test: trigger dependency guard with devDependency change

Preserve OpenClaw-owned embedded system prompts after active tool selection in both normal embedded attempts and compaction. Adds an exact base prompt path on AgentSession that keeps active tool prompt metadata current for extension hooks.

Fixes #87807.

Verification:
- mise exec node@24.16.0 -- node scripts/run-vitest.mjs src/agents/sessions/sdk.test.ts src/agents/embedded-agent-runner/system-prompt.test.ts src/agents/embedded-agent-runner/run/attempt.spawn-workspace.context-engine.test.ts src/agents/embedded-agent-runner/compact.hooks.test.ts --reporter=dot
- mise exec node@24.16.0 -- pnpm tsgo:core
- git diff --check
- .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main

Thanks @shakkernerd.

.crabbox.yaml

@@ -29,6 +29,11 @@ actions:
     - openclaw
   runnerVersion: latest
   ephemeral: true
+blacksmith:
+  org: openclaw
+  workflow: .github/workflows/ci-check-testbox.yml
+  job: check
+  ref: main
 aws:
   region: eu-west-1
   rootGB: 400

.github/CODEOWNERS

@@ -13,6 +13,8 @@
 /.github/workflows/codeql-critical-quality.yml @openclaw/openclaw-secops
 /.github/workflows/dependency-change-awareness.yml @openclaw/openclaw-secops
 /test/scripts/dependency-change-awareness-workflow.test.ts @openclaw/openclaw-secops
+/test/scripts/dependency-change-awareness-script.test.ts @openclaw/openclaw-secops
+/scripts/github/dependency-change-awareness.mjs @openclaw/openclaw-secops
 /package-lock.json @openclaw/openclaw-secops
 /npm-shrinkwrap.json @openclaw/openclaw-secops
 /extensions/*/package-lock.json @openclaw/openclaw-secops

.github/actionlint.yaml

@@ -14,6 +14,10 @@ self-hosted-runner:
     - blacksmith-16vcpu-ubuntu-2404-arm
     - blacksmith-6vcpu-macos-latest
     - blacksmith-12vcpu-macos-latest
+    - blacksmith-6vcpu-macos-15
+    - blacksmith-12vcpu-macos-15
+    - blacksmith-6vcpu-macos-26
+    - blacksmith-12vcpu-macos-26
 
 # Ignore patterns for known issues
 paths:

.github/actions/detect-docs-changes/action.yml

@@ -35,17 +35,29 @@ runs:
           exit 0
         fi
 
-        # Check if any changed file is a doc
-        DOCS=$(echo "$CHANGED" | grep -E '^docs/|\.md$|\.mdx$' || true)
-        if [ -n "$DOCS" ]; then
+        docs_changed=false
+        non_docs=false
+        while IFS= read -r changed_path; do
+          case "$changed_path" in
+            test/fixtures/*)
+              non_docs=true
+              ;;
+            docs/* | *.md | *.mdx)
+              docs_changed=true
+              ;;
+            *)
+              non_docs=true
+              ;;
+          esac
+        done <<< "$CHANGED"
+
+        if [ "$docs_changed" = "true" ]; then
           echo "docs_changed=true" >> "$GITHUB_OUTPUT"
         else
           echo "docs_changed=false" >> "$GITHUB_OUTPUT"
         fi
 
-        # Check if all changed files are docs or markdown
-        NON_DOCS=$(echo "$CHANGED" | grep -vE '^docs/|\.md$|\.mdx$' || true)
-        if [ -z "$NON_DOCS" ]; then
+        if [ "$non_docs" = "false" ]; then
           echo "docs_only=true" >> "$GITHUB_OUTPUT"
           echo "Docs-only change detected — skipping heavy jobs"
         else

.github/actions/setup-node-env/action.yml

@@ -20,9 +20,13 @@ inputs:
     required: false
     default: "true"
   use-actions-cache:
-    description: Whether to restore and save the pnpm store with actions/cache.
+    description: Whether to restore the pnpm store with actions/cache.
     required: false
     default: "true"
+  save-actions-cache:
+    description: Whether to save the pnpm store with actions/cache after install when no exact cache restored.
+    required: false
+    default: "false"
 runs:
   using: composite
   steps:
@@ -45,6 +49,7 @@ runs:
         openclaw_ensure_node "$REQUESTED_NODE_VERSION"
 
     - name: Setup pnpm
+      id: setup-pnpm
       uses: ./.github/actions/setup-pnpm-store-cache
       with:
         node-version: ${{ inputs.node-version }}
@@ -130,3 +135,10 @@ runs:
           ln -sfn "$PNPM_CONFIG_MODULES_DIR" node_modules
           ln -sfn . "$PNPM_CONFIG_MODULES_DIR/node_modules"
         fi
+
+    - name: Save pnpm store cache
+      if: ${{ inputs.install-deps == 'true' && inputs.use-actions-cache == 'true' && inputs.save-actions-cache == 'true' && runner.os != 'Windows' && steps.setup-pnpm.outputs.store-cache-hit != 'true' }}
+      uses: actions/cache/save@v5
+      with:
+        path: ${{ steps.setup-pnpm.outputs.store-path }}
+        key: ${{ steps.setup-pnpm.outputs.store-cache-primary-key }}

.github/actions/setup-pnpm-store-cache/action.yml

@@ -14,7 +14,7 @@ inputs:
     required: false
     default: ""
   use-actions-cache:
-    description: Whether actions/cache should cache the pnpm store.
+    description: Whether actions/cache should restore the pnpm store.
     required: false
     default: "true"
 outputs:
@@ -24,6 +24,15 @@ outputs:
   project-dir:
     description: Directory containing the packageManager file used for pnpm resolution.
     value: ${{ steps.setup-pnpm.outputs.project-dir }}
+  store-cache-hit:
+    description: Whether the pnpm store cache restored an exact key.
+    value: ${{ steps.pnpm-store-cache.outputs.cache-hit }}
+  store-cache-primary-key:
+    description: Exact pnpm store cache key used for restore/save.
+    value: ${{ steps.pnpm-store-cache.outputs.cache-primary-key }}
+  store-path:
+    description: Resolved pnpm store path.
+    value: ${{ steps.pnpm-store.outputs.path }}
 runs:
   using: composite
   steps:
@@ -81,14 +90,15 @@ runs:
         echo "path=$store_path" >> "$GITHUB_OUTPUT"
 
     - name: Restore pnpm store cache
+      id: pnpm-store-cache
       if: ${{ inputs.use-actions-cache == 'true' && runner.os != 'Windows' }}
-      uses: actions/cache@v5
+      uses: actions/cache/restore@v5
       with:
         path: ${{ steps.pnpm-store.outputs.path }}
-        key: pnpm-store-${{ runner.os }}-${{ inputs.node-version }}-${{ hashFiles(inputs.lockfile-path) }}
+        key: pnpm-store-${{ runner.os }}-${{ runner.arch }}-${{ inputs.node-version }}-${{ hashFiles(inputs.package-manager-file) }}-${{ hashFiles(inputs.lockfile-path) }}
         restore-keys: |
-          pnpm-store-${{ runner.os }}-${{ inputs.node-version }}-
-          pnpm-store-${{ runner.os }}-
+          pnpm-store-${{ runner.os }}-${{ runner.arch }}-${{ inputs.node-version }}-${{ hashFiles(inputs.package-manager-file) }}-
+          pnpm-store-${{ runner.os }}-${{ runner.arch }}-${{ inputs.node-version }}-
 
     - name: Record pnpm version
       id: pnpm-version

.github/actions/setup-pnpm-store-cache/ensure-node.sh

@@ -95,7 +95,7 @@ openclaw_find_toolcache_node() {
   done
 
   local node_root candidate candidate_version
-  for node_root in "${roots[@]}"; do
+  for node_root in ${roots[@]+"${roots[@]}"}; do
     while IFS= read -r candidate; do
       candidate_version="$("$candidate" -p 'process.versions.node' 2>/dev/null || true)"
       if openclaw_node_version_matches "$candidate_version" "$requested_node"; then

.github/workflows/ci.yml

@@ -414,13 +414,73 @@ jobs:
       - name: Audit production dependencies
         run: node scripts/pre-commit/pnpm-audit-prod.mjs --audit-level=high
 
+  # Warm the lockfile- and pnpm-pinned store once before Linux Node shards fan out.
+  # On a cold key this job owns the save, so later shards restore the exact key.
+  pnpm-store-warmup:
+    permissions:
+      contents: read
+    needs: [preflight]
+    if: needs.preflight.outputs.run_node == 'true' || needs.preflight.outputs.run_check_docs == 'true'
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
+    timeout-minutes: 20
+    steps:
+      - name: Checkout
+        shell: bash
+        env:
+          CHECKOUT_REPO: ${{ github.repository }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+        run: |
+          set -euo pipefail
+
+          workdir="$GITHUB_WORKSPACE"
+          reset_checkout_dir() {
+            mkdir -p "$workdir"
+            find "$workdir" -mindepth 1 -maxdepth 1 -exec rm -rf {} +
+          }
+
+          checkout_attempt() {
+            local attempt="$1"
+
+            reset_checkout_dir
+            git init "$workdir" >/dev/null
+            git config --global --add safe.directory "$workdir"
+            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" config gc.auto 0
+
+            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+              -c protocol.version=2 \
+              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
+              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
+
+            git -C "$workdir" checkout --force --detach "$CHECKOUT_SHA" || return 1
+            test -f "$workdir/.github/actions/setup-node-env/action.yml" || return 1
+            echo "checkout attempt ${attempt}/5 succeeded"
+          }
+
+          for attempt in 1 2 3 4 5; do
+            if checkout_attempt "$attempt"; then
+              exit 0
+            fi
+            echo "checkout attempt ${attempt}/5 failed"
+            sleep $((attempt * 5))
+          done
+
+          echo "checkout failed after 5 attempts" >&2
+          exit 1
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          install-bun: "false"
+          save-actions-cache: "true"
+
   # Build dist once for Node-relevant changes and share it with downstream jobs.
   # Keep this overlapping with the fast correctness lanes so green PRs get heavy
   # test/build feedback sooner instead of waiting behind a full `check` pass.
   build-artifacts:
     permissions:
       contents: read
-    needs: [preflight]
+    needs: [preflight, pnpm-store-warmup]
     if: needs.preflight.outputs.run_build_artifacts == 'true'
     runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-16vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 20
@@ -652,7 +712,7 @@ jobs:
     permissions:
       contents: read
     name: ${{ matrix.check_name }}
-    needs: [preflight]
+    needs: [preflight, pnpm-store-warmup]
     if: needs.preflight.outputs.run_checks_fast_core == 'true'
     runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 60
@@ -741,7 +801,7 @@ jobs:
     permissions:
       contents: read
     name: ${{ matrix.checkName }}
-    needs: [preflight]
+    needs: [preflight, pnpm-store-warmup]
     if: needs.preflight.outputs.run_plugin_contracts_shards == 'true'
     runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 60
@@ -821,7 +881,7 @@ jobs:
     permissions:
       contents: read
     name: ${{ matrix.checkName }}
-    needs: [preflight]
+    needs: [preflight, pnpm-store-warmup]
     if: needs.preflight.outputs.run_checks_fast == 'true'
     runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 60
@@ -973,9 +1033,9 @@ jobs:
     permissions:
       contents: read
     name: ${{ matrix.check_name }}
-    needs: [preflight]
+    needs: [preflight, pnpm-store-warmup]
     if: needs.preflight.outputs.run_checks_node_core_nondist == 'true'
-    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && (matrix.runner || 'ubuntu-24.04') || 'ubuntu-24.04') }}
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && (matrix.runner || 'blacksmith-8vcpu-ubuntu-2404') || 'ubuntu-24.04') }}
     timeout-minutes: 60
     strategy:
       fail-fast: false
@@ -1079,9 +1139,9 @@ jobs:
     permissions:
       contents: read
     name: ${{ matrix.check_name }}
-    needs: [preflight]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check == 'true' }}
-    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && matrix.runner || 'ubuntu-24.04') }}
+    needs: [preflight, pnpm-store-warmup]
+    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check == 'true' && needs.pnpm-store-warmup.result == 'success' }}
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && (matrix.runner || 'blacksmith-4vcpu-ubuntu-2404') || 'ubuntu-24.04') }}
     timeout-minutes: 20
     strategy:
       fail-fast: false
@@ -1172,7 +1232,7 @@ jobs:
               pnpm lint:auth:pairing-account-scope
               pnpm check:import-cycles
               # build-artifacts already runs the tsdown/runtime build for the same Node-relevant changes.
-              pnpm build:plugin-sdk:strict-smoke
+              NODE_OPTIONS=--max-old-space-size=8192 pnpm build:plugin-sdk:strict-smoke
               ;;
             prod-types)
               pnpm tsgo:prod
@@ -1210,8 +1270,8 @@ jobs:
     permissions:
       contents: read
     name: ${{ matrix.check_name }}
-    needs: [preflight]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check_additional == 'true' }}
+    needs: [preflight, pnpm-store-warmup]
+    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check_additional == 'true' && needs.pnpm-store-warmup.result == 'success' }}
     runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-8vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 20
     strategy:
@@ -1377,7 +1437,7 @@ jobs:
   check-docs:
     permissions:
       contents: read
-    needs: [preflight]
+    needs: [preflight, pnpm-store-warmup]
     if: needs.preflight.outputs.run_check_docs == 'true'
     runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 20
@@ -1434,11 +1494,44 @@ jobs:
       - name: Checkout ClawHub docs source
         run: |
           set -euo pipefail
-          git init clawhub-source
-          git -C clawhub-source config gc.auto 0
-          git -C clawhub-source remote add origin "https://github.com/openclaw/clawhub.git"
-          git -C clawhub-source fetch --no-tags --depth=1 origin "+HEAD:refs/remotes/origin/checkout"
-          git -C clawhub-source checkout --detach refs/remotes/origin/checkout
+
+          workdir="$GITHUB_WORKSPACE/clawhub-source"
+          started_at="$(date +%s)"
+
+          reset_checkout_dir() {
+            mkdir -p "$workdir"
+            find "$workdir" -mindepth 1 -maxdepth 1 -exec rm -rf {} +
+          }
+
+          checkout_attempt() {
+            local attempt="$1"
+
+            reset_checkout_dir
+            git init "$workdir" >/dev/null
+            git -C "$workdir" config gc.auto 0
+            git -C "$workdir" remote add origin "https://github.com/openclaw/clawhub.git"
+
+            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+              -c protocol.version=2 \
+              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
+              "+refs/heads/main:refs/remotes/origin/checkout" || return 1
+
+            git -C "$workdir" checkout --force --detach refs/remotes/origin/checkout || return 1
+            echo "ClawHub checkout attempt ${attempt}/5 succeeded"
+          }
+
+          for attempt in 1 2 3 4 5; do
+            if checkout_attempt "$attempt"; then
+              elapsed="$(( $(date +%s) - started_at ))"
+              echo "ClawHub checkout completed in ${elapsed}s"
+              exit 0
+            fi
+            echo "ClawHub checkout attempt ${attempt}/5 failed"
+            sleep $((attempt * 5))
+          done
+
+          echo "ClawHub checkout failed after 5 attempts" >&2
+          exit 1
 
