feat: expose requester origin to tool policy hooks

.agents/skills/openclaw-ci-limits/SKILL.md

@@ -1,196 +0,0 @@
----
-name: openclaw-ci-limits
-description: Manage OpenClaw GitHub Actions and Blacksmith CI capacity, runner-registration budgets, fanout caps, main-push debounce, shard sizing, hosted-runner offload, queue health, and safe ramp-down/ramp-up changes. Use when tuning `.github/workflows/*`, `docs/ci.md`, CI runner labels, matrix `max-parallel`, ClawSweeper/Blacksmith burst protection, CodeQL runner placement, or investigating slow/queued OpenClaw CI.
----
-
-# OpenClaw CI Limits
-
-Use this skill for CI capacity changes, not ordinary test failure triage. The
-goal is to keep OpenClaw fast while staying below GitHub's self-hosted runner
-registration edge limit.
-
-## Core Facts
-
-- The scarce resource is Blacksmith runner registrations, not Blacksmith vCPU
-  capacity.
-- GitHub runner registrations are capped at 1,500 per 5 minutes per repository,
-  organization, or enterprise. The `openclaw` organization shares one bucket.
-- Core REST quota does not draw down this bucket. Check
-  `actions_runner_registration` separately; core quota can be healthy while
-  runner registration is throttled.
-- Use 1,000 registrations per 5 minutes as the operating target. Leave the last
-  third for other repos, retries, and burst overlap.
-- Jobs that route, notify, summarize, choose shards, or run short CodeQL quality
-  scans should stay on GitHub-hosted runners unless measured evidence says
-  Blacksmith is required.
-
-## First Checks
-
-Before changing CI, collect current pressure:
-
-```bash
-ghx api rate_limit --jq '{core:.resources.core,graphql:.resources.graphql,search:.resources.search,actions_runner_registration:.resources.actions_runner_registration}'
-ghx run list -R openclaw/openclaw --limit 20 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
-ghx run list -R openclaw/clawsweeper --limit 20 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
-curl -fsS https://clawsweeper.openclaw.ai/api/status | jq '{generated_at,fleet,diagnostics:{errors:.diagnostics.errors}}'
-curl -fsS https://clawsweeper.openclaw.ai/api/exact-review-queue | jq '.'
-node scripts/ci-run-timings.mjs --latest-main
-node scripts/ci-run-timings.mjs --recent 10
-```
-
-Read:
-
-- `.github/workflows/ci.yml`
-- `.github/workflows/codeql-critical-quality.yml`
-- `docs/ci.md`
-- `test/scripts/ci-workflow-guards.test.ts`
-- touched planner files under `scripts/lib/*ci*`, `scripts/lib/*test-plan*`, or
-  `scripts/ci-changed-scope.mjs`
-
-## Diagnose The Bottleneck
-
-Classify the issue before changing caps:
-
-- **Runner-registration throttle:** many jobs queued before runner assignment,
-  Blacksmith/GitHub reports 403/429 or spam-style 422 responses from
-  `generate-jitconfig`, and API core quota is still healthy. Treat 422 as this
-  signal only when the request payload is otherwise valid. Fix burstiness and
-  Blacksmith job count.
-- **Blacksmith capacity:** Blacksmith dashboard shows actual concurrency caps or
-  unavailable capacity. Do not solve this with GitHub workflow fanout alone.
-- **OpenClaw test runtime:** jobs start quickly but one lane dominates wall time.
-  Use `$openclaw-test-performance` instead of runner tuning.
-- **Real failing CI:** one job fails after starting. Use `$github:gh-fix-ci` or
-  `$openclaw-testing`, not this skill.
-- **ClawSweeper backlog:** exact-review queue grows while CI is healthy. Tune
-  ClawSweeper workers in `openclaw/clawsweeper`, not OpenClaw CI.
-
-## Registration Budget Math
-
-Estimate worst-case registrations for a change before editing:
-
-```text
-new Blacksmith registrations ~= number of Blacksmith jobs that can become queued
-inside one 5 minute window
-```
-
-For matrix jobs, count every row that can start in the 5-minute window.
-`strategy.max-parallel` only caps simultaneous rows; short rows can turn over
-and register more runners before the window resets. Use job duration, retries,
-and queue turnover to justify any lower estimate. Add non-matrix Blacksmith jobs
-such as `preflight`, `security-fast`, `build-artifacts`, and platform lanes.
-
-For repeated pushes, multiply by the number of runs expected to reach
-Blacksmith admission in the same 5-minute window, including runs canceled after
-admission. The debounce only suppresses pushes that arrive while
-`runner-admission` is still sleeping; once Blacksmith jobs register, those
-registrations are spent even if a later push cancels the run. If timing is
-uncertain, count every sequential push in the window.
-
-Reject a change unless the org-level worst case stays below 1,000 registrations
-per 5 minutes with headroom for ClawSweeper, ClawHub, Clownfish, OpenClaw RTT,
-and Clawbench.
-
-## Safe Levers
-
-Prefer these in order:
-
-1. Add or preserve concurrency groups that cancel superseded PR and canonical
-   `main` runs before Blacksmith work starts.
-2. Keep the `runner-admission` hosted debounce for canonical `main` pushes.
-   Change `OPENCLAW_MAIN_CI_DEBOUNCE_SECONDS` only with evidence.
-3. Move high-frequency, short, non-build jobs to `ubuntu-24.04`.
-4. Reduce matrix rows by bundling related tests inside one runner job when the
-   combined job stays under timeout and keeps useful failure names.
-5. Lower `strategy.max-parallel` for bursty Blacksmith matrices.
-6. Right-size runners from timing evidence. Use fewer/larger jobs only when
-   elapsed time improves enough to justify registration count.
-7. Split truly slow tests with `$openclaw-test-performance`; do not hide a slow
-   test problem by registering more runners.
-
-Do not:
-
-- add another Blacksmith installation expecting a higher registration bucket;
-- move CodeQL Critical Quality back to Blacksmith;
-- raise all `max-parallel` values at once;
-- make manual `workflow_dispatch` runs cancel normal push/PR validation;
-- delete coverage just to reduce runner count;
-- treat cancelled superseded runs as failures without checking the newest run
-  for the same ref.
-
-## Current OpenClaw Knobs
-
-These are intentionally guarded by `test/scripts/ci-workflow-guards.test.ts`:
-
-- `CI` concurrency key version and `cancel-in-progress` for PRs and canonical
-  `main` pushes.
-- `runner-admission` on `ubuntu-24.04` with
-  `OPENCLAW_MAIN_CI_DEBOUNCE_SECONDS=90`.
-- `preflight` and `security-fast` needing `runner-admission`.
-- CI matrix caps: fast/check lanes at 8, compact Node PR plan at current caps,
-  Windows and Android at 2.
-- `build-artifacts` on `blacksmith-16vcpu-ubuntu-2404`.
-- lower-weight Node/check shards on `blacksmith-4vcpu-ubuntu-2404`.
-- heavy retained Linux/Android shards on `blacksmith-8vcpu-ubuntu-2404`.
-- CodeQL Critical Quality on `ubuntu-24.04` with no `blacksmith-` labels.
-
-When changing one knob, update `docs/ci.md` and the guard test in the same PR.
-
-## Validation
-
-For workflow-only or docs/skill-only changes in a Codex worktree:
-
-```bash
-node scripts/run-vitest.mjs test/scripts/ci-workflow-guards.test.ts
-node scripts/check-workflows.mjs
-node scripts/docs-list.js
-./node_modules/.bin/oxfmt --check .github/workflows/ci.yml .github/workflows/codeql-critical-quality.yml docs/ci.md test/scripts/ci-workflow-guards.test.ts .agents/skills/openclaw-ci-limits/SKILL.md .agents/skills/openclaw-ci-limits/agents/openai.yaml
-git diff --check
-```
-
-If `pnpm docs:list` tries to reconcile dependencies in a linked Codex worktree,
-stop and use `node scripts/docs-list.js`.
-
-For a PR before requesting maintainer approval:
-
-```bash
-.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
-ghx pr checks <pr> -R openclaw/openclaw --watch --interval 15
-```
-
-Use hosted exact-head gates for CI workflow tuning. Do not burn local
-`pnpm test` on unrelated full-suite proof.
-
-Only after the maintainer explicitly asks you to prepare or land the PR, run the
-repo-native mutating wrapper:
-
-```bash
-scripts/pr review-init <pr>
-scripts/pr review-artifacts-init <pr>
-scripts/pr review-validate-artifacts <pr>
-OPENCLAW_TESTBOX=1 scripts/pr prepare-run <pr>
-```
-
-`prepare-run` can push a prepared commit to the PR branch. Only run
-`scripts/pr merge-run <pr>` after the maintainer has explicitly asked you to
-land the PR. Both commands mutate GitHub state.
-
-## Post-Land Monitoring
-
-After merge, watch at least one fresh main cycle and the adjacent repos:
-
-```bash
-ghx run list -R openclaw/openclaw --limit 20 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
-for repo in openclaw/clawsweeper openclaw/clawhub openclaw/clownfish openclaw/openclaw-rtt openclaw/clawbench; do
-  ghx run list -R "$repo" --limit 12 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
-done
-curl -fsS https://clawsweeper.openclaw.ai/api/exact-review-queue | jq '.'
-```
-
-Report:
-
-- exact PR/commit landed;
-- expected registration reduction or added headroom;
-- CI run status and slowest/queued jobs;
-- ClawSweeper queue pending, dispatching, leased, oldest pending age;
-- any real failures that remain outside runner registration.

.agents/skills/openclaw-ci-limits/agents/openai.yaml

@@ -1,4 +0,0 @@
-interface:
-  display_name: "OpenClaw CI Limits"
-  short_description: "Tune OpenClaw CI fanout and runner budgets"
-  default_prompt: "Use $openclaw-ci-limits to inspect OpenClaw CI pressure, tune runner-registration fanout safely, and document the exact validation before landing."

.github/workflows/codeql-critical-quality.yml

@@ -152,7 +152,7 @@ jobs:
   quality-shards:
     name: Select Critical Quality shards
     if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 5
     outputs:
       agent: ${{ steps.detect.outputs.agent }}
@@ -333,7 +333,7 @@ jobs:
     name: Critical Quality (core-auth-secrets)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.core_auth_secrets == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'core-auth-secrets') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -356,7 +356,7 @@ jobs:
     name: Critical Quality (config-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.config == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'config-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -379,7 +379,7 @@ jobs:
     name: Critical Quality (gateway-runtime-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.gateway == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'gateway-runtime-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -402,7 +402,7 @@ jobs:
     name: Critical Quality (channel-runtime-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.channel == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'channel-runtime-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -425,7 +425,7 @@ jobs:
     name: Critical Quality (network-runtime-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.network_runtime == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'network-runtime-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -509,7 +509,7 @@ jobs:
     name: Critical Quality (agent-runtime-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.agent == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'agent-runtime-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -532,7 +532,7 @@ jobs:
     name: Critical Quality (mcp-process-runtime-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.mcp_process == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'mcp-process-runtime-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -555,7 +555,7 @@ jobs:
     name: Critical Quality (memory-runtime-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.memory == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'memory-runtime-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -578,7 +578,7 @@ jobs:
     name: Critical Quality (session-diagnostics-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.session_diagnostics == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'session-diagnostics-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -601,7 +601,7 @@ jobs:
     name: Critical Quality (plugin-sdk-reply-runtime)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.plugin_sdk_reply == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'plugin-sdk-reply-runtime') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -624,7 +624,7 @@ jobs:
     name: Critical Quality (provider-runtime-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.provider == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'provider-runtime-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -646,7 +646,7 @@ jobs:
   ui-control-plane:
     name: Critical Quality (ui-control-plane)
     if: ${{ github.event_name != 'pull_request' && (github.event_name != 'workflow_dispatch' || inputs.profile == 'all') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -668,7 +668,7 @@ jobs:
   web-media-runtime-boundary:
     name: Critical Quality (web-media-runtime-boundary)
     if: ${{ github.event_name != 'pull_request' && (github.event_name != 'workflow_dispatch' || inputs.profile == 'all') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -691,7 +691,7 @@ jobs:
     name: Critical Quality (plugin-boundary)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.plugin == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'plugin-boundary') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout
@@ -714,7 +714,7 @@ jobs:
     name: Critical Quality (plugin-sdk-package-contract)
     needs: quality-shards
     if: ${{ needs.quality-shards.outputs.plugin_sdk_package == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'plugin-sdk-package-contract') }}
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     timeout-minutes: 25
     steps:
       - name: Checkout

.github/workflows/openclaw-live-and-e2e-checks-reusable.yml

@@ -609,6 +609,7 @@ jobs:
             requires_repo_e2e: true
             requires_live_suites: false
     env:
+      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
       OPENCLAW_E2E_WORKERS: "1"
       OPENCLAW_VITEST_MAX_WORKERS: "1"
     steps:
@@ -642,74 +643,9 @@ jobs:
           set -euo pipefail
           case "${{ matrix.suite_id }}" in
             openshell-e2e)
-              echo "OPENCLAW_E2E_OPENSHELL_CONFIG_HOME=$HOME/.config" >> "$GITHUB_ENV"
               ;;
           esac
 
-      - name: Install OpenShell CLI
-        if: |
-          (inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id) &&
-          matrix.suite_id == 'openshell-e2e'
-        shell: bash
-        run: |
-          set -euo pipefail
-          export OPENSHELL_VERSION=v0.0.68
-          curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/d64542f69d06694cbd203b64929d286dd0533bbb/install.sh | sh
-          openshell --version
-
-      - name: Bootstrap OpenShell gateway
-        if: |
-          (inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id) &&
-          matrix.suite_id == 'openshell-e2e'
-        shell: bash
-        run: |
-          set -euo pipefail
-          mtls_dir="$HOME/.config/openshell/gateways/openshell/mtls"
-          gateway_tls_dir="$RUNNER_TEMP/openshell-gateway-certs"
-          fallback_pid=""
-          if ! openshell --gateway openshell sandbox list >/dev/null 2>&1; then
-            rm -rf "$gateway_tls_dir"
-            openshell-gateway generate-certs \
-              --output-dir "$gateway_tls_dir" \
-              --server-san 127.0.0.1 \
-              --server-san localhost \
-              --server-san host.openshell.internal
-            rm -rf "$mtls_dir"
-            mkdir -p "$mtls_dir"
-            cp "$gateway_tls_dir/ca.crt" "$mtls_dir/ca.crt"
-            cp "$gateway_tls_dir/client/tls.crt" "$mtls_dir/tls.crt"
-            cp "$gateway_tls_dir/client/tls.key" "$mtls_dir/tls.key"
-            openshell gateway remove openshell >/dev/null 2>&1 || true
-            OPENSHELL_LOCAL_TLS_DIR="$gateway_tls_dir" nohup openshell-gateway \
-              --bind-address 0.0.0.0 \
-              --port 17670 \
-              --drivers docker \
-              --tls-cert "$gateway_tls_dir/server/tls.crt" \
-              --tls-key "$gateway_tls_dir/server/tls.key" \
-              --tls-client-ca "$mtls_dir/ca.crt" \
-              >"$RUNNER_TEMP/openshell-gateway.log" 2>&1 &
-            fallback_pid=$!
-            echo "OPENCLAW_OPENSHELL_FALLBACK_PID=$fallback_pid" >> "$GITHUB_ENV"
-            for _ in $(seq 1 30); do
-              if openshell gateway add --local --name openshell https://127.0.0.1:17670; then
-                break
-              fi
-              sleep 1
-            done
-            openshell gateway select openshell
-            for _ in $(seq 1 60); do
-              if openshell --gateway openshell sandbox list >/dev/null 2>&1; then
-                break
-              fi
-              sleep 1
-            done
-          fi
-          if [[ -z "$fallback_pid" ]]; then
-            echo "OPENCLAW_OPENSHELL_FALLBACK_PID=" >> "$GITHUB_ENV"
-          fi
-          openshell --gateway openshell sandbox list >/dev/null
-          openshell gateway list
-
       - name: Validate suite credentials
         if: inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id
         shell: bash
@@ -729,15 +665,6 @@ jobs:
           (inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id)
         run: ${{ matrix.command }}
 
-      - name: Stop fallback OpenShell gateway
-        if: always() && matrix.suite_id == 'openshell-e2e'
-        shell: bash
-        run: |
-          set -euo pipefail
-          if [[ -n "${OPENCLAW_OPENSHELL_FALLBACK_PID:-}" ]]; then
-            kill "$OPENCLAW_OPENSHELL_FALLBACK_PID" 2>/dev/null || true
-          fi
-
   validate_docker_e2e:
     needs: [validate_selected_ref, prepare_docker_e2e_image, plan_release_workflow_matrices]
     if: inputs.include_release_path_suites && inputs.docker_lanes == '' && needs.plan_release_workflow_matrices.outputs.docker_e2e_count != '0'

.github/workflows/openclaw-performance.yml

@@ -151,39 +151,11 @@ jobs:
             echo "present=false" >> "$GITHUB_OUTPUT"
           fi
 
-      - name: Resolve OpenClaw target ref
-        id: target
-        if: steps.lane.outputs.run == 'true'
-        env:
-          GH_TOKEN: ${{ github.token }}
-          TARGET_REF_INPUT: ${{ inputs.target_ref }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          requested="${TARGET_REF_INPUT:-}"
-          if [[ -z "$requested" ]]; then
-            echo "checkout_ref=${GITHUB_SHA}" >> "$GITHUB_OUTPUT"
-            echo "tested_ref=${GITHUB_REF_NAME}" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          encoded_ref="$(node -e 'process.stdout.write(encodeURIComponent(process.argv[1]))' "$requested")"
-          if ! resolved_sha="$(gh api "repos/${GITHUB_REPOSITORY}/commits/${encoded_ref}" --jq '.sha')"; then
-            echo "::error::Unable to resolve OpenClaw target_ref '${requested}'." >&2
-            exit 1
-          fi
-          if [[ ! "$resolved_sha" =~ ^[0-9a-f]{40}$ ]]; then
-            echo "::error::OpenClaw target_ref '${requested}' resolved to invalid SHA '${resolved_sha}'." >&2
-            exit 1
-          fi
-          echo "checkout_ref=${resolved_sha}" >> "$GITHUB_OUTPUT"
-          echo "tested_ref=${requested}" >> "$GITHUB_OUTPUT"
-
       - name: Checkout OpenClaw
         if: steps.lane.outputs.run == 'true'
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
-          ref: ${{ steps.target.outputs.checkout_ref }}
+          ref: ${{ inputs.target_ref || github.ref }}
           fetch-depth: 1
           persist-credentials: false
 

CHANGELOG.md

@@ -2,45 +2,6 @@
 
 Docs: https://docs.openclaw.ai
 
-## 2026.6.10
-
-### Highlights
-
-- **Automatic fast mode for talks:** OpenClaw can enable fast mode for short conversational turns, then return to normal mode for longer runs with bounded fallback and delivery behavior. (#85104) Thanks @alexph-dev and @vincentkoc.
-- **More reliable model routing:** Zai model synthesis, GLM overload failover, and native reasoning-level selection now follow the active model catalog more consistently. (#94461, #93241, #94067, #94136) Thanks @Pandah97, @chrysb, @0xghost42, @zhengli0922, @openperf, @civiltox, and @BorClaw.
-- **Safer session and channel state:** channel switches reset stale origin fields, and cron delivery awareness stays attached to the target session. (#95328, #93580) Thanks @ZengWen-DT, @jalehman, @gorkem2020, and @scotthuang.
-- **Trusted policies survive hook composition:** composed hook registries keep the trusted tool policies required by approval-sensitive flows. (#94545) Thanks @jesse-merhi.
-
-### Changes
-
-- **Agent and channel runtime:** fast-mode state now survives retries, fallback transitions, progress events, and embedded/CLI/ACP normalization; session and channel routing retain the current target and delivery context. (#85104, #93580, #95328) Thanks @alexph-dev, @vincentkoc, @scotthuang, @ZengWen-DT, @jalehman, and @gorkem2020.
-- **Provider behavior:** model catalogs now supply the correct Zai base URL, overload classification, and native reasoning controls for live-discovered models. (#94461, #93241, #94067, #94136) Thanks @Pandah97, @chrysb, @0xghost42, @zhengli0922, @openperf, @civiltox, and @BorClaw.
-
-### Fixes
-
-- **Fast-mode and policy correctness:** fallback cutoffs and reset notices are bounded, repeated progress events remain visible, Codex service-tier state is normalized, and trusted policies are not lost when hook registries are composed. (#85104, #94545) Thanks @alexph-dev, @vincentkoc, and @jesse-merhi.
-- **Model and delivery edge cases:** Zai and GLM failover paths use the right runtime metadata, while stale channel-origin state no longer leaks across session changes. (#94461, #93241, #95328) Thanks @Pandah97, @chrysb, @0xghost42, @zhengli0922, @ZengWen-DT, @jalehman, and @gorkem2020.
-- **Provider plugin onboarding:** setup refreshes provider plugin registry metadata after installing setup-selected provider plugins, so auth continuation uses the newly installed provider instead of stale registry state. (#95792) Thanks @snowzlmbot.
-
-### Complete contribution record
-
-This audited record covers the complete v2026.6.9..HEAD history: 12 merged PRs. The generation manifest also supplies direct commits as editorial input; the grouped notes above prioritize user impact.
-
-#### Pull requests
-
-- **PR #86627** Keep core doctor health in contribution order. Thanks @giodl73-repo.
-- **PR #93580** fix: preserve cron delivery awareness for target sessions. Thanks @scotthuang and @jalehman.
-- **PR #95030** refactor: add SDK transcript identity target API. Thanks @jalehman.
-- **PR #94838** refactor(copilot): complete harness lifecycle parity. Thanks @vincentkoc.
-- **PR #95328** fix(sessions): reset stale per-channel origin fields on channel switch. Related #95325. Thanks @ZengWen-DT and @jalehman and @gorkem2020.
-- **PR #94461** fix(zai): fall back to manifest baseUrl for synthesized GLM-5 models. Related #94269. Thanks @Pandah97 and @chrysb.
-- **PR #93241** fix(agents): classify Zhipu GLM overload as overloaded for failover. Related #93211. Thanks @0xghost42 and @zhengli0922.
-- **PR #94067** fix(channels): resolve native /think menu levels via runtime catalog for live-discovered models. Related #93835. Thanks @openperf and @civiltox.
-- **PR #94136** fix(zai): expose GLM-5.2 reasoning levels [AI-assisted]. Thanks @BorClaw.
-- **PR #85104** feat: fast talks auto mode. Related #85087. Thanks @alexph-dev.
-- **PR #94545** fix: keep trusted policies with hook registry. Thanks @jesse-merhi.
-- **PR #95792** fix(onboard): refresh provider plugin registry after setup installs. Related #95765. Thanks @snowzlmbot.
-
 ## 2026.6.9
 
 ### Highlights

apps/android/CHANGELOG.md

@@ -2,7 +2,11 @@
 
 ## Unreleased
 
-Maintenance update for the current OpenClaw Android release.
+## 2026.6.9 - 2026-06-23
+
+Adds settings detail panels, refreshes the Android overview controls, and routes exec approvals into the in-app inbox.
+
+Improves chat acknowledgement handling, gateway pairing readiness, microphone foreground-service behavior, and release screenshot reliability.
 
