fix: address issue

2026-06-24 00:04:25 +08:00 · 2026-04-28 04:27:58 +00:00
1640 changed files with 12858 additions and 68524 deletions
--- a/.agents/skills/blacksmith-testbox/SKILL.md
+++ b/.agents/skills/blacksmith-testbox/SKILL.md
@@ -293,15 +293,9 @@ checks that need parity or remote state.
 5. If tests fail, fix code and re-run against the same warm box.
 6. If you changed dependency manifests (package.json, etc.), prepend
   the install command: `blacksmith testbox run --id <ID> "npm install && npm test"`
-7. If a narrow PR reports a full sync or the box was reused/expired, sanity
-   check the remote copy before a slow gate:
-   `blacksmith testbox run --id <ID> "pnpm testbox:sanity"`.
-   If it reports missing root files or mass tracked deletions, stop the box and
-   warm a fresh one. Use `OPENCLAW_TESTBOX_ALLOW_MASS_DELETIONS=1` only for an
-   intentional large deletion PR.
-8. If you need artifacts (coverage reports, build outputs, etc.), download them:
+7. If you need artifacts (coverage reports, build outputs, etc.), download them:
   `blacksmith testbox download --id <ID> coverage/ ./coverage/`
-9. Once green, commit and push.
+8. Once green, commit and push.

 ## OpenClaw full test suite

@@ -320,12 +314,6 @@ When validating before commit/push in maintainer Testbox mode, run
 `pnpm check:changed` inside the warmed box first when appropriate, then the full
 suite with the profile above if broad confidence is needed.

-Run `pnpm testbox:sanity` inside the warmed box before the broad command when
-the sync looks suspicious. It checks that root files such as `pnpm-lock.yaml`
-still exist and fails on 200 or more tracked deletions. That catches stale or
-corrupted rsync state before dependency install or Vitest failures hide the real
-problem.
-
 ## Examples

    blacksmith testbox warmup ci-check-testbox.yml
--- a/.agents/skills/openclaw-pre-release-plugin-testing/SKILL.md
+++ b/.agents/skills/openclaw-pre-release-plugin-testing/SKILL.md
@@ -1,234 +0,0 @@
---
-name: openclaw-pre-release-plugin-testing
-description: Plan and run pre-release OpenClaw plugin validation across bundled plugins, package artifacts, lifecycle commands, doctor/fix, config round-trip, gateway startup, SDK compatibility, Docker E2E, Package Acceptance, and Testbox proof.
---
-
-# OpenClaw Pre-Release Plugin Testing
-
-Use this skill when the user asks for plugin release confidence, plugin lifecycle
-sweeps, package-artifact plugin proof, or "what else should we test before
-release?" It complements `openclaw-testing`; use that skill too when choosing
-the cheapest safe runner or debugging a failing lane.
-
-## Goal
-
-Prove the plugin system as a product surface, not just as source tests:
-
- bundled plugin lifecycle: install, inspect, enable, disable, uninstall
- package artifact behavior from a clean `HOME`
- doctor/fix/config validation and idempotence
- config discovery and config round-trip
- status/log visibility and diagnostics
- gateway startup/bootstrap with plugin metadata snapshots
- public SDK compatibility for real external plugins
- live-ish provider/channel probes only when safe credentials exist
-
-## First Checks
-
-From the OpenClaw repo root:
-
-```bash
-pnpm docs:list
-git status --short --branch
-readlink node_modules
-pnpm changed:lanes --json
-```
-
-In Codex worktrees under `.codex/worktrees`, `node_modules` must be a symlink to
-the main OpenClaw checkout. Do not run `pnpm install` there. For broad or
-package-heavy proof, use Blacksmith Testbox or GitHub Actions.
-
-## Runner Choice
-
-Prefer this order:
-
-1. **GitHub Package Acceptance** for installable-package product proof.
-2. **`ci-build-artifacts-testbox.yml` Testbox** when Docker/package lanes need
-   seeded `dist`, `dist-runtime`, and package caches.
-3. **`ci-check-testbox.yml` Testbox** for source checks, targeted Vitest,
-   package-boundary checks, or focused Docker lanes.
-4. **Local targeted commands only** for small format/static/unit probes.
-
-Avoid long package Docker runs from a stale sparse worktree. If Testbox sync
-reports hundreds of changed files or starts deleting package inputs, stop and
-warm a fresh box from current `main`, or switch to Package Acceptance.
-
-## Existing Baseline
-
-Run or verify these before inventing new coverage:
-
-```bash
-OPENCLAW_TESTBOX=1 pnpm check:changed
-pnpm run test:extensions:package-boundary:canary
-pnpm run test:extensions:package-boundary:compile
-pnpm test:docker:plugins
-OPENCLAW_PLUGINS_E2E_CLAWHUB=0 pnpm test:docker:plugins
-pnpm test:docker:plugin-update
-pnpm test:docker:bundled-channel-deps:fast
-```
-
-For full bundled install/uninstall proof, shard the packaged sweep:
-
-```bash
-OPENCLAW_BUNDLED_PLUGIN_SWEEP_TOTAL=8 \
-OPENCLAW_BUNDLED_PLUGIN_SWEEP_INDEX=<0-7> \
-pnpm test:docker:bundled-plugin-install-uninstall
-```
-
-Expected current packaged scope: 116 public bundled plugins over shards `0-7`.
-Private QA plugins are source-mode only unless a package explicitly includes
-them.
-
-## Confidence Matrix
-
-Use this matrix for pre-release signoff. Record pass/fail, run URL/Testbox ID,
-package SHA/version, and skipped-live reason.
-
-| Surface | Proof | Preferred runner |
-| --- | --- | --- |
-| Package artifact | Package Acceptance `suite_profile=package` or custom lanes | GitHub Actions |
-| Bundled lifecycle | 8-shard `test:docker:bundled-plugin-install-uninstall` | Testbox or release Docker |
-| External plugins | `test:docker:plugins` and `plugins-offline` | Testbox/package acceptance |
-| Update no-op | `test:docker:plugin-update` | Testbox/package acceptance |
-| Channel runtime deps | `test:docker:bundled-channel-deps:fast` plus key channels | Testbox/package acceptance |
-| Doctor/fix | seeded bad configs + `doctor --fix --non-interactive` | new Docker/Testbox harness |
-| Config round-trip | `config set/get`, inspect, doctor, reload, diff hash | new Docker/Testbox harness |
-| Gateway bootstrap | clean `HOME`, plugin groups enabled/disabled, status JSON | new Docker/Testbox harness |
-| SDK compatibility | directory, tgz, and `file:` external plugins using SDK subpaths | `test:docker:plugins` plus new smoke |
-| Live-ish | redacted provider/channel probes only for present env | Testbox live lanes |
-
-## Package Acceptance Plan
-
-Use this when validating a release branch, beta, or candidate package:
-
-```bash
-gh workflow run package-acceptance.yml \
-  --repo openclaw/openclaw \
-  --ref main \
-  -f workflow_ref=main \
-  -f source=ref \
-  -f package_ref=<branch-or-sha> \
-  -f suite_profile=custom \
-  -f docker_lanes='plugins-offline plugin-update bundled-channel-deps-compat doctor-switch update-channel-switch config-reload mcp-channels npm-onboard-channel-agent' \
-  -f telegram_mode=mock-openai
-```
-
-Use `source=npm -f package_spec=openclaw@beta` for published beta proof. Keep
-`workflow_ref` as trusted current harness code unless the release process says
-otherwise.
-
-## New Testbox Harness Plan
-
-If more certainty is needed, add or run a `plugin-lifecycle-matrix` Docker lane
-that uses one package tarball and sharded plugin lists. Per plugin:
-
-1. Start with a clean `HOME`.
-2. Capture `plugins list --json`.
-3. `plugins install <id>`.
-4. `plugins inspect <id> --json`.
-5. `plugins disable <id>`, then assert disabled visibility.
-6. `plugins enable <id>`, except config-required plugins without config.
-7. `plugins registry --refresh`.
-8. `doctor --non-interactive`.
-9. `plugins uninstall <id> --force`.
-10. Assert no config entry, allow/deny residue, install record, managed dir, or
-    bundled `dist/extensions/...` load path remains.
-11. Assert diagnostics contain no `level: "error"` and output redacts
-    secret-looking values.
-
-Keep `memory-lancedb` special: it is config-required. First assert install does
-not enable it without embedding config, then run a second configured case.
-
-## Doctor/Fix Matrix
-
-Seed bad states and require `doctor --fix --non-interactive` to repair them,
-then run doctor again and require idempotence:
-
- stale `plugins.allow`
- stale `plugins.entries`
- stale channel config for missing channel plugin
- invalid `plugins.entries.<id>.config`
- packaged bundled path in `plugins.load.paths`
- legacy `plugins.installs`
- disabled channel/plugin config that must not stage runtime deps
- root-owned global package tree that must remain unmodified
-
-## Gateway Bootstrap Matrix
-
-Start packaged OpenClaw in Docker with clean state:
-
- provider plugins enabled, no credentials: ready with warnings, no crash
- channel plugins configured disabled: no runtime deps staged
- startup-activation plugins enabled: ready and reflected in status
- invalid single plugin config: bad plugin skipped/quarantined, others remain
-
-Assert:
-
- gateway reaches ready
- `openclaw status --json` includes plugin diagnostics
- `openclaw plugins inspect --all --json` is parseable
- package tree is not mutated
- logs contain no raw tokens
-
-## Config Round-Trip Representatives
-
-Use representative plugin families instead of every plugin for deep config
-round-trip:
-
- providers: `openai`, `anthropic`, `mistral`, `openrouter`
- channels: `telegram`, `discord`, `slack`, `whatsapp`
- memory: `memory-lancedb`
- feature/runtime: `browser`, `acpx`, `tokenjuice`
-
-For each representative:
-
-1. Write config through CLI when possible.
-2. Read it back through `config get` or JSON.
-3. Run `plugins inspect`.
-4. Run `doctor --non-interactive`.
-5. Trigger gateway config reload if applicable.
-6. Compare config hash before/after no-op commands.
-
-## External SDK Smoke
-
-In a package Docker lane, create tiny external plugins and install them from:
-
- local directory
- `.tgz`
- `file:` npm spec
-
-Cover CJS and ESM shapes, plus at least one plugin importing focused
-`openclaw/plugin-sdk/*` subpaths. Assert `plugins inspect` sees its tool,
-gateway method, CLI command, or service.
-
-## Live-Ish Probe Rules
-
-Before live-ish work, source allowed env in Testbox and generate a redacted
-availability matrix: present/missing only, never values.
-
-Only run probes for credentials that exist. Prefer auth/catalog/status probes
-over sending user-visible messages. If a probe might contact an external user,
-channel, or workspace, stop and ask the user.
-
-## Reporting
-
-Report in this shape:
-
-```text
-package/ref:
-tbx ids / run urls:
-matrix:
-  bundled lifecycle:
-  package acceptance:
-  doctor/fix:
-  gateway bootstrap:
-  config round-trip:
-  sdk external:
-  live-ish:
-failures:
-skips:
-next highest-value gap:
-```
-
-Say clearly when a failure is Testbox sync/env damage rather than product
-behavior, and prove that with a clean rerun or current-main comparison.
--- a/.agents/skills/openclaw-pre-release-plugin-testing/agents/openai.yaml
+++ b/.agents/skills/openclaw-pre-release-plugin-testing/agents/openai.yaml
@@ -1,4 +0,0 @@
-interface:
-  display_name: "OpenClaw Plugin Pre-Release Testing"
-  short_description: "Plan plugin release validation"
-  default_prompt: "Use $openclaw-pre-release-plugin-testing to plan or run pre-release OpenClaw plugin validation across package, lifecycle, doctor, gateway, SDK, and live-ish proof."
--- a/.agents/skills/openclaw-test-performance/SKILL.md
+++ b/.agents/skills/openclaw-test-performance/SKILL.md
@@ -1,13 +1,12 @@
 ---
 name: openclaw-test-performance
-description: Benchmark, diagnose, and optimize OpenClaw test and plugin-suite runtime, import hotspots, CPU/RSS, heap growth, and slow coverage paths.
+description: Benchmark, diagnose, and optimize OpenClaw test runtime, import hotspots, CPU/RSS, and slow coverage paths.
 ---

 # OpenClaw Test Performance

-Use evidence first. The goal is real `pnpm test`, plugin-suite, and
-plugin-inspector speed/RSS improvement with coverage intact, not runner tuning by
-guesswork.
+Use evidence first. The goal is real `pnpm test` speed/RSS improvement with
+coverage intact, not runner tuning by guesswork.

 ## Workflow

@@ -22,9 +21,6 @@ guesswork.
 2. Establish a baseline before changing code:
   - Prefer `pnpm test:perf:groups --full-suite --allow-failures --output <file>`
     for full-suite ranking.
-   - For bundled plugin breadth, run the smallest relevant `pnpm
-test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
-     before jumping to the full extension sweep.
   - For a scoped hotspot use:
     `/usr/bin/time -l pnpm test <file-or-files> --maxWorkers=1 --reporter=verbose`
   - For import-heavy suspicion add:
@@ -37,8 +33,6 @@ test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
     passed, capture that as harness/noise and verify the suspect file directly.
 4. Pick the next attack by return and risk:
   - High return: one file/test dominates seconds or RSS and has a clear root.
-   - High leverage: one plugin or SDK barrel causes every plugin-inspector or
-     extension-batch run to load broad runtime.
   - Lower risk: static descriptors, target parsing, routing, auth bypass,
     setup hints, registry fixtures, or test server lifecycle.
   - Higher risk: real memory/runtime behavior, live providers, protocol
@@ -50,8 +44,6 @@ test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
     and pure helpers over broad mocks.
   - Reuse suite-level servers/clients when a fresh handshake is irrelevant.
   - Keep schedulers/background loops off unless the test proves scheduling.
-   - In plugin paths, move static metadata into manifest/lightweight artifacts
-     and keep runtime plugin loads behind explicit execution boundaries.
 6. Preserve coverage shape:
   - Do not delete a slow integration proof unless the exact production
     composition is extracted into a named helper and tested.
@@ -65,90 +57,6 @@ test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
 9. Commit with `scripts/committer "<message>" <paths...>` and push when the
   user asked for commits/pushes. Stage only files touched for this attack.

-## Plugin-Suite Workflow
-
-Use this section when perf work involves bundled plugins, plugin-inspector, SDK
-barrels, package-boundary tests, or extension suites.
-
-1. Map the suite shape first:
-   - source tests: `pnpm test extensions/<id>` or `pnpm test:extensions:batch <id>`
-   - package boundaries: `pnpm run test:extensions:package-boundary:canary` and
-     `pnpm run test:extensions:package-boundary:compile`
-   - all bundled source tests: `pnpm test:extensions`
-   - plugin import memory: `pnpm test:extensions:memory -- --json .artifacts/test-perf/extensions-memory.json`
-   - plugin-inspector/report work: keep report primitives in `plugin-inspector`;
-     keep wrappers thin and collect peak RSS when the command supports it.
-2. Start narrow, then widen:
-   - one plugin changed: run that plugin's tests and plugin-inspector slice.
-   - SDK/public barrel changed: add representative provider, channel, memory,
-     and feature plugins.
-   - loader/runtime mirror changed: add package-boundary checks and build/package
-     proof as needed.
-   - unknown shared plugin behavior: run `test:extensions:batch` groups before
-     `pnpm test:extensions`.
-3. Treat plugin-inspector failures as product signals:
-   - JSON must parse.
-   - warnings/errors must be classified, not hidden.
-   - runtime capture should be quiet and config-tolerant.
-   - command output should include wall time, exit code, and peak RSS when
-     available.
-4. For broad or package-heavy plugin proof, use Blacksmith Testbox by default on
-   maintainer machines. Warm once and reuse the same box:
-   - `blacksmith testbox warmup ci-check-testbox.yml --ref main --idle-timeout 90`
-   - `blacksmith testbox run --id <ID> "OPENCLAW_TESTBOX=1 pnpm test:extensions:batch <ids>"`
-   - stop the box when done.
-5. If plugin performance is package-artifact sensitive, switch to
-   `openclaw-pre-release-plugin-testing` and Package Acceptance rather than
-   trusting source-only timing.
-
-## Metric Collection
-
-Collect at least one stable metric before and after. Prefer the same machine and
-same command. For Testbox comparisons, use the same `tbx_...` id when possible.
-
-| Metric          | Use for                            | Preferred source                                                            |
-| --------------- | ---------------------------------- | --------------------------------------------------------------------------- |
-| wall time       | user-visible suite cost            | `/usr/bin/time -l`, test wrapper duration, Testbox run time                 |
-| Vitest duration | test body/import cost              | Vitest output per file/shard                                                |
-| import duration | broad barrel/runtime loads         | `OPENCLAW_VITEST_IMPORT_DURATIONS=1`                                        |
-| max RSS         | memory pressure and OOM risk       | `/usr/bin/time -l`, `pnpm test:extensions:memory`, wrapper memory summaries |
-| CPU/user/sys    | CPU-bound vs wait-bound split      | `/usr/bin/time -l` locally, Testbox job timing when local CPU is noisy      |
-| heap snapshots  | real leak vs retained module graph | `openclaw-test-heap-leaks` workflow                                         |
-
-Local scoped command with CPU/RSS:
-
-```bash
-timeout 240 /usr/bin/time -l pnpm test <file> --maxWorkers=1 --reporter=verbose
-```
-
-Plugin import memory profile:
-
-```bash
-pnpm build
-pnpm test:extensions:memory -- --top 20 --json .artifacts/test-perf/extensions-memory.json
-```
-
-Targeted plugin import memory:
-
-```bash
-pnpm test:extensions:memory -- --extension discord --extension telegram --skip-combined
-```
-
-Heap/RSS escalation:
-
-```bash
-OPENCLAW_TEST_MEMORY_TRACE=1 \
-OPENCLAW_TEST_HEAPSNAPSHOT_INTERVAL_MS=60000 \
-OPENCLAW_TEST_HEAPSNAPSHOT_DIR=.tmp/heapsnap \
-OPENCLAW_TEST_WORKERS=2 \
-OPENCLAW_TEST_MAX_OLD_SPACE_SIZE_MB=6144 \
-pnpm test
-```
-
-Use `openclaw-test-heap-leaks` when RSS keeps growing across intervals, workers
-OOM, or the suspect command has app-object retention. Do not call RSS growth a
-leak until snapshots or retainers support it.
-
 ## Common Root Causes

 - Full bundled channel/plugin runtime loaded for static data.
@@ -156,12 +64,6 @@ leak until snapshots or retainers support it.
  parser would suffice.
 - Broad `api.ts`, `runtime-api.ts`, `test-api.ts`, or plugin-sdk barrels pulled
  into hot tests.
- SDK root aliases or package barrels pulling focused subpaths back into a broad
-  plugin graph.
- Plugin-inspector loading runtime code just to render metadata, reports, or CI
-  policy scores.
- Bundled plugin capture reusing real config/home state instead of synthetic,
-  redacted, isolated state.
 - Partial-real mocks using `importActual()` around broad modules.
 - `vi.resetModules()` plus fresh imports in per-test loops.
 - Test plugin registry seeded in `beforeAll` while runtime state resets in
@@ -170,10 +72,6 @@ leak until snapshots or retainers support it.
 - Runtime/default model/auth selection paid by idle snapshots or fixtures.
 - Plugin-owned media/action discovery triggered before checking whether args
  contain plugin-owned fields.
- Timings missing from `test/fixtures/test-timings.unit.json`, causing hotspot
-  files to stay in shared workers.
- Parallel Vitest runs sharing `node_modules/.experimental-vitest-cache` without
-  distinct `OPENCLAW_VITEST_FS_MODULE_CACHE_PATH` values.

 ## Benchmark Commands

@@ -199,25 +97,6 @@ pnpm test:perf:groups --full-suite --allow-failures \
  --output .artifacts/test-perf/<name>.json
 ```

-Extension batch:
-
-```bash
-pnpm test:extensions:batch <plugin[,plugin...]> -- --reporter=verbose
-```
-
-All extension tests:
-
-```bash
-pnpm test:extensions
-```
-
-Package-boundary plugin checks:
-
-```bash
-pnpm run test:extensions:package-boundary:canary
-pnpm run test:extensions:package-boundary:compile
-```
-
 Reuse an existing Vitest JSON report:

 ```bash
@@ -228,26 +107,19 @@ pnpm test:perf:groups --report <vitest-json> \
 ## Verification

 - Always run the targeted test surface that proves the change.
- For source changes, run `pnpm check:changed` before push; in maintainer
-  Testbox mode run it in the warmed Testbox.
- For test-only changes, run `pnpm test:changed` or the exact edited tests.
+- Run `pnpm check` before commit unless the change is docs-only and the hook
+  handles it.
 - Run `pnpm build` when touching lazy-loading, bundled artifacts, package
  boundaries, dynamic imports, build output, or public surfaces.
- For plugin SDK/barrel/runtime changes, add `pnpm plugin-sdk:api:check` or
-  `pnpm plugin-sdk:api:gen` when the API surface may drift.
- For plugin-suite perf fixes, verify at least one representative plugin batch
-  plus the changed gate; use Package Acceptance if the bug only exists in a
-  packed artifact.
 - If deps are missing/stale, run `pnpm install` and retry the exact failed
  command once.
 - Use the report format:

 ```markdown
-| Metric         | Before |  After |          Gain |
-| -------------- | -----: | -----: | ------------: |
-| File wall time |   `Xs` |   `Ys` |  `-Zs` (`P%`) |
-| Max RSS        |  `XMB` |  `YMB` | `-ZMB` (`P%`) |
-| CPU user/sys   | `X/Ys` | `A/Bs` |       explain |
+| Metric         | Before | After |          Gain |
+| -------------- | -----: | ----: | ------------: |
+| File wall time |   `Xs` |  `Ys` |  `-Zs` (`P%`) |
+| Max RSS        |  `XMB` | `YMB` | `-ZMB` (`P%`) |
 ```

 ## Handoff
@@ -255,12 +127,8 @@ pnpm test:perf:groups --report <vitest-json> \
 Keep the final concise:

 - Root cause.
- Suite/plugin scope.
 - Files changed.
- Before/after wall, Vitest/import, CPU, and RSS numbers where available.
- Leak classification if memory was involved: real leak, retained module graph,
-  or inconclusive.
+- Before/after numbers.
 - Coverage retained.
 - Verification commands.
- Testbox ID or workflow URL for remote proof.
 - Commit hash and push status.
--- a/.agents/skills/openclaw-test-performance/agents/openai.yaml
+++ b/.agents/skills/openclaw-test-performance/agents/openai.yaml
@@ -1,6 +1,6 @@
 interface:
  display_name: "OpenClaw Test Performance"
-  short_description: "Benchmark tests, plugin suites, CPU, RSS, and heap growth"
-  default_prompt: "Use $openclaw-test-performance to reassess OpenClaw test and plugin-suite performance, collect wall/import/CPU/RSS metrics, investigate memory growth when needed, fix the next real hotspot without losing coverage, update the report, and commit scoped changes."
+  short_description: "Benchmark and fix slow OpenClaw tests"
+  default_prompt: "Use $openclaw-test-performance to reassess the OpenClaw test benchmark, identify the next real hotspot, fix it without losing coverage, update the report, and commit scoped changes."
 policy:
  allow_implicit_invocation: false
--- a/.agents/skills/openclaw-testing/SKILL.md
+++ b/.agents/skills/openclaw-testing/SKILL.md
@@ -76,9 +76,6 @@ Use targeted file paths whenever possible. Avoid raw `vitest`; use the repo
 - Direct test edits run themselves. Source edits prefer explicit mappings,
  sibling `*.test.ts`, then import-graph dependents. Shared harness/config/root
  edits are skipped by default unless they have precise mapped tests.
- Shared group-room delivery config and source-reply prompt edits are precise
-  mapped tests: they run the core auto-reply regressions plus Discord and Slack
-  delivery tests so cross-channel default changes fail before a PR push.
 - Public SDK or contract edits do not automatically run every plugin test.
  `check:changed` proves extension type contracts; the agent chooses the
  smallest plugin/contract Vitest proof that matches the actual risk.
@@ -137,10 +134,8 @@ workflow ref input; choose the trusted harness by choosing the workflow run ref.
 Use `release_profile=minimum|stable|full` to control live/provider breadth:
 `minimum` keeps the fastest OpenAI/core release-critical set, `stable` adds the
 stable provider/backend set, and `full` adds the broad advisory provider/media
-matrix. Do not make `full` faster by silently dropping suites; optimize setup,
-artifact reuse, and sharding instead. The parent verifier job appends
-slowest-job tables for child runs; rerun only that verifier after a child rerun
-turns green.
+matrix. The parent verifier job appends slowest-job tables for child runs; rerun
+only that verifier after a child rerun turns green.

 If a full run is already active on a newer `origin/main`, prefer watching that
 run over dispatching a duplicate. If you accidentally dispatch a stale duplicate,
@@ -216,17 +211,8 @@ gh workflow run openclaw-release-checks.yml \
 Release-check rerun groups are `all`, `install-smoke`, `cross-os`, `live-e2e`,
 `package`, `qa`, `qa-parity`, and `qa-live`.
 `OpenClaw Release Checks` uses the trusted workflow ref to resolve the selected
-ref once as `release-package-under-test` and passes that artifact into cross-OS
-release checks, release-path Docker live/E2E checks, and Package Acceptance.
-When `Full Release Validation` dispatches release checks, it passes the requested
-branch/tag plus an `expected_sha` so branch/tag refs resolve through the fast
-remote-ref path while the package and QA jobs still validate the exact SHA.
-
-The release Docker path intentionally shards the plugin/runtime tail. The
-workflow uses `plugins-runtime-plugins`, `plugins-runtime-services`, and
-`plugins-runtime-install-a` through `plugins-runtime-install-d`; aggregate
-aliases such as `plugins-runtime-core`, `plugins-runtime`, and
-`plugins-integrations` remain for manual reruns.
+ref once as `release-package-under-test` and passes that artifact into both
+release-path Docker live/E2E checks and Package Acceptance.

 The release QA parity box is internally split into candidate and baseline lane
 jobs, followed by a report job that downloads both artifacts and runs
@@ -286,15 +272,12 @@ Useful knobs:
 - blank `live_model_providers`: run the full live-model provider matrix.

 Release-path Docker chunks are currently `core`, `package-update-openai`,
-`package-update-anthropic`, `package-update-core`,
-`plugins-runtime-plugins`, `plugins-runtime-services`,
+`package-update-anthropic`, `package-update-core`, `plugins-runtime-core`,
 `plugins-runtime-install-a`, `plugins-runtime-install-b`,
-`plugins-runtime-install-c`, `plugins-runtime-install-d`,
 `bundled-channels-core`, `bundled-channels-update-a`,
 `bundled-channels-update-b`, and `bundled-channels-contracts`. The aggregate
-`bundled-channels`, `plugins-runtime-core`, `plugins-runtime`, and
-`plugins-integrations` chunks remain valid for manual one-shot reruns, but
-release checks use the split chunks.
+`bundled-channels` chunk remains valid for manual one-shot reruns, but release
+checks use the split chunks.

 When live suites are enabled, the workflow shards broad native `pnpm test:live`
 coverage through `scripts/test-live-shard.mjs` instead of one serial `live-all`
@@ -377,22 +360,18 @@ image. Release-path normal mode fans out into smaller Docker chunk jobs:
 - `package-update-openai`
 - `package-update-anthropic`
 - `package-update-core`
- `plugins-runtime-plugins`
- `plugins-runtime-services`
+- `plugins-runtime-core`
 - `plugins-runtime-install-a`
 - `plugins-runtime-install-b`
- `plugins-runtime-install-c`
- `plugins-runtime-install-d`
 - `bundled-channels`

-OpenWebUI is folded into `plugins-runtime-services` for full release-path
-coverage and keeps a standalone `openwebui` chunk only for OpenWebUI-only
-dispatches. The legacy `package-update`, `plugins-runtime-core`,
-`plugins-runtime`, and `plugins-integrations` chunks still work as aggregate
-aliases for manual reruns, but the release workflow uses the split chunks so
-provider installer checks, plugin runtime checks, bundled plugin
-install/uninstall shards, and bundled-channel checks can run on separate
-machines. The bundled-channel runtime-dependency coverage
+OpenWebUI is folded into `plugins-runtime-core` for full release-path coverage
+and keeps a standalone `openwebui` chunk only for OpenWebUI-only dispatches.
+The legacy `package-update`, `plugins-runtime`, and `plugins-integrations`
+chunks still work as aggregate aliases for manual reruns, but the release
+workflow uses the split chunks so provider installer checks, plugin runtime
+checks, bundled plugin install/uninstall shards, and bundled-channel checks can
+run on separate machines. The bundled-channel runtime-dependency coverage
 inside `bundled-channels`
 uses the split `bundled-channel-*` and `bundled-channel-update-*` lanes rather
 than the serial `bundled-channel-deps` lane, so failures produce cheap targeted
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -9,8 +9,6 @@
 /.github/dependabot.yml @openclaw/secops
 /.github/codeql/ @openclaw/secops
 /.github/workflows/codeql.yml @openclaw/secops
-/.github/workflows/codeql-android-critical-security.yml @openclaw/secops
-/.github/workflows/codeql-critical-quality.yml @openclaw/secops
 /src/security/ @openclaw/secops
 /src/secrets/ @openclaw/secops
 /src/config/*secret*.ts @openclaw/secops
--- a/.github/codeql/codeql-agent-runtime-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-agent-runtime-boundary-critical-quality.yml
@@ -1,53 +0,0 @@
-name: openclaw-codeql-agent-runtime-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/acp/control-plane
-  - src/agents/command
-  - src/agents/cli-runner
-  - src/agents/pi-embedded-runner
-  - src/agents/tools
-  - src/agents/*completion*.ts
-  - src/agents/*transport*.ts
-  - src/agents/model-*.ts
-  - src/agents/openclaw-tools*.ts
-  - src/agents/provider-*.ts
-  - src/agents/session*.ts
-  - src/agents/tool-call*.ts
-  - src/auto-reply/reply/agent-runner*.ts
-  - src/auto-reply/reply/commands*.ts
-  - src/auto-reply/reply/directive-handling*.ts
-  - src/auto-reply/reply/dispatch-*.ts
-  - src/auto-reply/reply/get-reply-run*.ts
-  - src/auto-reply/reply/provider-dispatcher*.ts
-  - src/auto-reply/reply/queue*.ts
-  - src/auto-reply/reply/reply-run-registry*.ts
-  - src/auto-reply/reply/session*.ts
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-android-critical-security.yml
+++ b/.github/codeql/codeql-android-critical-security.yml
@@ -5,15 +5,6 @@ disable-default-queries: true
 queries:
  - uses: security-extended

-query-filters:
-  # Android canvas intentionally runs trusted A2UI JavaScript; keep this profile focused on exploitable WebView edges.
-  - exclude:
-      id: java/android/websettings-javascript-enabled
-  # Gateway TLS already pins verified certificate SHA-256 fingerprints. OkHttp CertificatePinner pins SPKI hashes,
-  # so this query is noisy for OpenClaw's TOFU/local-gateway trust model and does not belong in the critical profile.
-  - exclude:
-      id: java/android/missing-certificate-pinning
-
 paths:
  - apps/android/app/src/main

--- a/.github/codeql/codeql-channel-runtime-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-channel-runtime-boundary-critical-quality.yml
@@ -1,33 +0,0 @@
-name: openclaw-codeql-channel-runtime-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/channels
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-channel-runtime-boundary-critical-security.yml
+++ b/.github/codeql/codeql-channel-runtime-boundary-critical-security.yml
@@ -1,50 +0,0 @@
-name: openclaw-codeql-channel-runtime-boundary-critical-security
-
-disable-default-queries: true
-
-queries:
-  - uses: security-extended
-
-query-filters:
-  - include:
-      precision:
-        - high
-        - very-high
-  - exclude:
-      problem.severity:
-        - recommendation
-        - warning
-
-paths:
-  - src/channels
-  - src/config/channel-*.ts
-  - src/config/types.channel*.ts
-  - src/gateway/server-channel*.ts
-  - src/gateway/server-methods/channels.ts
-  - src/gateway/protocol/schema/channels.ts
-  - src/infra/channel-*.ts
-  - src/infra/exec-approval-channel-runtime.ts
-  - src/infra/outbound/channel-*.ts
-  - src/plugin-sdk/channel-*.ts
-  - src/plugins/channel-*.ts
-  - src/plugins/bundled-channel-*.ts
-  - src/plugins/runtime/*channel*.ts
-  - src/secrets/channel-*.ts
-  - src/secrets/runtime-config-collectors-channels.ts
-  - src/security/audit-channel*.ts
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-config-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-config-boundary-critical-quality.yml
@@ -1,33 +0,0 @@
-name: openclaw-codeql-config-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/config
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-gateway-runtime-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-gateway-runtime-boundary-critical-quality.yml
@@ -1,34 +0,0 @@
-name: openclaw-codeql-gateway-runtime-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/gateway/protocol
-  - src/gateway/server-methods
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-javascript-typescript-critical-quality.yml
+++ b/.github/codeql/codeql-javascript-typescript-critical-quality.yml
@@ -22,6 +22,7 @@ paths:
  - src/agents/sandbox
  - src/agents/sandbox.ts
  - src/agents/sandbox-*.ts
+  - src/config
  - src/cron/service/jobs.ts
  - src/cron/stagger.ts
  - src/gateway/*auth*.ts
--- a/.github/codeql/codeql-plugin-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-plugin-boundary-critical-quality.yml
@@ -1,76 +0,0 @@
-name: openclaw-codeql-plugin-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/plugins/activation-planner.ts
-  - src/plugins/api-builder.ts
-  - src/plugins/bundled-compat.ts
-  - src/plugins/bundled-dir.ts
-  - src/plugins/bundled-plugin-metadata.ts
-  - src/plugins/bundled-public-surface-runtime-root.ts
-  - src/plugins/bundled-runtime-deps.ts
-  - src/plugins/bundled-runtime-root.ts
-  - src/plugins/captured-registration.ts
-  - src/plugins/config-activation-shared.ts
-  - src/plugins/config-contracts.ts
-  - src/plugins/config-normalization-shared.ts
-  - src/plugins/config-policy.ts
-  - src/plugins/config-schema.ts
-  - src/plugins/config-state.ts
-  - src/plugins/discovery.ts
-  - src/plugins/effective-plugin-ids.ts
-  - src/plugins/externalized-bundled-plugins.ts
-  - src/plugins/installed-plugin-index*.ts
-  - src/plugins/loader*.ts
-  - src/plugins/manifest*.ts
-  - src/plugins/module-export.ts
-  - src/plugins/package-entrypoints.ts
-  - src/plugins/plugin-registry*.ts
-  - src/plugins/provider-contract-public-artifacts.ts
-  - src/plugins/provider-public-artifacts.ts
-  - src/plugins/public-surface*.ts
-  - src/plugins/registry.ts
-  - src/plugins/registry-types.ts
-  - src/plugins/runtime
-  - src/plugins/runtime-state.ts
-  - src/plugins/runtime.ts
-  - src/plugins/sdk-alias.ts
-  - src/plugins/source-loader.ts
-  - src/plugins/types.ts
-  - src/plugins/validation-diagnostics.ts
-  - src/plugins/web-provider-public-artifacts*.ts
-  - src/plugin-sdk/*entry*.ts
-  - src/plugin-sdk/*facade*.ts
-  - src/plugin-sdk/api-baseline.ts
-  - src/plugin-sdk/config-schema.ts
-  - src/plugin-sdk/config-types.ts
-  - src/plugin-sdk/core.ts
-  - src/plugin-sdk/extension-shared.ts
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/workflows/ci-build-artifacts-testbox.yml
+++ b/.github/workflows/ci-build-artifacts-testbox.yml
@@ -26,7 +26,7 @@ jobs:
    timeout-minutes: 35
    steps:
      - name: Begin Testbox
-        uses: useblacksmith/begin-testbox@d0e04585c26905fdd92c94a09c159544c7ee1b67
+        uses: useblacksmith/begin-testbox@v2
        with:
          testbox_id: ${{ inputs.testbox_id }}

@@ -218,7 +218,7 @@ jobs:
        run: bash scripts/ci-hydrate-testbox-env.sh

      - name: Run Testbox
-        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
+        uses: useblacksmith/run-testbox@v2
        if: always()
        env:
          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
--- a/.github/workflows/ci-check-testbox.yml
+++ b/.github/workflows/ci-check-testbox.yml
@@ -25,7 +25,7 @@ jobs:
    timeout-minutes: 30
    steps:
      - name: Begin Testbox
-        uses: useblacksmith/begin-testbox@d0e04585c26905fdd92c94a09c159544c7ee1b67
+        uses: useblacksmith/begin-testbox@v2
        with:
          testbox_id: ${{ inputs.testbox_id }}
      - name: Checkout
@@ -121,7 +121,7 @@ jobs:
        run: bash scripts/ci-hydrate-testbox-env.sh

      - name: Run Testbox
-        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
+        uses: useblacksmith/run-testbox@v2
        if: always()
        env:
          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -36,7 +36,7 @@ jobs:
    runs-on: ubuntu-24.04
    timeout-minutes: 20
    outputs:
-      checkout_revision: ${{ steps.checkout_ref.outputs.sha }}
+      checkout_sha: ${{ steps.checkout_ref.outputs.sha }}
      docs_only: ${{ steps.manifest.outputs.docs_only }}
      docs_changed: ${{ steps.manifest.outputs.docs_changed }}
      run_node: ${{ steps.manifest.outputs.run_node }}
@@ -59,10 +59,6 @@ jobs:
      checks_node_core_dist_matrix: ${{ steps.manifest.outputs.checks_node_core_dist_matrix }}
      run_check: ${{ steps.manifest.outputs.run_check }}
      run_check_additional: ${{ steps.manifest.outputs.run_check_additional }}
-      run_plugin_prerelease_suite: ${{ steps.manifest.outputs.run_plugin_prerelease_suite }}
-      plugin_prerelease_ref: ${{ steps.manifest.outputs.plugin_prerelease_ref }}
-      plugin_prerelease_static_matrix: ${{ steps.manifest.outputs.plugin_prerelease_static_matrix }}
-      plugin_prerelease_docker_lanes: ${{ steps.manifest.outputs.plugin_prerelease_docker_lanes }}
      run_build_smoke: ${{ steps.manifest.outputs.run_build_smoke }}
      run_check_docs: ${{ steps.manifest.outputs.run_check_docs }}
      run_control_ui_i18n: ${{ steps.manifest.outputs.run_control_ui_i18n }}
@@ -128,10 +124,6 @@ jobs:
          OPENCLAW_CI_RUN_NODE_FAST_CI_ROUTING: ${{ github.event_name == 'workflow_dispatch' && 'false' || steps.changed_scope.outputs.run_node_fast_ci_routing || 'false' }}
          OPENCLAW_CI_RUN_SKILLS_PYTHON: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_skills_python || 'false' }}
          OPENCLAW_CI_RUN_CONTROL_UI_I18N: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_control_ui_i18n || 'false' }}
-          OPENCLAW_CI_CHECKOUT_REVISION: ${{ steps.checkout_ref.outputs.sha }}
-          OPENCLAW_CI_EVENT_NAME: ${{ github.event_name }}
-          OPENCLAW_CI_PR_HEAD_REPOSITORY: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name || github.repository }}
-          OPENCLAW_CI_PR_HEAD_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || '' }}
          OPENCLAW_CI_REPOSITORY: ${{ github.repository }}
        run: |
          node --input-type=module <<'EOF'
@@ -139,9 +131,6 @@ jobs:
          import {
            createNodeTestShards,
          } from "./scripts/lib/ci-node-test-plan.mjs";
-          import {
-            assertPluginPrereleaseTestPlanComplete,
-          } from "./scripts/lib/plugin-prerelease-test-plan.mjs";
          import {
            createChannelContractTestShards,
          } from "./scripts/lib/channel-contract-test-plan.mjs";
@@ -184,16 +173,6 @@ jobs:
          const runSkillsPython = parseBoolean(process.env.OPENCLAW_CI_RUN_SKILLS_PYTHON) && !docsOnly;
          const runControlUiI18n =
            parseBoolean(process.env.OPENCLAW_CI_RUN_CONTROL_UI_I18N) && !docsOnly;
-          const pluginPrereleasePlan = assertPluginPrereleaseTestPlanComplete();
-          const trustedPluginPrereleaseRef =
-            process.env.OPENCLAW_CI_EVENT_NAME !== "pull_request" ||
-            process.env.OPENCLAW_CI_PR_HEAD_REPOSITORY === process.env.OPENCLAW_CI_REPOSITORY;
-          const pluginPrereleaseRef =
-            process.env.OPENCLAW_CI_EVENT_NAME === "pull_request" && trustedPluginPrereleaseRef
-              ? process.env.OPENCLAW_CI_PR_HEAD_SHA
-              : process.env.OPENCLAW_CI_CHECKOUT_REVISION;
-          const runPluginPrereleaseSuite =
-            runNodeFull && isCanonicalRepository && trustedPluginPrereleaseRef;
          const extensionTestShardCount = isCanonicalRepository
            ? DEFAULT_EXTENSION_TEST_SHARD_COUNT
            : Math.max(DEFAULT_EXTENSION_TEST_SHARD_COUNT, 36);
@@ -285,20 +264,6 @@ jobs:
            checks_node_core_dist_matrix: createMatrix(nodeTestDistShards),
            run_check: runNodeFull,
            run_check_additional: runNodeFull,
-            run_plugin_prerelease_suite: runPluginPrereleaseSuite,
-            plugin_prerelease_ref: runPluginPrereleaseSuite ? pluginPrereleaseRef : "",
-            plugin_prerelease_static_matrix: createMatrix(
-              runPluginPrereleaseSuite
-                ? pluginPrereleasePlan.staticChecks.map((check) => ({
-                    check_name: check.checkName,
-                    command: check.command,
-                    task: check.check,
-                  }))
-                : [],
-            ),
-            plugin_prerelease_docker_lanes: runPluginPrereleaseSuite
-              ? pluginPrereleasePlan.dockerLanes.join(" ")
-              : "",
            run_build_smoke: runNodeFull,
            run_check_docs: docsChanged,
            run_control_ui_i18n: runControlUiI18n,
@@ -503,7 +468,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -575,7 +540,7 @@ jobs:
          path: |
            dist/
            dist-runtime/
-          key: ${{ runner.os }}-dist-build-${{ needs.preflight.outputs.checkout_revision }}
+          key: ${{ runner.os }}-dist-build-${{ needs.preflight.outputs.checkout_sha }}

      - name: Pack built runtime artifacts
        run: tar --posix -cf dist-runtime-build.tar.zst --use-compress-program zstdmt dist dist-runtime
@@ -704,7 +669,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -799,7 +764,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -902,7 +867,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -970,7 +935,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1090,7 +1055,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1170,7 +1135,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1357,7 +1322,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1489,7 +1454,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1656,91 +1621,6 @@ jobs:
            exit 1
          fi

-  plugin-prerelease-static-shard:
-    permissions:
-      contents: read
-    name: ${{ matrix.check_name }}
-    needs: [preflight]
-    if: needs.preflight.outputs.run_plugin_prerelease_suite == 'true'
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 45
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.preflight.outputs.plugin_prerelease_static_matrix) }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
-          fetch-depth: 1
-          fetch-tags: false
-          persist-credentials: false
-          submodules: false
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          install-bun: "false"
-
-      - name: Run plugin prerelease static shard
-        env:
-          PLUGIN_PRERELEASE_COMMAND: ${{ matrix.command }}
-          PLUGIN_PRERELEASE_TASK: ${{ matrix.task }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          echo "Running ${PLUGIN_PRERELEASE_TASK}: ${PLUGIN_PRERELEASE_COMMAND}"
-          bash -c "$PLUGIN_PRERELEASE_COMMAND"
-
-  plugin-prerelease-docker-suite:
-    name: plugin-prerelease-docker-suite
-    needs: [preflight]
-    if: needs.preflight.outputs.run_plugin_prerelease_suite == 'true'
-    permissions:
-      actions: read
-      contents: read
-      packages: write
-      pull-requests: read
-    uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
-    with:
-      ref: ${{ needs.preflight.outputs.plugin_prerelease_ref }}
-      include_repo_e2e: false
-      include_release_path_suites: false
-      include_openwebui: false
-      docker_lanes: ${{ needs.preflight.outputs.plugin_prerelease_docker_lanes }}
-      include_live_suites: false
-      live_models_only: false
-
-  plugin-prerelease-suite:
-    permissions:
-      contents: read
-    name: plugin-prerelease-suite
-    needs: [preflight, plugin-prerelease-static-shard, plugin-prerelease-docker-suite]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_plugin_prerelease_suite == 'true' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify plugin prerelease suite
-        env:
-          DOCKER_RESULT: ${{ needs.plugin-prerelease-docker-suite.result }}
-          STATIC_RESULT: ${{ needs.plugin-prerelease-static-shard.result }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          failed=0
-          for result in \
-            "plugin-prerelease-static=${STATIC_RESULT}" \
-            "plugin-prerelease-docker=${DOCKER_RESULT}"
-          do
-            name="${result%%=*}"
-            status="${result#*=}"
-            if [ "$status" != "success" ]; then
-              echo "::error::${name} ended with ${status}"
-              failed=1
-            fi
-          done
-          exit "$failed"
-
  build-smoke:
    permissions:
      contents: read
@@ -1772,7 +1652,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1835,7 +1715,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -1878,7 +1758,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -1983,7 +1863,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -2024,7 +1904,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -2125,7 +2005,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
--- a/.github/workflows/clawsweeper-dispatch.yml
+++ b/.github/workflows/clawsweeper-dispatch.yml
@@ -1,66 +0,0 @@
-name: ClawSweeper Dispatch
-
-on:
-  issues:
-    types: [opened, reopened, edited, labeled, unlabeled]
-  pull_request_target: # zizmor: ignore[dangerous-triggers] maintainer-owned external dispatch; no checkout or untrusted PR code execution
-    types: [opened, reopened, synchronize, ready_for_review, edited, labeled, unlabeled]
-
-permissions:
-  contents: read
-
-concurrency:
-  group: clawsweeper-dispatch-${{ github.repository }}-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: ${{ github.event.action == 'edited' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review' }}
-
-jobs:
-  dispatch:
-    runs-on: ubuntu-latest
-    if: ${{ !(endsWith(github.actor, '[bot]') && (github.event.action == 'labeled' || github.event.action == 'unlabeled')) }}
-    env:
-      HAS_CLAWSWEEPER_APP_PRIVATE_KEY: ${{ secrets.CLAWSWEEPER_APP_PRIVATE_KEY != '' }}
-      CLAWSWEEPER_APP_CLIENT_ID: Iv23liOECG0slfuhz093
-      SUPERSEDES_IN_PROGRESS: ${{ (github.event.action == 'edited' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review') && 'true' || 'false' }}
-    steps:
-      - name: Debounce bursty metadata events
-        if: ${{ github.event.action == 'labeled' || github.event.action == 'unlabeled' }}
-        run: sleep 20
-
-      - name: Create ClawSweeper dispatch token
-        id: token
-        if: ${{ env.HAS_CLAWSWEEPER_APP_PRIVATE_KEY == 'true' }}
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
-        with:
-          client-id: ${{ env.CLAWSWEEPER_APP_CLIENT_ID }}
-          private-key: ${{ secrets.CLAWSWEEPER_APP_PRIVATE_KEY }}
-          owner: openclaw
-          repositories: clawsweeper
-
-      - name: Dispatch exact ClawSweeper review
-        env:
-          GH_TOKEN: ${{ steps.token.outputs.token || secrets.OPENCLAW_GH_TOKEN }}
-          TARGET_REPO: ${{ github.repository }}
-          ITEM_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }}
-          ITEM_KIND: ${{ github.event_name == 'pull_request_target' && 'pull_request' || 'issue' }}
-          SOURCE_EVENT: ${{ github.event_name }}
-          SOURCE_ACTION: ${{ github.event.action }}
-        run: |
-          if [ -z "$GH_TOKEN" ]; then
-            echo "::notice::Skipping ClawSweeper dispatch because no dispatch credential is configured."
-            exit 0
-          fi
-          payload="$(jq -nc \
-            --arg target_repo "$TARGET_REPO" \
-            --argjson item_number "$ITEM_NUMBER" \
-            --arg item_kind "$ITEM_KIND" \
-            --arg source_event "$SOURCE_EVENT" \
-            --arg source_action "$SOURCE_ACTION" \
-            --argjson supersedes_in_progress "$SUPERSEDES_IN_PROGRESS" \
-            '{event_type:"clawsweeper_item",client_payload:{target_repo:$target_repo,item_number:$item_number,item_kind:$item_kind,source_event:$source_event,source_action:$source_action,supersedes_in_progress:$supersedes_in_progress}}')"
-          if gh api repos/openclaw/clawsweeper/dispatches \
-            --method POST \
-            --input - <<< "$payload"; then
-            echo "Dispatched ClawSweeper review."
-          else
-            echo "::warning::Skipping ClawSweeper dispatch because the configured credential could not dispatch to openclaw/clawsweeper."
-          fi
--- a/.github/workflows/codeql-android-critical-security.yml
+++ b/.github/workflows/codeql-android-critical-security.yml
@@ -1,51 +0,0 @@
-name: CodeQL Android Critical Security
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 7 * * *"
-
-concurrency:
-  group: codeql-android-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
-  cancel-in-progress: false
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
-jobs:
-  android:
-    name: Critical Security (android)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 45
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Setup Java
-        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
-        with:
-          distribution: temurin
-          java-version: "21"
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: java-kotlin
-          build-mode: manual
-          config-file: ./.github/codeql/codeql-android-critical-security.yml
-
-      - name: Build Android for CodeQL
-        working-directory: apps/android
-        run: ./gradlew --no-daemon :app:assemblePlayDebug
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-security/android"
--- a/.github/workflows/codeql-critical-quality.yml
+++ b/.github/workflows/codeql-critical-quality.yml
@@ -1,145 +0,0 @@
-name: CodeQL Critical Quality
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "30 6 * * *"
-
-concurrency:
-  group: codeql-critical-quality-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
-  cancel-in-progress: false
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
-jobs:
-  javascript-typescript:
-    name: Critical Quality (javascript-typescript)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-javascript-typescript-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/javascript-typescript"
-
-  config-boundary:
-    name: Critical Quality (config-boundary)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-config-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/config-boundary"
-
-  gateway-runtime-boundary:
-    name: Critical Quality (gateway-runtime-boundary)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-gateway-runtime-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/gateway-runtime-boundary"
-
-  channel-runtime-boundary:
-    name: Critical Quality (channel-runtime-boundary)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-channel-runtime-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/channel-runtime-boundary"
-
-  agent-runtime-boundary:
-    name: Critical Quality (agent-runtime-boundary)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-agent-runtime-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/agent-runtime-boundary"
-
-  plugin-boundary:
-    name: Critical Quality (plugin-boundary)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-plugin-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/plugin-boundary"
--- a/.github/workflows/codeql-macos-critical-security.yml
+++ b/.github/workflows/codeql-macos-critical-security.yml
@@ -1,89 +0,0 @@
-name: CodeQL macOS Critical Security
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 8 * * 1"
-
-concurrency:
-  group: codeql-macos-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
-  cancel-in-progress: false
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
-jobs:
-  macos:
-    name: Critical Security (macOS)
-    runs-on: blacksmith-6vcpu-macos-latest
-    timeout-minutes: 45
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Select Xcode
-        run: |
-          sudo xcode-select -s /Applications/Xcode_26.1.app
-          xcodebuild -version
-          swift --version
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: swift
-          build-mode: manual
-          config-file: ./.github/codeql/codeql-macos-critical-security.yml
-
-      - name: Build macOS for CodeQL
-        run: swift build --package-path apps/macos --product OpenClaw
-
-      - name: Analyze
-        id: analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          output: sarif-results
-          upload: failure-only
-          category: "/codeql-critical-security/macos"
-
-      - name: Remove dependency build results
-        env:
-          SARIF_OUTPUT: sarif-results
-        run: |
-          set -euo pipefail
-          shopt -s nullglob
-
-          if [ ! -d "$SARIF_OUTPUT" ]; then
-            echo "SARIF output directory not found: $SARIF_OUTPUT" >&2
-            exit 1
-          fi
-
-          mkdir -p sarif-results-filtered
-
-          files=("$SARIF_OUTPUT"/*.sarif)
-          if [ "${#files[@]}" -eq 0 ]; then
-            echo "No SARIF files found in $SARIF_OUTPUT" >&2
-            exit 1
-          fi
-
-          for file in "${files[@]}"; do
-            jq '
-              def in_dependency_build:
-                ((.locations // []) | length > 0)
-                and all(.locations[]; (.physicalLocation.artifactLocation.uri? // "") | test("^apps/macos/\\.build/"));
-
-              .runs |= map(.results = ((.results // []) | map(select(in_dependency_build | not))))
-            ' "$file" > "sarif-results-filtered/$(basename "$file")"
-          done
-
-      - name: Upload filtered SARIF
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          sarif_file: sarif-results-filtered
-          category: "/codeql-critical-security/macos"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -4,13 +4,16 @@ on:
  workflow_dispatch:
    inputs:
      profile:
-        description: CodeQL security profile to run
+        description: CodeQL profile to run
        required: false
        default: all
        type: choice
        options:
          - all
          - security
+          - quality
+          - android-security
+          - macos-security
  schedule:
    - cron: "0 6 * * *"

@@ -28,7 +31,7 @@ permissions:

 jobs:
  critical-security:
-    name: Critical Security (${{ matrix.category }})
+    name: Critical Security (${{ matrix.language }})
    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'security' }}
    runs-on: ${{ matrix.runs_on }}
    timeout-minutes: ${{ matrix.timeout_minutes }}
@@ -37,17 +40,10 @@ jobs:
      matrix:
        include:
          - language: javascript-typescript
-            category: javascript-typescript
            runs_on: blacksmith-8vcpu-ubuntu-2404
            timeout_minutes: 25
            config_file: ./.github/codeql/codeql-javascript-typescript-critical-security.yml
-          - language: javascript-typescript
-            category: channel-runtime-boundary
-            runs_on: blacksmith-8vcpu-ubuntu-2404
-            timeout_minutes: 25
-            config_file: ./.github/codeql/codeql-channel-runtime-boundary-critical-security.yml
          - language: actions
-            category: actions
            runs_on: blacksmith-8vcpu-ubuntu-2404
            timeout_minutes: 10
            config_file: ./.github/codeql/codeql-actions-critical-security.yml
@@ -66,4 +62,130 @@ jobs:
      - name: Analyze
        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
        with:
-          category: "/codeql-critical-security/${{ matrix.category }}"
+          category: "/codeql-critical-security/${{ matrix.language }}"
+
+  critical-quality:
+    name: Critical Quality (javascript-typescript)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'quality' }}
+    runs-on: blacksmith-8vcpu-ubuntu-2404
+    timeout-minutes: 25
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          submodules: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          languages: javascript-typescript
+          config-file: ./.github/codeql/codeql-javascript-typescript-critical-quality.yml
+
+      - name: Analyze
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          category: "/codeql-critical-quality/javascript-typescript"
+
+  android-security:
+    name: Critical Security (android)
+    if: ${{ github.event_name == 'workflow_dispatch' && inputs.profile == 'android-security' }}
+    runs-on: blacksmith-8vcpu-ubuntu-2404
+    timeout-minutes: 45
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          submodules: false
+
+      - name: Setup Java
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+        with:
+          distribution: temurin
+          java-version: "21"
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          languages: java-kotlin
+          build-mode: manual
+          config-file: ./.github/codeql/codeql-android-critical-security.yml
+
+      - name: Build Android for CodeQL
+        working-directory: apps/android
+        run: ./gradlew --no-daemon :app:assemblePlayDebug
+
+      - name: Analyze
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          category: "/codeql-critical-security/android"
+
+  macos-security:
+    name: Critical Security (macOS)
+    if: ${{ github.event_name == 'workflow_dispatch' && inputs.profile == 'macos-security' }}
+    runs-on: blacksmith-6vcpu-macos-latest
+    timeout-minutes: 45
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          submodules: false
+
+      - name: Select Xcode
+        run: |
+          sudo xcode-select -s /Applications/Xcode_26.1.app
+          xcodebuild -version
+          swift --version
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          languages: swift
+          build-mode: manual
+          config-file: ./.github/codeql/codeql-macos-critical-security.yml
+
+      - name: Build macOS for CodeQL
+        run: swift build --package-path apps/macos --product OpenClaw
+
+      - name: Analyze
+        id: analyze
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          output: sarif-results
+          upload: failure-only
+          category: "/codeql-critical-security/macos"
+
+      - name: Remove dependency build results
+        env:
+          SARIF_OUTPUT: sarif-results
+        run: |
+          set -euo pipefail
+          shopt -s nullglob
+
+          if [ ! -d "$SARIF_OUTPUT" ]; then
+            echo "SARIF output directory not found: $SARIF_OUTPUT" >&2
+            exit 1
+          fi
+
+          mkdir -p sarif-results-filtered
+
+          files=("$SARIF_OUTPUT"/*.sarif)
+          if [ "${#files[@]}" -eq 0 ]; then
+            echo "No SARIF files found in $SARIF_OUTPUT" >&2
+            exit 1
+          fi
+
+          for file in "${files[@]}"; do
+            jq '
+              def in_dependency_build:
+                ((.locations // []) | length > 0)
+                and all(.locations[]; (.physicalLocation.artifactLocation.uri? // "") | test("^apps/macos/\\.build/"));
+
+              .runs |= map(.results = ((.results // []) | map(select(in_dependency_build | not))))
+            ' "$file" > "sarif-results-filtered/$(basename "$file")"
+          done
+
+      - name: Upload filtered SARIF
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          sarif_file: sarif-results-filtered
+          category: "/codeql-critical-security/macos"
--- a/.github/workflows/docs-agent.yml
+++ b/.github/workflows/docs-agent.yml
@@ -149,7 +149,7 @@ jobs:

      - name: Run Codex docs agent
        if: steps.gate.outputs.run_agent == 'true'
-        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02
+        uses: openai/codex-action@v1
        env:
          DOCS_AGENT_BASE_SHA: ${{ steps.gate.outputs.review_base_sha }}
          DOCS_AGENT_HEAD_SHA: ${{ steps.gate.outputs.review_head_sha }}
--- a/.github/workflows/full-release-validation.yml
+++ b/.github/workflows/full-release-validation.yml
@@ -82,7 +82,7 @@ permissions:

 concurrency:
  group: full-release-validation-${{ inputs.ref }}
-  cancel-in-progress: ${{ inputs.ref == 'main' }}
+  cancel-in-progress: false