       - name: Check docs
         env:
@@ -1595,7 +1688,7 @@ jobs:
     name: ${{ matrix.check_name }}
     needs: [preflight]
     if: ${{ !cancelled() && always() && needs.preflight.outputs.run_macos_node == 'true' }}
-    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'macos-latest' || (github.repository == 'openclaw/openclaw' && 'blacksmith-6vcpu-macos-latest' || 'macos-latest') }}
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'macos-15' || (github.repository == 'openclaw/openclaw' && 'blacksmith-6vcpu-macos-15' || 'macos-15') }}
     timeout-minutes: 20
     strategy:
       fail-fast: false
@@ -1644,7 +1737,7 @@ jobs:
     name: "macos-swift"
     needs: [preflight]
     if: needs.preflight.outputs.run_macos_swift == 'true'
-    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'macos-26' || (github.repository == 'openclaw/openclaw' && 'blacksmith-12vcpu-macos-latest' || 'macos-26') }}
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'macos-26' || (github.repository == 'openclaw/openclaw' && 'blacksmith-12vcpu-macos-26' || 'macos-26') }}
     timeout-minutes: 20
     steps:
       - name: Checkout
@@ -1867,3 +1960,53 @@ jobs:
               exit 1
               ;;
           esac
+
+  ci-timings-summary:
+    permissions:
+      actions: read
+      contents: read
+    name: ci-timings-summary
+    needs:
+      - preflight
+      - security-fast
+      - pnpm-store-warmup
+      - build-artifacts
+      - checks-fast-core
+      - checks-fast-plugin-contracts-shard
+      - checks-fast-channel-contracts-shard
+      - checks-node-compat
+      - checks-node-core-test-nondist-shard
+      - check-shard
+      - check-additional-shard
+      - check-docs
+      - skills-python
+      - checks-windows
+      - macos-node
+      - macos-swift
+      - android
+    if: ${{ !cancelled() && always() && (github.event_name != 'pull_request' || !github.event.pull_request.draft) }}
+    runs-on: ubuntu-24.04
+    timeout-minutes: 5
+    steps:
+      - name: Checkout timing summary helper
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || needs.preflight.outputs.checkout_revision || github.sha }}
+          fetch-depth: 1
+          fetch-tags: false
+          persist-credentials: false
+          submodules: false
+
+      - name: Write CI timing summary
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          node scripts/ci-run-timings.mjs "$GITHUB_RUN_ID" --limit 25 > ci-timings-summary.txt
+          cat ci-timings-summary.txt >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Upload CI timing summary
+        uses: actions/upload-artifact@v7
+        with:
+          name: ci-timings-summary
+          path: ci-timings-summary.txt
+          retention-days: 14

.github/workflows/codeql-macos-critical-security.yml

@@ -20,7 +20,7 @@ permissions:
 jobs:
   macos:
     name: Critical Security (macOS)
-    runs-on: blacksmith-6vcpu-macos-latest
+    runs-on: blacksmith-6vcpu-macos-15
     timeout-minutes: 45
     steps:
       - name: Checkout

.github/workflows/codeql.yml

@@ -85,10 +85,21 @@ jobs:
             config_file: ./.github/codeql/codeql-actions-critical-security.yml
     steps:
       - name: Checkout
+        if: ${{ matrix.category != 'actions' }}
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           submodules: false
 
+      - name: Checkout Actions security sources
+        if: ${{ matrix.category == 'actions' }}
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          submodules: false
+          sparse-checkout: |
+            .github/actions
+            .github/workflows
+            .github/codeql
+
       - name: Initialize CodeQL
         uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
         with:

.github/workflows/dependency-change-awareness.yml

@@ -1,10 +1,11 @@
 name: Dependency Change Awareness
 
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] metadata-only workflow; no checkout or untrusted code execution
+  pull_request_target: # zizmor: ignore[dangerous-triggers] checks trusted base script only; never checks out PR head
     types: [opened, reopened, synchronize, ready_for_review]
 
 permissions:
+  contents: read
   pull-requests: write
   issues: write
 
@@ -18,159 +19,15 @@ jobs:
     runs-on: ubuntu-24.04
     timeout-minutes: 5
     steps:
-      - name: Label and comment on dependency changes
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
+      - name: Check out trusted base workflow scripts
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
-          script: |
-            const marker = "<!-- openclaw:dependency-change-awareness -->";
-            const labelName = "dependencies-changed";
-            const maxListedFiles = 25;
-            const pullRequest = context.payload.pull_request;
+          ref: ${{ github.event.pull_request.base.sha }}
+          persist-credentials: false
 
-            if (!pullRequest) {
-              core.info("No pull_request payload found; skipping.");
-              return;
-            }
-
-            const isDependencyFile = (filename) =>
-              filename === "package.json" ||
-              filename === "package-lock.json" ||
-              filename === "npm-shrinkwrap.json" ||
-              filename === "pnpm-lock.yaml" ||
-              filename === "pnpm-workspace.yaml" ||
-              filename === "ui/package.json" ||
-              filename.startsWith("patches/") ||
-              /^packages\/[^/]+\/package\.json$/u.test(filename) ||
-              /^extensions\/[^/]+\/package-lock\.json$/u.test(filename) ||
-              /^extensions\/[^/]+\/npm-shrinkwrap\.json$/u.test(filename) ||
-              /^extensions\/[^/]+\/package\.json$/u.test(filename);
-
-            const sanitizeDisplayValue = (value) =>
-              String(value)
-                .replace(/[\u0000-\u001f\u007f]/gu, "?")
-                .slice(0, 240);
-            const markdownCode = (value) =>
-              `\`${sanitizeDisplayValue(value).replaceAll("`", "\\`")}\``;
-            const ignoreUnavailableWritePermission = (action) => (error) => {
-              if (error?.status === 403) {
-                core.warning(
-                  `Skipping dependency change ${action}; token does not have issue write permission.`,
-                );
-                return;
-              }
-              if (error?.status === 404 || error?.status === 422) {
-                core.warning(`Dependency change ${action} is unavailable.`);
-                return;
-              }
-              throw error;
-            };
-
-            const files = await github.paginate(github.rest.pulls.listFiles, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: pullRequest.number,
-              per_page: 100,
-            });
-            const dependencyFiles = files
-              .map((file) => file.filename)
-              .filter((filename) => typeof filename === "string" && isDependencyFile(filename))
-              .sort((left, right) => left.localeCompare(right));
-
-            const comments = await github.paginate(github.rest.issues.listComments, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: pullRequest.number,
-              per_page: 100,
-            });
-            const existingComment = comments.find(
-              (comment) =>
-                comment.user?.login === "github-actions[bot]" && comment.body?.includes(marker),
-            );
-
-            const labels = await github.paginate(github.rest.issues.listLabelsOnIssue, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: pullRequest.number,
-              per_page: 100,
-            });
-            const hasLabel = labels.some((label) => label.name === labelName);
-
-            if (dependencyFiles.length === 0) {
-              if (hasLabel) {
-                await github.rest.issues.removeLabel({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: pullRequest.number,
-                  name: labelName,
-                }).catch(ignoreUnavailableWritePermission("label removal"));
-              }
-              if (existingComment) {
-                await github.rest.issues.deleteComment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  comment_id: existingComment.id,
-                }).catch(ignoreUnavailableWritePermission("comment deletion"));
-              }
-              await core.summary
-                .addHeading("Dependency Change Awareness")
-                .addRaw("No dependency-related file changes detected.")
-                .write();
-              core.info("No dependency-related file changes detected.");
-              return;
-            }
-
-            if (!hasLabel) {
-              await github.rest.issues.addLabels({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: pullRequest.number,
-                labels: [labelName],
-              }).catch(ignoreUnavailableWritePermission(`label "${labelName}" update`));
-            }
-
-            const listedFiles = dependencyFiles.slice(0, maxListedFiles);
-            const omittedCount = dependencyFiles.length - listedFiles.length;
-            const fileLines = listedFiles.map((filename) => `- ${markdownCode(filename)}`);
-            if (omittedCount > 0) {
-              fileLines.push(`- ${omittedCount} additional dependency-related files not shown`);
-            }
-
-            const body = [
-              marker,
-              "",
-              "### Dependency Changes Detected",
-              "",
-              "This PR changes dependency-related files. Maintainers should confirm these changes are intentional.",
-              "",
-              "Changed files:",
-              ...fileLines,
-              "",
-              "Maintainer follow-up:",
-              "- Review whether the dependency changes are intentional.",
-              "- Inspect resolved package deltas when lockfile, shrinkwrap, or workspace dependency policy changes are present.",
-              "- Treat `package-lock.json` and `npm-shrinkwrap.json` diffs as security-review surfaces.",
-              "- Run `pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes.md --json /tmp/dependency-changes.json` locally for detailed release-style evidence.",
-            ].join("\n");
-
-            if (existingComment) {
-              await github.rest.issues.updateComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                comment_id: existingComment.id,
-                body,
-              }).catch(ignoreUnavailableWritePermission("comment update"));
-            } else {
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: pullRequest.number,
-                body,
-              }).catch(ignoreUnavailableWritePermission("comment creation"));
-            }
-
-            await core.summary
-              .addHeading("Dependency Change Awareness")
-              .addRaw(`Detected ${dependencyFiles.length} dependency-related file change(s).`)
-              .addList(dependencyFiles.map((filename) => markdownCode(filename)))
-              .write();
-            core.notice(`Detected ${dependencyFiles.length} dependency-related file change(s).`);
+      - name: Label, comment, and guard dependency changes
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          OPENCLAW_SECURITY_APPROVERS: vincentkoc,steipete,joshavant
+          OPENCLAW_SECURITY_TEAM_SLUG: openclaw-secops
+        run: node scripts/github/dependency-change-awareness.mjs

.github/workflows/install-smoke.yml

@@ -143,7 +143,7 @@ jobs:
               for (const [dep, rel] of Object.entries(workspace.patchedDependencies ?? {})) {
                 const absolute = path.join(\"/app\", rel);
                 if (!fs.existsSync(absolute)) {
-                  throw new Error(`missing patch for ${dep}: ${rel}`);
+                  throw new Error(\"missing patch for \" + dep + \": \" + rel);
                 }
               }
             "
@@ -337,7 +337,7 @@ jobs:
               for (const [dep, rel] of Object.entries(workspace.patchedDependencies ?? {})) {
                 const absolute = path.join(\"/app\", rel);
                 if (!fs.existsSync(absolute)) {
-                  throw new Error(`missing patch for ${dep}: ${rel}`);
+                  throw new Error(\"missing patch for \" + dep + \": \" + rel);
                 }
               }
             "