 ## 2026.6.2 - 2026-06-02
 

apps/android/Config/Version.properties

@@ -2,5 +2,5 @@
 # Source of truth: apps/android/version.json
 # Generated by scripts/android-sync-versioning.ts.
 
-OPENCLAW_ANDROID_VERSION_NAME=2026.6.10
-OPENCLAW_ANDROID_VERSION_CODE=2026061001
+OPENCLAW_ANDROID_VERSION_NAME=2026.6.9
+OPENCLAW_ANDROID_VERSION_CODE=2026060901

apps/android/fastlane/metadata/android/en-US/release_notes.txt

@@ -1 +1,3 @@
-Maintenance update for the current OpenClaw Android release.
+Adds settings detail panels, refreshes the Android overview controls, and routes exec approvals into the in-app inbox.
+
+Improves chat acknowledgement handling, gateway pairing readiness, microphone foreground-service behavior, and release screenshot reliability.

apps/android/version.json

@@ -1,4 +1,4 @@
 {
-  "version": "2026.6.10",
-  "versionCode": 2026061001
+  "version": "2026.6.9",
+  "versionCode": 2026060901
 }

apps/ios/APP-REVIEW-NOTES.md

@@ -1,185 +0,0 @@
-# App Review Notes
-
-Use these steps to exercise the live OpenClaw iOS App Review Gateway.
-
-## Demo Account / Setup
-
-Use the OpenClaw iOS app with the live review Gateway setup code included in
-the `Notes` field of this App Review submission.
-
-The setup code is a single generated code string. It already contains the public
-Gateway host and setup credential.
-
-## Setup Walkthrough
-
-1. Open the OpenClaw app.
-2. Tap `Continue`.
-3. On `Connect Gateway`, tap `Set Up Manually`.
-4. In the `Setup Code` section, tap the `Paste setup code` field.
-5. Paste the setup code string from the App Review submission `Notes` field.
-6. Tap `Apply Setup Code`.
-7. If `Trust and connect` appears, tap `Trust and connect`.
-8. Wait for the `Connected` screen.
-9. On `Connected`, tap `Open OpenClaw`.
-10. Confirm the `Control` screen shows `Gateway Online`.
-11. Tap `Settings`.
-12. Tap `Approvals`.
-13. Tap `Open Notifications`.
-14. Tap `Enable Notifications`.
-15. On `Enable OpenClaw Hosted Push Relay?`, tap `Continue`.
-16. If iOS asks whether OpenClaw may send notifications, tap `Allow`.
-17. Confirm `Notifications` shows `Enabled`.
-
-## Chat
-
-1. Tap the `Chat` tab.
-2. Tap the text field labeled `Message main...`.
-3. Send this exact message:
-
-```text
-Start Apple review checklist.
-```
-
-Expected result: the assistant replies with the available App Review demos.
-
-## Approval Demo
-
-1. Tap the `Chat` tab.
-2. Tap the text field labeled `Message main...`.
-3. Send this exact message:
-
-```text
-Run the approval demo.
-```
-
-Expected result: the iPhone shows `Exec approval required` with the harmless
-command `printf 'OpenClaw App Review approval demo complete\n'`. Tap
-`Allow Once`. The chat then replies:
-
-```text
-The approval demo completed.
-```
-
-## Talk
-
-1. Tap the `Talk` tab.
-2. Tap `Start Talk`.
-3. If iOS asks for microphone access, tap `Allow`.
-4. If iOS asks for Speech Recognition access, tap `Allow`.
-5. Confirm the screen changes to `Ready to talk` and shows `Stop Talk`.
-6. Say:
-
-```text
-Summarize this review setup in one sentence.
-```
-
-Expected result: the assistant responds by voice. Tap `Stop Talk` when done.
-
-## Talk + Background Audio
-
-1. Tap the `Talk` tab.
-2. Confirm `Speakerphone` is on.
-3. Confirm `Background listening` is on.
-4. Tap `Start Talk`.
-5. If iOS asks for microphone access, tap `Allow`.
-6. If iOS asks for Speech Recognition access, tap `Allow`.
-7. Confirm `Stop Talk` is visible.
-8. Say:
-
-```text
-Tell me when you can hear me.
-```
-
-9. While Talk is active, send OpenClaw to the background by returning to the
-   Home Screen or locking the iPhone. Do not force quit the app.
-10. Continue speaking then wait for assistant audio reply.
-
-Expected result: realtime Talk audio continues while OpenClaw is backgrounded.
-Reopen OpenClaw, confirm Talk is still active, then tap `Stop Talk`.
-
-## Gateway Status
-
-1. Tap `Control`.
-2. Tap `Instances`.
-3. Confirm the screen shows `Gateway online`.
-4. Confirm at least one `agent` row is connected.
-5. Confirm the iPhone review device appears in the connected instances list.
-
-## Push Notification
-
-1. Tap the `Chat` tab.
-2. Tap the text field labeled `Message main...`.
-3. Send this exact message:
-
-```text
-Start push notification demo.
-```
-
-4. Immediately send OpenClaw to the background and lock the iPhone. Do not
-   force quit the app.
-
-Expected result: the iPhone Lock Screen receives a visible `OpenClaw`
-notification with this body:
-
-```text
-OpenClaw App Review push notification demo
-```
-
-Tap the notification and unlock the iPhone if prompted. If OpenClaw opens on
-`Control`, tap `Chat`. Expected chat reply:
-
-```text
-The push notification demo completed.
-```
-
-## Push Wake / Status
-
-1. Tap the `Chat` tab.
-2. Send this exact message:
-
-```text
-Start push wake demo.
-```
-
-3. Immediately send OpenClaw to the background and lock the iPhone. Do not
-   force quit the app.
-4. Wait for the `OpenClaw` notification on the Lock Screen. It normally appears
-   about 10 seconds after the message is sent.
-5. Tap the notification and unlock the iPhone if prompted. If OpenClaw opens on
-   `Control`, tap `Chat`.
-
-Expected result: the app reconnects to the live Gateway and Chat replies:
-
-```text
-The push wake and node status demo completed.
-```
-
-## Device Permissions
-
-1. Tap `Settings`.
-2. Tap `Permissions`.
-3. Confirm these current app controls are available:
-   - `Camera`
-   - `Location` with `Off`, `While Using`, and `Always`
-   - `Keep Awake`
-4. Expand `Privacy & Access`.
-5. Confirm these request controls are available:
-   - `Contacts` / `Request Access`
-   - `Calendar (Add Events)` / `Request Access`
-   - `Calendar (View Events)` / `Request Full Access`
-   - `Reminders` / `Request Access`
-
-## Share Sheet
-
-1. Open Safari.
-2. Navigate to `https://example.com`.
-3. Tap the Safari toolbar `More` button.
-4. Tap `Share`.
-5. Tap `OpenClaw`.
-6. Confirm the OpenClaw share extension appears and shows
-   `Edit text, then tap Send.` and `Send to OpenClaw`.
-7. Tap `Send to OpenClaw`.
-
-Expected result: the OpenClaw share extension sends the shared Safari page to
-the live review Gateway and shows `Sent to OpenClaw.` Returning to OpenClaw
-Chat shows the shared `Example Domain` page.

apps/ios/CHANGELOG.md

@@ -1,11 +1,5 @@
 # OpenClaw iOS Changelog
 
-## 2026.6.10 - 2026-06-21
-
-Maintenance update for the current OpenClaw beta release.
-
-- Improved notification cleanup, Watch app compatibility, and native file input handling.
-
 ## 2026.6.9 - 2026-06-20
 
 Maintenance update for the current OpenClaw release.

apps/ios/Config/Version.xcconfig

@@ -2,8 +2,8 @@
 // Source of truth: apps/ios/version.json
 // Generated by scripts/ios-sync-versioning.ts.
 
-OPENCLAW_IOS_VERSION = 2026.6.10
-OPENCLAW_MARKETING_VERSION = 2026.6.10
+OPENCLAW_IOS_VERSION = 2026.6.9
+OPENCLAW_MARKETING_VERSION = 2026.6.9
 OPENCLAW_BUILD_VERSION = 1
 
 #include? "../build/Version.xcconfig"

apps/ios/README.md

@@ -68,9 +68,9 @@ Release behavior:
 - App Store release uses manual `Apple Distribution` signing with profile names pinned in `apps/ios/Config/AppStoreSigning.json`.
 - Fastlane owns one-time Developer Portal setup, encrypted `match` signing sync to the repo/branch pinned in `apps/ios/Config/AppStoreSigning.json`, and release handling.
 - App Store release also switches the app to `OpenClawPushMode=appStore`, which derives relay transport, official distribution, the canonical production relay, production APNs, production relay profile, `appleStrict` proof, and the App-Attest-capable entitlement file.
-- `pnpm ios:release:upload` generates App Store screenshots, uploads release notes, and attaches `apps/ios/APP-REVIEW-NOTES.md` as a rendered PDF before archiving and uploading the IPA.
+- `pnpm ios:release:upload` generates App Store screenshots and uploads release notes before archiving and uploading the IPA.
 - The release archive is validated before upload by inspecting the exported IPA's signed entitlements, embedded App Store profile, and push mode. The upload fails if the IPA is not an App Store production relay build.
-- App Review submission is manual in App Store Connect. The release lane uploads a build, public metadata, and the App Review PDF attachment, but it does not submit for review or upload the App Store Connect `Notes` field.
+- App Review submission is manual in App Store Connect. The release lane uploads a build and metadata, but does not submit for review.
 - The release flow does not modify `apps/ios/.local-signing.xcconfig` or `apps/ios/LocalSigning.xcconfig`.
 - `apps/ios/version.json` is the pinned iOS release version source.
 - `apps/ios/CHANGELOG.md` is the iOS-only changelog and release-note source.
@@ -178,7 +178,7 @@ pnpm ios:release:upload
    - verifies synced iOS versioning artifacts
    - resolves the next App Store Connect build number for that short version
    - generates deterministic App Store screenshots
-   - uploads release notes, screenshots, and the App Review PDF attachment to the editable App Store version
+   - uploads release notes and screenshots to the editable App Store version
    - generates `apps/ios/build/AppStoreRelease.xcconfig`
    - archives `OpenClaw`
    - validates the exported IPA's push mode, signed entitlements, and embedded App Store profile

apps/ios/VERSIONING.md

@@ -96,7 +96,7 @@ Pinned iOS version `2026.4.10` maps to:
   - creates or verifies Developer Portal bundle IDs/services through Fastlane `produce`
   - syncs encrypted App Store signing assets with Fastlane `match`
   - increments App Store Connect build numbers for the pinned short version
-  - uploads screenshots, release notes, and the rendered App Review PDF attachment before archiving a release build
+  - uploads screenshots and release notes before archiving a release build
 
 ## Release-note resolution order
 
@@ -156,4 +156,4 @@ Fastlane and Xcode should consume only the pinned iOS version from `apps/ios/ver
 
 Changing `package.json.version` alone must not change the iOS app version until a maintainer explicitly runs the pin step.
 
-App Review submission must remain manual. Automation may create/update the editable App Store version, upload screenshots, upload release notes, upload the App Review PDF attachment, and upload builds, but it should not upload the App Store Connect `Notes` field or submit a build for review.
+App Review submission must remain manual. Automation may create/update the editable App Store version, upload screenshots, upload release notes, and upload builds, but it should not submit a build for review.

apps/ios/fastlane/Fastfile

@@ -5,7 +5,6 @@ require "fileutils"
 require "tmpdir"
 require "tempfile"
 require "cgi"
-require "digest/md5"
 
 default_platform(:ios)
 
@@ -48,14 +47,6 @@ PUBLIC_METADATA_FILENAMES = [
   "subtitle.txt",
   "support_url.txt"
 ].freeze
-APP_REVIEW_NOTES_METADATA_FILENAMES = [
-  "notes.txt",
-  "review_notes.txt"
-].freeze
-APP_STORE_SCREENSHOT_LIMIT_PER_SET = 10
-APP_STORE_SCREENSHOT_SET_DELETE_TIMEOUT_SECONDS = 120
-APP_STORE_SCREENSHOT_PROCESSING_TIMEOUT_SECONDS = 3600
-APP_STORE_SCREENSHOT_PROCESSING_POLL_SECONDS = 5
 
 def load_env_file(path)
   return unless File.exist?(path)
@@ -88,6 +79,10 @@ def release_notes_upload_requested?
   ENV["DELIVER_RELEASE_NOTES"] == "1"
 end
 
+def screenshot_paths
+  Dir[File.join(__dir__, "screenshots", "**", "*.png")]
+end
+
 def validate_required_screenshots!(paths)
   missing_families = REQUIRED_SCREENSHOT_FAMILIES.filter_map do |name, pattern|
     name unless paths.any? { |path| File.basename(path).match?(pattern) }
@@ -737,37 +732,6 @@ def release_notes_metadata_path
   temp_root
 end
 
-def app_review_notes_markdown_path
-  File.join(ios_root, "APP-REVIEW-NOTES.md")
-end
-
-def app_review_notes_pdf_path
-  File.join(ios_root, "build", "app-review", "APP-REVIEW-NOTES.pdf")
-end
-
-def generate_app_review_notes_pdf!
-  source = app_review_notes_markdown_path
-  UI.user_error!("Missing App Review notes at #{source}.") unless File.exist?(source)
-
-  output = app_review_notes_pdf_path
-  FileUtils.mkdir_p(File.dirname(output))
-  sh(shell_join(["xcrun", "swift", File.join(repo_root, "scripts", "ios-app-review-notes-pdf.swift"), source, output]))
-  output
-end
-
-def assert_no_app_review_notes_field_metadata!(metadata_path)
-  notes_dir = File.join(metadata_path, "review_information")
-  APP_REVIEW_NOTES_METADATA_FILENAMES.each do |filename|
-    path = File.join(notes_dir, filename)
-    next unless File.exist?(path)
-
-    UI.user_error!(
-      "Refusing to upload App Review Notes metadata from #{path}. " \
-        "Maintain the App Store Connect Notes field manually so the live setup code is not stored in this repo."
-    )
-  end
-end
-
 def public_metadata_path
   source = File.join(__dir__, "metadata")
   temp_root = Dir.mktmpdir("openclaw-app-store-metadata")
@@ -781,259 +745,6 @@ def public_metadata_path
   temp_root
 end
 