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
@@ -96,23 +96,17 @@ jobs:
    outputs:
      sha: ${{ steps.resolve.outputs.sha }}
    steps:
-      - name: Checkout trusted workflow helper
+      - name: Checkout target ref
        uses: actions/checkout@v6
        with:
-          ref: ${{ github.ref_name }}
-          path: workflow
-          fetch-depth: 1
+          ref: ${{ inputs.ref }}
+          fetch-depth: 0
          persist-credentials: false
          submodules: false

      - name: Resolve target SHA
        id: resolve
-        env:
-          TARGET_REF: ${{ inputs.ref }}
-        run: |
-          bash workflow/scripts/github/resolve-openclaw-ref.sh \
-            --ref "$TARGET_REF" \
-            --github-output "$GITHUB_OUTPUT"
+        run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"

      - name: Summarize target
        env:
@@ -207,19 +201,6 @@ jobs:
            echo "Dispatched ${workflow}: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}"
            echo "run_id=${run_id}" >> "$GITHUB_OUTPUT"

-            cleanup_child_run() {
-              local exit_code=$?
-              trap - EXIT INT TERM
-              local child_status
-              child_status="$(gh run view "$run_id" --json status --jq '.status' 2>/dev/null || true)"
-              if [[ "$child_status" != "completed" ]]; then
-                echo "Cancelling child ${workflow} run ${run_id} after parent exit (${exit_code})."
-                gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-              fi
-              return "$exit_code"
-            }
-            trap cleanup_child_run EXIT INT TERM
-
            while true; do
              status="$(gh run view "$run_id" --json status --jq '.status')"
              if [[ "$status" == "completed" ]]; then
@@ -227,7 +208,6 @@ jobs:
              fi
              sleep 30
            done
-            trap - EXIT INT TERM

            conclusion="$(gh run view "$run_id" --json conclusion --jq '.conclusion')"
            url="$(gh run view "$run_id" --json url --jq '.url')"
@@ -246,23 +226,6 @@ jobs:
            echo "- Target SHA: \`${TARGET_SHA}\`"
          } >> "$GITHUB_STEP_SUMMARY"

-          cancel_same_sha_push_ci() {
-            local run_ids run_id
-            run_ids="$(
-              gh run list --workflow ci.yml --limit 100 --json databaseId,event,headSha,status \
-                --jq 'map(select(.event == "push" and .headSha == env.TARGET_SHA and (.status == "queued" or .status == "in_progress" or .status == "waiting" or .status == "pending"))) | .[].databaseId'
-            )"
-            if [[ -z "${run_ids// }" ]]; then
-              return 0
-            fi
-            while IFS= read -r run_id; do
-              [[ -n "${run_id// }" ]] || continue
-              echo "Cancelling same-SHA push CI run ${run_id}; Full Release Validation dispatches the full manual CI child for ${TARGET_SHA}."
-              gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-            done <<< "$run_ids"
-          }
-
-          cancel_same_sha_push_ci
          dispatch_and_wait ci.yml -f target_ref="$TARGET_SHA"

  release_checks:
@@ -326,19 +289,6 @@ jobs:
            echo "Dispatched ${workflow}: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}"
            echo "run_id=${run_id}" >> "$GITHUB_OUTPUT"

-            cleanup_child_run() {
-              local exit_code=$?
-              trap - EXIT INT TERM
-              local child_status
-              child_status="$(gh run view "$run_id" --json status --jq '.status' 2>/dev/null || true)"
-              if [[ "$child_status" != "completed" ]]; then
-                echo "Cancelling child ${workflow} run ${run_id} after parent exit (${exit_code})."
-                gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-              fi
-              return "$exit_code"
-            }
-            trap cleanup_child_run EXIT INT TERM
-
            while true; do
              status="$(gh run view "$run_id" --json status --jq '.status')"
              if [[ "$status" == "completed" ]]; then
@@ -346,7 +296,6 @@ jobs:
              fi
              sleep 30
            done
-            trap - EXIT INT TERM

            conclusion="$(gh run view "$run_id" --json conclusion --jq '.conclusion')"
            url="$(gh run view "$run_id" --json url --jq '.url')"
@@ -375,8 +324,7 @@ jobs:
          fi

          dispatch_and_wait openclaw-release-checks.yml \
-            -f ref="$TARGET_REF" \
-            -f expected_sha="$TARGET_SHA" \
+            -f ref="$TARGET_SHA" \
            -f provider="$PROVIDER" \
            -f mode="$MODE" \
            -f release_profile="$RELEASE_PROFILE" \
@@ -434,19 +382,6 @@ jobs:
          echo "Dispatched npm-telegram-beta-e2e.yml: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}"
          echo "run_id=${run_id}" >> "$GITHUB_OUTPUT"

-          cleanup_child_run() {
-            local exit_code=$?
-            trap - EXIT INT TERM
-            local child_status
-            child_status="$(gh run view "$run_id" --json status --jq '.status' 2>/dev/null || true)"
-            if [[ "$child_status" != "completed" ]]; then
-              echo "Cancelling npm-telegram-beta-e2e.yml child run ${run_id} after parent exit (${exit_code})."
-              gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-            fi
-            return "$exit_code"
-          }
-          trap cleanup_child_run EXIT INT TERM
-
          while true; do
            status="$(gh run view "$run_id" --json status --jq '.status')"
            if [[ "$status" == "completed" ]]; then
@@ -454,7 +389,6 @@ jobs:
            fi
            sleep 30
          done
-          trap - EXIT INT TERM

          conclusion="$(gh run view "$run_id" --json conclusion --jq '.conclusion')"
          url="$(gh run view "$run_id" --json url --jq '.url')"
--- a/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
+++ b/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
@@ -51,31 +51,6 @@ on:
        required: false
        default: ""
        type: string
-      candidate_artifact_name:
-        description: Optional current-run artifact name containing the candidate OpenClaw tarball
-        required: false
-        default: ""
-        type: string
-      candidate_artifact_run_id:
-        description: Optional workflow run id for candidate_artifact_name
-        required: false
-        default: ""
-        type: string
-      candidate_file_name:
-        description: Optional candidate tarball file name inside candidate_artifact_name
-        required: false
-        default: ""
-        type: string
-      candidate_version:
-        description: Optional candidate OpenClaw package version
-        required: false
-        default: ""
-        type: string
-      candidate_source_sha:
-        description: Optional source SHA used to build the candidate tarball
-        required: false
-        default: ""
-        type: string
  workflow_call:
    inputs:
      ref:
@@ -115,31 +90,6 @@ on:
        required: false
        default: ""
        type: string
-      candidate_artifact_name:
-        description: Optional current-run artifact name containing the candidate OpenClaw tarball
-        required: false
-        default: ""
-        type: string
-      candidate_artifact_run_id:
-        description: Optional workflow run id for candidate_artifact_name
-        required: false
-        default: ""
-        type: string
-      candidate_file_name:
-        description: Optional candidate tarball file name inside candidate_artifact_name
-        required: false
-        default: ""
-        type: string
-      candidate_version:
-        description: Optional candidate OpenClaw package version
-        required: false
-        default: ""
-        type: string
-      candidate_source_sha:
-        description: Optional source SHA used to build the candidate tarball
-        required: false
-        default: ""
-        type: string
    secrets:
      OPENAI_API_KEY:
        required: false
@@ -158,7 +108,7 @@ permissions: read-all

 concurrency:
  group: openclaw-cross-os-release-checks-${{ inputs.ref }}-${{ inputs.provider }}-${{ inputs.mode }}
-  cancel-in-progress: ${{ inputs.ref == 'main' }}
+  cancel-in-progress: false

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
@@ -169,7 +119,7 @@ env:

 jobs:
  prepare:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
    outputs:
      baseline_file_name: ${{ steps.baseline_metadata.outputs.file_name }}
      baseline_spec: ${{ steps.baseline.outputs.value }}
@@ -310,7 +260,6 @@ jobs:
          persist-credentials: false

      - name: Checkout public source ref
-        if: inputs.candidate_artifact_name == ''
        uses: actions/checkout@v6
        with:
          repository: ${{ env.OPENCLAW_REPOSITORY }}
@@ -321,7 +270,7 @@ jobs:
          submodules: recursive

      - name: Setup pnpm
-        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1
+        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}
          run_install: false
@@ -331,13 +280,9 @@ jobs:
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: pnpm
-          cache-dependency-path: ${{ inputs.candidate_artifact_name == '' && 'source/pnpm-lock.yaml' || 'workflow/pnpm-lock.yaml' }}
-
-      - name: Ensure pnpm store cache directory exists
-        run: mkdir -p "$(pnpm store path --silent)"
+          cache-dependency-path: source/pnpm-lock.yaml

      - name: Build candidate artifact once
-        if: inputs.candidate_artifact_name == ''
        env:
          OUTPUT_DIR: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare
        run: |
@@ -346,52 +291,6 @@ jobs:
            --source-dir source \
            --output-dir "${OUTPUT_DIR}"

-      - name: Download provided candidate artifact
-        if: inputs.candidate_artifact_name != ''
-        uses: actions/download-artifact@v8
-        with:
-          name: ${{ inputs.candidate_artifact_name }}
-          run-id: ${{ inputs.candidate_artifact_run_id || github.run_id }}
-          github-token: ${{ github.token }}
-          path: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare/package
-
-      - name: Capture provided candidate artifact metadata
-        if: inputs.candidate_artifact_name != ''
-        env:
-          PACKAGE_DIR: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare/package
-          INPUT_CANDIDATE_FILE_NAME: ${{ inputs.candidate_file_name }}
-          INPUT_CANDIDATE_VERSION: ${{ inputs.candidate_version }}
-          INPUT_CANDIDATE_SOURCE_SHA: ${{ inputs.candidate_source_sha }}
-          CANDIDATE_JSON: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare/candidate.json
-        run: |
-          node <<'NODE'
-          const fs = require("node:fs");
-          const path = require("node:path");
-
-          const packageDir = process.env.PACKAGE_DIR;
-          const requestedFileName = process.env.INPUT_CANDIDATE_FILE_NAME.trim();
-          const files = fs.readdirSync(packageDir).filter((file) => file.endsWith(".tgz"));
-          const candidateFileName = requestedFileName || (files.length === 1 ? files[0] : "");
-          if (!candidateFileName) {
-            throw new Error(`Expected exactly one candidate .tgz in ${packageDir}; found ${files.length}.`);
-          }
-          if (!fs.existsSync(path.join(packageDir, candidateFileName))) {
-            throw new Error(`Provided candidate artifact does not contain ${candidateFileName}.`);
-          }
-          const candidateVersion = process.env.INPUT_CANDIDATE_VERSION.trim();
-          if (!candidateVersion) {
-            throw new Error("candidate_version is required when candidate_artifact_name is provided.");
-          }
-          const sourceSha = process.env.INPUT_CANDIDATE_SOURCE_SHA.trim();
-          if (!/^[0-9a-f]{40}$/iu.test(sourceSha)) {
-            throw new Error("candidate_source_sha must be a full commit SHA when candidate_artifact_name is provided.");
-          }
-          fs.writeFileSync(
-            process.env.CANDIDATE_JSON,
-            `${JSON.stringify({ candidateFileName, candidateVersion, sourceSha }, null, 2)}\n`,
-          );
-          NODE
-
      - name: Resolve baseline package spec
        if: ${{ inputs.mode != 'fresh' }}
        id: baseline
@@ -499,7 +398,7 @@ jobs:
          persist-credentials: false

      - name: Setup pnpm
-        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1
+        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}
          run_install: false
--- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
+++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
@@ -457,36 +457,24 @@ jobs:
          - chunk_id: package-update-core
            label: package/update core
            timeout_minutes: 120
-          - chunk_id: plugins-runtime-plugins
-            label: plugins/runtime plugins
-            timeout_minutes: 120
-          - chunk_id: plugins-runtime-services
-            label: plugins/runtime services
-            timeout_minutes: 120
+          - chunk_id: plugins-runtime-core
+            label: plugins/runtime core
+            timeout_minutes: 180
          - chunk_id: plugins-runtime-install-a
            label: plugins/runtime install A
-            timeout_minutes: 120
+            timeout_minutes: 180
          - chunk_id: plugins-runtime-install-b
            label: plugins/runtime install B
-            timeout_minutes: 120
-          - chunk_id: plugins-runtime-install-c
-            label: plugins/runtime install C
-            timeout_minutes: 120
-          - chunk_id: plugins-runtime-install-d
-            label: plugins/runtime install D
-            timeout_minutes: 120
+            timeout_minutes: 180
          - chunk_id: bundled-channels-core
            label: bundled channels core
            timeout_minutes: 90
          - chunk_id: bundled-channels-update-a
            label: bundled channels update A
-            timeout_minutes: 45
-          - chunk_id: bundled-channels-update-discord
-            label: bundled channels update Discord
-            timeout_minutes: 30
+            timeout_minutes: 90
          - chunk_id: bundled-channels-update-b
            label: bundled channels update B
-            timeout_minutes: 45
+            timeout_minutes: 90
          - chunk_id: bundled-channels-contracts
            label: bundled channels contracts
            timeout_minutes: 90
@@ -612,14 +600,14 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
-          bash .release-harness/scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"
+          docker pull "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"

      - name: Pull shared functional Docker E2E image
        if: steps.plan.outputs.needs_functional_image == '1'
        shell: bash
        run: |
          set -euo pipefail
-          bash .release-harness/scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"
+          docker pull "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"

      - name: Validate Docker E2E credentials
        shell: bash
@@ -803,7 +791,7 @@ jobs:
        id: plan
        shell: bash
        env:
-          LANES: ${{ matrix.group.docker_lanes }}
+          LANES: ${{ inputs.docker_lanes }}
          INCLUDE_OPENWEBUI: ${{ inputs.include_openwebui }}
        run: |
          set -euo pipefail
@@ -835,14 +823,14 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
-          bash .release-harness/scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"
+          docker pull "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"

      - name: Pull shared functional Docker E2E image
        if: steps.plan.outputs.needs_functional_image == '1'
        shell: bash
        run: |
          set -euo pipefail
-          bash .release-harness/scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"
+          docker pull "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"

      - name: Validate Docker E2E credentials
        shell: bash
@@ -980,14 +968,14 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
-          bash .release-harness/scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"
+          docker pull "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"

      - name: Pull shared functional Docker E2E image
        if: steps.plan.outputs.needs_functional_image == '1'
        shell: bash
        run: |
          set -euo pipefail
-          bash .release-harness/scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"
+          docker pull "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"

      - name: Run Open WebUI Docker E2E chunk
        shell: bash
@@ -1609,7 +1597,7 @@ jobs:
            profiles: stable full
          - suite_id: native-live-src-gateway-profiles-openai
            label: Native live gateway profiles OpenAI
-            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=openai OPENCLAW_LIVE_GATEWAY_MODELS=openai/gpt-5.5 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
+            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=openai OPENCLAW_LIVE_GATEWAY_MODELS=openai/gpt-5.2 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
            needs_ffmpeg: false
            profile_env_only: false
@@ -1875,25 +1863,22 @@ jobs:
          case "${{ matrix.suite_id }}" in
            live-cli-backend-docker)
              echo "OPENCLAW_LIVE_CLI_BACKEND_MODEL=codex-cli/gpt-5.5" >> "$GITHUB_ENV"
-              # Keep the release-blocking CI lane on Codex API-key auth. The
-              # staged auth-file path remains supported for local maintainer
-              # reruns, but it can hang on stale subscription/session state in
-              # an otherwise healthy release run.
-              echo "OPENCLAW_LIVE_CLI_BACKEND_AUTH=api-key" >> "$GITHUB_ENV"
-              # Replace the staged config.toml with a minimal CI-safe config so
-              # the repo stays trusted for MCP/tool use without inheriting
-              # maintainer-local provider/profile overrides that do not exist
-              # inside CI.
+              # The CLI backend Docker lane should exercise the same staged
+              # Codex auth path Peter uses locally so MCP cron creation and
+              # multimodal probes stay covered in CI. Replace the staged
+              # config.toml with a minimal CI-safe config so the repo stays
+              # trusted for MCP/tool use without inheriting maintainer-local
+              # provider/profile overrides that do not exist inside CI.
              # Codex's workspace-write sandbox relies on user namespaces that
              # this Docker lane does not provide, so run Codex unsandboxed
              # inside the already-isolated container to keep MCP cron/tool
              # execution representative instead of failing on nested sandbox
              # setup.
+              echo 'OPENCLAW_LIVE_CLI_BACKEND_CLEAR_ENV=["OPENAI_API_KEY","OPENAI_BASE_URL"]' >> "$GITHUB_ENV"
              echo 'OPENCLAW_LIVE_CLI_BACKEND_ARGS=["exec","--json","--color","never","--sandbox","danger-full-access","--skip-git-repo-check"]' >> "$GITHUB_ENV"
              echo 'OPENCLAW_LIVE_CLI_BACKEND_RESUME_ARGS=["exec","resume","{sessionId}","-c","sandbox_mode=\"danger-full-access\"","--skip-git-repo-check"]' >> "$GITHUB_ENV"
              echo "OPENCLAW_LIVE_CLI_BACKEND_DEBUG=1" >> "$GITHUB_ENV"
              echo "OPENCLAW_CLI_BACKEND_LOG_OUTPUT=1" >> "$GITHUB_ENV"
-              echo "OPENCLAW_TEST_CONSOLE=1" >> "$GITHUB_ENV"
              echo "OPENCLAW_LIVE_CLI_BACKEND_USE_CI_SAFE_CODEX_CONFIG=1" >> "$GITHUB_ENV"
              ;;
            live-codex-harness-docker)
@@ -1901,9 +1886,6 @@ jobs:
              # is currently stale, but the wrapper still supports codex-auth for
              # local maintainer reruns without changing Peter's flow.
              echo "OPENCLAW_LIVE_CODEX_HARNESS_AUTH=api-key" >> "$GITHUB_ENV"
-              echo "OPENCLAW_LIVE_CODEX_HARNESS_DEBUG=1" >> "$GITHUB_ENV"
-              echo "OPENCLAW_CLI_BACKEND_LOG_OUTPUT=1" >> "$GITHUB_ENV"
-              echo "OPENCLAW_TEST_CONSOLE=1" >> "$GITHUB_ENV"
              ;;
            live-acp-bind-docker)
              if [[ -n "${GEMINI_API_KEY:-}" || -n "${GOOGLE_API_KEY:-}" ]]; then
--- a/.github/workflows/openclaw-release-checks.yml
+++ b/.github/workflows/openclaw-release-checks.yml
@@ -7,11 +7,6 @@ on:
        description: Branch, tag, or full commit SHA to validate
        required: true
        type: string
-      expected_sha:
-        description: Optional full SHA that ref must resolve to
-        required: false
-        default: ""
-        type: string
      provider:
        description: Provider lane for cross-OS onboarding and the end-to-end agent turn
        required: false
@@ -56,23 +51,23 @@ on:

 concurrency:
  group: openclaw-release-checks-${{ inputs.ref }}
-  cancel-in-progress: ${{ inputs.ref == 'main' }}
+  cancel-in-progress: false

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
  NODE_VERSION: "24.x"
  PNPM_VERSION: "10.33.0"
-  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL || 'openai/gpt-5.5' }}
+  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}

 jobs:
  resolve_target:
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-32vcpu-ubuntu-2404
    timeout-minutes: 30
    permissions:
      contents: read
    outputs:
      ref: ${{ steps.inputs.outputs.ref }}
-      revision: ${{ steps.ref.outputs.sha }}
+      sha: ${{ steps.ref.outputs.sha }}
      provider: ${{ steps.inputs.outputs.provider }}
      mode: ${{ steps.inputs.outputs.mode }}
      release_profile: ${{ steps.inputs.outputs.release_profile }}
@@ -91,56 +86,24 @@ jobs:
      - name: Validate ref input
        env:
          RELEASE_REF: ${{ inputs.ref }}
-          EXPECTED_SHA: ${{ inputs.expected_sha }}
        run: |
          set -euo pipefail
          if [[ -z "${RELEASE_REF// }" ]] || [[ "${RELEASE_REF}" == -* ]]; then
            echo "Expected a branch, tag, or full commit SHA; got: ${RELEASE_REF}" >&2
            exit 1
          fi
-          if [[ -n "${EXPECTED_SHA// }" ]] && [[ ! "${EXPECTED_SHA}" =~ ^[0-9a-fA-F]{40}$ ]]; then
-            echo "Expected expected_sha to be a full commit SHA; got: ${EXPECTED_SHA}" >&2
-            exit 1
-          fi

-      - name: Checkout trusted workflow helper
+      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ github.ref_name }}
-          path: workflow
-          fetch-depth: 1
-
-      - name: Fast-resolve selected ref
-        id: fast_ref
-        env:
-          RELEASE_REF: ${{ inputs.ref }}
-          EXPECTED_SHA: ${{ inputs.expected_sha }}
-        run: |
-          bash workflow/scripts/github/resolve-openclaw-ref.sh \
-            --ref "$RELEASE_REF" \
-            --expected-sha "$EXPECTED_SHA" \
-            --fallback-ok \
-            --github-output "$GITHUB_OUTPUT"
-
-      - name: Checkout selected ref for reachability fallback
-        if: steps.fast_ref.outputs.fallback == 'true'
-        uses: actions/checkout@v6
-        with:
-          persist-credentials: false
          ref: ${{ inputs.ref }}
-          path: source
          fetch-depth: 0

-      - name: Resolve checked-out fallback SHA
-        if: steps.fast_ref.outputs.fallback == 'true'
-        id: fallback_ref
-        working-directory: source
+      - name: Resolve checked-out SHA
+        id: ref
        run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"

      - name: Validate selected ref belongs to this repository
-        if: steps.fast_ref.outputs.fallback == 'true'
-        working-directory: source
        env:
          RELEASE_REF: ${{ inputs.ref }}
        run: |
@@ -161,29 +124,6 @@ jobs:
          echo "Secret-bearing release checks only run repository-owned branch/tag history, not arbitrary unreferenced commits." >&2
          exit 1

-      - name: Finalize resolved SHA
-        id: ref
-        env:
-          FAST_SHA: ${{ steps.fast_ref.outputs.sha }}
-          FALLBACK_SHA: ${{ steps.fallback_ref.outputs.sha }}
-          EXPECTED_SHA: ${{ inputs.expected_sha }}
-          USED_FALLBACK: ${{ steps.fast_ref.outputs.fallback }}
-        run: |
-          set -euo pipefail
-          selected_sha="$FAST_SHA"
-          if [[ "$USED_FALLBACK" == "true" ]]; then
-            selected_sha="$FALLBACK_SHA"
-          fi
-          if [[ -z "$selected_sha" ]]; then
-            echo "Failed to resolve selected ref SHA." >&2
-            exit 1
-          fi
-          if [[ -n "${EXPECTED_SHA// }" ]] && [[ "${selected_sha,,}" != "${EXPECTED_SHA,,}" ]]; then
-            echo "Ref resolved to ${selected_sha}, expected ${EXPECTED_SHA}." >&2
-            exit 1
-          fi
-          echo "sha=${selected_sha,,}" >> "$GITHUB_OUTPUT"
-
      - name: Capture selected inputs
        id: inputs
        env:
@@ -206,7 +146,6 @@ jobs:
        env:
          RELEASE_REF: ${{ inputs.ref }}
          RELEASE_SHA: ${{ steps.ref.outputs.sha }}
-          RELEASE_REF_FAST_PATH: ${{ steps.fast_ref.outputs.fast }}
          RELEASE_PROVIDER: ${{ inputs.provider }}
          RELEASE_MODE: ${{ inputs.mode }}
          RELEASE_PROFILE: ${{ inputs.release_profile }}
@@ -217,7 +156,6 @@ jobs:
            echo
            echo "- Requested ref: \`${RELEASE_REF}\`"
            echo "- Validated SHA: \`${RELEASE_SHA}\`"
-            echo "- Ref resolution fast path: \`${RELEASE_REF_FAST_PATH}\`"
            echo "- Cross-OS provider: \`${RELEASE_PROVIDER}\`"
            echo "- Cross-OS mode: \`${RELEASE_MODE}\`"
            echo "- Release profile: \`${RELEASE_PROFILE}\`"
@@ -228,8 +166,8 @@ jobs:
  prepare_release_package:
    name: Prepare release package artifact
    needs: [resolve_target]
-    if: contains(fromJSON('["all","cross-os","live-e2e","package"]'), needs.resolve_target.outputs.rerun_group)
-    runs-on: ubuntu-24.04
+    if: contains(fromJSON('["all","live-e2e","package"]'), needs.resolve_target.outputs.rerun_group)
+    runs-on: blacksmith-32vcpu-ubuntu-2404
    timeout-minutes: 60
    permissions:
      contents: read
@@ -237,12 +175,10 @@ jobs:
      artifact_name: ${{ steps.artifact.outputs.name }}
      package_sha256: ${{ steps.package.outputs.sha256 }}
      package_version: ${{ steps.package.outputs.package_version }}
-      source_sha: ${{ steps.package.outputs.source_sha }}
    steps:
      - name: Checkout trusted workflow ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.ref_name }}
          fetch-depth: 0

@@ -262,7 +198,7 @@ jobs:
        id: package
        shell: bash
        env:
-          PACKAGE_REF: ${{ needs.resolve_target.outputs.revision }}
+          PACKAGE_REF: ${{ needs.resolve_target.outputs.ref }}
        run: |
          set -euo pipefail
          node scripts/resolve-openclaw-package-candidate.mjs \
@@ -274,8 +210,6 @@ jobs:
            --github-output "$GITHUB_OUTPUT"
          digest="$(node -p "JSON.parse(require('fs').readFileSync('.artifacts/docker-e2e-package/package-candidate.json', 'utf8')).sha256")"
          version="$(node -p "JSON.parse(require('fs').readFileSync('.artifacts/docker-e2e-package/package-candidate.json', 'utf8')).version")"
-          source_sha="$(node -p "JSON.parse(require('fs').readFileSync('.artifacts/docker-e2e-package/package-candidate.json', 'utf8')).packageSourceSha")"
-          echo "source_sha=$source_sha" >> "$GITHUB_OUTPUT"
          {
            echo "## Release package artifact"
            echo
@@ -283,7 +217,6 @@ jobs:
            echo "- Package ref: \`$PACKAGE_REF\`"
            echo "- SHA-256: \`$digest\`"
            echo "- Version: \`$version\`"
-            echo "- Source SHA: \`$source_sha\`"
          } >> "$GITHUB_STEP_SUMMARY"

      - name: Upload release package artifact
@@ -301,23 +234,18 @@ jobs:
      contents: read
    uses: ./.github/workflows/install-smoke.yml
    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
+      ref: ${{ needs.resolve_target.outputs.ref }}
      run_bun_global_install_smoke: true

  cross_os_release_checks:
-    needs: [resolve_target, prepare_release_package]
+    needs: [resolve_target]
    if: contains(fromJSON('["all","cross-os"]'), needs.resolve_target.outputs.rerun_group)
    permissions: read-all
    uses: ./.github/workflows/openclaw-cross-os-release-checks-reusable.yml
    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
+      ref: ${{ needs.resolve_target.outputs.ref }}
      provider: ${{ needs.resolve_target.outputs.provider }}
      mode: ${{ needs.resolve_target.outputs.mode }}
-      candidate_artifact_name: ${{ needs.prepare_release_package.outputs.artifact_name }}
-      candidate_artifact_run_id: ${{ github.run_id }}
-      candidate_file_name: openclaw-current.tgz
-      candidate_version: ${{ needs.prepare_release_package.outputs.package_version }}
-      candidate_source_sha: ${{ needs.prepare_release_package.outputs.source_sha }}
    secrets:
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
@@ -326,9 +254,8 @@ jobs:
      OPENCLAW_DISCORD_SMOKE_GUILD_ID: ${{ secrets.OPENCLAW_DISCORD_SMOKE_GUILD_ID }}
      OPENCLAW_DISCORD_SMOKE_CHANNEL_ID: ${{ secrets.OPENCLAW_DISCORD_SMOKE_CHANNEL_ID }}

-  live_repo_e2e_release_checks:
-    name: Run repo/live E2E validation
-    needs: [resolve_target]
+  live_and_e2e_release_checks:
+    needs: [resolve_target, prepare_release_package]
    if: contains(fromJSON('["all","live-e2e"]'), needs.resolve_target.outputs.rerun_group)
    permissions:
      actions: read
@@ -337,13 +264,15 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
+      ref: ${{ needs.resolve_target.outputs.ref }}
      include_repo_e2e: true
-      include_release_path_suites: false
-      include_openwebui: false
+      include_release_path_suites: true
+      include_openwebui: ${{ needs.resolve_target.outputs.release_profile != 'minimum' }}
      include_live_suites: true
      release_test_profile: ${{ needs.resolve_target.outputs.release_profile }}
-    secrets: &live_e2e_release_secrets
+      package_artifact_name: ${{ needs.prepare_release_package.outputs.artifact_name }}
+      package_artifact_run_id: ${{ github.run_id }}
+    secrets:
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
      OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
@@ -390,27 +319,6 @@ jobs:
      OPENCLAW_GEMINI_SETTINGS_JSON: ${{ secrets.OPENCLAW_GEMINI_SETTINGS_JSON }}
      FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}

-  docker_e2e_release_checks:
-    name: Run Docker release-path validation
-    needs: [resolve_target, prepare_release_package]
-    if: contains(fromJSON('["all","live-e2e"]'), needs.resolve_target.outputs.rerun_group)
-    permissions:
-      actions: read
-      contents: read
-      packages: write
-      pull-requests: read
-    uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
-    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
-      include_repo_e2e: false
-      include_release_path_suites: true
-      include_openwebui: ${{ needs.resolve_target.outputs.release_profile != 'minimum' }}
-      include_live_suites: false
-      release_test_profile: ${{ needs.resolve_target.outputs.release_profile }}
-      package_artifact_name: ${{ needs.prepare_release_package.outputs.artifact_name }}
-      package_artifact_run_id: ${{ github.run_id }}
-    secrets: *live_e2e_release_secrets
-
  package_acceptance_release_checks:
    name: Run package acceptance
    needs: [resolve_target, prepare_release_package]
@@ -511,8 +419,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.ref }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -559,7 +466,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-parity-${{ matrix.lane }}-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-parity-${{ matrix.lane }}-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -580,8 +487,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.ref }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -594,7 +500,7 @@ jobs:
      - name: Download parity lane artifacts
        uses: actions/download-artifact@v4
        with:
-          pattern: release-qa-parity-*-${{ needs.resolve_target.outputs.revision }}
+          pattern: release-qa-parity-*-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          merge-multiple: true

@@ -615,7 +521,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-parity-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-parity-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -637,8 +543,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.ref }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -695,7 +600,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-live-matrix-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-live-matrix-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -717,8 +622,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.ref }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -781,7 +685,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-live-telegram-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-live-telegram-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -792,8 +696,7 @@ jobs:
      - prepare_release_package
      - install_smoke_release_checks
      - cross_os_release_checks
-      - live_repo_e2e_release_checks
-      - docker_e2e_release_checks
+      - live_and_e2e_release_checks
      - package_acceptance_release_checks
      - qa_lab_parity_lane_release_checks
      - qa_lab_parity_report_release_checks
@@ -813,8 +716,7 @@ jobs:
            "prepare_release_package=${{ needs.prepare_release_package.result }}" \
            "install_smoke_release_checks=${{ needs.install_smoke_release_checks.result }}" \
            "cross_os_release_checks=${{ needs.cross_os_release_checks.result }}" \
-            "live_repo_e2e_release_checks=${{ needs.live_repo_e2e_release_checks.result }}" \
-            "docker_e2e_release_checks=${{ needs.docker_e2e_release_checks.result }}" \
+            "live_and_e2e_release_checks=${{ needs.live_and_e2e_release_checks.result }}" \
            "package_acceptance_release_checks=${{ needs.package_acceptance_release_checks.result }}" \
            "qa_lab_parity_lane_release_checks=${{ needs.qa_lab_parity_lane_release_checks.result }}" \
            "qa_lab_parity_report_release_checks=${{ needs.qa_lab_parity_report_release_checks.result }}" \
--- a/.github/workflows/package-acceptance.yml
+++ b/.github/workflows/package-acceptance.yml
@@ -262,7 +262,6 @@ jobs:
      include_openwebui: ${{ steps.profile.outputs.include_openwebui }}
      include_release_path_suites: ${{ steps.profile.outputs.include_release_path_suites }}
      package_artifact_name: ${{ steps.profile.outputs.package_artifact_name }}
-      package_source_sha: ${{ steps.resolve.outputs.package_source_sha }}
      package_sha256: ${{ steps.resolve.outputs.sha256 }}
      package_version: ${{ steps.resolve.outputs.package_version }}
      telegram_enabled: ${{ steps.profile.outputs.telegram_enabled }}
@@ -494,7 +493,7 @@ jobs:
      package_spec: ${{ inputs.package_spec }}
      package_artifact_name: ${{ needs.resolve_package.outputs.package_artifact_name }}
      package_label: openclaw@${{ needs.resolve_package.outputs.package_version }}
-      harness_ref: ${{ needs.resolve_package.outputs.package_source_sha || inputs.workflow_ref }}
+      harness_ref: ${{ inputs.source == 'ref' && inputs.package_ref || inputs.workflow_ref }}
      provider_mode: ${{ needs.resolve_package.outputs.telegram_mode }}
      scenario: ${{ inputs.telegram_scenarios }}
    secrets:
--- a/.github/workflows/parity-gate.yml
+++ b/.github/workflows/parity-gate.yml
@@ -42,7 +42,7 @@ jobs:
      # followthrough gate that expects a fast post-approval read within a 30s
      # agent.wait timeout.
      QA_PARITY_CONCURRENCY: "1"
-      OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL || 'openai/gpt-5.5' }}
+      OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}
      OPENCLAW_QA_TRANSPORT_READY_TIMEOUT_MS: "180000"
      OPENAI_API_KEY: ""
      ANTHROPIC_API_KEY: ""
@@ -57,11 +57,9 @@ jobs:
    steps:
      - name: Checkout PR
        uses: actions/checkout@v6
-        with:
-          persist-credentials: false

      - name: Install pnpm
-        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1
+        uses: pnpm/action-setup@v4

      - name: Setup Node
        uses: actions/setup-node@v6
--- a/.github/workflows/plugin-clawhub-release.yml
+++ b/.github/workflows/plugin-clawhub-release.yml
@@ -35,7 +35,7 @@ jobs:
    permissions:
      contents: read
    outputs:
-      ref_revision: ${{ steps.ref.outputs.sha }}
+      ref_sha: ${{ steps.ref.outputs.sha }}
      has_candidates: ${{ steps.plan.outputs.has_candidates }}
      candidate_count: ${{ steps.plan.outputs.candidate_count }}
      skipped_published_count: ${{ steps.plan.outputs.skipped_published_count }}
@@ -44,7 +44,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.sha }}
          fetch-depth: 0

@@ -151,8 +150,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -166,7 +164,6 @@ jobs:
      - name: Checkout ClawHub CLI source
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          repository: ${{ env.CLAWHUB_REPOSITORY }}
          ref: ${{ env.CLAWHUB_REF }}
          path: clawhub-source
@@ -190,7 +187,7 @@ jobs:
        env:
          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
          SOURCE_REPO: ${{ github.repository }}
-          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          SOURCE_REF: ${{ github.ref }}
          PACKAGE_TAG: ${{ matrix.plugin.publishTag }}
          PACKAGE_DIR: ${{ matrix.plugin.packageDir }}
@@ -212,8 +209,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -227,7 +223,6 @@ jobs:
      - name: Checkout ClawHub CLI source
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          repository: ${{ env.CLAWHUB_REPOSITORY }}
          ref: ${{ env.CLAWHUB_REF }}
          path: clawhub-source
@@ -271,7 +266,7 @@ jobs:
        env:
          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
          SOURCE_REPO: ${{ github.repository }}
-          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          SOURCE_REF: ${{ github.ref }}
          PACKAGE_TAG: ${{ matrix.plugin.publishTag }}
          PACKAGE_DIR: ${{ matrix.plugin.packageDir }}
--- a/.github/workflows/plugin-npm-release.yml
+++ b/.github/workflows/plugin-npm-release.yml
@@ -46,7 +46,7 @@ jobs:
    permissions:
      contents: read
    outputs:
-      ref_revision: ${{ steps.ref.outputs.sha }}
+      ref_sha: ${{ steps.ref.outputs.sha }}
      has_candidates: ${{ steps.plan.outputs.has_candidates }}
      candidate_count: ${{ steps.plan.outputs.candidate_count }}
      matrix: ${{ steps.plan.outputs.matrix }}
@@ -54,7 +54,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}
          fetch-depth: 0

@@ -152,8 +151,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_npm.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -187,8 +185,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_npm.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
--- a/.github/workflows/qa-live-transports-convex.yml
+++ b/.github/workflows/qa-live-transports-convex.yml
@@ -44,7 +44,7 @@ env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
  NODE_VERSION: "24.x"
  PNPM_VERSION: "10.33.0"
-  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL || 'openai/gpt-5.5' }}
+  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}
  OPENCLAW_BUILD_PRIVATE_QA: "1"
  OPENCLAW_ENABLE_PRIVATE_QA_CLI: "1"

@@ -81,13 +81,12 @@ jobs:
    needs: authorize_actor
    runs-on: blacksmith-8vcpu-ubuntu-2404
    outputs:
-      selected_revision: ${{ steps.validate.outputs.selected_revision }}
+      selected_sha: ${{ steps.validate.outputs.selected_sha }}
      trusted_reason: ${{ steps.validate.outputs.trusted_reason }}
    steps:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}
          fetch-depth: 0

@@ -99,27 +98,27 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
-          selected_revision="$(git rev-parse HEAD)"
+          selected_sha="$(git rev-parse HEAD)"
          trusted_reason=""

          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main

-          if git merge-base --is-ancestor "$selected_revision" refs/remotes/origin/main; then
+          if git merge-base --is-ancestor "$selected_sha" refs/remotes/origin/main; then
            trusted_reason="main-ancestor"
-          elif git tag --points-at "$selected_revision" | grep -Eq '^v'; then
+          elif git tag --points-at "$selected_sha" | grep -Eq '^v'; then
            trusted_reason="release-tag"
          elif [[ "$INPUT_REF" =~ ^release/[0-9]{4}\.[0-9]+\.[0-9]+$ ]]; then
            git fetch --no-tags origin "+refs/heads/${INPUT_REF}:refs/remotes/origin/${INPUT_REF}"
            release_branch_sha="$(git rev-parse "refs/remotes/origin/${INPUT_REF}")"
-            if [[ "$selected_revision" == "$release_branch_sha" ]]; then
+            if [[ "$selected_sha" == "$release_branch_sha" ]]; then
              trusted_reason="release-branch-head"
            fi
          else
            pr_head_count="$(
              gh api \
                -H "Accept: application/vnd.github+json" \
-                "repos/${GITHUB_REPOSITORY}/commits/${selected_revision}/pulls" \
-                --jq '[.[] | select(.state == "open" and .head.repo.full_name == "'"${GITHUB_REPOSITORY}"'" and .head.sha == "'"${selected_revision}"'")] | length'
+                "repos/${GITHUB_REPOSITORY}/commits/${selected_sha}/pulls" \
+                --jq '[.[] | select(.state == "open" and .head.repo.full_name == "'"${GITHUB_REPOSITORY}"'" and .head.sha == "'"${selected_sha}"'")] | length'
            )"
            if [[ "$pr_head_count" != "0" ]]; then
              trusted_reason="open-pr-head"
@@ -127,16 +126,16 @@ jobs:
          fi

          if [[ -z "$trusted_reason" ]]; then
-            echo "Ref '${INPUT_REF}' resolved to $selected_revision, which is not trusted for this secret-bearing QA run." >&2
+            echo "Ref '${INPUT_REF}' resolved to $selected_sha, which is not trusted for this secret-bearing QA run." >&2
            echo "Allowed refs must be on main, point to a release tag, match a release branch head, or match an open PR head in ${GITHUB_REPOSITORY}." >&2
            exit 1
          fi

-          echo "selected_revision=$selected_revision" >> "$GITHUB_OUTPUT"
+          echo "selected_sha=$selected_sha" >> "$GITHUB_OUTPUT"
          echo "trusted_reason=$trusted_reason" >> "$GITHUB_OUTPUT"
          {
            echo "Validated ref: \`${INPUT_REF}\`"
-            echo "Resolved SHA: \`$selected_revision\`"
+            echo "Resolved SHA: \`$selected_sha\`"
            echo "Trust reason: \`$trusted_reason\`"
          } >> "$GITHUB_STEP_SUMMARY"

@@ -158,8 +157,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -222,8 +220,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -306,8 +303,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -379,8 +375,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -472,8 +467,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
--- a/.github/workflows/test-performance-agent.yml
+++ b/.github/workflows/test-performance-agent.yml
@@ -129,7 +129,7 @@ jobs:

      - name: Run Codex test performance agent
        if: steps.gate.outputs.run_agent == 'true'
-        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02
+        uses: openai/codex-action@v1
        with:
          openai-api-key: ${{ secrets.OPENCLAW_TEST_PERF_AGENT_OPENAI_API_KEY || secrets.OPENAI_API_KEY }}
          prompt-file: .github/codex/prompts/test-performance-agent.md
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@ node_modules
 .env
 docker-compose.override.yml
 docker-compose.extra.yml
-docker-compose.sandbox.yml
 dist
 dist-runtime/
 pnpm-lock.yaml
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,100 +6,21 @@ Docs: https://docs.openclaw.ai

 ### Changes

- Channels: add Yuanbao channel docs entrance so the Tencent Yuanbao bot appears in the channel listing and sidebar navigation. (#73443) Thanks @loongfay.
- Active Memory: add optional per-conversation `allowedChatIds` and `deniedChatIds` filters so operators can enable recall only for selected direct, group, or channel conversations while keeping broad sessions skipped. (#67977) Thanks @quengh.
- Active Memory: return bounded partial recall summaries when the hidden memory sub-agent times out, including the default temporary-transcript path, so useful recovered context is not discarded. (#73219) Thanks @joeykrug.
- Docker setup: add `OPENCLAW_SKIP_ONBOARDING` so automated Docker installs can skip the interactive onboarding step while still applying gateway defaults. (#55518) Thanks @jinjimz.
-
-### Fixes
-
- Plugin SDK/Discord: restore a deprecated `openclaw/plugin-sdk/discord` compatibility facade and the legacy compat group-policy warning export for the published `@openclaw/discord@2026.3.13` package, covering its config, account, directory, status, and thread-binding imports while keeping new plugins on generic SDK subpaths. Fixes #73685; supersedes #73703. Thanks @rderickson9 and @SymbolStar.
- Channels/Discord: suppress duplicate gateway monitors when multiple enabled accounts resolve to the same bot token, preferring config tokens over default env fallback and reporting skipped duplicates as disabled. Supersedes #73608. Thanks @kagura-agent.
- Control UI/Talk: decode Google Live binary WebSocket JSON frames and stop queued browser audio on interruption or shutdown, so browser Talk leaves `Connecting Talk...` and barge-in no longer plays stale audio. Fixes #73601 and #73460; supersedes #73466. Thanks @Spolen23 and @WadydX.
- Channels/Discord: ignore stale route-shaped conversation bindings after a Discord channel is reconfigured to another agent, while preserving explicit focus and subagent bindings. Fixes #73626. Thanks @ramitrkar-hash.
- Agents/bootstrap: pass pending BOOTSTRAP.md contents through the first-run user prompt while keeping them out of privileged system context, and show limited bootstrap guidance when workspace file access is unavailable. Fixes #73622. Thanks @mark1010.
- ACP/tasks: classify parent-owned ACP sessions as background work regardless of persistent runtime mode, and close terminal stale ACP sessions when no active binding remains, so delegated ACP output reports through the parent task notifier instead of acting like a normal foreground chat session. Refs #73609. Thanks @joerod26.
- Tasks: keep terminal mirrored TaskFlow timestamps pinned to task completion time and let maintenance repair stale mirrors, so ACP terminal delivery updates no longer leave inconsistent flow audits. Refs #73609. Thanks @joerod26.
- Gateway/sessions: add conservative stuck-session recovery that releases only stale session lanes while active embedded runs, reply operations, and lane tasks remain serialized, so queued follow-ups can drain without aborting legitimate long-running turns. Refs #73581, #73655, #73652, #73705, #73647, #73602, #73592, and #73601. Thanks @WS-Q0758, @bryangauvin, @spenceryang1996-dot, @bmilne1981, @mattmcintyre, @Vksh07, and @Spolen23.
- Plugins: cache unchanged plugin manifest loads by file signature, reducing repeated JSON/JSON5 parsing and manifest normalization in bursty startup and runtime registry paths. Refs #73532 and #73647; carries forward #73678. Thanks @TheDutchRuler.
- Plugins/runtime-deps: cache unchanged bundled runtime mirror dist-file materialization decisions and close file-lock handles on owner-write failures, reducing repeated startup chunk scans and avoiding FileHandle-GC recovery stalls. Refs #73532. Thanks @oadiazp and @bstanbury.
- CLI/TUI: keep `chat.history` off model-catalog discovery so initial Gateway-backed TUI history loads cannot block behind slow provider/plugin model scans on low-core hosts. Refs #73524. Thanks @harshcatsystems-collab.
- Channels/WhatsApp: flag recently reconnected linked accounts in channel status even when the socket is currently healthy, so flapping WhatsApp Web sessions no longer look clean after a brief reconnect. Refs #73602. Thanks @Vksh07.
- Gateway: expose `gateway.handshakeTimeoutMs` in config, schema, and docs while preserving `OPENCLAW_HANDSHAKE_TIMEOUT_MS` precedence, so loaded or low-powered hosts can tune local WebSocket pre-auth handshakes without patching dist files. Supersedes #51282; refs #73592 and #73652. Thanks @henry-the-frog.
- Agents/model selection: resolve slash-form aliases before provider/model parsing and keep alias-resolved primary models subject to transient provider cooldowns, so cron and persisted sessions do not retry cooled-down raw aliases. Fixes #73573 and #73657. Thanks @akai-shuuichi and @hashslingers.
- Agents/Claude CLI: reuse already-cached macOS Keychain credentials for no-prompt Claude credential reads, so doctor/runtime checks do not miss fresh interactive Claude auth. Fixes #73682. Thanks @RyanSandoval.
- Agents/transcripts: strip empty assistant text blocks while preserving valid text, images, and signatures, so Anthropic-style providers no longer reject sanitized transcript turns. Fixes #73640. Thanks @jowhee327.
- Providers/Bedrock: omit deprecated `temperature` for Claude Opus 4.7 Bedrock model ids, named and application inference profiles, including dotted `opus-4.7` refs, and classify the nested validation response for failover. Fixes #73663. Thanks @bstanbury.
- Gateway: raise the preauth/connect-challenge timeout to 15s so cold CLI starts on slower hosts have more time to process the WebSocket challenge before the Gateway closes the connection. Fixes #51469; refs #73592 and #62060. Thanks @GothicFox and @jackychen-png.
- CLI/status: fall back to a bounded local `status` RPC when loopback detail probes time out or report unknown capability, so reachable local gateways are no longer marked unreachable by slow read diagnostics. Fixes #73535; refs #48360, #62762, #51357, and #42019. Thanks @RacecarGuy, @justinschille, @DJBlackhawk, @tianyaqpzm, and @0xrsydn.
- CLI/gateway: reuse cached paired-device auth during `gateway probe` and report post-connect diagnostic failures as degraded reachability, so healthy local gateways are no longer marked unreachable after loopback auth or read timeouts. Fixes #48360. Thanks @RacecarGuy.
- Channels/Discord: give Discord Gateway WebSocket handshakes a 30s timeout so stalled TLS/network transitions emit an error and Carbon can continue its reconnect loop instead of leaving the bot silent until restart. Refs #50046. Thanks @codexGW.
- NVIDIA/NIM: persist the `NVIDIA_API_KEY` provider marker and mark bundled NVIDIA Chat Completions models as string-content compatible, so NIM models load from `models.json` and OpenAI-compatible subagent calls send plain text content. Fixes #73013 and #50107; refs #73014. Thanks @bautrey, @iot2edge, @ifearghal, and @futhgar.
- Channels/Discord: let text-only configs drop the `GuildVoiceStates` gateway intent and expose a bounded `/gateway/bot` metadata timeout with rate-limited fallback logs, reducing idle CPU and warning floods. Fixes #73709 and #73585. Thanks @sanchezm86 and @trac3r00.
- Agents/sessions: mark same-turn `sessions_send` and A2A reply prompts with an inter-session `isUser=false` envelope before they reach the model, so foreign session output no longer lands as bare active user text. Fixes #73702; refs #73698, #73609, #73595, and #73622. Thanks @alvelda.
- Outbound/security: strip known internal runtime scaffolding such as `<system-reminder>` and `<previous_response>` at the final channel delivery boundary and keep Discord output on targeted tag stripping, so degraded harness replies cannot leak those tags to users. Fixes #73595. Thanks @gabrielexito-stack and @martingarramon.
- CLI/plugins: use plugin metadata snapshots for install slot selection and add opt-in plugin lifecycle timing traces, so plugin install avoids runtime-loading the plugin registry for metadata-only decisions. Thanks @shakkernerd.
- fix(plugins): restrict bundled plugin dir resolution to trusted package roots. (#73275) Thanks @pgondhi987.
- fix(security): prevent workspace PATH injection via service env and trash helpers. (#73264) Thanks @pgondhi987.
- Active Memory: allow `allowedChatTypes` to include explicit portal/webchat sessions and classify `agent:...:explicit:...` session keys before opaque session ids can shadow the chat type. Fixes #65775. (#66285) Thanks @Lidang-Jiang.
- Active Memory: allow the hidden recall sub-agent to use both `memory_recall` and the legacy `memory_search`/`memory_get` memory tool contract, so bundled `memory-lancedb` recall works without breaking the default `memory-core` path. Fixes #73502. (#73584) Thanks @Takhoffman.
- fix(device-pairing): validate callerScopes against resolved token scopes on repair [AI]. (#72925) Thanks @pgondhi987.
- Active Memory docs: document the `cacheTtlMs` 1000-120000 ms range and 15000 ms default so setup snippets do not lead users past the schema limit. Fixes #65708. (#65737) Thanks @WuKongAI-CMU.
- fix(agents): canonicalize provider aliases in byProvider tool policy lookup [AI]. (#72917) Thanks @pgondhi987.
- fix(security): block npm_execpath injection from workspace .env [AI-assisted]. (#73262) Thanks @pgondhi987.
- Tools/web_fetch: decode response bodies from raw bytes using declared HTTP, XML, or HTML meta charsets before extraction, so Shift_JIS and other legacy-charset pages no longer return mojibake. Fixes #72916. Thanks @amknight.
- Active Memory: skip payload-less `memory_search` transcript tool results when building debug telemetry, so newer empty entries no longer hide the latest useful debug payload. (#68773) Thanks @SimbaKingjoe.
- Active Memory: keep recall setup time from consuming the configured model timeout while giving the hook runner an explicit bounded budget for the plugin, so slow embedded-run setup no longer causes immediate recall timeouts. Fixes #72606. (#72620) Thanks @hyspacex.
- Channels/Discord: bound message read/search REST calls, route those actions through Gateway execution, and fall back to `CommandTargetSessionKey` for inbound hook session keys so Discord reads do not hang and hooks still fire when `SessionKey` is empty. Fixes #73431. (#73521) Thanks @amknight.
- Plugins/media: auto-enable provider plugins referenced by `agents.defaults.imageGenerationModel`, `videoGenerationModel`, and `musicGenerationModel` primary/fallback refs, so configured Google and MiniMax media providers do not stay disabled behind a restrictive plugin allowlist. Thanks @vincentkoc.
- Memory-core/dreaming: retry managed dreaming cron registration after startup when the cron service is not reachable yet, so the scheduled Memory Dreaming Promotion sweep recovers without waiting for heartbeat traffic. Fixes #72841. Thanks @amknight.
- Acpx/runtime: validate the runtime session mode at the `AcpxRuntime.ensureSession` wrapper boundary so callers that pass anything other than `persistent` or `oneshot` get a clear `ACP_INVALID_RUNTIME_OPTION` error instead of silently round-tripping through the encoded handle as a default `persistent` mode and later throwing `SessionResumeRequiredError`. Investigation context: #73071. (#73548) Thanks @amknight.
- CLI/infer: keep web-search fallback on missing provider API keys, preserve structured validation errors from the selected provider, and let per-request image describe prompts override configured media-entry prompts. (#63263) Thanks @Spolen23.
- Chat commands: include configured model-catalog reasoning metadata when building `/think` argument menus so Ollama Cloud and other provider-owned reasoning models show supported levels instead of only `off`. Fixes #73515; supersedes #73568. Thanks @danielzinhu99 and @neeravmakwana.
- Channels/Telegram: suppress generic tool-progress chatter when preview streaming is off, so non-streaming Telegram turns only deliver final replies while approvals, media, and errors still route normally. Refs #72363 and #72482. Thanks @neeravmakwana and @SweetSophia.
- CLI/model probes: add repeatable image `--file` inputs to `infer model run` for local and gateway multimodal model smokes, so vision models such as Ollama Qwen VL and Gemini can be tested through the raw model-probe surface. Fixes #63700. Thanks @cedricjanssens.
- CLI/model probes: request trusted operator scope for `infer model run --gateway --model <provider/model>` so Gateway raw model smokes can use one-off provider/model overrides instead of being rejected before provider auth resolution. Fixes #73759. Thanks @chrislro.
- CLI/image describe: pass `--prompt` and `--timeout-ms` through `infer image describe` and `describe-many`, so custom vision instructions and slow local model budgets reach media-understanding providers such as Ollama, OpenAI, Google, and OpenRouter. Refs #63700. Thanks @cedricjanssens.
- Model selection: include the rejected provider/model ref and allowlist recovery hint when a stored session override is cleared, so local model selections such as Gemma GGUF variants do not fall back to the default with a generic message. Refs #71069. Thanks @CyberRaccoonTeam.
- WhatsApp/Web: pass explicit Baileys socket timings into every WhatsApp Web socket and expose `web.whatsapp.*` keepalive, connect, and query timeout settings so unstable networks can avoid repeated 408 disconnect and opening-handshake timeout loops. Fixes #56365. (#73580) Thanks @velvet-shark.
- Channels/Telegram: persist native command metadata on target sessions so topic, helper, and ACP-bound slash commands keep their session metadata attached to the routed conversation. (#57548) Thanks @GaosCode.
- Channels/native commands: keep validated native slash command replies visible in group chats while preserving explicit owner allowlists for command authorization. (#73672) Thanks @obviyus.
- Pairing/doctor: bootstrap `commands.ownerAllowFrom` from the first approved DM pairing when no command owner exists, and have doctor explain missing owners so privileged slash commands are not accidentally unusable after onboarding. Thanks @pashpashpash.
- Telegram/exec: infer native exec approvers from `commands.ownerAllowFrom` and auto-enable the Telegram approval client when an owner is resolvable, so owner-only commands such as `/diagnostics` can be approved in Telegram without duplicate per-channel approver config. Thanks @pashpashpash.
- Auto-reply/session: carry the tail of user/assistant turns into the freshly-rotated transcript on silent in-reply session resets (compaction failure, role-ordering conflict) so direct-chat continuity survives the rebind. Fixes #70853. (#70898) Thanks @neeravmakwana.
- Config: skip malformed non-string `env.vars` entries before env-reference checks, so config loading no longer crashes on JSON values like numbers or booleans. (#42402) Thanks @MiltonHeYan.
-
-## 2026.4.27
-
-### Changes
-
- Sandbox/Docker: add opt-in `sandbox.docker.gpus` passthrough for Docker sandbox containers so local GPU workloads can run inside sandboxed agents when the host Docker runtime supports `--gpus`. Fixes #57976; carries forward #58124. Thanks @cyan-ember.
- iOS/Gateway: add an authenticated `node.presence.alive` protocol event and `node.list` last-seen fields so background iOS wakes can mark paired nodes recently alive without treating them as connected. Carries forward #63123. Thanks @ngutman.
- Android: publish authenticated `node.presence.alive` events after node connect and background transitions so paired Android nodes retain durable last-seen metadata after disconnects. Carries forward #63123. Thanks @ngutman.
- Gateway/chat: accept non-image attachments through `chat.send` by staging them as agent-readable media paths, while keeping unsupported RPC attachment paths explicit instead of silently dropping files. Fixes #48123. (#67572) Thanks @samzong.
- Security/networking: add opt-in operator-managed outbound proxy routing (proxy.enabled + proxy.proxyUrl/OPENCLAW_PROXY_URL) with strict http:// forward-proxy validation, loopback-only Gateway bypass, and cleanup of proxy env/dispatcher state on exit. (#70044) Thanks @jesse-merhi and @joshavant.
 - Dependencies: refresh provider and tooling dependencies, including AWS SDK, PI runtime packages, AJV, Feishu SDK, Anthropic SDK, tokenjuice, and native TypeScript/oxlint tooling. Thanks @dependabot.
 - Matrix/QA: add live Matrix approval scenarios for exec metadata, chunked fallback, plugin approvals, deny reactions, thread targeting, and `target: "both"` delivery, with redacted artifacts preserving safe approval summaries. Thanks @gumadeiras.
- Diagnostics/Codex: add owner-only core `/diagnostics` with a sensitive-data preamble, docs link, and explicit Gateway export approval guidance; Codex harness sessions also ask before uploading Codex feedback for the attached thread and print the matching `codex resume <thread-id>` inspection command after confirmed upload. Thanks @pashpashpash.
- Trajectory export: route `/export-trajectory` through per-run exec approval, send group-chat approval prompts and export results only to the owner privately, and add `openclaw sessions export-trajectory` for the approved command path. Thanks @pashpashpash.
 - Codex: add Computer Use setup for Codex-mode agents, including `/codex computer-use status/install`, marketplace discovery, optional auto-install, and fail-closed MCP server checks before Codex-mode turns start. Fixes #72094. (#71842) Thanks @pash-openai.
 - Apps: consume Peekaboo 3.0.0-beta4 and ElevenLabsKit 0.1.1, align Swabble on Commander 0.2.2, and refresh macOS/iOS SwiftPM resolutions against the released dependency graph. Thanks @Blaizzy.
 - Plugin SDK: expose shared channel route normalization, parser-driven target resolution, raw-target compact keys, parsed-target types, and route comparison helpers through `openclaw/plugin-sdk/channel-route`, switch native approval origin matching onto that route contract with optional delivery and match-only target normalization, and retire the internal channel-route shim behind dated compatibility aliases for legacy key/comparable-target helpers. Thanks @vincentkoc.
 - Docs/Codex: document how Codex Computer Use, direct `cua-driver mcp`, and OpenClaw.app's PeekabooBridge fit together so desktop-control setup choices are clearer. Thanks @pash-openai and @trycua.
 - Matrix/streaming: stream tool-progress updates into live Matrix preview edits by default when preview streaming is active, with `streaming.preview.toolProgress: false` to keep answer previews while hiding interim tool lines. Thanks @gumadeiras.
 - Plugins/models: wire manifest `modelCatalog.aliases` and `modelCatalog.suppressions` into model-catalog planning and built-in model suppression, with stale Spark and Qwen Coding Plan suppressions now declared in plugin manifests instead of runtime fallback hooks. Thanks @shakkernerd.
- Plugin SDK/models: add a shared manifest-backed provider catalog builder and move Qianfan, Xiaomi, NVIDIA, Cerebras, Mistral, Moonshot, DeepSeek, Tencent TokenHub, and StepFun provider catalogs onto their plugin manifest `modelCatalog` rows. Thanks @shakkernerd.
- Plugin SDK/models: move BytePlus and Volcano Engine standard and plan-provider catalogs into plugin manifest `modelCatalog` rows and remove the now-unused Volcengine-family shared catalog SDK subpath. Thanks @shakkernerd.
- CLI/models: move Fireworks and Together AI fixed provider catalogs into plugin manifest `modelCatalog` rows so provider-filtered listing can use manifest-backed static rows. Thanks @shakkernerd.
 - Channels/Yuanbao: register the Tencent Yuanbao external channel plugin (`openclaw-plugin-yuanbao`) in the official channel catalog, contract suites, and community plugin docs, with a new `docs/channels/yuanbao.md` quick-start guide for WebSocket bot DMs and group chats. (#72756) Thanks @loongfay.
 - Channels/QQBot: add full group chat support (history tracking, @-mention gating, activation modes, per-group config, FIFO message queue with deliver debounce), C2C `stream_messages` streaming with a `StreamingController` lifecycle manager, unified `sendMedia` with chunked upload for large files, and refactor the engine into pipeline stages, focused outbound submodules, builtin slash-command modules, and explicit DI ports via `createEngineAdapters()`. (#70624) Thanks @cxyhhhhh.
 - Plugins/startup: migrate bundled plugin manifests to explicit `activation.onStartup` declarations so Gateway startup imports only the bundled plugins that intentionally register startup-time runtime surfaces. Thanks @shakkernerd.
- Plugins/startup: add an opt-in future-mode gate for disabling deprecated implicit startup sidecar loading while preserving explicit startup and narrower activation triggers. Thanks @shakkernerd.
- Plugins/startup: add plugin compatibility warnings for deprecated implicit startup loading so authors can migrate to explicit `activation.onStartup` metadata. Thanks @shakkernerd.
 - Plugins/runtime: load bundled agent tool-result middleware from manifest contracts on demand so tokenjuice stays startup-lazy without losing Pi/Codex tool-output compaction. Thanks @shakkernerd.
 - Plugins/startup: add explicit `activation.onStartup` metadata so plugins can declare Gateway startup import behavior while the deprecated implicit sidecar fallback remains for legacy plugins. Thanks @shakkernerd.
 - Gateway/startup: reuse lookup-table plugin manifests when loading startup plugins so Gateway boot avoids rebuilding plugin discovery and manifest metadata. Thanks @shakkernerd.
- CLI/models: declare fixed Qianfan, Xiaomi, NVIDIA, Cerebras, Mistral, Chutes, Kilo, OpenAI, and OpenCode Go model catalogs in refreshable plugin manifests, keep broad `models list --all` on raw registry and supplement rows without runtime normalization, and avoid duplicate supplement resolution. Thanks @shakkernerd.
+- CLI/models: declare fixed Qianfan, Xiaomi, NVIDIA, Cerebras, and Mistral model catalogs in plugin manifests so provider-filtered model listing can use the manifest fast path without loading provider runtime catalog code. Thanks @shakkernerd.
 - Gateway/runtime: reuse the current plugin metadata snapshot for provider discovery so repeated model-provider discovery avoids rebuilding plugin manifest metadata. Thanks @shakkernerd.
 - Gateway/startup: pass the plugin metadata snapshot from config validation into plugin bootstrap so startup reuses one manifest product instead of rebuilding plugin metadata. Thanks @shakkernerd.
 - Plugin SDK/testing: move core-only channel contract fixtures under the channel contract test tree and retire the old `test/helpers/channels` bridge directory so plugin tests stay on focused SDK surfaces. Thanks @vincentkoc.
@@ -120,124 +41,22 @@ Docs: https://docs.openclaw.ai