.github/workflows/mantis-telegram-live.yml

@@ -377,6 +377,7 @@ jobs:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
           OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
           OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
           OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
           CRABBOX_COORDINATOR: ${{ secrets.CRABBOX_COORDINATOR }}

.github/workflows/npm-telegram-beta-e2e.yml

@@ -218,6 +218,7 @@ jobs:
           OPENCLAW_NPM_TELEGRAM_CREDENTIAL_ROLE: ci
           OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
           OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
           OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
           OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
           INPUT_SCENARIO: ${{ inputs.scenario }}

.github/workflows/openclaw-cross-os-release-checks-reusable.yml

@@ -451,7 +451,7 @@ jobs:
           OUTPUT_DIR: ${{ runner.temp }}/openclaw-cross-os-release-checks/prepare/baseline
         run: |
           mkdir -p "${OUTPUT_DIR}"
-          npm pack --ignore-scripts --json "${BASELINE_SPEC}" --pack-destination "${OUTPUT_DIR}" > "${OUTPUT_DIR}/pack.json"
+          timeout --preserve-status 300s npm pack --ignore-scripts --json "${BASELINE_SPEC}" --pack-destination "${OUTPUT_DIR}" > "${OUTPUT_DIR}/pack.json"
 
       - name: Capture candidate metadata
         id: candidate_metadata

.github/workflows/openclaw-live-and-e2e-checks-reusable.yml

@@ -480,6 +480,35 @@ jobs:
           fi
           exit 1
 
+  plan_release_workflow_matrices:
+    needs: validate_selected_ref
+    runs-on: ubuntu-24.04
+    outputs:
+      docker_e2e_count: ${{ steps.plan.outputs.docker_e2e_count }}
+      docker_e2e_matrix: ${{ steps.plan.outputs.docker_e2e_matrix }}
+      docker_e2e_omitted_json: ${{ steps.plan.outputs.docker_e2e_omitted_json }}
+      live_models_count: ${{ steps.plan.outputs.live_models_count }}
+      live_models_matrix: ${{ steps.plan.outputs.live_models_matrix }}
+      live_models_omitted_json: ${{ steps.plan.outputs.live_models_omitted_json }}
+    steps:
+      - name: Checkout trusted release harness
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          ref: ${{ github.sha }}
+          fetch-depth: 1
+
+      - name: Plan release workflow matrices
+        id: plan
+        env:
+          DOCKER_LANES: ${{ inputs.docker_lanes }}
+          INCLUDE_LIVE_SUITES: ${{ inputs.include_live_suites }}
+          INCLUDE_RELEASE_PATH_SUITES: ${{ inputs.include_release_path_suites }}
+          LIVE_MODEL_PROVIDERS: ${{ inputs.live_model_providers }}
+          LIVE_SUITE_FILTER: ${{ inputs.live_suite_filter }}
+          RELEASE_TEST_PROFILE: ${{ inputs.release_test_profile }}
+        run: node scripts/plan-release-workflow-matrix.mjs >> "$GITHUB_OUTPUT"
+
   validate_release_live_cache:
     needs: validate_selected_ref
     if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'live-cache')
@@ -636,72 +665,15 @@ jobs:
         run: ${{ matrix.command }}
 
   validate_docker_e2e:
-    needs: [validate_selected_ref, prepare_docker_e2e_image]
-    if: inputs.include_release_path_suites && inputs.docker_lanes == ''
+    needs: [validate_selected_ref, prepare_docker_e2e_image, plan_release_workflow_matrices]
+    if: inputs.include_release_path_suites && inputs.docker_lanes == '' && needs.plan_release_workflow_matrices.outputs.docker_e2e_count != '0'
     name: Docker E2E (${{ matrix.label }})
     continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: ${{ matrix.timeout_minutes }}
     strategy:
       fail-fast: false
-      matrix:
-        include:
-          - chunk_id: core
-            label: core
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: package-update-openai
-            label: package/update OpenAI install
-            timeout_minutes: 45
-            profiles: beta minimum stable full
-          - chunk_id: package-update-anthropic
-            label: package/update Anthropic install
-            timeout_minutes: 60
-            profiles: beta minimum stable full
-          - chunk_id: package-update-core
-            label: package/update core
-            timeout_minutes: 60
-            profiles: beta minimum stable full
-          - chunk_id: plugins-runtime-plugins
-            label: plugins/runtime plugins
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-services
-            label: plugins/runtime services
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-a
-            label: plugins/runtime install A
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-b
-            label: plugins/runtime install B
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-c
-            label: plugins/runtime install C
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-d
-            label: plugins/runtime install D
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-e
-            label: plugins/runtime install E
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-f
-            label: plugins/runtime install F
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-g
-            label: plugins/runtime install G
-            timeout_minutes: 60
-            profiles: stable full
-          - chunk_id: plugins-runtime-install-h
-            label: plugins/runtime install H
-            timeout_minutes: 60
-            profiles: stable full
+      matrix: ${{ fromJson(needs.plan_release_workflow_matrices.outputs.docker_e2e_matrix) }}
     env:
       OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
       OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
@@ -1631,42 +1603,14 @@ jobs:
 
   validate_live_models_docker:
     name: Docker live models (${{ matrix.provider_label }})
-    needs: [validate_selected_ref, prepare_live_test_image]
-    if: inputs.include_live_suites && inputs.live_model_providers == '' && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'docker-live-models')
+    needs: [validate_selected_ref, prepare_live_test_image, plan_release_workflow_matrices]
+    if: inputs.include_live_suites && inputs.live_model_providers == '' && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'docker-live-models') && needs.plan_release_workflow_matrices.outputs.live_models_count != '0'
     continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: 45
     strategy:
       fail-fast: false
-      matrix:
-        include:
-          - provider_label: Anthropic
-            providers: anthropic
-            profiles: stable full
-          - provider_label: Google
-            providers: google
-            profiles: stable full
-          - provider_label: MiniMax
-            providers: minimax
-            profiles: stable full
-          - provider_label: OpenAI
-            providers: openai
-            profiles: beta minimum stable full
-          - provider_label: OpenCode
-            providers: opencode-go
-            profiles: full
-          - provider_label: OpenRouter
-            providers: openrouter
-            profiles: full
-          - provider_label: xAI
-            providers: xai
-            profiles: full
-          - provider_label: Z.ai
-            providers: zai
-            profiles: full
-          - provider_label: Fireworks
-            providers: fireworks
-            profiles: full
+      matrix: ${{ fromJson(needs.plan_release_workflow_matrices.outputs.live_models_matrix) }}
     env:
       OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
       OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
@@ -1744,6 +1688,8 @@ jobs:
       - name: Validate provider credential
         if: contains(matrix.profiles, inputs.release_test_profile)
         shell: bash
+        env:
+          LIVE_MODEL_PROVIDERS: ${{ matrix.providers }}
         run: |
           set -euo pipefail
 
@@ -1760,7 +1706,7 @@ jobs:
             exit 1
           }
 
-          case "${{ matrix.providers }}" in
+          case "${LIVE_MODEL_PROVIDERS}" in
             anthropic) require_any Anthropic ANTHROPIC_API_KEY ANTHROPIC_API_KEY_OLD ANTHROPIC_API_TOKEN ;;
             google) require_any Google GEMINI_API_KEY GOOGLE_API_KEY ;;
             minimax) require_any MiniMax MINIMAX_API_KEY ;;
@@ -1771,7 +1717,7 @@ jobs:
             zai) require_any Z.ai ZAI_API_KEY Z_AI_API_KEY ;;
             fireworks) require_any Fireworks FIREWORKS_API_KEY ;;
             *)
-              echo "Unhandled live model provider shard: ${{ matrix.providers }}" >&2
+              echo "Unhandled live model provider shard: ${LIVE_MODEL_PROVIDERS}" >&2
               exit 1
               ;;
           esac
@@ -2013,7 +1959,7 @@ jobs:
             profiles: stable full
           - suite_id: native-live-src-gateway-profiles-openai
             label: Native live gateway profiles OpenAI
-            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=openai OPENCLAW_LIVE_GATEWAY_MODELS=openai/gpt-5.5 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
+            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=openai OPENCLAW_LIVE_GATEWAY_MODELS=openai/gpt-5.5 OPENCLAW_LIVE_GATEWAY_STEP_TIMEOUT_MS=180000 OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS=600000 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
             timeout_minutes: 60
             profile_env_only: false
             profiles: beta minimum stable full

.github/workflows/openclaw-release-checks.yml

@@ -1207,6 +1207,7 @@ jobs:
         env:
           OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
           OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
           OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
           OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
         run: |

.github/workflows/opengrep-precise-full.yml

@@ -32,11 +32,11 @@ jobs:
       - name: Install opengrep
         env:
           # Pin both the install script (by commit SHA) and the binary version.
-          # The script SHA must match the v1.19.0 release tag in opengrep/opengrep
+          # The script SHA must match the v1.22.0 release tag in opengrep/opengrep
           # so a compromised or force-pushed `main` cannot RCE in our CI runner.
           # Bump both together when upgrading.
-          OPENGREP_VERSION: v1.19.0
-          OPENGREP_INSTALL_SHA: 9a4c0a68220618441608cd2bad4ff2eddccf8113
+          OPENGREP_VERSION: v1.22.0
+          OPENGREP_INSTALL_SHA: f458d7f0d52cc58eae1ca3cf3d5caf101e637519
         run: |
           curl -fsSL "https://raw.githubusercontent.com/opengrep/opengrep/${OPENGREP_INSTALL_SHA}/install.sh" \
             | bash -s -- -v "$OPENGREP_VERSION"

.github/workflows/opengrep-precise.yml

@@ -44,7 +44,7 @@ jobs:
         uses: actions/checkout@v6
         with:
           ref: ${{ github.sha }}
-          fetch-depth: 0
+          fetch-depth: 1
           fetch-tags: false
           persist-credentials: false
           submodules: false
@@ -58,11 +58,11 @@ jobs:
       - name: Install opengrep
         env:
           # Pin both the install script (by commit SHA) and the binary version.
-          # The script SHA must match the v1.19.0 release tag in opengrep/opengrep
+          # The script SHA must match the v1.22.0 release tag in opengrep/opengrep
           # so a compromised or force-pushed `main` cannot RCE in our CI runner.
           # Bump both together when upgrading.
-          OPENGREP_VERSION: v1.19.0
-          OPENGREP_INSTALL_SHA: 9a4c0a68220618441608cd2bad4ff2eddccf8113
+          OPENGREP_VERSION: v1.22.0
+          OPENGREP_INSTALL_SHA: f458d7f0d52cc58eae1ca3cf3d5caf101e637519
         run: |
           curl -fsSL "https://raw.githubusercontent.com/opengrep/opengrep/${OPENGREP_INSTALL_SHA}/install.sh" \
             | bash -s -- -v "$OPENGREP_VERSION"

.github/workflows/qa-live-transports-convex.yml

@@ -530,6 +530,7 @@ jobs:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
           OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
           OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
           OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
           INPUT_SCENARIO: ${{ github.event_name == 'workflow_dispatch' && inputs.scenario || '' }}

.github/workflows/website-installer-sync.yml

@@ -90,7 +90,7 @@ jobs:
             bash -lc 'apt-get update -y && apt-get install -y curl && bash /tmp/install-cli.sh --prefix /tmp/openclaw --no-onboard --version latest && /tmp/openclaw/bin/openclaw --version'
 
   macos-installer:
-    runs-on: macos-latest
+    runs-on: macos-15
     steps:
       - name: Checkout
         uses: actions/checkout@v6

CHANGELOG.md

@@ -8,6 +8,7 @@ Docs: https://docs.openclaw.ai
 
 - Agent and Codex runtime recovery is steadier: subagents keep cwd/workspace separation, hook context stays prompt-local, session locks release on timeout abort, stale restart continuations are avoided, and Codex app-server/helper failures no longer tear down shared runtime state. (#87218, #86875, #87409, #87399, #87375)
 - Channel delivery and session identity got safer across outbound plugin hooks, Matrix room ids, iMessage reactions/approvals, Slack final replies, Discord recovered tool warnings, and Microsoft Teams service URL trust checks. (#73706, #75670, #87366, #87451, #87334)
+- Mobile and chat surfaces got a broader refresh: the iOS Pro UI, Gateway chat transport, onboarding, Talk permissions, WebChat reconnect delivery, and session picker behavior now preserve more state across reconnects and empty searches. (#87367, #87531, #87682)
 - CLI, auth, doctor, and provider paths fail faster and recover more clearly: malformed numeric/version options are rejected, OAuth and local service startup requests are bounded, legacy `api_key` auth profiles migrate to canonical form, and restart guidance is actionable. (#87398, #86281, #87361)
 - Plugin and Gateway hot paths do less repeated work while preserving cache correctness for install records, config JSON parsing, tool search catalogs, session stores, manifest model rows, auto-enabled plugin config, browser tokens, and viewer assets. (#86699)
 - Release, QA, and E2E validation now bound more log, artifact, harness, and cross-OS waits so failing lanes produce proof instead of hanging or false-greening.
@@ -19,15 +20,19 @@ Docs: https://docs.openclaw.ai
 - ClawHub: add plugin display names plus skill verification and trust surfaces. (#87354, #86699) Thanks @thewilloftheshadow and @Patrick-Erichsen.
 - iOS: refresh the dev app with Pro Command, Chat, Agents, and Settings tabs wired to gateway sessions, diagnostics, chat, and realtime Talk. (#87367) Thanks @Solvely-Colin.
 - Docs: clarify Codex computer-use setup, paste-token stdin auth setup, macOS gateway sleep troubleshooting, native Codex hook relay recovery, container model auth, install deployment cards, device-token admin gating, and backport targets. (#87313, #63050) Thanks @bdjben, @liaoandi, and @thewilloftheshadow.
+- PDF/tools: use ClawPDF for PDF extraction and surface MCP structured content in agent tool results. (#87670)
 