-def app_store_screenshot_root
-  File.join(__dir__, "screenshots")
-end
-
-def app_store_screenshot_manifest
-  require "deliver/loader"
-
-  Deliver::Loader.load_app_screenshots(app_store_screenshot_root, false)
-end
-
-def resolve_app_store_connect_app(app_identifier:, app_id:)
-  require "spaceship"
-
-  app = if env_present?(app_id) && !env_present?(app_identifier)
-          Spaceship::ConnectAPI::App.get(app_id: app_id)
-        else
-          Spaceship::ConnectAPI::App.find(app_identifier || APP_STORE_APP_IDENTIFIER)
-        end
-  UI.user_error!("Could not find App Store Connect app #{app_identifier || app_id || APP_STORE_APP_IDENTIFIER}.") unless app
-  app
-end
-
-def resolve_app_store_connect_version(app:, short_version:)
-  version = app.get_edit_app_store_version(platform: Spaceship::ConnectAPI::Platform::IOS)
-  UI.user_error!("Could not find an editable App Store Connect version for #{app.name}.") unless version
-  if version.version_string != short_version
-    UI.user_error!(
-      "Editable App Store Connect version mismatch for #{app.name}: expected #{short_version}, got #{version.version_string}."
-    )
-  end
-  version
-end
-
-def app_store_screenshot_sets_for_display_type(localization:, display_type:)
-  localization
-    .get_app_screenshot_sets(includes: "appScreenshots")
-    .select { |set| set.screenshot_display_type == display_type }
-end
-
-def clear_app_store_screenshot_sets!(localization:)
-  existing_sets = localization.get_app_screenshot_sets(includes: "appScreenshots")
-  return if existing_sets.empty?
-
-  existing_sets.each do |set|
-    UI.message("Deleting existing #{localization.locale} #{set.screenshot_display_type} screenshot set #{set.id}.")
-    set.delete!
-  end
-
-  deadline = Time.now + APP_STORE_SCREENSHOT_SET_DELETE_TIMEOUT_SECONDS
-  loop do
-    sets = localization.get_app_screenshot_sets(includes: "appScreenshots")
-    return if sets.empty?
-
-    if Time.now >= deadline
-      UI.user_error!(
-        "Timed out waiting for App Store Connect to delete #{localization.locale} screenshot sets: #{sets.map(&:id).join(', ')}."
-      )
-    end
-    sleep(3)
-  end
-end
-
-def app_store_screenshot_expected_rows(screenshots)
-  screenshots.map do |screenshot|
-    {
-      checksum: Digest::MD5.file(screenshot.path).hexdigest,
-      file_name: File.basename(screenshot.path)
-    }
-  end
-end
-
-def app_store_screenshot_actual_rows(app_screenshot_set)
-  (app_screenshot_set.app_screenshots || []).map do |screenshot|
-    {
-      checksum: screenshot.source_file_checksum,
-      file_name: screenshot.file_name,
-      state: (screenshot.asset_delivery_state || {})["state"]
-    }
-  end
-end
-
-def format_app_store_screenshot_rows(rows)
-  rows.map do |row|
-    [row[:file_name], row[:checksum], row[:state]].compact.join(" ")
-  end.join(", ")
-end
-
-def app_store_screenshot_processing_timeout_seconds
-  raw = ENV["DELIVER_SCREENSHOT_PROCESSING_TIMEOUT"].to_s.strip
-  return APP_STORE_SCREENSHOT_PROCESSING_TIMEOUT_SECONDS if raw.empty?
-
-  unless raw.match?(/\A\d+\z/) && raw.to_i.positive?
-    UI.user_error!("Invalid DELIVER_SCREENSHOT_PROCESSING_TIMEOUT '#{raw}'. Expected a positive number of seconds.")
-  end
-  raw.to_i
-end
-
-def app_store_screenshot_state_counts(screenshots)
-  screenshots.each_with_object({}) do |screenshot, counts|
-    state = (screenshot.asset_delivery_state || {})["state"] || "UNKNOWN"
-    counts[state] ||= 0
-    counts[state] += 1
-  end
-end
-
-def wait_for_app_store_screenshots_processing!(screenshot_ids:, locale:, display_type:)
-  timeout_seconds = app_store_screenshot_processing_timeout_seconds
-  deadline = Time.now + timeout_seconds
-  loop do
-    screenshots = screenshot_ids.map do |screenshot_id|
-      Spaceship::ConnectAPI.get_app_screenshot(app_screenshot_id: screenshot_id).first
-    end
-
-    failed = screenshots.select(&:error?)
-    unless failed.empty?
-      details = failed.map { |screenshot| "#{screenshot.file_name}: #{screenshot.error_messages.join(', ')}" }
-      UI.user_error!("App Store Connect failed processing #{locale} #{display_type} screenshots: #{details.join('; ')}.")
-    end
-    return screenshots if screenshots.all?(&:complete?)
-
-    if Time.now >= deadline
-      states = app_store_screenshot_state_counts(screenshots)
-      UI.user_error!(
-        "Timed out after #{timeout_seconds}s waiting for App Store Connect to process #{locale} #{display_type} screenshots: #{states}."
-      )
-    end
-
-    UI.verbose("Waiting for #{locale} #{display_type} screenshots to finish processing: #{app_store_screenshot_state_counts(screenshots)}.")
-    sleep(APP_STORE_SCREENSHOT_PROCESSING_POLL_SECONDS)
-  end
-end
-
-def validate_app_store_screenshot_target_counts!(screenshots_by_target)
-  screenshots_by_target.each do |(locale, display_type), screenshots|
-    next if screenshots.length <= APP_STORE_SCREENSHOT_LIMIT_PER_SET
-
-    UI.user_error!(
-      "Found #{screenshots.length} screenshots for #{locale} #{display_type}; App Store Connect allows #{APP_STORE_SCREENSHOT_LIMIT_PER_SET}."
-    )
-  end
-end
-
-def verify_app_store_screenshot_set!(app_screenshot_set:, screenshots:, locale:, display_type:)
-  expected = app_store_screenshot_expected_rows(screenshots)
-  timeout_seconds = app_store_screenshot_processing_timeout_seconds
-  deadline = Time.now + timeout_seconds
-  actual = []
-
-  loop do
-    app_screenshot_set = Spaceship::ConnectAPI::AppScreenshotSet.get(app_screenshot_set_id: app_screenshot_set.id)
-    actual = app_store_screenshot_actual_rows(app_screenshot_set)
-    actual_identity = actual.map { |row| { checksum: row[:checksum], file_name: row[:file_name] } }
-    incomplete = actual.reject { |row| row[:state] == "COMPLETE" }
-
-    return if actual_identity == expected && incomplete.empty?
-
-    if actual.length > expected.length
-      UI.user_error!(
-        "App Store Connect screenshot verification failed for #{locale} #{display_type}. " \
-          "Expected: #{format_app_store_screenshot_rows(expected)}. " \
-          "Actual: #{format_app_store_screenshot_rows(actual)}."
-      )
-    end
-
-    if Time.now >= deadline
-      UI.user_error!(
-        "Timed out after #{timeout_seconds}s waiting for App Store Connect screenshot verification for #{locale} #{display_type}. " \
-          "Expected: #{format_app_store_screenshot_rows(expected)}. " \
-          "Actual: #{format_app_store_screenshot_rows(actual)}."
-      )
-    end
-
-    UI.verbose(
-      "Waiting for App Store Connect screenshot verification for #{locale} #{display_type}: " \
-        "#{format_app_store_screenshot_rows(actual)}."
-    )
-    sleep(APP_STORE_SCREENSHOT_PROCESSING_POLL_SECONDS)
-  end
-end
-
-def replace_app_store_screenshot_set!(localization:, display_type:, screenshots:)
-  existing_sets = app_store_screenshot_sets_for_display_type(localization: localization, display_type: display_type)
-  unless existing_sets.empty?
-    UI.user_error!(
-      "App Store Connect still has #{localization.locale} #{display_type} screenshot sets after reset: #{existing_sets.map(&:id).join(', ')}."
-    )
-  end
-
-  UI.message("Creating #{localization.locale} #{display_type} screenshot set.")
-  app_screenshot_set = localization.create_app_screenshot_set(attributes: { screenshotDisplayType: display_type })
-  uploaded_ids = screenshots.map.with_index do |screenshot, index|
-    started_at = Time.now
-    uploaded = app_screenshot_set.upload_screenshot(path: screenshot.path, wait_for_processing: false)
-    UI.message(
-      "Uploaded #{localization.locale} #{display_type} screenshot #{index + 1}/#{screenshots.length}: " \
-        "#{File.basename(screenshot.path)} (#{(Time.now - started_at).round(1)}s)."
-    )
-    uploaded.id
-  end
-  wait_for_app_store_screenshots_processing!(
-    screenshot_ids: uploaded_ids,
-    locale: localization.locale,
-    display_type: display_type
-  )
-
-  app_screenshot_set = Spaceship::ConnectAPI::AppScreenshotSet.get(app_screenshot_set_id: app_screenshot_set.id)
-  app_screenshot_set = app_screenshot_set.reorder_screenshots(app_screenshot_ids: uploaded_ids)
-  verify_app_store_screenshot_set!(
-    app_screenshot_set: app_screenshot_set,
-    screenshots: screenshots,
-    locale: localization.locale,
-    display_type: display_type
-  )
-end
-
-# Fastlane deliver can duplicate complete screenshots when its verification retry
-# runs before App Store Connect consistently lists processed assets. Keep the
-# screenshot write path serial and assert the remote set equals the local files.
-def upload_app_store_screenshots_deterministically!(app_identifier:, app_id:, short_version:, screenshots:)
-  app = resolve_app_store_connect_app(app_identifier: app_identifier, app_id: app_id)
-  version = resolve_app_store_connect_version(app: app, short_version: short_version)
-  localizations_by_locale = version.get_app_store_version_localizations.each_with_object({}) do |localization, index|
-    index[localization.locale] = localization
-  end
-
-  screenshots_by_target = screenshots
-    .sort_by { |screenshot| [screenshot.language.to_s, screenshot.display_type.to_s, File.basename(screenshot.path)] }
-    .group_by { |screenshot| [screenshot.language, screenshot.display_type] }
-  validate_app_store_screenshot_target_counts!(screenshots_by_target)
-
-  missing_locales = screenshots_by_target.keys.map(&:first).uniq.reject { |locale| localizations_by_locale.key?(locale) }
-  unless missing_locales.empty?
-    UI.user_error!(
-      "App Store Connect localizations are missing for screenshot locales #{missing_locales.join(', ')}. " \
-        "Upload metadata for these locales before uploading screenshots."
-    )
-  end
-
-  screenshots_by_target.keys.map(&:first).uniq.each do |locale|
-    clear_app_store_screenshot_sets!(localization: localizations_by_locale.fetch(locale))
-  end
-
-  screenshots_by_target.each do |(locale, display_type), target_screenshots|
-    replace_app_store_screenshot_set!(
-      localization: localizations_by_locale.fetch(locale),
-      display_type: display_type,
-      screenshots: target_screenshots
-    )
-  end
-
-  UI.success("Uploaded and verified #{screenshots.length} App Store screenshots for #{short_version}.")
-end
-
 def read_ios_version_metadata
   script_path = File.join(repo_root, "scripts", "ios-version.ts")
   stdout, stderr, status = Open3.capture3(
@@ -1303,7 +1014,7 @@ platform :ios do
     ENV.delete("XCODE_XCCONFIG_FILE")
   end
 
-  desc "Generate screenshots, update App Store metadata and review attachment, then upload an App Store build"
+  desc "Generate screenshots, update App Store version metadata, then upload an App Store build"
   lane :release_upload do
     unless ENV["OPENCLAW_IOS_RELEASE_WRAPPER"] == "1"
       UI.user_error!("Use `pnpm ios:release:upload`; direct Fastlane TestFlight upload is disabled.")
@@ -1333,7 +1044,7 @@ platform :ios do
     ENV.delete("XCODE_XCCONFIG_FILE")
   end
 
-  desc "Upload App Store metadata, App Review PDF attachment, and optionally screenshots"
+  desc "Upload App Store metadata (and optionally screenshots)"
   lane :metadata do
     install_ready_for_review_edit_state_lookup!
     sync_ios_versioning!
@@ -1346,22 +1057,19 @@ platform :ios do
     app_id = nil unless env_present?(app_id)
 
     if screenshot_upload_requested?
-      screenshots_to_upload = app_store_screenshot_manifest
-      if screenshots_to_upload.empty?
+      paths = screenshot_paths
+      if paths.empty?
         UI.user_error!("DELIVER_SCREENSHOTS=1 but no PNG screenshots were found under apps/ios/fastlane/screenshots.")
       end
-      validate_required_screenshots!(screenshots_to_upload.map(&:path))
+      validate_required_screenshots!(paths)
     end
 
-    assert_no_app_review_notes_field_metadata!(File.join(__dir__, "metadata"))
     metadata_path = public_metadata_path
     skip_metadata = ENV["DELIVER_METADATA"] != "1"
     if release_notes_upload_requested? && skip_metadata
       metadata_path = release_notes_metadata_path
       skip_metadata = false
     end
-    assert_no_app_review_notes_field_metadata!(metadata_path) unless skip_metadata
-    app_review_attachment_file = skip_metadata ? nil : generate_app_review_notes_pdf!
 
     deliver_options = {
       api_key: api_key,
@@ -1371,11 +1079,10 @@ platform :ios do
       primary_category: "PRODUCTIVITY",
       secondary_category: "UTILITIES",
       metadata_path: metadata_path,
-      skip_screenshots: true,
+      skip_screenshots: !screenshot_upload_requested?,
       skip_metadata: skip_metadata,
       skip_binary_upload: true,
-      overwrite_screenshots: false,
-      app_review_attachment_file: app_review_attachment_file,
+      overwrite_screenshots: screenshot_upload_requested?,
       skip_app_version_update: false,
       submit_for_review: false,
       run_precheck_before_submit: false
@@ -1388,14 +1095,6 @@ platform :ios do
     end
 
     deliver(**deliver_options)
-    if screenshot_upload_requested?
-      upload_app_store_screenshots_deterministically!(
-        app_identifier: app_identifier,
-        app_id: app_id,
-        short_version: version_metadata[:short_version],
-        screenshots: screenshots_to_upload
-      )
-    end
   end
 
   desc "Generate deterministic iOS screenshots for App Store metadata"

apps/ios/fastlane/SETUP.md

@@ -169,5 +169,5 @@ Versioning rules:
 - Local App Store signing uses a temporary generated xcconfig with profile names from `apps/ios/Config/AppStoreSigning.json` and leaves local development signing overrides untouched
 - App Store release uses `OpenClawPushMode=appStore`, which derives the canonical production hosted relay, production APNs, production relay profile, and `appleStrict` proof. The release lane rejects custom production relay URL overrides.
 - The exported IPA is validated before upload by inspecting its push mode, signed entitlements, and embedded App Store profile.
-- `pnpm ios:release:upload` generates and uploads screenshots, release notes, and the App Review PDF attachment before archiving, then uploads the IPA without submitting it for App Review or uploading the App Store Connect `Notes` field
+- `pnpm ios:release:upload` generates and uploads screenshots and release notes before archiving, then uploads the IPA without submitting it for App Review
 - See `apps/ios/VERSIONING.md` for the detailed workflow

apps/ios/fastlane/metadata/README.md

@@ -2,7 +2,7 @@
 
 This directory is used by `fastlane deliver` for App Store Connect text metadata.
 
-## Upload public metadata and App Review attachment
+## Upload metadata only
 
 ```bash
 cd apps/ios
@@ -10,9 +10,9 @@ APP_STORE_CONNECT_APP_ID=YOUR_APP_STORE_CONNECT_APP_ID \
 DELIVER_METADATA=1 fastlane ios metadata
 ```
 
-## Release notes and App Review attachment
+## Release notes only
 
-`pnpm ios:release:upload` uses this mode before archiving so the editable App Store version has current release notes and the App Review PDF attachment without rewriting all metadata:
+`pnpm ios:release:upload` uses this mode before archiving so the editable App Store version has current release notes without rewriting all metadata:
 
 ```bash
 cd apps/ios
@@ -46,12 +46,11 @@ Or set `APP_STORE_CONNECT_API_KEY_PATH`.
 
 - Locale files live under `metadata/en-US/`.
 - `release_notes.txt` is generated from `apps/ios/CHANGELOG.md`; after changelog updates, run `pnpm ios:version:sync`.
-- `apps/ios/APP-REVIEW-NOTES.md` is rendered to `apps/ios/build/app-review/APP-REVIEW-NOTES.pdf` and uploaded as the App Review attachment when metadata is uploaded.
 - Release notes resolve from `## <pinned iOS version>` first, then fall back to `## Unreleased` while a TestFlight train is still in progress.
 - When starting a new production release train, pin the iOS version first with `pnpm ios:version:pin -- --from-gateway`.
-- The release upload flow uploads release notes, screenshots, and the App Review PDF attachment before the IPA, and never submits for App Review.
+- The release upload flow uploads release notes and screenshots before the IPA, and never submits for App Review.
 - `privacy_url.txt` is set to `https://openclaw.ai/privacy`.
 - If app lookup fails in `deliver`, set one of:
   - `APP_STORE_CONNECT_APP_IDENTIFIER` (bundle ID)
   - `APP_STORE_CONNECT_APP_ID` (numeric App Store Connect app ID, e.g. from `/apps/<id>/...` URL)
-- App Review submission is manual. Keep review contact, demo account, and the App Store Connect `Notes` field outside this repo and enter them directly in App Store Connect when submitting for review. Do not add `metadata/review_information/notes.txt`; the lane refuses to upload that field.
+- App Review submission is manual. Keep review contact, demo account, and reviewer notes outside this repo and enter them directly in App Store Connect when submitting for review.

apps/ios/fastlane/metadata/en-US/description.txt

@@ -5,7 +5,7 @@ Pair this iOS app with your OpenClaw Gateway to use your iPhone as a secure node
 What you can do:
 - Pair with your private OpenClaw Gateway by QR code or setup code
 - Chat with your assistant from iPhone
-- Use realtime Talk mode and background Talk
+- Use realtime Talk mode and push-to-talk
 - Review Gateway action approvals from your iPhone
 - Share text, links, and media directly from iOS into OpenClaw
 - Enable device capabilities such as camera, screen, location, photos, contacts, calendar, and reminders when you choose

apps/ios/fastlane/metadata/en-US/release_notes.txt

@@ -1,3 +1,5 @@
-Maintenance update for the current OpenClaw beta release.
+Maintenance update for the current OpenClaw release.
 
-- Improved notification cleanup, Watch app compatibility, and native file input handling.
+- Added Apple Watch controls for common agent actions.
+- Improved Gateway setup, notification settings, and share-extension identity handling.
+- Updated the Watch app integration for current Xcode compatibility.

apps/ios/version.json

@@ -1,3 +1,3 @@
 {
-  "version": "2026.6.10"
+  "version": "2026.6.9"
 }

apps/macos/Package.resolved

@@ -108,6 +108,24 @@
         "revision" : "7c6ad0fc39d0763e0b699210e4124afd5041c5df",
         "version" : "1.6.4"
       }
+    },
+    {
+      "identity" : "swiftui-math",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/gonzalezreal/swiftui-math",
+      "state" : {
+        "revision" : "0b5c2cfaaec8d6193db206f675048eeb5ce95f71",
+        "version" : "0.1.0"
+      }
+    },
+    {
+      "identity" : "textual",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/gonzalezreal/textual",
+      "state" : {
+        "revision" : "5b06b811c0f5313b6b84bbef98c635a630638c38",
+        "version" : "0.3.1"
+      }
     }
   ],
   "version" : 3

apps/macos/Package.swift

@@ -20,7 +20,6 @@ let package = Package(
         .package(url: "https://github.com/apple/swift-log.git", from: "1.10.1"),
         .package(url: "https://github.com/sparkle-project/Sparkle", from: "2.9.0"),
         .package(url: "https://github.com/steipete/Peekaboo.git", exact: "3.5.2"),
-        .package(url: "https://github.com/pointfreeco/swift-concurrency-extras", from: "1.3.1"),
         .package(path: "../shared/OpenClawKit"),
         .package(path: "../swabble"),
     ],
@@ -55,7 +54,6 @@ let package = Package(
                 .product(name: "Sparkle", package: "Sparkle"),
                 .product(name: "PeekabooBridge", package: "Peekaboo"),
                 .product(name: "PeekabooAutomationKit", package: "Peekaboo"),
-                .product(name: "ConcurrencyExtras", package: "swift-concurrency-extras"),
             ],
             exclude: [
                 "Resources/Info.plist",

apps/macos/Sources/OpenClaw/Resources/Info.plist

@@ -15,9 +15,9 @@
     <key>CFBundlePackageType</key>
     <string>APPL</string>
     <key>CFBundleShortVersionString</key>
-    <string>2026.6.10</string>
+    <string>2026.6.9</string>
     <key>CFBundleVersion</key>
-    <string>2026061000</string>
+    <string>2026060900</string>
     <key>CFBundleIconFile</key>
     <string>OpenClaw</string>
     <key>CFBundleURLTypes</key>

apps/shared/OpenClawKit/Package.swift

@@ -19,6 +19,7 @@ let package = Package(
     ],
     dependencies: [
         .package(url: "https://github.com/steipete/ElevenLabsKit", exact: "0.1.1"),
+        .package(url: "https://github.com/gonzalezreal/textual", exact: "0.3.1"),
     ],
     targets: [
         .target(
@@ -44,6 +45,10 @@ let package = Package(
             name: "OpenClawChatUI",
             dependencies: [
                 "OpenClawKit",
+                .product(
+                    name: "Textual",
+                    package: "textual",
+                    condition: .when(platforms: [.macOS, .iOS])),
             ],
             path: "Sources/OpenClawChatUI",
             swiftSettings: [

apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatMarkdownRenderer.swift

@@ -1,5 +1,5 @@
-import Foundation
 import SwiftUI
+import Textual
 
 public enum ChatMarkdownVariant: String, CaseIterable, Sendable {
     case standard
@@ -22,28 +22,46 @@ struct ChatMarkdownRenderer: View {
     var body: some View {
         let processed = ChatMarkdownPreprocessor.preprocess(markdown: self.text)
         VStack(alignment: .leading, spacing: 10) {
-            Text(self.markdownText(processed.cleaned))
-                .font(self.font)
-                .foregroundStyle(self.textColor)
-                .tint(self.linkColor)
-                .textSelection(.enabled)
-                .lineSpacing(self.variant == .compact ? 2 : 4)
+            StructuredText(markdown: processed.cleaned)
+                .modifier(ChatMarkdownStyle(
+                    variant: self.variant,
+                    context: self.context,
+                    font: self.font,
+                    textColor: self.textColor))
 
             if !processed.images.isEmpty {
                 InlineImageList(images: processed.images)
             }
         }
     }
+}
 
-    private var linkColor: Color {
-        self.context == .user ? self.textColor : OpenClawChatTheme.accent
+private struct ChatMarkdownStyle: ViewModifier {
+    let variant: ChatMarkdownVariant
+    let context: ChatMarkdownRenderer.Context
+    let font: Font
+    let textColor: Color
+
+    func body(content: Content) -> some View {
+        Group {
+            if self.variant == .compact {
+                content.textual.structuredTextStyle(.default)
+            } else {
+                content.textual.structuredTextStyle(.gitHub)
+            }
+        }
+        .font(self.font)
+        .foregroundStyle(self.textColor)
+        .textual.inlineStyle(self.inlineStyle)
+        .textual.textSelection(.enabled)
     }
 
-    private func markdownText(_ markdown: String) -> AttributedString {
-        let options = AttributedString.MarkdownParsingOptions(
-            interpretedSyntax: .full,
-            failurePolicy: .returnPartiallyParsedIfPossible)
-        return (try? AttributedString(markdown: markdown, options: options)) ?? AttributedString(markdown)
+    private var inlineStyle: InlineStyle {
+        let linkColor: Color = self.context == .user ? self.textColor : OpenClawChatTheme.accent
+        let codeScale: CGFloat = self.variant == .compact ? 0.85 : 0.9
+        return InlineStyle()
+            .code(.monospaced, .fontScale(codeScale))
+            .link(.foregroundColor(linkColor))
     }
 }
 

docs/.generated/config-baseline.sha256

@@ -1,4 +1,4 @@
-c9c0cef8a5149a32651c6e25a0bdb8c7ae2f18c7d2da820c42c9241f09331e22  config-baseline.json
-f7420a61f9cef845dbba414d6847baeba9c5e9143de21f3c69ccb15772c86a6e  config-baseline.core.json
-671979e86e4c4f59415d0a20879e838f9bbd883b3d29eeb02cb5131db8d187fe  config-baseline.channel.json
-94529978588d6e3776a86780b22cf9ff46a6f9957f2f178d3829403fad451ca7  config-baseline.plugin.json
+ee542300a1f9d5c23e772d47f2acfcc92ee0a4da210974306790bf2220b80277  config-baseline.json
+6349131baaa1828f2a071f42e4d7b17c8966c59b6588c8a4c1a32ea5ea4dcd5e  config-baseline.core.json
+de674ef01dad2828bb711a4648dc5a00f696f71c3c59004131d9475769bc1ff8  config-baseline.channel.json
+ce2a731077f0f0135b7eaf01b00a60abfa0d2776aba4be237491d492af0c8a02  config-baseline.plugin.json

docs/.generated/plugin-sdk-api-baseline.sha256

@@ -1,2 +1,2 @@
-95f2562304eebefd432c7694a90b860e4611f989e77bd3214b7c2cbeabba1882  plugin-sdk-api-baseline.json
-5d2c93807dae6e142616d82b0718964326ce46389bf81288972bbf664af64ae7  plugin-sdk-api-baseline.jsonl
+edf22df3bcc2037f2059904ed91ed6761d7fa8fcedec1d40fa464db81be09123  plugin-sdk-api-baseline.json
+78797dbf24b26e4a5f578e13119431372786ce7f7e2bbddbb5228aaf95be15ee  plugin-sdk-api-baseline.jsonl

docs/ci.md

@@ -133,30 +133,15 @@ gh workflow run full-release-validation.yml --ref main -f ref=<branch-or-sha>
 
 ## Runners
 
-| Runner                          | Jobs                                                                                                                                                                                                                                                                                 |
-| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `ubuntu-24.04`                  | Manual CI dispatch and non-canonical repository fallbacks, CodeQL JavaScript/actions quality scans, workflow-sanity, labeler, auto-response, docs workflows outside CI, and install-smoke preflight so the Blacksmith matrix can queue earlier                                       |
-| `blacksmith-4vcpu-ubuntu-2404`  | `preflight`, `security-fast`, lower-weight extension shards, `checks-fast-core`, plugin/channel contract shards, most bundled/lower-weight Linux Node shards, `check-guards`, `check-prod-types`, `check-test-types`, selected `check-additional-*` shards, and `check-dependencies` |
-| `blacksmith-8vcpu-ubuntu-2404`  | Retained heavy Linux Node suites, boundary/extension-heavy `check-additional-*` shards, and `android`                                                                                                                                                                                |
-| `blacksmith-16vcpu-ubuntu-2404` | `build-artifacts`, `check-lint` (CPU-sensitive enough that 8 vCPU cost more than they saved); install-smoke Docker builds (32-vCPU queue time cost more than it saved)                                                                                                               |
-| `blacksmith-8vcpu-windows-2025` | `checks-windows`                                                                                                                                                                                                                                                                     |
-| `blacksmith-6vcpu-macos-15`     | `macos-node` on `openclaw/openclaw`; forks fall back to `macos-15`                                                                                                                                                                                                                   |
-| `blacksmith-12vcpu-macos-26`    | `macos-swift` and `ios-build` on `openclaw/openclaw`; forks fall back to `macos-26`                                                                                                                                                                                                  |
-
-## Runner registration budget
-
-GitHub caps self-hosted runner registrations at 1,500 runners per 5 minutes per
-repository, organization, or enterprise. The limit is shared by all Blacksmith
-runner registrations in the `openclaw` organization, so adding another
-Blacksmith installation does not add a new bucket.
-
-Treat Blacksmith labels as the scarce resource for burst control. Jobs that
-only route, notify, summarize, select shards, or run short CodeQL scans should
-stay on GitHub-hosted runners unless they have measured Blacksmith-specific
-needs. Any new Blacksmith matrix, larger `max-parallel`, or high-frequency
-workflow must show its worst-case registration count and keep the org-level
-target below 1,000 registrations per 5 minutes, leaving headroom for concurrent
-repositories and retried jobs.
+| Runner                          | Jobs                                                                                                                                                                                                                                                                                                            |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `ubuntu-24.04`                  | Manual CI dispatch and non-canonical repository fallbacks, workflow-sanity, labeler, auto-response, docs workflows outside CI, and install-smoke preflight so the Blacksmith matrix can queue earlier                                                                                                           |
+| `blacksmith-4vcpu-ubuntu-2404`  | `CodeQL Critical Quality`, `preflight`, `security-fast`, lower-weight extension shards, `checks-fast-core`, plugin/channel contract shards, most bundled/lower-weight Linux Node shards, `check-guards`, `check-prod-types`, `check-test-types`, selected `check-additional-*` shards, and `check-dependencies` |
+| `blacksmith-8vcpu-ubuntu-2404`  | Retained heavy Linux Node suites, boundary/extension-heavy `check-additional-*` shards, and `android`                                                                                                                                                                                                           |
+| `blacksmith-16vcpu-ubuntu-2404` | `build-artifacts`, `check-lint` (CPU-sensitive enough that 8 vCPU cost more than they saved); install-smoke Docker builds (32-vCPU queue time cost more than it saved)                                                                                                                                          |
+| `blacksmith-8vcpu-windows-2025` | `checks-windows`                                                                                                                                                                                                                                                                                                |
+| `blacksmith-6vcpu-macos-15`     | `macos-node` on `openclaw/openclaw`; forks fall back to `macos-15`                                                                                                                                                                                                                                              |
+| `blacksmith-12vcpu-macos-26`    | `macos-swift` and `ios-build` on `openclaw/openclaw`; forks fall back to `macos-26`                                                                                                                                                                                                                             |
 
 Canonical-repo CI keeps Blacksmith as the default runner path for normal push and pull-request runs. `workflow_dispatch` and non-canonical repository runs use GitHub-hosted runners, but normal canonical runs do not currently probe Blacksmith queue health or automatically fall back to GitHub-hosted labels when Blacksmith is unavailable.
 
@@ -503,7 +488,7 @@ The pull request guard stays light: it only starts for changes under `.github/ac
 
 ### Critical Quality categories
 
-`CodeQL Critical Quality` is the matching non-security shard. It runs only error-severity, non-security JavaScript/TypeScript quality queries over narrow high-value surfaces on GitHub-hosted Linux runners so quality scans do not spend Blacksmith runner-registration budget. Its pull request guard is intentionally smaller than the scheduled profile: non-draft PRs only run the matching `agent-runtime-boundary`, `config-boundary`, `core-auth-secrets`, `channel-runtime-boundary`, `gateway-runtime-boundary`, `memory-runtime-boundary`, `mcp-process-runtime-boundary`, `provider-runtime-boundary`, `session-diagnostics-boundary`, `plugin-boundary`, `plugin-sdk-package-contract`, and `plugin-sdk-reply-runtime` shards for agent command/model/tool execution and reply dispatch code, config schema/migration/IO code, auth/secrets/sandbox/security code, core channel and bundled channel plugin runtime, gateway protocol/server-method, memory runtime/SDK glue, MCP/process/outbound delivery, provider runtime/model catalog, session diagnostics/delivery queues, plugin loader, Plugin SDK/package-contract, or Plugin SDK reply runtime changes. CodeQL config and quality workflow changes run all twelve PR quality shards.
+`CodeQL Critical Quality` is the matching non-security shard. It runs only error-severity, non-security JavaScript/TypeScript quality queries over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its pull request guard is intentionally smaller than the scheduled profile: non-draft PRs only run the matching `agent-runtime-boundary`, `config-boundary`, `core-auth-secrets`, `channel-runtime-boundary`, `gateway-runtime-boundary`, `memory-runtime-boundary`, `mcp-process-runtime-boundary`, `provider-runtime-boundary`, `session-diagnostics-boundary`, `plugin-boundary`, `plugin-sdk-package-contract`, and `plugin-sdk-reply-runtime` shards for agent command/model/tool execution and reply dispatch code, config schema/migration/IO code, auth/secrets/sandbox/security code, core channel and bundled channel plugin runtime, gateway protocol/server-method, memory runtime/SDK glue, MCP/process/outbound delivery, provider runtime/model catalog, session diagnostics/delivery queues, plugin loader, Plugin SDK/package-contract, or Plugin SDK reply runtime changes. CodeQL config and quality workflow changes run all twelve PR quality shards.
 
 Manual dispatch accepts:
 

docs/cli/workboard.md

@@ -22,7 +22,7 @@ openclaw gateway restart
 ## Usage
 