 ### Fixes

- BlueBubbles: tighten DM-vs-group routing across the outbound session route (`chat_guid:iMessage;-;...` DMs no longer classified as groups), reaction handling (drop group reactions that arrive without any chat identifier instead of synthesizing a `"group"` literal peerId), inbound `chatGuid` fallback (no longer fall back to the sender's DM chatGuid when resolving a group whose webhook omits chatGuid+chatId+chatIdentifier), and short message id resolution (carry caller chat context so a numeric short id reused after a long group conversation cannot silently resolve to a message in a different chat, with the same cross-chat guard applied to full GUIDs so retries cannot bypass it). Thanks @zqchris.
- Agents/approvals: fail restart-interrupted sessions whose transcript tail is still `approval-pending` instead of replaying stale exec approval IDs into the new Gateway process after restart. Fixes #65486. Thanks @mjmai20682068-create.
- CLI/Gateway: use method-specific least-privilege scopes for classified CLI Gateway calls while preserving legacy broad scopes for unclassified plugin methods, so read-only commands no longer create admin/write/pairing scope-upgrade prompts. Fixes #68634. Thanks @nightmusher.
- Gateway/sessions: align `chat.history` and `sessions.list` thinking defaults with owning-agent and catalog-aware resolution so Control UI session defaults match backend runtime state. (#63418) Thanks @jpreagan.
- Devices/pairing: recover array-shaped device and node pairing state files before persisting approvals, so UUID-keyed pending and paired entries no longer disappear after a malformed JSON store write. Fixes #63035. Thanks @sar618.
- Gateway/auth: clear reused stale device tokens and stop reconnecting on device-token mismatch in the Control UI and Node gateway clients, avoiding rate-limit loops after scope-upgrade or token-rotation handoffs. Fixes #71609. Thanks @ricksayhi.
- Gateway/approvals: treat duplicate same-decision approval resolves as idempotent during the resolved-entry grace window, including consumed `allow-once` approvals, while returning an explicit already-resolved error for conflicting repeats. Fixes #59162; refs #58479 and #65486. Thanks @wikithoughts, @sajazuniga7-coder, and @mjmai20682068-create.
- Channels/Telegram: honor `approvals.exec/plugin.targets[].accountId` when routing native approvals across multi-bot Telegram accounts while preserving unscoped Telegram targets for any account. Fixes #69916. Thanks @joerod26.
- Agents/exec: omit the internal session-resume fallback preface from successful async exec completion messages sent directly back to chat. Fixes #67181. Thanks @raistlin88.
- Agents/media: register detached `video_generate` and `music_generate` tool run contexts until terminal status, so Discord-backed provider jobs stay live in `/tasks` instead of becoming `lost` when the parent chat run context disappears. Thanks @vincentkoc.
- Agents/media: prefer OpenAI image and video providers when the default model uses the OpenAI Codex auth alias, so auto media generation no longer falls through to Fal before GPT Image or Sora. Thanks @vincentkoc.
- Tasks/media: infer agent ownership for session-scoped task records so `/tasks` agent-local fallback includes session-backed `video_generate` and other async media jobs even when the current chat session has no linked rows. Thanks @vincentkoc.
- Agents/media: keep long-running `video_generate` and `music_generate` tasks fresh while provider jobs are still pending, so task maintenance does not mark active Discord media renders lost before completion. Thanks @vincentkoc.
- CLI/status: treat scope-limited gateway probes as reachable-but-degraded in shared status scans, so `openclaw status --all` no longer reports a live gateway as unreachable after `missing scope: operator.read`. Fixes #49180; supersedes #47981. Thanks @openjay.
- Slack/Socket Mode: use a 15s Slack SDK pong timeout by default and add `channels.slack.socketMode.clientPingTimeout`, `serverPingTimeout`, and `pingPongLoggingEnabled` overrides so stale-websocket handling no longer depends on app-event health heuristics. Fixes #14248; refs #58519, #64009, and #63488. Thanks @shivasymbl and @freerk.
- Slack/media: bound private file and forwarded attachment downloads with idle and total timeouts while preserving placeholder fallback, so stalled Slack `file_share` media no longer wedges inbound message handling. Fixes #61850. Thanks @bassboy2k.
- Plugins/inspector: keep bundled plugin runtime capture quiet and config-tolerant for Codex, memory-lancedb, Feishu, Mattermost, QQBot, and Tlon so plugin-inspector JSON checks can validate the full bundled set. Thanks @vincentkoc.
- Slack/auto-reply: keep fully consumed text reset triggers such as `new session` out of `BodyForAgent` after directive cleanup, so configured Slack reset phrases do not leak into the fresh model turn. Fixes #73137. Thanks @neeravmakwana.
- Plugins/runtime deps: prune stale retained bundled runtime deps and keep doctor/secret channel contract scans on lightweight artifacts, so disabled bundled channels stop preserving old dependency trees or importing heavy plugin surfaces. Thanks @SymbolStar and @vincentkoc.
- Auto-reply: bound the post-run pending tool-result delivery drain with a progress-aware idle timeout, so a never-settling tool-result task no longer leaves the session active forever while slow healthy deliveries can keep draining. Fixes #53889; supersedes #64733 and #73434. Thanks @zijunl and @wujiaming88.
- Gateway/startup: start chat channels without waiting for primary model prewarm, keeping model warmup bounded in the background so Slack and other channels come online promptly when provider discovery is slow. Supersedes #73420. Thanks @dorukardahan.
- Gateway/install: carry env-backed config SecretRefs such as `channels.discord.token` into generated service environments when they are present only in the installing shell, while keeping gateway auth SecretRefs non-persisted. Fixes #67817; supersedes #73426. Thanks @wdimaculangan and @ztexydt-cqh.
- Auto-reply/commands: stop bare `/reset` and `/new` after reset hooks acknowledge the command, so non-ACP channels no longer fall through into empty provider calls while `/reset <message>` and `/new <message>` still seed the next model turn. Fixes #73367 and #73412. Thanks @hoyanhan, @wenxu007, and @amdhelper.
- Providers/DeepSeek: backfill DeepSeek V4 `reasoning_content` on plain assistant replay messages as well as tool-call turns, so thinking sessions with prior tool use no longer fail follow-up requests with missing reasoning content. Fixes #73417; refs #71372. Thanks @34262315716 and @Bartok9.
- Agents/gateway tool: strip full config payloads from `config.patch` and `config.apply` tool responses while preserving direct RPC responses, so config-heavy sessions no longer replay large redacted configs into transcript history. Fixes #47610; supersedes #73439. Thanks @HanenVit and @juan-flores077.
- Auto-reply: preserve voice-note media from silent turns while continuing to suppress text and non-voice media, so `NO_REPLY` TTS replies still deliver the requested audio bubble. (#73406) Thanks @zqchris.
- Channels/Mattermost: stop enqueueing regular inbound posts as system events, so Mattermost user messages reach the model only as user-role inbound-envelope content instead of also appearing as `System: Mattermost message...` directives. Fixes #71795. Thanks @juan-flores077.
- Agents/media: qualify bare `agents.defaults.imageModel` and `pdfModel` refs from unique configured image-capable providers, so Ollama vision models such as `moondream` and `qwen2.5vl:7b` do not fall through to the default provider. Fixes #38816; supersedes #73396. Thanks @alainasclaw and @vincentkoc.
- Agents/Anthropic: send implicit Anthropic beta headers only to direct public Anthropic endpoints, including OAuth, so custom Anthropic-compatible providers no longer mis-handle unsupported beta flags unless explicitly configured. Refs #73346. Thanks @byBrodowski.
- Skills: require explicit `skills.entries.coding-agent.enabled` before exposing the bundled coding-agent skill, so installs with Codex on PATH but no OpenAI auth do not silently offer Codex delegation. Fixes #73358. Thanks @LaFleurAdvertising and @Sanjays2402.
- Plugins/startup: treat manifestless Claude bundles as valid installed-plugin registry entries instead of stale missing manifests, so workspace bundles no longer force repeated derived registry rebuilds or noisy `plugins.entries.workspace` warnings during Gateway startup. Fixes #73433. Thanks @AnneVoss.
- Agents/subagents: preserve `sessions_yield` as a paused subagent state and ignore its wait text while freezing completion output, so parent sessions wait for the final post-compaction answer instead of receiving intermediate progress or `(no output)`. Fixes #73413. Thanks @Ask-sola.
- Plugins/startup: precompute bundled runtime mirror fingerprints before taking the mirror lock and keep Docker bundled plugin runtime deps/mirrors in a Docker-managed volume instead of the Windows/WSL config bind mount, so cold starts avoid slow host-volume mirror writes. Fixes #73339. Thanks @1yihui.
- Plugins/runtime deps: refresh bundled runtime mirrors without deleting active import trees, so config-triggered restarts do not see transient missing plugin files during registration. Thanks @shakkernerd.
- Channels/LINE: persist inbound image, video, audio, and file downloads in `~/.openclaw/media/inbound/` instead of temporary files so agents can still read LINE media after `/tmp` cleanup. Fixes #73370. Thanks @hijirii and @wenxu007.
- CLI/plugins: keep bundled plugin installs out of `plugins.load.paths` while preserving install records, so install/inspect/doctor loops no longer warn about the current bundled plugin directory. Thanks @vincentkoc.
- CLI/plugins: scope `plugins inspect <id>` runtime loading to the matched plugin so single-plugin inspection does not load every plugin before checking the target. Thanks @shakkernerd.
- CLI/plugins: remove managed copied-path plugin directories during uninstall and plan uninstall from metadata instead of runtime-loading plugins, so plugin lifecycle commands avoid unnecessary bundled runtime-deps work. Thanks @shakkernerd.
- Cron tool: infer the creating session's agentId for `cron.add` jobs when `agentId` is omitted or passed as undefined, keeping scheduled agentTurn jobs routed to the session agent; #40571 identified the guard bug and supplied the focused regression coverage. Thanks @ChanningYul.
- Cron/Telegram: add `--thread-id` to `openclaw cron add` and `openclaw cron edit`, preserving Telegram forum topic delivery targets across scheduled announcements. Carries forward #51581, #60373, and #60890. Thanks @ChunHao-dev.
- Cron/Telegram: preserve session-derived Telegram topic thread IDs when isolated cron delivery explicitly targets the parent chat, keeping bare chat targets in the active forum topic without leaking stale topics to other chats. Carries forward #64708. Thanks @addelh.
- Memory/compaction: keep pre-compaction memory-flush prompts runtime-only so session transcripts and `chat.history` no longer expose them as normal user turns. Fixes #54408 and #58956; refs #43567. Thanks @markgong and @guoyuhang9.
- Control UI/WebChat: keep large attachment payloads out of Lit state and optimistic chat messages, using object URL previews plus send-time payload serialization so PDF/image uploads no longer trigger `RangeError: Maximum call stack size exceeded`. Fixes #73360; refs #54378 and #63432. Thanks @hejunhui-73, @Ansub, and @christianhernandez3-afk.
- Agents/Anthropic: cancel stalled Anthropic Messages SSE body reads when abort signals fire, so active-memory timeouts release transport resources instead of leaving hidden recall runs parked on `reader.read()`. Refs #72965 and #73120. Thanks @wdeveloper16.
- Control UI/WebChat: keep pending run and typing state attached to the active client run, so unowned inject/announce/side-result finals no longer unlock unrelated active runs while completed owned runs still clear promptly. Fixes #57795; carries forward the narrow diagnosis from #57887. Thanks @haoyu-haoyu.
- Sandbox/Docker: stop satisfying a missing default sandbox image by tagging plain Debian as `openclaw-sandbox:bookworm-slim`, preserving the Python tooling required by sandbox write/edit helpers and directing users to build the default image. Fixes #51185; refs #45108, #51099, #51609, and #57713. Thanks @dpalis, @Tin55FoilDev, @jbcohen2-coder, @macminihal-cyber, and @PraxoOnline.
- Control UI/WebChat: confirm toolbar New Session button resets before dispatching `/new` while leaving typed `/new` and `/reset` commands immediate. Fixes #45800; refs #27065, #56611, #54499, and #27110. Thanks @aethnova, @kosta228-huli, @adambezemek, and @xss925175263 (xianshishan).
- Agents/models: keep per-agent primary models strict when `fallbacks` is omitted, so probe-only custom providers are not tried as hidden fallback candidates unless the agent explicitly opts in. Fixes #73332. Thanks @haumanto.
- Gateway/models: add `models.pricing.enabled` so offline or restricted-network installs can skip startup OpenRouter and LiteLLM pricing-catalog fetches while keeping explicit model costs working. Fixes #53639. Thanks @callebtc, @palewire, and @rjdjohnston.
- Gateway/startup: warn when legacy `CLAWDBOT_*` or `MOLTBOT_*` environment variables are still present, pointing users to `OPENCLAW_*` names instead of failing silently. Fixes #53482; carries forward #53667. Thanks @lndyzwdxhs.
- Onboarding: pin interactive and non-interactive health checks to the just-configured setup token/password so stale `OPENCLAW_GATEWAY_TOKEN` or `OPENCLAW_GATEWAY_PASSWORD` values do not produce false gateway-token-mismatch failures after setup. Fixes #72203. Thanks @galiniliev.
- Doctor/state: require an interactive confirmation before archiving orphan transcript files, so `openclaw doctor --fix` no longer silently renames recoverable session history after upgrades regenerate `sessions.json`. Fixes #73106. Thanks @scottgl9.
- Cron/Telegram: preserve explicit `:topic:` delivery targets over stale session-derived thread IDs when isolated cron announces to Telegram forum topics. Carries forward #59069; refs #49704 and #43808. Thanks @roytong9.
- Build/runtime: write the runtime-postbuild stamp after `pnpm build` writes the build stamp, so the next CLI invocation does not re-sync runtime artifacts after a successful build. Fixes #73151. Thanks @bittoby.
- Build/runtime: preserve staged bundled-plugin runtime dependency caches across source-checkout tsdown rebuilds, so local CLI and gateway-watch rebuilds no longer recreate large plugin dependency trees before starting. Refs #73205. Thanks @SymbolStar.
- CLI/channels: list configured chat channel accounts from read-only setup metadata even when the standalone CLI has not loaded the runtime channel registry, so `openclaw channels list` shows Telegram accounts before auth providers. Fixes #73319 and #73322. Thanks @mlaihk.
- CLI/model probes: keep `infer model run --gateway` raw by skipping prior session transcript, bootstrap context, context-engine assembly, tools, and bundled MCP servers, so local backends can be tested without full agent-context overhead. Fixes #73308. Thanks @ScientificProgrammer.
- CLI/image describe: pass `--prompt` and `--timeout-ms` through `infer image describe` and `describe-many`, so custom vision instructions and slow local model budgets reach media-understanding providers such as Ollama, OpenAI, Google, and OpenRouter. Addresses #63700. Thanks @cedricjanssens.
- Providers/Ollama: reject long non-linguistic Kimi/GLM symbol runs as provider failures instead of storing them as successful visible assistant replies, so fallback or error handling can recover from garbled cloud output. Fixes #64262; refs #67019. Thanks @Kloz813 and @xiaomenger123.
- CLI/model probes: reject empty or whitespace-only `infer model run --prompt` values before calling local providers or the Gateway, so smoke checks do not spend provider calls on invalid turns. Fixes #73185. Thanks @iot2edge.
- Gateway/media: route text-only `chat.send` image offloads through media-understanding fields so `agents.defaults.imageModel` can describe WebChat attachments instead of leaving only an opaque `media://inbound` marker. Fixes #72968. Thanks @vorajeeah.
- Gateway/Windows: route no-listener restart handoffs through the Windows supervisor without leaving restart tokens in flight, so failed task scheduling can be retried and successful handoffs do not coalesce later restart requests. (#69056) Thanks @Thatgfsj.
- Gateway/model pricing: skip plugin manifest discovery during background pricing refreshes when `plugins.enabled: false`, so disabled-plugin setups do not keep rebuilding plugin metadata from the Gateway hot path. Fixes #73291. Thanks @slideshow-dingo and @fishgills.
- Ollama/thinking: validate `/think` commands against live Ollama catalog reasoning metadata and preserve explicit native `params.think`/`params.thinking`, so models whose `/api/show` capabilities include `thinking` expose `low`, `medium`, `high`, and `max` instead of being stuck on `off`. Fixes #73366. Thanks @cymise.
- Gateway/sessions: remove automatic oversized `sessions.json` rotation backups, deprecate `session.maintenance.rotateBytes`, and teach `openclaw doctor --fix` to remove the ignored key so hot session writes no longer copy multi-MB stores. Refs #72338. Thanks @midhunmonachan and @DougButdorf.
- Channels/Telegram: fail fast when Telegram rejects the startup `getMe` token probe with 401, so invalid or stale BotFather tokens are reported as token auth failures instead of misleading `deleteWebhook` cleanup failures. Fixes #47674. Thanks @samaedan-arch.
- ACPX: keep generated Codex and Claude ACP wrapper startup paths working when remote or special state filesystems reject chmod, since OpenClaw invokes the wrappers through Node instead of executing them directly. Fixes #73333. Thanks @david-garcia-garcia.
- CLI/onboarding: infer image input for common custom-provider vision model IDs, ask only for unknown models, and keep `--custom-image-input`/`--custom-text-input` overrides so vision-capable proxies do not get saved as text-only configs. Fixes #51869. Thanks @Antsoldier1974.
- Models/OpenAI Codex: stop listing or resolving unsupported `openai-codex/gpt-5.4-mini` rows through Codex OAuth, keep stale discovery rows suppressed with a clear API-key-route hint, and leave direct `openai/gpt-5.4-mini` available. Fixes #73242. Thanks @0xCyda.
- Plugin SDK: restore the root `stringEnum` and `optionalStringEnum` exports on both the published SDK entry and runtime root-alias bridge, so older external plugins can keep building and loading while migrating to focused SDK subpaths. Fixes #68279. Thanks @marzliak.
- Plugin SDK: restore the root-alias bridge for `registerContextEngine` and expose missing legacy compat helpers `normalizeAccountId` and `resolvePreferredOpenClawTmpDir` so older external plugins such as `openclaw-weixin` can keep loading while migrating to focused SDK subpaths. Fixes #53497. Thanks @alanxchen85.
- Auth profiles: make `openclaw doctor --fix` migrate legacy flat `auth-profiles.json` files such as `{ "ollama-windows": { "apiKey": "ollama-local" } }` to canonical provider default API-key profiles with a backup, so custom Ollama/OpenAI-compatible providers recover cleanly after upgrading. Fixes #59629; supersedes #59642. Thanks @Xsanders555 and @Linux2010.
- Memory/Dreaming: retry Dream Diary once with the session default when a configured dreaming model is unavailable, while leaving subagent trust and allowlist errors visible instead of silently masking configuration problems. Refs #67409 and #69209. Thanks @Ghiggins18 and @everySympathy.
- Feishu/inbound files: recover CJK filenames from plain `Content-Disposition: filename=` download headers when Feishu exposes UTF-8 bytes through Latin-1 header decoding, while leaving valid Latin-1 and JSON-derived names unchanged. (#48578, #50435, #59431) Thanks @alex-xuweilong, @lishuaigit, and @DoChaoing.
- Channels/Telegram: normalize accidental full `/bot<TOKEN>` Telegram `apiRoot` values at runtime and teach `openclaw doctor --fix` to remove the suffix, so startup control calls no longer 404 when direct Bot API curl commands work. Fixes #55387. Thanks @brendanmatthewjones-cmyk, @techfindubai-ux, and @Sivlerback-Chris.
- Zalo Personal: persist refreshed `zca-js` session cookies after QR login, session restore, and successful API calls so gateway restarts restore the freshest local session. (#73277) Thanks @darkamenosa.
- Logging/security: redact sensitive tokens (sk-\* keys, Bearer/Authorization values, etc.) at the subsystem console sink so `createSubsystemLogger().info/warn/error` output that bypasses the patched console-capture handler still applies the same redaction the file transport already does. Fixes #73284; refs #67953 and #64046. Thanks @edwin-rivera-dev.
- Plugins/runtime deps: reuse enclosing versioned cache roots when bundled plugins resolve from nested staged paths, so plugin-runtime-deps no longer mints `openclaw-unknown-*` directories or loops on `ENOTEMPTY`. Fixes #72956. (#73205) Thanks @SymbolStar.
- Agents/failover: classify CJK provider transport, quota, billing, auth, and overload error text so Chinese-language provider failures trigger fallback and user-facing transport copy instead of surfacing as unclassified raw errors. (#56242) Thanks @tomcatzh.
- Agents/failover: seed non-claude-cli fallback prompts with Claude Code session context when a claude-cli attempt fails, so fallback models do not restart cold after billing or quota failover. (#72069) Thanks @stainlu.
- Agents/CLI runner: transfer bundle-MCP tempDir cleanup from the per-turn runner finally to the Claude live-session lifecycle, so persistent Claude CLI sessions keep their `--mcp-config` directory until the live subprocess closes. Fixes #73244. Thanks @edwin-rivera-dev.
- Gateway/nodes: allow Windows companion nodes to use safe declared commands such as canvas, camera list, location, device info, and screen snapshot by default while keeping dangerous media commands opt-in. (#71884) Thanks @shanselman.
- Agents/cron: clarify agent-tool and CLI cron timezone guidance so supplied `tz` values use local wall-clock cron fields and omitted cron `tz` falls back to the Gateway host local timezone. Fixes #53669; carries forward #46177. (#73372) Thanks @chen-zhang-cs-code and @maranello-o.
- Providers/Qwen: allow explicitly configured `qwen/qwen3.6-plus` to resolve on Qwen Coding Plan endpoints while keeping the built-in catalog from advertising it there. Fixes #63654; carries forward #63987. Thanks @jepson-liu.
- Channels/Telegram: keep Bot API network fallbacks sticky after failed attempts and retry timed-out startup control calls once on the fallback route, so `deleteWebhook` IPv6 stalls no longer trigger slow multi-account retry storms. Fixes #73255. Thanks @ttomiczek and @sktbrd.
- Gateway/agents: accept heartbeat, cron, and webhook as internal channel hints for agent runs so `sessions_spawn` works from non-delivery parent sessions while unknown channel hints still fail closed. Fixes #73237. Thanks @KeWang0622.
- Gateway/models: merge explicit `models.providers.*.models` rows into the Gateway model catalog with normalized provider/model dedupe, and use normalized image-capability lookup so custom vision models keep native image attachments even when Pi discovery omits them or model ID casing differs. Fixes #64213 and #65165. Thanks @billonese and @202233a.
- Gateway/reload: publish canonical post-write source config to in-process reloaders so simple config saves no longer create phantom plugin diffs or trigger unnecessary Gateway restarts. (#73267) Thanks @szsip239.
- Gateway/Docker: keep config-triggered restarts in-process inside containers instead of spawning a detached child and exiting PID 1 cleanly, so Docker Swarm and other on-failure supervisors do not leave the service stuck at 0/1 replicas. Fixes #73178. Thanks @du-nguyen-IT007.
- CLI/tasks: ship the task-registry control runtime in npm packages so `openclaw tasks cancel` can load ACP/subagent cancellation helpers from published builds. Fixes #68997. Thanks @1OAKDesign.
- Channels/Telegram: preserve unsent generated media after partial reply streaming has already delivered the text, so `image_generate` outputs still reach Telegram as photos instead of being dropped from the final payload. Fixes #73253. Thanks @mlaihk.
- Memory-core/dreaming: cap detached Dream Diary narrative subagents across cron sweeps so multi-workspace dreaming no longer fans out unbounded subagent sessions, lock contention, and cascading narrative timeouts. Fixes #73198. (#73287) Thanks @KeWang0622.
- CLI/agents: close local one-shot Claude live stdio sessions and bundled MCP loopback resources after embedded `openclaw agent --local` runs, while keeping gateway-owned MCP loopback cleanup internal to the Gateway. Thanks @frankekn.
- Export/session: keep inline export HTML scripts and vendor libraries injected after template formatting so generated session exports open with the app code, markdown renderer, and syntax highlighter present. Fixes #41862 and #49957; carries forward #41861 and #68947. Thanks @briannewman, @martenzi, and @armanddp.
- Agents/ACPX: stage the patched Claude ACP adapter as an ACPX runtime dependency and route known Codex/Claude ACP commands through local wrappers, so Gateway runtime no longer depends on live `npx` adapter resolution. Fixes #73202. Thanks @joerod26.
- Memory/compaction: let pre-compaction memory flush use an exact `agents.defaults.compaction.memoryFlush.model` override such as `ollama/qwen3:8b` without inheriting the active session fallback chain, so local housekeeping can avoid paid conversation models. Fixes #53772. Thanks @limen96.
- macOS/update: stop managed Gateway services before package replacement and keep LaunchAgent service secrets out of world-readable plist metadata by loading them from owner-only env files. Fixes #72996. Thanks @Mathewb7.
- Google Meet: keep observe-only Chrome joins and setup checks from requiring BlackHole or audio bridge commands, avoid granting or selecting the microphone in observe-only mode, and make `test_speech` report fresh realtime output-byte verification instead of only confirming a queued utterance. Refs #72478. Thanks @DougButdorf.
 - Gateway/hooks: route non-delivered hook completion and error summaries to the target agent's main session instead of the default agent session, preserving multi-agent hook isolation. Fixes #24693; carries forward #68667. Thanks @abersonFAC and @bluesky6868.
- Control UI/models: request the configured Gateway model-list view so dashboards with only `models.providers.*.models` show those configured models first instead of flooding the picker with the full built-in catalog. Fixes #65405. Thanks @wbyanclaw.
- CLI/models: keep default-model and allowlist pickers on explicit `models.providers.*.models` entries when `models.mode` is `replace` instead of loading the full built-in catalog. Fixes #64950. Thanks @mrozentsvayg.
- Media/security: tighten media-understanding MIME sanitization so parameterized MIME values stay end-anchored and malformed whitespace or suffix payloads are rejected before file-context handling. Fixes #9795; carries forward #68225 with related review/test context from #61016/#68456. Thanks @ymaxgit, @bluesky6868, and @shamsulalam1114.
 - Discord: own the Carbon interaction listener and hand off Discord slash/component handling asynchronously, so compaction or long session locks no longer trip `InteractionEventListener` listener timeouts. Fixes #73204. Thanks @slideshow-dingo.
 - Compaction/diagnostics: keep unknown compaction failure classifications stable while logging sanitized detail for unclassified provider errors such as missing Ollama provider adapters. Thanks @gzsiang.
 - Models/fallbacks: record first-class `model.fallback_step` trajectory events with from/to models, failure detail, chain position, and final outcome so support exports preserve the primary model failure even when a later fallback also fails. Fixes #71744. Thanks @nikolaykazakovvs-ux.
 - Gateway/agents: block agent `exec` from launching interactive `openclaw channels login` flows and abort active agent runs after invalid-config recovery restores last-known-good config, preventing known channel-login and reload paths from wedging replies. Refs #72338. Thanks @midhunmonachan.
- Gateway/diagnostics: emit payload-free liveness warnings with event-loop delay, event-loop utilization, CPU-core ratio, active-session counts, and OTEL warning metrics/spans so live-but-stalled Gateways capture CPU-spin context in stability bundles and telemetry. Refs #72338. Thanks @midhunmonachan and @DougButdorf.
+- Gateway/diagnostics: emit payload-free liveness warnings with event-loop delay, event-loop utilization, CPU-core ratio, and active-session counts so live-but-stalled Gateways capture CPU-spin context in stability bundles. Refs #72338. Thanks @midhunmonachan and @DougButdorf.
 - Gateway/startup: keep value-option foreground starts on the gateway fast path and skip proxy bootstrap unless proxy env is configured, reducing normal gateway startup RSS and avoiding full CLI graph loading. Thanks @vincentkoc.
 - Heartbeat/models: show heartbeat model bleed guidance on context-overflow resets when the last runtime model matches configured `heartbeat.model`, so smaller local heartbeat models point users to `isolatedSession` or `lightContext` instead of only compaction-buffer tuning. Fixes #67314. Thanks @Knightmare6890.
 - Subagents/models: persist `sessions_spawn.model` and configured subagent models as child-session model overrides before the first turn, so spawned subagents actually run on the requested provider/model instead of reverting to the target agent default. Fixes #73180. Thanks @danielzinhu99.
 - Channels/Telegram: keep webhook-mode local listeners alive and retry Telegram `setWebhook` registration after recoverable startup network failures, so transient Bot API timeouts no longer leave reverse proxies pointing at a closed listener. Fixes #71834. Thanks @jinon86.
 - Agents/ACPX: bundle the Codex ACP adapter and launch it from the isolated `CODEX_HOME` wrapper before falling back to npm, so Codex ACP startup no longer depends on live `npx` resolution or the stale `@zed-industries/codex-acp@^0.11.1` range. Fixes #72037; refs #73202. Thanks @jasonftl, @sazora, and @joerod26.
- Agents/ACPX: register the embedded ACP backend at Gateway startup through a lightweight ACP backend SDK path and without importing the heavy ACPX runtime until an ACP session or explicit startup probe needs it, reducing baseline Gateway RSS. Thanks @vincentkoc.
 - CLI/update: keep restart health polling when the restarted Gateway is reachable but has not reported its version yet, so macOS service restarts do not fail early with `actual unavailable`. Thanks @ProspectOre.
 - Backup: skip installed plugin `extensions/*/node_modules` dependency trees while keeping plugin manifests and source files in archives, so local backups avoid rebuildable npm payload bloat. Fixes #64144. Thanks @BrilliantWang.
 - Cron/models: fail isolated cron runs closed when an explicit `payload.model` is not allowed or cannot be resolved, so scheduled jobs do not silently fall back to an unrelated agent default or paid route before configured provider proxies such as LiteLLM can run. Fixes #73146. Thanks @oneandrewwang.
 - Memory/QMD: back off repeated chat-turn QMD open failures while still letting memory status and CLI probes recheck immediately, so a broken sidecar dependency cannot trigger active-memory or cron retry storms. Fixes #73188 and #73176. Thanks @leonlushgit and @w3i-William.
- Talk Mode: resolve `messages.tts.providers.<id>.apiKey` through the active runtime snapshot for `talk.config`, so Talk overlays can discover SecretRef-backed speech providers without falling back to local speech. Fixes #73109. (#73111) Thanks @omarshahine.
+- Talk Mode: keep `talk.config` callable when `messages.tts.providers.<id>` stores SecretRef-backed `apiKey` or `token` values, so Talk overlays can discover the configured speech provider without falling back to local speech. Fixes #73109. (#73111) Thanks @omarshahine.
 - Memory/Ollama: resolve `memorySearch.provider` custom provider ids through their configured `models.providers.<id>.api` owner, so multi-GPU Ollama setups can dedicate embeddings to providers such as `ollama-5080` without losing the Ollama adapter or local auth semantics. Fixes #73150. Thanks @oneandrewwang.
 - CLI/memory: skip eager context-window warmup for `openclaw memory` commands so memory search does not race unrelated model metadata discovery. Fixes #73123. Thanks @oalansilva and @neeravmakwana.
 - CLI/Telegram: route Telegram `message send` and poll actions through the running Gateway when available, so packaged installs use the staged `grammy` runtime deps and CLI sends return instead of hanging after the Telegram channel is active. Fixes #73140. Thanks @oalansilva.
@@ -248,7 +67,6 @@ Docs: https://docs.openclaw.ai
 - Doctor/channels: suppress disabled bundled-plugin blocker warnings when a trusted external plugin owns the configured channel, so Lark/Feishu installs no longer get Feishu repair noise after switching to `openclaw-lark`. Fixes #56794. Thanks @wuji-tech-dev.
 - CLI/status: show skipped fast-path memory checks as `not checked` and report active custom memory plugin runtime status from `status --json --all` without requiring built-in `agents.defaults.memorySearch`, so plugins such as memory-lancedb-pro and memory-cms no longer look unavailable when their own runtime is healthy. Fixes #56968. Thanks @Tony-ooo and @aderius.
 - Gateway/channels: record and log unexpected clean channel monitor exits so channels that return without throwing no longer appear stopped with no error. Fixes #73099. Thanks @balaji1968-kingler.
- Discord/group chats: keep group/channel replies private by default unless the agent explicitly uses the message tool, so always-on rooms can lurk without leaking automatic final, block, preview, or status-reaction output; `messages.groupChat.visibleReplies: "automatic"` restores legacy auto-posting. (#73046) Thanks @scoootscooob.
 - Plugins/package: force nested bundled-plugin runtime dependency installs out of inherited npm dry-run mode during prepack and package smoke checks, so packed installs materialize required plugin modules instead of reporting missing bundled files. Refs #73128. Thanks @Adam-Researchh.
 - Discord: skip reaction events before REST channel fetch when notifications are off, guild reactions are disabled, or allowlist mode cannot match without channel overrides, reducing reconnect bursts that caused slow listener warnings. Fixes #73133. Thanks @isaacsummers.
 - Channels/Telegram: centralize polling update tracking so accepted offsets remain durable across restarts, same-process handler failures can still retry, and slow offset writes cannot overwrite newer accepted watermarks. Refs #73115. Thanks @vdruts.
@@ -297,7 +115,6 @@ Docs: https://docs.openclaw.ai
 - Channels/Telegram: stop native approval startup auth failures from retrying every second, while still waiting through retryable Gateway auth handoffs, so Telegram approval setup problems no longer create a reconnect/log loop during channel startup. Refs #72846 and #72867. Thanks @kiranvk-2011 and @porly1985.
 - Channels/Microsoft Teams: unwrap staged CommonJS JWT runtime dependencies before Bot Connector token validation so inbound Teams messages no longer 401 after the bundled runtime-deps move. Fixes #73026. Thanks @kbrown10000.
 - Gateway/auth: allow local direct callers in trusted-proxy mode to use the configured gateway password as an internal fallback while keeping token fallback rejected. Fixes #17761. Thanks @dashed, @vincentkoc, and @jetd1.
- Gateway/auth: add explicit `trustedProxy.allowLoopback` support for same-host loopback reverse proxies while keeping loopback trusted-proxy auth fail-closed by default and preserving required-header and allowlist checks. Fixes #59167; carries forward #63379. Thanks @Matir, @jeremyakers, and @mrosmarin.
 - Channels/sessions: prevent guarded inbound session recording from creating route-only phantom sessions while still allowing last-route updates for sessions that already exist. Carries forward #73009. Thanks @jzakirov.
 - Cron: accept `delivery.threadId` in Gateway cron add/update schemas so scheduled announce delivery can target Telegram forum topics and other threaded channel destinations through the documented delivery path. Fixes #73017. Thanks @coachsootz.
 - Plugins/runtime deps: stage bundled plugin dependencies imported by mirrored root dist chunks, so packaged memory and status commands do not miss `chokidar` or similar root-chunk dependencies after update. Fixes #72882 and #72970; carries forward #72992. Thanks @shrimpy8, @colin-chang, and @Schnup03.
@@ -352,13 +169,19 @@ Docs: https://docs.openclaw.ai
 - TTS/BlueBubbles: pre-transcode synthesized MP3 audio to opus-in-CAF (mono, 24 kHz — validated against macOS 15.x Messages.app's native voice-memo CAF descriptor) on macOS hosts before handing the file to BlueBubbles, so iMessage renders the result as a native voice-memo bubble with proper duration and waveform UI instead of a plain file attachment. Adds an opt-in `tts.voice.preferAudioFileFormat` channel capability and a magic-byte sniff for the CAF container so the host-local-media validator (which uses `file-type` and didn't recognize CAF natively) can verify the pre-transcoded buffer. Channels that don't opt in are unaffected. (#72586) Fixes #72506. Thanks @omarshahine.
 - Feishu: retry WebSocket startup failures with monitor-owned backoff while preserving SDK-local heartbeat defaults, so persistent-connection startup failures no longer leave the monitor hung. Fixes #68766; related #42354 and #55532. Thanks @alex-xuweilong, @120106835, @sirfengyu, and @tianhaocui.

+### Fixes
+
+- CLI/models: keep Chutes and Kilo static catalog rows visible through refreshable manifest catalog metadata while provider-filtered refreshable providers remain registry-backed and merge manifest rows as supplements. Thanks @shakkernerd.
+- CLI/models: skip duplicate catalog supplement resolution during broad `models list --all` output so already-listed registry rows do not pay a second registry lookup pass. Thanks @shakkernerd.
+- CLI/models: move OpenAI and OpenCode Go forward-compat list rows into refreshable manifest catalogs and stop broad `models list --all` from loading runtime catalog supplement hooks. Thanks @shakkernerd.
+- CLI/models: keep broad unfiltered `models list --all` on raw registry rows instead of loading every provider runtime normalization hook, while preserving full normalization for provider-filtered and configured model paths. Thanks @shakkernerd.
+
 ## 2026.4.26

 ### Changes

 - Control UI/Talk: add a generic browser realtime transport contract, Google Live browser Talk sessions with constrained ephemeral tokens, and a Gateway relay for backend-only realtime voice plugins. Thanks @VACInc.
 - CLI/models: route provider-filtered model listing through an explicit source plan so user config, installed manifest rows, Provider Index previews, and scoped runtime fallbacks keep a stable authority order without adding another catalog cache. Thanks @shakkernerd.
- Plugins/cron: add a typed `cron_changed` hook for observing gateway-owned cron lifecycle updates without depending on internal cron events. Thanks @amknight.
 - Providers: add Cerebras as a bundled plugin with onboarding, static model catalog, docs, and manifest-owned endpoint metadata.
 - Memory/OpenAI-compatible: add optional `memorySearch.inputType`, `queryInputType`, and `documentInputType` config for asymmetric embedding endpoints, including direct query embeddings and provider batch indexing. Carries forward #63313 and #60727. Thanks @HOYALIM and @prospect1314521.
 - Ollama/memory: add model-specific retrieval query prefixes for `nomic-embed-text`, `qwen3-embedding`, and `mxbai-embed-large` memory-search queries while leaving document batches unchanged. Carries forward #45013. Thanks @laolin5564.
@@ -515,8 +338,6 @@ Docs: https://docs.openclaw.ai
 - Agents/bootstrap: dedupe hook-injected bootstrap context files by workspace-relative path and store normalized resolved paths so duplicate relative and absolute hook paths no longer depend on the process cwd. (#59344; fixes #59319; related #56721, #56725, and #57587) Thanks @koen666.
 - Agents/bootstrap: refresh cached workspace bootstrap snapshots on long-lived main-session turns when `AGENTS.md`, `SOUL.md`, `MEMORY.md`, or `TOOLS.md` change on disk, while preserving unchanged snapshot identity through the workspace file cache. (#64871; related #43901, #26497, #28594, #30896) Thanks @aimqwest and @mikejuyoon.
 - macOS Gateway: detect installed-but-unloaded LaunchAgent split-brain states during status, doctor, and restart, and re-bootstrap launchd supervision before falling back to unmanaged listener restarts. Fixes #67335, #53475, and #71060; refs #58890, #60885, and #70801. Thanks @ze1tgeist88, @dafacto, and @vishutdhar.
- WhatsApp: clear cached Web auth and active listener state after terminal 440/401 conflict/logout closes so linked/OK status no longer masks a dead inbound listener after relink or restart. Fixes #45474; refs #49305, #63855, #66920, and #70856. Thanks @juvenalmakoszay and @dsantoreis.
- Gateway/restart: keep local restart-health probes on configured local daemon auth without falling back to remote gateway credentials. (#57374, #59439) Thanks @zssggle-rgb and @roytong9.
 - Plugins/install: treat mirrored core logger dependencies as staged bundled runtime deps so packaged Gateway starts do not crash when the external plugin-runtime-deps root is missing `tslog`. Fixes #72228; supersedes #72493. Thanks @deepujain.
 - Build/plugins: preserve active bundled runtime-dependency staging temp directories owned by live build processes so overlapping postbuild runs no longer delete each other's staged deps mid-prune. Supersedes #72220. Thanks @VACInc.
 - Plugins/install: hide bundled runtime-dependency npm child windows on Windows across Gateway startup, postinstall, and packaged staging paths so Telegram/Anthropic dependency repair no longer flashes shell windows. Fixes #72315. Thanks @athuljayaram and @joshfeng.
@@ -527,7 +348,6 @@ Docs: https://docs.openclaw.ai
 - TTS/SecretRef: resolve `messages.tts.providers.*.apiKey` from the active runtime snapshot so SecretRef-backed MiniMax and other TTS provider keys work in runtime reply/audio paths. Fixes #68690. Thanks @joshavant.
 - Gateway/install: surface systemd user-bus recovery hints during Linux service activation and retry via the target user scope when `systemctl --user` reports no-medium bus failures, without letting stale `SUDO_USER` override `sudo -u` installs. Fixes #39673; refs #44417 and #63561. Thanks @Arbor4, @myrsu, @mssteuer, and @boyuaner.
 - CLI/nodes: make unfiltered `openclaw nodes list` prefer the effective paired-node view used by `nodes status` while preserving pending rows, pairing-scope fallback, terminal-safe table rendering, and paired JSON metadata. Fixes #46871; carries forward #65772 through the ProjectClownfish #72619 repair. Thanks @skainguyen1412.
- Memory Wiki/CLI: route active bridge-mode status, doctor, and bridge imports through Gateway RPC so CLI checks use the runtime memory plugin context while disabled bridge imports stay local/offline. Carries forward #67208 and #71479; related #70185. Thanks @moorsecopers99, @vincentkoc, and @prasad-yashdeep.
 - CLI/startup: read generated startup metadata from the bundled `dist` layout before falling back to live help rendering, so root/browser help and channel-option bootstrap stay on the fast path. Thanks @vincentkoc.
 - Feishu/Lark: stop treating broadcast-only `@all`/`@_all` messages as bot mentions while preserving direct bot mentions, including messages that also include `@all`. Fixes #37706. Thanks @JosepLee.
 - CLI/help: treat positional `help` invocations like `openclaw channels help` as help paths for startup gating, avoiding model/auth warmup while preserving positional arguments such as `openclaw docs help`. Thanks @gumadeiras.
@@ -586,7 +406,6 @@ Docs: https://docs.openclaw.ai
 - Gateway health: preserve live runtime-backed channel/account state in `gateway.health` snapshots and cached refreshes while keeping raw probe payloads on sensitive/admin paths only. (#39921, #42586, #46527, #52770, #42543) Thanks @FAL1989, @rstar327, @0xble, and @ajayr.
 - Feishu: extract quoted/replied interactive-card text across schema 1.0, schema 2.0, i18n, template-variable, and post-format fallback shapes without carrying broad generated/config churn from related parser experiments. (#38776, #60383, #42218, #45936) Thanks @lishuaigit, @lskun, @just2gooo, and @Br1an67.
 - Telegram/agents: hide raw failed write/edit warning messages in Telegram when the assistant already explicitly acknowledges the failed action, while keeping warnings when the reply claims success or omits the failure; #39406 remains the broader configurable delivery-policy follow-up. Fixes #51065; covers #39631. Thanks @Bartok9 and @Bortlesboat.
- TUI: clear stale streaming status when an orphaned final event or watchdog reset leaves no tracked active run, flushing deferred local history refreshes without surfacing inactive-run failures. Fixes #64825; carries forward #52745. Thanks @lyksdu.
 - Exec approvals: accept a symlinked `OPENCLAW_HOME` as the trusted approvals root while still rejecting symlinked `.openclaw` path components below it. (#64663) Thanks @FunJim.
 - Logging: add top-level `hostname`, flattened `message`, and available `agent_id`, `session_id`, and `channel` fields to file-log JSONL records for multi-agent filtering without removing existing structured log arguments. Fixes #51075. Thanks @stevengonsalvez.
 - ACP: route server logs to stderr before Gateway config/bootstrap work so ACP stdout remains JSON-RPC only for IDE integrations. Fixes #49060. Thanks @Hollychou924.
@@ -1038,7 +857,6 @@ Docs: https://docs.openclaw.ai
 - Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
 - DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
 - Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
- Providers/OpenRouter: add native video generation through `video_generate`, so OpenRouter video models work with `OPENROUTER_API_KEY`. (#72700) Thanks @notamicrodose.
 - Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
 - Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

--- a/8
+++ b/8
@@ -258,12 +258,10 @@ RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,shar
 RUN ln -sf /app/openclaw.mjs /usr/local/bin/openclaw \
 && chmod 755 /app/openclaw.mjs

-# Pre-create the default state and runtime-deps dirs so first-run Docker named
-# volumes mounted here inherit node ownership instead of root-owned state.
+# Pre-create the default state dir so first-run Docker named volumes mounted
+# here inherit node ownership instead of starting as root-owned state.
 RUN install -d -m 0700 -o node -g node /home/node/.openclaw && \
-    install -d -m 0700 -o node -g node /var/lib/openclaw/plugin-runtime-deps && \
-    stat -c '%U:%G %a' /home/node/.openclaw | grep -qx 'node:node 700' && \
-    stat -c '%U:%G %a' /var/lib/openclaw/plugin-runtime-deps | grep -qx 'node:node 700'
+    stat -c '%U:%G %a' /home/node/.openclaw | grep -qx 'node:node 700'

 ENV NODE_ENV=production

--- a/apps/android/.editorconfig
+++ b/apps/android/.editorconfig
@@ -1,16 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.{kt,kts}]
-indent_style = space
-indent_size = 2
-max_line_length = off
-ktlint_standard_filename = disabled
-ktlint_standard_function-naming = disabled
-ktlint_standard_max-line-length = disabled
-ktlint_standard_property-naming = disabled
--- a/apps/android/README.md
+++ b/apps/android/README.md
@@ -15,7 +15,6 @@ Status: **extremely alpha**. The app is actively being rebuilt from the ground u
 - [x] Request camera/location and other permissions in onboarding/settings flow
 - [x] Push notifications for gateway/chat status updates
 - [x] Security hardening (biometric lock, token handling, safer defaults)
- [x] Authenticated background presence beacons
 - [x] Voice tab full functionality
 - [x] Screen tab full functionality
 - [ ] Full end-to-end QA and release hardening
--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -7,274 +7,284 @@ val androidStorePassword = providers.gradleProperty("OPENCLAW_ANDROID_STORE_PASS
 val androidKeyAlias = providers.gradleProperty("OPENCLAW_ANDROID_KEY_ALIAS").orNull?.takeIf { it.isNotBlank() }
 val androidKeyPassword = providers.gradleProperty("OPENCLAW_ANDROID_KEY_PASSWORD").orNull?.takeIf { it.isNotBlank() }
 val resolvedAndroidStoreFile =
-  androidStoreFile?.let { storeFilePath ->
-    if (storeFilePath.startsWith("~/")) {
-      "${System.getProperty("user.home")}/${storeFilePath.removePrefix("~/")}"
-    } else {
-      storeFilePath
+    androidStoreFile?.let { storeFilePath ->
+        if (storeFilePath.startsWith("~/")) {
+            "${System.getProperty("user.home")}/${storeFilePath.removePrefix("~/")}"
+        } else {
+            storeFilePath
+        }
    }
-  }

 val hasAndroidReleaseSigning =
-  listOf(resolvedAndroidStoreFile, androidStorePassword, androidKeyAlias, androidKeyPassword).all { it != null }
+    listOf(resolvedAndroidStoreFile, androidStorePassword, androidKeyAlias, androidKeyPassword).all { it != null }

 val wantsAndroidReleaseBuild =
-  gradle.startParameter.taskNames.any { taskName ->
-    taskName.contains("Release", ignoreCase = true) ||
-      Regex("""(^|:)(bundle|assemble)$""").containsMatchIn(taskName)
-  }
+    gradle.startParameter.taskNames.any { taskName ->
+        taskName.contains("Release", ignoreCase = true) ||
+            Regex("""(^|:)(bundle|assemble)$""").containsMatchIn(taskName)
+    }

 if (wantsAndroidReleaseBuild && !hasAndroidReleaseSigning) {
-  error(
-    "Missing Android release signing properties. Set OPENCLAW_ANDROID_STORE_FILE, " +
-      "OPENCLAW_ANDROID_STORE_PASSWORD, OPENCLAW_ANDROID_KEY_ALIAS, and " +
-      "OPENCLAW_ANDROID_KEY_PASSWORD in ~/.gradle/gradle.properties.",
-  )
+    error(
+        "Missing Android release signing properties. Set OPENCLAW_ANDROID_STORE_FILE, " +
+            "OPENCLAW_ANDROID_STORE_PASSWORD, OPENCLAW_ANDROID_KEY_ALIAS, and " +
+            "OPENCLAW_ANDROID_KEY_PASSWORD in ~/.gradle/gradle.properties.",
+    )
 }

 plugins {
-  alias(libs.plugins.android.application)
-  alias(libs.plugins.ktlint)
-  alias(libs.plugins.kotlin.compose)
-  alias(libs.plugins.kotlin.serialization)
+    id("com.android.application")
+    id("org.jlleitschuh.gradle.ktlint")
+    id("org.jetbrains.kotlin.plugin.compose")
+    id("org.jetbrains.kotlin.plugin.serialization")
 }

 android {
-  namespace = "ai.openclaw.app"
-  compileSdk = 36
+    namespace = "ai.openclaw.app"
+    compileSdk = 36

-  // Release signing is local-only; keep the keystore path and passwords out of the repo.
-  signingConfigs {
-    if (hasAndroidReleaseSigning) {
-      create("release") {
-        storeFile = project.file(checkNotNull(resolvedAndroidStoreFile))
-        storePassword = checkNotNull(androidStorePassword)
-        keyAlias = checkNotNull(androidKeyAlias)
-        keyPassword = checkNotNull(androidKeyPassword)
-      }
+    // Release signing is local-only; keep the keystore path and passwords out of the repo.
+    signingConfigs {
+        if (hasAndroidReleaseSigning) {
+            create("release") {
+                storeFile = project.file(checkNotNull(resolvedAndroidStoreFile))
+                storePassword = checkNotNull(androidStorePassword)
+                keyAlias = checkNotNull(androidKeyAlias)
+                keyPassword = checkNotNull(androidKeyPassword)
+            }
+        }
    }
-  }

-  sourceSets {
-    getByName("main") {
-      assets.directories.add("../../shared/OpenClawKit/Sources/OpenClawKit/Resources")
+    sourceSets {
+        getByName("main") {
+            assets.directories.add("../../shared/OpenClawKit/Sources/OpenClawKit/Resources")
+        }
    }
-  }

-  defaultConfig {
-    applicationId = "ai.openclaw.app"
-    minSdk = 31
-    targetSdk = 36
-    versionCode = 2026042700
-    versionName = "2026.4.27"
-    ndk {
-      // Support all major ABIs — native libs are tiny (~47 KB per ABI)
-      abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")
+    defaultConfig {
+        applicationId = "ai.openclaw.app"
+        minSdk = 31
+        targetSdk = 36
+        versionCode = 2026042600
+        versionName = "2026.4.26"
+        ndk {
+            // Support all major ABIs — native libs are tiny (~47 KB per ABI)
+            abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")
+        }
    }
-  }

-  flavorDimensions += "store"
+    flavorDimensions += "store"

-  productFlavors {
-    create("play") {
-      dimension = "store"
+    productFlavors {
+        create("play") {
+            dimension = "store"
+            buildConfigField("boolean", "OPENCLAW_ENABLE_SMS", "false")
+            buildConfigField("boolean", "OPENCLAW_ENABLE_CALL_LOG", "false")
+        }
+        create("thirdParty") {
+            dimension = "store"
+            buildConfigField("boolean", "OPENCLAW_ENABLE_SMS", "true")
+            buildConfigField("boolean", "OPENCLAW_ENABLE_CALL_LOG", "true")
+        }
    }
-    create("thirdParty") {
-      dimension = "store"
+
+    buildTypes {
+        release {
+            if (hasAndroidReleaseSigning) {
+                signingConfig = signingConfigs.getByName("release")
+            }
+            isMinifyEnabled = true
+            isShrinkResources = true
+            ndk {
+                debugSymbolLevel = "SYMBOL_TABLE"
+            }
+            proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro")
+        }
+        debug {
+            isMinifyEnabled = false
+        }
    }
-  }

-  buildTypes {
-    release {
-      if (hasAndroidReleaseSigning) {
-        signingConfig = signingConfigs.getByName("release")
-      }
-      isMinifyEnabled = true
-      isShrinkResources = true
-      ndk {
-        debugSymbolLevel = "SYMBOL_TABLE"
-      }
-      proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro")
+    buildFeatures {
+        compose = true
+        buildConfig = true
    }
-    debug {
-      isMinifyEnabled = false
+
+    compileOptions {
+        sourceCompatibility = JavaVersion.VERSION_17
+        targetCompatibility = JavaVersion.VERSION_17
    }
-  }

-  buildFeatures {
-    compose = true
-    buildConfig = true
-  }
-
-  compileOptions {
-    sourceCompatibility = JavaVersion.VERSION_17
-    targetCompatibility = JavaVersion.VERSION_17
-  }
-
-  packaging {
-    resources {
-      excludes +=
-        setOf(
-          "/META-INF/{AL2.0,LGPL2.1}",
-          "/META-INF/*.version",
-          "/META-INF/LICENSE*.txt",
-          "DebugProbesKt.bin",
-          "kotlin-tooling-metadata.json",
-          "org/bouncycastle/pqc/crypto/picnic/lowmcL1.bin.properties",
-          "org/bouncycastle/pqc/crypto/picnic/lowmcL3.bin.properties",
-          "org/bouncycastle/pqc/crypto/picnic/lowmcL5.bin.properties",
-          "org/bouncycastle/x509/CertPathReviewerMessages*.properties",
-        )
+    packaging {
+        resources {
+            excludes +=
+                setOf(
+                    "/META-INF/{AL2.0,LGPL2.1}",
+                    "/META-INF/*.version",
+                    "/META-INF/LICENSE*.txt",
+                    "DebugProbesKt.bin",
+                    "kotlin-tooling-metadata.json",
+                    "org/bouncycastle/pqc/crypto/picnic/lowmcL1.bin.properties",
+                    "org/bouncycastle/pqc/crypto/picnic/lowmcL3.bin.properties",
+                    "org/bouncycastle/pqc/crypto/picnic/lowmcL5.bin.properties",
+                    "org/bouncycastle/x509/CertPathReviewerMessages*.properties",
+                )
+        }
    }
-  }