 ### Fixes
 
+- Agents: fall back to local config pruning when the optional `agents delete` Gateway probe cannot authenticate, so offline installs can still delete agents without removing shared workspaces.
 - Tighten phone-control mutation authorization [AI]. (#87150) Thanks @pgondhi987.
 - Clarify directive persistence authorization policy [AI]. (#86369) Thanks @pgondhi987.
 - Agents/Codex: keep spawned agent cwd/workspace state separated, keep hook context prompt-local, release session locks on timeout abort, avoid session event queue self-wait, preserve shared app-server state across startup or helper failures, keep native hook relay alive across restarts, route workspace memory through tools, resolve Codex runtime models first, report quarantined dynamic tools, format `skills` command output, and bound compaction/steering retries. (#87218, #86875, #86123, #87399, #87375, #87383, #87400) Thanks @mbelinky, @Alix-007, @luoyanglang, @yetval, and @sjf.
 - Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, preserve Telegram SecretRef prompt config, suppress Discord recovered tool warnings, and block untrusted Teams service URLs. (#73706, #75670, #87366, #87451, #87334) Thanks @zeroaltitude, @lukeboyett, @xiaotian, and @eleqtrizit.
 - CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, wait for respawn child shutdown, bound Codex and GitHub Copilot OAuth/token requests, warm provider auth off the main thread, honor Codex response timeouts, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical `api_key` auth profiles, and make doctor restart follow-ups actionable. (#87398, #86281, #87361) Thanks @Patrick-Erichsen, @samzong, @giodl73-repo, and @alkor2000.
 - Gateway/security/session state: expire browser tokens after auth rotation, scope assistant idempotency dedupe, drain probe client closes, avoid stale restart continuation reuse, preserve retry-after fallbacks, bound webchat image and artifact transcript scans, include seconds in inbound metadata timestamps, and evict current plugin-state namespaces at row caps.
+- Config/parsing/network: reject partial numeric parsing, parse provider/Discord retry headers and dates strictly, honor IPv6 and bare IPv6 `no_proxy` entries, canonicalize secret target array indexes, and reject malformed media content lengths, inspected TCP ports, marketplace content lengths, cron epochs, and sandbox stat fields.
+- Providers/agents: preserve seeded Anthropic signatures, concatenate signature-delta chunks, preserve DeepSeek `reasoning_content` replay across tier suffixes, apply OpenRouter strict9 ids to Mistral routes, promote Ollama plain-text tool calls, and recover empty preflight compaction. (#87593)
 - File transfer: handle late tar stdin pipe errors after archive validation or unpacking has already settled.
 - Performance: trust install-record caches between reloads, prefer native JSON parsing, reuse unchanged tool-search catalogs, skip unchanged store serialization, add precomputed session patch writers, reduce store clone allocations, cache manifest model catalog rows and auto-enabled plugin config, and slim current metadata identity caches.
 - Docker/release/QA: package runtime workspace templates, stream cross-OS served artifacts, preserve sparse Crabbox run artifacts, bound OpenClaw instance logs, plugin gauntlet relay logs, MCP channel buffers, kitchen-sink scans, agent-turn assertions, and release scenario logs, and keep release/google live guards current.

Dockerfile

@@ -48,6 +48,7 @@ RUN --mount=type=bind,source=packages,target=/tmp/packages,readonly \
 FROM ${OPENCLAW_BUN_IMAGE} AS bun-binary
 FROM ${OPENCLAW_NODE_BOOKWORM_IMAGE} AS build
 ARG OPENCLAW_BUNDLED_PLUGIN_DIR
+ARG OPENCLAW_EXTENSIONS
 
 # Copy pinned Bun binary from the official image instead of fetching via curl.
 COPY --from=bun-binary /usr/local/bin/bun /usr/local/bin/bun
@@ -77,7 +78,12 @@ RUN --mount=type=cache,id=openclaw-pnpm-store,target=/root/.local/share/pnpm/sto
 # pnpm v10+ may append peer-resolution hashes to virtual-store folder names; do not hardcode `.pnpm/...`
 # paths. Matrix's native downloader can hit transient release CDN errors while
 # still exiting successfully, so retry the package downloader before failing.
+# Skip the entire check when matrix is not a bundled extension (e.g. msteams-only builds).
 RUN set -eux; \
+    if ! printf '%s\n' "$OPENCLAW_EXTENSIONS" | tr ',' ' ' | tr ' ' '\n' | grep -qx 'matrix'; then \
+      echo "==> matrix not bundled, skipping matrix-sdk-crypto check"; \
+      exit 0; \
+    fi; \
     echo "==> Verifying critical native addons..."; \
     for attempt in 1 2 3 4 5; do \
       if find /app/node_modules -name "matrix-sdk-crypto*.node" 2>/dev/null | grep -q .; then \

apps/macos/Sources/OpenClaw/AppState.swift

@@ -170,6 +170,8 @@ final class AppState {
         }
     }
 
+    var voiceWakeMeterActive = false
+
     var talkEnabled: Bool {
         didSet {
             self.ifNotPreview {

apps/macos/Sources/OpenClaw/CritterStatusLabel+Behavior.swift

@@ -63,6 +63,14 @@ extension CritterStatusLabel {
                     .frame(width: 6, height: 6)
                     .padding(1)
             }
+
+            if self.voiceWakeMeterActive {
+                Circle()
+                    .fill(.orange)
+                    .frame(width: 5, height: 5)
+                    .padding(2)
+                    .frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .bottomLeading)
+            }
         }
         .frame(width: 18, height: 18)
     }
@@ -239,7 +247,8 @@ extension CritterStatusLabel {
             sendCelebrationTick: 1,
             gatewayStatus: .running(details: nil),
             animationsEnabled: true,
-            iconState: .workingMain(.tool(.bash)))
+            iconState: .workingMain(.tool(.bash)),
+            voiceWakeMeterActive: true)
 
         _ = label.body
         _ = label.iconImage
@@ -275,7 +284,8 @@ extension CritterStatusLabel {
             sendCelebrationTick: 0,
             gatewayStatus: .failed("boom"),
             animationsEnabled: false,
-            iconState: .idle)
+            iconState: .idle,
+            voiceWakeMeterActive: false)
         _ = failed.gatewayNeedsAttention
         _ = failed.gatewayBadgeColor
 
@@ -288,7 +298,8 @@ extension CritterStatusLabel {
             sendCelebrationTick: 0,
             gatewayStatus: .stopped,
             animationsEnabled: false,
-            iconState: .idle)
+            iconState: .idle,
+            voiceWakeMeterActive: false)
         _ = stopped.gatewayNeedsAttention
         _ = stopped.gatewayBadgeColor
 

apps/macos/Sources/OpenClaw/CritterStatusLabel.swift

@@ -10,6 +10,7 @@ struct CritterStatusLabel: View {
     var gatewayStatus: GatewayProcessManager.Status
     var animationsEnabled: Bool
     var iconState: IconState
+    var voiceWakeMeterActive: Bool = false
 
     @State var blinkAmount: CGFloat = 0
     @State var nextBlink = Date().addingTimeInterval(Double.random(in: 3.5...8.5))

apps/macos/Sources/OpenClaw/MenuBar.swift

@@ -50,7 +50,8 @@ struct OpenClawApp: App {
                 sendCelebrationTick: self.state.sendCelebrationTick,
                 gatewayStatus: self.gatewayManager.status,
                 animationsEnabled: self.state.iconAnimationsEnabled && !self.isGatewaySleeping,
-                iconState: self.effectiveIconState)
+                iconState: self.effectiveIconState,
+                voiceWakeMeterActive: self.state.voiceWakeMeterActive)
                 .background(SettingsWindowOpenRegistrar())
         }
         .menuBarExtraAccess(isPresented: self.$isMenuPresented) { item in
@@ -75,6 +76,9 @@ struct OpenClawApp: App {
         .onChange(of: self.gatewayManager.status) { _, _ in
             self.applyStatusItemAppearance(paused: self.state.isPaused, sleeping: self.isGatewaySleeping)
         }
+        .onChange(of: self.state.voiceWakeMeterActive) { _, _ in
+            self.applyStatusItemAppearance(paused: self.state.isPaused, sleeping: self.isGatewaySleeping)
+        }
         .onChange(of: self.state.connectionMode) { _, mode in
             Task { await ConnectionModeCoordinator.shared.apply(mode: mode, paused: self.state.isPaused) }
             CLIInstallPrompter.shared.checkAndPromptIfNeeded(reason: "connection-mode")
@@ -107,6 +111,9 @@ struct OpenClawApp: App {
         // The SwiftUI label already renders those states; AppKit's disabled appearance can
         // leak into menu item validation and grey out app-level commands like Settings.
         self.statusItem?.button?.appearsDisabled = false
+        self.statusItem?.button?.toolTip = self.state.voiceWakeMeterActive
+            ? "OpenClaw - Voice Wake live meter active"
+            : "OpenClaw"
     }
 
     private static func applyAttachOnlyOverrideIfNeeded() {

apps/macos/Sources/OpenClaw/MicLevelMonitor.swift

@@ -8,12 +8,18 @@ actor MicLevelMonitor {
     private var update: (@Sendable (Double) -> Void)?
     private var running = false
     private var smoothedLevel: Double = 0
+    private var lastUpdate = ContinuousClock.now
+    private var lastPublishedLevel: Double = 0
+    private let minimumUpdateInterval: Duration = .milliseconds(125)
+    private let minimumLevelDelta = 0.02
 
     func start(onLevel: @Sendable @escaping (Double) -> Void) async throws {
         self.update = onLevel
         if self.running { return }
         self.logger.info(
             "mic level monitor start (\(AudioInputDeviceObserver.defaultInputDeviceSummary(), privacy: .public))")
+        self.lastUpdate = .now
+        self.lastPublishedLevel = self.smoothedLevel
         guard AudioInputDeviceObserver.hasUsableDefaultInputDevice() else {
             self.engine = nil
             throw NSError(
@@ -56,7 +62,13 @@ actor MicLevelMonitor {
     private func push(level: Double) {
         self.smoothedLevel = (self.smoothedLevel * 0.45) + (level * 0.55)
         guard let update else { return }
+        let now = ContinuousClock.now
+        guard now - self.lastUpdate >= self.minimumUpdateInterval ||
+            abs(self.smoothedLevel - self.lastPublishedLevel) >= self.minimumLevelDelta
+        else { return }
+        self.lastUpdate = now
         let value = self.smoothedLevel
+        self.lastPublishedLevel = value
         Task { @MainActor in update(value) }
     }
 

apps/macos/Sources/OpenClaw/SoundEffects.swift

@@ -3,12 +3,12 @@ import Foundation
 
 enum SoundEffectCatalog {
     /// All discoverable system sound names, with "Glass" pinned first.
-    static var systemOptions: [String] {
+    static let systemOptions: [String] = {
         var names = Set(Self.discoveredSoundMap.keys).union(Self.fallbackNames)
         names.remove("Glass")
         let sorted = names.sorted { $0.localizedCaseInsensitiveCompare($1) == .orderedAscending }
         return ["Glass"] + sorted
-    }
+    }()
 
     static func displayName(for raw: String) -> String {
         raw

apps/macos/Sources/OpenClaw/VoiceWakeSettings.swift

@@ -20,6 +20,7 @@ struct VoiceWakeSettings: View {
     private let meter = MicLevelMonitor()
     @State private var micObserver = AudioInputDeviceObserver()
     @State private var micRefreshTask: Task<Void, Never>?
+    @State private var meterStartupTask: Task<Void, Never>?
     @State private var availableLocales: [Locale] = []
     @State private var triggerEntries: [TriggerEntry] = []
     private let fieldLabelWidth: CGFloat = 140
@@ -188,59 +189,68 @@ struct VoiceWakeSettings: View {
             }
             .settingsDetailContent()
         }
-        .task {
-            guard !self.isPreview else { return }
-            await self.loadMicsIfNeeded()
-        }
-        .task {
-            guard !self.isPreview else { return }
-            await self.loadLocalesIfNeeded()
-        }
-        .task {
-            guard !self.isPreview else { return }
-            await self.restartMeter()
-        }
         .onAppear {
             guard !self.isPreview else { return }
-            self.startMicObserver()
-            self.loadTriggerEntries()
+            guard self.isActive else { return }
+            self.activateLivePreview()
         }
         .onChange(of: self.state.voiceWakeMicID) { _, _ in
             guard !self.isPreview else { return }
             self.updateSelectedMicName()
-            Task { await self.restartMeter() }
+            guard self.isActive else { return }
+            self.scheduleMeterRestart()
         }
         .onChange(of: self.isActive) { _, active in
             guard !self.isPreview else { return }
             if !active {
-                self.tester.stop()
-                self.isTesting = false
-                self.testState = .idle
-                self.testTimeoutTask?.cancel()
-                self.micRefreshTask?.cancel()
-                self.micRefreshTask = nil
-                Task { await self.meter.stop() }
-                self.micObserver.stop()
+                self.deactivateLivePreview()
                 self.syncTriggerEntriesToState()
             } else {
-                self.startMicObserver()
-                self.loadTriggerEntries()
+                self.activateLivePreview()
             }
         }
         .onDisappear {
             guard !self.isPreview else { return }
-            self.tester.stop()
-            self.isTesting = false
-            self.testState = .idle
-            self.testTimeoutTask?.cancel()
-            self.micRefreshTask?.cancel()
-            self.micRefreshTask = nil
-            self.micObserver.stop()
-            Task { await self.meter.stop() }
+            self.deactivateLivePreview()
             self.syncTriggerEntriesToState()
         }
     }
 