 ```bash
-openclaw workboard list [--board <id>] [--status <status>] [--include-archived] [--json]
+openclaw workboard list [--board <id>] [--status <status>] [--json]
 openclaw workboard create <title...> [--notes <text>] [--status <status>] [--priority <priority>] [--agent <id>] [--board <id>] [--labels <items>] [--json]
 openclaw workboard show <id> [--json]
 openclaw workboard dispatch [--url <url>] [--token <token>] [--timeout <ms>] [--json]
@@ -50,16 +50,11 @@ Columns are id prefix, status, priority, board id, optional agent id, and title.
 
 Flags:
 
-| Flag                 | Purpose                                       |
-| -------------------- | --------------------------------------------- |
-| `--board <id>`       | Limit results to one board namespace          |
-| `--status <status>`  | Limit results to one Workboard status         |
-| `--include-archived` | Include archived cards in compact text output |
-| `--json`             | Print the full card list as machine JSON      |
-
-Compact text output hides archived cards by default so the CLI matches the
-`/workboard list` command. Pass `--include-archived` to show them. JSON output
-keeps the full card list, including archived cards, for existing automation.
+| Flag                | Purpose                                  |
+| ------------------- | ---------------------------------------- |
+| `--board <id>`      | Limit results to one board namespace     |
+| `--status <status>` | Limit results to one Workboard status    |
+| `--json`            | Print the full card list as machine JSON |
 