-  lint {
-    lintConfig = file("lint.xml")
-    warningsAsErrors = true
-  }
+    lint {
+        disable +=
+            setOf(
+                "AndroidGradlePluginVersion",
+                "GradleDependency",
+                "IconLauncherShape",
+                "NewerVersionAvailable",
+            )
+        warningsAsErrors = true
+    }

-  testOptions {
-    unitTests.isIncludeAndroidResources = true
-  }
+    testOptions {
+        unitTests.isIncludeAndroidResources = true
+    }
 }

 androidComponents {
-  onVariants { variant ->
-    variant.outputs
-      .filterIsInstance<VariantOutputImpl>()
-      .forEach { output ->
-        val versionName = output.versionName.orNull ?: "0"
-        val buildType = variant.buildType
-        val flavorName = variant.flavorName?.takeIf { it.isNotBlank() }
-        val outputFileName =
-          if (flavorName == null) {
-            "openclaw-$versionName-$buildType.apk"
-          } else {
-            "openclaw-$versionName-$flavorName-$buildType.apk"
-          }
-        output.outputFileName = outputFileName
-      }
-  }
+    onVariants { variant ->
+        variant.outputs
+            .filterIsInstance<VariantOutputImpl>()
+            .forEach { output ->
+                val versionName = output.versionName.orNull ?: "0"
+                val buildType = variant.buildType
+                val flavorName = variant.flavorName?.takeIf { it.isNotBlank() }
+                val outputFileName =
+                    if (flavorName == null) {
+                        "openclaw-$versionName-$buildType.apk"
+                    } else {
+                        "openclaw-$versionName-$flavorName-$buildType.apk"
+                    }
+                output.outputFileName = outputFileName
+            }
+    }
 }
 kotlin {
-  compilerOptions {
-    jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_17)
-    allWarningsAsErrors.set(true)
-  }
+    compilerOptions {
+        jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_17)
+        allWarningsAsErrors.set(true)
+    }
 }

 ktlint {
-  android.set(true)
-  ignoreFailures.set(false)
-  filter {
-    exclude("**/build/**")
-  }
+    android.set(true)
+    ignoreFailures.set(false)
+    filter {
+        exclude("**/build/**")
+    }
 }

 dependencies {
-  val composeBom = platform(libs.androidx.compose.bom)
-  implementation(composeBom)
-  androidTestImplementation(composeBom)
+    val composeBom = platform("androidx.compose:compose-bom:2026.03.01")
+    implementation(composeBom)
+    androidTestImplementation(composeBom)

-  implementation(libs.androidx.core.ktx)
-  implementation(libs.androidx.lifecycle.runtime.ktx)
-  implementation(libs.androidx.activity.compose)
-  implementation(libs.androidx.webkit)
+    implementation("androidx.core:core-ktx:1.17.0")
+    implementation("androidx.lifecycle:lifecycle-runtime-ktx:2.10.0")
+    implementation("androidx.activity:activity-compose:1.13.0")
+    implementation("androidx.webkit:webkit:1.15.0")

-  implementation(libs.androidx.compose.ui)
-  implementation(libs.androidx.compose.ui.tooling.preview)
-  implementation(libs.androidx.compose.material3)
-  // material-icons-extended pulled in full icon set (~20 MB DEX). Only ~18 icons used.
-  // R8 will tree-shake unused icons when minify is enabled on release builds.
-  implementation(libs.androidx.compose.material.icons.extended)
+    implementation("androidx.compose.ui:ui")
+    implementation("androidx.compose.ui:ui-tooling-preview")
+    implementation("androidx.compose.material3:material3")
+    // material-icons-extended pulled in full icon set (~20 MB DEX). Only ~18 icons used.
+    // R8 will tree-shake unused icons when minify is enabled on release builds.
+    implementation("androidx.compose.material:material-icons-extended")

-  debugImplementation(libs.androidx.compose.ui.tooling)
+    debugImplementation("androidx.compose.ui:ui-tooling")

-  // Material Components (XML theme + resources)
-  implementation(libs.material)
+    // Material Components (XML theme + resources)
+    implementation("com.google.android.material:material:1.13.0")

-  implementation(libs.kotlinx.coroutines.android)
-  implementation(libs.kotlinx.serialization.json)
+    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.10.2")
+    implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.11.0")

-  implementation(libs.androidx.security.crypto)
-  implementation(libs.androidx.exifinterface)
-  implementation(libs.okhttp)
-  implementation(libs.bcprov)
-  implementation(libs.commonmark)
-  implementation(libs.commonmark.ext.autolink)
-  implementation(libs.commonmark.ext.gfm.strikethrough)
-  implementation(libs.commonmark.ext.gfm.tables)
-  implementation(libs.commonmark.ext.task.list.items)
+    implementation("androidx.security:security-crypto:1.1.0")
+    implementation("androidx.exifinterface:exifinterface:1.4.2")
+    implementation("com.squareup.okhttp3:okhttp:5.3.2")
+    implementation("org.bouncycastle:bcprov-jdk18on:1.84")
+    implementation("org.commonmark:commonmark:0.28.0")
+    implementation("org.commonmark:commonmark-ext-autolink:0.28.0")
+    implementation("org.commonmark:commonmark-ext-gfm-strikethrough:0.28.0")
+    implementation("org.commonmark:commonmark-ext-gfm-tables:0.28.0")
+    implementation("org.commonmark:commonmark-ext-task-list-items:0.28.0")

-  // CameraX (for node.invoke camera.* parity)
-  implementation(libs.androidx.camera.core)
-  implementation(libs.androidx.camera.camera2)
-  implementation(libs.androidx.camera.lifecycle)
-  implementation(libs.androidx.camera.video)
-  implementation(libs.play.services.code.scanner)
+    // CameraX (for node.invoke camera.* parity)
+    implementation("androidx.camera:camera-core:1.5.2")
+    implementation("androidx.camera:camera-camera2:1.5.2")
+    implementation("androidx.camera:camera-lifecycle:1.5.2")
+    implementation("androidx.camera:camera-video:1.5.2")
+    implementation("com.google.android.gms:play-services-code-scanner:16.1.0")

-  // Unicast DNS-SD (Wide-Area Bonjour) for tailnet discovery domains.
-  implementation(libs.dnsjava)
+    // Unicast DNS-SD (Wide-Area Bonjour) for tailnet discovery domains.
+    implementation("dnsjava:dnsjava:3.6.4")

-  testImplementation(libs.junit)
-  testImplementation(libs.kotlinx.coroutines.test)
-  testImplementation(libs.kotest.runner.junit5)
-  testImplementation(libs.kotest.assertions.core)
-  testImplementation(libs.mockwebserver)
-  testImplementation(libs.robolectric)
-  testRuntimeOnly(libs.junit.vintage.engine)
+    testImplementation("junit:junit:4.13.2")
+    testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.10.2")
+    testImplementation("io.kotest:kotest-runner-junit5-jvm:6.1.11")
+    testImplementation("io.kotest:kotest-assertions-core-jvm:6.1.11")
+    testImplementation("com.squareup.okhttp3:mockwebserver:5.3.2")
+    testImplementation("org.robolectric:robolectric:4.16.1")
+    testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.3")
 }

 tasks.withType<Test>().configureEach {
-  useJUnitPlatform()
+    useJUnitPlatform()
 }

 androidComponents {
-  onVariants(selector().withBuildType("release")) { variant ->
-    val variantName = variant.name
-    val variantNameCapitalized = variantName.replaceFirstChar(Char::titlecase)
-    val stripTaskName = "strip${variantNameCapitalized}DnsjavaServiceDescriptor"
-    val mergeTaskName = "merge${variantNameCapitalized}JavaResource"
-    val minifyTaskName = "minify${variantNameCapitalized}WithR8"
-    val mergedJar =
-      layout.buildDirectory.file(
-        "intermediates/merged_java_res/$variantName/$mergeTaskName/base.jar",
-      )
+    onVariants(selector().withBuildType("release")) { variant ->
+        val variantName = variant.name
+        val variantNameCapitalized = variantName.replaceFirstChar(Char::titlecase)
+        val stripTaskName = "strip${variantNameCapitalized}DnsjavaServiceDescriptor"
+        val mergeTaskName = "merge${variantNameCapitalized}JavaResource"
+        val minifyTaskName = "minify${variantNameCapitalized}WithR8"
+        val mergedJar =
+            layout.buildDirectory.file(
+                "intermediates/merged_java_res/$variantName/$mergeTaskName/base.jar",
+            )

-    val stripTask =
-      tasks.register(stripTaskName) {
-        inputs.file(mergedJar)
-        outputs.file(mergedJar)
+        val stripTask =
+            tasks.register(stripTaskName) {
+                inputs.file(mergedJar)
+                outputs.file(mergedJar)

-        doLast {
-          val jarFile = mergedJar.get().asFile
-          if (!jarFile.exists()) {
-            return@doLast
-          }
+                doLast {
+                    val jarFile = mergedJar.get().asFile
+                    if (!jarFile.exists()) {
+                        return@doLast
+                    }

-          val unpackDir = temporaryDir.resolve("merged-java-res")
-          delete(unpackDir)
-          copy {
-            from(zipTree(jarFile))
-            into(unpackDir)
-            exclude(dnsjavaInetAddressResolverService)
-          }
-          delete(jarFile)
-          ant.invokeMethod(
-            "zip",
-            mapOf(
-              "destfile" to jarFile.absolutePath,
-              "basedir" to unpackDir.absolutePath,
-            ),
-          )
+                    val unpackDir = temporaryDir.resolve("merged-java-res")
+                    delete(unpackDir)
+                    copy {
+                        from(zipTree(jarFile))
+                        into(unpackDir)
+                        exclude(dnsjavaInetAddressResolverService)
+                    }
+                    delete(jarFile)
+                    ant.invokeMethod(
+                        "zip",
+                        mapOf(
+                            "destfile" to jarFile.absolutePath,
+                            "basedir" to unpackDir.absolutePath,
+                        ),
+                    )
+                }
+            }
+
+        tasks.matching { it.name == mergeTaskName }.configureEach {
+            finalizedBy(stripTask)
+        }
+        tasks.matching { it.name == minifyTaskName }.configureEach {
+            dependsOn(stripTask)
        }
-      }
-
-    tasks.matching { it.name == mergeTaskName }.configureEach {
-      finalizedBy(stripTask)
    }
-    tasks.matching { it.name == minifyTaskName }.configureEach {
-      dependsOn(stripTask)
-    }
-  }
 }
--- a/apps/android/app/lint.xml
+++ b/apps/android/app/lint.xml
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<lint>
-    <issue id="AndroidGradlePluginVersion" severity="ignore" />
-    <issue id="GradleDependency" severity="ignore" />
-    <issue id="IconLauncherShape" severity="ignore" />
-    <issue id="NewerVersionAvailable" severity="ignore" />
-
-    <!-- OpenClaw uses date-based version codes (yyyyMMddNN), which are high but still below the Android max. -->
-    <issue id="HighAppVersionCode" severity="ignore" />
-
-    <!-- Target SDK follows the current release train; bump only after platform compatibility testing. -->
-    <issue id="OldTargetApi" severity="ignore" />
-</lint>
--- a/apps/android/app/src/main/AndroidManifest.xml
+++ b/apps/android/app/src/main/AndroidManifest.xml
@@ -12,6 +12,8 @@
    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.RECORD_AUDIO" />
+    <uses-permission android:name="android.permission.SEND_SMS" />
+    <uses-permission android:name="android.permission.READ_SMS" />
    <uses-permission android:name="android.permission.READ_MEDIA_IMAGES" />
    <uses-permission android:name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED" />
    <uses-permission
@@ -19,6 +21,7 @@
        android:maxSdkVersion="32" />
    <uses-permission android:name="android.permission.READ_CONTACTS" />
    <uses-permission android:name="android.permission.WRITE_CONTACTS" />
+    <uses-permission android:name="android.permission.READ_CALL_LOG" />
    <uses-permission android:name="android.permission.READ_CALENDAR" />
    <uses-permission android:name="android.permission.WRITE_CALENDAR" />
    <uses-permission android:name="android.permission.ACTIVITY_RECOGNITION" />
@@ -38,7 +41,7 @@

    <application
        android:name=".NodeApp"
-        android:allowBackup="false"
+        android:allowBackup="true"
        android:dataExtractionRules="@xml/data_extraction_rules"
        android:fullBackupContent="@xml/backup_rules"
        android:icon="@mipmap/ic_launcher"
--- a/apps/android/app/src/main/java/ai/openclaw/app/DeviceNames.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/DeviceNames.kt
@@ -8,8 +8,9 @@ object DeviceNames {
  fun bestDefaultNodeName(context: Context): String {
    val deviceName =
      runCatching {
-        Settings.Global.getString(context.contentResolver, "device_name")
-      }.getOrNull()
+          Settings.Global.getString(context.contentResolver, "device_name")
+        }
+        .getOrNull()
        ?.trim()
        .orEmpty()

--- a/apps/android/app/src/main/java/ai/openclaw/app/LocationMode.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/LocationMode.kt
@@ -1,8 +1,6 @@
 package ai.openclaw.app

-enum class LocationMode(
-  val rawValue: String,
-) {
+enum class LocationMode(val rawValue: String) {
  Off("off"),
  WhileUsing("whileUsing"),
  ;
--- a/apps/android/app/src/main/java/ai/openclaw/app/MainActivity.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/MainActivity.kt
@@ -1,18 +1,18 @@
 package ai.openclaw.app

-import ai.openclaw.app.ui.OpenClawTheme
-import ai.openclaw.app.ui.RootScreen
 import android.os.Bundle
 import android.view.WindowManager
 import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
 import androidx.activity.viewModels
+import androidx.core.view.WindowCompat
 import androidx.compose.material3.Surface
 import androidx.compose.ui.Modifier
-import androidx.core.view.WindowCompat
 import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.lifecycleScope
 import androidx.lifecycle.repeatOnLifecycle
+import ai.openclaw.app.ui.RootScreen
+import ai.openclaw.app.ui.OpenClawTheme
 import kotlinx.coroutines.launch

 class MainActivity : ComponentActivity() {
--- a/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt
@@ -1,5 +1,9 @@
 package ai.openclaw.app

+import android.app.Application
+import androidx.lifecycle.AndroidViewModel
+import androidx.lifecycle.LifecycleOwner
+import androidx.lifecycle.viewModelScope
 import ai.openclaw.app.chat.ChatMessage
 import ai.openclaw.app.chat.ChatPendingToolCall
 import ai.openclaw.app.chat.ChatSessionEntry
@@ -9,10 +13,6 @@ import ai.openclaw.app.node.CameraCaptureManager
 import ai.openclaw.app.node.CanvasController
 import ai.openclaw.app.node.SmsManager
 import ai.openclaw.app.voice.VoiceConversationEntry
-import android.app.Application
-import androidx.lifecycle.AndroidViewModel
-import androidx.lifecycle.LifecycleOwner
-import androidx.lifecycle.viewModelScope
 import kotlinx.coroutines.ExperimentalCoroutinesApi
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.SharingStarted
@@ -22,9 +22,7 @@ import kotlinx.coroutines.flow.flowOf
 import kotlinx.coroutines.flow.stateIn

@OptIn(ExperimentalCoroutinesApi::class)
-class MainViewModel(
-  app: Application,
-) : AndroidViewModel(app) {
+class MainViewModel(app: Application) : AndroidViewModel(app) {
  private val nodeApp = app as NodeApp
  private val prefs = nodeApp.prefs
  private val runtimeRef = MutableStateFlow<NodeRuntime?>(null)
@@ -145,10 +143,7 @@ class MainViewModel(
  val sms: SmsManager
    get() = ensureRuntime().sms

-  fun attachRuntimeUi(
-    owner: LifecycleOwner,
-    permissionRequester: PermissionRequester,
-  ) {
+  fun attachRuntimeUi(owner: LifecycleOwner, permissionRequester: PermissionRequester) {
    val runtime = runtimeRef.value ?: return
    runtime.camera.attachLifecycleOwner(owner)
    runtime.camera.attachPermissionRequester(permissionRequester)
@@ -250,7 +245,9 @@ class MainViewModel(
    enabled: Boolean,
    start: String,
    end: String,
-  ): Boolean = ensureRuntime().setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  ): Boolean {
+    return ensureRuntime().setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  }

  fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
    ensureRuntime().setNotificationForwardingMaxEventsPerMinute(value)
@@ -343,7 +340,9 @@ class MainViewModel(
    ensureRuntime().handleCanvasA2UIActionFromWebView(payloadJson)
  }

-  fun isTrustedCanvasActionUrl(rawUrl: String?): Boolean = ensureRuntime().isTrustedCanvasActionUrl(rawUrl)
+  fun isTrustedCanvasActionUrl(rawUrl: String?): Boolean {
+    return ensureRuntime().isTrustedCanvasActionUrl(rawUrl)
+  }

  fun requestCanvasRehydrate(source: String = "screen_tab") {
    ensureRuntime().requestCanvasRehydrate(source = source, force = true)
@@ -377,11 +376,7 @@ class MainViewModel(
    ensureRuntime().abortChat()
  }

-  fun sendChat(
-    message: String,
-    thinking: String,
-    attachments: List<OutgoingAttachment>,
-  ) {
+  fun sendChat(message: String, thinking: String, attachments: List<OutgoingAttachment>) {
    ensureRuntime().sendChat(message = message, thinking = thinking, attachments = attachments)
  }

@@ -389,10 +384,11 @@ class MainViewModel(
    message: String,
    thinking: String,
    attachments: List<OutgoingAttachment>,
-  ): Boolean =
-    ensureRuntime().sendChatAwaitAcceptance(
+  ): Boolean {
+    return ensureRuntime().sendChatAwaitAcceptance(
      message = message,
      thinking = thinking,
      attachments = attachments,
    )
+  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeApp.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeApp.kt
@@ -21,15 +21,13 @@ class NodeApp : Application() {
    super.onCreate()
    if (BuildConfig.DEBUG) {
      StrictMode.setThreadPolicy(
-        StrictMode.ThreadPolicy
-          .Builder()
+        StrictMode.ThreadPolicy.Builder()
          .detectAll()
          .penaltyLog()
          .build(),
      )
      StrictMode.setVmPolicy(
-        StrictMode.VmPolicy
-          .Builder()
+        StrictMode.VmPolicy.Builder()
          .detectAll()
          .penaltyLog()
          .build(),
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeForegroundService.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeForegroundService.kt
@@ -140,14 +140,10 @@ class NodeForegroundService : Service() {
    mgr.createNotificationChannel(channel)
  }

-  private fun buildNotification(
-    title: String,
-    text: String,
-  ): Notification {
-    val launchIntent =
-      Intent(this, MainActivity::class.java).apply {
-        flags = Intent.FLAG_ACTIVITY_SINGLE_TOP or Intent.FLAG_ACTIVITY_CLEAR_TOP
-      }
+  private fun buildNotification(title: String, text: String): Notification {
+    val launchIntent = Intent(this, MainActivity::class.java).apply {
+      flags = Intent.FLAG_ACTIVITY_SINGLE_TOP or Intent.FLAG_ACTIVITY_CLEAR_TOP
+    }
    val launchPending =
      PendingIntent.getActivity(
        this,
@@ -165,8 +161,7 @@ class NodeForegroundService : Service() {
        PendingIntent.FLAG_UPDATE_CURRENT or PendingIntent.FLAG_IMMUTABLE,
      )

-    return NotificationCompat
-      .Builder(this, CHANNEL_ID)
+    return NotificationCompat.Builder(this, CHANNEL_ID)
      .setSmallIcon(R.mipmap.ic_launcher)
      .setContentTitle(title)
      .setContentText(text)
@@ -238,8 +233,8 @@ internal fun voiceNotificationSuffix(
  manualMicListening: Boolean,
  talkListening: Boolean,
  talkSpeaking: Boolean,
-): String =
-  when (mode) {
+): String {
+  return when (mode) {
    VoiceCaptureMode.TalkMode ->
      when {
        talkSpeaking -> " · Talk: Speaking"
@@ -254,11 +249,11 @@ internal fun voiceNotificationSuffix(
      }
    VoiceCaptureMode.Off -> ""
  }
+}

-private fun String?.toVoiceCaptureMode(): VoiceCaptureMode =
-  VoiceCaptureMode.entries.firstOrNull {
-    it.name == this
-  } ?: VoiceCaptureMode.Off
+private fun String?.toVoiceCaptureMode(): VoiceCaptureMode {
+  return VoiceCaptureMode.entries.firstOrNull { it.name == this } ?: VoiceCaptureMode.Off
+}

 private data class VoiceNotificationBase(
  val status: String,
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
@@ -1,5 +1,11 @@
 package ai.openclaw.app

+import android.Manifest
+import android.content.Context
+import android.content.pm.PackageManager
+import android.os.SystemClock
+import android.util.Log
+import androidx.core.content.ContextCompat
 import ai.openclaw.app.chat.ChatController
 import ai.openclaw.app.chat.ChatMessage
 import ai.openclaw.app.chat.ChatPendingToolCall
@@ -13,43 +19,11 @@ import ai.openclaw.app.gateway.GatewaySession
 import ai.openclaw.app.gateway.GatewayTlsProbeFailure
 import ai.openclaw.app.gateway.GatewayTlsProbeResult
 import ai.openclaw.app.gateway.probeGatewayTlsFingerprint
-import ai.openclaw.app.node.A2UIHandler
-import ai.openclaw.app.node.CalendarHandler
-import ai.openclaw.app.node.CallLogHandler
-import ai.openclaw.app.node.CameraCaptureManager
-import ai.openclaw.app.node.CameraHandler
-import ai.openclaw.app.node.CanvasController
-import ai.openclaw.app.node.ConnectionManager
-import ai.openclaw.app.node.ContactsHandler
-import ai.openclaw.app.node.DEFAULT_SEAM_COLOR_ARGB
-import ai.openclaw.app.node.DebugHandler
-import ai.openclaw.app.node.DeviceHandler
-import ai.openclaw.app.node.DeviceNotificationListenerService
-import ai.openclaw.app.node.InvokeDispatcher
-import ai.openclaw.app.node.LocationCaptureManager
-import ai.openclaw.app.node.LocationHandler
-import ai.openclaw.app.node.MotionHandler
-import ai.openclaw.app.node.NodePresenceAliveBeacon
-import ai.openclaw.app.node.NotificationsHandler
-import ai.openclaw.app.node.PhotosHandler
-import ai.openclaw.app.node.Quad
-import ai.openclaw.app.node.SmsHandler
-import ai.openclaw.app.node.SmsManager
-import ai.openclaw.app.node.SystemHandler
-import ai.openclaw.app.node.asObjectOrNull
-import ai.openclaw.app.node.asStringOrNull
-import ai.openclaw.app.node.invokeErrorFromThrowable
-import ai.openclaw.app.node.parseHexColorArgb
+import ai.openclaw.app.node.*
 import ai.openclaw.app.protocol.OpenClawCanvasA2UIAction
 import ai.openclaw.app.voice.MicCaptureManager
 import ai.openclaw.app.voice.TalkModeManager
 import ai.openclaw.app.voice.VoiceConversationEntry
-import android.Manifest
-import android.content.Context
-import android.content.pm.PackageManager
-import android.os.SystemClock
-import android.util.Log
-import androidx.core.content.ContextCompat
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.SupervisorJob
@@ -101,137 +75,122 @@ class NodeRuntime(
  private var connectedEndpoint: GatewayEndpoint? = null
  private var activeGatewayAuth: GatewayConnectAuth? = null

-  private val cameraHandler: CameraHandler =
-    CameraHandler(
-      appContext = appContext,
-      camera = camera,
-      externalAudioCaptureActive = externalAudioCaptureActive,
-      showCameraHud = ::showCameraHud,
-      triggerCameraFlash = ::triggerCameraFlash,
-      invokeErrorFromThrowable = { invokeErrorFromThrowable(it) },
-    )
+  private val cameraHandler: CameraHandler = CameraHandler(
+    appContext = appContext,
+    camera = camera,
+    externalAudioCaptureActive = externalAudioCaptureActive,
+    showCameraHud = ::showCameraHud,
+    triggerCameraFlash = ::triggerCameraFlash,
+    invokeErrorFromThrowable = { invokeErrorFromThrowable(it) },
+  )

-  private val debugHandler: DebugHandler =
-    DebugHandler(
-      appContext = appContext,
-      identityStore = identityStore,
-    )
+  private val debugHandler: DebugHandler = DebugHandler(
+    appContext = appContext,
+    identityStore = identityStore,
+  )

-  private val locationHandler: LocationHandler =
-    LocationHandler(
-      appContext = appContext,
-      location = location,
-      json = json,
-      isForeground = { _isForeground.value },
-      locationPreciseEnabled = { locationPreciseEnabled.value },
-    )
+  private val locationHandler: LocationHandler = LocationHandler(
+    appContext = appContext,
+    location = location,
+    json = json,
+    isForeground = { _isForeground.value },
+    locationPreciseEnabled = { locationPreciseEnabled.value },
+  )

-  private val deviceHandler: DeviceHandler =
-    DeviceHandler(
-      appContext = appContext,
-      smsEnabled = SensitiveFeatureConfig.smsEnabled,
-      callLogEnabled = SensitiveFeatureConfig.callLogEnabled,
-    )
+  private val deviceHandler: DeviceHandler = DeviceHandler(
+    appContext = appContext,
+    smsEnabled = BuildConfig.OPENCLAW_ENABLE_SMS,
+    callLogEnabled = BuildConfig.OPENCLAW_ENABLE_CALL_LOG,
+  )

-  private val notificationsHandler: NotificationsHandler =
-    NotificationsHandler(
-      appContext = appContext,
-    )
+  private val notificationsHandler: NotificationsHandler = NotificationsHandler(
+    appContext = appContext,
+  )

-  private val systemHandler: SystemHandler =
-    SystemHandler(
-      appContext = appContext,
-    )
+  private val systemHandler: SystemHandler = SystemHandler(
+    appContext = appContext,
+  )

-  private val photosHandler: PhotosHandler =
-    PhotosHandler(
-      appContext = appContext,
-    )
+  private val photosHandler: PhotosHandler = PhotosHandler(
+    appContext = appContext,
+  )

-  private val contactsHandler: ContactsHandler =
-    ContactsHandler(
-      appContext = appContext,
-    )
+  private val contactsHandler: ContactsHandler = ContactsHandler(
+    appContext = appContext,
+  )

-  private val calendarHandler: CalendarHandler =
-    CalendarHandler(
-      appContext = appContext,
-    )
+  private val calendarHandler: CalendarHandler = CalendarHandler(
+    appContext = appContext,
+  )

-  private val callLogHandler: CallLogHandler =
-    CallLogHandler(
-      appContext = appContext,
-    )
+  private val callLogHandler: CallLogHandler = CallLogHandler(
+    appContext = appContext,
+  )

-  private val motionHandler: MotionHandler =
-    MotionHandler(
-      appContext = appContext,
-    )
+  private val motionHandler: MotionHandler = MotionHandler(
+    appContext = appContext,
+  )

-  private val smsHandlerImpl: SmsHandler =
-    SmsHandler(
-      sms = sms,
-    )
+  private val smsHandlerImpl: SmsHandler = SmsHandler(
+    sms = sms,
+  )

-  private val a2uiHandler: A2UIHandler =
-    A2UIHandler(
-      canvas = canvas,
-      json = json,
-      getNodeCanvasHostUrl = { nodeSession.currentCanvasHostUrl() },
-      getOperatorCanvasHostUrl = { operatorSession.currentCanvasHostUrl() },
-    )
+  private val a2uiHandler: A2UIHandler = A2UIHandler(
+    canvas = canvas,
+    json = json,
+    getNodeCanvasHostUrl = { nodeSession.currentCanvasHostUrl() },
+    getOperatorCanvasHostUrl = { operatorSession.currentCanvasHostUrl() },
+  )

-  private val connectionManager: ConnectionManager =
-    ConnectionManager(
-      prefs = prefs,
-      cameraEnabled = { cameraEnabled.value },
-      locationMode = { locationMode.value },
-      voiceWakeMode = { VoiceWakeMode.Off },
-      motionActivityAvailable = { motionHandler.isActivityAvailable() },
-      motionPedometerAvailable = { motionHandler.isPedometerAvailable() },
-      sendSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canSendSms() },
-      readSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canReadSms() },
-      smsSearchPossible = { SensitiveFeatureConfig.smsEnabled && sms.hasTelephonyFeature() },
-      callLogAvailable = { SensitiveFeatureConfig.callLogEnabled },
-      hasRecordAudioPermission = { hasRecordAudioPermission() },
-      manualTls = { manualTls.value },
-    )
+  private val connectionManager: ConnectionManager = ConnectionManager(
+    prefs = prefs,
+    cameraEnabled = { cameraEnabled.value },
+    locationMode = { locationMode.value },
+    voiceWakeMode = { VoiceWakeMode.Off },
+    motionActivityAvailable = { motionHandler.isActivityAvailable() },
+    motionPedometerAvailable = { motionHandler.isPedometerAvailable() },
+    sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
+    readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+    smsSearchPossible = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.hasTelephonyFeature() },
+    callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
+    hasRecordAudioPermission = { hasRecordAudioPermission() },
+    manualTls = { manualTls.value },
+  )

-  private val invokeDispatcher: InvokeDispatcher =
-    InvokeDispatcher(
-      canvas = canvas,
-      cameraHandler = cameraHandler,
-      locationHandler = locationHandler,
-      deviceHandler = deviceHandler,
-      notificationsHandler = notificationsHandler,
-      systemHandler = systemHandler,
-      photosHandler = photosHandler,
-      contactsHandler = contactsHandler,
-      calendarHandler = calendarHandler,
-      motionHandler = motionHandler,
-      smsHandler = smsHandlerImpl,
-      a2uiHandler = a2uiHandler,
-      debugHandler = debugHandler,
-      callLogHandler = callLogHandler,
-      isForeground = { _isForeground.value },
-      cameraEnabled = { cameraEnabled.value },
-      locationEnabled = { locationMode.value != LocationMode.Off },
-      sendSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canSendSms() },
-      readSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canReadSms() },
-      smsFeatureEnabled = { SensitiveFeatureConfig.smsEnabled },
-      smsTelephonyAvailable = { sms.hasTelephonyFeature() },
-      callLogAvailable = { SensitiveFeatureConfig.callLogEnabled },
-      debugBuild = { BuildConfig.DEBUG },
-      refreshNodeCanvasCapability = { nodeSession.refreshNodeCanvasCapability() },
-      onCanvasA2uiPush = {
-        _canvasA2uiHydrated.value = true
-        _canvasRehydratePending.value = false
-        _canvasRehydrateErrorText.value = null
-      },
-      onCanvasA2uiReset = { _canvasA2uiHydrated.value = false },
-      motionActivityAvailable = { motionHandler.isActivityAvailable() },
-      motionPedometerAvailable = { motionHandler.isPedometerAvailable() },
-    )
+  private val invokeDispatcher: InvokeDispatcher = InvokeDispatcher(
+    canvas = canvas,
+    cameraHandler = cameraHandler,
+    locationHandler = locationHandler,
+    deviceHandler = deviceHandler,
+    notificationsHandler = notificationsHandler,
+    systemHandler = systemHandler,
+    photosHandler = photosHandler,
+    contactsHandler = contactsHandler,
+    calendarHandler = calendarHandler,
+    motionHandler = motionHandler,
+    smsHandler = smsHandlerImpl,
+    a2uiHandler = a2uiHandler,
+    debugHandler = debugHandler,
+    callLogHandler = callLogHandler,
+    isForeground = { _isForeground.value },
+    cameraEnabled = { cameraEnabled.value },
+    locationEnabled = { locationMode.value != LocationMode.Off },
+    sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
+    readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+    smsFeatureEnabled = { BuildConfig.OPENCLAW_ENABLE_SMS },
+    smsTelephonyAvailable = { sms.hasTelephonyFeature() },
+    callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
+    debugBuild = { BuildConfig.DEBUG },
+    refreshNodeCanvasCapability = { nodeSession.refreshNodeCanvasCapability() },
+    onCanvasA2uiPush = {
+      _canvasA2uiHydrated.value = true
+      _canvasRehydratePending.value = false
+      _canvasRehydrateErrorText.value = null
+    },
+    onCanvasA2uiReset = { _canvasA2uiHydrated.value = false },
+    motionActivityAvailable = { motionHandler.isActivityAvailable() },
+    motionPedometerAvailable = { motionHandler.isPedometerAvailable() },
+  )

  data class GatewayTrustPrompt(
    val endpoint: GatewayEndpoint,
@@ -288,8 +247,6 @@ class NodeRuntime(
  private var gatewayAgents: List<GatewayAgentSummary> = emptyList()
  private var didAutoRequestCanvasRehydrate = false
  private val canvasRehydrateSeq = AtomicLong(0)
-
-  @Volatile private var nodePresenceAliveLastSuccessAtMs: Long? = null
  private var operatorConnected = false
  private var operatorStatusText: String = "Offline"
  private var nodeStatusText: String = "Offline"
@@ -345,7 +302,6 @@ class NodeRuntime(
        _canvasRehydrateErrorText.value = null
        updateStatus()
        showLocalCanvasOnConnect()
-        publishNodePresenceAliveBeacon(NodePresenceAliveBeacon.Trigger.Connect)
        val endpoint = connectedEndpoint
        val auth = activeGatewayAuth
        if (endpoint != null && auth != null) {
@@ -388,22 +344,21 @@ class NodeRuntime(
    ).also {
      it.applyMainSessionKey(_mainSessionKey.value)
    }
-  private val voiceReplySpeakerLazy: Lazy<TalkModeManager> =
-    lazy {
-      // Reuse the existing TalkMode speech engine for native Android TTS playback
-      // without enabling the legacy talk capture loop.
-      TalkModeManager(
-        context = appContext,
-        scope = scope,
-        session = operatorSession,
-        supportsChatSubscribe = false,
-        isConnected = { operatorConnected },
-        onBeforeSpeak = { micCapture.pauseForTts() },
-        onAfterSpeak = { micCapture.resumeAfterTts() },
-      ).also { speaker ->
-        speaker.setPlaybackEnabled(prefs.speakerEnabled.value)
-      }
+  private val voiceReplySpeakerLazy: Lazy<TalkModeManager> = lazy {
+    // Reuse the existing TalkMode speech engine for native Android TTS playback
+    // without enabling the legacy talk capture loop.
+    TalkModeManager(
+      context = appContext,
+      scope = scope,
+      session = operatorSession,
+      supportsChatSubscribe = false,
+      isConnected = { operatorConnected },
+      onBeforeSpeak = { micCapture.pauseForTts() },
+      onAfterSpeak = { micCapture.resumeAfterTts() },
+    ).also { speaker ->
+      speaker.setPlaybackEnabled(prefs.speakerEnabled.value)
    }
+  }
  private val voiceReplySpeaker: TalkModeManager
    get() = voiceReplySpeakerLazy.value

@@ -549,10 +504,7 @@ class NodeRuntime(
    }
  }

-  fun requestCanvasRehydrate(
-    source: String = "manual",
-    force: Boolean = true,
-  ) {
+  fun requestCanvasRehydrate(source: String = "manual", force: Boolean = true) {
    scope.launch {
      if (!_nodeConnected.value) {
        _canvasRehydratePending.value = false
@@ -615,22 +567,16 @@ class NodeRuntime(
  val manualTls: StateFlow<Boolean> = prefs.manualTls
  val gatewayToken: StateFlow<String> = prefs.gatewayToken
  val onboardingCompleted: StateFlow<Boolean> = prefs.onboardingCompleted
-
  fun setGatewayToken(value: String) = prefs.setGatewayToken(value)
-
  fun setGatewayBootstrapToken(value: String) = prefs.setGatewayBootstrapToken(value)
-
  fun setGatewayPassword(value: String) = prefs.setGatewayPassword(value)
-
  fun resetGatewaySetupAuth() {
    prefs.clearGatewaySetupAuth()
    val deviceId = identityStore.loadOrCreate().deviceId
    deviceAuthStore.clearToken(deviceId, "node")
    deviceAuthStore.clearToken(deviceId, "operator")
  }
-
  fun setOnboardingCompleted(value: Boolean) = prefs.setOnboardingCompleted(value)
-
  val lastDiscoveredStableId: StateFlow<String> = prefs.lastDiscoveredStableId
  val canvasDebugStatusEnabled: StateFlow<Boolean> = prefs.canvasDebugStatusEnabled
  val notificationForwardingEnabled: StateFlow<Boolean> = prefs.notificationForwardingEnabled
@@ -703,60 +649,6 @@ class NodeRuntime(
      reconnectPreferredGatewayOnForeground()
    } else {
      stopManualVoiceSession()
-      publishNodePresenceAliveBeacon(NodePresenceAliveBeacon.Trigger.Background, throttleRecentSuccess = true)
-    }
-  }
-
-  private fun publishNodePresenceAliveBeacon(
-    trigger: NodePresenceAliveBeacon.Trigger,
-    throttleRecentSuccess: Boolean = false,
-  ) {
-    scope.launch {
-      sendNodePresenceAliveBeacon(trigger = trigger, throttleRecentSuccess = throttleRecentSuccess)
-    }
-  }
-
-  private suspend fun sendNodePresenceAliveBeacon(
-    trigger: NodePresenceAliveBeacon.Trigger,
-    throttleRecentSuccess: Boolean,
-  ) {
-    if (!_nodeConnected.value) return
-    val nowMs = System.currentTimeMillis()
-    if (
-      throttleRecentSuccess &&
-      NodePresenceAliveBeacon.shouldSkipRecentSuccess(
-        nowMs = nowMs,
-        lastSuccessAtMs = nodePresenceAliveLastSuccessAtMs,
-      )
-    ) {
-      return
-    }
-
-    val client = connectionManager.buildClientInfo(clientId = "openclaw-android", clientMode = "node")
-    val payloadJson =
-      NodePresenceAliveBeacon.makePayloadJson(
-        trigger = trigger,
-        sentAtMs = nowMs,
-        displayName = client.displayName?.trim()?.takeIf { it.isNotEmpty() } ?: "Android",
-        version = client.version,
-        platform = NodePresenceAliveBeacon.androidPlatformLabel(),
-        deviceFamily = client.deviceFamily,
-        modelIdentifier = client.modelIdentifier,
-      )
-    val result =
-      nodeSession.sendNodeEventDetailed(
-        event = NodePresenceAliveBeacon.EVENT_NAME,
-        payloadJson = payloadJson,
-      )
-    if (!result.ok) return
-    val response = NodePresenceAliveBeacon.decodeResponse(result.payloadJson)
-    if (response?.handled == true) {
-      nodePresenceAliveLastSuccessAtMs = nowMs
-    } else {
-      Log.d(
-        "OpenClawNode",
-        "node.presence.alive not handled: ${NodePresenceAliveBeacon.sanitizeReasonForLog(response?.reason)}",
-      )
    }
  }

@@ -856,7 +748,9 @@ class NodeRuntime(
    enabled: Boolean,
    start: String,
    end: String,
-  ): Boolean = prefs.setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  ): Boolean {
+    return prefs.setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  }

  fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
    prefs.setNotificationForwardingMaxEventsPerMinute(value)
@@ -1033,11 +927,10 @@ class NodeRuntime(
      _statusText.value = "Verify gateway TLS fingerprint…"
      scope.launch {
        val tlsProbe = tlsFingerprintProbe(endpoint.host, endpoint.port)
-        val fp =
-          tlsProbe.fingerprintSha256 ?: run {
-            _statusText.value = gatewayTlsProbeFailureMessage(tlsProbe.failure)
-            return@launch
-          }
+        val fp = tlsProbe.fingerprintSha256 ?: run {
+          _statusText.value = gatewayTlsProbeFailureMessage(tlsProbe.failure)
+          return@launch
+        }
        _pendingGatewayTrust.value =
          GatewayTrustPrompt(endpoint = endpoint, fingerprintSha256 = fp, auth = auth)
      }
@@ -1062,13 +955,14 @@ class NodeRuntime(
    beginConnect(endpoint = endpoint, auth = resolveGatewayConnectAuth(auth))
  }

-  internal fun resolveGatewayConnectAuth(explicitAuth: GatewayConnectAuth? = null): GatewayConnectAuth =
-    explicitAuth
+  internal fun resolveGatewayConnectAuth(explicitAuth: GatewayConnectAuth? = null): GatewayConnectAuth {
+    return explicitAuth
      ?: GatewayConnectAuth(
        token = prefs.loadGatewayToken(),
        bootstrapToken = prefs.loadGatewayBootstrapToken(),
        password = prefs.loadGatewayPassword(),
      )
+  }

  fun acceptGatewayTrustPrompt() {
    val prompt = _pendingGatewayTrust.value ?: return
@@ -1082,19 +976,21 @@ class NodeRuntime(
    _statusText.value = "Offline"
  }

-  private fun gatewayTlsProbeFailureMessage(failure: GatewayTlsProbeFailure?): String =
-    when (failure) {
+  private fun gatewayTlsProbeFailureMessage(failure: GatewayTlsProbeFailure?): String {
+    return when (failure) {
      GatewayTlsProbeFailure.TLS_UNAVAILABLE ->
        "Failed: this host requires wss:// or Tailscale Serve. No TLS endpoint detected."
      GatewayTlsProbeFailure.ENDPOINT_UNREACHABLE, null ->
        "Failed: couldn't reach the secure gateway endpoint for this host."
    }
+  }

-  private fun hasRecordAudioPermission(): Boolean =
-    (
+  private fun hasRecordAudioPermission(): Boolean {
+    return (
      ContextCompat.checkSelfPermission(appContext, Manifest.permission.RECORD_AUDIO) ==
        PackageManager.PERMISSION_GRANTED
-    )
+      )
+  }

  fun connectManual() {
    val host = manualHost.value.trim()
@@ -1157,26 +1053,15 @@ class NodeRuntime(
        }

      val userActionObj = (root["userAction"] as? JsonObject) ?: root
-      val actionId =
-        (userActionObj["id"] as? JsonPrimitive)?.content?.trim().orEmpty().ifEmpty {
-          java.util.UUID
-            .randomUUID()
-            .toString()
-        }
+      val actionId = (userActionObj["id"] as? JsonPrimitive)?.content?.trim().orEmpty().ifEmpty {
+        java.util.UUID.randomUUID().toString()
+      }
      val name = OpenClawCanvasA2UIAction.extractActionName(userActionObj) ?: return@launch

      val surfaceId =
-        (userActionObj["surfaceId"] as? JsonPrimitive)
-          ?.content
-          ?.trim()
-          .orEmpty()
-          .ifEmpty { "main" }
+        (userActionObj["surfaceId"] as? JsonPrimitive)?.content?.trim().orEmpty().ifEmpty { "main" }
      val sourceComponentId =
-        (userActionObj["sourceComponentId"] as? JsonPrimitive)
-          ?.content
-          ?.trim()
-          .orEmpty()
-          .ifEmpty { "-" }
+        (userActionObj["sourceComponentId"] as? JsonPrimitive)?.content?.trim().orEmpty().ifEmpty { "-" }
      val contextJson = (userActionObj["context"] as? JsonObject)?.toString()

      val sessionKey = resolveMainSessionKey()
@@ -1227,7 +1112,9 @@ class NodeRuntime(
    }
  }

-  fun isTrustedCanvasActionUrl(rawUrl: String?): Boolean = a2uiHandler.isTrustedCanvasActionUrl(rawUrl)
+  fun isTrustedCanvasActionUrl(rawUrl: String?): Boolean {
+    return a2uiHandler.isTrustedCanvasActionUrl(rawUrl)
+  }

  fun loadChat(sessionKey: String) {
    val key = sessionKey.trim().ifEmpty { resolveMainSessionKey() }
@@ -1254,11 +1141,7 @@ class NodeRuntime(
    chat.abort()
  }

-  fun sendChat(
-    message: String,
-    thinking: String,
-    attachments: List<OutgoingAttachment>,
-  ) {
+  fun sendChat(message: String, thinking: String, attachments: List<OutgoingAttachment>) {
    chat.sendMessage(message = message, thinkingLevel = thinking, attachments = attachments)
  }

@@ -1266,12 +1149,11 @@ class NodeRuntime(
    message: String,
    thinking: String,
    attachments: List<OutgoingAttachment>,
-  ): Boolean = chat.sendMessageAwaitAcceptance(message = message, thinkingLevel = thinking, attachments = attachments)
+  ): Boolean {
+    return chat.sendMessageAwaitAcceptance(message = message, thinkingLevel = thinking, attachments = attachments)
+  }

-  private fun handleGatewayEvent(
-    event: String,
-    payloadJson: String?,
-  ) {
+  private fun handleGatewayEvent(event: String, payloadJson: String?) {
    micCapture.handleGatewayEvent(event, payloadJson)
    talkMode.handleGatewayEvent(event, payloadJson)
    chat.handleGatewayEvent(event, payloadJson)
@@ -1317,12 +1199,7 @@ class NodeRuntime(
          val id = obj["id"].asStringOrNull()?.trim().orEmpty()
          if (id.isEmpty()) return@mapNotNull null
          val name = obj["name"].asStringOrNull()?.trim()
-          val emoji =
-            obj["identity"]
-              .asObjectOrNull()
-              ?.get("emoji")
-              .asStringOrNull()
-              ?.trim()
+          val emoji = obj["identity"].asObjectOrNull()?.get("emoji").asStringOrNull()?.trim()
          GatewayAgentSummary(
            id = id,
            name = name?.takeIf { it.isNotEmpty() },
@@ -1479,11 +1356,7 @@ class NodeRuntime(
    _cameraFlashToken.value = SystemClock.elapsedRealtimeNanos()
  }

-  private fun showCameraHud(
-    message: String,
-    kind: CameraHudKind,
-    autoHideMs: Long? = null,
-  ) {
+  private fun showCameraHud(message: String, kind: CameraHudKind, autoHideMs: Long? = null) {
    val token = cameraHudSeq.incrementAndGet()
    _cameraHud.value = CameraHudState(token = token, kind = kind, message = message)

@@ -1494,6 +1367,7 @@ class NodeRuntime(
      }
    }
  }
+
 }

 internal fun resolveOperatorSessionConnectAuth(
@@ -1542,7 +1416,9 @@ internal fun resolveOperatorSessionConnectAuth(
 internal fun shouldConnectOperatorSession(
  auth: NodeRuntime.GatewayConnectAuth,
  storedOperatorToken: String?,
-): Boolean = resolveOperatorSessionConnectAuth(auth, storedOperatorToken) != null
+): Boolean {
+  return resolveOperatorSessionConnectAuth(auth, storedOperatorToken) != null
+}

 private enum class HomeCanvasGatewayState {
  Connected,
--- a/apps/android/app/src/main/java/ai/openclaw/app/NotificationForwardingPolicy.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NotificationForwardingPolicy.kt
@@ -3,15 +3,15 @@ package ai.openclaw.app
 import java.time.Instant
 import java.time.ZoneId

-enum class NotificationPackageFilterMode(
-  val rawValue: String,
-) {
+enum class NotificationPackageFilterMode(val rawValue: String) {
  Allowlist("allowlist"),
  Blocklist("blocklist"),
  ;

  companion object {
-    fun fromRawValue(raw: String?): NotificationPackageFilterMode = entries.firstOrNull { it.rawValue == raw?.trim()?.lowercase() } ?: Blocklist
+    fun fromRawValue(raw: String?): NotificationPackageFilterMode {
+      return entries.firstOrNull { it.rawValue == raw?.trim()?.lowercase() } ?: Blocklist
+    }
  }
 }

@@ -50,8 +50,7 @@ internal fun NotificationForwardingPolicy.isWithinQuietHours(
    return true
  }
  val now =
-    Instant
-      .ofEpochMilli(nowEpochMs)
+    Instant.ofEpochMilli(nowEpochMs)
      .atZone(zoneId)
      .toLocalTime()
  val nowMinutes = now.hour * 60 + now.minute
@@ -83,10 +82,7 @@ internal class NotificationBurstLimiter {
  private var windowStartMs: Long = -1L
  private var eventsInWindow: Int = 0

-  fun allow(
-    nowEpochMs: Long,
-    maxEventsPerMinute: Int,
-  ): Boolean {
+  fun allow(nowEpochMs: Long, maxEventsPerMinute: Int): Boolean {
    if (maxEventsPerMinute <= 0) {
      return false
    }
--- a/apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt
@@ -1,32 +1,30 @@
 package ai.openclaw.app

-import android.Manifest
-import android.content.Intent
 import android.content.pm.PackageManager
+import android.content.Intent
+import android.Manifest
 import android.net.Uri
 import android.os.Handler
 import android.os.Looper
 import android.provider.Settings
+import androidx.appcompat.app.AlertDialog
 import androidx.activity.ComponentActivity
 import androidx.activity.result.ActivityResultLauncher
 import androidx.activity.result.contract.ActivityResultContracts
-import androidx.appcompat.app.AlertDialog
-import androidx.core.app.ActivityCompat
 import androidx.core.content.ContextCompat
+import androidx.core.app.ActivityCompat
 import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.LifecycleEventObserver
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.suspendCancellableCoroutine
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.withContext
+import kotlinx.coroutines.suspendCancellableCoroutine
 import java.util.concurrent.atomic.AtomicBoolean
 import kotlin.coroutines.resume

-class PermissionRequester(
-  private val activity: ComponentActivity,
-) {
+class PermissionRequester(private val activity: ComponentActivity) {
  private val mutex = Mutex()
  private var pending: CompletableDeferred<Map<String, Boolean>>? = null
  private val mainHandler = Handler(Looper.getMainLooper())
@@ -76,10 +74,10 @@ class PermissionRequester(
      // Merge: if something was already granted, treat it as granted even if launcher omitted it.
      val merged =
        permissions.associateWith { perm ->
-          val nowGranted =
-            ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
-          result[perm] == true || nowGranted
-        }
+        val nowGranted =
+          ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
+        result[perm] == true || nowGranted
+      }

      val denied =
        merged.filterValues { !it }.keys.filter {
@@ -106,7 +104,6 @@ class PermissionRequester(
          observer?.let(lifecycle::removeObserver)
          observer = null
        }
-
        fun finish(result: Boolean?) {
          if (!finished.compareAndSet(false, true)) return
          removeObserver()
@@ -128,8 +125,7 @@ class PermissionRequester(
          }
        }
        dialog =
-          AlertDialog
-            .Builder(activity)
+          AlertDialog.Builder(activity)
            .setTitle("Permission required")
            .setMessage(buildRationaleMessage(permissions))
            .setPositiveButton("Continue") { _, _ -> finish(true) }
@@ -158,8 +154,7 @@ class PermissionRequester(
      observer = actualObserver
      lifecycle.addObserver(actualObserver)
      dialog =
-        AlertDialog
-          .Builder(activity)
+        AlertDialog.Builder(activity)
          .setTitle("Enable permission in Settings")
          .setMessage(buildSettingsMessage(permissions))
          .setPositiveButton("Open Settings") { _, _ ->
@@ -170,7 +165,8 @@ class PermissionRequester(
                Uri.fromParts("package", activity.packageName, null),
              )
            activity.startActivity(intent)
-          }.setNegativeButton("Cancel", null)
+          }
+          .setNegativeButton("Cancel", null)
          .setOnDismissListener { removeObserver() }
          .show()
    }
--- a/apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt
@@ -46,8 +46,7 @@ class SecurePrefs(
    appContext.getSharedPreferences(plainPrefsName, Context.MODE_PRIVATE)

  private val masterKey by lazy {
-    MasterKey
-      .Builder(appContext)
+    MasterKey.Builder(appContext)
      .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
      .build()
  }
@@ -421,20 +420,16 @@ class SecurePrefs(
    return plainPrefs.getString(key, null)?.trim()?.takeIf { it.isNotEmpty() }
  }

-  fun saveGatewayTlsFingerprint(
-    stableId: String,
-    fingerprint: String,
-  ) {
+  fun saveGatewayTlsFingerprint(stableId: String, fingerprint: String) {
    val key = "gateway.tls.$stableId"
    plainPrefs.edit { putString(key, fingerprint.trim()) }
  }

-  fun getString(key: String): String? = securePrefs.getString(key, null)
+  fun getString(key: String): String? {
+    return securePrefs.getString(key, null)
+  }

-  fun putString(
-    key: String,
-    value: String,
-  ) {
+  fun putString(key: String, value: String) {
    securePrefs.edit { putString(key, value) }
  }

@@ -442,17 +437,15 @@ class SecurePrefs(
    securePrefs.edit { remove(key) }
  }

-  private fun createSecurePrefs(
-    context: Context,
-    name: String,
-  ): SharedPreferences =
-    EncryptedSharedPreferences.create(
+  private fun createSecurePrefs(context: Context, name: String): SharedPreferences {
+    return EncryptedSharedPreferences.create(
      context,
      name,
      masterKey,
      EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
      EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM,
    )
+  }

  private fun loadOrCreateInstanceId(): String {
    val existing = plainPrefs.getString("node.instanceId", null)?.trim()
@@ -511,7 +504,8 @@ class SecurePrefs(
            is JsonPrimitive -> item.content.trim().takeIf { it.isNotEmpty() }
            else -> null
          }
-        }.toSet()
+        }
+        .toSet()
    } catch (_: Throwable) {
      emptySet()
    }
--- a/apps/android/app/src/main/java/ai/openclaw/app/SessionKey.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/SessionKey.kt
@@ -15,17 +15,10 @@ internal fun isCanonicalMainSessionKey(raw: String?): Boolean {
 internal fun resolveAgentIdFromMainSessionKey(raw: String?): String? {
  val trimmed = raw?.trim().orEmpty()
  if (!trimmed.startsWith("agent:")) return null
-  return trimmed
-    .removePrefix("agent:")
-    .substringBefore(':')
-    .trim()
-    .ifEmpty { null }
+  return trimmed.removePrefix("agent:").substringBefore(':').trim().ifEmpty { null }
 }

-internal fun buildNodeMainSessionKey(
-  deviceId: String,
-  agentId: String?,
-): String {
+internal fun buildNodeMainSessionKey(deviceId: String, agentId: String?): String {
  val resolvedAgentId = agentId?.trim().orEmpty().ifEmpty { "main" }
  return "agent:$resolvedAgentId:node-${deviceId.take(12)}"
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/VoiceWakeMode.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/VoiceWakeMode.kt
@@ -1,14 +1,14 @@
 package ai.openclaw.app

-enum class VoiceWakeMode(
-  val rawValue: String,
-) {
+enum class VoiceWakeMode(val rawValue: String) {
  Off("off"),
  Foreground("foreground"),
  Always("always"),
  ;

  companion object {
-    fun fromRawValue(raw: String?): VoiceWakeMode = entries.firstOrNull { it.rawValue == raw?.trim()?.lowercase() } ?: Foreground
+    fun fromRawValue(raw: String?): VoiceWakeMode {
+      return entries.firstOrNull { it.rawValue == raw?.trim()?.lowercase() } ?: Foreground
+    }
  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/WakeWords.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/WakeWords.kt
@@ -4,26 +4,18 @@ object WakeWords {
  const val maxWords: Int = 32
  const val maxWordLength: Int = 64

-  fun parseCommaSeparated(input: String): List<String> = input.split(",").map { it.trim() }.filter { it.isNotEmpty() }
+  fun parseCommaSeparated(input: String): List<String> {
+    return input.split(",").map { it.trim() }.filter { it.isNotEmpty() }
+  }

-  fun parseIfChanged(
-    input: String,
-    current: List<String>,
-  ): List<String>? {
+  fun parseIfChanged(input: String, current: List<String>): List<String>? {
    val parsed = parseCommaSeparated(input)
    return if (parsed == current) null else parsed
  }

-  fun sanitize(
-    words: List<String>,
-    defaults: List<String>,
-  ): List<String> {
+  fun sanitize(words: List<String>, defaults: List<String>): List<String> {
    val cleaned =
-      words
-        .map { it.trim() }
-        .filter { it.isNotEmpty() }
-        .take(maxWords)
-        .map { it.take(maxWordLength) }
+      words.map { it.trim() }.filter { it.isNotEmpty() }.take(maxWords).map { it.take(maxWordLength) }
    return cleaned.ifEmpty { defaults }
  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/chat/ChatController.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/chat/ChatController.kt
@@ -1,6 +1,8 @@
 package ai.openclaw.app.chat

 import ai.openclaw.app.gateway.GatewaySession
+import java.util.UUID
+import java.util.concurrent.ConcurrentHashMap
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.delay
@@ -15,8 +17,6 @@ import kotlinx.serialization.json.JsonNull
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonObject
-import java.util.UUID
-import java.util.concurrent.ConcurrentHashMap

 class ChatController(
  private val scope: CoroutineScope,
@@ -173,12 +173,12 @@ class ChatController(
      }
    _messages.value =
      _messages.value +
-      ChatMessage(
-        id = UUID.randomUUID().toString(),
-        role = "user",
-        content = userContent,
-        timestampMs = System.currentTimeMillis(),
-      )
+        ChatMessage(
+          id = UUID.randomUUID().toString(),
+          role = "user",
+          content = userContent,
+          timestampMs = System.currentTimeMillis(),
+        )

    armPendingRunTimeout(runId)
    synchronized(pendingRuns) {
@@ -255,10 +255,7 @@ class ChatController(
    }
  }

-  fun handleGatewayEvent(
-    event: String,
-    payloadJson: String?,
-  ) {
+  fun handleGatewayEvent(event: String, payloadJson: String?) {
    when (event) {
      "tick" -> {
        scope.launch { pollHealthIfNeeded(force = false) }
@@ -282,10 +279,7 @@ class ChatController(
    }
  }