+    private func activateLivePreview() {
+        self.meterStartupTask?.cancel()
+        self.startMicObserver()
+        self.loadTriggerEntries()
+        self.meterStartupTask = Task { @MainActor in
+            await self.loadMicsIfNeeded()
+            guard !Task.isCancelled, self.isActive else { return }
+            await self.loadLocalesIfNeeded()
+            guard !Task.isCancelled, self.isActive else { return }
+            await self.restartMeter()
+        }
+    }
+
+    private func deactivateLivePreview() {
+        self.tester.stop()
+        self.isTesting = false
+        self.testState = .idle
+        self.testTimeoutTask?.cancel()
+        self.micRefreshTask?.cancel()
+        self.micRefreshTask = nil
+        self.meterStartupTask?.cancel()
+        self.meterStartupTask = nil
+        self.micObserver.stop()
+        self.state.voiceWakeMeterActive = false
+        Task { await self.meter.stop() }
+    }
+
+    private func scheduleMeterRestart() {
+        self.meterStartupTask?.cancel()
+        self.meterStartupTask = Task { @MainActor in
+            guard !Task.isCancelled, self.isActive else { return }
+            await self.restartMeter()
+        }
+    }
+
     private func loadTriggerEntries() {
         self.triggerEntries = self.state.swabbleTriggerWords.map { TriggerEntry(id: UUID(), value: $0) }
     }
@@ -652,6 +662,7 @@ struct VoiceWakeSettings: View {
 
     @MainActor
     private func scheduleMicRefresh() {
+        guard self.isActive else { return }
         MicRefreshSupport.schedule(refreshTask: &self.micRefreshTask) {
             await self.loadMicsIfNeeded(force: true)
             await self.restartMeter()
@@ -713,8 +724,17 @@ struct VoiceWakeSettings: View {
 
     @MainActor
     private func restartMeter() async {
+        guard self.isActive else {
+            self.state.voiceWakeMeterActive = false
+            await self.meter.stop()
+            return
+        }
         self.meterError = nil
         await self.meter.stop()
+        guard !Task.isCancelled, self.isActive else {
+            self.state.voiceWakeMeterActive = false
+            return
+        }
         do {
             try await self.meter.start { [weak state] level in
                 Task { @MainActor in
@@ -722,7 +742,14 @@ struct VoiceWakeSettings: View {
                     self.meterLevel = level
                 }
             }
+            guard !Task.isCancelled, self.isActive else {
+                self.state.voiceWakeMeterActive = false
+                await self.meter.stop()
+                return
+            }
+            self.state.voiceWakeMeterActive = true
         } catch {
+            self.state.voiceWakeMeterActive = false
             self.meterError = error.localizedDescription
         }
     }

apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift

@@ -2379,6 +2379,7 @@ public struct SessionsCompactParams: Codable, Sendable {
 public struct SessionsUsageParams: Codable, Sendable {
     public let key: String?
     public let agentid: String?
+    public let agentscope: String?
     public let startdate: String?
     public let enddate: String?
     public let mode: AnyCodable?
@@ -2392,6 +2393,7 @@ public struct SessionsUsageParams: Codable, Sendable {
     public init(
         key: String?,
         agentid: String? = nil,
+        agentscope: String? = nil,
         startdate: String?,
         enddate: String?,
         mode: AnyCodable?,
@@ -2404,6 +2406,7 @@ public struct SessionsUsageParams: Codable, Sendable {
     {
         self.key = key
         self.agentid = agentid
+        self.agentscope = agentscope
         self.startdate = startdate
         self.enddate = enddate
         self.mode = mode
@@ -2418,6 +2421,7 @@ public struct SessionsUsageParams: Codable, Sendable {
     private enum CodingKeys: String, CodingKey {
         case key
         case agentid = "agentId"
+        case agentscope = "agentScope"
         case startdate = "startDate"
         case enddate = "endDate"
         case mode
@@ -5458,6 +5462,8 @@ public struct CronListParams: Codable, Sendable {
     public let offset: Int?
     public let query: String?
     public let enabled: AnyCodable?
+    public let schedulekind: AnyCodable?
+    public let lastrunstatus: AnyCodable?
     public let sortby: AnyCodable?
     public let sortdir: AnyCodable?
     public let agentid: String?
@@ -5468,6 +5474,8 @@ public struct CronListParams: Codable, Sendable {
         offset: Int?,
         query: String?,
         enabled: AnyCodable?,
+        schedulekind: AnyCodable?,
+        lastrunstatus: AnyCodable?,
         sortby: AnyCodable?,
         sortdir: AnyCodable?,
         agentid: String?)
@@ -5477,6 +5485,8 @@ public struct CronListParams: Codable, Sendable {
         self.offset = offset
         self.query = query
         self.enabled = enabled
+        self.schedulekind = schedulekind
+        self.lastrunstatus = lastrunstatus
         self.sortby = sortby
         self.sortdir = sortdir
         self.agentid = agentid
@@ -5488,6 +5498,8 @@ public struct CronListParams: Codable, Sendable {
         case offset
         case query
         case enabled
+        case schedulekind = "scheduleKind"
+        case lastrunstatus = "lastRunStatus"
         case sortby = "sortBy"
         case sortdir = "sortDir"
         case agentid = "agentId"

apps/swabble/.github/workflows/ci.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   build-and-test:
-    runs-on: macos-latest
+    runs-on: macos-15
     defaults:
       run:
         shell: bash

config/knip.config.ts

@@ -50,7 +50,7 @@ const bundledPluginIgnoredRuntimeDependencies = [
   "lit",
   "linkedom",
   "openclaw",
-  "pdfjs-dist",
+  "clawpdf",
 ] as const;
 
 const rootBundledPluginRuntimeDependencies = [
@@ -70,7 +70,7 @@ const rootBundledPluginRuntimeDependencies = [
   "minimatch",
   "node-edge-tts",
   "openshell",
-  "pdfjs-dist",
+  "clawpdf",
   "tokenjuice",
 ] as const;
 

docker-compose.yml

@@ -63,6 +63,7 @@ services:
     ports:
       - "${OPENCLAW_GATEWAY_PORT:-18789}:18789"
       - "${OPENCLAW_BRIDGE_PORT:-18790}:18790"
+      - "${OPENCLAW_MSTEAMS_PORT:-3978}:3978"
     init: true
     restart: unless-stopped
     command:

docs/.generated/config-baseline.sha256

@@ -1,4 +1,4 @@
-a69acd971a7d54d3086f26c52fde4084eaeef350f71b918fb8e7338f329bff95  config-baseline.json
+c61b32fda64ee6cd4d4aa5ed6950c4c681a585d49bf5c127b92e562608a0a303  config-baseline.json
 ee4c0f0fb15cda02268f2e83d0c5e1c8d0ec0a2c1b2fdb89cdfce308dadb2b8b  config-baseline.core.json
-b901fb766edfd9df630690281476fc4032c64772f69d1d8f7b2e0e913a90f229  config-baseline.channel.json
+ccb0c68e959854b9d54d66b8c78bfba5fe6f8a37e669e2e7e511b02c4c977122  config-baseline.channel.json
 1b763a5524aca2d7ecf1eea38f845ad1ffed5c1b37e85e62f6a7902a3ee0f920  config-baseline.plugin.json

docs/.generated/plugin-sdk-api-baseline.sha256

@@ -1,2 +1,2 @@
-7039b60f2cea732a90db633328952faaddd919f0d098b303b29d554e64184073  plugin-sdk-api-baseline.json
-1a78f4df81562af070c5379c6369a8bea9c704f985b5382a463364757b26db0d  plugin-sdk-api-baseline.jsonl
+91cb45dc1e8aaa3dac9a2c1d3c98c8ff22112e41c305de17f30d0d4420635ee4  plugin-sdk-api-baseline.json
+3aa4802ffcb68c4f15e367030994eae10e73b55b5f14c8e23d4e9467fae325fe  plugin-sdk-api-baseline.jsonl

docs/channels/msteams.md

@@ -666,6 +666,58 @@ Teams delivers messages via HTTP webhook. If processing takes too long (e.g., sl
 
 OpenClaw handles this by returning quickly and sending replies proactively, but very slow responses may still cause issues.
 
+### Teams cloud and service URL support
+
+This SDK-backed Teams path is live-validated for Microsoft Teams public cloud.
+
+Inbound replies use the incoming Teams SDK turn context. Out-of-context proactive operations - sends, edits, deletes, cards, polls, file-consent messages, and queued long-running replies - use the stored conversation reference `serviceUrl`. Public cloud defaults to the Teams SDK public cloud environment and allows stored references on the public Teams Connector host: `https://smba.trafficmanager.net/`.
+
+Public cloud is the default. You do not need to set `channels.msteams.cloud` or `channels.msteams.serviceUrl` for normal public-cloud bots.
+
+For non-public Teams clouds, set `cloud` and the matching proactive boundary when Microsoft publishes one:
+
+- `channels.msteams.cloud` selects the Teams SDK cloud preset for authentication, JWT validation, token services, and Graph scope.
+- `channels.msteams.serviceUrl` selects the Bot Connector endpoint boundary used to validate stored conversation references before proactive sends, edits, deletes, cards, polls, file-consent messages, and queued long-running replies. It is required for USGov and DoD SDK clouds. For China/21Vianet, OpenClaw uses the SDK `China` preset and accepts stored/configured service URLs only on Azure China Bot Framework channel hosts.
+
+Microsoft publishes the global proactive Bot Connector endpoints in the [Create the conversation](https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/conversations/send-proactive-messages?tabs=dotnet#create-the-conversation) section of the Teams proactive messaging docs. Use the incoming activity's `serviceUrl` when available; if you need a global proactive endpoint, use Microsoft's table.
+
+| Teams environment | OpenClaw config                                             | Proactive `serviceUrl`                             |
+| ----------------- | ----------------------------------------------------------- | -------------------------------------------------- |
+| Public            | no cloud/serviceUrl config needed                           | `https://smba.trafficmanager.net/teams`            |
+| GCC               | set `serviceUrl`; no separate Teams SDK cloud preset exists | `https://smba.infra.gcc.teams.microsoft.com/teams` |
+| GCC High          | `cloud: "USGov"` + `serviceUrl`                             | `https://smba.infra.gov.teams.microsoft.us/teams`  |
+| DoD               | `cloud: "USGovDoD"` + `serviceUrl`                          | `https://smba.infra.dod.teams.microsoft.us/teams`  |
+| China/21Vianet    | `cloud: "China"`                                            | use the incoming activity's `serviceUrl`           |
+
+Example for GCC, where Microsoft documents a separate proactive service URL but the Teams SDK does not expose a separate GCC cloud preset:
+
+```json
+{
+  "channels": {
+    "msteams": {
+      "serviceUrl": "https://smba.infra.gcc.teams.microsoft.com/teams"
+    }
+  }
+}
+```
+
+Example for GCC High:
+
+```json
+{
+  "channels": {
+    "msteams": {
+      "cloud": "USGov",
+      "serviceUrl": "https://smba.infra.gov.teams.microsoft.us/teams"
+    }
+  }
+}
+```
+
+`channels.msteams.serviceUrl` is restricted to supported Microsoft Teams Bot Connector hosts. When a service URL is configured, OpenClaw checks that the stored conversation `serviceUrl` uses the same host before proactive sends, edits, deletes, cards, polls, or queued long-running replies run. With the default public-cloud config, OpenClaw fails closed if a stored conversation points outside the public Teams Connector host. Receive a fresh message from the conversation after changing cloud/service URL settings so the stored conversation reference is current.
+
+China/21Vianet does not have a separate global proactive `smba` URL in Microsoft's Teams proactive endpoint table. Configure `cloud: "China"` so the Teams SDK uses Azure China auth, token, and JWT endpoints. Proactive sends then require a stored conversation reference from an incoming China Teams activity, or an explicitly configured service URL, on the Azure China Bot Framework channel boundary (`*.botframework.azure.cn`). Graph-backed Teams helpers are currently disabled for `cloud: "China"` until OpenClaw routes Graph requests through the Azure China Graph endpoint.
+
 ### Formatting
 