 ## `create`
 

docs/gateway/config-tools.md

@@ -204,55 +204,6 @@ Controls elevated exec access outside the sandbox:
 }
 ```
 
-Agent entries can inject an environment only into their own `exec` child
-processes. Use a SecretRef for credentials and set `inheritHostEnv: false` when the
-Gateway process environment must not be inherited:
-
-```json5
-{
-  agents: {
-    list: [
-      {
-        id: "referrals",
-        tools: {
-          exec: {
-            inheritHostEnv: false,
-            env: {
-              GREENHOUSE_TOKEN: {
-                source: "env",
-                provider: "default",
-                id: "REFERRALS_GREENHOUSE_TOKEN",
-              },
-            },
-          },
-        },
-      },
-    ],
-  },
-}
-```
-
-`agents.list[].tools.exec.env` applies to `exec` only; it does not mutate
-`process.env` or automatically inject credentials into model-provider or plugin
-APIs. Trusted in-process plugin code can still inspect the materialized runtime
-config, so this is not a plugin isolation boundary.
-Configured values override same-named per-call values from the model. Trusted
-`resolve_exec_env` hook output and channel context are applied afterward. Host
-exec still rejects `PATH` and dangerous runtime/startup keys. Sandbox exec
-already starts from a minimal environment. With `inheritHostEnv: false`,
-Gateway exec also skips login-shell PATH discovery and cached shell-startup
-state; configure `pathPrepend` or absolute commands when needed. For
-`host: "node"`, configure scoped environment and inheritance isolation on the
-node host. Both this map and `inheritHostEnv: false` are rejected because the
-Gateway cannot clear the remote service environment or safely hold a scoped
-credential back during remote approval preparation.
-
-Treat this map as credential-bearing configuration: every command the agent can
-run can read and exfiltrate these values, and command output can reveal them.
-Plaintext values are reported by `openclaw secrets audit`; prefer SecretRefs.
-Already-running background commands retain the environment captured when they
-started after a config or secret reload.
-
 ### `tools.loopDetection`
 
 Tool-loop safety checks are **disabled by default**. Set `enabled: true` to activate detection. Settings can be defined globally in `tools.loopDetection` and overridden per-agent at `agents.list[].tools.loopDetection`.

docs/gateway/secrets.md

@@ -525,47 +525,6 @@ the config fields that accept SecretRefs.
   </Accordion>
 </AccordionGroup>
 
-## Per-agent exec environment variables
-
-`agents.list[].tools.exec.env` supports SecretInput values, so a credential can
-be resolved during Gateway activation and injected only into that agent's
-`exec` child processes:
-
-```json5
-{
-  agents: {
-    list: [
-      {
-        id: "referrals",
-        tools: {
-          exec: {
-            inheritHostEnv: false,
-            env: {
-              GREENHOUSE_TOKEN: {
-                source: "env",
-                provider: "default",
-                id: "REFERRALS_GREENHOUSE_TOKEN",
-              },
-            },
-          },
-        },
-      },
-    ],
-  },
-}
-```
-
-This surface is exec-specific. It does not mutate the Gateway process
-environment or automatically inject credentials into model-provider or plugin
-APIs. Trusted in-process plugin code can inspect the materialized runtime
-config. An unresolved active ref fails Gateway activation. SecretRefs are
-materialized in the Gateway's protected in-memory config snapshot, so this
-scopes subprocess injection rather than creating a same-process or same-OS-user
-security boundary. Every command available to the agent can read these values,
-command output can reveal them, and plaintext entries are reported by
-`openclaw secrets audit`. Configure scoped environment on a node host itself;
-agent exec env is rejected for `host: "node"`.
-
 ## MCP server environment variables
 
 MCP server env vars configured via `plugins.entries.acpx.config.mcpServers` support SecretInput. This keeps API keys and tokens out of plaintext config:

docs/help/testing.md

@@ -740,20 +740,17 @@ Native dependency policy:
 - Command: `pnpm test:e2e:openshell`
 - File: `extensions/openshell/src/backend.e2e.test.ts`
 - Scope:
-  - Reuses an active local OpenShell gateway
+  - Starts an isolated OpenShell gateway on the host via Docker
   - Creates a sandbox from a temporary local Dockerfile
   - Exercises OpenClaw's OpenShell backend over real `sandbox ssh-config` + SSH exec
   - Verifies remote-canonical filesystem behavior through the sandbox fs bridge
 - Expectations:
   - Opt-in only; not part of the default `pnpm test:e2e` run
   - Requires a local `openshell` CLI plus a working Docker daemon
-  - Requires an active local OpenShell gateway and its config source
-  - Uses isolated `HOME` / `XDG_CONFIG_HOME`, then destroys the test sandbox
+  - Uses isolated `HOME` / `XDG_CONFIG_HOME`, then destroys the test gateway and sandbox
 - Useful overrides:
   - `OPENCLAW_E2E_OPENSHELL=1` to enable the test when running the broader e2e suite manually
   - `OPENCLAW_E2E_OPENSHELL_COMMAND=/path/to/openshell` to point at a non-default CLI binary or wrapper script
-  - `OPENCLAW_E2E_OPENSHELL_CONFIG_HOME=/path/to/config` to expose the registered gateway config to the isolated test
-  - `OPENCLAW_E2E_OPENSHELL_HOST_IP=172.18.0.1` to override the Docker gateway IP used by the host policy fixture
 
 ### Live (real providers + real models)
 

docs/plugins/hooks.md

@@ -186,8 +186,12 @@ file.
 - optional `event.runId`
 - optional `event.toolCallId`
 - context fields such as `ctx.agentId`, `ctx.sessionKey`, `ctx.sessionId`,
-  `ctx.runId`, `ctx.jobId` (set on cron-driven runs), `ctx.toolKind`,
-  `ctx.toolInputKind`, and diagnostic `ctx.trace`
+  `ctx.runId`, `ctx.jobId` (set on cron-driven runs), `ctx.trigger`,
+  `ctx.toolKind`, `ctx.toolInputKind`, and diagnostic `ctx.trace`
+- for channel-originated calls, origin fields such as `ctx.channel`,
+  `ctx.messageProvider`, `ctx.channelId`, `ctx.chatId`, `ctx.senderId`, and
+  extensible `ctx.channelContext` sender/chat metadata. These use the same
+  identity semantics described below for agent hook contexts.
 
 It can return:
 

docs/reference/secretref-credential-surface.md

@@ -37,7 +37,6 @@ Scope intent:
 - `agents.defaults.memorySearch.remote.apiKey`
 - `agents.list[].tts.providers.*.apiKey`
 - `agents.list[].memorySearch.remote.apiKey`
-- `agents.list[].tools.exec.env.*`
 - `talk.providers.*.apiKey`
 - `talk.realtime.providers.*.apiKey`
 - `messages.tts.providers.*.apiKey`

docs/reference/secretref-user-supplied-credentials-matrix.json

@@ -29,13 +29,6 @@
       "secretShape": "secret_input",
       "optIn": true
     },
-    {
-      "id": "agents.list[].tools.exec.env.*",
-      "configFile": "openclaw.json",
-      "path": "agents.list[].tools.exec.env.*",
-      "secretShape": "secret_input",
-      "optIn": true
-    },
     {
       "id": "agents.list[].tts.providers.*.apiKey",
       "configFile": "openclaw.json",

docs/tools/exec.md

@@ -22,8 +22,7 @@ Working directory for the command.
 </ParamField>
 
 <ParamField path="env" type="object">
-Key/value environment overrides. Per-agent configured values are applied after
-these model-supplied values.
+Key/value environment overrides merged on top of the inherited environment.
 </ParamField>
 
 <ParamField path="yieldMs" type="number" default="10000">
@@ -90,7 +89,6 @@ Notes:
   `$OPENCLAW_STATE_DIR/cache/shell-snapshots/`, then sources that snapshot before each exec command.
   Secret-looking variables are excluded; sandbox and node exec do not use this snapshot. Set
   `OPENCLAW_EXEC_SHELL_SNAPSHOT=0` in the Gateway process environment to disable this snapshot path.
-  Per-agent `tools.exec.inheritHostEnv: false` also disables it.
 - Host execution (`gateway`/`node`) rejects `env.PATH` and loader overrides (`LD_*`/`DYLD_*`) to
   prevent binary hijacking or injected code.
 - OpenClaw sets `OPENCLAW_SHELL=exec` in the spawned command environment (including PTY and sandbox execution) so shell/profile rules can detect exec-tool context.
@@ -115,8 +113,6 @@ Notes:
 - `tools.exec.notifyOnExit` (default: true): when true, backgrounded exec sessions enqueue a system event and request a heartbeat on exit.
 - `tools.exec.approvalRunningNoticeMs` (default: 10000): emit a single "running" notice when an approval-gated exec runs longer than this (0 disables).
 - `tools.exec.timeoutSec` (default: 1800): default per-command exec timeout in seconds. Per-call `timeout` overrides it; per-call `timeout: 0` disables the exec process timeout.
-- `agents.list[].tools.exec.env`: credential-oriented environment values injected only into that agent's gateway/sandbox exec children. Values support SecretRefs; node-host exec rejects this map.
-- `agents.list[].tools.exec.inheritHostEnv` (default: true): set false to omit the Gateway process environment and shell-startup snapshot from Gateway-hosted exec. This is rejected for `host=node`; sandbox exec is already minimal.
 - `tools.exec.host` (default: `auto`; resolves to `sandbox` when sandbox runtime is active, `gateway` otherwise)
 - `tools.exec.security` (default: `deny` for sandbox, `full` for gateway + node when unset)
 - `tools.exec.ask` (default: `off`)
@@ -145,9 +141,7 @@ Example:
 
 ### PATH handling
 
-- `host=gateway`: normally merges your login-shell `PATH` into the exec environment. With
-  `agents.list[].tools.exec.inheritHostEnv: false`, this merge is skipped; use an absolute command or
-  `tools.exec.pathPrepend`. `env.PATH` overrides are
+- `host=gateway`: merges your login-shell `PATH` into the exec environment. `env.PATH` overrides are
   rejected for host execution. The daemon itself still runs with a minimal `PATH`:
   - macOS: `/opt/homebrew/bin`, `/usr/local/bin`, `/usr/bin`, `/bin`
   - Linux: `/usr/local/bin`, `/usr/bin`, `/bin`

extensions/acpx/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/acpx",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/acpx",
-      "version": "2026.6.10",
+      "version": "2026.6.9",
       "dependencies": {
         "@agentclientprotocol/claude-agent-acp": "0.39.0",
         "@zed-industries/codex-acp": "0.15.0",

extensions/acpx/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/acpx",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw ACP runtime backend with plugin-owned session and transport management.",
   "repository": {
     "type": "git",
@@ -26,10 +26,10 @@
       "minHostVersion": ">=2026.4.25"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "staticAssets": [
         {
           "source": "./src/runtime-internals/mcp-proxy.mjs",

extensions/admin-http-rpc/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/admin-http-rpc",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw admin HTTP RPC endpoint",
   "type": "module",

extensions/alibaba/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/alibaba-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw Alibaba Model Studio video provider plugin",
   "type": "module",

extensions/amazon-bedrock-mantle/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/amazon-bedrock-mantle-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/amazon-bedrock-mantle-provider",
-      "version": "2026.6.10",
+      "version": "2026.6.9",
       "dependencies": {
         "@anthropic-ai/sdk": "0.100.1",
         "@aws/bedrock-token-generator": "1.1.0"

extensions/amazon-bedrock-mantle/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/amazon-bedrock-mantle-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Amazon Bedrock Mantle provider plugin for OpenAI-compatible model routing.",
   "repository": {
     "type": "git",
@@ -24,10 +24,10 @@
       "minHostVersion": ">=2026.5.12-beta.1"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/amazon-bedrock/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/amazon-bedrock-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/amazon-bedrock-provider",
-      "version": "2026.6.10",
+      "version": "2026.6.9",
       "dependencies": {
         "@aws-sdk/client-bedrock": "3.1056.0",
         "@aws-sdk/client-bedrock-runtime": "3.1056.0",

extensions/amazon-bedrock/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/amazon-bedrock-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Amazon Bedrock provider plugin with model discovery, embeddings, and guardrail support.",
   "repository": {
     "type": "git",
@@ -28,10 +28,10 @@
       "minHostVersion": ">=2026.5.12-beta.1"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/anthropic-vertex/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/anthropic-vertex-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/anthropic-vertex-provider",
-      "version": "2026.6.10",
+      "version": "2026.6.9",
       "dependencies": {
         "@anthropic-ai/vertex-sdk": "0.16.1"
       }

extensions/anthropic-vertex/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/anthropic-vertex-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Anthropic Vertex provider plugin for Claude models on Google Vertex AI.",
   "repository": {
     "type": "git",
@@ -23,10 +23,10 @@
       "minHostVersion": ">=2026.5.12-beta.1"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/anthropic/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/anthropic-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw Anthropic provider plugin",
   "type": "module",

extensions/arcee/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/arcee-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/arcee-provider",
-      "version": "2026.6.10"
+      "version": "2026.6.9"
     }
   }
 }

extensions/arcee/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/arcee-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Arcee provider plugin.",
   "repository": {
     "type": "git",
@@ -21,10 +21,10 @@
       "minHostVersion": ">=2026.6.8"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/azure-speech/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/azure-speech",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw Azure Speech plugin",
   "type": "module",

extensions/bonjour/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/bonjour",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Bonjour/mDNS gateway discovery",
   "type": "module",
   "dependencies": {

extensions/brave/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/brave-plugin",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/brave-plugin",
-      "version": "2026.6.10"
+      "version": "2026.6.9"
     }
   }
 }

extensions/brave/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/brave-plugin",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Brave Search provider plugin for web search.",
   "repository": {
     "type": "git",
@@ -21,10 +21,10 @@
       "allowInvalidConfigRecovery": true
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10"
+      "openclawVersion": "2026.6.9"
     },
     "release": {
       "publishToClawHub": true,

extensions/browser/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/browser-plugin",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw browser tool plugin",
   "type": "module",

extensions/browser/src/browser/cdp.ts

@@ -779,7 +779,6 @@ async function buildCdpRoleSnapshot(params: {
 
   const counts = new Map<string, number>();
   const refsByKey = new Map<string, string[]>();
-  const nodesByRef = new Map<string, RoleTreeNode>();
   const refs: Record<string, CdpRoleRef> = {};
   for (const node of tree) {
     const role = node.role.toLowerCase();
@@ -798,13 +797,7 @@ async function buildCdpRoleSnapshot(params: {
     params.nextRef.value += 1;
     node.ref = ref;
     node.nth = nth;
-    const refsForKey = refsByKey.get(key);
-    if (refsForKey) {
-      refsForKey.push(ref);
-    } else {
-      refsByKey.set(key, [ref]);
-    }
-    nodesByRef.set(ref, node);
+    refsByKey.set(key, [...(refsByKey.get(key) ?? []), ref]);
     refs[ref] = {
       role,
       ...(node.name ? { name: node.name } : {}),
@@ -820,7 +813,7 @@ async function buildCdpRoleSnapshot(params: {
     const ref = refList[0];
     if (ref) {
       delete refs[ref]?.nth;
-      const node = nodesByRef.get(ref);
+      const node = tree.find((entry) => entry.ref === ref);
       if (node) {
         delete node.nth;
       }

extensions/browser/src/browser/pw-role-snapshot.test.ts

@@ -46,16 +46,6 @@ describe("pw-role-snapshot", () => {
     expect(res.snapshot).not.toContain("button");
   });
 
-  it("keeps named branches with refs and drops empty branches when compact", () => {
-    const aria = ['- list "Menu":', '  - button "Save"', '- list "Empty":', "  - generic"].join(
-      "\n",
-    );
-
-    const res = buildRoleSnapshotFromAriaSnapshot(aria, { compact: true });
-
-    expect(res.snapshot).toBe('- list "Menu":\n  - button "Save" [ref=e1]');
-  });
-
   it("computes stats", () => {
     const aria = ['- button "OK"', '- button "Cancel"'].join("\n");
     const res = buildRoleSnapshotFromAriaSnapshot(aria);

extensions/browser/src/browser/pw-role-snapshot.ts

@@ -131,42 +131,37 @@ function removeNthFromNonDuplicates(refs: RoleRefMap, tracker: RoleNameTracker)
 
 function compactTree(tree: string) {
   const lines = tree.split("\n");
-  const entries: Array<{ line: string; keep: boolean; hasRef: boolean; indent: number }> = [];
-  const stack: Array<{ entry: (typeof entries)[number]; indent: number }> = [];
+  const result: string[] = [];
 
-  const finishEntry = () => {
-    const current = stack.pop();
-    if (!current) {
-      return;
+  for (let i = 0; i < lines.length; i += 1) {
+    const line = lines[i];
+    if (line.includes("[ref=")) {
+      result.push(line);
+      continue;
     }
-    current.entry.keep ||= current.entry.hasRef;
-    if (current.entry.hasRef && stack.length > 0) {
-      stack[stack.length - 1].entry.hasRef = true;
+    if (line.includes(":") && !line.trimEnd().endsWith(":")) {
+      result.push(line);
+      continue;
     }
-  };
 
-  for (const line of lines) {
-    const indent = getIndentLevel(line);
-    while (stack.length > 0 && stack[stack.length - 1].indent >= indent) {
-      finishEntry();
+    const currentIndent = getIndentLevel(line);
+    let hasRelevantChildren = false;
+    for (let j = i + 1; j < lines.length; j += 1) {
+      const childIndent = getIndentLevel(lines[j]);
+      if (childIndent <= currentIndent) {
+        break;
+      }
+      if (lines[j]?.includes("[ref=")) {
+        hasRelevantChildren = true;
+        break;
+      }
+    }
+    if (hasRelevantChildren) {
+      result.push(line);
     }
-    const entry = {
-      line,
-      keep: line.includes("[ref=") || (line.includes(":") && !line.trimEnd().endsWith(":")),
-      hasRef: line.includes("[ref="),
-      indent,
-    };
-    entries.push(entry);
-    stack.push({ entry, indent });
-  }
-  while (stack.length > 0) {
-    finishEntry();
   }
 
-  return entries
-    .filter((entry) => entry.keep)
-    .map((entry) => entry.line)
-    .join("\n");
+  return result.join("\n");
 }
 
 function processLine(

extensions/browser/src/browser/pw-tools-core.snapshot.ts

@@ -104,12 +104,7 @@ function buildStoredAriaRefs(
     const key = `${role}:${name ?? ""}`;
     const nth = counts.get(key) ?? 0;
     counts.set(key, nth + 1);
-    const refsForKey = refsByKey.get(key);
-    if (refsForKey) {
-      refsForKey.push(node.ref);
-    } else {
-      refsByKey.set(key, [node.ref]);
-    }
+    refsByKey.set(key, [...(refsByKey.get(key) ?? []), node.ref]);
     refs[node.ref] = {
       role,
       ...(name ? { name } : {}),

extensions/byteplus/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/byteplus-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw BytePlus provider plugin",
   "type": "module",

extensions/canvas/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/canvas-plugin",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw Canvas plugin",
   "type": "module",

extensions/cerebras/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/cerebras-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/cerebras-provider",
-      "version": "2026.6.10"
+      "version": "2026.6.9"
     }
   }
 }

extensions/cerebras/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/cerebras-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Cerebras provider plugin.",
   "repository": {
     "type": "git",
@@ -21,10 +21,10 @@
       "minHostVersion": ">=2026.6.8"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/chutes/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/chutes-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/chutes-provider",
-      "version": "2026.6.10"
+      "version": "2026.6.9"
     }
   }
 }

extensions/chutes/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/chutes-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Chutes.ai provider plugin.",
   "repository": {
     "type": "git",
@@ -21,10 +21,10 @@
       "minHostVersion": ">=2026.6.8"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/clickclack/npm-shrinkwrap.json

@@ -1,18 +1,18 @@
 {
   "name": "@openclaw/clickclack",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/clickclack",
-      "version": "2026.6.10",
+      "version": "2026.6.9",
       "dependencies": {
         "ws": "8.21.0",
         "zod": "4.4.3"
       },
       "peerDependencies": {
-        "openclaw": ">=2026.6.10"
+        "openclaw": ">=2026.6.9"
       },
       "peerDependenciesMeta": {
         "openclaw": {

extensions/clickclack/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/clickclack",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw ClickClack channel plugin",
   "type": "module",
   "exports": {
@@ -17,7 +17,7 @@
     "openclaw": "2026.5.28"
   },
   "peerDependencies": {
-    "openclaw": ">=2026.6.10"
+    "openclaw": ">=2026.6.9"
   },
   "peerDependenciesMeta": {
     "openclaw": {
@@ -53,10 +53,10 @@
       "allowInvalidConfigRecovery": true
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/cloudflare-ai-gateway/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/cloudflare-ai-gateway-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/cloudflare-ai-gateway-provider",
-      "version": "2026.6.10"
+      "version": "2026.6.9"
     }
   }
 }

extensions/cloudflare-ai-gateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/cloudflare-ai-gateway-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Cloudflare AI Gateway provider plugin.",
   "repository": {
     "type": "git",
@@ -21,10 +21,10 @@
       "minHostVersion": ">=2026.6.8"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/codex-supervisor/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/codex-supervisor",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw Codex app-server fleet supervision plugin.",
   "type": "module",

extensions/codex/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/codex",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/codex",
-      "version": "2026.6.10",
+      "version": "2026.6.9",
       "dependencies": {
         "@openai/codex": "0.139.0",
         "typebox": "1.1.39",

extensions/codex/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/codex",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Codex app-server harness and model provider plugin with a Codex-managed GPT catalog.",
   "repository": {
     "type": "git",
@@ -34,10 +34,10 @@
       ]
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10"
+      "openclawVersion": "2026.6.9"
     },
     "release": {
       "publishToClawHub": true,

extensions/codex/src/app-server/approval-bridge.test.ts

@@ -12,7 +12,11 @@ import {
   type EmbeddedRunAttemptParams,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { buildApprovalResponse, handleCodexAppServerApprovalRequest } from "./approval-bridge.js";
+import {
+  buildApprovalResponse,
+  handleCodexAppServerApprovalRequest as handleCodexAppServerApprovalRequestImpl,
+} from "./approval-bridge.js";
+import { buildCodexToolHookRunContext } from "./tool-hook-context.js";
 
 vi.mock("openclaw/plugin-sdk/agent-harness-runtime", async (importOriginal) => ({
   ...(await importOriginal<typeof import("openclaw/plugin-sdk/agent-harness-runtime")>()),
@@ -42,6 +46,20 @@ const mockResolveNativeHookRelayDeferredToolApproval = vi.mocked(
 const mockReviewExecRequestWithConfiguredModel = vi.mocked(reviewExecRequestWithConfiguredModel);
 const mockRunBeforeToolCallHook = vi.mocked(runBeforeToolCallHook);
 