-  private suspend fun bootstrap(
-    forceHealth: Boolean,
-    refreshSessions: Boolean,
-  ) {
+  private suspend fun bootstrap(forceHealth: Boolean, refreshSessions: Boolean) {
    _errorText.value = null
    _healthOk.value = false
    clearPendingRuns()
@@ -304,10 +298,7 @@ class ChatController(
      val history = parseHistory(historyJson, sessionKey = key, previousMessages = _messages.value)
      _messages.value = history.messages
      _sessionId.value = history.sessionId
-      history.thinkingLevel
-        ?.trim()
-        ?.takeIf { it.isNotEmpty() }
-        ?.let { _thinkingLevel.value = it }
+      history.thinkingLevel?.trim()?.takeIf { it.isNotEmpty() }?.let { _thinkingLevel.value = it }

      pollHealthIfNeeded(force = forceHealth)
      if (refreshSessions) {
@@ -380,10 +371,7 @@ class ChatController(
            val history = parseHistory(historyJson, sessionKey = _sessionKey.value, previousMessages = _messages.value)
            _messages.value = history.messages
            _sessionId.value = history.sessionId
-            history.thinkingLevel
-              ?.trim()
-              ?.takeIf { it.isNotEmpty() }
-              ?.let { _thinkingLevel.value = it }
+            history.thinkingLevel?.trim()?.takeIf { it.isNotEmpty() }?.let { _thinkingLevel.value = it }
          } catch (_: Throwable) {
            // best-effort
          }
@@ -554,24 +542,22 @@ class ChatController(
    }
  }

-  private fun parseRunId(resJson: String): String? =
-    try {
-      json
-        .parseToJsonElement(resJson)
-        .asObjectOrNull()
-        ?.get("runId")
-        .asStringOrNull()
+  private fun parseRunId(resJson: String): String? {
+    return try {
+      json.parseToJsonElement(resJson).asObjectOrNull()?.get("runId").asStringOrNull()
    } catch (_: Throwable) {
      null
    }
+  }

-  private fun normalizeThinking(raw: String): String =
-    when (raw.trim().lowercase()) {
+  private fun normalizeThinking(raw: String): String {
+    return when (raw.trim().lowercase()) {
      "low" -> "low"
      "medium" -> "medium"
      "high" -> "high"
      else -> "off"
    }
+  }
 }

 internal data class MainSessionState(
@@ -596,10 +582,7 @@ internal fun applyMainSessionKey(
  )
 }

-internal fun reconcileMessageIds(
-  previous: List<ChatMessage>,
-  incoming: List<ChatMessage>,
-): List<ChatMessage> {
+internal fun reconcileMessageIds(previous: List<ChatMessage>, incoming: List<ChatMessage>): List<ChatMessage> {
  if (previous.isEmpty() || incoming.isEmpty()) return incoming

  val idsByKey = LinkedHashMap<String, ArrayDeque<String>>()
@@ -630,15 +613,9 @@ internal fun messageIdentityKey(message: ChatMessage): String? {
      listOf(
        part.type.trim().lowercase(),
        part.text?.trim().orEmpty(),
-        part.mimeType
-          ?.trim()
-          ?.lowercase()
-          .orEmpty(),
+        part.mimeType?.trim()?.lowercase().orEmpty(),
        part.fileName?.trim().orEmpty(),
-        part.base64
-          ?.hashCode()
-          ?.toString()
-          .orEmpty(),
+        part.base64?.hashCode()?.toString().orEmpty(),
      ).joinToString(separator = "\u001F")
    }

--- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthStore.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthStore.kt
@@ -19,44 +19,21 @@ private data class PersistedDeviceAuthMetadata(
 )

 interface DeviceAuthTokenStore {
-  fun loadEntry(
-    deviceId: String,
-    role: String,
-  ): DeviceAuthEntry?
-
-  fun loadToken(
-    deviceId: String,
-    role: String,
-  ): String? = loadEntry(deviceId, role)?.token
-
-  fun saveToken(
-    deviceId: String,
-    role: String,
-    token: String,
-    scopes: List<String> = emptyList(),
-  )
-
-  fun clearToken(
-    deviceId: String,
-    role: String,
-  )
+  fun loadEntry(deviceId: String, role: String): DeviceAuthEntry?
+  fun loadToken(deviceId: String, role: String): String? = loadEntry(deviceId, role)?.token
+  fun saveToken(deviceId: String, role: String, token: String, scopes: List<String> = emptyList())
+  fun clearToken(deviceId: String, role: String)
 }

-class DeviceAuthStore(
-  private val prefs: SecurePrefs,
-) : DeviceAuthTokenStore {
+class DeviceAuthStore(private val prefs: SecurePrefs) : DeviceAuthTokenStore {
  private val json = Json { ignoreUnknownKeys = true }

-  override fun loadEntry(
-    deviceId: String,
-    role: String,
-  ): DeviceAuthEntry? {
+  override fun loadEntry(deviceId: String, role: String): DeviceAuthEntry? {
    val key = tokenKey(deviceId, role)
    val token = prefs.getString(key)?.trim()?.takeIf { it.isNotEmpty() } ?: return null
    val normalizedRole = normalizeRole(role)
    val metadata =
-      prefs
-        .getString(metadataKey(deviceId, role))
+      prefs.getString(metadataKey(deviceId, role))
        ?.let { raw ->
          runCatching { json.decodeFromString<PersistedDeviceAuthMetadata>(raw) }.getOrNull()
        }
@@ -68,12 +45,7 @@ class DeviceAuthStore(
    )
  }

-  override fun saveToken(
-    deviceId: String,
-    role: String,
-    token: String,
-    scopes: List<String>,
-  ) {
+  override fun saveToken(deviceId: String, role: String, token: String, scopes: List<String>) {
    val normalizedScopes = normalizeScopes(scopes)
    val key = tokenKey(deviceId, role)
    prefs.putString(key, token.trim())
@@ -88,28 +60,19 @@ class DeviceAuthStore(
    )
  }

-  override fun clearToken(
-    deviceId: String,
-    role: String,
-  ) {
+  override fun clearToken(deviceId: String, role: String) {
    val key = tokenKey(deviceId, role)
    prefs.remove(key)
    prefs.remove(metadataKey(deviceId, role))
  }

-  private fun tokenKey(
-    deviceId: String,
-    role: String,
-  ): String {
+  private fun tokenKey(deviceId: String, role: String): String {
    val normalizedDevice = normalizeDeviceId(deviceId)
    val normalizedRole = normalizeRole(role)
    return "gateway.deviceToken.$normalizedDevice.$normalizedRole"
  }

-  private fun metadataKey(
-    deviceId: String,
-    role: String,
-  ): String {
+  private fun metadataKey(deviceId: String, role: String): String {
    val normalizedDevice = normalizeDeviceId(deviceId)
    val normalizedRole = normalizeRole(role)
    return "gateway.deviceTokenMeta.$normalizedDevice.$normalizedRole"
@@ -119,10 +82,11 @@ class DeviceAuthStore(

  private fun normalizeRole(role: String): String = role.trim().lowercase()

-  private fun normalizeScopes(scopes: List<String>): List<String> =
-    scopes
+  private fun normalizeScopes(scopes: List<String>): List<String> {
+    return scopes
      .map { it.trim() }
      .filter { it.isNotEmpty() }
      .distinct()
      .sorted()
+  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceIdentityStore.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceIdentityStore.kt
@@ -2,10 +2,10 @@ package ai.openclaw.app.gateway

 import android.content.Context
 import android.util.Base64
-import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.Json
 import java.io.File
 import java.security.MessageDigest
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.json.Json

@Serializable
 data class DeviceIdentity(
@@ -15,12 +15,9 @@ data class DeviceIdentity(
  val createdAtMs: Long,
 )

-class DeviceIdentityStore(
-  context: Context,
-) {
+class DeviceIdentityStore(context: Context) {
  private val json = Json { ignoreUnknownKeys = true }
  private val identityFile = File(context.filesDir, "openclaw/identity/device.json")
-
  @Volatile private var cachedIdentity: DeviceIdentity? = null

  @Synchronized
@@ -44,27 +41,15 @@ class DeviceIdentityStore(
    return fresh
  }

-  fun signPayload(
-    payload: String,
-    identity: DeviceIdentity,
-  ): String? =
-    try {
+  fun signPayload(payload: String, identity: DeviceIdentity): String? {
+    return try {
      // Use BC lightweight API directly — JCA provider registration is broken by R8
      val privateKeyBytes = Base64.decode(identity.privateKeyPkcs8Base64, Base64.DEFAULT)
-      val pkInfo =
-        org.bouncycastle.asn1.pkcs.PrivateKeyInfo
-          .getInstance(privateKeyBytes)
+      val pkInfo = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(privateKeyBytes)
      val parsed = pkInfo.parsePrivateKey()
-      val rawPrivate =
-        org.bouncycastle.asn1.DEROctetString
-          .getInstance(parsed)
-          .octets
-      val privateKey =
-        org.bouncycastle.crypto.params
-          .Ed25519PrivateKeyParameters(rawPrivate, 0)
-      val signer =
-        org.bouncycastle.crypto.signers
-          .Ed25519Signer()
+      val rawPrivate = org.bouncycastle.asn1.DEROctetString.getInstance(parsed).octets
+      val privateKey = org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters(rawPrivate, 0)
+      val signer = org.bouncycastle.crypto.signers.Ed25519Signer()
      signer.init(true, privateKey)
      val payloadBytes = payload.toByteArray(Charsets.UTF_8)
      signer.update(payloadBytes, 0, payloadBytes.size)
@@ -73,21 +58,14 @@ class DeviceIdentityStore(
      android.util.Log.e("DeviceAuth", "signPayload FAILED: ${e.javaClass.simpleName}: ${e.message}", e)
      null
    }
+  }

-  fun verifySelfSignature(
-    payload: String,
-    signatureBase64Url: String,
-    identity: DeviceIdentity,
-  ): Boolean =
-    try {
+  fun verifySelfSignature(payload: String, signatureBase64Url: String, identity: DeviceIdentity): Boolean {
+    return try {
      val rawPublicKey = Base64.decode(identity.publicKeyRawBase64, Base64.DEFAULT)
-      val pubKey =
-        org.bouncycastle.crypto.params
-          .Ed25519PublicKeyParameters(rawPublicKey, 0)
+      val pubKey = org.bouncycastle.crypto.params.Ed25519PublicKeyParameters(rawPublicKey, 0)
      val sigBytes = base64UrlDecode(signatureBase64Url)
-      val verifier =
-        org.bouncycastle.crypto.signers
-          .Ed25519Signer()
+      val verifier = org.bouncycastle.crypto.signers.Ed25519Signer()
      verifier.init(false, pubKey)
      val payloadBytes = payload.toByteArray(Charsets.UTF_8)
      verifier.update(payloadBytes, 0, payloadBytes.size)
@@ -96,6 +74,7 @@ class DeviceIdentityStore(
      android.util.Log.e("DeviceAuth", "self-verify exception: ${e.message}", e)
      false
    }
+  }

  private fun base64UrlDecode(input: String): ByteArray {
    val normalized = input.replace('-', '+').replace('_', '/')
@@ -103,15 +82,18 @@ class DeviceIdentityStore(
    return Base64.decode(padded, Base64.DEFAULT)
  }

-  fun publicKeyBase64Url(identity: DeviceIdentity): String? =
-    try {
+  fun publicKeyBase64Url(identity: DeviceIdentity): String? {
+    return try {
      val raw = Base64.decode(identity.publicKeyRawBase64, Base64.DEFAULT)
      base64UrlEncode(raw)
    } catch (_: Throwable) {
      null
    }
+  }

-  private fun load(): DeviceIdentity? = readIdentity(identityFile)
+  private fun load(): DeviceIdentity? {
+    return readIdentity(identityFile)
+  }

  private fun readIdentity(file: File): DeviceIdentity? {
    return try {
@@ -143,22 +125,15 @@ class DeviceIdentityStore(

  private fun generate(): DeviceIdentity {
    // Use BC lightweight API directly to avoid JCA provider issues with R8
-    val kpGen =
-      org.bouncycastle.crypto.generators
-        .Ed25519KeyPairGenerator()
-    kpGen.init(
-      org.bouncycastle.crypto.params
-        .Ed25519KeyGenerationParameters(java.security.SecureRandom()),
-    )
+    val kpGen = org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator()
+    kpGen.init(org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters(java.security.SecureRandom()))
    val kp = kpGen.generateKeyPair()
    val pubKey = kp.public as org.bouncycastle.crypto.params.Ed25519PublicKeyParameters
    val privKey = kp.private as org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters
-    val rawPublic = pubKey.encoded // 32 bytes
+    val rawPublic = pubKey.encoded  // 32 bytes
    val deviceId = sha256Hex(rawPublic)
    // Encode private key as PKCS8 for storage
-    val privKeyInfo =
-      org.bouncycastle.crypto.util.PrivateKeyInfoFactory
-        .createPrivateKeyInfo(privKey)
+    val privKeyInfo = org.bouncycastle.crypto.util.PrivateKeyInfoFactory.createPrivateKeyInfo(privKey)
    val pkcs8Bytes = privKeyInfo.encoded
    return DeviceIdentity(
      deviceId = deviceId,
@@ -168,13 +143,14 @@ class DeviceIdentityStore(
    )
  }

-  private fun deriveDeviceId(publicKeyRawBase64: String): String? =
-    try {
+  private fun deriveDeviceId(publicKeyRawBase64: String): String? {
+    return try {
      val raw = Base64.decode(publicKeyRawBase64, Base64.DEFAULT)
      sha256Hex(raw)
    } catch (_: Throwable) {
      null
    }
+  }

  private fun sha256Hex(data: ByteArray): String {
    val digest = MessageDigest.getInstance("SHA-256").digest(data)
@@ -188,11 +164,9 @@ class DeviceIdentityStore(
    return String(out)
  }

-  private fun base64UrlEncode(data: ByteArray): String =
-    Base64.encodeToString(
-      data,
-      Base64.URL_SAFE or Base64.NO_WRAP or Base64.NO_PADDING,
-    )
+  private fun base64UrlEncode(data: ByteArray): String {
+    return Base64.encodeToString(data, Base64.URL_SAFE or Base64.NO_WRAP or Base64.NO_PADDING)
+  }

  companion object {
    private val HEX = "0123456789abcdef".toCharArray()
--- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayDiscovery.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayDiscovery.kt
@@ -1,17 +1,21 @@
 package ai.openclaw.app.gateway

-import android.annotation.TargetApi
 import android.content.Context
 import android.net.ConnectivityManager
 import android.net.DnsResolver
-import android.net.Network
 import android.net.NetworkCapabilities
-import android.net.NetworkRequest
 import android.net.nsd.NsdManager
 import android.net.nsd.NsdServiceInfo
-import android.os.Build
 import android.os.CancellationSignal
 import android.util.Log
+import java.io.IOException
+import java.net.InetSocketAddress
+import java.nio.ByteBuffer
+import java.nio.charset.CodingErrorAction
+import java.time.Duration
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.Executor
+import java.util.concurrent.Executors
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
@@ -28,27 +32,19 @@ import org.xbill.DNS.ExtendedResolver
 import org.xbill.DNS.Message
 import org.xbill.DNS.Name
 import org.xbill.DNS.PTRRecord
-import org.xbill.DNS.Rcode
 import org.xbill.DNS.Record
+import org.xbill.DNS.Rcode
 import org.xbill.DNS.Resolver
 import org.xbill.DNS.SRVRecord
 import org.xbill.DNS.Section
 import org.xbill.DNS.SimpleResolver
-import org.xbill.DNS.TXTRecord
 import org.xbill.DNS.TextParseException
+import org.xbill.DNS.TXTRecord
 import org.xbill.DNS.Type
-import java.io.IOException
-import java.net.InetAddress
-import java.net.InetSocketAddress
-import java.nio.ByteBuffer
-import java.nio.charset.CodingErrorAction
-import java.time.Duration
-import java.util.concurrent.ConcurrentHashMap
-import java.util.concurrent.Executor
-import java.util.concurrent.Executors
 import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException

+@Suppress("DEPRECATION")
 class GatewayDiscovery(
  context: Context,
  private val scope: CoroutineScope,
@@ -70,38 +66,15 @@ class GatewayDiscovery(

  private var unicastJob: Job? = null
  private val dnsExecutor: Executor = Executors.newCachedThreadPool()
-  private val availableNetworks = ConcurrentHashMap.newKeySet<Network>()
-  private val serviceInfoCallbacks = ConcurrentHashMap<String, Any>()

  @Volatile private var lastWideAreaRcode: Int? = null
-
  @Volatile private var lastWideAreaCount: Int = 0

-  private val networkCallback =
-    object : ConnectivityManager.NetworkCallback() {
-      override fun onAvailable(network: Network) {
-        availableNetworks.add(network)
-      }
-
-      override fun onLost(network: Network) {
-        availableNetworks.remove(network)
-      }
-    }
-
  private val discoveryListener =
    object : NsdManager.DiscoveryListener {
-      override fun onStartDiscoveryFailed(
-        serviceType: String,
-        errorCode: Int,
-      ) {}
-
-      override fun onStopDiscoveryFailed(
-        serviceType: String,
-        errorCode: Int,
-      ) {}
-
+      override fun onStartDiscoveryFailed(serviceType: String, errorCode: Int) {}
+      override fun onStopDiscoveryFailed(serviceType: String, errorCode: Int) {}
      override fun onDiscoveryStarted(serviceType: String) {}
-
      override fun onDiscoveryStopped(serviceType: String) {}

      override fun onServiceFound(serviceInfo: NsdServiceInfo) {
@@ -113,29 +86,17 @@ class GatewayDiscovery(
        val serviceName = BonjourEscapes.decode(serviceInfo.serviceName)
        val id = stableId(serviceName, "local.")
        localById.remove(id)
-        unregisterServiceInfoCallback(id)
        publish()
      }
    }

  init {
-    startNetworkTracking()
    startLocalDiscovery()
    if (!wideAreaDomain.isNullOrBlank()) {
      startUnicastDiscovery(wideAreaDomain)
    }
  }

-  private fun startNetworkTracking() {
-    val cm = connectivity ?: return
-    cm.activeNetwork?.let(availableNetworks::add)
-    try {
-      cm.registerNetworkCallback(NetworkRequest.Builder().build(), networkCallback)
-    } catch (_: Throwable) {
-      // ignore (best-effort)
-    }
-  }
-
  private fun startLocalDiscovery() {
    try {
      nsd.discoverServices(serviceType, NsdManager.PROTOCOL_DNS_SD, discoveryListener)
@@ -167,124 +128,43 @@ class GatewayDiscovery(
  }

  private fun resolve(serviceInfo: NsdServiceInfo) {
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
-      resolveWithServiceInfoCallback(serviceInfo)
-    } else {
-      resolveLegacy(serviceInfo)
-    }
-  }
-
-  @TargetApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)
-  private fun resolveWithServiceInfoCallback(serviceInfo: NsdServiceInfo) {
-    val serviceName = BonjourEscapes.decode(serviceInfo.serviceName)
-    val id = stableId(serviceName, "local.")
-    if (serviceInfoCallbacks.containsKey(id)) return
-
-    val callback =
-      object : NsdManager.ServiceInfoCallback {
-        override fun onServiceInfoCallbackRegistrationFailed(errorCode: Int) {
-          serviceInfoCallbacks.remove(id, this)
-        }
-
-        override fun onServiceInfoCallbackUnregistered() {
-          serviceInfoCallbacks.remove(id, this)
-        }
-
-        override fun onServiceLost() {
-          localById.remove(id)
-          publish()
-        }
-
-        override fun onServiceUpdated(serviceInfo: NsdServiceInfo) {
-          upsertResolvedService(serviceInfo)
-        }
-      }
-
-    serviceInfoCallbacks[id] = callback
-    try {
-      nsd.registerServiceInfoCallback(serviceInfo, dnsExecutor, callback)
-    } catch (_: Throwable) {
-      serviceInfoCallbacks.remove(id, callback)
-    }
-  }
-
-  private fun unregisterServiceInfoCallback(id: String) {
-    val callback = serviceInfoCallbacks.remove(id) ?: return
-    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.UPSIDE_DOWN_CAKE) return
-    try {
-      nsd.unregisterServiceInfoCallback(callback as NsdManager.ServiceInfoCallback)
-    } catch (_: Throwable) {
-      // ignore (best-effort)
-    }
-  }
-
-  private fun resolveLegacy(serviceInfo: NsdServiceInfo) {
-    val listener =
+    nsd.resolveService(
+      serviceInfo,
      object : NsdManager.ResolveListener {
-        override fun onResolveFailed(
-          serviceInfo: NsdServiceInfo,
-          errorCode: Int,
-        ) {}
+        override fun onResolveFailed(serviceInfo: NsdServiceInfo, errorCode: Int) {}

        override fun onServiceResolved(resolved: NsdServiceInfo) {
-          upsertResolvedService(resolved)
+          val host = resolved.host?.hostAddress ?: return
+          val port = resolved.port
+          if (port <= 0) return
+
+          val rawServiceName = resolved.serviceName
+          val serviceName = BonjourEscapes.decode(rawServiceName)
+          val displayName = BonjourEscapes.decode(txt(resolved, "displayName") ?: serviceName)
+          val lanHost = txt(resolved, "lanHost")
+          val tailnetDns = txt(resolved, "tailnetDns")
+          val gatewayPort = txtInt(resolved, "gatewayPort")
+          val canvasPort = txtInt(resolved, "canvasPort")
+          val tlsEnabled = txtBool(resolved, "gatewayTls")
+          val tlsFingerprint = txt(resolved, "gatewayTlsSha256")
+          val id = stableId(serviceName, "local.")
+          localById[id] =
+            GatewayEndpoint(
+              stableId = id,
+              name = displayName,
+              host = host,
+              port = port,
+              lanHost = lanHost,
+              tailnetDns = tailnetDns,
+              gatewayPort = gatewayPort,
+              canvasPort = canvasPort,
+              tlsEnabled = tlsEnabled,
+              tlsFingerprintSha256 = tlsFingerprint,
+            )
+          publish()
        }
-      }
-
-    try {
-      NsdManager::class.java
-        .getMethod("resolveService", NsdServiceInfo::class.java, NsdManager.ResolveListener::class.java)
-        .invoke(nsd, serviceInfo, listener)
-    } catch (_: Throwable) {
-      // ignore (best-effort)
-    }
-  }
-
-  private fun upsertResolvedService(resolved: NsdServiceInfo) {
-    val host = resolvedHostAddress(resolved) ?: return
-    val port = resolved.port
-    if (port <= 0) return
-
-    val rawServiceName = resolved.serviceName
-    val serviceName = BonjourEscapes.decode(rawServiceName)
-    val displayName = BonjourEscapes.decode(txt(resolved, "displayName") ?: serviceName)
-    val lanHost = txt(resolved, "lanHost")
-    val tailnetDns = txt(resolved, "tailnetDns")
-    val gatewayPort = txtInt(resolved, "gatewayPort")
-    val canvasPort = txtInt(resolved, "canvasPort")
-    val tlsEnabled = txtBool(resolved, "gatewayTls")
-    val tlsFingerprint = txt(resolved, "gatewayTlsSha256")
-    val id = stableId(serviceName, "local.")
-    localById[id] =
-      GatewayEndpoint(
-        stableId = id,
-        name = displayName,
-        host = host,
-        port = port,
-        lanHost = lanHost,
-        tailnetDns = tailnetDns,
-        gatewayPort = gatewayPort,
-        canvasPort = canvasPort,
-        tlsEnabled = tlsEnabled,
-        tlsFingerprintSha256 = tlsFingerprint,
-      )
-    publish()
-  }
-
-  private fun resolvedHostAddress(resolved: NsdServiceInfo): String? {
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
-      return resolved.hostAddresses.firstOrNull()?.hostAddress
-    }
-    return legacyHostAddress(resolved)
-  }
-
-  private fun legacyHostAddress(resolved: NsdServiceInfo): String? {
-    return try {
-      val host = NsdServiceInfo::class.java.getMethod("getHost").invoke(resolved) as? InetAddress
-      host?.hostAddress
-    } catch (_: Throwable) {
-      null
-    }
+      },
+    )
  }

  private fun publish() {
@@ -313,17 +193,15 @@ class GatewayDiscovery(
    }
  }

-  private fun stableId(
-    serviceName: String,
-    domain: String,
-  ): String = "$serviceType|$domain|${normalizeName(serviceName)}"
+  private fun stableId(serviceName: String, domain: String): String {
+    return "${serviceType}|${domain}|${normalizeName(serviceName)}"
+  }

-  private fun normalizeName(raw: String): String = raw.trim().split(Regex("\\s+")).joinToString(" ")
+  private fun normalizeName(raw: String): String {
+    return raw.trim().split(Regex("\\s+")).joinToString(" ")
+  }

-  private fun txt(
-    info: NsdServiceInfo,
-    key: String,
-  ): String? {
+  private fun txt(info: NsdServiceInfo, key: String): String? {
    val bytes = info.attributes[key] ?: return null
    return try {
      String(bytes, Charsets.UTF_8).trim().ifEmpty { null }
@@ -332,21 +210,17 @@ class GatewayDiscovery(
    }
  }

-  private fun txtInt(
-    info: NsdServiceInfo,
-    key: String,
-  ): Int? = txt(info, key)?.toIntOrNull()
+  private fun txtInt(info: NsdServiceInfo, key: String): Int? {
+    return txt(info, key)?.toIntOrNull()
+  }

-  private fun txtBool(
-    info: NsdServiceInfo,
-    key: String,
-  ): Boolean {
+  private fun txtBool(info: NsdServiceInfo, key: String): Boolean {
    val raw = txt(info, key)?.trim()?.lowercase() ?: return false
    return raw == "1" || raw == "true" || raw == "yes"
  }

  private suspend fun refreshUnicast(domain: String) {
-    val ptrName = "${serviceType}$domain"
+    val ptrName = "${serviceType}${domain}"
    val ptrMsg = lookupUnicastMessage(ptrName, Type.PTR) ?: return
    val ptrRecords = records(ptrMsg, Section.ANSWER).mapNotNull { it as? PTRRecord }

@@ -419,11 +293,8 @@ class GatewayDiscovery(
    }
  }

-  private fun decodeInstanceName(
-    instanceFqdn: String,
-    domain: String,
-  ): String {
-    val suffix = "${serviceType}$domain"
+  private fun decodeInstanceName(instanceFqdn: String, domain: String): String {
+    val suffix = "${serviceType}${domain}"
    val withoutSuffix =
      if (instanceFqdn.endsWith(suffix)) {
        instanceFqdn.removeSuffix(suffix)
@@ -433,12 +304,11 @@ class GatewayDiscovery(
    return normalizeName(stripTrailingDot(withoutSuffix))
  }

-  private fun stripTrailingDot(raw: String): String = raw.removeSuffix(".")
+  private fun stripTrailingDot(raw: String): String {
+    return raw.removeSuffix(".")
+  }

-  private suspend fun lookupUnicastMessage(
-    name: String,
-    type: Int,
-  ): Message? {
+  private suspend fun lookupUnicastMessage(name: String, type: Int): Message? {
    val query =
      try {
        Message.newQuery(
@@ -480,17 +350,15 @@ class GatewayDiscovery(
    }
  }

-  private fun records(
-    msg: Message?,
-    section: Int,
-  ): List<Record> = msg?.getSection(section).orEmpty()
+  private fun records(msg: Message?, section: Int): List<Record> {
+    return msg?.getSection(section).orEmpty()
+  }

-  private fun keyName(raw: String): String = raw.trim().lowercase()
+  private fun keyName(raw: String): String {
+    return raw.trim().lowercase()
+  }

-  private fun recordsByName(
-    msg: Message,
-    section: Int,
-  ): Map<String, List<Record>> {
+  private fun recordsByName(msg: Message, section: Int): Map<String, List<Record>> {
    val next = LinkedHashMap<String, MutableList<Record>>()
    for (r in records(msg, section)) {
      val name = r.name?.toString() ?: continue
@@ -499,11 +367,7 @@ class GatewayDiscovery(
    return next
  }

-  private fun recordByName(
-    msg: Message,
-    fqdn: String,
-    type: Int,
-  ): Record? {
+  private fun recordByName(msg: Message, fqdn: String, type: Int): Record? {
    val key = keyName(fqdn)
    val byNameAnswer = recordsByName(msg, Section.ANSWER)
    val fromAnswer = byNameAnswer[key].orEmpty().firstOrNull { it.type == type }
@@ -513,10 +377,7 @@ class GatewayDiscovery(
    return byNameAdditional[key].orEmpty().firstOrNull { it.type == type }
  }

-  private fun resolveHostFromMessage(
-    msg: Message?,
-    hostname: String,
-  ): String? {
+  private fun resolveHostFromMessage(msg: Message?, hostname: String): String? {
    val m = msg ?: return null
    val key = keyName(hostname)
    val additional = recordsByName(m, Section.ADDITIONAL)[key].orEmpty()
@@ -529,7 +390,7 @@ class GatewayDiscovery(
    val cm = connectivity ?: return null

    // Prefer VPN (Tailscale) when present; otherwise use the active network.
-    trackedNetworks(cm).firstOrNull { n ->
+    cm.allNetworks.firstOrNull { n ->
      val caps = cm.getNetworkCapabilities(n) ?: return@firstOrNull false
      caps.hasTransport(NetworkCapabilities.TRANSPORT_VPN)
    }?.let { return it }
@@ -537,19 +398,12 @@ class GatewayDiscovery(
    return cm.activeNetwork
  }

-  private fun trackedNetworks(cm: ConnectivityManager): List<Network> {
-    return buildList {
-      cm.activeNetwork?.let(::add)
-      addAll(availableNetworks)
-    }.distinct()
-  }
-
  private fun createDirectResolver(): Resolver? {
    val cm = connectivity ?: return null

    val candidateNetworks =
      buildList {
-        trackedNetworks(cm)
+        cm.allNetworks
          .firstOrNull { n ->
            val caps = cm.getNetworkCapabilities(n) ?: return@firstOrNull false
            caps.hasTransport(NetworkCapabilities.TRANSPORT_VPN)
@@ -562,7 +416,8 @@ class GatewayDiscovery(
        .asSequence()
        .flatMap { n ->
          cm.getLinkProperties(n)?.dnsServers?.asSequence() ?: emptySequence()
-        }.distinctBy { it.hostAddress ?: it.toString() }
+        }
+        .distinctBy { it.hostAddress ?: it.toString() }
        .toList()
    if (servers.isEmpty()) return null

@@ -585,10 +440,7 @@ class GatewayDiscovery(
    }
  }

-  private suspend fun rawQuery(
-    network: android.net.Network?,
-    wireQuery: ByteArray,
-  ): ByteArray =
+  private suspend fun rawQuery(network: android.net.Network?, wireQuery: ByteArray): ByteArray =
    suspendCancellableCoroutine { cont ->
      val signal = CancellationSignal()
      cont.invokeOnCancellation { signal.cancel() }
@@ -600,10 +452,7 @@ class GatewayDiscovery(
        dnsExecutor,
        signal,
        object : DnsResolver.Callback<ByteArray> {
-          override fun onAnswer(
-            answer: ByteArray,
-            rcode: Int,
-          ) {
+          override fun onAnswer(answer: ByteArray, rcode: Int) {
            cont.resume(answer)
          }

@@ -614,10 +463,7 @@ class GatewayDiscovery(
      )
    }

-  private fun txtValue(
-    records: List<TXTRecord>,
-    key: String,
-  ): String? {
+  private fun txtValue(records: List<TXTRecord>, key: String): String? {
    val prefix = "$key="
    for (r in records) {
      val strings: List<String> =
@@ -636,15 +482,11 @@ class GatewayDiscovery(
    return null
  }

-  private fun txtIntValue(
-    records: List<TXTRecord>,
-    key: String,
-  ): Int? = txtValue(records, key)?.toIntOrNull()
+  private fun txtIntValue(records: List<TXTRecord>, key: String): Int? {
+    return txtValue(records, key)?.toIntOrNull()
+  }

-  private fun txtBoolValue(
-    records: List<TXTRecord>,
-    key: String,
-  ): Boolean {
+  private fun txtBoolValue(records: List<TXTRecord>, key: String): Boolean {
    val raw = txtValue(records, key)?.trim()?.lowercase() ?: return false
    return raw == "1" || raw == "true" || raw == "yes"
  }
--- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayEndpoint.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayEndpoint.kt
@@ -13,10 +13,7 @@ data class GatewayEndpoint(
  val tlsFingerprintSha256: String? = null,
 ) {
  companion object {
-    fun manual(
-      host: String,
-      port: Int,
-    ): GatewayEndpoint =
+    fun manual(host: String, port: Int): GatewayEndpoint =
      GatewayEndpoint(
        stableId = "manual|${host.lowercase()}|$port",
        name = "$host:$port",
--- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt
@@ -1,6 +1,10 @@
 package ai.openclaw.app.gateway

 import android.util.Log
+import java.util.Locale
+import java.util.UUID
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.atomic.AtomicBoolean
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -26,10 +30,6 @@ import okhttp3.Request
 import okhttp3.Response
 import okhttp3.WebSocket
 import okhttp3.WebSocketListener
-import java.util.Locale
-import java.util.UUID
-import java.util.concurrent.ConcurrentHashMap
-import java.util.concurrent.atomic.AtomicBoolean

 data class GatewayClientInfo(
  val id: String,
@@ -77,9 +77,8 @@ private data class SelectedConnectAuth(
  val attemptedDeviceTokenRetry: Boolean,
 )

-private class GatewayConnectFailure(
-  val gatewayError: GatewaySession.ErrorShape,
-) : IllegalStateException(gatewayError.message)
+private class GatewayConnectFailure(val gatewayError: GatewaySession.ErrorShape) :
+  IllegalStateException(gatewayError.message)

 class GatewaySession(
  private val scope: CoroutineScope,
@@ -104,18 +103,11 @@ class GatewaySession(
    val timeoutMs: Long?,
  )

-  data class InvokeResult(
-    val ok: Boolean,
-    val payloadJson: String?,
-    val error: ErrorShape?,
-  ) {
+  data class InvokeResult(val ok: Boolean, val payloadJson: String?, val error: ErrorShape?) {
    companion object {
      fun ok(payloadJson: String?) = InvokeResult(ok = true, payloadJson = payloadJson, error = null)
-
-      fun error(
-        code: String,
-        message: String,
-      ) = InvokeResult(ok = false, payloadJson = null, error = ErrorShape(code = code, message = message))
+      fun error(code: String, message: String) =
+        InvokeResult(ok = false, payloadJson = null, error = ErrorShape(code = code, message = message))
    }
  }

@@ -125,18 +117,13 @@ class GatewaySession(
    val details: GatewayConnectErrorDetails? = null,
  )

-  data class RpcResult(
-    val ok: Boolean,
-    val payloadJson: String?,
-    val error: ErrorShape?,
-  )
+  data class RpcResult(val ok: Boolean, val payloadJson: String?, val error: ErrorShape?)

  private val json = Json { ignoreUnknownKeys = true }
  private val writeLock = Mutex()
  private val pending = ConcurrentHashMap<String, CompletableDeferred<RpcResponse>>()

  @Volatile private var canvasHostUrl: String? = null
-
  @Volatile private var mainSessionKey: String? = null

  private data class DesiredConnection(
@@ -150,13 +137,9 @@ class GatewaySession(

  private var desired: DesiredConnection? = null
  private var job: Job? = null
-
  @Volatile private var currentConnection: Connection? = null
-
  @Volatile private var pendingDeviceTokenRetry = false
-
  @Volatile private var deviceTokenRetryBudgetUsed = false
-
  @Volatile private var reconnectPausedForAuthFailure = false

  fun connect(
@@ -197,78 +180,32 @@ class GatewaySession(
  }

  fun currentCanvasHostUrl(): String? = canvasHostUrl
-
  fun currentMainSessionKey(): String? = mainSessionKey

-  suspend fun sendNodeEvent(
-    event: String,
-    payloadJson: String?,
-  ): Boolean {
+  suspend fun sendNodeEvent(event: String, payloadJson: String?): Boolean {
    val conn = currentConnection ?: return false
-    return try {
-      conn.request(
-        "node.event",
-        buildNodeEventParams(event = event, payloadJson = payloadJson),
-        timeoutMs = 8_000,
-      )
-      true
-    } catch (err: Throwable) {
-      Log.w("OpenClawGateway", "node.event failed: ${err::class.java.simpleName}")
-      false
-    }
-  }
-
-  suspend fun sendNodeEventDetailed(
-    event: String,
-    payloadJson: String?,
-    timeoutMs: Long = 8_000,
-  ): RpcResult {
-    val conn =
-      currentConnection
-        ?: return RpcResult(
-          ok = false,
-          payloadJson = null,
-          error = ErrorShape("UNAVAILABLE", "not connected"),
-        )
-    val params = buildNodeEventParams(event = event, payloadJson = payloadJson)
+    val params =
+      buildJsonObject {
+        put("event", JsonPrimitive(event))
+        put("payloadJSON", JsonPrimitive(payloadJson ?: "{}"))
+      }
    try {
-      val res = conn.request("node.event", params, timeoutMs = timeoutMs)
-      return RpcResult(ok = res.ok, payloadJson = res.payloadJson, error = res.error)
+      conn.request("node.event", params, timeoutMs = 8_000)
+      return true
    } catch (err: Throwable) {
-      Log.w("OpenClawGateway", "node.event failed: ${err::class.java.simpleName}")
-      return RpcResult(
-        ok = false,
-        payloadJson = null,
-        error = ErrorShape("UNAVAILABLE", "node.event failed"),
-      )
+      Log.w("OpenClawGateway", "node.event failed: ${err.message ?: err::class.java.simpleName}")
+      return false
    }
  }

-  private fun buildNodeEventParams(
-    event: String,
-    payloadJson: String?,
-  ): JsonObject =
-    buildJsonObject {
-      put("event", JsonPrimitive(event))
-      put("payloadJSON", JsonPrimitive(payloadJson ?: "{}"))
-    }
-
-  suspend fun request(
-    method: String,
-    paramsJson: String?,
-    timeoutMs: Long = 15_000,
-  ): String {
+  suspend fun request(method: String, paramsJson: String?, timeoutMs: Long = 15_000): String {
    val res = requestDetailed(method = method, paramsJson = paramsJson, timeoutMs = timeoutMs)
    if (res.ok) return res.payloadJson ?: ""
    val err = res.error
    throw IllegalStateException("${err?.code ?: "UNAVAILABLE"}: ${err?.message ?: "request failed"}")
  }

-  suspend fun requestDetailed(
-    method: String,
-    paramsJson: String?,
-    timeoutMs: Long = 15_000,
-  ): RpcResult {
+  suspend fun requestDetailed(method: String, paramsJson: String?, timeoutMs: Long = 15_000): RpcResult {
    val conn = currentConnection ?: throw IllegalStateException("not connected")
    val params =
      if (paramsJson.isNullOrBlank()) {
@@ -302,12 +239,7 @@ class GatewaySession(
      return false
    }
    val payloadObj = response.payloadJson?.let(::parseJsonOrNull)?.asObjectOrNull()
-    val refreshedCapability =
-      payloadObj
-        ?.get("canvasCapability")
-        .asStringOrNull()
-        ?.trim()
-        .orEmpty()
+    val refreshedCapability = payloadObj?.get("canvasCapability").asStringOrNull()?.trim().orEmpty()
    if (refreshedCapability.isEmpty()) {
      Log.w("OpenClawGateway", "node.canvas.capability.refresh missing canvasCapability")
      return false
@@ -326,12 +258,7 @@ class GatewaySession(
    return true
  }

-  private data class RpcResponse(
-    val id: String,
-    val ok: Boolean,
-    val payloadJson: String?,
-    val error: ErrorShape?,
-  )
+  private data class RpcResponse(val id: String, val ok: Boolean, val payloadJson: String?, val error: ErrorShape?)

  private inner class Connection(
    private val endpoint: GatewayEndpoint,
@@ -362,11 +289,7 @@ class GatewaySession(
      }
    }

-    suspend fun request(
-      method: String,
-      params: JsonElement?,
-      timeoutMs: Long,
-    ): RpcResponse {
+    suspend fun request(method: String, params: JsonElement?, timeoutMs: Long): RpcResponse {
      val id = UUID.randomUUID().toString()
      val deferred = CompletableDeferred<RpcResponse>()
      pending[id] = deferred
@@ -404,16 +327,13 @@ class GatewaySession(
    }

    private fun buildClient(): OkHttpClient {
-      val builder =
-        OkHttpClient
-          .Builder()
-          .writeTimeout(60, java.util.concurrent.TimeUnit.SECONDS)
-          .readTimeout(0, java.util.concurrent.TimeUnit.SECONDS)
-          .pingInterval(30, java.util.concurrent.TimeUnit.SECONDS)
-      val tlsConfig =
-        buildGatewayTlsConfig(tls) { fingerprint ->
-          onTlsFingerprint?.invoke(tls?.stableId ?: endpoint.stableId, fingerprint)
-        }
+      val builder = OkHttpClient.Builder()
+        .writeTimeout(60, java.util.concurrent.TimeUnit.SECONDS)
+        .readTimeout(0, java.util.concurrent.TimeUnit.SECONDS)
+        .pingInterval(30, java.util.concurrent.TimeUnit.SECONDS)
+      val tlsConfig = buildGatewayTlsConfig(tls) { fingerprint ->
+        onTlsFingerprint?.invoke(tls?.stableId ?: endpoint.stableId, fingerprint)
+      }
      if (tlsConfig != null) {
        builder.sslSocketFactory(tlsConfig.sslSocketFactory, tlsConfig.trustManager)
        builder.hostnameVerifier(tlsConfig.hostnameVerifier)
@@ -422,10 +342,7 @@ class GatewaySession(
    }

    private inner class Listener : WebSocketListener() {
-      override fun onOpen(
-        webSocket: WebSocket,
-        response: Response,
-      ) {
+      override fun onOpen(webSocket: WebSocket, response: Response) {
        scope.launch {
          try {
            val nonce = awaitConnectNonce()
@@ -437,18 +354,11 @@ class GatewaySession(
        }
      }

-      override fun onMessage(
-        webSocket: WebSocket,
-        text: String,
-      ) {
+      override fun onMessage(webSocket: WebSocket, text: String) {
        scope.launch { handleMessage(text) }
      }

-      override fun onFailure(
-        webSocket: WebSocket,
-        t: Throwable,
-        response: Response?,
-      ) {
+      override fun onFailure(webSocket: WebSocket, t: Throwable, response: Response?) {
        if (!connectDeferred.isCompleted) {
          connectDeferred.completeExceptionally(t)
        }
@@ -459,11 +369,7 @@ class GatewaySession(
        }
      }

-      override fun onClosed(
-        webSocket: WebSocket,
-        code: Int,
-        reason: String,
-      ) {
+      override fun onClosed(webSocket: WebSocket, code: Int, reason: String) {
        if (!connectDeferred.isCompleted) {
          connectDeferred.completeExceptionally(IllegalStateException("Gateway closed: $reason"))
        }
@@ -514,7 +420,7 @@ class GatewaySession(
          deviceTokenRetryBudgetUsed = true
        } else if (
          selectedAuth.attemptedDeviceTokenRetry &&
-          shouldClearStoredDeviceTokenAfterRetry(error)
+            shouldClearStoredDeviceTokenAfterRetry(error)
        ) {
          deviceAuthStore.clearToken(identity.deviceId, options.role)
        }
@@ -530,11 +436,8 @@ class GatewaySession(
      return tls != null
    }

-    private fun filteredBootstrapHandoffScopes(
-      role: String,
-      scopes: List<String>,
-    ): List<String>? =
-      when (role.trim()) {
+    private fun filteredBootstrapHandoffScopes(role: String, scopes: List<String>): List<String>? {
+      return when (role.trim()) {
        "node" -> emptyList()
        "operator" -> {
          val allowedOperatorScopes =
@@ -548,6 +451,7 @@ class GatewaySession(
        }
        else -> null
      }
+    }

    private fun persistBootstrapHandoffToken(
      deviceId: String,
@@ -589,25 +493,20 @@ class GatewaySession(
      val deviceToken = authObj?.get("deviceToken").asStringOrNull()
      val authRole = authObj?.get("role").asStringOrNull() ?: options.role
      val authScopes =
-        authObj
-          ?.get("scopes")
-          .asArrayOrNull()
+        authObj?.get("scopes").asArrayOrNull()
          ?.mapNotNull { it.asStringOrNull() }
          ?: emptyList()
      if (!deviceToken.isNullOrBlank()) {
        persistIssuedDeviceToken(authSource, deviceId, authRole, deviceToken, authScopes)
      }
      if (shouldPersistBootstrapHandoffTokens(authSource)) {
-        authObj
-          ?.get("deviceTokens")
-          .asArrayOrNull()
+        authObj?.get("deviceTokens").asArrayOrNull()
          ?.mapNotNull { it.asObjectOrNull() }
          ?.forEach { tokenEntry ->
            val handoffToken = tokenEntry["deviceToken"].asStringOrNull()
            val handoffRole = tokenEntry["role"].asStringOrNull()
            val handoffScopes =
-              tokenEntry["scopes"]
-                .asArrayOrNull()
+              tokenEntry["scopes"].asArrayOrNull()
                ?.mapNotNull { it.asStringOrNull() }
                ?: emptyList()
            if (!handoffToken.isNullOrBlank() && !handoffRole.isNullOrBlank()) {
@@ -618,10 +517,8 @@ class GatewaySession(
      val rawCanvas = obj["canvasHostUrl"].asStringOrNull()
      canvasHostUrl = normalizeCanvasHostUrl(rawCanvas, endpoint, isTlsConnection = tls != null)
      val sessionDefaults =
-        obj["snapshot"]
-          .asObjectOrNull()
-          ?.get("sessionDefaults")
-          .asObjectOrNull()
+        obj["snapshot"].asObjectOrNull()
+          ?.get("sessionDefaults").asObjectOrNull()
      mainSessionKey = sessionDefaults?.get("mainSessionKey").asStringOrNull()
      onConnected(serverName, remoteAddress, mainSessionKey)
    }
@@ -768,12 +665,13 @@ class GatewaySession(
      onEvent(event, payloadJson)
    }

-    private suspend fun awaitConnectNonce(): String =
-      try {
+    private suspend fun awaitConnectNonce(): String {
+      return try {
        withTimeout(2_000) { connectNonceDeferred.await() }
      } catch (err: Throwable) {
        throw IllegalStateException("connect challenge timeout", err)
      }
+    }

    private fun extractConnectNonce(payloadJson: String?): String? {
      if (payloadJson.isNullOrBlank()) return null
@@ -882,7 +780,7 @@ class GatewaySession(
        onDisconnected("Gateway error: ${err.message ?: err::class.java.simpleName}")
        if (
          err is GatewayConnectFailure &&
-          shouldPauseReconnectAfterAuthFailure(err.gatewayError)
+            shouldPauseReconnectAfterAuthFailure(err.gatewayError)
        ) {
          reconnectPausedForAuthFailure = true
          continue
@@ -893,27 +791,26 @@ class GatewaySession(
    }
  }

-  private suspend fun connectOnce(target: DesiredConnection) =
-    withContext(Dispatchers.IO) {
-      val conn =
-        Connection(
-          target.endpoint,
-          target.token,
-          target.bootstrapToken,
-          target.password,
-          target.options,
-          target.tls,
-        )
-      currentConnection = conn
-      try {
-        conn.connect()
-        conn.awaitClose()
-      } finally {
-        currentConnection = null
-        canvasHostUrl = null
-        mainSessionKey = null
-      }
+  private suspend fun connectOnce(target: DesiredConnection) = withContext(Dispatchers.IO) {
+    val conn =
+      Connection(
+        target.endpoint,
+        target.token,
+        target.bootstrapToken,
+        target.password,
+        target.options,
+        target.tls,
+      )
+    currentConnection = conn
+    try {
+      conn.connect()
+      conn.awaitClose()
+    } finally {
+      currentConnection = null
+      canvasHostUrl = null
+      mainSessionKey = null
    }
+  }

  private fun normalizeCanvasHostUrl(
    raw: String?,
@@ -924,12 +821,7 @@ class GatewaySession(
    val parsed = trimmed.takeIf { it.isNotBlank() }?.let { runCatching { java.net.URI(it) }.getOrNull() }
    val host = parsed?.host?.trim().orEmpty()
    val port = parsed?.port ?: -1
-    val scheme =
-      parsed
-        ?.scheme
-        ?.trim()
-        .orEmpty()
-        .ifBlank { "http" }
+    val scheme = parsed?.scheme?.trim().orEmpty().ifBlank { "http" }
    val suffix = buildUrlSuffix(parsed)

    // If raw URL is a non-loopback address and this connection uses TLS,
@@ -941,7 +833,7 @@ class GatewaySession(
            !scheme.equals("https", ignoreCase = true) ||
              (port > 0 && port != endpoint.port) ||
              (port <= 0 && endpoint.port != 443)
-          )
+            )
      if (needsTlsRewrite) {
        return buildCanvasUrl(host = host, scheme = "https", port = endpoint.port, suffix = suffix)
      }
@@ -961,12 +853,7 @@ class GatewaySession(
    return buildCanvasUrl(host = fallbackHost, scheme = fallbackScheme, port = fallbackPort, suffix = suffix)
  }

-  private fun buildCanvasUrl(
-    host: String,
-    scheme: String,
-    port: Int,
-    suffix: String,
-  ): String {
+  private fun buildCanvasUrl(host: String, scheme: String, port: Int, suffix: String): String {
    val loweredScheme = scheme.lowercase()
    val formattedHost = formatGatewayAuthorityHost(host)
    val portSuffix = if ((loweredScheme == "https" && port == 443) || (loweredScheme == "http" && port == 80)) "" else ":$port"
@@ -999,7 +886,7 @@ class GatewaySession(
      explicitGatewayToken
        ?: if (
          explicitPassword == null &&
-          (explicitBootstrapToken == null || storedToken != null)
+            (explicitBootstrapToken == null || storedToken != null)
        ) {
          storedToken
        } else {
@@ -1046,8 +933,8 @@ class GatewaySession(
      detailCode == "AUTH_TOKEN_MISMATCH"
  }

-  private fun shouldPauseReconnectAfterAuthFailure(error: ErrorShape): Boolean =
-    when (error.details?.code) {
+  private fun shouldPauseReconnectAfterAuthFailure(error: ErrorShape): Boolean {
+    return when (error.details?.code) {
      "AUTH_TOKEN_MISSING",
      "AUTH_BOOTSTRAP_TOKEN_INVALID",
      "AUTH_PASSWORD_MISSING",
@@ -1055,13 +942,15 @@ class GatewaySession(
      "AUTH_RATE_LIMITED",
      "PAIRING_REQUIRED",
      "CONTROL_UI_DEVICE_IDENTITY_REQUIRED",
-      "DEVICE_IDENTITY_REQUIRED",
-      -> true
+      "DEVICE_IDENTITY_REQUIRED" -> true
      "AUTH_TOKEN_MISMATCH" -> deviceTokenRetryBudgetUsed && !pendingDeviceTokenRetry
      else -> false
    }
+  }

-  private fun shouldClearStoredDeviceTokenAfterRetry(error: ErrorShape): Boolean = error.details?.code == "AUTH_DEVICE_TOKEN_MISMATCH"
+  private fun shouldClearStoredDeviceTokenAfterRetry(error: ErrorShape): Boolean {
+    return error.details?.code == "AUTH_DEVICE_TOKEN_MISMATCH"
+  }

  private fun isTrustedDeviceRetryEndpoint(
    endpoint: GatewayEndpoint,
@@ -1074,23 +963,18 @@ class GatewaySession(
  }
 }

-internal fun buildGatewayWebSocketUrl(
-  host: String,
-  port: Int,
-  useTls: Boolean,
-): String {
+internal fun buildGatewayWebSocketUrl(host: String, port: Int, useTls: Boolean): String {
  val scheme = if (useTls) "wss" else "ws"
  return "$scheme://${formatGatewayAuthority(host, port)}"
 }

-internal fun formatGatewayAuthority(
-  host: String,
-  port: Int,
-): String = "${formatGatewayAuthorityHost(host)}:$port"
+internal fun formatGatewayAuthority(host: String, port: Int): String {
+  return "${formatGatewayAuthorityHost(host)}:$port"
+}

 private fun formatGatewayAuthorityHost(host: String): String {
  val normalizedHost = host.trim().trim('[', ']')
-  return if (normalizedHost.contains(":")) "[$normalizedHost]" else normalizedHost
+  return if (normalizedHost.contains(":")) "[${normalizedHost}]" else normalizedHost
 }

 private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
--- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt
@@ -13,15 +13,14 @@ import java.security.SecureRandom
 import java.security.cert.CertificateException
 import java.security.cert.X509Certificate
 import java.util.Locale
-import java.util.concurrent.atomic.AtomicReference
-import javax.net.ssl.HostnameVerifier
 import javax.net.ssl.HttpsURLConnection
-import javax.net.ssl.SNIHostName
+import javax.net.ssl.HostnameVerifier
 import javax.net.ssl.SSLContext
 import javax.net.ssl.SSLException
 import javax.net.ssl.SSLParameters
-import javax.net.ssl.SSLSocket
 import javax.net.ssl.SSLSocketFactory
+import javax.net.ssl.SNIHostName
+import javax.net.ssl.SSLSocket
 import javax.net.ssl.TrustManagerFactory
 import javax.net.ssl.X509TrustManager

@@ -55,21 +54,14 @@ fun buildGatewayTlsConfig(
  if (params == null) return null
  val expected = params.expectedFingerprint?.let(::normalizeFingerprint)
  val defaultTrust = defaultTrustManager()
-
  @SuppressLint("CustomX509TrustManager")
  val trustManager =
    object : X509TrustManager {
-      override fun checkClientTrusted(
-        chain: Array<X509Certificate>,
-        authType: String,
-      ) {
+      override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {
        defaultTrust.checkClientTrusted(chain, authType)
      }

-      override fun checkServerTrusted(
-        chain: Array<X509Certificate>,
-        authType: String,
-      ) {
+      override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {
        if (chain.isEmpty()) throw CertificateException("empty certificate chain")
        val fingerprint = sha256Hex(chain[0].encoded)
        if (expected != null) {
@@ -114,29 +106,18 @@ suspend fun probeGatewayTlsFingerprint(
  if (port !in 1..65535) return GatewayTlsProbeResult(failure = GatewayTlsProbeFailure.ENDPOINT_UNREACHABLE)

  return withContext(Dispatchers.IO) {
-    val fingerprintRef = AtomicReference<String?>(null)
-    val probeTrustManager =
-      @SuppressLint("CustomX509TrustManager")
+    val trustAll =
+      @SuppressLint("CustomX509TrustManager", "TrustAllX509TrustManager")
      object : X509TrustManager {
-        override fun checkClientTrusted(
-          chain: Array<X509Certificate>,
-          authType: String,
-        ): Unit = throw CertificateException("gateway TLS probe does not accept client certificates")
-
-        override fun checkServerTrusted(
-          chain: Array<X509Certificate>,
-          authType: String,
-        ) {
-          if (chain.isEmpty()) throw CertificateException("empty certificate chain")
-          fingerprintRef.set(sha256Hex(chain[0].encoded))
-          throw CertificateException("gateway TLS probe captured fingerprint")
-        }
-
+        @SuppressLint("TrustAllX509TrustManager")
+        override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {}
+        @SuppressLint("TrustAllX509TrustManager")
+        override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {}
        override fun getAcceptedIssuers(): Array<X509Certificate> = emptyArray()
      }

    val context = SSLContext.getInstance("TLS")
-    context.init(null, arrayOf(probeTrustManager), SecureRandom())
+    context.init(null, arrayOf(trustAll), SecureRandom())

    val socket = (context.socketFactory.createSocket() as SSLSocket)
    try {
@@ -160,16 +141,13 @@ suspend fun probeGatewayTlsFingerprint(
          ?: return@withContext GatewayTlsProbeResult(failure = GatewayTlsProbeFailure.TLS_UNAVAILABLE)
      GatewayTlsProbeResult(fingerprintSha256 = sha256Hex(cert.encoded))
    } catch (err: Throwable) {
-      fingerprintRef.get()?.let { return@withContext GatewayTlsProbeResult(fingerprintSha256 = it) }
      val failure =
        when (err) {
          is SSLException,
-          is EOFException,
-          -> GatewayTlsProbeFailure.TLS_UNAVAILABLE
+          is EOFException -> GatewayTlsProbeFailure.TLS_UNAVAILABLE
          is ConnectException,
          is SocketTimeoutException,
-          is UnknownHostException,
-          -> GatewayTlsProbeFailure.ENDPOINT_UNREACHABLE
+          is UnknownHostException -> GatewayTlsProbeFailure.ENDPOINT_UNREACHABLE
          else -> GatewayTlsProbeFailure.ENDPOINT_UNREACHABLE
        }
      GatewayTlsProbeResult(failure = failure)
@@ -201,9 +179,7 @@ private fun sha256Hex(data: ByteArray): String {
 }

 private fun normalizeFingerprint(raw: String): String {
-  val stripped =
-    raw
-      .trim()
-      .replace(Regex("^sha-?256\\s*:?\\s*", RegexOption.IGNORE_CASE), "")
+  val stripped = raw.trim()
+    .replace(Regex("^sha-?256\\s*:?\\s*", RegexOption.IGNORE_CASE), "")
  return stripped.lowercase(Locale.US).filter { it in '0'..'9' || it in 'a'..'f' }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/A2UIHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/A2UIHandler.kt
@@ -1,5 +1,6 @@
 package ai.openclaw.app.node

+import ai.openclaw.app.gateway.GatewaySession
 import kotlinx.coroutines.delay
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
@@ -12,11 +13,12 @@ class A2UIHandler(
  private val getNodeCanvasHostUrl: () -> String?,
  private val getOperatorCanvasHostUrl: () -> String?,
 ) {
-  fun isTrustedCanvasActionUrl(rawUrl: String?): Boolean =
-    CanvasActionTrust.isTrustedCanvasActionUrl(
+  fun isTrustedCanvasActionUrl(rawUrl: String?): Boolean {
+    return CanvasActionTrust.isTrustedCanvasActionUrl(
      rawUrl = rawUrl,
      trustedA2uiUrls = listOfNotNull(resolveA2uiHostUrl()),
    )
+  }

  fun resolveA2uiHostUrl(): String? {
    val nodeRaw = getNodeCanvasHostUrl()?.trim().orEmpty()
@@ -24,7 +26,7 @@ class A2UIHandler(
    val raw = if (nodeRaw.isNotBlank()) nodeRaw else operatorRaw
    if (raw.isBlank()) return null
    val base = raw.trimEnd('/')
-    return "$base/__openclaw__/a2ui/?platform=android"
+    return "${base}/__openclaw__/a2ui/?platform=android"
  }

  suspend fun ensureA2uiReady(a2uiUrl: String): Boolean {
@@ -48,10 +50,7 @@ class A2UIHandler(
    return false
  }