 Teams markdown is more limited than Slack or Discord:
@@ -680,6 +732,8 @@ Key settings (see `/gateway/configuration` for shared channel patterns):
 
 - `channels.msteams.enabled`: enable/disable the channel.
 - `channels.msteams.appId`, `channels.msteams.appPassword`, `channels.msteams.tenantId`: bot credentials.
+- `channels.msteams.cloud`: Teams SDK cloud environment (`Public`, `USGov`, `USGovDoD`, or `China`; default `Public`). Set this with `serviceUrl` for USGov/DoD SDK clouds; China uses the SDK preset and stored Azure China Bot Framework conversation references, with Graph-backed helpers disabled until Azure China Graph routing is implemented.
+- `channels.msteams.serviceUrl`: Bot Connector service URL boundary for SDK proactive operations. Public cloud uses the SDK default; set this for GCC (`https://smba.infra.gcc.teams.microsoft.com/teams`), GCC High, or DoD. China accepts Azure China Bot Framework channel hosts when the stored conversation reference comes from Teams operated by 21Vianet.
 - `channels.msteams.webhook.port` (default `3978`)
 - `channels.msteams.webhook.path` (default `/api/messages`)
 - `channels.msteams.dmPolicy`: `pairing | allowlist | open | disabled` (default: pairing)

docs/channels/slack.md

@@ -1120,6 +1120,8 @@ Hide raw command/exec text while keeping compact progress lines:
 
 `channels.slack.streaming.nativeTransport` controls Slack native text streaming when `channels.slack.streaming.mode` is `partial` (default: `true`).
 
+Slack native progress task cards are opt-in for progress mode. Set `channels.slack.streaming.progress.nativeTaskCards` to `true` with `channels.slack.streaming.mode="progress"` to send a Slack-native plan/task card while work is running, then update the same task card at completion. Without this flag, progress mode keeps the portable draft-preview behavior.
+
 - A reply thread must be available for native text streaming and Slack assistant thread status to appear. Thread selection still follows `replyToMode`.
 - Channel, group-chat, and top-level DM roots can still use the normal draft preview when native streaming is unavailable or no reply thread exists.
 - Top-level Slack DMs stay off-thread by default, so they do not show Slack's thread-style native stream/status preview; OpenClaw posts and edits a draft preview in the DM instead.
@@ -1142,6 +1144,24 @@ Use draft preview instead of Slack native text streaming:
 }
 ```
 
+Opt in to Slack native progress task cards:
+
+```json5
+{
+  channels: {
+    slack: {
+      streaming: {
+        mode: "progress",
+        progress: {
+          nativeTaskCards: true,
+          render: "rich",
+        },
+      },
+    },
+  },
+}
+```
+
 Legacy keys:
 
 - `channels.slack.streamMode` (`replace | status_final | append`) is a legacy runtime alias for `channels.slack.streaming.mode`.

docs/ci.md

@@ -43,7 +43,9 @@ OpenClaw CI runs on every push to `main` and every pull request. The `preflight`
 
 GitHub may mark superseded jobs as `cancelled` when a newer push lands on the same PR or `main` ref. Treat that as CI noise unless the newest run for the same ref is also failing. Matrix jobs use `fail-fast: false`, and `build-artifacts` reports embedded channel, core-support-boundary, and gateway-watch failures directly instead of queuing tiny verifier jobs. The automatic CI concurrency key is versioned (`CI-v7-*`) so a GitHub-side zombie in an old queue group cannot indefinitely block newer main runs. Manual full-suite runs use `CI-manual-v1-*` and do not cancel in-progress runs.
 
-The `ci-timings-summary` job uploads a compact `ci-timings-summary` artifact for each non-draft CI run. It records wall time, queue time, slowest jobs, and failed jobs for the current run, so CI health checks do not need to scrape the full Actions payload repeatedly. The `build-artifacts` job also runs the blocking startup-memory smoke and uploads a `startup-memory` artifact with per-command RSS values for `--help`, `status --json`, and `gateway status`.
+Use `pnpm ci:timings`, `pnpm ci:timings:recent`, or `node scripts/ci-run-timings.mjs <run-id>` to summarize wall time, queue time, slowest jobs, failures, and the `pnpm-store-warmup` fanout barrier from GitHub Actions. CI also uploads the same run summary as a `ci-timings-summary` artifact. For build timing, check the `build-artifacts` job's `Build dist` step: `pnpm build:ci-artifacts` prints `[build-all] phase timings:` and includes `ui:build`; the job also uploads the `startup-memory` artifact.
+
+For pull request runs, the terminal timing-summary job runs the helper from the trusted base revision before passing `GH_TOKEN` to `gh run view`. That keeps the tokened query out of branch-controlled code while still summarizing the pull request's current CI run.
 
 ## Real behavior proof
 
@@ -120,17 +122,17 @@ gh workflow run full-release-validation.yml --ref main -f ref=<branch-or-sha>
 
 ## Runners
 
-| Runner                           | Jobs                                                                                                                                                                                                                   |
-| -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `ubuntu-24.04`                   | `preflight`, docs checks, Python skills, workflow-sanity, labeler, auto-response; install-smoke preflight also uses GitHub-hosted Ubuntu so the Blacksmith matrix can queue earlier                                    |
-| `blacksmith-4vcpu-ubuntu-2404`   | `CodeQL Critical Quality`, `security-fast`, lower-weight extension shards, `checks-fast-core`, plugin/channel contract shards, `checks-node-compat-node22`, `check-guards`, `check-prod-types`, and `check-test-types` |
-| `blacksmith-8vcpu-ubuntu-2404`   | Linux Node test shards, bundled plugin test shards, `check-additional-*` shards, `android`                                                                                                                             |
-| `blacksmith-16vcpu-ubuntu-2404`  | `build-artifacts`, `check-lint` (CPU-sensitive enough that 8 vCPU cost more than they saved); install-smoke Docker builds (32-vCPU queue time cost more than it saved)                                                 |
-| `blacksmith-16vcpu-windows-2025` | `checks-windows`                                                                                                                                                                                                       |
-| `blacksmith-6vcpu-macos-latest`  | `macos-node` on `openclaw/openclaw`; forks fall back to `macos-latest`                                                                                                                                                 |
-| `blacksmith-12vcpu-macos-latest` | `macos-swift` on `openclaw/openclaw`; forks fall back to `macos-latest`                                                                                                                                                |
+| Runner                           | Jobs                                                                                                                                                                                                                                |
+| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `ubuntu-24.04`                   | Manual CI dispatch and non-canonical repository fallbacks, workflow-sanity, labeler, auto-response, docs workflows outside CI, and install-smoke preflight so the Blacksmith matrix can queue earlier                               |
+| `blacksmith-4vcpu-ubuntu-2404`   | `CodeQL Critical Quality`, `preflight`, `security-fast`, lower-weight extension shards, `checks-fast-core`, plugin/channel contract shards, `checks-node-compat-node22`, `check-guards`, `check-prod-types`, and `check-test-types` |
+| `blacksmith-8vcpu-ubuntu-2404`   | Linux Node test shards, bundled plugin test shards, `check-additional-*` shards, `check-dependencies`, and `android`                                                                                                                |
+| `blacksmith-16vcpu-ubuntu-2404`  | `build-artifacts`, `check-lint` (CPU-sensitive enough that 8 vCPU cost more than they saved); install-smoke Docker builds (32-vCPU queue time cost more than it saved)                                                              |
+| `blacksmith-16vcpu-windows-2025` | `checks-windows`                                                                                                                                                                                                                    |
+| `blacksmith-6vcpu-macos-15`      | `macos-node` on `openclaw/openclaw`; forks fall back to `macos-15`                                                                                                                                                                  |
+| `blacksmith-12vcpu-macos-26`     | `macos-swift` on `openclaw/openclaw`; forks fall back to `macos-26`                                                                                                                                                                 |
 
-Canonical-repo CI keeps Blacksmith as the default runner path. During `preflight`, `scripts/ci-runner-labels.mjs` checks recent queued and in-progress Actions runs for queued Blacksmith jobs. If a specific Blacksmith label already has queued jobs, downstream jobs that would use that exact label fall back to the matching GitHub-hosted runner (`ubuntu-24.04`, `windows-2025`, or `macos-latest`) for that run only. Other Blacksmith sizes in the same OS family stay on their primary labels. If the API probe fails, no fallback is applied.
+Canonical-repo CI keeps Blacksmith as the default runner path for normal push and pull-request runs. `workflow_dispatch` and non-canonical repository runs use GitHub-hosted runners, but normal canonical runs do not currently probe Blacksmith queue health or automatically fall back to GitHub-hosted labels when Blacksmith is unavailable.
 
 ## Local equivalents
 

docs/cli/doctor.md

@@ -40,6 +40,7 @@ openclaw doctor
 openclaw doctor --lint
 openclaw doctor --lint --json
 openclaw doctor --lint --severity-min warning
+openclaw doctor --lint --allow-exec
 openclaw doctor --deep
 openclaw doctor --fix
 openclaw doctor --fix --non-interactive
@@ -64,6 +65,7 @@ The targeted Discord capabilities probe reports the bot's effective channel perm
 - `--force`: apply aggressive repairs, including overwriting custom service config when needed
 - `--non-interactive`: run without prompts; safe migrations and non-service repairs only
 - `--generate-gateway-token`: generate and configure a gateway token
+- `--allow-exec`: allow doctor to execute configured exec SecretRefs while verifying secrets
 - `--deep`: scan system services for extra gateway installs and report recent Gateway supervisor restart handoffs
 - `--lint`: run modernized health checks in read-only mode and emit diagnostic findings
 - `--json`: with `--lint`, emit JSON findings instead of human output
@@ -84,6 +86,7 @@ are only accepted with `--lint`.
 openclaw doctor --lint
 openclaw doctor --lint --severity-min warning
 openclaw doctor --lint --json
+openclaw doctor --lint --allow-exec
 openclaw doctor --lint --only core/doctor/gateway-config --json
 ```
 
@@ -191,6 +194,7 @@ Notes:
 - Interactive prompts (like keychain/OAuth fixes) only run when stdin is a TTY and `--non-interactive` is **not** set. Headless runs (cron, Telegram, no terminal) will skip prompts.
 - Performance: non-interactive `doctor` runs skip eager plugin loading so headless health checks stay fast. Interactive doctor sessions still load the plugin surfaces needed by the legacy health and repair flow.
 - `--lint` is stricter than `--non-interactive`: it is always read-only, never prompts, and never applies safe migrations. Run `doctor --fix` or `doctor --repair` when you want doctor to make changes.
+- By default, doctor does not execute `exec` SecretRefs while checking secrets. Use `openclaw doctor --allow-exec` or `openclaw doctor --lint --allow-exec` only when you intentionally want doctor to run those configured secret resolvers.
 - `--fix` (alias for `--repair`) writes a backup to `~/.openclaw/openclaw.json.bak` and drops unknown config keys, listing each removal.
 - Modernized health checks can expose a `repair()` path for `doctor --fix`; checks that do not expose one continue through the existing doctor repair flow.
 - `doctor --fix --non-interactive` reports missing or stale gateway service definitions but does not install or rewrite them outside update repair mode. Run `openclaw gateway install` for a missing service, or `openclaw gateway install --force` when you intentionally want to replace the launcher.
@@ -214,7 +218,7 @@ Notes:
 - Doctor warns when skills allowed for the default agent are unavailable in the current runtime environment because bins, env vars, config, or OS requirements are missing. `doctor --fix` can disable those unavailable skills with `skills.entries.<skill>.enabled=false`; install/configure the missing requirement instead when you want to keep the skill active.
 - If sandbox mode is enabled but Docker is unavailable, doctor reports a high-signal warning with remediation (`install Docker` or `openclaw config set agents.defaults.sandbox.mode off`).
 - If legacy sandbox registry files (`~/.openclaw/sandbox/containers.json` or `~/.openclaw/sandbox/browsers.json`) are present, doctor reports them; `openclaw doctor --fix` migrates valid entries into sharded registry directories and quarantines invalid legacy files.
-- If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials.
+- If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials. For exec-backed SecretRefs, doctor skips execution unless `--allow-exec` is present.
 - If channel SecretRef inspection fails in a fix path, doctor continues and reports a warning instead of exiting early.
 - After state-directory migrations, doctor warns when enabled default Telegram or Discord accounts depend on env fallback and `TELEGRAM_BOT_TOKEN` or `DISCORD_BOT_TOKEN` is unavailable to the doctor process.
 - Telegram `allowFrom` username auto-resolution (`doctor --fix`) requires a resolvable Telegram token in the current command path. If token inspection is unavailable, doctor reports a warning and skips auto-resolution for that pass.