+type ApprovalRequestParams = Parameters<typeof handleCodexAppServerApprovalRequestImpl>[0];
+
+function handleCodexAppServerApprovalRequest(
+  params: Omit<ApprovalRequestParams, "toolHookContext"> & {
+    toolHookContext?: ApprovalRequestParams["toolHookContext"];
+  },
+) {
+  return handleCodexAppServerApprovalRequestImpl({
+    ...params,
+    toolHookContext:
+      params.toolHookContext ?? buildCodexToolHookRunContext({ attempt: params.paramsForRun }),
+  });
+}
+
 function requireRecord(value: unknown, label: string): Record<string, unknown> {
   if (!value || typeof value !== "object" || Array.isArray(value)) {
     throw new Error(`Expected ${label}`);
@@ -243,6 +261,8 @@ describe("Codex app-server approval bridge", () => {
       ctx: {
         agentId: "main",
         sessionKey: "agent:main:session-1",
+        messageProvider: "telegram",
+        channel: "telegram",
         channelId: "chat-1",
       },
     });
@@ -1164,11 +1184,18 @@ describe("Codex app-server approval bridge", () => {
     });
   });
 
-  it("normalizes prefixed channel targets for OpenClaw tool policy context", async () => {
+  it("uses the caller-resolved hook context for approval fallback policy", async () => {
     const params = createParams();
-    params.messageChannel = "telegram";
-    params.messageProvider = "telegram";
-    params.currentChannelId = "telegram:-100123";
+    params.agentId = "raw-agent";
+    params.sessionId = "raw-session";
+    params.sessionKey = "agent:raw:session";
+    params.runId = "raw-run";
+    params.messageChannel = "discord";
+    params.messageProvider = "discord";
+    params.currentChannelId = "discord:raw-target";
+    params.jobId = "raw-job";
+    params.senderId = "raw-user";
+    params.chatId = "raw-chat";
     mockCallGatewayTool
       .mockResolvedValueOnce({ id: "plugin:approval-prefixed", status: "accepted" })
       .mockResolvedValueOnce({ id: "plugin:approval-prefixed", decision: "allow-once" });
@@ -1182,6 +1209,27 @@ describe("Codex app-server approval bridge", () => {
         command: "pnpm test extensions/codex/src/app-server",
       },
       paramsForRun: params,
+      toolHookContext: {
+        agentId: "resolved-agent",
+        sessionId: "resolved-session",
+        sessionKey: "agent:resolved:session",
+        runId: "resolved-run",
+        jobId: "resolved-job",
+        trigger: "user",
+        messageProvider: "telegram-voice",
+        channel: "telegram",
+        channelId: "-100123",
+        chatId: "native-chat-1",
+        senderId: "user-1",
+        channelContext: {
+          sender: {
+            id: "user-1",
+            displayName: "Ada",
+            providerUserId: "provider-user-1",
+          },
+          chat: { id: "native-chat-1", providerThreadKey: "thread-key-1" },
+        },
+      },
       threadId: "thread-1",
       turnId: "turn-1",
     });
@@ -1189,11 +1237,29 @@ describe("Codex app-server approval bridge", () => {
     expect(mockRunBeforeToolCallHook).toHaveBeenCalledWith(
       expect.objectContaining({
         ctx: expect.objectContaining({
+          agentId: "resolved-agent",
+          sessionId: "resolved-session",
+          sessionKey: "agent:resolved:session",
+          runId: "resolved-run",
+          jobId: "resolved-job",
+          trigger: "user",
+          messageProvider: "telegram-voice",
+          channel: "telegram",
           channelId: "-100123",
+          chatId: "native-chat-1",
+          senderId: "user-1",
+          channelContext: {
+            sender: {
+              id: "user-1",
+              displayName: "Ada",
+              providerUserId: "provider-user-1",
+            },
+            chat: { id: "native-chat-1", providerThreadKey: "thread-key-1" },
+          },
         }),
       }),
     );
-    expect(gatewayRequestPayload().turnSourceTo).toBe("telegram:-100123");
+    expect(gatewayRequestPayload().turnSourceTo).toBe("discord:raw-target");
   });
 
   it("denies command approvals before prompting when OpenClaw tool policy blocks", async () => {

extensions/codex/src/app-server/approval-bridge.ts

@@ -8,7 +8,6 @@ import {
  */
 import {
   type AgentApprovalEventData,
-  buildAgentHookContextChannelFields,
   formatApprovalDisplayPath,
   hasNativeHookRelayInvocation,
   invokeNativeHookRelay,
@@ -17,6 +16,7 @@ import {
   type NativeHookRelayProcessResponse,
   type NativeHookRelayRegistrationHandle,
   runBeforeToolCallHook,
+  type ToolHookRunContext,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { normalizeAgentId } from "openclaw/plugin-sdk/routing";
 import { normalizeTrimmedStringList } from "openclaw/plugin-sdk/string-coerce-runtime";
@@ -75,6 +75,7 @@ export async function handleCodexAppServerApprovalRequest(params: {
   method: string;
   requestParams: JsonValue | undefined;
   paramsForRun: EmbeddedRunAttemptParams;
+  toolHookContext: ToolHookRunContext;
   threadId: string;
   turnId: string;
   nativeHookRelay?: Pick<
@@ -106,6 +107,7 @@ export async function handleCodexAppServerApprovalRequest(params: {
       method: params.method,
       requestParams,
       paramsForRun: params.paramsForRun,
+      toolHookContext: params.toolHookContext,
       context,
       nativeHookRelay: params.nativeHookRelay,
       signal: params.signal,
@@ -619,6 +621,7 @@ async function runOpenClawToolPolicyForApprovalRequest(params: {
   method: string;
   requestParams: JsonObject | undefined;
   paramsForRun: EmbeddedRunAttemptParams;
+  toolHookContext: ToolHookRunContext;
   context: ApprovalContext;
   nativeHookRelay?: Pick<
     NativeHookRelayRegistrationHandle,
@@ -652,13 +655,6 @@ async function runOpenClawToolPolicyForApprovalRequest(params: {
   if (nativeRelayOutcome?.handled) {
     return { outcome: "no-decision" };
   }
-  const hookChannelId = buildAgentHookContextChannelFields({
-    sessionKey: params.paramsForRun.sessionKey,
-    messageChannel: params.paramsForRun.messageChannel,
-    messageProvider: params.paramsForRun.messageProvider,
-    currentChannelId: params.paramsForRun.currentChannelId,
-    messageTo: params.paramsForRun.messageTo,
-  }).channelId;
   const outcome = await runBeforeToolCallHook({
     toolName: policyRequest.toolName,
     params: policyRequest.params,
@@ -666,13 +662,9 @@ async function runOpenClawToolPolicyForApprovalRequest(params: {
     approvalMode: "request",
     signal: params.signal,
     ctx: {
-      ...(params.paramsForRun.agentId ? { agentId: params.paramsForRun.agentId } : {}),
+      ...params.toolHookContext,
       ...(params.paramsForRun.config ? { config: params.paramsForRun.config } : {}),
       ...(cwd ? { cwd } : {}),
-      ...(params.paramsForRun.sessionKey ? { sessionKey: params.paramsForRun.sessionKey } : {}),
-      ...(params.paramsForRun.sessionId ? { sessionId: params.paramsForRun.sessionId } : {}),
-      ...(params.paramsForRun.runId ? { runId: params.paramsForRun.runId } : {}),
-      ...(hookChannelId ? { channelId: hookChannelId } : {}),
     },
   });
   if (outcome.blocked) {

extensions/codex/src/app-server/dynamic-tool-build.test.ts

@@ -944,8 +944,16 @@ describe("Codex app-server dynamic tool build", () => {
     const workspaceDir = path.join(tempDir, "workspace");
     const params = createParams(sessionFile, workspaceDir);
     params.disableTools = false;
-    params.currentChannelId = "D123";
+    params.messageChannel = "discord";
+    params.messageProvider = "discord-voice";
+    params.currentChannelId = "discord:D123";
     params.currentMessagingTarget = "user:U123";
+    params.chatId = "chat-123";
+    params.senderId = "user-123";
+    params.channelContext = {
+      sender: { id: "user-123" },
+      chat: { id: "chat-123" },
+    };
     params.runtimePlan = createCodexRuntimePlanFixture();
     const factoryOptions: unknown[] = [];
     setOpenClawCodingToolsFactoryForTests((options) => {
@@ -956,9 +964,19 @@ describe("Codex app-server dynamic tool build", () => {
     await buildDynamicToolsForTest(params, workspaceDir, { sandbox: null as never });
 
     expect(factoryOptions[0]).toMatchObject({
-      currentChannelId: "D123",
+      messageChannel: "discord",
+      messageProvider: "discord",
+      toolPolicyMessageProvider: "discord-voice",
+      currentChannelId: "discord:D123",
       currentMessagingTarget: "user:U123",
+      chatId: "chat-123",
+      senderId: "user-123",
+      hookChannelContext: {
+        sender: { id: "user-123" },
+        chat: { id: "chat-123" },
+      },
     });
+    expect((factoryOptions[0] as { channelContext?: unknown }).channelContext).toBeUndefined();
   });
 
   it("passes the approval reviewer device into Codex dynamic tools", async () => {

extensions/codex/src/app-server/dynamic-tool-build.ts

@@ -125,7 +125,7 @@ export function resolveCodexAppServerHookChannelId(
     messageChannel: params.messageChannel,
     messageProvider: params.messageProvider,
     currentChannelId: params.currentChannelId,
-    messageTo: params.messageTo,
+    messageTo: params.currentMessagingTarget ?? params.messageTo,
   }).channelId;
 }
 
@@ -239,6 +239,7 @@ export async function buildDynamicTools(input: DynamicToolBuildParams) {
       elevated: params.bashElevated,
     },
     sandbox: input.sandbox,
+    messageChannel: params.messageChannel,
     messageProvider: resolveCodexMessageToolProvider(params),
     toolPolicyMessageProvider: params.messageProvider ?? params.messageChannel,
     agentAccountId: params.agentAccountId,
@@ -249,6 +250,7 @@ export async function buildDynamicTools(input: DynamicToolBuildParams) {
     groupSpace: params.groupSpace,
     spawnedBy: params.spawnedBy,
     senderId: params.senderId,
+    hookChannelContext: params.channelContext,
     senderName: params.senderName,
     senderUsername: params.senderUsername,
     senderE164: params.senderE164,
@@ -290,6 +292,7 @@ export async function buildDynamicTools(input: DynamicToolBuildParams) {
     ),
     suppressManagedWebSearch: false,
     currentChannelId: params.currentChannelId,
+    chatId: params.chatId,
     currentMessagingTarget: params.currentMessagingTarget,
     hookChannelId: resolveCodexAppServerHookChannelId(params, input.sandboxSessionKey),
     currentThreadTs: params.currentThreadTs,

extensions/codex/src/app-server/dynamic-tools.test.ts

@@ -1846,6 +1846,17 @@ describe("createCodexDynamicToolBridge", () => {
         sessionId: "session-1",
         sessionKey: "agent:agent-1:session-1",
         runId: "run-1",
+        jobId: "job-1",
+        trigger: "user",
+        messageProvider: "discord-voice",
+        channel: "discord",
+        chatId: "channel-1",
+        senderId: "user-1",
+        channelId: "channel-1",
+        channelContext: {
+          sender: { id: "user-1", displayName: "Ada" },
+          chat: { id: "channel-1" },
+        },
       },
     });
 
@@ -1949,6 +1960,17 @@ describe("createCodexDynamicToolBridge", () => {
         sessionId: "session-1",
         sessionKey: "agent:agent-1:session-1",
         runId: "run-1",
+        jobId: "job-1",
+        trigger: "user",
+        messageProvider: "discord-voice",
+        channel: "discord",
+        chatId: "channel-1",
+        senderId: "user-1",
+        channelId: "channel-1",
+        channelContext: {
+          sender: { id: "user-1", displayName: "Ada" },
+          chat: { id: "channel-1" },
+        },
       },
     });
 
@@ -1975,6 +1997,17 @@ describe("createCodexDynamicToolBridge", () => {
       sessionId: "session-1",
       sessionKey: "agent:agent-1:session-1",
       runId: "run-1",
+      jobId: "job-1",
+      trigger: "user",
+      messageProvider: "discord-voice",
+      channel: "discord",
+      chatId: "channel-1",
+      senderId: "user-1",
+      channelId: "channel-1",
+      channelContext: {
+        sender: { id: "user-1", displayName: "Ada" },
+        chat: { id: "channel-1" },
+      },
       toolCallId: "call-1",
     });
     expectExecuteCall(execute, { callId: "call-1", args: { command: "pwd", mode: "safe" } });
@@ -1997,6 +2030,17 @@ describe("createCodexDynamicToolBridge", () => {
       sessionId: "session-1",
       sessionKey: "agent:agent-1:session-1",
       runId: "run-1",
+      jobId: "job-1",
+      trigger: "user",
+      messageProvider: "discord-voice",
+      channel: "discord",
+      chatId: "channel-1",
+      senderId: "user-1",
+      channelId: "channel-1",
+      channelContext: {
+        sender: { id: "user-1", displayName: "Ada" },
+        chat: { id: "channel-1" },
+      },
       toolCallId: "call-1",
     });
   });

extensions/codex/src/app-server/dynamic-tools.ts

@@ -32,6 +32,7 @@ import {
   type HeartbeatToolResponse,
   type MessagingToolSend,
   type MessagingToolSourceReplyPayload,
+  type ToolHookRunContext,
   wrapToolWithBeforeToolCallHook,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { emitTrustedDiagnosticEvent } from "openclaw/plugin-sdk/diagnostic-runtime";
@@ -53,13 +54,8 @@ import type {
   JsonValue,
 } from "./protocol.js";
 
-type CodexDynamicToolHookContext = {
-  agentId?: string;
+type CodexDynamicToolHookContext = ToolHookRunContext & {
   config?: EmbeddedRunAttemptParams["config"];
-  sessionId?: string;
-  sessionKey?: string;
-  runId?: string;
-  channelId?: string;
   currentChannelProvider?: string;
   currentChannelId?: string;
   currentMessagingTarget?: string;
@@ -70,7 +66,7 @@ type CodexDynamicToolHookContext = {
   allocateToolOutcomeOrdinal?: EmbeddedRunAttemptParams["allocateToolOutcomeOrdinal"];
 };
 
-type CodexToolResultHookContext = Omit<CodexDynamicToolHookContext, "config">;
+type CodexToolResultHookContext = ToolHookRunContext;
 
 type ProjectedCodexDynamicTool = {
   tool: AnyAgentTool;
@@ -310,11 +306,7 @@ export function createCodexDynamicToolBridge(params: {
         void runAgentHarnessAfterToolCallHook({
           toolName,
           toolCallId: call.callId,
-          runId: toolResultHookContext.runId,
-          agentId: toolResultHookContext.agentId,
-          sessionId: toolResultHookContext.sessionId,
-          sessionKey: toolResultHookContext.sessionKey,
-          channelId: toolResultHookContext.channelId,
+          ...toolResultHookContext,
           startArgs: executedArgs,
           result,
           startedAt,
@@ -407,11 +399,7 @@ export function createCodexDynamicToolBridge(params: {
         void runAgentHarnessAfterToolCallHook({
           toolName,
           toolCallId: call.callId,
-          runId: toolResultHookContext.runId,
-          agentId: toolResultHookContext.agentId,
-          sessionId: toolResultHookContext.sessionId,
-          sessionKey: toolResultHookContext.sessionKey,
-          channelId: toolResultHookContext.channelId,
+          ...toolResultHookContext,
           startArgs: executedArgs,
           error: errorMessage,
           startedAt,
@@ -702,13 +690,35 @@ function dedupeQuarantinedDynamicTools(
 function toToolResultHookContext(
   ctx: CodexDynamicToolHookContext | undefined,
 ): CodexToolResultHookContext {
-  const { agentId, sessionId, sessionKey, runId, channelId } = ctx ?? {};
+  const {
+    agentId,
+    sessionId,
+    sessionKey,
+    runId,
+    jobId,
+    trace,
+    trigger,
+    messageProvider,
+    channel,
+    chatId,
+    senderId,
+    channelId,
+    channelContext,
+  } = ctx ?? {};
   return {
     ...(agentId && { agentId }),
     ...(sessionId && { sessionId }),
     ...(sessionKey && { sessionKey }),
     ...(runId && { runId }),
+    ...(jobId && { jobId }),
+    ...(trace && { trace }),
+    ...(trigger && { trigger }),
+    ...(messageProvider && { messageProvider }),
+    ...(channel && { channel }),
+    ...(chatId && { chatId }),
+    ...(senderId && { senderId }),
     ...(channelId && { channelId }),
+    ...(channelContext && { channelContext }),
   };
 }
 

extensions/codex/src/app-server/event-projector.test.ts

@@ -18,7 +18,6 @@ import {
   resetGlobalHookRunner,
 } from "openclaw/plugin-sdk/hook-runtime";
 import { createMockPluginRegistry } from "openclaw/plugin-sdk/plugin-test-runtime";
-import { withTempDir } from "openclaw/plugin-sdk/test-env";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import {
   CodexAppServerEventProjector,
@@ -744,47 +743,6 @@ describe("CodexAppServerEventProjector", () => {
     expect(result.toolMediaUrls?.[0]).not.toBe(savedPath);
   });
 
-  it("prefers gateway-managed image media when the typed event arrives first", async () => {
-    await withTempDir("openclaw-codex-media-state-", async (stateDir) => {
-      vi.stubEnv("OPENCLAW_STATE_DIR", stateDir);
-      const projector = await createProjector();
-      const savedPath = "/home/dev-user/.codex/generated_images/session-1/ig_123.png";
-
-      await projector.handleNotification(
-        forCurrentTurn("item/completed", {
-          item: {
-            type: "imageGeneration",
-            id: "ig_123",
-            status: "completed",
-            revisedPrompt: "A tiny blue square",
-            result: tinyPngBase64,
-            savedPath,
-          },
-        }),
-      );
-      await projector.handleNotification(
-        forCurrentTurn("rawResponseItem/completed", {
-          item: {
-            type: "image_generation_call",
-            id: "ig_123",
-            status: "generating",
-            result: tinyPngBase64,
-          },
-        }),
-      );
-
-      const result = projector.buildResult(buildEmptyToolTelemetry());
-      const mediaUrl = result.toolMediaUrls?.[0];
-
-      expect(result.toolMediaUrls).toHaveLength(1);
-      expect(mediaUrl).not.toBe(savedPath);
-      expect(mediaUrl).toContain(`${path.sep}media${path.sep}tool-image-generation${path.sep}`);
-      await expect(fs.readFile(mediaUrl ?? "")).resolves.toEqual(
-        Buffer.from(tinyPngBase64, "base64"),
-      );
-    });
-  });
-
   it("preserves distinct raw image-generation items with identical image bytes", async () => {
     const stateDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-codex-media-state-"));
     tempDirs.add(stateDir);
@@ -2587,15 +2545,36 @@ describe("CodexAppServerEventProjector", () => {
     });
   });
 
-  it("emits after_tool_call observations for Codex-native tool item completions", async () => {
+  it("keeps resolved hook identity authoritative for Codex-native tool completions", async () => {
     const afterToolCall = vi.fn();
     initializeGlobalHookRunner(
       createMockPluginRegistry([{ hookName: "after_tool_call", handler: afterToolCall }]),
     );
-    const projector = await createProjector({
+    const projectorParams = {
       ...(await createParams()),
-      agentId: "main",
-      sessionKey: "agent:main:session-1",
+      agentId: "raw-agent",
+      sessionId: "raw-session",
+      sessionKey: "agent:raw:session-1",
+      runId: "raw-run",
+    };
+    const projector = await createProjector(projectorParams, {
+      toolHookContext: {
+        agentId: "main",
+        sessionId: "session-1",
+        sessionKey: "agent:main:session-1",
+        runId: "run-1",
+        jobId: "job-1",
+        trigger: "user",
+        messageProvider: "discord-voice",
+        channel: "discord",
+        chatId: "channel-1",
+        senderId: "user-1",
+        channelId: "channel-1",
+        channelContext: {
+          sender: { id: "user-1" },
+          chat: { id: "channel-1" },
+        },
+      },
     });
 
     await projector.handleNotification(
@@ -2652,6 +2631,17 @@ describe("CodexAppServerEventProjector", () => {
     expect(context.sessionId).toBe("session-1");
     expect(context.sessionKey).toBe("agent:main:session-1");
     expect(context.runId).toBe("run-1");
+    expect(context.jobId).toBe("job-1");
+    expect(context.trigger).toBe("user");
+    expect(context.messageProvider).toBe("discord-voice");
+    expect(context.channel).toBe("discord");
+    expect(context.chatId).toBe("channel-1");
+    expect(context.senderId).toBe("user-1");
+    expect(context.channelId).toBe("channel-1");
+    expect(context.channelContext).toEqual({
+      sender: { id: "user-1" },
+      chat: { id: "channel-1" },
+    });
     expect(context.toolName).toBe("bash");
     expect(context.toolCallId).toBe("cmd-observed");
   });

extensions/codex/src/app-server/event-projector.ts

@@ -18,6 +18,7 @@ import {
   type HeartbeatToolResponse,
   type MessagingToolSend,
   type MessagingToolSourceReplyPayload,
+  type ToolHookRunContext,
   type ToolProgressDetailMode,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { emitTrustedDiagnosticEvent } from "openclaw/plugin-sdk/diagnostic-runtime";
@@ -65,6 +66,7 @@ export type CodexAppServerToolTelemetry = {
 
 export type CodexAppServerEventProjectorOptions = {
   nativePostToolUseRelayEnabled?: boolean;
+  toolHookContext?: ToolHookRunContext;
   onNativeToolResultRecorded?: () => void | Promise<void>;
   trajectoryRecorder?: CodexTrajectoryRecorder | null;
 };
@@ -188,6 +190,7 @@ export class CodexAppServerEventProjector {
   private readonly toolTrajectoryItemsById = new Map<string, CodexThreadItem>();
   private readonly transcriptToolProgressCallIds = new Set<string>();
   private lastNativeToolError: EmbeddedRunAttemptResult["lastToolError"];
+  private readonly nativeGeneratedMediaUrls = new Set<string>();
   private readonly nativeGeneratedMediaItemIds = new Set<string>();
   private readonly nativeGeneratedMediaUrlsByItemId = new Map<string, string>();
   private readonly diagnosticToolStartedAtByItem = new Map<string, number>();
@@ -1027,9 +1030,6 @@ export class CodexAppServerEventProjector {
       this.recordNativeGeneratedMediaUrl({
         itemId,
         mediaUrl: saved.path,
-        // The typed savedPath may belong to a remote app-server host. Always
-        // prefer the copy persisted into this gateway's managed media root.
-        replaceExisting: true,
       });
     } catch (error) {
       embeddedAgentLog.warn("codex app-server raw image generation result save failed", {
@@ -1039,19 +1039,13 @@ export class CodexAppServerEventProjector {
     }
   }
 
-  private recordNativeGeneratedMediaUrl(params: {
-    itemId: string;
-    mediaUrl: string;
-    replaceExisting?: boolean;
-  }): void {
-    if (
-      this.nativeGeneratedMediaUrlsByItemId.has(params.itemId) &&
-      params.replaceExisting !== true
-    ) {
+  private recordNativeGeneratedMediaUrl(params: { itemId: string; mediaUrl: string }): void {
+    if (this.nativeGeneratedMediaUrlsByItemId.has(params.itemId)) {
       this.nativeGeneratedMediaItemIds.add(params.itemId);
       return;
     }
     this.nativeGeneratedMediaUrlsByItemId.set(params.itemId, params.mediaUrl);
+    this.nativeGeneratedMediaUrls.add(params.mediaUrl);
     this.nativeGeneratedMediaItemIds.add(params.itemId);
   }
 
@@ -1060,7 +1054,7 @@ export class CodexAppServerEventProjector {
       toolTelemetry.toolMediaUrls?.map((url) => url.trim()).filter(Boolean) ?? [],
     );
     if ((toolTelemetry.messagingToolSentMediaUrls?.length ?? 0) === 0) {
-      for (const mediaUrl of this.nativeGeneratedMediaUrlsByItemId.values()) {
+      for (const mediaUrl of this.nativeGeneratedMediaUrls) {
         mediaUrls.add(mediaUrl);
       }
     }
@@ -1374,6 +1368,9 @@ export class CodexAppServerEventProjector {
       agentId: this.params.agentId,
       sessionId: this.params.sessionId,
       sessionKey: this.params.sessionKey,
+      // The attempt boundary resolves aliases and sandbox session identity once.
+      // Keep that canonical snapshot authoritative over optional raw projector params.
+      ...this.options.toolHookContext,
       startArgs: itemToolArgs(item) ?? {},
       ...(result !== undefined ? { result } : {}),
       ...(error ? { error } : {}),

extensions/codex/src/app-server/native-hook-relay.ts

@@ -8,6 +8,7 @@ import {
   type EmbeddedRunAttemptParams,
   type NativeHookRelayEvent,
   type NativeHookRelayRegistrationHandle,
+  type ToolHookRunContext,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import {
   addTimerTimeoutGraceMs,
@@ -121,6 +122,7 @@ export function createCodexNativeHookRelay(params: {
   config: EmbeddedRunAttemptParams["config"];
   runId: string;
   channelId?: string;
+  toolHookContext?: ToolHookRunContext;
   attemptTimeoutMs: number;
   startupTimeoutMs: number;
   turnStartTimeoutMs: number;
@@ -146,6 +148,7 @@ export function createCodexNativeHookRelay(params: {
     ...(params.config ? { config: params.config } : {}),
     runId: params.runId,
     ...(params.channelId ? { channelId: params.channelId } : {}),
+    ...(params.toolHookContext ? { toolHookContext: params.toolHookContext } : {}),