-  fun decodeA2uiMessages(
-    command: String,
-    paramsJson: String?,
-  ): String {
+  fun decodeA2uiMessages(command: String, paramsJson: String?): String {
    val raw = paramsJson?.trim().orEmpty()
    if (raw.isBlank()) throw IllegalArgumentException("INVALID_REQUEST: paramsJSON required")

@@ -77,7 +76,8 @@ class A2UIHandler(
                ?: throw IllegalArgumentException("A2UI JSONL line ${idx + 1}: expected a JSON object")
            validateA2uiV0_8(msg, idx + 1)
            msg
-          }.toList()
+          }
+          .toList()
      return JsonArray(messages).toString()
    }

@@ -86,17 +86,14 @@ class A2UIHandler(
      arr.mapIndexed { idx, el ->
        val msg =
          el as? JsonObject
-            ?: throw IllegalArgumentException("A2UI messages[$idx]: expected a JSON object")
+            ?: throw IllegalArgumentException("A2UI messages[${idx}]: expected a JSON object")
        validateA2uiV0_8(msg, idx + 1)
        msg
      }
    return JsonArray(out).toString()
  }

-  private fun validateA2uiV0_8(
-    msg: JsonObject,
-    lineNumber: Int,
-  ) {
+  private fun validateA2uiV0_8(msg: JsonObject, lineNumber: Int) {
    if (msg.containsKey("createSurface")) {
      throw IllegalArgumentException(
        "A2UI JSONL line $lineNumber: looks like A2UI v0.9 (`createSurface`). Canvas supports v0.8 messages only.",
@@ -138,18 +135,19 @@ class A2UIHandler(
      })()
      """

-    fun a2uiApplyMessagesJS(messagesJson: String): String =
-      """
-      (() => {
-        try {
-          const host = globalThis.openclawA2UI;
-          if (!host) return { ok: false, error: "missing openclawA2UI" };
-          const messages = $messagesJson;
-          return host.applyMessages(messages);
-        } catch (e) {
-          return { ok: false, error: String(e?.message ?? e) };
-        }
-      })()
+    fun a2uiApplyMessagesJS(messagesJson: String): String {
+      return """
+        (() => {
+          try {
+            const host = globalThis.openclawA2UI;
+            if (!host) return { ok: false, error: "missing openclawA2UI" };
+            const messages = $messagesJson;
+            return host.applyMessages(messages);
+          } catch (e) {
+            return { ok: false, error: String(e?.message ?? e) };
+          }
+        })()
      """.trimIndent()
+    }
  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/CalendarHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CalendarHandler.kt
@@ -1,6 +1,5 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.content.ContentResolver
 import android.content.ContentUris
@@ -8,15 +7,16 @@ import android.content.ContentValues
 import android.content.Context
 import android.provider.CalendarContract
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
+import java.time.Instant
+import java.time.temporal.ChronoUnit
+import java.util.TimeZone
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonArray
 import kotlinx.serialization.json.buildJsonObject
 import kotlinx.serialization.json.put
-import java.time.Instant
-import java.time.temporal.ChronoUnit
-import java.util.TimeZone

 private const val DEFAULT_CALENDAR_LIMIT = 50

@@ -52,30 +52,23 @@ internal interface CalendarDataSource {

  fun hasWritePermission(context: Context): Boolean

-  fun events(
-    context: Context,
-    request: CalendarEventsRequest,
-  ): List<CalendarEventRecord>
+  fun events(context: Context, request: CalendarEventsRequest): List<CalendarEventRecord>

-  fun add(
-    context: Context,
-    request: CalendarAddRequest,
-  ): CalendarEventRecord
+  fun add(context: Context, request: CalendarAddRequest): CalendarEventRecord
 }

 private object SystemCalendarDataSource : CalendarDataSource {
-  override fun hasReadPermission(context: Context): Boolean =
-    ContextCompat.checkSelfPermission(context, Manifest.permission.READ_CALENDAR) ==
+  override fun hasReadPermission(context: Context): Boolean {
+    return ContextCompat.checkSelfPermission(context, Manifest.permission.READ_CALENDAR) ==
      android.content.pm.PackageManager.PERMISSION_GRANTED
+  }

-  override fun hasWritePermission(context: Context): Boolean =
-    ContextCompat.checkSelfPermission(context, Manifest.permission.WRITE_CALENDAR) ==
+  override fun hasWritePermission(context: Context): Boolean {
+    return ContextCompat.checkSelfPermission(context, Manifest.permission.WRITE_CALENDAR) ==
      android.content.pm.PackageManager.PERMISSION_GRANTED
+  }

-  override fun events(
-    context: Context,
-    request: CalendarEventsRequest,
-  ): List<CalendarEventRecord> {
+  override fun events(context: Context, request: CalendarEventsRequest): List<CalendarEventRecord> {
    val resolver = context.contentResolver
    val builder = CalendarContract.Instances.CONTENT_URI.buildUpon()
    ContentUris.appendId(builder, request.startMs)
@@ -96,12 +89,7 @@ private object SystemCalendarDataSource : CalendarDataSource {
      val out = mutableListOf<CalendarEventRecord>()
      while (cursor.moveToNext() && out.size < request.limit) {
        val id = cursor.getLong(0)
-        val title =
-          cursor
-            .getString(1)
-            ?.trim()
-            .orEmpty()
-            .ifEmpty { "(untitled)" }
+        val title = cursor.getString(1)?.trim().orEmpty().ifEmpty { "(untitled)" }
        val beginMs = cursor.getLong(2)
        val endMs = cursor.getLong(3)
        val isAllDay = cursor.getInt(4) == 1
@@ -122,10 +110,7 @@ private object SystemCalendarDataSource : CalendarDataSource {
    }
  }

-  override fun add(
-    context: Context,
-    request: CalendarAddRequest,
-  ): CalendarEventRecord {
+  override fun add(context: Context, request: CalendarAddRequest): CalendarEventRecord {
    val resolver = context.contentResolver
    val resolvedCalendarId = resolveCalendarId(resolver, request.calendarId, request.calendarTitle)
    val values =
@@ -139,12 +124,10 @@ private object SystemCalendarDataSource : CalendarDataSource {
        request.location?.let { put(CalendarContract.Events.EVENT_LOCATION, it) }
        request.notes?.let { put(CalendarContract.Events.DESCRIPTION, it) }
      }
-    val uri =
-      resolver.insert(CalendarContract.Events.CONTENT_URI, values)
-        ?: throw IllegalStateException("calendar insert failed")
-    val eventId =
-      uri.lastPathSegment?.toLongOrNull()
-        ?: throw IllegalStateException("calendar insert failed")
+    val uri = resolver.insert(CalendarContract.Events.CONTENT_URI, values)
+      ?: throw IllegalStateException("calendar insert failed")
+    val eventId = uri.lastPathSegment?.toLongOrNull()
+      ?: throw IllegalStateException("calendar insert failed")
    return loadEventById(resolver, eventId)
      ?: throw IllegalStateException("calendar insert failed")
  }
@@ -166,54 +149,45 @@ private object SystemCalendarDataSource : CalendarDataSource {
    throw IllegalArgumentException("CALENDAR_NOT_FOUND: no default calendar")
  }

-  private fun calendarExists(
-    resolver: ContentResolver,
-    id: Long,
-  ): Boolean {
+  private fun calendarExists(resolver: ContentResolver, id: Long): Boolean {
    val projection = arrayOf(CalendarContract.Calendars._ID)
-    resolver
-      .query(
-        CalendarContract.Calendars.CONTENT_URI,
-        projection,
-        "${CalendarContract.Calendars._ID}=?",
-        arrayOf(id.toString()),
-        null,
-      ).use { cursor ->
-        return cursor != null && cursor.moveToFirst()
-      }
+    resolver.query(
+      CalendarContract.Calendars.CONTENT_URI,
+      projection,
+      "${CalendarContract.Calendars._ID}=?",
+      arrayOf(id.toString()),
+      null,
+    ).use { cursor ->
+      return cursor != null && cursor.moveToFirst()
+    }
  }

-  private fun findCalendarByTitle(
-    resolver: ContentResolver,
-    title: String,
-  ): Long? {
+  private fun findCalendarByTitle(resolver: ContentResolver, title: String): Long? {
    val projection = arrayOf(CalendarContract.Calendars._ID)
-    resolver
-      .query(
-        CalendarContract.Calendars.CONTENT_URI,
-        projection,
-        "${CalendarContract.Calendars.CALENDAR_DISPLAY_NAME}=?",
-        arrayOf(title),
-        "${CalendarContract.Calendars.IS_PRIMARY} DESC",
-      ).use { cursor ->
-        if (cursor == null || !cursor.moveToFirst()) return null
-        return cursor.getLong(0)
-      }
+    resolver.query(
+      CalendarContract.Calendars.CONTENT_URI,
+      projection,
+      "${CalendarContract.Calendars.CALENDAR_DISPLAY_NAME}=?",
+      arrayOf(title),
+      "${CalendarContract.Calendars.IS_PRIMARY} DESC",
+    ).use { cursor ->
+      if (cursor == null || !cursor.moveToFirst()) return null
+      return cursor.getLong(0)
+    }
  }

  private fun findDefaultCalendarId(resolver: ContentResolver): Long? {
    val projection = arrayOf(CalendarContract.Calendars._ID)
-    resolver
-      .query(
-        CalendarContract.Calendars.CONTENT_URI,
-        projection,
-        "${CalendarContract.Calendars.VISIBLE}=1",
-        null,
-        "${CalendarContract.Calendars.IS_PRIMARY} DESC, ${CalendarContract.Calendars._ID} ASC",
-      ).use { cursor ->
-        if (cursor == null || !cursor.moveToFirst()) return null
-        return cursor.getLong(0)
-      }
+    resolver.query(
+      CalendarContract.Calendars.CONTENT_URI,
+      projection,
+      "${CalendarContract.Calendars.VISIBLE}=1",
+      null,
+      "${CalendarContract.Calendars.IS_PRIMARY} DESC, ${CalendarContract.Calendars._ID} ASC",
+    ).use { cursor ->
+      if (cursor == null || !cursor.moveToFirst()) return null
+      return cursor.getLong(0)
+    }
  }

  private fun loadEventById(
@@ -230,30 +204,24 @@ private object SystemCalendarDataSource : CalendarDataSource {
        CalendarContract.Events.EVENT_LOCATION,
        CalendarContract.Events.CALENDAR_DISPLAY_NAME,
      )
-    resolver
-      .query(
-        CalendarContract.Events.CONTENT_URI,
-        projection,
-        "${CalendarContract.Events._ID}=?",
-        arrayOf(eventId.toString()),
-        null,
-      ).use { cursor ->
-        if (cursor == null || !cursor.moveToFirst()) return null
-        return CalendarEventRecord(
-          identifier = cursor.getLong(0).toString(),
-          title =
-            cursor
-              .getString(1)
-              ?.trim()
-              .orEmpty()
-              .ifEmpty { "(untitled)" },
-          startISO = Instant.ofEpochMilli(cursor.getLong(2)).toString(),
-          endISO = Instant.ofEpochMilli(cursor.getLong(3)).toString(),
-          isAllDay = cursor.getInt(4) == 1,
-          location = cursor.getString(5)?.trim()?.ifEmpty { null },
-          calendarTitle = cursor.getString(6)?.trim()?.ifEmpty { null },
-        )
-      }
+    resolver.query(
+      CalendarContract.Events.CONTENT_URI,
+      projection,
+      "${CalendarContract.Events._ID}=?",
+      arrayOf(eventId.toString()),
+      null,
+    ).use { cursor ->
+      if (cursor == null || !cursor.moveToFirst()) return null
+      return CalendarEventRecord(
+        identifier = cursor.getLong(0).toString(),
+        title = cursor.getString(1)?.trim().orEmpty().ifEmpty { "(untitled)" },
+        startISO = Instant.ofEpochMilli(cursor.getLong(2)).toString(),
+        endISO = Instant.ofEpochMilli(cursor.getLong(3)).toString(),
+        isAllDay = cursor.getInt(4) == 1,
+        location = cursor.getString(5)?.trim()?.ifEmpty { null },
+        calendarTitle = cursor.getString(6)?.trim()?.ifEmpty { null },
+      )
+    }
  }
 }

@@ -369,12 +337,10 @@ class CalendarHandler private constructor(
      } catch (_: Throwable) {
        null
      } ?: return null
-    val start =
-      parseISO((params["startISO"] as? JsonPrimitive)?.content)
-        ?: return null
-    val end =
-      parseISO((params["endISO"] as? JsonPrimitive)?.content)
-        ?: return null
+    val start = parseISO((params["startISO"] as? JsonPrimitive)?.content)
+      ?: return null
+    val end = parseISO((params["endISO"] as? JsonPrimitive)?.content)
+      ?: return null
    return CalendarAddRequest(
      title = (params["title"] as? JsonPrimitive)?.content?.trim().orEmpty(),
      startMs = start.toEpochMilli(),
@@ -397,8 +363,8 @@ class CalendarHandler private constructor(
    }
  }

-  private fun eventJson(event: CalendarEventRecord): JsonObject =
-    buildJsonObject {
+  private fun eventJson(event: CalendarEventRecord): JsonObject {
+    return buildJsonObject {
      put("identifier", JsonPrimitive(event.identifier))
      put("title", JsonPrimitive(event.title))
      put("startISO", JsonPrimitive(event.startISO))
@@ -407,6 +373,7 @@ class CalendarHandler private constructor(
      event.location?.let { put("location", JsonPrimitive(it)) }
      event.calendarTitle?.let { put("calendarTitle", JsonPrimitive(it)) }
    }
+  }

  companion object {
    internal fun forTesting(
--- a/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/CallLogHandler.kt
+++ b/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/CallLogHandler.kt
@@ -1,15 +1,16 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.content.Context
 import android.provider.CallLog
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
 import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
-import kotlinx.serialization.json.buildJsonArray
 import kotlinx.serialization.json.buildJsonObject
+import kotlinx.serialization.json.buildJsonArray
 import kotlinx.serialization.json.put

 private const val DEFAULT_CALL_LOG_LIMIT = 25
@@ -37,32 +38,26 @@ internal data class CallLogSearchRequest(
 internal interface CallLogDataSource {
  fun hasReadPermission(context: Context): Boolean

-  fun search(
-    context: Context,
-    request: CallLogSearchRequest,
-  ): List<CallLogRecord>
+  fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord>
 }

 private object SystemCallLogDataSource : CallLogDataSource {
-  override fun hasReadPermission(context: Context): Boolean =
-    ContextCompat.checkSelfPermission(
+  override fun hasReadPermission(context: Context): Boolean {
+    return ContextCompat.checkSelfPermission(
      context,
-      Manifest.permission.READ_CALL_LOG,
+      Manifest.permission.READ_CALL_LOG
    ) == android.content.pm.PackageManager.PERMISSION_GRANTED
+  }

-  override fun search(
-    context: Context,
-    request: CallLogSearchRequest,
-  ): List<CallLogRecord> {
+  override fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord> {
    val resolver = context.contentResolver
-    val projection =
-      arrayOf(
-        CallLog.Calls.NUMBER,
-        CallLog.Calls.CACHED_NAME,
-        CallLog.Calls.DATE,
-        CallLog.Calls.DURATION,
-        CallLog.Calls.TYPE,
-      )
+    val projection = arrayOf(
+      CallLog.Calls.NUMBER,
+      CallLog.Calls.CACHED_NAME,
+      CallLog.Calls.DATE,
+      CallLog.Calls.DURATION,
+      CallLog.Calls.TYPE,
+    )

    // Build selection and selectionArgs for filtering
    val selections = mutableListOf<String>()
@@ -110,42 +105,40 @@ private object SystemCallLogDataSource : CallLogDataSource {

    val sortOrder = "${CallLog.Calls.DATE} DESC"

-    resolver
-      .query(
-        CallLog.Calls.CONTENT_URI,
-        projection,
-        selection,
-        selectionArgsArray,
-        sortOrder,
-      ).use { cursor ->
-        if (cursor == null) return emptyList()
+    resolver.query(
+      CallLog.Calls.CONTENT_URI,
+      projection,
+      selection,
+      selectionArgsArray,
+      sortOrder,
+    ).use { cursor ->
+      if (cursor == null) return emptyList()

-        val numberIndex = cursor.getColumnIndex(CallLog.Calls.NUMBER)
-        val cachedNameIndex = cursor.getColumnIndex(CallLog.Calls.CACHED_NAME)
-        val dateIndex = cursor.getColumnIndex(CallLog.Calls.DATE)
-        val durationIndex = cursor.getColumnIndex(CallLog.Calls.DURATION)
-        val typeIndex = cursor.getColumnIndex(CallLog.Calls.TYPE)
+      val numberIndex = cursor.getColumnIndex(CallLog.Calls.NUMBER)
+      val cachedNameIndex = cursor.getColumnIndex(CallLog.Calls.CACHED_NAME)
+      val dateIndex = cursor.getColumnIndex(CallLog.Calls.DATE)
+      val durationIndex = cursor.getColumnIndex(CallLog.Calls.DURATION)
+      val typeIndex = cursor.getColumnIndex(CallLog.Calls.TYPE)

-        // Skip offset rows
-        if (request.offset > 0 && cursor.moveToPosition(request.offset - 1)) {
-          // Successfully moved to offset position
-        }
-
-        val out = mutableListOf<CallLogRecord>()
-        var count = 0
-        while (cursor.moveToNext() && count < request.limit) {
-          out +=
-            CallLogRecord(
-              number = cursor.getString(numberIndex),
-              cachedName = cursor.getString(cachedNameIndex),
-              date = cursor.getLong(dateIndex),
-              duration = cursor.getLong(durationIndex),
-              type = cursor.getInt(typeIndex),
-            )
-          count++
-        }
-        return out
+      // Skip offset rows
+      if (request.offset > 0 && cursor.moveToPosition(request.offset - 1)) {
+        // Successfully moved to offset position
      }
+
+      val out = mutableListOf<CallLogRecord>()
+      var count = 0
+      while (cursor.moveToNext() && count < request.limit) {
+        out += CallLogRecord(
+          number = cursor.getString(numberIndex),
+          cachedName = cursor.getString(cachedNameIndex),
+          date = cursor.getLong(dateIndex),
+          duration = cursor.getLong(durationIndex),
+          type = cursor.getInt(typeIndex),
+        )
+        count++
+      }
+      return out
+    }
  }
 }

@@ -163,12 +156,11 @@ class CallLogHandler private constructor(
      )
    }

-    val request =
-      parseSearchRequest(paramsJson)
-        ?: return GatewaySession.InvokeResult.error(
-          code = "INVALID_REQUEST",
-          message = "INVALID_REQUEST: expected JSON object",
-        )
+    val request = parseSearchRequest(paramsJson)
+      ?: return GatewaySession.InvokeResult.error(
+        code = "INVALID_REQUEST",
+        message = "INVALID_REQUEST: expected JSON object",
+      )

    return try {
      val callLogs = dataSource.search(appContext, request)
@@ -205,19 +197,16 @@ class CallLogHandler private constructor(
      )
    }

-    val params =
-      try {
-        Json.parseToJsonElement(paramsJson).asObjectOrNull()
-      } catch (_: Throwable) {
-        null
-      } ?: return null
+    val params = try {
+      Json.parseToJsonElement(paramsJson).asObjectOrNull()
+    } catch (_: Throwable) {
+      null
+    } ?: return null

-    val limit =
-      ((params["limit"] as? JsonPrimitive)?.content?.toIntOrNull() ?: DEFAULT_CALL_LOG_LIMIT)
-        .coerceIn(1, 200)
-    val offset =
-      ((params["offset"] as? JsonPrimitive)?.content?.toIntOrNull() ?: 0)
-        .coerceAtLeast(0)
+    val limit = ((params["limit"] as? JsonPrimitive)?.content?.toIntOrNull() ?: DEFAULT_CALL_LOG_LIMIT)
+      .coerceIn(1, 200)
+    val offset = ((params["offset"] as? JsonPrimitive)?.content?.toIntOrNull() ?: 0)
+      .coerceAtLeast(0)
    val cachedName = (params["cachedName"] as? JsonPrimitive)?.content?.takeIf { it.isNotBlank() }
    val number = (params["number"] as? JsonPrimitive)?.content?.takeIf { it.isNotBlank() }
    val date = (params["date"] as? JsonPrimitive)?.content?.toLongOrNull()
@@ -239,14 +228,15 @@ class CallLogHandler private constructor(
    )
  }

-  private fun callLogJson(callLog: CallLogRecord): JsonObject =
-    buildJsonObject {
+  private fun callLogJson(callLog: CallLogRecord): JsonObject {
+    return buildJsonObject {
      put("number", JsonPrimitive(callLog.number))
      put("cachedName", JsonPrimitive(callLog.cachedName))
      put("date", JsonPrimitive(callLog.date))
      put("duration", JsonPrimitive(callLog.duration))
      put("type", JsonPrimitive(callLog.type))
    }
+  }

  companion object {
    internal fun forTesting(
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/CameraCaptureManager.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CameraCaptureManager.kt
@@ -1,23 +1,24 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.PermissionRequester
 import android.Manifest
 import android.annotation.SuppressLint
 import android.content.Context
-import android.content.pm.PackageManager
 import android.graphics.Bitmap
 import android.graphics.BitmapFactory
 import android.graphics.Matrix
+import android.content.pm.PackageManager
 import android.hardware.camera2.CameraCharacteristics
 import android.util.Base64
 import androidx.camera.camera2.interop.Camera2CameraInfo
 import androidx.camera.core.CameraInfo
+import androidx.exifinterface.media.ExifInterface
+import androidx.lifecycle.LifecycleOwner
 import androidx.camera.core.CameraSelector
 import androidx.camera.core.ImageCapture
 import androidx.camera.core.ImageCaptureException
 import androidx.camera.lifecycle.ProcessCameraProvider
-import androidx.camera.video.FallbackStrategy
 import androidx.camera.video.FileOutputOptions
+import androidx.camera.video.FallbackStrategy
 import androidx.camera.video.Quality
 import androidx.camera.video.QualitySelector
 import androidx.camera.video.Recorder
@@ -27,33 +28,22 @@ import androidx.camera.video.VideoRecordEvent
 import androidx.core.content.ContextCompat
 import androidx.core.content.ContextCompat.checkSelfPermission
 import androidx.core.graphics.scale
-import androidx.exifinterface.media.ExifInterface
-import androidx.lifecycle.LifecycleOwner
+import ai.openclaw.app.PermissionRequester
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.suspendCancellableCoroutine
-import kotlinx.coroutines.withContext
 import kotlinx.coroutines.withTimeout
+import kotlinx.coroutines.withContext
 import kotlinx.serialization.json.JsonObject
 import java.io.ByteArrayOutputStream
 import java.io.File
 import java.util.concurrent.Executor
+import kotlin.math.roundToInt
 import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException
-import kotlin.math.roundToInt
-
-class CameraCaptureManager(
-  private val context: Context,
-) {
-  data class Payload(
-    val payloadJson: String,
-  )
-
-  data class FilePayload(
-    val file: File,
-    val durationMs: Long,
-    val hasAudio: Boolean,
-  )

+class CameraCaptureManager(private val context: Context) {
+  data class Payload(val payloadJson: String)
+  data class FilePayload(val file: File, val durationMs: Long, val hasAudio: Boolean)
  data class CameraDeviceInfo(
    val id: String,
    val name: String,
@@ -62,7 +52,6 @@ class CameraCaptureManager(
  )

  @Volatile private var lifecycleOwner: LifecycleOwner? = null
-
  @Volatile private var permissionRequester: PermissionRequester? = null

  fun attachLifecycleOwner(owner: LifecycleOwner) {
@@ -85,9 +74,8 @@ class CameraCaptureManager(
    val granted = checkSelfPermission(context, Manifest.permission.CAMERA) == PackageManager.PERMISSION_GRANTED
    if (granted) return

-    val requester =
-      permissionRequester
-        ?: throw IllegalStateException("CAMERA_PERMISSION_REQUIRED: grant Camera permission")
+    val requester = permissionRequester
+      ?: throw IllegalStateException("CAMERA_PERMISSION_REQUIRED: grant Camera permission")
    val results = requester.requestIfMissing(listOf(Manifest.permission.CAMERA))
    if (results[Manifest.permission.CAMERA] != true) {
      throw IllegalStateException("CAMERA_PERMISSION_REQUIRED: grant Camera permission")
@@ -98,9 +86,8 @@ class CameraCaptureManager(
    val granted = checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) == PackageManager.PERMISSION_GRANTED
    if (granted) return

-    val requester =
-      permissionRequester
-        ?: throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
+    val requester = permissionRequester
+      ?: throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
    val results = requester.requestIfMissing(listOf(Manifest.permission.RECORD_AUDIO))
    if (results[Manifest.permission.RECORD_AUDIO] != true) {
      throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
@@ -124,10 +111,9 @@ class CameraCaptureManager(
      provider.unbindAll()
      provider.bindToLifecycle(owner, selector, capture)

-      val (bytes, orientation) = capture.takeJpegWithExif(context.mainExecutor(), context.cacheDir)
-      val decoded =
-        BitmapFactory.decodeByteArray(bytes, 0, bytes.size)
-          ?: throw IllegalStateException("UNAVAILABLE: failed to decode captured image")
+      val (bytes, orientation) = capture.takeJpegWithExif(context.mainExecutor())
+      val decoded = BitmapFactory.decodeByteArray(bytes, 0, bytes.size)
+        ?: throw IllegalStateException("UNAVAILABLE: failed to decode captured image")
      val rotated = rotateBitmapByExif(decoded, orientation)
      val scaled =
        if (maxWidth > 0 && rotated.width > maxWidth) {
@@ -191,30 +177,23 @@ class CameraCaptureManager(
      val deviceId = parseDeviceId(params)
      if (includeAudio) ensureMicPermission()

-      android.util.Log.w(
-        "CameraCaptureManager",
-        "clip: start facing=$facing duration=$durationMs audio=$includeAudio deviceId=${deviceId ?: "-"}",
-      )
+      android.util.Log.w("CameraCaptureManager", "clip: start facing=$facing duration=$durationMs audio=$includeAudio deviceId=${deviceId ?: "-"}")

      val provider = context.cameraProvider()
      android.util.Log.w("CameraCaptureManager", "clip: got camera provider")

      // Use LOWEST quality for smallest files over WebSocket
-      val recorder =
-        Recorder
-          .Builder()
-          .setQualitySelector(
-            QualitySelector.from(Quality.LOWEST, FallbackStrategy.lowerQualityOrHigherThan(Quality.LOWEST)),
-          ).build()
+      val recorder = Recorder.Builder()
+        .setQualitySelector(
+          QualitySelector.from(Quality.LOWEST, FallbackStrategy.lowerQualityOrHigherThan(Quality.LOWEST))
+        )
+        .build()
      val videoCapture = VideoCapture.withOutput(recorder)
      val selector = resolveCameraSelector(provider, facing, deviceId)

      // CameraX requires a Preview use case for the camera to start producing frames;
      // without it, the encoder may get no data (ERROR_NO_VALID_DATA).
-      val preview =
-        androidx.camera.core.Preview
-          .Builder()
-          .build()
+      val preview = androidx.camera.core.Preview.Builder().build()
      // Provide a dummy SurfaceTexture so the preview pipeline activates
      val surfaceTexture = android.graphics.SurfaceTexture(0)
      surfaceTexture.setDefaultBufferSize(640, 480)
@@ -235,7 +214,7 @@ class CameraCaptureManager(
      android.util.Log.w("CameraCaptureManager", "clip: warming up camera 1.5s...")
      kotlinx.coroutines.delay(1_500)

-      val file = File.createTempFile("openclaw-clip-", ".mp4", context.cacheDir)
+      val file = File.createTempFile("openclaw-clip-", ".mp4")
      val outputOptions = FileOutputOptions.Builder(file).build()

      val finalized = kotlinx.coroutines.CompletableDeferred<VideoRecordEvent.Finalize>()
@@ -245,16 +224,14 @@ class CameraCaptureManager(
          .prepareRecording(context, outputOptions)
          .apply {
            if (includeAudio) withAudioEnabled()
-          }.start(context.mainExecutor()) { event ->
+          }
+          .start(context.mainExecutor()) { event ->
            android.util.Log.w("CameraCaptureManager", "clip: event ${event.javaClass.simpleName}")
            if (event is VideoRecordEvent.Status) {
              android.util.Log.w("CameraCaptureManager", "clip: recording status update")
            }
            if (event is VideoRecordEvent.Finalize) {
-              android.util.Log.w(
-                "CameraCaptureManager",
-                "clip: finalize hasError=${event.hasError()} error=${event.error} cause=${event.cause}",
-              )
+              android.util.Log.w("CameraCaptureManager", "clip: finalize hasError=${event.hasError()} error=${event.error} cause=${event.cause}")
              finalized.complete(event)
            }
          }
@@ -277,11 +254,7 @@ class CameraCaptureManager(
          throw IllegalStateException("UNAVAILABLE: camera clip finalize timed out")
        }
      if (finalizeEvent.hasError()) {
-        android.util.Log.e(
-          "CameraCaptureManager",
-          "clip: FAILED error=${finalizeEvent.error}, cause=${finalizeEvent.cause}",
-          finalizeEvent.cause,
-        )
+        android.util.Log.e("CameraCaptureManager", "clip: FAILED error=${finalizeEvent.error}, cause=${finalizeEvent.cause}", finalizeEvent.cause)
        // Check file size for debugging
        val fileSize = withContext(Dispatchers.IO) { if (file.exists()) file.length() else -1 }
        android.util.Log.e("CameraCaptureManager", "clip: file exists=${file.exists()} size=$fileSize")
@@ -298,10 +271,7 @@ class CameraCaptureManager(
      FilePayload(file = file, durationMs = durationMs.toLong(), hasAudio = includeAudio)
    }

-  private fun rotateBitmapByExif(
-    bitmap: Bitmap,
-    orientation: Int,
-  ): Bitmap {
+  private fun rotateBitmapByExif(bitmap: Bitmap, orientation: Int): Bitmap {
    val matrix = Matrix()
    when (orientation) {
      ExifInterface.ORIENTATION_ROTATE_90 -> matrix.postRotate(90f)
@@ -334,13 +304,15 @@ class CameraCaptureManager(
    }
  }

-  private fun parseQuality(params: JsonObject?): Double? = parseJsonDouble(params, "quality")
+  private fun parseQuality(params: JsonObject?): Double? =
+    parseJsonDouble(params, "quality")

  private fun parseMaxWidth(params: JsonObject?): Int? =
    parseJsonInt(params, "maxWidth")
      ?.takeIf { it > 0 }

-  private fun parseDurationMs(params: JsonObject?): Int? = parseJsonInt(params, "durationMs")
+  private fun parseDurationMs(params: JsonObject?): Int? =
+    parseJsonInt(params, "durationMs")

  private fun parseDeviceId(params: JsonObject?): String? =
    parseJsonString(params, "deviceId")
@@ -363,8 +335,7 @@ class CameraCaptureManager(
    if (!availableIds.contains(deviceId)) {
      throw IllegalStateException("INVALID_REQUEST: unknown camera deviceId '$deviceId'")
    }
-    return CameraSelector
-      .Builder()
+    return CameraSelector.Builder()
      .addCameraFilter { infos -> infos.filter { cameraIdOrNull(it) == deviceId } }
      .build()
  }
@@ -401,7 +372,8 @@ class CameraCaptureManager(
  }

  @SuppressLint("UnsafeOptInUsageError")
-  private fun cameraIdOrNull(info: CameraInfo): String? = runCatching { Camera2CameraInfo.from(info).cameraId }.getOrNull()
+  private fun cameraIdOrNull(info: CameraInfo): String? =
+    runCatching { Camera2CameraInfo.from(info).cameraId }.getOrNull()
 }

 private suspend fun Context.cameraProvider(): ProcessCameraProvider =
@@ -420,12 +392,9 @@ private suspend fun Context.cameraProvider(): ProcessCameraProvider =
  }

 /** Returns (jpegBytes, exifOrientation) so caller can rotate the decoded bitmap. */
-private suspend fun ImageCapture.takeJpegWithExif(
-  executor: Executor,
-  tempDir: File,
-): Pair<ByteArray, Int> =
+private suspend fun ImageCapture.takeJpegWithExif(executor: Executor): Pair<ByteArray, Int> =
  suspendCancellableCoroutine { cont ->
-    val file = File.createTempFile("openclaw-snap-", ".jpg", tempDir)
+    val file = File.createTempFile("openclaw-snap-", ".jpg")
    val options = ImageCapture.OutputFileOptions.Builder(file).build()
    takePicture(
      options,
@@ -439,11 +408,10 @@ private suspend fun ImageCapture.takeJpegWithExif(
        override fun onImageSaved(outputFileResults: ImageCapture.OutputFileResults) {
          try {
            val exif = ExifInterface(file.absolutePath)
-            val orientation =
-              exif.getAttributeInt(
-                ExifInterface.TAG_ORIENTATION,
-                ExifInterface.ORIENTATION_NORMAL,
-              )
+            val orientation = exif.getAttributeInt(
+              ExifInterface.TAG_ORIENTATION,
+              ExifInterface.ORIENTATION_NORMAL,
+            )
            val bytes = file.readBytes()
            cont.resume(Pair(bytes, orientation))
          } catch (e: Exception) {
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/CameraHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CameraHandler.kt
@@ -1,9 +1,9 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.BuildConfig
-import ai.openclaw.app.CameraHudKind
-import ai.openclaw.app.gateway.GatewaySession
 import android.content.Context
+import ai.openclaw.app.CameraHudKind
+import ai.openclaw.app.BuildConfig
+import ai.openclaw.app.gateway.GatewaySession
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.withContext
@@ -16,7 +16,8 @@ import kotlinx.serialization.json.put

 internal const val CAMERA_CLIP_MAX_RAW_BYTES: Long = 18L * 1024L * 1024L

-internal fun isCameraClipWithinPayloadLimit(rawBytes: Long): Boolean = rawBytes in 0L..CAMERA_CLIP_MAX_RAW_BYTES
+internal fun isCameraClipWithinPayloadLimit(rawBytes: Long): Boolean =
+  rawBytes in 0L..CAMERA_CLIP_MAX_RAW_BYTES

 class CameraHandler(
  private val appContext: Context,
@@ -26,8 +27,8 @@ class CameraHandler(
  private val triggerCameraFlash: () -> Unit,
  private val invokeErrorFromThrowable: (err: Throwable) -> Pair<String, String>,
 ) {
-  suspend fun handleList(_paramsJson: String?): GatewaySession.InvokeResult =
-    try {
+  suspend fun handleList(_paramsJson: String?): GatewaySession.InvokeResult {
+    return try {
      val devices = camera.listDevices()
      val payload =
        buildJsonObject {
@@ -52,10 +53,10 @@ class CameraHandler(
      val (code, message) = invokeErrorFromThrowable(err)
      GatewaySession.InvokeResult.error(code = code, message = message)
    }
+  }

  suspend fun handleSnap(paramsJson: String?): GatewaySession.InvokeResult {
    val logFile = if (BuildConfig.DEBUG) java.io.File(appContext.cacheDir, "camera_debug.log") else null
-
    fun camLog(msg: String) {
      if (!BuildConfig.DEBUG) return
      val ts = java.text.SimpleDateFormat("HH:mm:ss.SSS", java.util.Locale.US).format(java.util.Date())
@@ -94,7 +95,6 @@ class CameraHandler(

  suspend fun handleClip(paramsJson: String?): GatewaySession.InvokeResult {
    val clipLogFile = if (BuildConfig.DEBUG) java.io.File(appContext.cacheDir, "camera_debug.log") else null
-
    fun clipLog(msg: String) {
      if (!BuildConfig.DEBUG) return
      val ts = java.text.SimpleDateFormat("HH:mm:ss.SSS", java.util.Locale.US).format(java.util.Date())
@@ -133,19 +133,18 @@ class CameraHandler(
        )
      }

-      val bytes =
-        withContext(Dispatchers.IO) {
-          try {
-            filePayload.file.readBytes()
-          } finally {
-            filePayload.file.delete()
-          }
+      val bytes = withContext(Dispatchers.IO) {
+        try {
+          filePayload.file.readBytes()
+        } finally {
+          filePayload.file.delete()
        }
+      }
      val base64 = android.util.Base64.encodeToString(bytes, android.util.Base64.NO_WRAP)
      clipLog("returning base64 payload")
      showCameraHud("Clip captured", CameraHudKind.Success, 1800)
      return GatewaySession.InvokeResult.ok(
-        """{"format":"mp4","base64":"$base64","durationMs":${filePayload.durationMs},"hasAudio":${filePayload.hasAudio}}""",
+        """{"format":"mp4","base64":"$base64","durationMs":${filePayload.durationMs},"hasAudio":${filePayload.hasAudio}}"""
      )
    } catch (err: Throwable) {
      clipLog("outer error: ${err::class.java.simpleName}: ${err.message}")
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasActionTrust.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasActionTrust.kt
@@ -5,10 +5,7 @@ import java.net.URI
 object CanvasActionTrust {
  const val scaffoldAssetUrl: String = "file:///android_asset/CanvasScaffold/scaffold.html"

-  fun isTrustedCanvasActionUrl(
-    rawUrl: String?,
-    trustedA2uiUrls: List<String>,
-  ): Boolean {
+  fun isTrustedCanvasActionUrl(rawUrl: String?, trustedA2uiUrls: List<String>): Boolean {
    val candidate = rawUrl?.trim().orEmpty()
    if (candidate.isEmpty()) return false
    if (candidate == scaffoldAssetUrl) return true
@@ -24,10 +21,7 @@ object CanvasActionTrust {
    }
  }

-  private fun matchesTrustedRemoteA2uiUrlExact(
-    candidateUri: URI,
-    trustedUrl: String,
-  ): Boolean {
+  private fun matchesTrustedRemoteA2uiUrlExact(candidateUri: URI, trustedUrl: String): Boolean {
    val trustedUri = parseUri(trustedUrl) ?: return false
    val normalizedTrusted = normalizeTrustedRemoteA2uiUri(trustedUri) ?: return false
    return candidateUri == normalizedTrusted
@@ -39,11 +33,7 @@ object CanvasActionTrust {
    val scheme = uri.scheme?.lowercase() ?: return null
    if (scheme != "http" && scheme != "https") return null

-    val host =
-      uri.host
-        ?.trim()
-        ?.takeIf { it.isNotEmpty() }
-        ?.lowercase() ?: return null
+    val host = uri.host?.trim()?.takeIf { it.isNotEmpty() }?.lowercase() ?: return null

    return try {
      URI(scheme, uri.userInfo, host, uri.port, uri.rawPath, uri.rawQuery, null)
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt
@@ -1,46 +1,39 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.BuildConfig
 import android.graphics.Bitmap
 import android.graphics.Canvas
 import android.os.Looper
-import android.util.Base64
 import android.util.Log
 import android.webkit.WebView
 import androidx.core.graphics.createBitmap
 import androidx.core.graphics.scale
 import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.suspendCancellableCoroutine
+import kotlinx.coroutines.withContext
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.flow.asStateFlow
-import kotlinx.coroutines.suspendCancellableCoroutine
-import kotlinx.coroutines.withContext
+import java.io.ByteArrayOutputStream
+import android.util.Base64
+import org.json.JSONObject
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonElement
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
-import org.json.JSONObject
-import java.io.ByteArrayOutputStream
+import ai.openclaw.app.BuildConfig
 import kotlin.coroutines.resume

 class CanvasController {
-  enum class SnapshotFormat(
-    val rawValue: String,
-  ) {
+  enum class SnapshotFormat(val rawValue: String) {
    Png("png"),
    Jpeg("jpeg"),
  }

  @Volatile private var webView: WebView? = null
-
  @Volatile private var url: String? = null
-
  @Volatile private var debugStatusEnabled: Boolean = false
-
  @Volatile private var debugStatusTitle: String? = null
-
  @Volatile private var debugStatusSubtitle: String? = null
-
  @Volatile private var homeCanvasStateJson: String? = null
  private val _currentUrl = MutableStateFlow<String?>(null)
  val currentUrl: StateFlow<String?> = _currentUrl.asStateFlow()
@@ -89,10 +82,7 @@ class CanvasController {
    applyDebugStatus()
  }

-  fun setDebugStatus(
-    title: String?,
-    subtitle: String?,
-  ) {
+  fun setDebugStatus(title: String?, subtitle: String?) {
    debugStatusTitle = title
    debugStatusSubtitle = subtitle
    applyDebugStatus()
@@ -141,8 +131,7 @@ class CanvasController {
    withWebViewOnMain { wv ->
      val titleJs = title?.let { JSONObject.quote(it) } ?: "null"
      val subtitleJs = subtitle?.let { JSONObject.quote(it) } ?: "null"
-      val js =
-        """
+      val js = """
        (() => {
          try {
            const api = globalThis.__openclaw;
@@ -156,7 +145,7 @@ class CanvasController {
            }
          } catch (_) {}
        })();
-        """.trimIndent()
+      """.trimIndent()
      wv.evaluateJavascript(js, null)
    }
  }
@@ -164,8 +153,7 @@ class CanvasController {
  private fun applyHomeCanvasState() {
    val payload = homeCanvasStateJson ?: "null"
    withWebViewOnMain { wv ->
-      val js =
-        """
+      val js = """
        (() => {
          try {
            const api = globalThis.__openclaw;
@@ -173,7 +161,7 @@ class CanvasController {
            api.renderHome($payload);
          } catch (_) {}
        })();
-        """.trimIndent()
+      """.trimIndent()
      wv.evaluateJavascript(js, null)
    }
  }
@@ -206,11 +194,7 @@ class CanvasController {
      }
    }

-  suspend fun snapshotBase64(
-    format: SnapshotFormat,
-    quality: Double?,
-    maxWidth: Int?,
-  ): String =
+  suspend fun snapshotBase64(format: SnapshotFormat, quality: Double?, maxWidth: Int?): String =
    withContext(Dispatchers.Main) {
      val wv = webView ?: throw IllegalStateException("no webview")
      val bmp = wv.captureBitmap()
@@ -246,11 +230,7 @@ class CanvasController {
    }

  companion object {
-    data class SnapshotParams(
-      val format: SnapshotFormat,
-      val quality: Double?,
-      val maxWidth: Int?,
-    )
+    data class SnapshotParams(val format: SnapshotFormat, val quality: Double?, val maxWidth: Int?)

    fun parseNavigateUrl(paramsJson: String?): String {
      val obj = parseParamsObject(paramsJson) ?: return ""
@@ -289,12 +269,13 @@ class CanvasController {
      return q.coerceIn(0.1, 1.0)
    }

-    fun parseSnapshotParams(paramsJson: String?): SnapshotParams =
-      SnapshotParams(
+    fun parseSnapshotParams(paramsJson: String?): SnapshotParams {
+      return SnapshotParams(
        format = parseSnapshotFormat(paramsJson),
        quality = parseSnapshotQuality(paramsJson),
        maxWidth = parseSnapshotMaxWidth(paramsJson),
      )
+    }

    private val json = Json { ignoreUnknownKeys = true }

--- a/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt
@@ -1,15 +1,15 @@
 package ai.openclaw.app.node

+import android.os.Build
 import ai.openclaw.app.BuildConfig
-import ai.openclaw.app.LocationMode
 import ai.openclaw.app.SecurePrefs
-import ai.openclaw.app.VoiceWakeMode
 import ai.openclaw.app.gateway.GatewayClientInfo
 import ai.openclaw.app.gateway.GatewayConnectOptions
 import ai.openclaw.app.gateway.GatewayEndpoint
 import ai.openclaw.app.gateway.GatewayTlsParams
 import ai.openclaw.app.gateway.isLoopbackGatewayHost
-import android.os.Build
+import ai.openclaw.app.LocationMode
+import ai.openclaw.app.VoiceWakeMode

 class ConnectionManager(
  private val prefs: SecurePrefs,
@@ -115,27 +115,22 @@ class ConnectionManager(
    }
  }

-  fun resolveModelIdentifier(): String? =
-    listOfNotNull(Build.MANUFACTURER, Build.MODEL)
+  fun resolveModelIdentifier(): String? {
+    return listOfNotNull(Build.MANUFACTURER, Build.MODEL)
      .joinToString(" ")
      .trim()
      .ifEmpty { null }
+  }

  fun buildUserAgent(): String {
    val version = resolvedVersionName()
-    val release =
-      Build.VERSION.RELEASE
-        ?.trim()
-        .orEmpty()
+    val release = Build.VERSION.RELEASE?.trim().orEmpty()
    val releaseLabel = if (release.isEmpty()) "unknown" else release
    return "OpenClawAndroid/$version (Android $releaseLabel; SDK ${Build.VERSION.SDK_INT})"
  }

-  fun buildClientInfo(
-    clientId: String,
-    clientMode: String,
-  ): GatewayClientInfo =
-    GatewayClientInfo(
+  fun buildClientInfo(clientId: String, clientMode: String): GatewayClientInfo {
+    return GatewayClientInfo(
      id = clientId,
      displayName = prefs.displayName.value,
      version = resolvedVersionName(),
@@ -145,9 +140,10 @@ class ConnectionManager(
      deviceFamily = "Android",
      modelIdentifier = resolveModelIdentifier(),
    )
+  }

-  fun buildNodeConnectOptions(): GatewayConnectOptions =
-    GatewayConnectOptions(
+  fun buildNodeConnectOptions(): GatewayConnectOptions {
+    return GatewayConnectOptions(
      role = "node",
      scopes = emptyList(),
      caps = buildCapabilities(),
@@ -156,9 +152,10 @@ class ConnectionManager(
      client = buildClientInfo(clientId = "openclaw-android", clientMode = "node"),
      userAgent = buildUserAgent(),
    )
+  }

-  fun buildOperatorConnectOptions(): GatewayConnectOptions =
-    GatewayConnectOptions(
+  fun buildOperatorConnectOptions(): GatewayConnectOptions {
+    return GatewayConnectOptions(
      role = "operator",
      scopes = listOf("operator.read", "operator.write", "operator.talk.secrets"),
      caps = emptyList(),
@@ -167,6 +164,7 @@ class ConnectionManager(
      client = buildClientInfo(clientId = "openclaw-android", clientMode = "ui"),
      userAgent = buildUserAgent(),
    )
+  }

  fun resolveTlsParams(endpoint: GatewayEndpoint): GatewayTlsParams? {
    val stored = prefs.loadGatewayTlsFingerprint(endpoint.stableId)
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/ContactsHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ContactsHandler.kt
@@ -1,12 +1,13 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.content.ContentProviderOperation
 import android.content.ContentResolver
+import android.content.ContentValues
 import android.content.Context
 import android.provider.ContactsContract
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonObject
@@ -46,30 +47,23 @@ internal interface ContactsDataSource {

  fun hasWritePermission(context: Context): Boolean

-  fun search(
-    context: Context,
-    request: ContactsSearchRequest,
-  ): List<ContactRecord>
+  fun search(context: Context, request: ContactsSearchRequest): List<ContactRecord>

-  fun add(
-    context: Context,
-    request: ContactsAddRequest,
-  ): ContactRecord
+  fun add(context: Context, request: ContactsAddRequest): ContactRecord
 }

 private object SystemContactsDataSource : ContactsDataSource {
-  override fun hasReadPermission(context: Context): Boolean =
-    ContextCompat.checkSelfPermission(context, Manifest.permission.READ_CONTACTS) ==
+  override fun hasReadPermission(context: Context): Boolean {
+    return ContextCompat.checkSelfPermission(context, Manifest.permission.READ_CONTACTS) ==
      android.content.pm.PackageManager.PERMISSION_GRANTED
+  }

-  override fun hasWritePermission(context: Context): Boolean =
-    ContextCompat.checkSelfPermission(context, Manifest.permission.WRITE_CONTACTS) ==
+  override fun hasWritePermission(context: Context): Boolean {
+    return ContextCompat.checkSelfPermission(context, Manifest.permission.WRITE_CONTACTS) ==
      android.content.pm.PackageManager.PERMISSION_GRANTED
+  }

-  override fun search(
-    context: Context,
-    request: ContactsSearchRequest,
-  ): List<ContactRecord> {
+  override fun search(context: Context, request: ContactsSearchRequest): List<ContactRecord> {
    val resolver = context.contentResolver
    val projection =
      arrayOf(
@@ -86,43 +80,37 @@ private object SystemContactsDataSource : ContactsDataSource {
      selectionArgs = arrayOf("%${escapeLikePattern(request.query)}%")
    }
    val sortOrder = "${ContactsContract.Contacts.DISPLAY_NAME_PRIMARY} COLLATE NOCASE ASC LIMIT ${request.limit}"
-    resolver
-      .query(
-        ContactsContract.Contacts.CONTENT_URI,
-        projection,
-        selection,
-        selectionArgs,
-        sortOrder,
-      ).use { cursor ->
-        if (cursor == null) return emptyList()
-        val idIndex = cursor.getColumnIndexOrThrow(ContactsContract.Contacts._ID)
-        val displayNameIndex = cursor.getColumnIndexOrThrow(ContactsContract.Contacts.DISPLAY_NAME_PRIMARY)
-        val out = mutableListOf<ContactRecord>()
-        while (cursor.moveToNext() && out.size < request.limit) {
-          val contactId = cursor.getLong(idIndex)
-          val displayName = cursor.getString(displayNameIndex).orEmpty()
-          out += loadContactRecord(resolver, contactId, fallbackDisplayName = displayName)
-        }
-        return out
+    resolver.query(
+      ContactsContract.Contacts.CONTENT_URI,
+      projection,
+      selection,
+      selectionArgs,
+      sortOrder,
+    ).use { cursor ->
+      if (cursor == null) return emptyList()
+      val idIndex = cursor.getColumnIndexOrThrow(ContactsContract.Contacts._ID)
+      val displayNameIndex = cursor.getColumnIndexOrThrow(ContactsContract.Contacts.DISPLAY_NAME_PRIMARY)
+      val out = mutableListOf<ContactRecord>()
+      while (cursor.moveToNext() && out.size < request.limit) {
+        val contactId = cursor.getLong(idIndex)
+        val displayName = cursor.getString(displayNameIndex).orEmpty()
+        out += loadContactRecord(resolver, contactId, fallbackDisplayName = displayName)
      }
+      return out
+    }
  }

-  override fun add(
-    context: Context,
-    request: ContactsAddRequest,
-  ): ContactRecord {
+  override fun add(context: Context, request: ContactsAddRequest): ContactRecord {
    val resolver = context.contentResolver
    val operations = ArrayList<ContentProviderOperation>()
    operations +=
-      ContentProviderOperation
-        .newInsert(ContactsContract.RawContacts.CONTENT_URI)
+      ContentProviderOperation.newInsert(ContactsContract.RawContacts.CONTENT_URI)
        .withValue(ContactsContract.RawContacts.ACCOUNT_TYPE, null)
        .withValue(ContactsContract.RawContacts.ACCOUNT_NAME, null)
        .build()
    if (!request.givenName.isNullOrEmpty() || !request.familyName.isNullOrEmpty() || !request.displayName.isNullOrEmpty()) {
      operations +=
-        ContentProviderOperation
-          .newInsert(ContactsContract.Data.CONTENT_URI)
+        ContentProviderOperation.newInsert(ContactsContract.Data.CONTENT_URI)
          .withValueBackReference(ContactsContract.Data.RAW_CONTACT_ID, 0)
          .withValue(ContactsContract.Data.MIMETYPE, ContactsContract.CommonDataKinds.StructuredName.CONTENT_ITEM_TYPE)
          .withValue(ContactsContract.CommonDataKinds.StructuredName.GIVEN_NAME, request.givenName)
@@ -132,8 +120,7 @@ private object SystemContactsDataSource : ContactsDataSource {
    }
    if (!request.organizationName.isNullOrEmpty()) {
      operations +=
-        ContentProviderOperation
-          .newInsert(ContactsContract.Data.CONTENT_URI)
+        ContentProviderOperation.newInsert(ContactsContract.Data.CONTENT_URI)
          .withValueBackReference(ContactsContract.Data.RAW_CONTACT_ID, 0)
          .withValue(ContactsContract.Data.MIMETYPE, ContactsContract.CommonDataKinds.Organization.CONTENT_ITEM_TYPE)
          .withValue(ContactsContract.CommonDataKinds.Organization.COMPANY, request.organizationName)
@@ -141,8 +128,7 @@ private object SystemContactsDataSource : ContactsDataSource {
    }
    request.phoneNumbers.forEach { number ->
      operations +=
-        ContentProviderOperation
-          .newInsert(ContactsContract.Data.CONTENT_URI)
+        ContentProviderOperation.newInsert(ContactsContract.Data.CONTENT_URI)
          .withValueBackReference(ContactsContract.Data.RAW_CONTACT_ID, 0)
          .withValue(ContactsContract.Data.MIMETYPE, ContactsContract.CommonDataKinds.Phone.CONTENT_ITEM_TYPE)
          .withValue(ContactsContract.CommonDataKinds.Phone.NUMBER, number)
@@ -151,8 +137,7 @@ private object SystemContactsDataSource : ContactsDataSource {
    }
    request.emails.forEach { email ->
      operations +=
-        ContentProviderOperation
-          .newInsert(ContactsContract.Data.CONTENT_URI)
+        ContentProviderOperation.newInsert(ContactsContract.Data.CONTENT_URI)
          .withValueBackReference(ContactsContract.Data.RAW_CONTACT_ID, 0)
          .withValue(ContactsContract.Data.MIMETYPE, ContactsContract.CommonDataKinds.Email.CONTENT_ITEM_TYPE)
          .withValue(ContactsContract.CommonDataKinds.Email.ADDRESS, email)
@@ -161,15 +146,12 @@ private object SystemContactsDataSource : ContactsDataSource {
    }

    val results = resolver.applyBatch(ContactsContract.AUTHORITY, operations)
-    val rawContactUri =
-      results.firstOrNull()?.uri
-        ?: throw IllegalStateException("contact insert failed")
-    val rawContactId =
-      rawContactUri.lastPathSegment?.toLongOrNull()
-        ?: throw IllegalStateException("contact insert failed")
-    val contactId =
-      resolveContactIdForRawContact(resolver, rawContactId)
-        ?: throw IllegalStateException("contact insert failed")
+    val rawContactUri = results.firstOrNull()?.uri
+      ?: throw IllegalStateException("contact insert failed")
+    val rawContactId = rawContactUri.lastPathSegment?.toLongOrNull()
+      ?: throw IllegalStateException("contact insert failed")
+    val contactId = resolveContactIdForRawContact(resolver, rawContactId)
+      ?: throw IllegalStateException("contact insert failed")
    return loadContactRecord(
      resolver = resolver,
      contactId = contactId,
@@ -177,23 +159,19 @@ private object SystemContactsDataSource : ContactsDataSource {
    )
  }

-  private fun resolveContactIdForRawContact(
-    resolver: ContentResolver,
-    rawContactId: Long,
-  ): Long? {
+  private fun resolveContactIdForRawContact(resolver: ContentResolver, rawContactId: Long): Long? {
    val projection = arrayOf(ContactsContract.RawContacts.CONTACT_ID)
-    resolver
-      .query(
-        ContactsContract.RawContacts.CONTENT_URI,
-        projection,
-        "${ContactsContract.RawContacts._ID}=?",
-        arrayOf(rawContactId.toString()),
-        null,
-      ).use { cursor ->
-        if (cursor == null || !cursor.moveToFirst()) return null
-        val index = cursor.getColumnIndexOrThrow(ContactsContract.RawContacts.CONTACT_ID)
-        return cursor.getLong(index)
-      }
+    resolver.query(
+      ContactsContract.RawContacts.CONTENT_URI,
+      projection,
+      "${ContactsContract.RawContacts._ID}=?",
+      arrayOf(rawContactId.toString()),
+      null,
+    ).use { cursor ->
+      if (cursor == null || !cursor.moveToFirst()) return null
+      val index = cursor.getColumnIndexOrThrow(ContactsContract.RawContacts.CONTACT_ID)
+      return cursor.getLong(index)
+    }
  }

  private fun loadContactRecord(
@@ -228,80 +206,69 @@ private object SystemContactsDataSource : ContactsDataSource {
    val displayName: String?,
  )

-  private fun loadNameRow(
-    resolver: ContentResolver,
-    contactId: Long,
-  ): NameRow {
+  private fun loadNameRow(resolver: ContentResolver, contactId: Long): NameRow {
    val projection =
      arrayOf(
        ContactsContract.CommonDataKinds.StructuredName.GIVEN_NAME,
        ContactsContract.CommonDataKinds.StructuredName.FAMILY_NAME,
        ContactsContract.CommonDataKinds.StructuredName.DISPLAY_NAME,
      )
-    resolver
-      .query(
-        ContactsContract.Data.CONTENT_URI,
-        projection,
-        "${ContactsContract.Data.CONTACT_ID}=? AND ${ContactsContract.Data.MIMETYPE}=?",
-        arrayOf(
-          contactId.toString(),
-          ContactsContract.CommonDataKinds.StructuredName.CONTENT_ITEM_TYPE,
-        ),
-        null,
-      ).use { cursor ->
-        if (cursor == null || !cursor.moveToFirst()) {
-          return NameRow(givenName = null, familyName = null, displayName = null)
-        }
-        val given = cursor.getString(0)?.trim()?.ifEmpty { null }
-        val family = cursor.getString(1)?.trim()?.ifEmpty { null }
-        val display = cursor.getString(2)?.trim()?.ifEmpty { null }
-        return NameRow(givenName = given, familyName = family, displayName = display)
+    resolver.query(
+      ContactsContract.Data.CONTENT_URI,
+      projection,
+      "${ContactsContract.Data.CONTACT_ID}=? AND ${ContactsContract.Data.MIMETYPE}=?",
+      arrayOf(
+        contactId.toString(),
+        ContactsContract.CommonDataKinds.StructuredName.CONTENT_ITEM_TYPE,
+      ),
+      null,
+    ).use { cursor ->
+      if (cursor == null || !cursor.moveToFirst()) {
+        return NameRow(givenName = null, familyName = null, displayName = null)
      }
+      val given = cursor.getString(0)?.trim()?.ifEmpty { null }
+      val family = cursor.getString(1)?.trim()?.ifEmpty { null }
+      val display = cursor.getString(2)?.trim()?.ifEmpty { null }
+      return NameRow(givenName = given, familyName = family, displayName = display)
+    }
  }