docs/cli/memory.md

@@ -170,7 +170,7 @@ Notes:
 - `memory status` includes any extra paths configured via `memorySearch.extraPaths`.
 - If effectively active memory remote API key fields are configured as SecretRefs, the command resolves those values from the active gateway snapshot. If gateway is unavailable, the command fails fast.
 - Gateway version skew note: this command path requires a gateway that supports `secrets.resolve`; older gateways return an unknown-method error.
-- Tune scheduled sweep cadence with `dreaming.frequency`. Deep promotion policy is otherwise internal; use CLI flags on `memory promote` when you need one-off manual overrides.
+- Tune scheduled sweep cadence with `dreaming.frequency`. Deep promotion policy is otherwise internal except for `dreaming.phases.deep.maxPromotedSnippetTokens`, which bounds promoted snippet length while keeping provenance visible. Use CLI flags on `memory promote` when you need one-off manual threshold overrides.
 - `memory rem-harness --path <file-or-dir> --grounded` previews grounded `What Happened`, `Reflections`, and `Possible Lasting Updates` from historical daily notes without writing anything.
 - `memory rem-backfill --path <file-or-dir>` writes reversible grounded diary entries into `DREAMS.md` for UI review.
 - `memory rem-backfill --path <file-or-dir> --stage-short-term` also seeds grounded durable candidates into the live short-term promotion store so the normal deep phase can rank them.

docs/cli/plugins.md

@@ -169,7 +169,7 @@ is available, then fall back to `latest`.
   <Accordion title="Hook packs and npm specs">
     `plugins install` is also the install surface for hook packs that expose `openclaw.hooks` in `package.json`. Use `openclaw hooks` for filtered hook visibility and per-hook enablement, not package installation.
 
-    Npm specs are **registry-only** (package name + optional **exact version** or **dist-tag**). Git/URL/file specs and semver ranges are rejected. Dependency installs run project-local with `--ignore-scripts` for safety, even when your shell has global npm install settings. Managed plugin npm roots inherit OpenClaw's package-level npm `overrides`, so host security pins apply to hoisted plugin dependencies too.
+    Npm specs are **registry-only** (package name + optional **exact version** or **dist-tag**). Git/URL/file specs and semver ranges are rejected. Dependency installs run in one managed npm project per plugin with `--ignore-scripts` for safety, even when your shell has global npm install settings. Managed plugin npm projects inherit OpenClaw's package-level npm `overrides`, so host security pins apply to hoisted plugin dependencies too.
 
     Use `npm:<package>` when you want to make npm resolution explicit. Bare package specs also install directly from npm during the launch cutover unless they match an official plugin id.
 
@@ -177,6 +177,8 @@ is available, then fall back to `latest`.
 
     Bare specs and `@latest` stay on the stable track. OpenClaw date-stamped correction versions such as `2026.5.3-1` are stable releases for this check. If npm resolves either of those to a prerelease, OpenClaw stops and asks you to opt in explicitly with a prerelease tag such as `@beta`/`@rc` or an exact prerelease version such as `@1.2.3-beta.4`.
 
+    For npm installs without an exact version (`npm:<package>` or `npm:<package>@latest`), OpenClaw checks the resolved package metadata before install. If the latest stable package requires a newer OpenClaw plugin API or minimum host version, OpenClaw inspects older stable versions and installs the newest compatible release instead. Exact versions and explicit dist-tags such as `@beta` remain strict: if the selected package is incompatible, the command fails and asks you to upgrade OpenClaw or choose a compatible version.
+
     If a bare install spec matches an official plugin id (for example `diffs`), OpenClaw installs the catalog entry directly. To install an npm package with the same name, use an explicit scoped spec (for example `@scope/diffs`).
 
   </Accordion>
@@ -192,10 +194,10 @@ is available, then fall back to `latest`.
     Supported archives: `.zip`, `.tgz`, `.tar.gz`, `.tar`. Native OpenClaw plugin archives must contain a valid `openclaw.plugin.json` at the extracted plugin root; archives that only contain `package.json` are rejected before OpenClaw writes install records.
 
     Use `npm-pack:<path.tgz>` when the file is an npm-pack tarball and you want
-    to test the same managed npm-root install path used by registry installs,
-    including `package-lock.json` verification, hoisted dependency scanning, and
-    npm install records. Plain archive paths still install as local archives
-    under the plugin extensions root.
+    to test the same per-plugin managed npm project path used by registry
+    installs, including `package-lock.json` verification, hoisted dependency
+    scanning, and npm install records. Plain archive paths still install as local
+    archives under the plugin extensions root.
 
     Claude marketplace installs are also supported.
 
@@ -435,7 +437,7 @@ The local plugin registry is OpenClaw's persisted cold read model for installed
 
 Use `plugins registry` to inspect whether the persisted registry is present, current, or stale. Use `--refresh` to rebuild it from the persisted plugin index, config policy, and manifest/package metadata. This is a repair path, not a runtime activation path.
 
-`openclaw doctor --fix` also repairs registry-adjacent managed npm drift: if an orphaned or recovered `@openclaw/*` package under the managed plugin npm root shadows a bundled plugin, doctor removes that stale package and rebuilds the registry so startup validates against the bundled manifest. Doctor also relinks the host `openclaw` package into managed npm plugins that declare `peerDependencies.openclaw`, so package-local runtime imports such as `openclaw/plugin-sdk/*` resolve after updates or npm repairs.
+`openclaw doctor --fix` also repairs registry-adjacent managed npm drift: if an orphaned or recovered `@openclaw/*` package under a managed plugin npm project or the legacy flat managed npm root shadows a bundled plugin, doctor removes that stale package and rebuilds the registry so startup validates against the bundled manifest. Doctor also relinks the host `openclaw` package into managed npm plugins that declare `peerDependencies.openclaw`, so package-local runtime imports such as `openclaw/plugin-sdk/*` resolve after updates or npm repairs.
 
 <Warning>
 `OPENCLAW_DISABLE_PERSISTED_PLUGIN_REGISTRY=1` is a deprecated break-glass compatibility switch for registry read failures. Prefer `plugins registry --refresh` or `openclaw doctor --fix`; the env fallback is only for emergency startup recovery while the migration rolls out.

docs/cli/sessions.md

@@ -110,7 +110,7 @@ openclaw sessions cleanup --json
 - `--dry-run`: preview how many entries would be pruned/capped without writing.
   - In text mode, dry-run prints a per-session action table (`Action`, `Key`, `Age`, `Model`, `Flags`) so you can see what would be kept vs removed.
 - `--enforce`: apply maintenance even when `session.maintenance.mode` is `warn`.
-- `--fix-missing`: remove entries whose transcript files are missing, even if they would not normally age/count out yet.
+- `--fix-missing`: remove entries whose transcript files are missing or header-only/empty, even if they would not normally age/count out yet.
 - `--fix-dm-scope`: when `session.dmScope` is `main`, retire stale peer-keyed direct-DM rows left behind by earlier `per-peer`, `per-channel-peer`, or `per-account-channel-peer` routing. Use `--dry-run` first; applying the cleanup removes those rows from `sessions.json` and preserves their transcripts as deleted archives.
 - `--active-key <key>`: protect a specific active key from disk-budget eviction. Durable external conversation pointers, such as group sessions and thread-scoped chat sessions, are also kept by age/count/disk-budget maintenance.
 - `--agent <id>`: run cleanup for one configured agent store.

docs/concepts/agent.md

@@ -65,6 +65,10 @@ OpenClaw loads skills from these locations (highest precedence first):
 - Bundled (shipped with the install)
 - Extra skill folders: `skills.load.extraDirs`
 
+Skill roots can contain grouped folders such as
+`<workspace>/skills/personal/foo/SKILL.md`; the skill is still exposed by its
+flat frontmatter name, for example `foo`.
+
 Skills can be gated by config/env (see `skills` in [Gateway configuration](/gateway/configuration)).
 
 ## Runtime boundaries

docs/concepts/dreaming.md

@@ -229,13 +229,16 @@ All settings live under `plugins.entries.memory-core.config.dreaming`.
 <ParamField path="model" type="string">
   Optional Dream Diary subagent model override. Use a canonical `provider/model` value when also setting a subagent `allowedModels` allowlist.
 </ParamField>
+<ParamField path="phases.deep.maxPromotedSnippetTokens" type="number" default="160">
+  Maximum estimated token count kept from each short-term recall snippet promoted into `MEMORY.md`. Ranking provenance remains visible.
+</ParamField>
 
 <Warning>
 `dreaming.model` requires `plugins.entries.memory-core.subagent.allowModelOverride: true`. To restrict it, also set `plugins.entries.memory-core.subagent.allowedModels`. Trust or allowlist failures stay visible instead of falling back silently; the retry only covers model-unavailable errors.
 </Warning>
 
 <Note>
-Phase policy, thresholds, and storage behavior are internal implementation details (not user-facing config). See [Memory configuration reference](/reference/memory-config#dreaming) for the full key list.
+Most phase policy, thresholds, and storage behavior are internal implementation details. See [Memory configuration reference](/reference/memory-config#dreaming) for the full key list.
 </Note>
 
 ## Dreams UI

docs/concepts/model-providers.md

@@ -290,32 +290,32 @@ See [/providers/kilocode](/providers/kilocode) for setup details.
 