     allowedEvents: params.events,
     ttlMs: resolveCodexNativeHookRelayTtlMs({
       explicitTtlMs: params.options?.ttlMs,

extensions/codex/src/app-server/native-subagent-monitor.ts

@@ -91,9 +91,6 @@ const DEFAULT_COMPLETION_DELIVERY_RETRY_DELAYS_MS = [
 ];
 const DEFAULT_TASK_ROW_RECONCILE_INTERVAL_MS = 10_000;
 const RECENT_TERMINAL_TASK_RECONCILE_GRACE_MS = 60_000;
-// Codex's recorder uses this filename contract; non-canonical names keep the
-// legacy substring fallback for older or test-created transcript files.
-const CODEX_ROLLOUT_FILENAME_RE = /^rollout-\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-(.+)\.jsonl$/u;
 
 const defaultRuntime: NativeSubagentMonitorRuntime = {
   createAgentHarnessTaskRuntime,
@@ -1191,9 +1188,8 @@ async function findTranscriptPaths(params: {
 }): Promise<Map<string, string>> {
   const sessionsDir = path.join(params.codexHome, "sessions");
   const found = new Map<string, string>();
-  const remaining = new Set(params.childThreadIds);
   const stack = [sessionsDir];
-  while (stack.length > 0 && remaining.size > 0) {
+  while (stack.length > 0 && found.size < params.childThreadIds.size) {
     const dir = stack.pop()!;
     let entries: Array<{ name: string; isDirectory(): boolean; isFile(): boolean }>;
     try {
@@ -1210,20 +1206,10 @@ async function findTranscriptPaths(params: {
       if (!entry.isFile() || !entry.name.endsWith(".jsonl")) {
         continue;
       }
-      const rolloutMatch = entry.name.match(CODEX_ROLLOUT_FILENAME_RE);
-      if (rolloutMatch) {
-        const childThreadId = rolloutMatch[1];
-        if (remaining.delete(childThreadId)) {
+      for (const childThreadId of params.childThreadIds) {
+        if (!found.has(childThreadId) && entry.name.includes(childThreadId)) {
           found.set(childThreadId, entryPath);
         }
-        continue;
-      }
-      for (const childThreadId of remaining) {
-        if (entry.name.includes(childThreadId)) {
-          found.set(childThreadId, entryPath);
-          remaining.delete(childThreadId);
-          break;
-        }
       }
     }
   }
@@ -1250,13 +1236,10 @@ async function findTranscriptPath(params: {
         stack.push(entryPath);
         continue;
       }
-      const rolloutMatch = entry.name.match(CODEX_ROLLOUT_FILENAME_RE);
       if (
         entry.isFile() &&
         entry.name.endsWith(".jsonl") &&
-        (rolloutMatch
-          ? rolloutMatch[1] === params.childThreadId
-          : entry.name.includes(params.childThreadId))
+        entry.name.includes(params.childThreadId)
       ) {
         return entryPath;
       }

extensions/codex/src/app-server/run-attempt.dynamic-tools.test.ts

@@ -1,9 +1,6 @@
 // Codex tests cover run attemptynamic tools plugin behavior.
 import path from "node:path";
-import {
-  onAgentEvent,
-  type AgentEventPayload,
-} from "openclaw/plugin-sdk/agent-harness-runtime";
+import { onAgentEvent, type AgentEventPayload } from "openclaw/plugin-sdk/agent-harness-runtime";
 import {
   emitTrustedDiagnosticEvent,
   onInternalDiagnosticEvent,
@@ -609,6 +606,21 @@ describe("runCodexAppServerAttempt dynamic tools", () => {
     }
   });
 
+  it("prefers the current messaging target for hook channel fallback", () => {
+    const params = createParams(
+      path.join(tempDir, "session.jsonl"),
+      path.join(tempDir, "workspace"),
+    );
+    params.messageChannel = "telegram";
+    params.messageProvider = "telegram";
+    params.messageTo = "telegram:stale-target";
+    params.currentMessagingTarget = "telegram:current-target";
+
+    expect(testing.resolveCodexAppServerHookChannelId(params, "agent:main:session-1")).toBe(
+      "current-target",
+    );
+  });
+
   it("passes normalized channel context to app-server dynamic tool result hooks", async () => {
     const afterToolCall = vi.fn();
     initializeGlobalHookRunner(

extensions/codex/src/app-server/run-attempt.native-hook-relay.test.ts

@@ -30,9 +30,7 @@ const DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT = JSON.stringify({
   web_search: "disabled",
 });
 
-function writeCodexAppServerBinding(
-  ...args: Parameters<typeof writeRawCodexAppServerBinding>
-) {
+function writeCodexAppServerBinding(...args: Parameters<typeof writeRawCodexAppServerBinding>) {
   const [sessionFile, binding, lookup] = args;
   return writeRawCodexAppServerBinding(
     sessionFile,
@@ -95,7 +93,15 @@ describe("runCodexAppServerAttempt native hook relay", () => {
     const harness = createStartedThreadHarness();
     const params = createParams(sessionFile, workspaceDir);
     params.messageChannel = "discord";
+    params.messageProvider = "discord-voice";
     params.currentChannelId = "channel:target";
+    params.trigger = "user";
+    params.senderId = "user-1";
+    params.chatId = "native-target";
+    params.channelContext = {
+      sender: { id: "user-1", providerUserId: "discord-user-1" },
+      chat: { id: "native-target", guildId: "guild-1" },
+    };
 
     const run = runCodexAppServerAttempt(params, {
       nativeHookRelay: {
@@ -135,6 +141,22 @@ describe("runCodexAppServerAttempt native hook relay", () => {
       threadId: "thread-1",
       turnId: "turn-1",
       autoApprove: true,
+      toolHookContext: {
+        agentId: "main",
+        sessionId: "session-1",
+        sessionKey: "agent:main:session-1",
+        runId: "run-1",
+        trigger: "user",
+        messageProvider: "discord-voice",
+        channel: "discord",
+        channelId: "target",
+        chatId: "native-target",
+        senderId: "user-1",
+        channelContext: {
+          sender: { id: "user-1", providerUserId: "discord-user-1" },
+          chat: { id: "native-target", guildId: "guild-1" },
+        },
+      },
     });
     expect(approvalArgs?.nativeHookRelay).toMatchObject({
       relayId,

extensions/codex/src/app-server/run-attempt.ts

@@ -38,6 +38,7 @@ import {
   type EmbeddedRunAttemptResult,
   type NativeHookRelayEvent,
   type NativeHookRelayRegistrationHandle,
+  type ToolHookRunContext,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { resolveAgentDir } from "openclaw/plugin-sdk/agent-runtime";
 import {
@@ -248,6 +249,7 @@ import {
   type CodexAppServerThreadLifecycleBinding,
   type CodexContextEngineThreadBootstrapProjection,
 } from "./thread-lifecycle.js";
+import { buildCodexToolHookRunContext } from "./tool-hook-context.js";
 import {
   inferCodexDynamicToolMeta,
   resolveCodexToolProgressDetailMode,
@@ -717,6 +719,14 @@ export async function runCodexAppServerAttempt(
     });
   }
   const hookChannelId = resolveCodexAppServerHookChannelId(params, sandboxSessionKey);
+  const toolHookRunContext = buildCodexToolHookRunContext({
+    attempt: params,
+    agentId: sessionAgentId,
+    sessionId: params.sessionId,
+    sessionKey: sandboxSessionKey,
+    runId: params.runId,
+    channelId: hookChannelId,
+  });
   preDynamicStartupStages.mark("context-engine-support");
   const preDynamicSummary = preDynamicStartupStages.snapshot();
   if (shouldWarnCodexDynamicToolBuildStageSummary(preDynamicSummary)) {
@@ -832,12 +842,8 @@ export async function runCodexAppServerAttempt(
     }),
     directToolNames: resolveCodexDynamicToolDirectNames(params),
     hookContext: {
-      agentId: sessionAgentId,
+      ...toolHookRunContext,
       config: params.config,
-      sessionId: params.sessionId,
-      sessionKey: sandboxSessionKey,
-      runId: params.runId,
-      channelId: hookChannelId,
       currentChannelProvider: resolveCodexMessageToolProvider(params),
       currentChannelId: params.currentChannelId,
       currentMessagingTarget: params.currentMessagingTarget,
@@ -1444,6 +1450,7 @@ export async function runCodexAppServerAttempt(
       config: params.config,
       runId: params.runId,
       channelId: hookChannelId,
+      toolHookContext: toolHookRunContext,
       attemptTimeoutMs: params.timeoutMs,
       startupTimeoutMs,
       turnStartTimeoutMs: params.timeoutMs,
@@ -2150,6 +2157,7 @@ export async function runCodexAppServerAttempt(
             method: request.method,
             params: request.params,
             paramsForRun: params,
+            toolHookContext: toolHookRunContext,
             threadId: thread.threadId,
             turnId,
             nativeHookRelay,
@@ -2761,6 +2769,7 @@ export async function runCodexAppServerAttempt(
       nativePostToolUseRelayEnabled:
         nativeHookRelay?.allowedEvents.includes("post_tool_use") === true &&
         nativeHookRelay.shouldRelayEvent("post_tool_use"),
+      toolHookContext: toolHookRunContext,
       trajectoryRecorder,
       onNativeToolResultRecorded: maybeAnnounceFastModeAutoOff,
     },
@@ -3430,6 +3439,7 @@ function handleApprovalRequest(params: {
   method: string;
   params: JsonValue | undefined;
   paramsForRun: EmbeddedRunAttemptParams;
+  toolHookContext: ToolHookRunContext;
   threadId: string;
   turnId: string;
   nativeHookRelay?: NativeHookRelayRegistrationHandle;
@@ -3443,6 +3453,7 @@ function handleApprovalRequest(params: {
     method: params.method,
     requestParams: params.params,
     paramsForRun: params.paramsForRun,
+    toolHookContext: params.toolHookContext,
     threadId: params.threadId,
     turnId: params.turnId,
     nativeHookRelay: params.nativeHookRelay,

extensions/codex/src/app-server/side-question.test.ts

@@ -861,9 +861,12 @@ describe("runCodexAppServerSideQuestion", () => {
         ).toMatchObject({
           agentId: "main",
           sessionId: "session-1",
-          sessionKey: "agent:main:session-1",
+          sessionKey: "agent:main:runtime-policy",
           runId: "run-side-1",
           channelId: "voice-room",
+          toolHookContext: {
+            sessionKey: "agent:main:runtime-policy",
+          },
           allowedEvents: ["pre_tool_use", "post_tool_use", "before_agent_finalize"],
         });
         return threadResult("side-thread");
@@ -889,6 +892,7 @@ describe("runCodexAppServerSideQuestion", () => {
       runCodexAppServerSideQuestion(
         sideParams({
           sessionKey: "agent:main:session-1",
+          sandboxSessionKey: "agent:main:runtime-policy",
           messageChannel: "discord",
           messageProvider: "discord-voice",
           currentChannelId: "discord:voice-room",
@@ -971,6 +975,7 @@ describe("runCodexAppServerSideQuestion", () => {
       runCodexAppServerSideQuestion(
         sideParams({
           sessionKey: "agent:main:session-1",
+          sandboxSessionKey: "agent:main:runtime-policy",
           messageChannel: "discord",
           messageProvider: "discord-voice",
           opts: { runId: "run-side-approval" },
@@ -988,6 +993,7 @@ describe("runCodexAppServerSideQuestion", () => {
           threadId?: string;
           turnId?: string;
           paramsForRun?: { messageChannel?: string; messageProvider?: string };
+          toolHookContext?: { sessionKey?: string };
           nativeHookRelay?: { relayId?: string; allowedEvents?: readonly string[] };
         }
       | undefined;
@@ -1007,6 +1013,9 @@ describe("runCodexAppServerSideQuestion", () => {
         messageChannel: "discord",
         messageProvider: "discord-voice",
       },
+      toolHookContext: {
+        sessionKey: "agent:main:runtime-policy",
+      },
     });
     expect(approvalArgs?.nativeHookRelay).toMatchObject({
       relayId: relayIdDuringFork,
@@ -1482,6 +1491,14 @@ describe("runCodexAppServerSideQuestion", () => {
   });
 
   it("bridges side-thread dynamic tool requests to OpenClaw tools", async () => {
+    const beforeToolCall = vi.fn();
+    const afterToolCall = vi.fn();
+    initializeGlobalHookRunner(
+      createMockPluginRegistry([
+        { hookName: "before_tool_call", handler: beforeToolCall },
+        { hookName: "after_tool_call", handler: afterToolCall },
+      ]),
+    );
     const client = createFakeClient();
     let toolResponse: unknown;
     client.request.mockImplementation(async (method: string) => {
@@ -1527,6 +1544,13 @@ describe("runCodexAppServerSideQuestion", () => {
     expect(toolArguments).toEqual({ topic: "AGENTS.md" });
     expect(toolSignal).toBeInstanceOf(AbortSignal);
     expect(toolOptions).toBeUndefined();
+    expect(beforeToolCall).toHaveBeenCalledTimes(1);
+    expect(mockCall(beforeToolCall)[1]).toMatchObject({ sessionKey: "session-1" });
+    await vi.waitFor(() => expect(afterToolCall).toHaveBeenCalledTimes(1));
+    expect(mockCall(afterToolCall)[1]).toMatchObject({ sessionKey: "session-1" });
+    expect(createOpenClawCodingToolsMock).toHaveBeenCalledWith(
+      expect.objectContaining({ sessionKey: "session-1" }),
+    );
     expect(toolResponse).toEqual({
       success: true,
       contentItems: [{ type: "inputText", text: "tool output" }],
@@ -1610,14 +1634,29 @@ describe("runCodexAppServerSideQuestion", () => {
     expect(activeDiagnosticToolKeys(diagnosticEvents)).toEqual(new Set());
   });
 
-  it("normalizes hook channel ids for side-thread dynamic tool requests", async () => {
+  it("preserves requester identity while normalizing side-thread hook channels", async () => {
+    const afterToolCall = vi.fn();
     const beforeToolCall = vi.fn((...args: unknown[]) => {
-      const context = args[1] as { channelId?: string };
-      expect(context.channelId).toBe("voice-room");
+      const context = args[1] as Record<string, unknown>;
+      expect(context).toMatchObject({
+        sessionKey: "agent:main:runtime-policy",
+        messageProvider: "discord-voice",
+        channel: "discord",
+        channelId: "voice-room",
+        chatId: "native-voice-chat",
+        senderId: "sender-1",
+        channelContext: {
+          sender: { id: "sender-1", providerUserId: "discord-user-1" },
+          chat: { id: "native-voice-chat", guildId: "guild-1" },
+        },
+      });
       return undefined;
     });
     initializeGlobalHookRunner(
-      createMockPluginRegistry([{ hookName: "before_tool_call", handler: beforeToolCall }]),
+      createMockPluginRegistry([
+        { hookName: "before_tool_call", handler: beforeToolCall },
+        { hookName: "after_tool_call", handler: afterToolCall },
+      ]),
     );
     const client = createFakeClient();
     client.request.mockImplementation(async (method: string) => {
@@ -1657,17 +1696,48 @@ describe("runCodexAppServerSideQuestion", () => {
     await expect(
       runCodexAppServerSideQuestion(
         sideParams({
+          sessionKey: "agent:main:conversation",
+          sandboxSessionKey: "agent:main:runtime-policy",
           messageChannel: "discord",
           messageProvider: "discord-voice",
           currentChannelId: "discord:voice-room",
+          chatId: "native-voice-chat",
+          senderId: "sender-1",
+          channelContext: {
+            sender: { id: "sender-1", providerUserId: "discord-user-1" },
+            chat: { id: "native-voice-chat", guildId: "guild-1" },
+          },
         }),
       ),
     ).resolves.toEqual({ text: "Tool answer." });
 
     expect(beforeToolCall).toHaveBeenCalledTimes(1);
+    await vi.waitFor(() => expect(afterToolCall).toHaveBeenCalledTimes(1));
+    expect(mockCall(afterToolCall)[1]).toMatchObject({
+      sessionKey: "agent:main:runtime-policy",
+      messageProvider: "discord-voice",
+      channel: "discord",
+      channelId: "voice-room",
+      chatId: "native-voice-chat",
+    });
     expect(createOpenClawCodingToolsMock).toHaveBeenCalledWith(
-      expect.objectContaining({ hookChannelId: "voice-room" }),
+      expect.objectContaining({
+        sessionKey: "agent:main:runtime-policy",
+        runSessionKey: "agent:main:conversation",
+        messageChannel: "discord",
+        messageProvider: "discord",
+        toolPolicyMessageProvider: "discord-voice",
+        hookChannelId: "voice-room",
+        chatId: "native-voice-chat",
+        hookChannelContext: {
+          sender: { id: "sender-1", providerUserId: "discord-user-1" },
+          chat: { id: "native-voice-chat", guildId: "guild-1" },
+        },
+      }),
     );
+    expect(
+      (mockCall(createOpenClawCodingToolsMock)[0] as { channelContext?: unknown }).channelContext,
+    ).toBeUndefined();
     expect(toolExecuteMock).toHaveBeenCalledTimes(1);
   });
 

extensions/codex/src/app-server/side-question.ts

@@ -1,6 +1,5 @@
 // Codex plugin module implements side question behavior.
 import {
-  buildAgentHookContextChannelFields,
   embeddedAgentLog,
   formatErrorMessage,
   resolveAgentDir,
@@ -16,6 +15,7 @@ import {
   type EmbeddedRunAttemptParams,
   type NativeHookRelayEvent,
   type NativeHookRelayRegistrationHandle,
+  type ToolHookRunContext,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { loadExecApprovals } from "openclaw/plugin-sdk/exec-approvals-runtime";
 import { resolveCodexAppServerForModelProvider } from "./app-server-policy.js";
@@ -89,6 +89,7 @@ import {
   resolveCodexBindingModelProviderFallback,
   resolveReasoningEffort,
 } from "./thread-lifecycle.js";
+import { buildCodexToolHookRunContext } from "./tool-hook-context.js";
 import { filterToolsForVisionInputs } from "./vision-tools.js";
 import {
   resolveCodexWebSearchPlan,
@@ -206,9 +207,21 @@ export async function runCodexAppServerSideQuestion(
   });
   const cwd = binding.cwd || params.workspaceDir || process.cwd();
   const sideRunParams = buildSideRunAttemptParams(params, { cwd, authProfileId });
+  const toolHookSessionKey =
+    sideRunParams.sandboxSessionKey?.trim() ||
+    sideRunParams.sessionKey?.trim() ||
+    sideRunParams.sessionId ||
+    sessionAgentId;
+  const toolHookRunContext = buildCodexToolHookRunContext({
+    attempt: sideRunParams,
+    agentId: sessionAgentId,
+    sessionId: sideRunParams.sessionId,
+    sessionKey: toolHookSessionKey,
+    runId: sideRunParams.runId,
+  });
   const nativeExecutionBlock = resolveCodexNativeExecutionBlock({
     config: sideRunParams.config,
-    sessionKey: sideRunParams.sandboxSessionKey?.trim() || sideRunParams.sessionKey,
+    sessionKey: toolHookSessionKey,
     sessionId: sideRunParams.sessionId,
     surface: "/btw side-question mode",
   });
@@ -287,6 +300,7 @@ export async function runCodexAppServerSideQuestion(
       nativeToolSurfaceEnabled,
       nativeProviderWebSearchSupport,
       signal: runAbortController.signal,
+      toolHookContext: toolHookRunContext,
     });
     removeRequestHandler = client.addRequestHandler(async (request) => {
       if (request.method === "account/chatgptAuthTokens/refresh") {
@@ -319,19 +333,20 @@ export async function runCodexAppServerSideQuestion(
           method: request.method,
           requestParams: request.params,
           paramsForRun: sideRunParams,
+          toolHookContext: toolHookRunContext,
           threadId: childThreadId,
           turnId,
           nativeHookRelay,
-	          execPolicy,
-	          execReviewerAgentId: sessionAgentId,
-	          internalExecAutoReview: modelScopedAppServer.approvalsReviewer === "user",
-	          autoApprove: shouldAutoApproveCodexAppServerApprovals({
-	            approvalPolicy,
-	            networkProxy: modelScopedAppServer.networkProxy,
-	            sandbox,
-	          }),
-	          signal: runAbortController.signal,
-	        });
+          execPolicy,
+          execReviewerAgentId: sessionAgentId,
+          internalExecAutoReview: modelScopedAppServer.approvalsReviewer === "user",
+          autoApprove: shouldAutoApproveCodexAppServerApprovals({
+            approvalPolicy,
+            networkProxy: modelScopedAppServer.networkProxy,
+            sandbox,
+          }),
+          signal: runAbortController.signal,
+        });
       }
       if (request.method !== "item/tool/call") {
         return undefined;
@@ -388,15 +403,11 @@ export async function runCodexAppServerSideQuestion(
           events: nativeHookRelayEvents,
           agentId: sessionAgentId,
           sessionId: params.sessionId,
-          sessionKey: params.sessionKey,
+          sessionKey: toolHookRunContext.sessionKey,
           config: params.cfg,
           runId: sideRunParams.runId,
-          channelId: buildAgentHookContextChannelFields({
-            sessionKey: params.sessionKey,
-            messageChannel: params.messageChannel,
-            messageProvider: params.messageProvider,
-            currentChannelId: params.currentChannelId,
-          }).channelId,
+          channelId: toolHookRunContext.channelId,
+          toolHookContext: toolHookRunContext,
           requestTimeoutMs: appServer.requestTimeoutMs,
           completionTimeoutMs: Math.max(
             appServer.turnCompletionIdleTimeoutMs,
@@ -419,12 +430,12 @@ export async function runCodexAppServerSideQuestion(
       nativeCodeModeEnabled: nativeToolSurfaceEnabled,
       nativeCodeModeOnlyEnabled: appServer.codeModeOnly,
     });
-	    const threadConfig =
-	      mergeCodexThreadConfigs(
-	        nativeHookRelayConfig,
-	        runtimeThreadConfig,
-	        modelScopedAppServer.networkProxy?.configPatch,
-	      ) ?? runtimeThreadConfig;
+    const threadConfig =
+      mergeCodexThreadConfigs(
+        nativeHookRelayConfig,
+        runtimeThreadConfig,
+        modelScopedAppServer.networkProxy?.configPatch,
+      ) ?? runtimeThreadConfig;
     const forkResponse = assertCodexThreadForkResponse(
       await forkCodexSideThread(
         client,
@@ -436,7 +447,7 @@ export async function runCodexAppServerSideQuestion(
           cwd,
           approvalPolicy,
           approvalsReviewer: modelScopedAppServer.approvalsReviewer,
-	          ...(modelScopedAppServer.networkProxy ? {} : { sandbox }),
+          ...(modelScopedAppServer.networkProxy ? {} : { sandbox }),
           ...(serviceTier ? { serviceTier } : {}),
           config: threadConfig,
           developerInstructions: SIDE_DEVELOPER_INSTRUCTIONS,
@@ -542,6 +553,7 @@ function registerCodexSideNativeHookRelay(params: {
   config: EmbeddedRunAttemptParams["config"];
   runId: string;
   channelId?: string;
+  toolHookContext?: ToolHookRunContext;
   requestTimeoutMs: number;
   completionTimeoutMs: number;
   signal: AbortSignal;
@@ -557,6 +569,7 @@ function registerCodexSideNativeHookRelay(params: {
     ...(params.config ? { config: params.config } : {}),
     runId: params.runId,
     ...(params.channelId ? { channelId: params.channelId } : {}),
+    ...(params.toolHookContext ? { toolHookContext: params.toolHookContext } : {}),
     allowedEvents: params.events,
     ttlMs: resolveCodexSideNativeHookRelayTtlMs({
       explicitTtlMs: params.options.ttlMs,
@@ -596,6 +609,7 @@ function buildSideRunAttemptParams(
     provider: params.provider,
     modelId: params.model,
     model: params.runtimeModel ?? ({ id: params.model, provider: params.provider } as never),
+    trigger: "user" as const,
     sessionId: params.sessionId,
     sessionFile: params.sessionFile,
     sessionKey: params.sessionKey,
@@ -616,6 +630,8 @@ function buildSideRunAttemptParams(
     ...(params.senderUsername !== undefined ? { senderUsername: params.senderUsername } : {}),
     ...(params.senderE164 !== undefined ? { senderE164: params.senderE164 } : {}),
     ...(params.senderIsOwner !== undefined ? { senderIsOwner: params.senderIsOwner } : {}),
+    ...(params.chatId ? { chatId: params.chatId } : {}),
+    ...(params.channelContext ? { channelContext: params.channelContext } : {}),
     ...(params.currentChannelId ? { currentChannelId: params.currentChannelId } : {}),
     ...(params.toolsAllow ? { toolsAllow: params.toolsAllow } : {}),
     workspaceDir: options.cwd,
@@ -647,6 +663,7 @@ async function createCodexSideToolBridge(input: {
   nativeToolSurfaceEnabled: boolean;
   nativeProviderWebSearchSupport: CodexNativeWebSearchSupport;
   signal: AbortSignal;
+  toolHookContext: ToolHookRunContext;
 }): Promise<{ toolBridge: CodexDynamicToolBridge; webSearchPlan: CodexWebSearchPlan }> {
   const runtimeModel =
     input.params.runtimeModel ??
@@ -657,10 +674,7 @@ async function createCodexSideToolBridge(input: {
     const createOpenClawCodingTools = (await import("openclaw/plugin-sdk/agent-harness"))
       .createOpenClawCodingTools;
     const sandboxSessionKey =
-      input.params.sandboxSessionKey?.trim() ||
-      input.params.sessionKey?.trim() ||
-      input.params.sessionId ||
-      input.sessionAgentId;
+      input.toolHookContext.sessionKey || input.params.sessionId || input.sessionAgentId;
     const sandbox = await resolveSandboxContext({
       config: input.params.cfg,
       sessionKey: sandboxSessionKey,