-  private fun loadOrganization(
-    resolver: ContentResolver,
-    contactId: Long,
-  ): String? {
+  private fun loadOrganization(resolver: ContentResolver, contactId: Long): String? {
    val projection = arrayOf(ContactsContract.CommonDataKinds.Organization.COMPANY)
-    resolver
-      .query(
-        ContactsContract.Data.CONTENT_URI,
-        projection,
-        "${ContactsContract.Data.CONTACT_ID}=? AND ${ContactsContract.Data.MIMETYPE}=?",
-        arrayOf(contactId.toString(), ContactsContract.CommonDataKinds.Organization.CONTENT_ITEM_TYPE),
-        null,
-      ).use { cursor ->
-        if (cursor == null || !cursor.moveToFirst()) return null
-        return cursor.getString(0)?.trim()?.ifEmpty { null }
-      }
+    resolver.query(
+      ContactsContract.Data.CONTENT_URI,
+      projection,
+      "${ContactsContract.Data.CONTACT_ID}=? AND ${ContactsContract.Data.MIMETYPE}=?",
+      arrayOf(contactId.toString(), ContactsContract.CommonDataKinds.Organization.CONTENT_ITEM_TYPE),
+      null,
+    ).use { cursor ->
+      if (cursor == null || !cursor.moveToFirst()) return null
+      return cursor.getString(0)?.trim()?.ifEmpty { null }
+    }
  }

-  private fun escapeLikePattern(pattern: String): String = pattern.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_")
+  private fun escapeLikePattern(pattern: String): String =
+    pattern.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_")

-  private fun loadPhones(
-    resolver: ContentResolver,
-    contactId: Long,
-  ): List<String> =
-    queryContactValues(
+  private fun loadPhones(resolver: ContentResolver, contactId: Long): List<String> {
+    return queryContactValues(
      resolver = resolver,
      contentUri = ContactsContract.CommonDataKinds.Phone.CONTENT_URI,
      valueColumn = ContactsContract.CommonDataKinds.Phone.NUMBER,
      contactIdColumn = ContactsContract.CommonDataKinds.Phone.CONTACT_ID,
      contactId = contactId,
    )
+  }

-  private fun loadEmails(
-    resolver: ContentResolver,
-    contactId: Long,
-  ): List<String> =
-    queryContactValues(
+  private fun loadEmails(resolver: ContentResolver, contactId: Long): List<String> {
+    return queryContactValues(
      resolver = resolver,
      contentUri = ContactsContract.CommonDataKinds.Email.CONTENT_URI,
      valueColumn = ContactsContract.CommonDataKinds.Email.ADDRESS,
      contactIdColumn = ContactsContract.CommonDataKinds.Email.CONTACT_ID,
      contactId = contactId,
    )
+  }

  private fun queryContactValues(
    resolver: ContentResolver,
@@ -311,22 +278,21 @@ private object SystemContactsDataSource : ContactsDataSource {
    contactId: Long,
  ): List<String> {
    val projection = arrayOf(valueColumn)
-    resolver
-      .query(
-        contentUri,
-        projection,
-        "$contactIdColumn=?",
-        arrayOf(contactId.toString()),
-        null,
-      ).use { cursor ->
-        if (cursor == null) return emptyList()
-        val out = LinkedHashSet<String>()
-        while (cursor.moveToNext()) {
-          val value = cursor.getString(0)?.trim().orEmpty()
-          if (value.isNotEmpty()) out += value
-        }
-        return out.toList()
+    resolver.query(
+      contentUri,
+      projection,
+      "$contactIdColumn=?",
+      arrayOf(contactId.toString()),
+      null,
+    ).use { cursor ->
+      if (cursor == null) return emptyList()
+      val out = LinkedHashSet<String>()
+      while (cursor.moveToNext()) {
+        val value = cursor.getString(0)?.trim().orEmpty()
+        if (value.isNotEmpty()) out += value
      }
+      return out.toList()
+    }
  }
 }

@@ -446,8 +412,8 @@ class ContactsHandler private constructor(
    }
  }

-  private fun contactJson(contact: ContactRecord): JsonObject =
-    buildJsonObject {
+  private fun contactJson(contact: ContactRecord): JsonObject {
+    return buildJsonObject {
      put("identifier", JsonPrimitive(contact.identifier))
      put("displayName", JsonPrimitive(contact.displayName))
      put("givenName", JsonPrimitive(contact.givenName))
@@ -456,6 +422,7 @@ class ContactsHandler private constructor(
      put("phoneNumbers", buildJsonArray { contact.phoneNumbers.forEach { add(JsonPrimitive(it)) } })
      put("emails", buildJsonArray { contact.emails.forEach { add(JsonPrimitive(it)) } })
    }
+  }

  companion object {
    internal fun forTesting(
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/DebugHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/DebugHandler.kt
@@ -1,17 +1,16 @@
 package ai.openclaw.app.node

+import android.content.Context
 import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.gateway.DeviceIdentityStore
 import ai.openclaw.app.gateway.GatewaySession
-import android.content.Context
 import kotlinx.serialization.json.JsonPrimitive

-private const val LOGCAT_PATH = "/system/bin/logcat"
-
 class DebugHandler(
  private val appContext: Context,
  private val identityStore: DeviceIdentityStore,
 ) {
+
  fun handleEd25519(): GatewaySession.InvokeResult {
    if (!BuildConfig.DEBUG) {
      return GatewaySession.InvokeResult.error(code = "UNAVAILABLE", message = "debug commands are disabled in release builds")
@@ -41,10 +40,9 @@ class DebugHandler(

      // Check available providers
      val providers = java.security.Security.getProviders()
-      val ed25519Providers =
-        providers.filter { p ->
-          p.services.any { s -> s.algorithm.contains("Ed25519", ignoreCase = true) }
-        }
+      val ed25519Providers = providers.filter { p ->
+        p.services.any { s -> s.algorithm.contains("Ed25519", ignoreCase = true) }
+      }
      results.add("Ed25519 providers: ${ed25519Providers.map { "${it.name} v${it.version}" }}")
      results.add("Provider order: ${providers.take(5).map { it.name }}")

@@ -67,10 +65,7 @@ class DebugHandler(
      val diagnostics = results.joinToString("\n")
      return GatewaySession.InvokeResult.ok("""{"diagnostics":${JsonPrimitive(diagnostics)}}""")
    } catch (e: Throwable) {
-      return GatewaySession.InvokeResult.error(
-        code = "ED25519_TEST_FAILED",
-        message = "${e.javaClass.simpleName}: ${e.message}\n${e.stackTraceToString().take(500)}",
-      )
+      return GatewaySession.InvokeResult.error(code = "ED25519_TEST_FAILED", message = "${e.javaClass.simpleName}: ${e.message}\n${e.stackTraceToString().take(500)}")
    }
  }

@@ -80,67 +75,44 @@ class DebugHandler(
    }
    val pid = android.os.Process.myPid()
    val rt = Runtime.getRuntime()
-    val info = "v6 pid=$pid thread=${Thread.currentThread().name} free=${rt.freeMemory() / 1024}K total=${rt.totalMemory() / 1024}K max=${rt.maxMemory() / 1024}K uptime=${android.os.SystemClock.elapsedRealtime() / 1000}s sdk=${android.os.Build.VERSION.SDK_INT} device=${android.os.Build.MODEL}\n"
+    val info = "v6 pid=$pid thread=${Thread.currentThread().name} free=${rt.freeMemory()/1024}K total=${rt.totalMemory()/1024}K max=${rt.maxMemory()/1024}K uptime=${android.os.SystemClock.elapsedRealtime()/1000}s sdk=${android.os.Build.VERSION.SDK_INT} device=${android.os.Build.MODEL}\n"
    // Run logcat on current dispatcher thread (no withContext) with file redirect
-    val logResult =
-      try {
-        val tmpFile = java.io.File(appContext.cacheDir, "debug_logs.txt")
-        if (tmpFile.exists()) tmpFile.delete()
-        val pb = ProcessBuilder(LOGCAT_PATH, "-d", "-t", "200", "--pid=$pid")
-        pb.redirectOutput(tmpFile)
-        pb.redirectErrorStream(true)
-        val proc = pb.start()
-        val finished = proc.waitFor(4, java.util.concurrent.TimeUnit.SECONDS)
-        if (!finished) proc.destroyForcibly()
-        val raw =
-          if (tmpFile.exists() && tmpFile.length() > 0) {
-            tmpFile.readText().take(128000)
-          } else {
-            "(no output, finished=$finished, exists=${tmpFile.exists()})"
-          }
-        tmpFile.delete()
-        val spamPatterns =
-          listOf(
-            "setRequestedFrameRate",
-            "I View    :",
-            "BLASTBufferQueue",
-            "VRI[Pop-Up",
-            "InsetsController:",
-            "VRI[MainActivity",
-            "InsetsSource:",
-            "handleResized",
-            "ProfileInstaller",
-            "I VRI[",
-            "onStateChanged: host=",
-            "D StrictMode:",
-            "E StrictMode:",
-            "ImeFocusController",
-            "InputTransport",
-            "IncorrectContextUseViolation",
-          )
-        val sb = StringBuilder()
-        for (line in raw.lineSequence()) {
-          if (line.isBlank()) continue
-          if (spamPatterns.any { line.contains(it) }) continue
-          if (sb.length + line.length > 16000) {
-            sb.append("\n(truncated)")
-            break
-          }
-          if (sb.isNotEmpty()) sb.append('\n')
-          sb.append(line)
-        }
-        sb.toString().ifEmpty { "(all ${raw.lines().size} lines filtered as spam)" }
-      } catch (e: Throwable) {
-        "(logcat error: ${e::class.java.simpleName}: ${e.message})"
+    val logResult = try {
+      val tmpFile = java.io.File(appContext.cacheDir, "debug_logs.txt")
+      if (tmpFile.exists()) tmpFile.delete()
+      val pb = ProcessBuilder("logcat", "-d", "-t", "200", "--pid=$pid")
+      pb.redirectOutput(tmpFile)
+      pb.redirectErrorStream(true)
+      val proc = pb.start()
+      val finished = proc.waitFor(4, java.util.concurrent.TimeUnit.SECONDS)
+      if (!finished) proc.destroyForcibly()
+      val raw = if (tmpFile.exists() && tmpFile.length() > 0) {
+        tmpFile.readText().take(128000)
+      } else {
+        "(no output, finished=$finished, exists=${tmpFile.exists()})"
      }
+      tmpFile.delete()
+      val spamPatterns = listOf("setRequestedFrameRate", "I View    :", "BLASTBufferQueue", "VRI[Pop-Up",
+        "InsetsController:", "VRI[MainActivity", "InsetsSource:", "handleResized", "ProfileInstaller",
+        "I VRI[", "onStateChanged: host=", "D StrictMode:", "E StrictMode:", "ImeFocusController",
+        "InputTransport", "IncorrectContextUseViolation")
+      val sb = StringBuilder()
+      for (line in raw.lineSequence()) {
+        if (line.isBlank()) continue
+        if (spamPatterns.any { line.contains(it) }) continue
+        if (sb.length + line.length > 16000) { sb.append("\n(truncated)"); break }
+        if (sb.isNotEmpty()) sb.append('\n')
+        sb.append(line)
+      }
+      sb.toString().ifEmpty { "(all ${raw.lines().size} lines filtered as spam)" }
+    } catch (e: Throwable) {
+      "(logcat error: ${e::class.java.simpleName}: ${e.message})"
+    }
    // Also include camera debug log if it exists
    val camLogFile = java.io.File(appContext.cacheDir, "camera_debug.log")
-    val camLog =
-      if (camLogFile.exists() && camLogFile.length() > 0) {
-        "\n--- camera_debug.log ---\n" + camLogFile.readText().take(4000)
-      } else {
-        ""
-      }
+    val camLog = if (camLogFile.exists() && camLogFile.length() > 0) {
+      "\n--- camera_debug.log ---\n" + camLogFile.readText().take(4000)
+    } else ""
    return GatewaySession.InvokeResult.ok("""{"logs":${JsonPrimitive(info + logResult + camLog)}}""")
  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt
@@ -1,8 +1,6 @@
 package ai.openclaw.app.node

 import ai.openclaw.app.BuildConfig
-import ai.openclaw.app.SensitiveFeatureConfig
-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.app.ActivityManager
 import android.content.Context
@@ -18,16 +16,18 @@ import android.os.PowerManager
 import android.os.StatFs
 import android.os.SystemClock
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
+import java.util.Locale
+import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonArray
 import kotlinx.serialization.json.buildJsonObject
 import kotlinx.serialization.json.put
-import java.util.Locale

 class DeviceHandler(
  private val appContext: Context,
-  private val smsEnabled: Boolean = SensitiveFeatureConfig.smsEnabled,
-  private val callLogEnabled: Boolean = SensitiveFeatureConfig.callLogEnabled,
+  private val smsEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_SMS,
+  private val callLogEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_CALL_LOG,
 ) {
  companion object {
    internal fun hasAnySmsCapability(
@@ -35,16 +35,19 @@ class DeviceHandler(
      telephonyAvailable: Boolean,
      smsSendGranted: Boolean,
      smsReadGranted: Boolean,
-    ): Boolean = smsEnabled && telephonyAvailable && (smsSendGranted || smsReadGranted)
+    ): Boolean {
+      return smsEnabled && telephonyAvailable && (smsSendGranted || smsReadGranted)
+    }

    internal fun isSmsPromptable(
      smsEnabled: Boolean,
      telephonyAvailable: Boolean,
      smsSendGranted: Boolean,
      smsReadGranted: Boolean,
-    ): Boolean = smsEnabled && telephonyAvailable && (!smsSendGranted || !smsReadGranted)
+    ): Boolean {
+      return smsEnabled && telephonyAvailable && (!smsSendGranted || !smsReadGranted)
+    }
  }
-
  private data class BatterySnapshot(
    val status: Int,
    val plugged: Int,
@@ -52,13 +55,21 @@ class DeviceHandler(
    val temperatureC: Double?,
  )

-  fun handleDeviceStatus(_paramsJson: String?): GatewaySession.InvokeResult = GatewaySession.InvokeResult.ok(statusPayloadJson())
+  fun handleDeviceStatus(_paramsJson: String?): GatewaySession.InvokeResult {
+    return GatewaySession.InvokeResult.ok(statusPayloadJson())
+  }

-  fun handleDeviceInfo(_paramsJson: String?): GatewaySession.InvokeResult = GatewaySession.InvokeResult.ok(infoPayloadJson())
+  fun handleDeviceInfo(_paramsJson: String?): GatewaySession.InvokeResult {
+    return GatewaySession.InvokeResult.ok(infoPayloadJson())
+  }

-  fun handleDevicePermissions(_paramsJson: String?): GatewaySession.InvokeResult = GatewaySession.InvokeResult.ok(permissionsPayloadJson())
+  fun handleDevicePermissions(_paramsJson: String?): GatewaySession.InvokeResult {
+    return GatewaySession.InvokeResult.ok(permissionsPayloadJson())
+  }

-  fun handleDeviceHealth(_paramsJson: String?): GatewaySession.InvokeResult = GatewaySession.InvokeResult.ok(healthPayloadJson())
+  fun handleDeviceHealth(_paramsJson: String?): GatewaySession.InvokeResult {
+    return GatewaySession.InvokeResult.ok(healthPayloadJson())
+  }

  private fun statusPayloadJson(): String {
    val battery = readBatterySnapshot()
@@ -122,20 +133,14 @@ class DeviceHandler(
    val model = Build.MODEL?.trim().orEmpty()
    val manufacturer = Build.MANUFACTURER?.trim().orEmpty()
    val modelIdentifier = Build.DEVICE?.trim().orEmpty()
-    val systemVersion =
-      Build.VERSION.RELEASE
-        ?.trim()
-        .orEmpty()
+    val systemVersion = Build.VERSION.RELEASE?.trim().orEmpty()
    val locale = Locale.getDefault().toLanguageTag().trim()
    val appVersion = BuildConfig.VERSION_NAME.trim()
    val appBuild = BuildConfig.VERSION_CODE.toString()

    return buildJsonObject {
      put("deviceName", JsonPrimitive(model.ifEmpty { "Android" }))
-      put(
-        "modelIdentifier",
-        JsonPrimitive(modelIdentifier.ifEmpty { listOf(manufacturer, model).filter { it.isNotEmpty() }.joinToString(" ") }),
-      )
+      put("modelIdentifier", JsonPrimitive(modelIdentifier.ifEmpty { listOf(manufacturer, model).filter { it.isNotEmpty() }.joinToString(" ") }))
      put("systemName", JsonPrimitive("Android"))
      put("systemVersion", JsonPrimitive(systemVersion.ifEmpty { Build.VERSION.SDK_INT.toString() }))
      put("appVersion", JsonPrimitive(appVersion.ifEmpty { "dev" }))
@@ -195,17 +200,7 @@ class DeviceHandler(
              put(
                "status",
                JsonPrimitive(
-                  if (hasAnySmsCapability(
-                      smsEnabled,
-                      canSendSms,
-                      smsSendGranted,
-                      smsReadGranted,
-                    )
-                  ) {
-                    "granted"
-                  } else {
-                    "denied"
-                  },
+                  if (hasAnySmsCapability(smsEnabled, canSendSms, smsSendGranted, smsReadGranted)) "granted" else "denied",
                ),
              )
              put("promptable", JsonPrimitive(isSmsPromptable(smsEnabled, canSendSms, smsSendGranted, smsReadGranted)))
@@ -372,22 +367,24 @@ class DeviceHandler(
    return rawLevel.toDouble() / rawScale.toDouble()
  }

-  private fun mapBatteryState(status: Int): String =
-    when (status) {
+  private fun mapBatteryState(status: Int): String {
+    return when (status) {
      BatteryManager.BATTERY_STATUS_CHARGING -> "charging"
      BatteryManager.BATTERY_STATUS_FULL -> "full"
      BatteryManager.BATTERY_STATUS_DISCHARGING, BatteryManager.BATTERY_STATUS_NOT_CHARGING -> "unplugged"
      else -> "unknown"
    }
+  }

-  private fun mapChargingType(plugged: Int): String =
-    when (plugged) {
+  private fun mapChargingType(plugged: Int): String {
+    return when (plugged) {
      BatteryManager.BATTERY_PLUGGED_AC -> "ac"
      BatteryManager.BATTERY_PLUGGED_USB -> "usb"
      BatteryManager.BATTERY_PLUGGED_WIRELESS -> "wireless"
      BatteryManager.BATTERY_PLUGGED_DOCK -> "dock"
      else -> "none"
    }
+  }

  private fun mapThermalState(powerManager: PowerManager?): String {
    val thermal = powerManager?.currentThermalStatus ?: return "nominal"
@@ -397,8 +394,7 @@ class DeviceHandler(
      PowerManager.THERMAL_STATUS_SEVERE -> "serious"
      PowerManager.THERMAL_STATUS_CRITICAL,
      PowerManager.THERMAL_STATUS_EMERGENCY,
-      PowerManager.THERMAL_STATUS_SHUTDOWN,
-      -> "critical"
+      PowerManager.THERMAL_STATUS_SHUTDOWN -> "critical"
      else -> "nominal"
    }
  }
@@ -412,24 +408,19 @@ class DeviceHandler(
    }
  }

-  private fun permissionStateJson(
-    granted: Boolean,
-    promptableWhenDenied: Boolean,
-  ) = buildJsonObject {
-    put("status", JsonPrimitive(if (granted) "granted" else "denied"))
-    put("promptable", JsonPrimitive(!granted && promptableWhenDenied))
+  private fun permissionStateJson(granted: Boolean, promptableWhenDenied: Boolean) =
+    buildJsonObject {
+      put("status", JsonPrimitive(if (granted) "granted" else "denied"))
+      put("promptable", JsonPrimitive(!granted && promptableWhenDenied))
+    }
+
+  private fun hasPermission(permission: String): Boolean {
+    return (
+      ContextCompat.checkSelfPermission(appContext, permission) == PackageManager.PERMISSION_GRANTED
+      )
  }

-  private fun hasPermission(permission: String): Boolean =
-    (
-      ContextCompat.checkSelfPermission(appContext, permission) == PackageManager.PERMISSION_GRANTED
-    )
-
-  private fun mapMemoryPressure(
-    totalBytes: Long,
-    availableBytes: Long,
-    lowMemory: Boolean,
-  ): String {
+  private fun mapMemoryPressure(totalBytes: Long, availableBytes: Long, lowMemory: Boolean): String {
    if (totalBytes <= 0L) return if (lowMemory) "critical" else "unknown"
    if (lowMemory) return "critical"
    val freeRatio = availableBytes.toDouble() / totalBytes.toDouble()
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt
@@ -1,9 +1,5 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.NotificationBurstLimiter
-import ai.openclaw.app.SecurePrefs
-import ai.openclaw.app.allowsPackage
-import ai.openclaw.app.isWithinQuietHours
 import android.app.Notification
 import android.app.NotificationManager
 import android.app.RemoteInput
@@ -12,7 +8,10 @@ import android.content.Context
 import android.content.Intent
 import android.service.notification.NotificationListenerService
 import android.service.notification.StatusBarNotification
-import androidx.core.content.edit
+import ai.openclaw.app.NotificationBurstLimiter
+import ai.openclaw.app.SecurePrefs
+import ai.openclaw.app.allowsPackage
+import ai.openclaw.app.isWithinQuietHours
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonObject
@@ -39,8 +38,8 @@ data class DeviceNotificationEntry(
  val isClearable: Boolean,
 )

-internal fun DeviceNotificationEntry.toJsonObject(): JsonObject =
-  buildJsonObject {
+internal fun DeviceNotificationEntry.toJsonObject(): JsonObject {
+  return buildJsonObject {
    put("key", JsonPrimitive(key))
    put("packageName", JsonPrimitive(packageName))
    put("postTimeMs", JsonPrimitive(postTimeMs))
@@ -52,6 +51,7 @@ internal fun DeviceNotificationEntry.toJsonObject(): JsonObject =
    category?.let { put("category", JsonPrimitive(it)) }
    channelId?.let { put("channelId", JsonPrimitive(it)) }
  }
+}

 data class DeviceNotificationSnapshot(
  val enabled: Boolean,
@@ -77,7 +77,9 @@ data class NotificationActionResult(
  val message: String? = null,
 )

-internal fun actionRequiresClearableNotification(kind: NotificationActionKind): Boolean = kind == NotificationActionKind.Dismiss
+internal fun actionRequiresClearableNotification(kind: NotificationActionKind): Boolean {
+  return kind == NotificationActionKind.Dismiss
+}

 private object DeviceNotificationStore {
  private val lock = Any()
@@ -191,8 +193,8 @@ class DeviceNotificationListenerService : NotificationListenerService() {
    emitNotificationsChanged(payload)
  }

-  private fun notificationChangedPayload(entry: DeviceNotificationEntry): String? =
-    notificationChangedPayload(
+  private fun notificationChangedPayload(entry: DeviceNotificationEntry): String? {
+    return notificationChangedPayload(
      entry = entry,
      change = "posted",
      key = entry.key,
@@ -201,6 +203,7 @@ class DeviceNotificationListenerService : NotificationListenerService() {
      isOngoing = entry.isOngoing,
      isClearable = entry.isClearable,
    )
+  }

  private fun notificationChangedPayload(
    entry: DeviceNotificationEntry?,
@@ -281,30 +284,28 @@ class DeviceNotificationListenerService : NotificationListenerService() {
    private const val recentPackagesPref = "notifications.forwarding.recentPackages"
    private const val legacyRecentPackagesPref = "notifications.recentPackages"
    private const val recentPackagesLimit = 64
-
    @Volatile private var activeService: DeviceNotificationListenerService? = null
-
    @Volatile private var nodeEventSink: ((event: String, payloadJson: String?) -> Unit)? = null

-    private fun serviceComponent(context: Context): ComponentName = ComponentName(context, DeviceNotificationListenerService::class.java)
+    private fun serviceComponent(context: Context): ComponentName {
+      return ComponentName(context, DeviceNotificationListenerService::class.java)
+    }

    fun setNodeEventSink(sink: ((event: String, payloadJson: String?) -> Unit)?) {
      nodeEventSink = sink
    }

-    private fun recentPackagesPrefs(context: Context) = context.applicationContext.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    private fun recentPackagesPrefs(context: Context) =
+      context.applicationContext.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)

    private fun migrateLegacyRecentPackagesIfNeeded(context: Context) {
      val prefs = recentPackagesPrefs(context)
      val hasNew = prefs.contains(recentPackagesPref)
      val legacy = prefs.getString(legacyRecentPackagesPref, null)?.trim().orEmpty()
      if (!hasNew && legacy.isNotEmpty()) {
-        prefs.edit {
-          putString(recentPackagesPref, legacy)
-          remove(legacyRecentPackagesPref)
-        }
+        prefs.edit().putString(recentPackagesPref, legacy).remove(legacyRecentPackagesPref).apply()
      } else if (hasNew && prefs.contains(legacyRecentPackagesPref)) {
-        prefs.edit { remove(legacyRecentPackagesPref) }
+        prefs.edit().remove(legacyRecentPackagesPref).apply()
      }
    }

@@ -324,10 +325,9 @@ class DeviceNotificationListenerService : NotificationListenerService() {
      return manager.isNotificationListenerAccessGranted(serviceComponent(context))
    }

-    fun snapshot(
-      context: Context,
-      enabled: Boolean = isAccessEnabled(context),
-    ): DeviceNotificationSnapshot = DeviceNotificationStore.snapshot(enabled = enabled)
+    fun snapshot(context: Context, enabled: Boolean = isAccessEnabled(context)): DeviceNotificationSnapshot {
+      return DeviceNotificationStore.snapshot(enabled = enabled)
+    }

    fun requestServiceRebind(context: Context) {
      runCatching {
@@ -335,10 +335,7 @@ class DeviceNotificationListenerService : NotificationListenerService() {
      }
    }

-    fun executeAction(
-      context: Context,
-      request: NotificationActionRequest,
-    ): NotificationActionResult {
+    fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult {
      if (!isAccessEnabled(context)) {
        return NotificationActionResult(
          ok = false,
@@ -346,13 +343,12 @@ class DeviceNotificationListenerService : NotificationListenerService() {
          message = "NOTIFICATIONS_DISABLED: enable notification access in system Settings",
        )
      }
-      val service =
-        activeService
-          ?: return NotificationActionResult(
-            ok = false,
-            code = "NOTIFICATIONS_UNAVAILABLE",
-            message = "NOTIFICATIONS_UNAVAILABLE: notification listener not connected",
-          )
+      val service = activeService
+        ?: return NotificationActionResult(
+          ok = false,
+          code = "NOTIFICATIONS_UNAVAILABLE",
+          message = "NOTIFICATIONS_UNAVAILABLE: notification listener not connected",
+        )
      return service.executeActionInternal(request)
    }

@@ -368,16 +364,13 @@ class DeviceNotificationListenerService : NotificationListenerService() {
      if (normalized.isEmpty() || normalized == service.packageName) return
      migrateLegacyRecentPackagesIfNeeded(service.applicationContext)
      val prefs = recentPackagesPrefs(service.applicationContext)
-      val existing =
-        prefs
-          .getString(recentPackagesPref, null)
-          .orEmpty()
-          .split(',')
-          .map { it.trim() }
-          .filter { it.isNotEmpty() && it != normalized }
-          .take(recentPackagesLimit - 1)
+      val existing = prefs.getString(recentPackagesPref, null).orEmpty()
+        .split(',')
+        .map { it.trim() }
+        .filter { it.isNotEmpty() && it != normalized }
+        .take(recentPackagesLimit - 1)
      val updated = listOf(normalized) + existing
-      prefs.edit { putString(recentPackagesPref, updated.joinToString(",")) }
+      prefs.edit().putString(recentPackagesPref, updated.joinToString(",")).apply()
    }
  }

@@ -400,13 +393,12 @@ class DeviceNotificationListenerService : NotificationListenerService() {

    return when (request.kind) {
      NotificationActionKind.Open -> {
-        val pendingIntent =
-          sbn.notification.contentIntent
-            ?: return NotificationActionResult(
-              ok = false,
-              code = "ACTION_UNAVAILABLE",
-              message = "ACTION_UNAVAILABLE: notification has no open action",
-            )
+        val pendingIntent = sbn.notification.contentIntent
+          ?: return NotificationActionResult(
+            ok = false,
+            code = "ACTION_UNAVAILABLE",
+            message = "ACTION_UNAVAILABLE: notification has no open action",
+          )
        runCatching {
          pendingIntent.send()
        }.fold(
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt
@@ -1,11 +1,11 @@
 package ai.openclaw.app.node

 import ai.openclaw.app.protocol.OpenClawCalendarCommand
-import ai.openclaw.app.protocol.OpenClawCallLogCommand
-import ai.openclaw.app.protocol.OpenClawCameraCommand
 import ai.openclaw.app.protocol.OpenClawCanvasA2UICommand
 import ai.openclaw.app.protocol.OpenClawCanvasCommand
+import ai.openclaw.app.protocol.OpenClawCameraCommand
 import ai.openclaw.app.protocol.OpenClawCapability
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
 import ai.openclaw.app.protocol.OpenClawContactsCommand
 import ai.openclaw.app.protocol.OpenClawDeviceCommand
 import ai.openclaw.app.protocol.OpenClawLocationCommand
@@ -221,8 +221,8 @@ object InvokeCommandRegistry {

  fun find(command: String): InvokeCommandSpec? = byNameInternal[command]

-  fun advertisedCapabilities(flags: NodeRuntimeFlags): List<String> =
-    capabilityManifest
+  fun advertisedCapabilities(flags: NodeRuntimeFlags): List<String> {
+    return capabilityManifest
      .filter { spec ->
        when (spec.availability) {
          NodeCapabilityAvailability.Always -> true
@@ -233,10 +233,12 @@ object InvokeCommandRegistry {
          NodeCapabilityAvailability.VoiceWakeEnabled -> flags.voiceWakeEnabled
          NodeCapabilityAvailability.MotionAvailable -> flags.motionActivityAvailable || flags.motionPedometerAvailable
        }
-      }.map { it.name }
+      }
+      .map { it.name }
+  }

-  fun advertisedCommands(flags: NodeRuntimeFlags): List<String> =
-    all
+  fun advertisedCommands(flags: NodeRuntimeFlags): List<String> {
+    return all
      .filter { spec ->
        when (spec.availability) {
          InvokeCommandAvailability.Always -> true
@@ -250,5 +252,7 @@ object InvokeCommandRegistry {
          InvokeCommandAvailability.MotionPedometerAvailable -> flags.motionPedometerAvailable
          InvokeCommandAvailability.DebugBuild -> flags.debugBuild
        }
-      }.map { it.name }
+      }
+      .map { it.name }
+  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt
@@ -2,10 +2,10 @@ package ai.openclaw.app.node

 import ai.openclaw.app.gateway.GatewaySession
 import ai.openclaw.app.protocol.OpenClawCalendarCommand
-import ai.openclaw.app.protocol.OpenClawCallLogCommand
-import ai.openclaw.app.protocol.OpenClawCameraCommand
 import ai.openclaw.app.protocol.OpenClawCanvasA2UICommand
 import ai.openclaw.app.protocol.OpenClawCanvasCommand
+import ai.openclaw.app.protocol.OpenClawCameraCommand
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
 import ai.openclaw.app.protocol.OpenClawContactsCommand
 import ai.openclaw.app.protocol.OpenClawDeviceCommand
 import ai.openclaw.app.protocol.OpenClawLocationCommand
@@ -34,8 +34,8 @@ internal fun smsSearchAvailabilityError(
  readSmsAvailable: Boolean,
  smsFeatureEnabled: Boolean,
  smsTelephonyAvailable: Boolean,
-): GatewaySession.InvokeResult? =
-  when (
+): GatewaySession.InvokeResult? {
+  return when (
    classifySmsSearchAvailability(
      readSmsAvailable = readSmsAvailable,
      smsFeatureEnabled = smsFeatureEnabled,
@@ -43,14 +43,14 @@ internal fun smsSearchAvailabilityError(
    )
  ) {
    SmsSearchAvailabilityReason.Available,
-    SmsSearchAvailabilityReason.PermissionRequired,
-    -> null
+    SmsSearchAvailabilityReason.PermissionRequired -> null
    SmsSearchAvailabilityReason.Unavailable ->
      GatewaySession.InvokeResult.error(
        code = "SMS_UNAVAILABLE",
        message = "SMS_UNAVAILABLE: SMS not available on this device",
      )
  }
+}

 class InvokeDispatcher(
  private val canvas: CanvasController,
@@ -82,10 +82,7 @@ class InvokeDispatcher(
  private val motionActivityAvailable: () -> Boolean,
  private val motionPedometerAvailable: () -> Boolean,
 ) {
-  suspend fun handleInvoke(
-    command: String,
-    paramsJson: String?,
-  ): GatewaySession.InvokeResult {
+  suspend fun handleInvoke(command: String, paramsJson: String?): GatewaySession.InvokeResult {
    val spec =
      InvokeCommandRegistry.find(command)
        ?: return GatewaySession.InvokeResult.error(
@@ -154,7 +151,7 @@ class InvokeDispatcher(
          } catch (err: Throwable) {
            return GatewaySession.InvokeResult.error(
              code = "INVALID_REQUEST",
-              message = err.message ?: "invalid A2UI payload",
+              message = err.message ?: "invalid A2UI payload"
            )
          }
        withReadyA2ui {
@@ -189,10 +186,9 @@ class InvokeDispatcher(
      OpenClawSystemCommand.Notify.rawValue -> systemHandler.handleSystemNotify(paramsJson)

      // Photos command
-      ai.openclaw.app.protocol.OpenClawPhotosCommand.Latest.rawValue ->
-        photosHandler.handlePhotosLatest(
-          paramsJson,
-        )
+      ai.openclaw.app.protocol.OpenClawPhotosCommand.Latest.rawValue -> photosHandler.handlePhotosLatest(
+        paramsJson,
+      )

      // Contacts command
      OpenClawContactsCommand.Search.rawValue -> contactsHandler.handleContactsSearch(paramsJson)
@@ -220,13 +216,14 @@ class InvokeDispatcher(
    }
  }

-  private suspend fun withReadyA2ui(block: suspend () -> GatewaySession.InvokeResult): GatewaySession.InvokeResult {
-    var a2uiUrl =
-      a2uiHandler.resolveA2uiHostUrl()
-        ?: return GatewaySession.InvokeResult.error(
-          code = "A2UI_HOST_NOT_CONFIGURED",
-          message = "A2UI_HOST_NOT_CONFIGURED: gateway did not advertise canvas host",
-        )
+  private suspend fun withReadyA2ui(
+    block: suspend () -> GatewaySession.InvokeResult,
+  ): GatewaySession.InvokeResult {
+    var a2uiUrl = a2uiHandler.resolveA2uiHostUrl()
+      ?: return GatewaySession.InvokeResult.error(
+        code = "A2UI_HOST_NOT_CONFIGURED",
+        message = "A2UI_HOST_NOT_CONFIGURED: gateway did not advertise canvas host",
+      )
    val readyOnFirstCheck = a2uiHandler.ensureA2uiReady(a2uiUrl)
    if (!readyOnFirstCheck) {
      if (!refreshNodeCanvasCapability()) {
@@ -250,8 +247,10 @@ class InvokeDispatcher(
    return block()
  }

-  private suspend fun withCanvasAvailable(block: suspend () -> GatewaySession.InvokeResult): GatewaySession.InvokeResult =
-    try {
+  private suspend fun withCanvasAvailable(
+    block: suspend () -> GatewaySession.InvokeResult,
+  ): GatewaySession.InvokeResult {
+    return try {
      block()
    } catch (_: Throwable) {
      GatewaySession.InvokeResult.error(
@@ -259,9 +258,10 @@ class InvokeDispatcher(
        message = "NODE_BACKGROUND_UNAVAILABLE: canvas unavailable",
      )
    }
+  }

-  private fun availabilityError(availability: InvokeCommandAvailability): GatewaySession.InvokeResult? =
-    when (availability) {
+  private fun availabilityError(availability: InvokeCommandAvailability): GatewaySession.InvokeResult? {
+    return when (availability) {
      InvokeCommandAvailability.Always -> null
      InvokeCommandAvailability.CameraEnabled ->
        if (cameraEnabled()) {
@@ -309,8 +309,7 @@ class InvokeDispatcher(
          )
        }
      InvokeCommandAvailability.ReadSmsAvailable,
-      InvokeCommandAvailability.RequestableSmsSearchAvailable,
-      ->
+      InvokeCommandAvailability.RequestableSmsSearchAvailable ->
        smsSearchAvailabilityError(
          readSmsAvailable = readSmsAvailable(),
          smsFeatureEnabled = smsFeatureEnabled(),
@@ -335,4 +334,5 @@ class InvokeDispatcher(
          )
        }
    }
+  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/JpegSizeLimiter.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/JpegSizeLimiter.kt
@@ -30,13 +30,7 @@ internal object JpegSizeLimiter {
    var width = initialWidth
    var height = initialHeight
    val clampedStartQuality = startQuality.coerceIn(minQuality, 100)
-    var best =
-      JpegSizeLimiterResult(
-        bytes = encode(width, height, clampedStartQuality),
-        width = width,
-        height = height,
-        quality = clampedStartQuality,
-      )
+    var best = JpegSizeLimiterResult(bytes = encode(width, height, clampedStartQuality), width = width, height = height, quality = clampedStartQuality)
    if (best.bytes.size <= maxBytes) return best

    repeat(maxScaleAttempts) {
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/LocationCaptureManager.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/LocationCaptureManager.kt
@@ -7,19 +7,15 @@ import android.location.Location
 import android.location.LocationManager
 import android.os.CancellationSignal
 import androidx.core.content.ContextCompat
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.suspendCancellableCoroutine
-import kotlinx.coroutines.withContext
-import kotlinx.coroutines.withTimeout
 import java.time.Instant
 import java.time.format.DateTimeFormatter
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import kotlinx.coroutines.withTimeout
+import kotlinx.coroutines.suspendCancellableCoroutine

-class LocationCaptureManager(
-  private val context: Context,
-) {
-  data class Payload(
-    val payloadJson: String,
-  )
+class LocationCaptureManager(private val context: Context) {
+  data class Payload(val payloadJson: String)

  suspend fun getLocation(
    desiredProviders: List<String>,
@@ -102,16 +98,15 @@ class LocationCaptureManager(
    val resolved =
      providers.firstOrNull { manager.isProviderEnabled(it) }
        ?: throw IllegalStateException("LOCATION_UNAVAILABLE: no providers available")
-    val location =
-      withTimeout(timeoutMs.coerceAtLeast(1)) {
-        suspendCancellableCoroutine<Location?> { cont ->
-          val signal = CancellationSignal()
-          cont.invokeOnCancellation { signal.cancel() }
-          manager.getCurrentLocation(resolved, signal, context.mainExecutor) { location ->
-            cont.resume(location) { _, _, _ -> }
-          }
+    val location = withTimeout(timeoutMs.coerceAtLeast(1)) {
+      suspendCancellableCoroutine<Location?> { cont ->
+        val signal = CancellationSignal()
+        cont.invokeOnCancellation { signal.cancel() }
+        manager.getCurrentLocation(resolved, signal, context.mainExecutor) { location ->
+          cont.resume(location) { _, _, _ -> }
        }
      }
+    }
    return location ?: throw IllegalStateException("LOCATION_UNAVAILABLE: no fix")
  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/LocationHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/LocationHandler.kt
@@ -1,11 +1,11 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.content.Context
 import android.content.pm.PackageManager
 import android.location.LocationManager
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
 import kotlinx.coroutines.TimeoutCancellationException
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonPrimitive
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/MotionHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/MotionHandler.kt
@@ -1,6 +1,5 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.content.Context
 import android.hardware.Sensor
@@ -9,15 +8,17 @@ import android.hardware.SensorEventListener
 import android.hardware.SensorManager
 import android.os.SystemClock
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
+import java.time.Instant
 import kotlinx.coroutines.InternalCoroutinesApi
 import kotlinx.coroutines.suspendCancellableCoroutine
 import kotlinx.coroutines.withTimeoutOrNull
 import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonArray
 import kotlinx.serialization.json.buildJsonObject
 import kotlinx.serialization.json.put
-import java.time.Instant
 import kotlin.math.abs
 import kotlin.math.max
 import kotlin.math.sqrt
@@ -66,15 +67,9 @@ internal interface MotionDataSource {

  fun hasPermission(context: Context): Boolean

-  suspend fun activity(
-    context: Context,
-    request: MotionActivityRequest,
-  ): MotionActivityRecord
+  suspend fun activity(context: Context, request: MotionActivityRequest): MotionActivityRecord

-  suspend fun pedometer(
-    context: Context,
-    request: MotionPedometerRequest,
-  ): PedometerRecord
+  suspend fun pedometer(context: Context, request: MotionPedometerRequest): PedometerRecord
 }

 private object SystemMotionDataSource : MotionDataSource {
@@ -88,27 +83,22 @@ private object SystemMotionDataSource : MotionDataSource {
    return sensorManager?.getDefaultSensor(Sensor.TYPE_STEP_COUNTER) != null
  }

-  override fun hasPermission(context: Context): Boolean =
-    ContextCompat.checkSelfPermission(context, Manifest.permission.ACTIVITY_RECOGNITION) ==
+  override fun hasPermission(context: Context): Boolean {
+    return ContextCompat.checkSelfPermission(context, Manifest.permission.ACTIVITY_RECOGNITION) ==
      android.content.pm.PackageManager.PERMISSION_GRANTED
+  }

-  override suspend fun activity(
-    context: Context,
-    request: MotionActivityRequest,
-  ): MotionActivityRecord {
+  override suspend fun activity(context: Context, request: MotionActivityRequest): MotionActivityRecord {
    if (!request.startISO.isNullOrBlank() || !request.endISO.isNullOrBlank()) {
      throw IllegalArgumentException("MOTION_RANGE_UNAVAILABLE: historical activity range not supported on Android")
    }
-    val sensorManager =
-      context.getSystemService(SensorManager::class.java)
-        ?: throw IllegalStateException("MOTION_UNAVAILABLE: sensor manager unavailable")
-    val accelerometer =
-      sensorManager.getDefaultSensor(Sensor.TYPE_ACCELEROMETER)
-        ?: throw IllegalStateException("MOTION_UNAVAILABLE: accelerometer not available")
+    val sensorManager = context.getSystemService(SensorManager::class.java)
+      ?: throw IllegalStateException("MOTION_UNAVAILABLE: sensor manager unavailable")
+    val accelerometer = sensorManager.getDefaultSensor(Sensor.TYPE_ACCELEROMETER)
+      ?: throw IllegalStateException("MOTION_UNAVAILABLE: accelerometer not available")

-    val sample =
-      readAccelerometerSample(sensorManager, accelerometer)
-        ?: throw IllegalStateException("MOTION_UNAVAILABLE: no accelerometer sample")
+    val sample = readAccelerometerSample(sensorManager, accelerometer)
+      ?: throw IllegalStateException("MOTION_UNAVAILABLE: no accelerometer sample")
    val end = Instant.now()
    val start = end.minusSeconds(2)
    val classification = classifyActivity(sample.averageDelta)
@@ -125,23 +115,17 @@ private object SystemMotionDataSource : MotionDataSource {
    )
  }

-  override suspend fun pedometer(
-    context: Context,
-    request: MotionPedometerRequest,
-  ): PedometerRecord {
+  override suspend fun pedometer(context: Context, request: MotionPedometerRequest): PedometerRecord {
    if (!request.startISO.isNullOrBlank() || !request.endISO.isNullOrBlank()) {
      throw IllegalArgumentException("PEDOMETER_RANGE_UNAVAILABLE: historical pedometer range not supported on Android")
    }
-    val sensorManager =
-      context.getSystemService(SensorManager::class.java)
-        ?: throw IllegalStateException("PEDOMETER_UNAVAILABLE: sensor manager unavailable")
-    val stepCounter =
-      sensorManager.getDefaultSensor(Sensor.TYPE_STEP_COUNTER)
-        ?: throw IllegalStateException("PEDOMETER_UNAVAILABLE: step counting not supported")
+    val sensorManager = context.getSystemService(SensorManager::class.java)
+      ?: throw IllegalStateException("PEDOMETER_UNAVAILABLE: sensor manager unavailable")
+    val stepCounter = sensorManager.getDefaultSensor(Sensor.TYPE_STEP_COUNTER)
+      ?: throw IllegalStateException("PEDOMETER_UNAVAILABLE: step counting not supported")

-    val steps =
-      readStepCounter(sensorManager, stepCounter)
-        ?: throw IllegalStateException("PEDOMETER_UNAVAILABLE: no step counter sample")
+    val steps = readStepCounter(sensorManager, stepCounter)
+      ?: throw IllegalStateException("PEDOMETER_UNAVAILABLE: no step counter sample")
    val bootMs = System.currentTimeMillis() - SystemClock.elapsedRealtime()
    return PedometerRecord(
      startISO = Instant.ofEpochMilli(max(0L, bootMs)).toString(),
@@ -159,10 +143,7 @@ private object SystemMotionDataSource : MotionDataSource {
  )

  @OptIn(InternalCoroutinesApi::class)
-  private suspend fun readStepCounter(
-    sensorManager: SensorManager,
-    sensor: Sensor,
-  ): Int? {
+  private suspend fun readStepCounter(sensorManager: SensorManager, sensor: Sensor): Int? {
    val sample =
      withTimeoutOrNull(1200L) {
        suspendCancellableCoroutine<Float?> { cont ->
@@ -175,10 +156,7 @@ private object SystemMotionDataSource : MotionDataSource {
                sensorManager.unregisterListener(this)
              }

-              override fun onAccuracyChanged(
-                sensor: Sensor?,
-                accuracy: Int,
-              ) = Unit
+              override fun onAccuracyChanged(sensor: Sensor?, accuracy: Int) = Unit
            }
          val registered = sensorManager.registerListener(listener, sensor, SensorManager.SENSOR_DELAY_NORMAL)
          if (!registered) {
@@ -216,21 +194,17 @@ private object SystemMotionDataSource : MotionDataSource {
                sumDelta += abs(magnitude - SensorManager.GRAVITY_EARTH.toDouble())
                count += 1
                if (count >= ACCELEROMETER_SAMPLE_TARGET) {
-                  val result =
-                    AccelerometerSample(
-                      samples = count,
-                      averageDelta = sumDelta / count,
-                    )
+                  val result = AccelerometerSample(
+                    samples = count,
+                    averageDelta = sumDelta / count,
+                  )
                  val token = cont.tryResume(result) ?: return
                  cont.completeResume(token)
                  sensorManager.unregisterListener(this)
                }
              }

-              override fun onAccuracyChanged(
-                sensor: Sensor?,
-                accuracy: Int,
-              ) = Unit
+              override fun onAccuracyChanged(sensor: Sensor?, accuracy: Int) = Unit
            }
          val registered = sensorManager.registerListener(listener, sensor, SensorManager.SENSOR_DELAY_NORMAL)
          if (!registered) {
@@ -243,17 +217,15 @@ private object SystemMotionDataSource : MotionDataSource {
    return sample
  }

-  private fun classifyActivity(averageDelta: Double): String =
-    when {
+  private fun classifyActivity(averageDelta: Double): String {
+    return when {
      averageDelta <= 0.55 -> "stationary"
      averageDelta <= 1.80 -> "walking"
      else -> "running"
    }
+  }

-  private fun classifyConfidence(
-    samples: Int,
-    averageDelta: Double,
-  ): String {
+  private fun classifyConfidence(samples: Int, averageDelta: Double): String {
    if (samples < 6) return "low"
    if (samples >= 14 && averageDelta > 0.4) return "high"
    return "medium"
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/NodePresenceAliveBeacon.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/NodePresenceAliveBeacon.kt
@@ -1,98 +0,0 @@
-package ai.openclaw.app.node
-
-import android.os.Build
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonPrimitive
-import kotlinx.serialization.json.buildJsonObject
-
-internal object NodePresenceAliveBeacon {
-  const val EVENT_NAME: String = "node.presence.alive"
-  const val MIN_SUCCESS_INTERVAL_MS: Long = 10 * 60 * 1000
-  private const val MAX_RESPONSE_JSON_CHARS: Int = 16 * 1024
-
-  enum class Trigger(
-    val rawValue: String,
-  ) {
-    Background("background"),
-    SilentPush("silent_push"),
-    BackgroundAppRefresh("bg_app_refresh"),
-    SignificantLocation("significant_location"),
-    Manual("manual"),
-    Connect("connect"),
-  }
-
-  data class ResponsePayload(
-    val ok: Boolean?,
-    val event: String?,
-    val handled: Boolean?,
-    val reason: String?,
-  )
-
-  private val json = Json { ignoreUnknownKeys = true }
-
-  fun shouldSkipRecentSuccess(
-    nowMs: Long,
-    lastSuccessAtMs: Long?,
-    minIntervalMs: Long = MIN_SUCCESS_INTERVAL_MS,
-  ): Boolean {
-    val last = lastSuccessAtMs ?: return false
-    if (last <= 0) return false
-    val elapsed = nowMs - last
-    return elapsed >= 0 && elapsed < minIntervalMs
-  }
-
-  fun androidPlatformLabel(): String {
-    val release =
-      Build.VERSION.RELEASE
-        ?.trim()
-        .orEmpty()
-        .ifEmpty { "unknown" }
-    return "Android $release (SDK ${Build.VERSION.SDK_INT})"
-  }
-
-  fun makePayloadJson(
-    trigger: Trigger,
-    sentAtMs: Long,
-    displayName: String,
-    version: String,
-    platform: String,
-    deviceFamily: String?,
-    modelIdentifier: String?,
-    pushTransport: String? = null,
-  ): String =
-    buildJsonObject {
-      put("trigger", JsonPrimitive(trigger.rawValue))
-      put("sentAtMs", JsonPrimitive(sentAtMs))
-      put("displayName", JsonPrimitive(displayName))
-      put("version", JsonPrimitive(version))
-      put("platform", JsonPrimitive(platform))
-      deviceFamily?.trim()?.takeIf { it.isNotEmpty() }?.let { put("deviceFamily", JsonPrimitive(it)) }
-      modelIdentifier?.trim()?.takeIf { it.isNotEmpty() }?.let { put("modelIdentifier", JsonPrimitive(it)) }
-      pushTransport?.trim()?.takeIf { it.isNotEmpty() }?.let { put("pushTransport", JsonPrimitive(it)) }
-    }.toString()
-
-  fun decodeResponse(payloadJson: String?): ResponsePayload? {
-    val raw = payloadJson?.trim()?.takeIf { it.isNotEmpty() } ?: return null
-    if (raw.length > MAX_RESPONSE_JSON_CHARS) return null
-    val obj =
-      try {
-        json.parseToJsonElement(raw).asObjectOrNull()
-      } catch (_: Throwable) {
-        null
-      } ?: return null
-    return ResponsePayload(
-      ok = parseJsonBooleanFlag(obj, "ok"),
-      event = parseJsonString(obj, "event"),
-      handled = parseJsonBooleanFlag(obj, "handled"),
-      reason = parseJsonString(obj, "reason"),
-    )
-  }
-
-  fun sanitizeReasonForLog(raw: String?): String {
-    val value = raw?.trim()?.takeIf { it.isNotEmpty() } ?: "unsupported"
-    return value
-      .map { ch -> if (ch.isISOControl()) ' ' else ch }
-      .joinToString("")
-      .take(200)
-  }
-}
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/NodeUtils.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/NodeUtils.kt
@@ -10,17 +10,11 @@ import kotlinx.serialization.json.contentOrNull

 const val DEFAULT_SEAM_COLOR_ARGB: Long = 0xFF4F7A9A

-data class Quad<A, B, C, D>(
-  val first: A,
-  val second: B,
-  val third: C,
-  val fourth: D,
-)
+data class Quad<A, B, C, D>(val first: A, val second: B, val third: C, val fourth: D)

 fun String.toJsonString(): String {
  val escaped =
-    this
-      .replace("\\", "\\\\")
+    this.replace("\\", "\\\\")
      .replace("\"", "\\\"")
      .replace("\n", "\\n")
      .replace("\r", "\\r")
@@ -38,30 +32,18 @@ fun parseJsonParamsObject(paramsJson: String?): JsonObject? {
  }
 }

-fun readJsonPrimitive(
-  params: JsonObject?,
-  key: String,
-): JsonPrimitive? = params?.get(key) as? JsonPrimitive
+fun readJsonPrimitive(params: JsonObject?, key: String): JsonPrimitive? = params?.get(key) as? JsonPrimitive

-fun parseJsonInt(
-  params: JsonObject?,
-  key: String,
-): Int? = readJsonPrimitive(params, key)?.contentOrNull?.toIntOrNull()
+fun parseJsonInt(params: JsonObject?, key: String): Int? =
+  readJsonPrimitive(params, key)?.contentOrNull?.toIntOrNull()

-fun parseJsonDouble(
-  params: JsonObject?,
-  key: String,
-): Double? = readJsonPrimitive(params, key)?.contentOrNull?.toDoubleOrNull()
+fun parseJsonDouble(params: JsonObject?, key: String): Double? =
+  readJsonPrimitive(params, key)?.contentOrNull?.toDoubleOrNull()

-fun parseJsonString(
-  params: JsonObject?,
-  key: String,
-): String? = readJsonPrimitive(params, key)?.contentOrNull
+fun parseJsonString(params: JsonObject?, key: String): String? =
+  readJsonPrimitive(params, key)?.contentOrNull

-fun parseJsonBooleanFlag(
-  params: JsonObject?,
-  key: String,
-): Boolean? {
+fun parseJsonBooleanFlag(params: JsonObject?, key: String): Boolean? {
  val value = readJsonPrimitive(params, key)?.contentOrNull?.trim()?.lowercase() ?: return null
  return when (value) {
    "true" -> true
@@ -97,4 +79,6 @@ fun normalizeMainKey(raw: String?): String? {
  return if (trimmed.isEmpty()) null else trimmed
 }

-fun isCanonicalMainSessionKey(key: String): Boolean = key == "main"
+fun isCanonicalMainSessionKey(key: String): Boolean {
+  return key == "main"
+}
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/NotificationsHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/NotificationsHandler.kt
@@ -1,7 +1,7 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.content.Context
+import ai.openclaw.app.gateway.GatewaySession
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonObject
@@ -15,10 +15,7 @@ internal interface NotificationsStateProvider {

  fun requestServiceRebind(context: Context)

-  fun executeAction(
-    context: Context,
-    request: NotificationActionRequest,
-  ): NotificationActionResult
+  fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult
 }

 private object SystemNotificationsStateProvider : NotificationsStateProvider {
@@ -38,10 +35,9 @@ private object SystemNotificationsStateProvider : NotificationsStateProvider {
    DeviceNotificationListenerService.requestServiceRebind(context)
  }

-  override fun executeAction(
-    context: Context,
-    request: NotificationActionRequest,
-  ): NotificationActionResult = DeviceNotificationListenerService.executeAction(context, request)
+  override fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult {
+    return DeviceNotificationListenerService.executeAction(context, request)
+  }
 }

 class NotificationsHandler private constructor(
@@ -58,12 +54,11 @@ class NotificationsHandler private constructor(
  suspend fun handleNotificationsActions(paramsJson: String?): GatewaySession.InvokeResult {
    readSnapshotWithRebind()

-    val params =
-      parseParamsObject(paramsJson)
-        ?: return GatewaySession.InvokeResult.error(
-          code = "INVALID_REQUEST",
-          message = "INVALID_REQUEST: expected JSON object",
-        )
+    val params = parseParamsObject(paramsJson)
+      ?: return GatewaySession.InvokeResult.error(
+        code = "INVALID_REQUEST",
+        message = "INVALID_REQUEST: expected JSON object",
+      )
    val key =
      readString(params, "key")
        ?: return GatewaySession.InvokeResult.error(
@@ -128,8 +123,8 @@ class NotificationsHandler private constructor(
    return snapshot
  }

-  private fun snapshotPayloadJson(snapshot: DeviceNotificationSnapshot): String =
-    buildJsonObject {
+  private fun snapshotPayloadJson(snapshot: DeviceNotificationSnapshot): String {
+    return buildJsonObject {
      put("enabled", JsonPrimitive(snapshot.enabled))
      put("connected", JsonPrimitive(snapshot.connected))
      put("count", JsonPrimitive(snapshot.notifications.size))
@@ -140,6 +135,7 @@ class NotificationsHandler private constructor(
        ),
      )
    }.toString()
+  }

  private fun parseParamsObject(paramsJson: String?): JsonObject? {
    if (paramsJson.isNullOrBlank()) return null
@@ -150,10 +146,7 @@ class NotificationsHandler private constructor(
    }
  }

-  private fun readString(
-    params: JsonObject,
-    key: String,
-  ): String? =
+  private fun readString(params: JsonObject, key: String): String? =
    (params[key] as? JsonPrimitive)
      ?.contentOrNull
      ?.trim()
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/PhotosHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/PhotosHandler.kt
@@ -1,6 +1,5 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.content.ContentResolver
 import android.content.ContentUris
@@ -13,15 +12,17 @@ import android.os.Bundle
 import android.provider.MediaStore
 import androidx.core.content.ContextCompat
 import androidx.core.graphics.scale
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonPrimitive
-import kotlinx.serialization.json.buildJsonArray
-import kotlinx.serialization.json.buildJsonObject
-import kotlinx.serialization.json.put
+import ai.openclaw.app.gateway.GatewaySession
 import java.io.ByteArrayOutputStream
 import java.time.Instant
 import kotlin.math.max
 import kotlin.math.roundToInt
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.buildJsonArray
+import kotlinx.serialization.json.buildJsonObject
+import kotlinx.serialization.json.put

 private const val DEFAULT_PHOTOS_LIMIT = 1
 private const val DEFAULT_PHOTOS_MAX_WIDTH = 1600
@@ -46,10 +47,7 @@ internal data class EncodedPhotoPayload(
 internal interface PhotosDataSource {
  fun hasPermission(context: Context): Boolean

-  fun latest(
-    context: Context,
-    request: PhotosLatestRequest,
-  ): List<EncodedPhotoPayload>
+  fun latest(context: Context, request: PhotosLatestRequest): List<EncodedPhotoPayload>
 }

 private object SystemPhotosDataSource : PhotosDataSource {
@@ -63,10 +61,7 @@ private object SystemPhotosDataSource : PhotosDataSource {
    return ContextCompat.checkSelfPermission(context, permission) == android.content.pm.PackageManager.PERMISSION_GRANTED
  }

-  override fun latest(
-    context: Context,
-    request: PhotosLatestRequest,
-  ): List<EncodedPhotoPayload> {
+  override fun latest(context: Context, request: PhotosLatestRequest): List<EncodedPhotoPayload> {
    val resolver = context.contentResolver
    val rows = queryLatestRows(resolver, request.limit)
    if (rows.isEmpty()) return emptyList()
@@ -107,10 +102,7 @@ private object SystemPhotosDataSource : PhotosDataSource {
    val height: Int,
  )

