ inputs.candidate_artifact_name }}
           run-id: ${{ inputs.candidate_artifact_run_id }}
@@ -407,12 +407,28 @@ jobs:
           const path = require("node:path");
 
           const packageDir = process.env.PACKAGE_DIR;
+          function resolveTarballFileName(value, label) {
+            const fileName = typeof value === "string" ? value.trim() : "";
+            if (
+              !fileName.endsWith(".tgz") ||
+              fileName.includes("\0") ||
+              fileName !== path.basename(fileName) ||
+              fileName !== path.win32.basename(fileName)
+            ) {
+              throw new Error(`${label} must be a local .tgz filename.`);
+            }
+            return fileName;
+          }
           const requestedFileName = process.env.INPUT_CANDIDATE_FILE_NAME.trim();
           const files = fs.readdirSync(packageDir).filter((file) => file.endsWith(".tgz"));
-          const candidateFileName = requestedFileName || (files.length === 1 ? files[0] : "");
-          if (!candidateFileName) {
+          const selectedCandidateFileName = requestedFileName || (files.length === 1 ? files[0] : "");
+          if (!selectedCandidateFileName) {
             throw new Error(`Expected exactly one candidate .tgz in ${packageDir}; found ${files.length}.`);
           }
+          const candidateFileName = resolveTarballFileName(
+            selectedCandidateFileName,
+            "candidate_file_name",
+          );
           if (!fs.existsSync(path.join(packageDir, candidateFileName))) {
             throw new Error(`Provided candidate artifact does not contain ${candidateFileName}.`);
           }
@@ -474,16 +490,27 @@ jobs:
         run: |
           node <<'NODE' >>"$GITHUB_OUTPUT"
           const fs = require("node:fs");
+          const path = require("node:path");
+          function resolveTarballFileName(value, label) {
+            const fileName = typeof value === "string" ? value.trim() : "";
+            if (
+              !fileName.endsWith(".tgz") ||
+              fileName.includes("\0") ||
+              fileName !== path.basename(fileName) ||
+              fileName !== path.win32.basename(fileName)
+            ) {
+              throw new Error(`${label} must be a local .tgz filename.`);
+            }
+            return fileName;
+          }
           const payload = JSON.parse(fs.readFileSync(process.env.BASELINE_PACK_JSON, "utf8"));
           const entry = Array.isArray(payload) ? payload.at(-1) : null;
-          if (!entry?.filename) {
-            throw new Error("Baseline npm pack did not produce a filename.");
-          }
-          process.stdout.write(`file_name=${entry.filename}\n`);
+          const fileName = resolveTarballFileName(entry?.filename, "Baseline npm pack filename");
+          process.stdout.write(`file_name=${fileName}\n`);
           NODE
 
       - name: Upload candidate artifact
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: openclaw-cross-os-release-checks-candidate-${{ github.run_id }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare/package/${{ steps.candidate_metadata.outputs.file_name }}
@@ -491,7 +518,7 @@ jobs:
 
       - name: Upload baseline artifact
         if: ${{ inputs.mode != 'fresh' }}
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: openclaw-cross-os-release-checks-baseline-${{ github.run_id }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare/baseline/${{ steps.baseline_metadata.outputs.file_name }}
@@ -531,7 +558,7 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Checkout workflow repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           repository: ${{ env.OPENCLAW_REPOSITORY }}
           ref: ${{ needs.prepare.outputs.workflow_ref }}
@@ -540,7 +567,7 @@ jobs:
           persist-credentials: true
 
       - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 
@@ -555,14 +582,14 @@ jobs:
       - name: Download candidate artifact
         id: download_candidate
         continue-on-error: true
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: openclaw-cross-os-release-checks-candidate-${{ github.run_id }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/candidate
 
       - name: Retry candidate artifact download
         if: ${{ steps.download_candidate.outcome == 'failure' }}
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: openclaw-cross-os-release-checks-candidate-${{ github.run_id }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/candidate
@@ -571,14 +598,14 @@ jobs:
         if: ${{ matrix.suite == 'packaged-upgrade' }}
         id: download_baseline
         continue-on-error: true
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: openclaw-cross-os-release-checks-baseline-${{ github.run_id }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/baseline
 
       - name: Retry baseline artifact download
         if: ${{ matrix.suite == 'packaged-upgrade' && steps.download_baseline.outcome == 'failure' }}
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: openclaw-cross-os-release-checks-baseline-${{ github.run_id }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/baseline
@@ -657,7 +684,7 @@ jobs:
 
       - name: Upload release-check artifacts
         if: always()
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: openclaw-cross-os-release-checks-${{ matrix.artifact_name }}-${{ matrix.suite }}-${{ github.run_id }}
           path: ${{ runner.temp }}/openclaw-cross-os-release-checks/${{ matrix.artifact_name }}-${{ matrix.suite }}