@@ -696,6 +710,9 @@ async function createCodexSideToolBridge(input: {
         workspaceDir: input.cwd,
       }),
       suppressManagedWebSearch: false,
+      trigger: input.toolHookContext.trigger,
+      jobId: input.toolHookContext.jobId,
+      messageChannel: input.params.messageChannel,
       ...(input.params.messageProvider || input.params.messageChannel
         ? {
             messageProvider: messageToolProvider,
@@ -715,6 +732,8 @@ async function createCodexSideToolBridge(input: {
       ...(input.params.memberRoleIds ? { memberRoleIds: input.params.memberRoleIds } : {}),
       ...(input.params.spawnedBy !== undefined ? { spawnedBy: input.params.spawnedBy } : {}),
       ...(input.params.senderId !== undefined ? { senderId: input.params.senderId } : {}),
+      chatId: input.toolHookContext.chatId,
+      hookChannelContext: input.toolHookContext.channelContext,
       ...(input.params.senderName !== undefined ? { senderName: input.params.senderName } : {}),
       ...(input.params.senderUsername !== undefined
         ? { senderUsername: input.params.senderUsername }
@@ -724,12 +743,7 @@ async function createCodexSideToolBridge(input: {
         ? { senderIsOwner: input.params.senderIsOwner }
         : {}),
       ...(input.params.currentChannelId ? { currentChannelId: input.params.currentChannelId } : {}),
-      hookChannelId: buildAgentHookContextChannelFields({
-        sessionKey: input.params.sessionKey,
-        messageChannel: input.params.messageChannel,
-        messageProvider: input.params.messageProvider,
-        currentChannelId: input.params.currentChannelId,
-      }).channelId,
+      hookChannelId: input.toolHookContext.channelId,
       sandbox,
       emitBeforeToolCallDiagnostics: false,
       modelHasVision: runtimeModel.input?.includes("image") ?? false,
@@ -757,25 +771,15 @@ async function createCodexSideToolBridge(input: {
         })
       : requestedWebSearchPlan;
   const exposedTools = tools.filter((tool) => tool.name !== "web_search");
-  const hookChannelFields = buildAgentHookContextChannelFields({
-    sessionKey: input.params.sessionKey,
-    messageChannel: input.params.messageChannel,
-    messageProvider: input.params.messageProvider,
-    currentChannelId: input.params.currentChannelId,
-  });
   return {
     toolBridge: createCodexDynamicToolBridge({
       tools: exposedTools,
       signal: input.signal,
       loading: resolveCodexDynamicToolsLoading(input.pluginConfig),
       hookContext: {
-        agentId: input.sessionAgentId,
+        ...input.toolHookContext,
         config: input.params.cfg,
-        sessionId: input.params.sessionId,
-        sessionKey: input.params.sessionKey,
-        runId: input.params.opts?.runId ?? `codex-btw:${input.params.sessionId}`,
         currentChannelProvider: messageToolProvider,
-        ...hookChannelFields,
       },
     }),
     webSearchPlan,

extensions/codex/src/app-server/tool-hook-context.ts

@@ -0,0 +1,41 @@
+/** Builds one canonical requester-origin snapshot for Codex tool hook paths. */
+import {
+  buildAgentHookContextOriginFields,
+  type EmbeddedRunAttemptParams,
+  type ToolHookRunContext,
+} from "openclaw/plugin-sdk/agent-harness-runtime";
+
+/** Build the plain run metadata shared by Codex before/after tool hook owners. */
+export function buildCodexToolHookRunContext(params: {
+  attempt: EmbeddedRunAttemptParams;
+  agentId?: string;
+  sessionId?: string;
+  sessionKey?: string;
+  runId?: string;
+  channelId?: string;
+}): ToolHookRunContext {
+  const attempt = params.attempt;
+  const agentId = params.agentId ?? attempt.agentId;
+  const sessionKey = params.sessionKey ?? attempt.sessionKey;
+  const sessionId = params.sessionId ?? attempt.sessionId;
+  const runId = params.runId ?? attempt.runId;
+  return {
+    ...(agentId ? { agentId } : {}),
+    ...(sessionKey ? { sessionKey } : {}),
+    ...(sessionId ? { sessionId } : {}),
+    ...(runId ? { runId } : {}),
+    ...(attempt.jobId ? { jobId: attempt.jobId } : {}),
+    ...(attempt.trigger ? { trigger: attempt.trigger } : {}),
+    ...buildAgentHookContextOriginFields({
+      sessionKey,
+      messageChannel: attempt.messageChannel,
+      messageProvider: attempt.messageProvider ?? attempt.messageChannel,
+      currentChannelId: params.channelId ?? attempt.currentChannelId,
+      messageTo: attempt.currentMessagingTarget ?? attempt.messageTo,
+      trigger: attempt.trigger,
+      senderId: attempt.senderId,
+      chatId: attempt.chatId,
+      channelContext: attempt.channelContext,
+    }),
+  };
+}

extensions/cohere/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/cohere-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/cohere-provider",
-      "version": "2026.6.10"
+      "version": "2026.6.9"
     }
   }
 }

extensions/cohere/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/cohere-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw Cohere provider plugin.",
   "repository": {
     "type": "git",
@@ -21,10 +21,10 @@
       "minHostVersion": ">=2026.6.8"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": true
     },
     "release": {

extensions/comfy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/comfy-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw ComfyUI provider plugin",
   "type": "module",

extensions/copilot-proxy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/copilot-proxy",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw Copilot Proxy provider plugin",
   "type": "module",

extensions/copilot/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/copilot",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/copilot",
-      "version": "2026.6.10",
+      "version": "2026.6.9",
       "dependencies": {
         "@github/copilot-sdk": "1.0.0-beta.9"
       }

extensions/copilot/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/copilot",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "description": "OpenClaw GitHub Copilot agent runtime plugin (registers a `github-copilot` AgentHarness backed by @github/copilot-sdk over JSON-RPC to the GitHub Copilot CLI)",
   "repository": {
     "type": "git",
@@ -25,10 +25,10 @@
       "minHostVersion": ">=2026.5.28"
     },
     "compat": {
-      "pluginApi": ">=2026.6.10"
+      "pluginApi": ">=2026.6.9"
     },
     "build": {
-      "openclawVersion": "2026.6.10",
+      "openclawVersion": "2026.6.9",
       "bundledDist": false
     },
     "release": {

extensions/copilot/src/attempt.test.ts

@@ -338,7 +338,22 @@ describe("runCopilotAttempt", () => {
       return { sdkTools: [], sourceTools: [] };
     });
 
-    await runCopilotAttempt(makeParams(), {
+    const params = makeParams();
+    Object.assign(params, {
+      jobId: "job-1",
+      trigger: "user",
+      messageChannel: "slack",
+      messageProvider: "slack-voice",
+      currentChannelId: "C123",
+      chatId: "C123",
+      senderId: "U123",
+      channelContext: {
+        sender: { id: "U123", displayName: "Ada" },
+        chat: { id: "C123" },
+      },
+    });
+
+    await runCopilotAttempt(params, {
       createToolBridge,
       pool: makeFakePool(sdk),
     });
@@ -385,7 +400,21 @@ describe("runCopilotAttempt", () => {
         toolCallId: "tool-call-1",
         toolName: "read",
       }),
-      expect.objectContaining({ agentId: "agent-1", sessionId: "session-1" }),
+      expect.objectContaining({
+        agentId: "agent-1",
+        sessionId: "session-1",
+        jobId: "job-1",
+        trigger: "user",
+        messageProvider: "slack-voice",
+        channel: "slack",
+        chatId: "C123",
+        senderId: "U123",
+        channelId: "C123",
+        channelContext: {
+          sender: { id: "U123", displayName: "Ada" },
+          chat: { id: "C123" },
+        },
+      }),
     );
   });
 
@@ -1285,6 +1314,32 @@ describe("runCopilotAttempt", () => {
     ).toBe(sdkTools);
   });
 
+  it("passes the session-resolved agent id to the tool bridge", async () => {
+    const sdk = makeFakeSdk();
+    const pool = makeFakePool(sdk);
+    const createToolBridge = vi.fn(async () => ({ sdkTools: [], sourceTools: [] }));
+
+    await runCopilotAttempt(
+      makeParams({
+        agentId: undefined,
+        sessionKey: "agent:beta:main",
+        config: {
+          agents: {
+            list: [{ id: "main" }, { id: "beta" }],
+          },
+        } as never,
+      }),
+      { createToolBridge, pool },
+    );
+
+    expect(createToolBridge).toHaveBeenCalledWith(
+      expect.objectContaining({
+        agentId: "beta",
+        sessionKey: "agent:beta:main",
+      }),
+    );
+  });
+
   it("F6: sessionRef is populated after createSession so the tool bridge's onYield can abort the live SDK session", async () => {
     const sdk = makeFakeSdk();
     const pool = makeFakePool(sdk);

extensions/copilot/src/attempt.ts

@@ -9,6 +9,7 @@ import type {
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import {
   buildAgentHookContextChannelFields,
+  buildAgentHookContextOriginFields,
   detectAndLoadAgentHarnessPromptImages,
   resolveAgentHarnessBeforePromptBuildResult,
   resolveAttemptFsWorkspaceOnly,
@@ -367,6 +368,25 @@ export async function runCopilotAttempt(
     ...hookContextWindowFields,
     ...buildAgentHookContextChannelFields(input),
   };
+  const toolHookRunContext = {
+    runId: input.runId,
+    jobId: input.jobId,
+    agentId: sessionAgentId,
+    sessionKey: sandboxSessionKey,
+    sessionId: input.sessionId,
+    trigger: input.trigger,
+    ...buildAgentHookContextOriginFields({
+      sessionKey: sandboxSessionKey,
+      messageChannel: input.messageChannel,
+      messageProvider: input.messageProvider ?? input.messageChannel,
+      currentChannelId: input.currentChannelId,
+      messageTo: input.currentMessagingTarget ?? input.messageTo,
+      trigger: input.trigger,
+      senderId: input.senderId,
+      chatId: input.chatId,
+      channelContext: input.channelContext,
+    }),
+  };
   const finishAttempt = (result: AgentHarnessAttemptResult) =>
     finalizeCopilotAttempt(input, result, hookContext, attemptStartedAt, now);
 
@@ -564,7 +584,7 @@ export async function runCopilotAttempt(
       const toolBridge = await createToolBridge({
         modelProvider: modelRef.provider,
         modelId: modelRef.id,
-        agentId: readString(params.agentId) ?? "copilot",
+        agentId: sessionAgentId,
         sessionId: readString(input.sessionId) ?? "copilot-session",
         sessionKey: readString((input as { sessionKey?: unknown }).sessionKey),
         agentDir: readString(input.agentDir),
@@ -590,11 +610,7 @@ export async function runCopilotAttempt(
           runAgentHarnessAfterToolCallHook({
             toolName,
             toolCallId,
-            runId: input.runId,
-            agentId: sessionAgentId,
-            sessionId: input.sessionId,
-            sessionKey: sandboxSessionKey,
-            channelId: hookContext.channelId,
+            ...toolHookRunContext,
             startArgs: args,
             ...(result !== undefined ? { result } : {}),
             ...(error ? { error } : {}),

extensions/copilot/src/tool-bridge.test.ts

@@ -1,11 +1,17 @@
 // Copilot tests cover tool bridge plugin behavior.
 import type { Tool as SdkTool, ToolInvocation, ToolResultObject } from "@github/copilot-sdk";
 import type { AnyAgentTool, SandboxContext } from "openclaw/plugin-sdk/agent-harness-runtime";
+import {
+  initializeGlobalHookRunner,
+  resetGlobalHookRunner,
+} from "openclaw/plugin-sdk/hook-runtime";
+import { createMockPluginRegistry } from "openclaw/plugin-sdk/plugin-test-runtime";
 import { afterEach, describe, expect, it, vi } from "vitest";
 import {
   createCopilotToolBridge,
   convertOpenClawToolToSdkTool,
   supportsModelTools,
+  testing,
 } from "./tool-bridge.js";
 
 type FakeTool = AnyAgentTool & {
@@ -77,6 +83,7 @@ function runSdkTool(tool: SdkTool, args: unknown, invocation = makeInvocation())
 }
 
 afterEach(() => {
+  resetGlobalHookRunner();
   vi.restoreAllMocks();
 });
 
@@ -286,6 +293,79 @@ describe("createCopilotToolBridge", () => {
     expect(result.sdkTools.map((tool) => tool.name)).toEqual(["exec", "wait"]);
   });
 
+  it("runs requester-aware policy before code-mode exec controls", async () => {
+    const beforeToolCall = vi.fn(() => ({
+      block: true,
+      blockReason: "blocked before code-mode execution",
+    }));
+    initializeGlobalHookRunner(
+      createMockPluginRegistry([{ hookName: "before_tool_call", handler: beforeToolCall }]),
+    );
+    const createOpenClawCodingTools = vi.fn(async () => [makeTool({ name: "read" })]);
+
+    const result = await createCopilotToolBridge({
+      agentId: "agent-1",
+      attemptParams: {
+        config: { tools: { codeMode: true } },
+        runId: "run-code-mode",
+        sessionId: "session-1",
+        sessionKey: "agent:main:main",
+        jobId: "job-1",
+        trigger: "user",
+        messageChannel: "slack",
+        messageProvider: "slack-voice",
+        currentChannelId: "slack:C123",
+        senderId: "U123",
+        channelContext: { sender: { id: "U123", displayName: "Ada" } },
+      } as never,
+      createOpenClawCodingTools,
+      modelId: "gpt-4o",
+      modelProvider: "github-copilot",
+      sessionId: "session-1",
+    });
+    const exec = result.sdkTools.find((tool) => tool.name === "exec");
+    if (!exec) {
+      throw new Error("missing code-mode exec control");
+    }
+
+    await runSdkTool(
+      exec,
+      { code: "return 1;" },
+      makeInvocation({ toolCallId: "code-call-1", toolName: "exec" }),
+    );
+
+    expect(beforeToolCall).toHaveBeenCalledTimes(1);
+    expect(beforeToolCall).toHaveBeenCalledWith(
+      {
+        toolName: "exec",
+        params: { code: "return 1;", command: "return 1;" },
+        toolKind: "code_mode_exec",
+        toolInputKind: "javascript",
+        runId: "run-code-mode",
+        toolCallId: "code-call-1",
+      },
+      {
+        toolName: "exec",
+        toolKind: "code_mode_exec",
+        toolInputKind: "javascript",
+        agentId: "agent-1",
+        sessionKey: "agent:main:main",
+        sessionId: "session-1",
+        runId: "run-code-mode",
+        jobId: "job-1",
+        trigger: "user",
+        messageProvider: "slack-voice",
+        channel: "slack",
+        senderId: "U123",
+        toolCallId: "code-call-1",
+        channelId: "C123",
+        channelContext: {
+          sender: { id: "U123", displayName: "Ada" },
+        },
+      },
+    );
+  });
+
   it("keeps code-mode controls visible when a narrow allowlist is active", async () => {
     const createOpenClawCodingTools = vi.fn(async () => [
       makeTool({ name: "fake_hidden" }),
@@ -420,7 +500,13 @@ describe("createCopilotToolBridge", () => {
           currentMessagingTarget: "user:U123",
           currentThreadTs: "1700000000.000100",
           currentMessageId: "M-1",
-          messageProvider: "slack",
+          messageChannel: "slack",
+          messageProvider: "slack-voice",
+          chatId: "chat-1",
+          channelContext: {
+            sender: { id: "sender-1", displayName: "Ada" },
+            chat: { id: "chat-1", kind: "channel" },
+          },
           messageTo: "U-1",
           messageThreadId: "1700000000.000100",
           replyToMode: "first",
@@ -454,7 +540,13 @@ describe("createCopilotToolBridge", () => {
         currentMessagingTarget: "user:U123",
         currentThreadTs: "1700000000.000100",
         currentMessageId: "M-1",
-        messageProvider: "slack",
+        messageChannel: "slack",
+        messageProvider: "slack-voice",
+        chatId: "chat-1",
+        hookChannelContext: {
+          sender: { id: "sender-1", displayName: "Ada" },
+          chat: { id: "chat-1", kind: "channel" },
+        },
         messageTo: "U-1",
         messageThreadId: "1700000000.000100",
         replyToMode: "first",
@@ -462,6 +554,7 @@ describe("createCopilotToolBridge", () => {
         forceMessageTool: true,
         enableHeartbeatTool: true,
       });
+      expect(opts.channelContext).toBeUndefined();
     });
 
     it("falls back messageProvider to attemptParams.messageChannel when messageProvider is absent (codex parity)", async () => {
@@ -479,6 +572,63 @@ describe("createCopilotToolBridge", () => {
       expect(getOpts().messageProvider).toBe("telegram");
     });
 
+    it("uses messageTo when currentMessagingTarget is absent in tool hook routing", () => {
+      const context = testing.buildCopilotToolHookContext({
+        agentId: "agent-1",
+        messageChannel: "slack",
+        messageProvider: "slack",
+        messageTo: "user:U-only",
+        trigger: "user",
+      });
+
+      expect(context).toMatchObject({
+        channel: "slack",
+        messageProvider: "slack",
+        channelId: "U-only",
+        turnSourceChannel: "slack",
+        turnSourceTo: "user:U-only",
+      });
+      expect(context.chatId).toBeUndefined();
+      expect(context.channelContext).toBeUndefined();
+    });
+
+    it("resolves per-agent loop detection overrides for generated code-mode controls", () => {
+      const context = testing.buildCopilotToolHookContext({
+        agentId: "agent-1",
+        config: {
+          tools: {
+            loopDetection: {
+              enabled: true,
+              warningThreshold: 7,
+              detectors: { genericRepeat: true },
+              postCompactionGuard: { windowSize: 4 },
+            },
+          },
+          agents: {
+            list: [
+              {
+                id: "agent-1",
+                tools: {
+                  loopDetection: {
+                    enabled: false,
+                    detectors: { pingPong: false },
+                    postCompactionGuard: { windowSize: 2 },
+                  },
+                },
+              },
+            ],
+          },
+        },
+      });
+
+      expect(context.loopDetection).toEqual({
+        enabled: false,
+        warningThreshold: 7,
+        detectors: { genericRepeat: true, pingPong: false },
+        postCompactionGuard: { windowSize: 2 },
+      });
+    });
+
     it("forwards authProfileStore, runId, config, and run hooks (onToolOutcome) from attemptParams", async () => {
       const { createOpenClawCodingTools, getOpts } = captureCall();
       const authProfileStore = { kind: "fake-store" } as never;

extensions/copilot/src/tool-bridge.ts

@@ -7,15 +7,19 @@ import type {
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import {
   applyEmbeddedAttemptToolsAllow,
+  buildAgentHookContextOriginFields,
   buildEmbeddedAttemptToolRunContext,
   extractToolErrorMessage,
   getPluginToolMeta,
   isSubagentSessionKey,
+  isToolWrappedWithBeforeToolCallHook,
   isToolResultError,
   resolveAttemptSpawnWorkspaceDir,
   resolveEmbeddedAttemptToolConstructionPlan,
   resolveModelAuthMode,
+  resolveToolLoopDetectionConfig,
   sanitizeToolResult,
+  wrapToolWithBeforeToolCallHook,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { createAgentHarnessToolSurfaceRuntime } from "openclaw/plugin-sdk/agent-harness-tool-runtime";
 
@@ -143,6 +147,7 @@ export interface CopilotToolBridge {
 export const SUPPORTED_TOOL_PROVIDERS: ReadonlySet<string> = new Set(["github-copilot"]);
 const BASE_COPILOT_CODING_TOOL_NAMES = new Set(["edit", "read", "write"]);
 const SHELL_COPILOT_CODING_TOOL_NAMES = new Set(["apply_patch", "exec", "process"]);
+const CODE_MODE_CONTROL_TOOL_NAMES = new Set(["exec", "wait"]);
 
 export function supportsModelTools(modelProvider: string): boolean {
   return SUPPORTED_TOOL_PROVIDERS.has(modelProvider);
@@ -209,6 +214,7 @@ export async function createCopilotToolBridge(
     },
     toolSurfaceRuntime,
   );
+  const toolHookContext = buildCopilotToolHookContext(toolOptions);
 
   let sourceTools: unknown;
   try {
@@ -230,9 +236,18 @@ export async function createCopilotToolBridge(
     sourceTools as AnyAgentTool[],
     toolSurfaceRuntime.runtimeToolAllowlist,
   );
-  const compactedTools = toolSurfaceRuntime.compactTools(allowedSourceTools);
+  const compactedTools = toolSurfaceRuntime.compactTools(allowedSourceTools, {
+    hookContext: toolHookContext,
+  });
+  const hookedCompactedTools = compactedTools.tools.map((tool) =>
+    !toolSurfaceRuntime.codeModeControlsEnabled ||
+    !CODE_MODE_CONTROL_TOOL_NAMES.has(tool.name) ||
+    isToolWrappedWithBeforeToolCallHook(tool)
+      ? tool
+      : wrapToolWithBeforeToolCallHook(tool, toolHookContext),
+  );
   const plannedTools = filterCopilotToolsForConstructionPlan(
-    compactedTools.tools,
+    hookedCompactedTools,
     effectiveToolPlan.codingToolConstructionPlan,
     { preserveToolNames: toolSurfaceRuntime.runtimeToolAllowlist },
   );
@@ -263,6 +278,51 @@ export async function createCopilotToolBridge(
   };
 }
 
+function buildCopilotToolHookContext(toolOptions: OpenClawCodingToolsOptions) {
+  const turnSourceChannel = toolOptions.messageChannel ?? toolOptions.messageProvider;
+  const messageTo = toolOptions.currentMessagingTarget ?? toolOptions.messageTo;
+  const turnSourceTo = messageTo ?? toolOptions.currentChannelId;
+  return {
+    agentId: toolOptions.agentId,
+    config: toolOptions.config,
+    cwd: toolOptions.cwd,
+    workspaceDir: toolOptions.workspaceDir,
+    sessionKey: toolOptions.sessionKey,
+    sessionId: toolOptions.sessionId,
+    runId: toolOptions.runId,
+    jobId: toolOptions.jobId,
+    trace: toolOptions.trace,
+    trigger: toolOptions.trigger,
+    ...buildAgentHookContextOriginFields({
+      sessionKey: toolOptions.sessionKey,
+      messageChannel: toolOptions.messageChannel,
+      messageProvider: toolOptions.toolPolicyMessageProvider ?? toolOptions.messageProvider,
+      currentChannelId: toolOptions.hookChannelId ?? toolOptions.currentChannelId,
+      messageTo,
+      trigger: toolOptions.trigger,
+      senderId: toolOptions.senderId,
+      chatId: toolOptions.chatId,
+      channelContext: toolOptions.hookChannelContext ?? toolOptions.channelContext,
+    }),
+    ...(turnSourceChannel ? { turnSourceChannel } : {}),
+    ...(turnSourceTo ? { turnSourceTo } : {}),
+    ...(toolOptions.agentAccountId ? { turnSourceAccountId: toolOptions.agentAccountId } : {}),
+    ...(toolOptions.currentThreadTs ? { turnSourceThreadId: toolOptions.currentThreadTs } : {}),
+    loopDetection: resolveToolLoopDetectionConfig({
+      cfg: toolOptions.config,
+      agentId: toolOptions.agentId,
+    }),
+    onToolOutcome: toolOptions.onToolOutcome,
+    allocateToolOutcomeOrdinal: toolOptions.allocateToolOutcomeOrdinal,
+  };
+}
+
+/** Test-only access to requester-context construction. */
+export const testing = {
+  buildCopilotToolHookContext: (toolOptions: unknown): Record<string, unknown> =>
+    buildCopilotToolHookContext(toolOptions as OpenClawCodingToolsOptions),
+};
+
 /**
  * Builds the full `createOpenClawCodingTools` options bag mirroring the
  * PI in-tree call at `src/agents/pi-embedded-runner/run/attempt.ts:1029-1117`.
@@ -349,7 +409,9 @@ function buildOpenClawCodingToolsOptions(
       ...a.execOverrides,
       elevated: a.bashElevated,
     },
+    messageChannel: a.messageChannel,
     messageProvider: a.messageProvider ?? a.messageChannel,
+    toolPolicyMessageProvider: a.messageProvider ?? a.messageChannel,
     agentAccountId: a.agentAccountId,
     messageTo: a.messageTo,
     messageThreadId: a.messageThreadId,
@@ -359,6 +421,7 @@ function buildOpenClawCodingToolsOptions(
     memberRoleIds: a.memberRoleIds,
     spawnedBy: a.spawnedBy,
     senderId: a.senderId,
+    hookChannelContext: a.channelContext,
     senderName: a.senderName,
     senderUsername: a.senderUsername,
     senderE164: a.senderE164,
@@ -394,6 +457,7 @@ function buildOpenClawCodingToolsOptions(
       workspaceDir,
     }),
     currentChannelId: a.currentChannelId,
+    chatId: a.chatId,
     currentMessagingTarget: a.currentMessagingTarget,
     currentThreadTs: a.currentThreadTs,
     currentMessageId: a.currentMessageId,

extensions/deepgram/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/deepgram-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "private": true,
   "description": "OpenClaw Deepgram media-understanding provider",
   "type": "module",

extensions/deepinfra/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/deepinfra-provider",
-  "version": "2026.6.10",
+  "version": "2026.6.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/deepinfra-provider",
-      "version": "2026.6.10"
+      "version": "2026.6.9"
     }
   }
 }