-  private fun queryLatestRows(
-    resolver: ContentResolver,
-    limit: Int,
-  ): List<PhotoRow> {
+  private fun queryLatestRows(resolver: ContentResolver, limit: Int): List<PhotoRow> {
    val projection =
      arrayOf(
        MediaStore.Images.Media._ID,
@@ -125,30 +117,29 @@ private object SystemPhotosDataSource : PhotosDataSource {
        putInt(ContentResolver.QUERY_ARG_LIMIT, limit)
      }

-    resolver
-      .query(
-        MediaStore.Images.Media.EXTERNAL_CONTENT_URI,
-        projection,
-        args,
-        null,
-      ).use { cursor ->
-        if (cursor == null) return emptyList()
-        val idIndex = cursor.getColumnIndexOrThrow(MediaStore.Images.Media._ID)
-        val takenIndex = cursor.getColumnIndexOrThrow(MediaStore.Images.Media.DATE_TAKEN)
-        val addedIndex = cursor.getColumnIndexOrThrow(MediaStore.Images.Media.DATE_ADDED)
-        val rows = mutableListOf<PhotoRow>()
-        while (cursor.moveToNext()) {
-          val id = cursor.getLong(idIndex)
-          val takenMs = cursor.getLong(takenIndex).takeIf { it > 0L }
-          val addedMs = cursor.getLong(addedIndex).takeIf { it > 0L }?.times(1000L)
-          rows +=
-            PhotoRow(
-              uri = ContentUris.withAppendedId(MediaStore.Images.Media.EXTERNAL_CONTENT_URI, id),
-              createdAtMs = takenMs ?: addedMs,
-            )
-        }
-        return rows
+    resolver.query(
+      MediaStore.Images.Media.EXTERNAL_CONTENT_URI,
+      projection,
+      args,
+      null,
+    ).use { cursor ->
+      if (cursor == null) return emptyList()
+      val idIndex = cursor.getColumnIndexOrThrow(MediaStore.Images.Media._ID)
+      val takenIndex = cursor.getColumnIndexOrThrow(MediaStore.Images.Media.DATE_TAKEN)
+      val addedIndex = cursor.getColumnIndexOrThrow(MediaStore.Images.Media.DATE_ADDED)
+      val rows = mutableListOf<PhotoRow>()
+      while (cursor.moveToNext()) {
+        val id = cursor.getLong(idIndex)
+        val takenMs = cursor.getLong(takenIndex).takeIf { it > 0L }
+        val addedMs = cursor.getLong(addedIndex).takeIf { it > 0L }?.times(1000L)
+        rows +=
+          PhotoRow(
+            uri = ContentUris.withAppendedId(MediaStore.Images.Media.EXTERNAL_CONTENT_URI, id),
+            createdAtMs = takenMs ?: addedMs,
+          )
      }
+      return rows
+    }
  }

  private fun decodeScaledBitmap(
@@ -180,10 +171,7 @@ private object SystemPhotosDataSource : PhotosDataSource {
    }
  }

-  private fun computeInSampleSize(
-    width: Int,
-    maxWidth: Int,
-  ): Int {
+  private fun computeInSampleSize(width: Int, maxWidth: Int): Int {
    var sample = 1
    var candidate = width
    while (candidate > maxWidth && sample < 64) {
--- a/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/SmsHandler.kt
+++ b/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/SmsHandler.kt
@@ -21,10 +21,7 @@ class SmsHandler(
    return errorResult(res.error, defaultCode = "SMS_SEARCH_FAILED")
  }

-  private fun errorResult(
-    error: String?,
-    defaultCode: String,
-  ): GatewaySession.InvokeResult {
+  private fun errorResult(error: String?, defaultCode: String): GatewaySession.InvokeResult {
    val rawMessage = error ?: defaultCode
    val idx = rawMessage.indexOf(':')
    val code = if (idx > 0) rawMessage.substring(0, idx).trim() else defaultCode
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/SmsManager.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/SmsManager.kt
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/SystemHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/SystemHandler.kt
@@ -1,6 +1,5 @@
 package ai.openclaw.app.node

-import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.app.NotificationChannel
 import android.app.NotificationManager
@@ -10,6 +9,7 @@ import android.os.Build
 import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
@@ -47,8 +47,7 @@ private class AndroidSystemNotificationPoster(
    val channelId = ensureChannel(request.priority)
    val silent = isSilentSound(request.sound)
    val notification =
-      NotificationCompat
-        .Builder(appContext, channelId)
+      NotificationCompat.Builder(appContext, channelId)
        .setSmallIcon(android.R.drawable.ic_dialog_info)
        .setContentTitle(request.title)
        .setContentText(request.body)
@@ -84,12 +83,13 @@ private class AndroidSystemNotificationPoster(
    return channelId
  }

-  private fun compatPriority(priority: String?): Int =
-    when (priority.orEmpty().trim().lowercase()) {
+  private fun compatPriority(priority: String?): Int {
+    return when (priority.orEmpty().trim().lowercase()) {
      "passive" -> NotificationCompat.PRIORITY_LOW
      "timesensitive" -> NotificationCompat.PRIORITY_HIGH
      else -> NotificationCompat.PRIORITY_DEFAULT
    }
+  }

  private fun isSilentSound(sound: String?): Boolean {
    val normalized = sound?.trim()?.lowercase() ?: return false
--- a/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIAction.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIAction.kt
@@ -57,16 +57,13 @@ object OpenClawCanvasA2UIAction {
    ).joinToString(separator = " ")
  }

-  fun jsDispatchA2UIActionStatus(
-    actionId: String,
-    ok: Boolean,
-    error: String?,
-  ): String {
+  fun jsDispatchA2UIActionStatus(actionId: String, ok: Boolean, error: String?): String {
    val err = jsonStringLiteral(error ?: "")
    val okLiteral = if (ok) "true" else "false"
    val idLiteral = jsonStringLiteral(actionId)
-    return "window.dispatchEvent(new CustomEvent('openclaw:a2ui-action-status', { detail: { id: $idLiteral, ok: $okLiteral, error: $err } }));"
+    return "window.dispatchEvent(new CustomEvent('openclaw:a2ui-action-status', { detail: { id: ${idLiteral}, ok: ${okLiteral}, error: ${err} } }));"
  }

-  private fun jsonStringLiteral(raw: String): String = JsonPrimitive(raw).toString().replace("\u2028", "\\u2028").replace("\u2029", "\\u2029")
+  private fun jsonStringLiteral(raw: String): String =
+    JsonPrimitive(raw).toString().replace("\u2028", "\\u2028").replace("\u2029", "\\u2029")
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawProtocolConstants.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawProtocolConstants.kt
@@ -1,8 +1,6 @@
 package ai.openclaw.app.protocol

-enum class OpenClawCapability(
-  val rawValue: String,
-) {
+enum class OpenClawCapability(val rawValue: String) {
  Canvas("canvas"),
  Camera("camera"),
  Sms("sms"),
@@ -18,9 +16,7 @@ enum class OpenClawCapability(
  CallLog("callLog"),
 }

-enum class OpenClawCanvasCommand(
-  val rawValue: String,
-) {
+enum class OpenClawCanvasCommand(val rawValue: String) {
  Present("canvas.present"),
  Hide("canvas.hide"),
  Navigate("canvas.navigate"),
@@ -33,9 +29,7 @@ enum class OpenClawCanvasCommand(
  }
 }

-enum class OpenClawCanvasA2UICommand(
-  val rawValue: String,
-) {
+enum class OpenClawCanvasA2UICommand(val rawValue: String) {
  Push("canvas.a2ui.push"),
  PushJSONL("canvas.a2ui.pushJSONL"),
  Reset("canvas.a2ui.reset"),
@@ -46,9 +40,7 @@ enum class OpenClawCanvasA2UICommand(
  }
 }

-enum class OpenClawCameraCommand(
-  val rawValue: String,
-) {
+enum class OpenClawCameraCommand(val rawValue: String) {
  List("camera.list"),
  Snap("camera.snap"),
  Clip("camera.clip"),
@@ -59,9 +51,7 @@ enum class OpenClawCameraCommand(
  }
 }

-enum class OpenClawSmsCommand(
-  val rawValue: String,
-) {
+enum class OpenClawSmsCommand(val rawValue: String) {
  Send("sms.send"),
  Search("sms.search"),
  ;
@@ -71,9 +61,7 @@ enum class OpenClawSmsCommand(
  }
 }

-enum class OpenClawLocationCommand(
-  val rawValue: String,
-) {
+enum class OpenClawLocationCommand(val rawValue: String) {
  Get("location.get"),
  ;

@@ -82,9 +70,7 @@ enum class OpenClawLocationCommand(
  }
 }

-enum class OpenClawDeviceCommand(
-  val rawValue: String,
-) {
+enum class OpenClawDeviceCommand(val rawValue: String) {
  Status("device.status"),
  Info("device.info"),
  Permissions("device.permissions"),
@@ -96,9 +82,7 @@ enum class OpenClawDeviceCommand(
  }
 }

-enum class OpenClawNotificationsCommand(
-  val rawValue: String,
-) {
+enum class OpenClawNotificationsCommand(val rawValue: String) {
  List("notifications.list"),
  Actions("notifications.actions"),
  ;
@@ -108,9 +92,7 @@ enum class OpenClawNotificationsCommand(
  }
 }

-enum class OpenClawSystemCommand(
-  val rawValue: String,
-) {
+enum class OpenClawSystemCommand(val rawValue: String) {
  Notify("system.notify"),
  ;

@@ -119,9 +101,7 @@ enum class OpenClawSystemCommand(
  }
 }

-enum class OpenClawPhotosCommand(
-  val rawValue: String,
-) {
+enum class OpenClawPhotosCommand(val rawValue: String) {
  Latest("photos.latest"),
  ;

@@ -130,9 +110,7 @@ enum class OpenClawPhotosCommand(
  }
 }

-enum class OpenClawContactsCommand(
-  val rawValue: String,
-) {
+enum class OpenClawContactsCommand(val rawValue: String) {
  Search("contacts.search"),
  Add("contacts.add"),
  ;
@@ -142,9 +120,7 @@ enum class OpenClawContactsCommand(
  }
 }

-enum class OpenClawCalendarCommand(
-  val rawValue: String,
-) {
+enum class OpenClawCalendarCommand(val rawValue: String) {
  Events("calendar.events"),
  Add("calendar.add"),
  ;
@@ -154,9 +130,7 @@ enum class OpenClawCalendarCommand(
  }
 }

-enum class OpenClawMotionCommand(
-  val rawValue: String,
-) {
+enum class OpenClawMotionCommand(val rawValue: String) {
  Activity("motion.activity"),
  Pedometer("motion.pedometer"),
  ;
@@ -166,9 +140,7 @@ enum class OpenClawMotionCommand(
  }
 }

-enum class OpenClawCallLogCommand(
-  val rawValue: String,
-) {
+enum class OpenClawCallLogCommand(val rawValue: String) {
  Search("callLog.search"),
  ;

--- a/apps/android/app/src/main/java/ai/openclaw/app/tools/ToolDisplay.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/tools/ToolDisplay.kt
@@ -48,14 +48,13 @@ data class ToolDisplaySummary(
    }

  val summaryLine: String
-    get() = if (detailLine != null) "$emoji $label: $detailLine" else "$emoji $label"
+    get() = if (detailLine != null) "${emoji} ${label}: ${detailLine}" else "${emoji} ${label}"
 }

 object ToolDisplayRegistry {
  private const val CONFIG_ASSET = "tool-display.json"

  private val json = Json { ignoreUnknownKeys = true }
-
  @Volatile private var cachedConfig: ToolDisplayConfig? = null

  fun resolve(
@@ -113,11 +112,7 @@ object ToolDisplayRegistry {
    val existing = cachedConfig
    if (existing != null) return existing
    return try {
-      val jsonString =
-        context.assets
-          .open(CONFIG_ASSET)
-          .bufferedReader()
-          .use { it.readText() }
+      val jsonString = context.assets.open(CONFIG_ASSET).bufferedReader().use { it.readText() }
      val decoded = json.decodeFromString(ToolDisplayConfig.serializer(), jsonString)
      cachedConfig = decoded
      decoded
@@ -135,11 +130,8 @@ object ToolDisplayRegistry {
      .split(Regex("\\s+"))
      .joinToString(" ") { part ->
        val upper = part.uppercase()
-        if (part.length <= 2 && part == upper) {
-          part
-        } else {
-          upper.firstOrNull()?.toString().orEmpty() + part.lowercase().drop(1)
-        }
+        if (part.length <= 2 && part == upper) part
+        else upper.firstOrNull()?.toString().orEmpty() + part.lowercase().drop(1)
      }
  }

@@ -155,18 +147,17 @@ object ToolDisplayRegistry {
    val limit = args["limit"].asNumberOrNull()
    return if (offset != null && limit != null) {
      val end = offset + limit
-      "$path:${offset.toInt()}-${end.toInt()}"
+      "${path}:${offset.toInt()}-${end.toInt()}"
    } else {
      path
    }
  }

-  private fun pathDetail(args: JsonObject?): String? = args?.get("path")?.asStringOrNull()
+  private fun pathDetail(args: JsonObject?): String? {
+    return args?.get("path")?.asStringOrNull()
+  }

-  private fun firstValue(
-    args: JsonObject?,
-    keys: List<String>,
-  ): String? {
+  private fun firstValue(args: JsonObject?, keys: List<String>): String? {
    for (key in keys) {
      val value = valueForPath(args, key)
      val rendered = renderValue(value)
@@ -175,10 +166,7 @@ object ToolDisplayRegistry {
    return null
  }

-  private fun valueForPath(
-    args: JsonObject?,
-    path: String,
-  ): JsonElement? {
+  private fun valueForPath(args: JsonObject?, path: String): JsonElement? {
    var current: JsonElement? = args
    for (segment in path.split(".")) {
      if (segment.isBlank()) return null
@@ -194,12 +182,7 @@ object ToolDisplayRegistry {
      if (value.isString) {
        val trimmed = value.contentOrNull?.trim().orEmpty()
        if (trimmed.isEmpty()) return null
-        val firstLine =
-          trimmed
-            .lineSequence()
-            .firstOrNull()
-            ?.trim()
-            .orEmpty()
+        val firstLine = trimmed.lineSequence().firstOrNull()?.trim().orEmpty()
        if (firstLine.isEmpty()) return null
        return if (firstLine.length > 160) "${firstLine.take(157)}…" else firstLine
      }
@@ -212,18 +195,16 @@ object ToolDisplayRegistry {
      val items = value.mapNotNull { renderValue(it) }
      if (items.isEmpty()) return null
      val preview = items.take(3).joinToString(", ")
-      return if (items.size > 3) "$preview…" else preview
+      return if (items.size > 3) "${preview}…" else preview
    }
    return null
  }

  private fun shortenHomeInString(value: String): String {
-    val home =
-      System.getProperty("user.home")?.takeIf { it.isNotBlank() }
-        ?: System.getenv("HOME")?.takeIf { it.isNotBlank() }
+    val home = System.getProperty("user.home")?.takeIf { it.isNotBlank() }
+      ?: System.getenv("HOME")?.takeIf { it.isNotBlank() }
    if (home.isNullOrEmpty()) return value
-    return value
-      .replace(home, "~")
+    return value.replace(home, "~")
      .replace(Regex("/Users/[^/]+"), "~")
      .replace(Regex("/home/[^/]+"), "~")
  }
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/CanvasScreen.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/CanvasScreen.kt
@@ -1,11 +1,10 @@
 package ai.openclaw.app.ui

-import ai.openclaw.app.MainViewModel
 import android.annotation.SuppressLint
-import android.net.Uri
 import android.util.Log
 import android.view.View
 import android.webkit.ConsoleMessage
+import android.webkit.JavascriptInterface
 import android.webkit.WebChromeClient
 import android.webkit.WebResourceError
 import android.webkit.WebResourceRequest
@@ -15,161 +14,135 @@ import android.webkit.WebView
 import android.webkit.WebViewClient
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.DisposableEffect
+import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.viewinterop.AndroidView
-import androidx.webkit.JavaScriptReplyProxy
-import androidx.webkit.WebMessageCompat
 import androidx.webkit.WebSettingsCompat
-import androidx.webkit.WebViewCompat
 import androidx.webkit.WebViewFeature
+import ai.openclaw.app.MainViewModel
 import java.util.concurrent.atomic.AtomicReference

@SuppressLint("SetJavaScriptEnabled")
-@Suppress("DEPRECATION")
@Composable
-fun CanvasScreen(
-  viewModel: MainViewModel,
-  visible: Boolean,
-  modifier: Modifier = Modifier,
-) {
+fun CanvasScreen(viewModel: MainViewModel, visible: Boolean, modifier: Modifier = Modifier) {
  val context = LocalContext.current
  val isDebuggable = (context.applicationInfo.flags and android.content.pm.ApplicationInfo.FLAG_DEBUGGABLE) != 0
-  val webViewRef = remember { arrayOfNulls<WebView>(1) }
+  val webViewRef = remember { mutableStateOf<WebView?>(null) }
  val currentPageUrlRef = remember { AtomicReference<String?>(null) }

  DisposableEffect(viewModel) {
    onDispose {
-      val webView = webViewRef[0] ?: return@onDispose
+      val webView = webViewRef.value ?: return@onDispose
      viewModel.canvas.detach(webView)
-      if (WebViewFeature.isFeatureSupported(WebViewFeature.WEB_MESSAGE_LISTENER)) {
-        WebViewCompat.removeWebMessageListener(webView, CanvasA2UIActionBridge.interfaceName)
-      }
+      webView.removeJavascriptInterface(CanvasA2UIActionBridge.interfaceName)
      webView.stopLoading()
      webView.destroy()
-      webViewRef[0] = null
+      webViewRef.value = null
    }
  }

  AndroidView(
    modifier = modifier,
    factory = {
-      val webView = WebView(context)
-      val webSettings = webView.settings
-      webSettings.setAllowContentAccess(false)
-      webSettings.setAllowFileAccess(false)
-      webSettings.setAllowFileAccessFromFileURLs(false)
-      webSettings.setAllowUniversalAccessFromFileURLs(false)
-      webSettings.setSafeBrowsingEnabled(true)
-      webSettings.javaScriptEnabled = true
-      webSettings.domStorageEnabled = true
-      webSettings.mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
-      webSettings.useWideViewPort = false
-      webSettings.loadWithOverviewMode = false
-      webSettings.builtInZoomControls = false
-      webSettings.displayZoomControls = false
-      webSettings.setSupportZoom(false)
-      webView.visibility = if (visible) View.VISIBLE else View.INVISIBLE
-      // targetSdk 33+ ignores Force Dark APIs, so only opt out through the supported
-      // algorithmic darkening flag when this WebView implementation exposes it.
-      if (WebViewFeature.isFeatureSupported(WebViewFeature.ALGORITHMIC_DARKENING)) {
-        WebSettingsCompat.setAlgorithmicDarkeningAllowed(webSettings, false)
-      }
-      if (isDebuggable) {
-        Log.d("OpenClawWebView", "userAgent: ${webSettings.userAgentString}")
-      }
-      webView.isScrollContainer = true
-      webView.overScrollMode = View.OVER_SCROLL_IF_CONTENT_SCROLLS
-      webView.isVerticalScrollBarEnabled = true
-      webView.isHorizontalScrollBarEnabled = true
-      webView.webViewClient =
-        object : WebViewClient() {
-          override fun onPageStarted(
-            view: WebView,
-            url: String?,
-            favicon: android.graphics.Bitmap?,
-          ) {
-            currentPageUrlRef.set(url)
-          }
-
-          override fun onReceivedError(
-            view: WebView,
-            request: WebResourceRequest,
-            error: WebResourceError,
-          ) {
-            if (!isDebuggable || !request.isForMainFrame) return
-            Log.e("OpenClawWebView", "onReceivedError: ${error.errorCode} ${error.description} ${request.url}")
-          }
-
-          override fun onReceivedHttpError(
-            view: WebView,
-            request: WebResourceRequest,
-            errorResponse: WebResourceResponse,
-          ) {
-            if (!isDebuggable || !request.isForMainFrame) return
-            Log.e(
-              "OpenClawWebView",
-              "onReceivedHttpError: ${errorResponse.statusCode} ${errorResponse.reasonPhrase} ${request.url}",
-            )
-          }
-
-          override fun onPageFinished(
-            view: WebView,
-            url: String?,
-          ) {
-            currentPageUrlRef.set(url)
-            if (isDebuggable) {
-              Log.d("OpenClawWebView", "onPageFinished: $url")
+      WebView(context).apply {
+        visibility = if (visible) View.VISIBLE else View.INVISIBLE
+        settings.javaScriptEnabled = true
+        settings.domStorageEnabled = true
+        settings.mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
+        settings.useWideViewPort = false
+        settings.loadWithOverviewMode = false
+        settings.builtInZoomControls = false
+        settings.displayZoomControls = false
+        settings.setSupportZoom(false)
+        // targetSdk 33+ ignores Force Dark APIs, so only opt out through the supported
+        // algorithmic darkening flag when this WebView implementation exposes it.
+        if (WebViewFeature.isFeatureSupported(WebViewFeature.ALGORITHMIC_DARKENING)) {
+          WebSettingsCompat.setAlgorithmicDarkeningAllowed(settings, false)
+        }
+        if (isDebuggable) {
+          Log.d("OpenClawWebView", "userAgent: ${settings.userAgentString}")
+        }
+        isScrollContainer = true
+        overScrollMode = View.OVER_SCROLL_IF_CONTENT_SCROLLS
+        isVerticalScrollBarEnabled = true
+        isHorizontalScrollBarEnabled = true
+        webViewClient =
+          object : WebViewClient() {
+            override fun onPageStarted(
+              view: WebView,
+              url: String?,
+              favicon: android.graphics.Bitmap?,
+            ) {
+              currentPageUrlRef.set(url)
            }
-            viewModel.canvas.onPageFinished()
-          }

-          override fun onRenderProcessGone(
-            view: WebView,
-            detail: android.webkit.RenderProcessGoneDetail,
-          ): Boolean {
-            if (isDebuggable) {
+            override fun onReceivedError(
+              view: WebView,
+              request: WebResourceRequest,
+              error: WebResourceError,
+            ) {
+              if (!isDebuggable || !request.isForMainFrame) return
+              Log.e("OpenClawWebView", "onReceivedError: ${error.errorCode} ${error.description} ${request.url}")
+            }
+
+            override fun onReceivedHttpError(
+              view: WebView,
+              request: WebResourceRequest,
+              errorResponse: WebResourceResponse,
+            ) {
+              if (!isDebuggable || !request.isForMainFrame) return
              Log.e(
                "OpenClawWebView",
-                "onRenderProcessGone didCrash=${detail.didCrash()} priorityAtExit=${detail.rendererPriorityAtExit()}",
+                "onReceivedHttpError: ${errorResponse.statusCode} ${errorResponse.reasonPhrase} ${request.url}",
              )
            }
-            return true
-          }
-        }
-      webView.webChromeClient =
-        object : WebChromeClient() {
-          override fun onConsoleMessage(consoleMessage: ConsoleMessage?): Boolean {
-            if (!isDebuggable) return false
-            val msg = consoleMessage ?: return false
-            Log.d(
-              "OpenClawWebView",
-              "console ${msg.messageLevel()} @ ${msg.sourceId()}:${msg.lineNumber()} ${msg.message()}",
-            )
-            return false
-          }
-        }

-      val bridge =
-        CanvasA2UIActionBridge(
-          isTrustedPage = { viewModel.isTrustedCanvasActionUrl(currentPageUrlRef.get()) },
-        ) { payload ->
-          viewModel.handleCanvasA2UIActionFromWebView(payload)
-        }
-      if (WebViewFeature.isFeatureSupported(WebViewFeature.WEB_MESSAGE_LISTENER)) {
-        WebViewCompat.addWebMessageListener(
-          webView,
-          CanvasA2UIActionBridge.interfaceName,
-          CanvasA2UIActionBridge.allowedOriginRules,
-          bridge,
-        )
-      } else if (isDebuggable) {
-        Log.w("OpenClawWebView", "WebMessageListener unsupported; canvas actions disabled")
+            override fun onPageFinished(view: WebView, url: String?) {
+              currentPageUrlRef.set(url)
+              if (isDebuggable) {
+                Log.d("OpenClawWebView", "onPageFinished: $url")
+              }
+              viewModel.canvas.onPageFinished()
+            }
+
+            override fun onRenderProcessGone(
+              view: WebView,
+              detail: android.webkit.RenderProcessGoneDetail,
+            ): Boolean {
+              if (isDebuggable) {
+                Log.e(
+                  "OpenClawWebView",
+                  "onRenderProcessGone didCrash=${detail.didCrash()} priorityAtExit=${detail.rendererPriorityAtExit()}",
+                )
+              }
+              return true
+            }
+          }
+        webChromeClient =
+          object : WebChromeClient() {
+            override fun onConsoleMessage(consoleMessage: ConsoleMessage?): Boolean {
+              if (!isDebuggable) return false
+              val msg = consoleMessage ?: return false
+              Log.d(
+                "OpenClawWebView",
+                "console ${msg.messageLevel()} @ ${msg.sourceId()}:${msg.lineNumber()} ${msg.message()}",
+              )
+              return false
+            }
+          }
+
+        val bridge =
+          CanvasA2UIActionBridge(
+            isTrustedPage = { viewModel.isTrustedCanvasActionUrl(currentPageUrlRef.get()) },
+          ) { payload ->
+            viewModel.handleCanvasA2UIActionFromWebView(payload)
+          }
+        addJavascriptInterface(bridge, CanvasA2UIActionBridge.interfaceName)
+        viewModel.canvas.attach(this)
+        webViewRef.value = this
      }
-      viewModel.canvas.attach(webView)
-      webViewRef[0] = webView
-      webView
    },
    update = { webView ->
      webView.visibility = if (visible) View.VISIBLE else View.INVISIBLE
@@ -187,18 +160,8 @@ fun CanvasScreen(
 internal class CanvasA2UIActionBridge(
  private val isTrustedPage: () -> Boolean,
  private val onMessage: (String) -> Unit,
-) : WebViewCompat.WebMessageListener {
-  override fun onPostMessage(
-    view: WebView,
-    message: WebMessageCompat,
-    sourceOrigin: Uri,
-    isMainFrame: Boolean,
-    replyProxy: JavaScriptReplyProxy,
-  ) {
-    if (!isMainFrame) return
-    postMessage(message.data)
-  }
-
+) {
+  @JavascriptInterface
  fun postMessage(payload: String?) {
    val msg = payload?.trim().orEmpty()
    if (msg.isEmpty()) return
@@ -208,6 +171,5 @@ internal class CanvasA2UIActionBridge(

  companion object {
    const val interfaceName: String = "openclawCanvasA2UIAction"
-    val allowedOriginRules: Set<String> = setOf("*")
  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/ChatSheet.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/ChatSheet.kt
@@ -1,8 +1,8 @@
 package ai.openclaw.app.ui

+import androidx.compose.runtime.Composable
 import ai.openclaw.app.MainViewModel
 import ai.openclaw.app.ui.chat.ChatSheetContent
-import androidx.compose.runtime.Composable

@Composable
 fun ChatSheet(viewModel: MainViewModel) {
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt
@@ -1,10 +1,7 @@
 package ai.openclaw.app.ui

-import ai.openclaw.app.MainViewModel
-import ai.openclaw.app.gateway.GatewayEndpoint
-import ai.openclaw.app.ui.mobileCardSurface
-import androidx.compose.animation.AnimatedVisibility
 import androidx.compose.foundation.BorderStroke
+import androidx.compose.animation.AnimatedVisibility
 import androidx.compose.foundation.background
 import androidx.compose.foundation.layout.Arrangement
 import androidx.compose.foundation.layout.Box
@@ -41,6 +38,7 @@ import androidx.compose.material3.SwitchDefaults
 import androidx.compose.material3.Text
 import androidx.compose.material3.TextButton
 import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
 import androidx.compose.runtime.collectAsState
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
@@ -50,11 +48,14 @@ import androidx.compose.runtime.setValue
 import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.graphics.Color
-import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.text.input.KeyboardType
+import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.unit.dp
+import ai.openclaw.app.MainViewModel
+import ai.openclaw.app.gateway.GatewayEndpoint
+import ai.openclaw.app.ui.mobileCardSurface

 private enum class ConnectInputMode {
  SetupCode,
@@ -126,10 +127,9 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
  }

  val setupResolvedEndpoint = remember(setupCode) { decodeGatewaySetupCode(setupCode)?.url?.let { parseGatewayEndpoint(it)?.displayUrl } }
-  val manualResolvedEndpoint =
-    remember(manualHostInput, manualPortInput, manualTlsInput) {
-      composeGatewayManualUrl(manualHostInput, manualPortInput, manualTlsInput)?.let { parseGatewayEndpoint(it)?.displayUrl }
-    }
+  val manualResolvedEndpoint = remember(manualHostInput, manualPortInput, manualTlsInput) {
+    composeGatewayManualUrl(manualHostInput, manualPortInput, manualTlsInput)?.let { parseGatewayEndpoint(it)?.displayUrl }
+  }

  val activeEndpoint =
    remember(isConnected, remoteAddress, setupResolvedEndpoint, manualResolvedEndpoint, inputMode) {
@@ -544,11 +544,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
              colors = outlinedColors(),
            )

-            Text(
-              "Password (optional)",
-              style = mobileCaption1.copy(fontWeight = FontWeight.SemiBold),
-              color = mobileTextSecondary,
-            )
+            Text("Password (optional)", style = mobileCaption1.copy(fontWeight = FontWeight.SemiBold), color = mobileTextSecondary)
            OutlinedTextField(
              value = passwordInput,
              onValueChange = { passwordInput = it },
@@ -582,11 +578,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
 }

@Composable
-private fun MethodChip(
-  label: String,
-  active: Boolean,
-  onClick: () -> Unit,
-) {
+private fun MethodChip(label: String, active: Boolean, onClick: () -> Unit) {
  Button(
    onClick = onClick,
    modifier = Modifier.height(40.dp),
@@ -604,10 +596,7 @@ private fun MethodChip(
 }

@Composable
-private fun QuickFillChip(
-  label: String,
-  onClick: () -> Unit,
-) {
+private fun QuickFillChip(label: String, onClick: () -> Unit) {
  Button(
    onClick = onClick,
    shape = RoundedCornerShape(999.dp),
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt
@@ -1,14 +1,14 @@
 package ai.openclaw.app.ui

 import ai.openclaw.app.gateway.isLoopbackGatewayHost
+import java.util.Base64
+import java.util.Locale
+import java.net.URI
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.contentOrNull
 import kotlinx.serialization.json.jsonObject
-import java.net.URI
-import java.util.Base64
-import java.util.Locale

 internal data class GatewayEndpointConfig(
  val host: String,
@@ -121,9 +121,11 @@ internal fun resolveGatewayConnectConfig(
  )
 }

-internal fun parseGatewayEndpoint(rawInput: String): GatewayEndpointConfig? = parseGatewayEndpointResult(rawInput).config
+internal fun parseGatewayEndpoint(rawInput: String): GatewayEndpointConfig? {
+  return parseGatewayEndpointResult(rawInput).config
+}

-internal fun parseGatewayEndpointResult(rawInput: String): GatewayEndpointParseResult {
+  internal fun parseGatewayEndpointResult(rawInput: String): GatewayEndpointParseResult {
  val raw = rawInput.trim()
  if (raw.isEmpty()) return GatewayEndpointParseResult(error = GatewayEndpointValidationError.INVALID_URL)

@@ -131,18 +133,10 @@ internal fun parseGatewayEndpointResult(rawInput: String): GatewayEndpointParseR
  val uri =
    runCatching { URI(normalized) }.getOrNull()
      ?: return GatewayEndpointParseResult(error = GatewayEndpointValidationError.INVALID_URL)
-  val host =
-    uri.host
-      ?.trim()
-      ?.trim('[', ']')
-      .orEmpty()
+  val host = uri.host?.trim()?.trim('[', ']').orEmpty()
  if (host.isEmpty()) return GatewayEndpointParseResult(error = GatewayEndpointValidationError.INVALID_URL)

-  val scheme =
-    uri.scheme
-      ?.trim()
-      ?.lowercase(Locale.US)
-      .orEmpty()
+  val scheme = uri.scheme?.trim()?.lowercase(Locale.US).orEmpty()
  val tls =
    when (scheme) {
      "ws", "http" -> false
@@ -205,7 +199,9 @@ internal fun decodeGatewaySetupCode(rawInput: String): GatewaySetupCode? {
  }
 }

-internal fun resolveScannedSetupCode(rawInput: String): String? = resolveScannedSetupCodeResult(rawInput).setupCode
+internal fun resolveScannedSetupCode(rawInput: String): String? {
+  return resolveScannedSetupCodeResult(rawInput).setupCode
+}

 internal fun resolveScannedSetupCodeResult(rawInput: String): GatewayScannedSetupCodeResult {
  val setupCode =
@@ -224,8 +220,8 @@ internal fun resolveScannedSetupCodeResult(rawInput: String): GatewayScannedSetu
 internal fun gatewayEndpointValidationMessage(
  error: GatewayEndpointValidationError,
  source: GatewayEndpointInputSource,
-): String =
-  when (error) {
+): String {
+  return when (error) {
    GatewayEndpointValidationError.INSECURE_REMOTE_URL ->
      when (source) {
        GatewayEndpointInputSource.SETUP_CODE ->
@@ -242,27 +238,25 @@ internal fun gatewayEndpointValidationMessage(
        GatewayEndpointInputSource.MANUAL -> "Enter a valid manual endpoint to connect."
      }
  }
+}

-internal fun composeGatewayManualUrl(
-  hostInput: String,
-  portInput: String,
-  tls: Boolean,
-): String? {
+internal fun composeGatewayManualUrl(hostInput: String, portInput: String, tls: Boolean): String? {
  val host = hostInput.trim()
  if (host.isEmpty()) return null
  val portTrimmed = portInput.trim()
-  val port =
-    if (portTrimmed.isEmpty()) {
-      if (tls) 443 else return null
-    } else {
-      portTrimmed.toIntOrNull() ?: return null
-    }
+  val port = if (portTrimmed.isEmpty()) {
+    if (tls) 443 else return null
+  } else {
+    portTrimmed.toIntOrNull() ?: return null
+  }
  if (port !in 1..65535) return null
  val scheme = if (tls) "https" else "http"
  return "$scheme://$host:$port"
 }

-private fun parseJsonObject(input: String): JsonObject? = runCatching { gatewaySetupJson.parseToJsonElement(input).jsonObject }.getOrNull()
+private fun parseJsonObject(input: String): JsonObject? {
+  return runCatching { gatewaySetupJson.parseToJsonElement(input).jsonObject }.getOrNull()
+}

 private fun resolveSetupCodeCandidate(rawInput: String): String? {
  val trimmed = rawInput.trim()
@@ -271,10 +265,7 @@ private fun resolveSetupCodeCandidate(rawInput: String): String? {
  return qrSetupCode ?: trimmed
 }

-private fun jsonField(
-  obj: JsonObject,
-  key: String,
-): String? {
+private fun jsonField(obj: JsonObject, key: String): String? {
  val value = (obj[key] as? JsonPrimitive)?.contentOrNull?.trim().orEmpty()
  return value.ifEmpty { null }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayDiagnostics.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayDiagnostics.kt
@@ -1,11 +1,11 @@
 package ai.openclaw.app.ui

-import ai.openclaw.app.BuildConfig
 import android.content.ClipData
 import android.content.ClipboardManager
 import android.content.Context
 import android.os.Build
 import android.widget.Toast
+import ai.openclaw.app.BuildConfig

 internal fun openClawAndroidVersionLabel(): String {
  val versionName = BuildConfig.VERSION_NAME.trim().ifEmpty { "dev" }
@@ -16,7 +16,9 @@ internal fun openClawAndroidVersionLabel(): String {
  }
 }

-internal fun gatewayStatusForDisplay(statusText: String): String = statusText.trim().ifEmpty { "Offline" }
+internal fun gatewayStatusForDisplay(statusText: String): String {
+  return statusText.trim().ifEmpty { "Offline" }
+}

 internal fun gatewayStatusHasDiagnostics(statusText: String): Boolean {
  val lower = gatewayStatusForDisplay(statusText).lowercase()
@@ -38,11 +40,7 @@ internal fun buildGatewayDiagnosticsReport(
      .joinToString(" ")
      .trim()
      .ifEmpty { "Android" }
-  val androidVersion =
-    Build.VERSION.RELEASE
-      ?.trim()
-      .orEmpty()
-      .ifEmpty { Build.VERSION.SDK_INT.toString() }
+  val androidVersion = Build.VERSION.RELEASE?.trim().orEmpty().ifEmpty { Build.VERSION.SDK_INT.toString() }
  val endpoint = gatewayAddress.trim().ifEmpty { "unknown" }
  val status = gatewayStatusForDisplay(statusText)
  return """
@@ -64,7 +62,7 @@ internal fun buildGatewayDiagnosticsReport(
    - android: $androidVersion (SDK ${Build.VERSION.SDK_INT})
    - gateway address: $endpoint
    - status/error: $status
-    """.trimIndent()
+  """.trimIndent()
 }

 internal fun copyGatewayDiagnosticsReport(
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayPairingRetry.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayPairingRetry.kt
@@ -15,10 +15,7 @@ import kotlinx.coroutines.delay
 internal const val PAIRING_AUTO_RETRY_MS = 6_000L

@Composable
-internal fun PairingAutoRetryEffect(
-  enabled: Boolean,
-  onRetry: () -> Unit,
-) {
+internal fun PairingAutoRetryEffect(enabled: Boolean, onRetry: () -> Unit) {
  val lifecycleOwner = LocalLifecycleOwner.current
  var lifecycleStarted by
    remember(lifecycleOwner) {
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt
@@ -1,6 +1,5 @@
 package ai.openclaw.app.ui

-import ai.openclaw.app.R
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.staticCompositionLocalOf
 import androidx.compose.ui.graphics.Brush
@@ -10,6 +9,7 @@ import androidx.compose.ui.text.font.Font
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.unit.sp
+import ai.openclaw.app.R

 // ---------------------------------------------------------------------------
 // MobileColors – semantic color tokens with light + dark variants
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt
@@ -1,10 +1,5 @@
 package ai.openclaw.app.ui

-import ai.openclaw.app.LocationMode
-import ai.openclaw.app.MainViewModel
-import ai.openclaw.app.SensitiveFeatureConfig
-import ai.openclaw.app.gateway.GatewayEndpoint
-import ai.openclaw.app.node.DeviceNotificationListenerService
 import android.Manifest
 import android.content.Context
 import android.content.Intent
@@ -14,10 +9,10 @@ import android.hardware.SensorManager
 import android.net.Uri
 import android.os.Build
 import android.provider.Settings
+import androidx.compose.foundation.BorderStroke
 import androidx.activity.compose.rememberLauncherForActivityResult
 import androidx.activity.result.contract.ActivityResultContracts
 import androidx.compose.animation.AnimatedVisibility
-import androidx.compose.foundation.BorderStroke
 import androidx.compose.foundation.background
 import androidx.compose.foundation.border
 import androidx.compose.foundation.layout.Arrangement
@@ -45,8 +40,22 @@ import androidx.compose.foundation.layout.width
 import androidx.compose.foundation.layout.windowInsetsPadding
 import androidx.compose.foundation.rememberScrollState
 import androidx.compose.foundation.shape.RoundedCornerShape
+import androidx.compose.foundation.shape.CircleShape
 import androidx.compose.foundation.text.KeyboardOptions
 import androidx.compose.foundation.verticalScroll
+import androidx.compose.material3.AlertDialog
+import androidx.compose.material3.OutlinedTextFieldDefaults
+import androidx.compose.material3.Button
+import androidx.compose.material3.ButtonDefaults
+import androidx.compose.material3.HorizontalDivider
+import androidx.compose.material3.Icon
+import androidx.compose.material3.IconButton
+import androidx.compose.material3.OutlinedTextField
+import androidx.compose.material3.Surface
+import androidx.compose.material3.Switch
+import androidx.compose.material3.SwitchDefaults
+import androidx.compose.material3.Text
+import androidx.compose.material3.TextButton
 import androidx.compose.material.icons.Icons
 import androidx.compose.material.icons.automirrored.filled.ArrowBack
 import androidx.compose.material.icons.filled.ChatBubble
@@ -59,19 +68,7 @@ import androidx.compose.material.icons.filled.Link
 import androidx.compose.material.icons.filled.Security
 import androidx.compose.material.icons.filled.Tune
 import androidx.compose.material.icons.filled.Wifi
-import androidx.compose.material3.AlertDialog
-import androidx.compose.material3.Button
-import androidx.compose.material3.ButtonDefaults
-import androidx.compose.material3.HorizontalDivider
-import androidx.compose.material3.Icon
-import androidx.compose.material3.IconButton
-import androidx.compose.material3.OutlinedTextField
-import androidx.compose.material3.OutlinedTextFieldDefaults
-import androidx.compose.material3.Surface
-import androidx.compose.material3.Switch
-import androidx.compose.material3.SwitchDefaults
-import androidx.compose.material3.Text
-import androidx.compose.material3.TextButton
+import androidx.compose.ui.graphics.vector.ImageVector
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.DisposableEffect
 import androidx.compose.runtime.collectAsState
@@ -81,11 +78,10 @@ import androidx.compose.runtime.remember
 import androidx.compose.runtime.saveable.rememberSaveable
 import androidx.compose.runtime.setValue
 import androidx.compose.ui.Alignment
-import androidx.compose.ui.Modifier
 import androidx.compose.ui.draw.clip
+import androidx.compose.ui.Modifier
 import androidx.compose.ui.graphics.Brush
 import androidx.compose.ui.graphics.Color
-import androidx.compose.ui.graphics.vector.ImageVector
 import androidx.compose.ui.text.TextStyle
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
@@ -97,14 +93,16 @@ import androidx.core.content.ContextCompat
 import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.LifecycleEventObserver
 import androidx.lifecycle.compose.LocalLifecycleOwner
+import ai.openclaw.app.BuildConfig
+import ai.openclaw.app.LocationMode
+import ai.openclaw.app.MainViewModel
+import ai.openclaw.app.gateway.GatewayEndpoint
+import ai.openclaw.app.node.DeviceNotificationListenerService
 import com.google.mlkit.vision.barcode.common.Barcode
 import com.google.mlkit.vision.codescanner.GmsBarcodeScannerOptions
 import com.google.mlkit.vision.codescanner.GmsBarcodeScanning

-private enum class OnboardingStep(
-  val index: Int,
-  val label: String,
-) {
+private enum class OnboardingStep(val index: Int, val label: String) {
  Welcome(1, "Welcome"),
  Gateway(2, "Gateway"),
  Permissions(3, "Permissions"),
@@ -210,10 +208,7 @@ private val onboardingCaption2Style: TextStyle
  get() = mobileCaption2

@Composable
-fun OnboardingFlow(
-  viewModel: MainViewModel,
-  modifier: Modifier = Modifier,
-) {
+fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
  val context = androidx.compose.ui.platform.LocalContext.current
  val statusText by viewModel.statusText.collectAsState()
  val isConnected by viewModel.isConnected.collectAsState()
@@ -239,8 +234,7 @@ fun OnboardingFlow(
  val lifecycleOwner = LocalLifecycleOwner.current
  val qrScannerOptions =
    remember {
-      GmsBarcodeScannerOptions
-        .Builder()
+      GmsBarcodeScannerOptions.Builder()
        .setBarcodeFormats(Barcode.FORMAT_QR_CODE)
        .build()
    }
@@ -248,10 +242,10 @@ fun OnboardingFlow(

  val smsAvailable =
    remember(context) {
-      SensitiveFeatureConfig.smsEnabled &&
+      BuildConfig.OPENCLAW_ENABLE_SMS &&
        context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
    }
-  val callLogAvailable = remember { SensitiveFeatureConfig.callLogEnabled }
+  val callLogAvailable = remember { BuildConfig.OPENCLAW_ENABLE_CALL_LOG }
  val motionAvailable =
    remember(context) {
      hasMotionCapabilities(context)
@@ -303,8 +297,8 @@ fun OnboardingFlow(
    rememberSaveable {
      mutableStateOf(
        smsAvailable &&
-          isPermissionGranted(context, Manifest.permission.SEND_SMS) &&
-          isPermissionGranted(context, Manifest.permission.READ_SMS),
+                isPermissionGranted(context, Manifest.permission.SEND_SMS) &&
+                isPermissionGranted(context, Manifest.permission.READ_SMS)
      )
    }
  var enableCallLog by
@@ -315,10 +309,7 @@ fun OnboardingFlow(
  var pendingPermissionToggle by remember { mutableStateOf<PermissionToggle?>(null) }
  var pendingSpecialAccessToggle by remember { mutableStateOf<SpecialAccessToggle?>(null) }

-  fun setPermissionToggleEnabled(
-    toggle: PermissionToggle,
-    enabled: Boolean,
-  ) {
+  fun setPermissionToggleEnabled(toggle: PermissionToggle, enabled: Boolean) {
    when (toggle) {
      PermissionToggle.Discovery -> enableDiscovery = enabled
      PermissionToggle.Location -> enableLocation = enabled
@@ -358,18 +349,13 @@ fun OnboardingFlow(
          isPermissionGranted(context, Manifest.permission.ACTIVITY_RECOGNITION)
      PermissionToggle.Sms ->
        !smsAvailable ||
-          (
-            isPermissionGranted(context, Manifest.permission.SEND_SMS) &&
-              isPermissionGranted(context, Manifest.permission.READ_SMS)
-          )
+                (isPermissionGranted(context, Manifest.permission.SEND_SMS) &&
+                        isPermissionGranted(context, Manifest.permission.READ_SMS))
      PermissionToggle.CallLog ->
        !callLogAvailable || isPermissionGranted(context, Manifest.permission.READ_CALL_LOG)
    }

-  fun setSpecialAccessToggleEnabled(
-    toggle: SpecialAccessToggle,
-    enabled: Boolean,
-  ) {
+  fun setSpecialAccessToggleEnabled(toggle: SpecialAccessToggle, enabled: Boolean) {
    when (toggle) {
      SpecialAccessToggle.NotificationListener -> enableNotificationListener = enabled
    }
@@ -574,8 +560,7 @@ fun OnboardingFlow(
              gatewayError = gatewayError,
              onScanQrClick = {
                gatewayError = null
-                qrScanner
-                  .startScan()
+                qrScanner.startScan()
                  .addOnSuccessListener { barcode ->
                    val contents = barcode.rawValue?.trim().orEmpty()
                    if (contents.isEmpty()) {
@@ -595,9 +580,11 @@ fun OnboardingFlow(
                    gatewayInputMode = GatewayInputMode.SetupCode
                    gatewayError = null
                    attemptedConnect = false
-                  }.addOnCanceledListener {
+                  }
+                  .addOnCanceledListener {
                    // User dismissed the scanner; preserve current form state.
-                  }.addOnFailureListener {
+                  }
+                  .addOnFailureListener {
                    gatewayError = qrScannerErrorMessage()
                  }
              },
@@ -947,10 +934,9 @@ fun OnboardingFlow(
  }
 }

-internal fun canFinishOnboarding(
-  isConnected: Boolean,
-  isNodeConnected: Boolean,
-): Boolean = isConnected && isNodeConnected
+internal fun canFinishOnboarding(isConnected: Boolean, isNodeConnected: Boolean): Boolean {
+  return isConnected && isNodeConnected
+}

@Composable
 private fun onboardingPrimaryButtonColors() =
@@ -1073,10 +1059,7 @@ private fun GatewayStep(
  onPasswordChange: (String) -> Unit,
 ) {
  val resolvedEndpoint = remember(setupCode) { decodeGatewaySetupCode(setupCode)?.url?.let { parseGatewayEndpoint(it)?.displayUrl } }
-  val manualResolvedEndpoint =
-    remember(manualHost, manualPort, manualTls) {
-      composeGatewayManualUrl(manualHost, manualPort, manualTls)?.let { parseGatewayEndpoint(it)?.displayUrl }
-    }
+  val manualResolvedEndpoint = remember(manualHost, manualPort, manualTls) { composeGatewayManualUrl(manualHost, manualPort, manualTls)?.let { parseGatewayEndpoint(it)?.displayUrl } }

  StepShell(title = "Gateway Connection") {
    Text(
@@ -1112,11 +1095,7 @@ private fun GatewayStep(
      ) {
        Column(verticalArrangement = Arrangement.spacedBy(2.dp)) {
          Text("Advanced setup", style = onboardingHeadlineStyle, color = onboardingText)
-          Text(
-            "Paste setup code or enter host/port manually. Private LAN ws:// is supported; Tailscale/public hosts need wss://.",
-            style = onboardingCaption1Style,
-            color = onboardingTextSecondary,
-          )
+          Text("Paste setup code or enter host/port manually. Private LAN ws:// is supported; Tailscale/public hosts need wss://.", style = onboardingCaption1Style, color = onboardingTextSecondary)
        }
        Icon(
          imageVector = if (advancedOpen) Icons.Default.ExpandLess else Icons.Default.ExpandMore,
@@ -1135,13 +1114,7 @@ private fun GatewayStep(
          OutlinedTextField(
            value = setupCode,
            onValueChange = onSetupCodeChange,
-            placeholder = {
-              Text(
-                "Paste code from `openclaw qr --setup-code-only`",
-                color = onboardingTextTertiary,
-                style = onboardingBodyStyle,
-              )
-            },
+            placeholder = { Text("Paste code from `openclaw qr --setup-code-only`", color = onboardingTextTertiary, style = onboardingBodyStyle) },
            modifier = Modifier.fillMaxWidth(),
            minLines = 3,
            maxLines = 5,
@@ -1190,13 +1163,7 @@ private fun GatewayStep(
          OutlinedTextField(
            value = manualPort,
            onValueChange = onManualPortChange,
-            placeholder = {
-              Text(
-                if (manualTls) "443" else "18789",
-                color = onboardingTextTertiary,
-                style = onboardingBodyStyle,
-              )
-            },
+            placeholder = { Text(if (manualTls) "443" else "18789", color = onboardingTextTertiary, style = onboardingBodyStyle) },
            modifier = Modifier.fillMaxWidth(),
            singleLine = true,
            keyboardOptions = KeyboardOptions(keyboardType = KeyboardType.Number),
@@ -1241,11 +1208,7 @@ private fun GatewayStep(
              onboardingTextFieldColors(),
          )

-          Text(
-            "PASSWORD (OPTIONAL)",
-            style = onboardingCaption1Style.copy(letterSpacing = 0.9.sp),
-            color = onboardingTextSecondary,
-          )
+          Text("PASSWORD (OPTIONAL)", style = onboardingCaption1Style.copy(letterSpacing = 0.9.sp), color = onboardingTextSecondary)
          OutlinedTextField(
            value = gatewayPassword,
            onValueChange = onPasswordChange,
@@ -1418,14 +1381,7 @@ private fun PermissionsStep(
  onSmsChange: (Boolean) -> Unit,
  onCallLogChange: (Boolean) -> Unit,
 ) {
-  val discoveryPermission =
-    if (Build.VERSION.SDK_INT >=
-      33
-    ) {
-      Manifest.permission.NEARBY_WIFI_DEVICES
-    } else {
-      Manifest.permission.ACCESS_FINE_LOCATION
-    }
+  val discoveryPermission = if (Build.VERSION.SDK_INT >= 33) Manifest.permission.NEARBY_WIFI_DEVICES else Manifest.permission.ACCESS_FINE_LOCATION
  val locationGranted =
    isPermissionGranted(context, Manifest.permission.ACCESS_FINE_LOCATION) ||
      isPermissionGranted(context, Manifest.permission.ACCESS_COARSE_LOCATION)
@@ -1591,12 +1547,11 @@ private fun PermissionToggleRow(
  onCheckedChange: (Boolean) -> Unit,
 ) {
  val statusText = statusOverride ?: if (granted) "Granted" else "Not granted"
-  val statusColor =
-    when {
-      statusOverride != null -> onboardingTextTertiary
-      granted -> onboardingSuccess
-      else -> onboardingWarning
-    }
+  val statusColor = when {
+    statusOverride != null -> onboardingTextTertiary
+    granted -> onboardingSuccess
+    else -> onboardingWarning
+  }
  Row(
    modifier = Modifier.fillMaxWidth().heightIn(min = 50.dp),
    verticalAlignment = Alignment.CenterVertically,
@@ -1760,18 +1715,18 @@ private fun FinalStep(
            }
            Column(verticalArrangement = Arrangement.spacedBy(2.dp)) {
              Text(
-                if (pairingRequired) "Pairing Required" else "Connection Failed",
-                style = onboardingHeadlineStyle,
-                color = onboardingWarning,
+                  if (pairingRequired) "Pairing Required" else "Connection Failed",
+                  style = onboardingHeadlineStyle,
+                  color = onboardingWarning,
              )
              Text(
-                if (pairingRequired) {
-                  "Approve this phone on the gateway host, or copy the report below."
-                } else {
-                  "Copy this report and give it to your Claw."
-                },
-                style = onboardingCalloutStyle,
-                color = onboardingTextSecondary,
+                  if (pairingRequired) {
+                    "Approve this phone on the gateway host, or copy the report below."
+                  } else {
+                    "Copy this report and give it to your Claw."
+                  },
+                  style = onboardingCalloutStyle,
+                  color = onboardingTextSecondary,
              )
            }
          }
@@ -1936,14 +1891,17 @@ private fun FeatureCard(
  }
 }

-private fun isPermissionGranted(
-  context: Context,
-  permission: String,
-): Boolean = ContextCompat.checkSelfPermission(context, permission) == PackageManager.PERMISSION_GRANTED
+private fun isPermissionGranted(context: Context, permission: String): Boolean {
+  return ContextCompat.checkSelfPermission(context, permission) == PackageManager.PERMISSION_GRANTED
+}

-private fun qrScannerErrorMessage(): String = "Google Code Scanner could not start. Update Google Play services or use the setup code manually."
+private fun qrScannerErrorMessage(): String {
+  return "Google Code Scanner could not start. Update Google Play services or use the setup code manually."
+}

-private fun isNotificationListenerEnabled(context: Context): Boolean = DeviceNotificationListenerService.isAccessEnabled(context)
+private fun isNotificationListenerEnabled(context: Context): Boolean {
+  return DeviceNotificationListenerService.isAccessEnabled(context)
+}

 private fun openNotificationListenerSettings(context: Context) {
  val intent = Intent(Settings.ACTION_NOTIFICATION_LISTENER_SETTINGS).addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/OpenClawTheme.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/OpenClawTheme.kt
@@ -24,8 +24,7 @@ fun OpenClawTheme(content: @Composable () -> Unit) {
  if (!view.isInEditMode) {
    SideEffect {
      val window = (view.context as Activity).window
-      WindowCompat
-        .getInsetsController(window, window.decorView)
+      WindowCompat.getInsetsController(window, window.decorView)
        .isAppearanceLightStatusBars = !isDark
    }
  }
@@ -45,4 +44,6 @@ fun overlayContainerColor(): Color {
 }

@Composable
-fun overlayIconColor(): Color = MaterialTheme.colorScheme.onSurfaceVariant
+fun overlayIconColor(): Color {
+  return MaterialTheme.colorScheme.onSurfaceVariant
+}
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt
@@ -1,16 +1,13 @@
 package ai.openclaw.app.ui

-import ai.openclaw.app.HomeDestination
-import ai.openclaw.app.MainViewModel
-import androidx.compose.foundation.BorderStroke
 import androidx.compose.foundation.background
+import androidx.compose.foundation.BorderStroke
 import androidx.compose.foundation.layout.Arrangement
 import androidx.compose.foundation.layout.Box
 import androidx.compose.foundation.layout.Column
 import androidx.compose.foundation.layout.Row
 import androidx.compose.foundation.layout.WindowInsets
 import androidx.compose.foundation.layout.WindowInsetsSides
-import androidx.compose.foundation.layout.consumeWindowInsets
 import androidx.compose.foundation.layout.fillMaxSize
 import androidx.compose.foundation.layout.fillMaxWidth
 import androidx.compose.foundation.layout.heightIn
@@ -20,6 +17,7 @@ import androidx.compose.foundation.layout.only
 import androidx.compose.foundation.layout.padding
 import androidx.compose.foundation.layout.safeDrawing
 import androidx.compose.foundation.layout.windowInsetsPadding
+import androidx.compose.foundation.layout.consumeWindowInsets
 import androidx.compose.foundation.shape.RoundedCornerShape
 import androidx.compose.material.icons.Icons
 import androidx.compose.material.icons.automirrored.filled.ScreenShare
@@ -32,8 +30,8 @@ import androidx.compose.material3.Scaffold
 import androidx.compose.material3.Surface
 import androidx.compose.material3.Text
 import androidx.compose.runtime.Composable
-import androidx.compose.runtime.LaunchedEffect
 import androidx.compose.runtime.collectAsState
+import androidx.compose.runtime.LaunchedEffect
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
@@ -43,11 +41,13 @@ import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.draw.alpha
 import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.zIndex
 import androidx.compose.ui.graphics.vector.ImageVector
 import androidx.compose.ui.platform.LocalDensity
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.unit.dp
-import androidx.compose.ui.zIndex
+import ai.openclaw.app.HomeDestination
+import ai.openclaw.app.MainViewModel

 private enum class HomeTab(
  val label: String,
@@ -69,10 +69,7 @@ private enum class StatusVisual {
 }

@Composable
-fun PostOnboardingTabs(
-  viewModel: MainViewModel,
-  modifier: Modifier = Modifier,
-) {
+fun PostOnboardingTabs(viewModel: MainViewModel, modifier: Modifier = Modifier) {
  var activeTab by rememberSaveable { mutableStateOf(HomeTab.Connect) }
  var chatTabStarted by rememberSaveable { mutableStateOf(false) }
  var screenTabStarted by rememberSaveable { mutableStateOf(false) }
@@ -185,11 +182,7 @@ fun PostOnboardingTabs(
 }

@Composable
-private fun ScreenTabScreen(
-  viewModel: MainViewModel,
-  visible: Boolean,
-  modifier: Modifier = Modifier,
-) {
+private fun ScreenTabScreen(viewModel: MainViewModel, visible: Boolean, modifier: Modifier = Modifier) {
  val isConnected by viewModel.isConnected.collectAsState()
  var refreshedForCurrentConnection by rememberSaveable(isConnected) { mutableStateOf(false) }

--- a/Show More
+++ b/Show More