 ### Other bundled provider plugins
 
-| Provider                | Id                               | Auth env                                                     | Example model                                 |
-| ----------------------- | -------------------------------- | ------------------------------------------------------------ | --------------------------------------------- |
-| BytePlus                | `byteplus` / `byteplus-plan`     | `BYTEPLUS_API_KEY`                                           | `byteplus-plan/ark-code-latest`               |
-| Cerebras                | `cerebras`                       | `CEREBRAS_API_KEY`                                           | `cerebras/zai-glm-4.7`                        |
-| Cloudflare AI Gateway   | `cloudflare-ai-gateway`          | `CLOUDFLARE_AI_GATEWAY_API_KEY`                              | -                                             |
-| DeepInfra               | `deepinfra`                      | `DEEPINFRA_API_KEY`                                          | `deepinfra/deepseek-ai/DeepSeek-V4-Flash`     |
-| DeepSeek                | `deepseek`                       | `DEEPSEEK_API_KEY`                                           | `deepseek/deepseek-v4-flash`                  |
-| GitHub Copilot          | `github-copilot`                 | `COPILOT_GITHUB_TOKEN` / `GH_TOKEN` / `GITHUB_TOKEN`         | -                                             |
-| Groq                    | `groq`                           | `GROQ_API_KEY`                                               | -                                             |
-| Hugging Face Inference  | `huggingface`                    | `HUGGINGFACE_HUB_TOKEN` or `HF_TOKEN`                        | `huggingface/deepseek-ai/DeepSeek-R1`         |
-| Kilo Gateway            | `kilocode`                       | `KILOCODE_API_KEY`                                           | `kilocode/kilo/auto`                          |
-| Kimi Coding             | `kimi`                           | `KIMI_API_KEY` or `KIMICODE_API_KEY`                         | `kimi/kimi-for-coding`                        |
-| MiniMax                 | `minimax` / `minimax-portal`     | `MINIMAX_API_KEY` / `MINIMAX_OAUTH_TOKEN`                    | `minimax/MiniMax-M2.7`                        |
-| Mistral                 | `mistral`                        | `MISTRAL_API_KEY`                                            | `mistral/mistral-large-latest`                |
-| Moonshot                | `moonshot`                       | `MOONSHOT_API_KEY`                                           | `moonshot/kimi-k2.6`                          |
-| NVIDIA                  | `nvidia`                         | `NVIDIA_API_KEY`                                             | `nvidia/nvidia/nemotron-3-super-120b-a12b`    |
-| OpenRouter              | `openrouter`                     | `OPENROUTER_API_KEY`                                         | `openrouter/auto`                             |
-| Qianfan                 | `qianfan`                        | `QIANFAN_API_KEY`                                            | `qianfan/deepseek-v3.2`                       |
-| Qwen Cloud              | `qwen`                           | `QWEN_API_KEY` / `MODELSTUDIO_API_KEY` / `DASHSCOPE_API_KEY` | `qwen/qwen3.5-plus`                           |
-| StepFun                 | `stepfun` / `stepfun-plan`       | `STEPFUN_API_KEY`                                            | `stepfun/step-3.5-flash`                      |
-| Together                | `together`                       | `TOGETHER_API_KEY`                                           | `together/moonshotai/Kimi-K2.5`               |
-| Venice                  | `venice`                         | `VENICE_API_KEY`                                             | -                                             |
-| Vercel AI Gateway       | `vercel-ai-gateway`              | `AI_GATEWAY_API_KEY`                                         | `vercel-ai-gateway/anthropic/claude-opus-4.6` |
-| Volcano Engine (Doubao) | `volcengine` / `volcengine-plan` | `VOLCANO_ENGINE_API_KEY`                                     | `volcengine-plan/ark-code-latest`             |
-| xAI                     | `xai`                            | SuperGrok/X Premium OAuth or `XAI_API_KEY`                   | `xai/grok-4.3`                                |
-| Xiaomi                  | `xiaomi`                         | `XIAOMI_API_KEY`                                             | `xiaomi/mimo-v2-flash`                        |
+| Provider                | Id                               | Auth env                                                     | Example model                                      |
+| ----------------------- | -------------------------------- | ------------------------------------------------------------ | -------------------------------------------------- |
+| BytePlus                | `byteplus` / `byteplus-plan`     | `BYTEPLUS_API_KEY`                                           | `byteplus-plan/ark-code-latest`                    |
+| Cerebras                | `cerebras`                       | `CEREBRAS_API_KEY`                                           | `cerebras/zai-glm-4.7`                             |
+| Cloudflare AI Gateway   | `cloudflare-ai-gateway`          | `CLOUDFLARE_AI_GATEWAY_API_KEY`                              | -                                                  |
+| DeepInfra               | `deepinfra`                      | `DEEPINFRA_API_KEY`                                          | `deepinfra/deepseek-ai/DeepSeek-V4-Flash`          |
+| DeepSeek                | `deepseek`                       | `DEEPSEEK_API_KEY`                                           | `deepseek/deepseek-v4-flash`                       |
+| GitHub Copilot          | `github-copilot`                 | `COPILOT_GITHUB_TOKEN` / `GH_TOKEN` / `GITHUB_TOKEN`         | -                                                  |
+| Groq                    | `groq`                           | `GROQ_API_KEY`                                               | -                                                  |
+| Hugging Face Inference  | `huggingface`                    | `HUGGINGFACE_HUB_TOKEN` or `HF_TOKEN`                        | `huggingface/deepseek-ai/DeepSeek-R1`              |
+| Kilo Gateway            | `kilocode`                       | `KILOCODE_API_KEY`                                           | `kilocode/kilo/auto`                               |
+| Kimi Coding             | `kimi`                           | `KIMI_API_KEY` or `KIMICODE_API_KEY`                         | `kimi/kimi-for-coding`                             |
+| MiniMax                 | `minimax` / `minimax-portal`     | `MINIMAX_API_KEY` / `MINIMAX_OAUTH_TOKEN`                    | `minimax/MiniMax-M2.7`                             |
+| Mistral                 | `mistral`                        | `MISTRAL_API_KEY`                                            | `mistral/mistral-large-latest`                     |
+| Moonshot                | `moonshot`                       | `MOONSHOT_API_KEY`                                           | `moonshot/kimi-k2.6`                               |
+| NVIDIA                  | `nvidia`                         | `NVIDIA_API_KEY`                                             | `nvidia/nvidia/nemotron-3-super-120b-a12b`         |
+| OpenRouter              | `openrouter`                     | `OPENROUTER_API_KEY`                                         | `openrouter/auto`                                  |
+| Qianfan                 | `qianfan`                        | `QIANFAN_API_KEY`                                            | `qianfan/deepseek-v3.2`                            |
+| Qwen Cloud              | `qwen`                           | `QWEN_API_KEY` / `MODELSTUDIO_API_KEY` / `DASHSCOPE_API_KEY` | `qwen/qwen3.5-plus`                                |
+| StepFun                 | `stepfun` / `stepfun-plan`       | `STEPFUN_API_KEY`                                            | `stepfun/step-3.5-flash`                           |
+| Together                | `together`                       | `TOGETHER_API_KEY`                                           | `together/meta-llama/Llama-3.3-70B-Instruct-Turbo` |
+| Venice                  | `venice`                         | `VENICE_API_KEY`                                             | -                                                  |
+| Vercel AI Gateway       | `vercel-ai-gateway`              | `AI_GATEWAY_API_KEY`                                         | `vercel-ai-gateway/anthropic/claude-opus-4.6`      |
+| Volcano Engine (Doubao) | `volcengine` / `volcengine-plan` | `VOLCANO_ENGINE_API_KEY`                                     | `volcengine-plan/ark-code-latest`                  |
+| xAI                     | `xai`                            | SuperGrok/X Premium OAuth or `XAI_API_KEY`                   | `xai/grok-4.3`                                     |
+| Xiaomi                  | `xiaomi`                         | `XIAOMI_API_KEY`                                             | `xiaomi/mimo-v2-flash`                             |
 
 #### Quirks worth knowing
 

docs/concepts/qa-e2e-automation.md

@@ -665,6 +665,48 @@ pnpm openclaw qa slack \
 
 A green run completes in well under 30 seconds and `slack-qa-report.md` shows both `slack-canary` and `slack-mention-gating` at status `pass`. If the lane hangs for ~90 seconds and exits with `Convex credential pool exhausted for kind "slack"`, either the pool is empty or every row is leased - `qa credentials list --kind slack --status all --json` will tell you which.
 
+### WhatsApp QA
+
+```bash
+pnpm openclaw qa whatsapp
+```
+
+Targets two dedicated WhatsApp Web accounts: a driver account controlled by
+the harness and a SUT account started by the child OpenClaw gateway through the
+bundled WhatsApp plugin.
+
+Required env when `--credential-source env`:
+
+- `OPENCLAW_QA_WHATSAPP_DRIVER_PHONE_E164`
+- `OPENCLAW_QA_WHATSAPP_SUT_PHONE_E164`
+- `OPENCLAW_QA_WHATSAPP_DRIVER_AUTH_ARCHIVE_BASE64`
+- `OPENCLAW_QA_WHATSAPP_SUT_AUTH_ARCHIVE_BASE64`
+
+Optional:
+
+- `OPENCLAW_QA_WHATSAPP_GROUP_JID` enables `whatsapp-mention-gating`.
+- `OPENCLAW_QA_WHATSAPP_CAPTURE_CONTENT=1` keeps message bodies in
+  observed-message artifacts.
+
+Scenarios (`extensions/qa-lab/src/live-transports/whatsapp/whatsapp-live.runtime.ts`):
+
+- `whatsapp-canary`
+- `whatsapp-pairing-block`
+- `whatsapp-mention-gating`
+- `whatsapp-approval-exec-native` - opt-in native WhatsApp exec approval
+  scenario. Requests an exec approval through the gateway, verifies the
+  WhatsApp message has native reaction approval affordances, resolves it, and
+  verifies the resolved WhatsApp follow-up.
+- `whatsapp-approval-plugin-native` - opt-in native WhatsApp plugin approval
+  scenario. Enables exec and plugin approval forwarding together, then verifies
+  the same pending/resolved native WhatsApp path.
+
+Output artifacts:
+
+- `whatsapp-qa-report.md`
+- `whatsapp-qa-summary.json`
+- `whatsapp-qa-observed-messages.json` - bodies redacted unless `OPENCLAW_QA_WHATSAPP_CAPTURE_CONTENT=1`.
+
 ### Convex credential pool
 
 Telegram, Discord, Slack, and WhatsApp lanes can lease credentials from a shared Convex pool instead of reading the env vars above. Pass `--credential-source convex` (or set `OPENCLAW_QA_CREDENTIAL_SOURCE=convex`); QA Lab acquires an exclusive lease, heartbeats it for the duration of the run, and releases it on shutdown. Pool kinds are `"telegram"`, `"discord"`, `"slack"`, and `"whatsapp"`.

docs/concepts/system-prompt.md

@@ -258,6 +258,10 @@ prompt instructs the model to use `read` to load the SKILL.md at the listed
 location (workspace, managed, or bundled). If no skills are eligible, the
 Skills section is omitted.
 
+The location can point at a nested skill, such as
+`skills/personal/foo/SKILL.md`. Nesting is only organizational; the prompt still
+uses the flat skill name from `SKILL.md` frontmatter.
+
 Eligibility includes skill metadata gates, runtime environment/config checks,
 and the effective agent skill allowlist when `agents.defaults.skills` or
 `agents.list[].skills` is configured.

docs/docs.json

@@ -1554,6 +1554,7 @@
                       "gateway/security/index",
                       "gateway/security/exposure-runbook",
                       "gateway/security/secure-file-operations",
+                      "gateway/security/shrinkwrap",
                       "gateway/security/audit-checks",
                       "gateway/operator-scopes",
                       "gateway/sandboxing",
@@ -1815,6 +1816,7 @@
                 "pages": [
                   "reference/RELEASING",
                   "reference/full-release-validation",
+                  "reference/release-performance-sweep",
                   "reference/test",
                   "ci",
                   "help/scripts"

docs/gateway/config-agents.md

@@ -562,20 +562,6 @@ Optional CLI backends for text-only fallback runs (no tool calls). Useful as a b
   first compaction summary exists. Auth profile or credential-epoch changes
   still never raw-reseed.
 
-### `agents.defaults.systemPromptOverride`
-
-Replace the entire OpenClaw-assembled system prompt with a fixed string. Set at the default level (`agents.defaults.systemPromptOverride`) or per agent (`agents.list[].systemPromptOverride`). Per-agent values take precedence; an empty or whitespace-only value is ignored. Useful for controlled prompt experiments.
-
-```json5
-{
-  agents: {
-    defaults: {
-      systemPromptOverride: "You are a helpful assistant.",
-    },
-  },
-}
-```
-
 ### `agents.defaults.promptOverlays`
 
 Provider-independent prompt overlays applied by model family on OpenClaw-assembled prompt surfaces. GPT-5-family model ids receive the shared behavior contract across OpenClaw/provider routes; `personality` controls only the friendly interaction-style layer. Native Codex app-server routes keep Codex-owned base/model instructions instead of this OpenClaw GPT-5 overlay, and OpenClaw disables Codex's built-in personality for native threads.

docs/gateway/openresponses-http-api.md

@@ -175,9 +175,9 @@ Current behavior:
   rasterized into images and passed to the model, and the injected file block uses
   the placeholder `[PDF content rendered to images]`.
 
-PDF parsing is provided by the bundled `document-extract` plugin, which uses the
-Node-friendly `pdfjs-dist` legacy build (no worker). The modern PDF.js build
-expects browser workers/DOM globals, so it is not used in the Gateway.
+PDF parsing is provided by the bundled `document-extract` plugin, which uses
+`clawpdf` and its packaged PDFium WebAssembly runtime for text extraction and
+page rendering.
 
 URL fetch defaults:
 

docs/gateway/protocol.md

@@ -347,9 +347,11 @@ enumeration of `src/gateway/server-methods/*.ts`.
     - `models.list` returns the runtime-allowed model catalog. Pass `{ "view": "configured" }` for picker-sized configured models (`agents.defaults.models` first, then `models.providers.*.models`), or `{ "view": "all" }` for the full catalog.
     - `usage.status` returns provider usage windows/remaining quota summaries.
     - `usage.cost` returns aggregated cost usage summaries for a date range.
+      Pass `agentId` for one agent, or `agentScope: "all"` to aggregate configured agents.
     - `doctor.memory.status` returns vector-memory / cached embedding readiness for the active default agent workspace. Pass `{ "probe": true }` or `{ "deep": true }` only when the caller explicitly wants a live embedding provider ping.
     - `doctor.memory.remHarness` returns a bounded, read-only REM harness preview for remote control-plane clients. It can include workspace paths, memory snippets, rendered grounded markdown, and deep promotion candidates, so callers need `operator.read`.
-    - `sessions.usage` returns per-session usage summaries.
+    - `sessions.usage` returns per-session usage summaries. Pass `agentId` for one
+      agent, or `agentScope: "all"` to list configured agents together.
     - `sessions.usage.timeseries` returns timeseries usage for one session.
     - `sessions.usage.logs` returns usage log entries for one session.
 
@@ -562,8 +564,14 @@ terminal summary, and sanitized error text.
   - `sessionKey` is required.
   - The gateway derives trusted runtime context from the session server-side instead of accepting
     caller-supplied auth or delivery context.
-  - The response is session-scoped and reflects what the active conversation can use right now,
-    including core, plugin, and channel tools.
+  - The response is a session-scoped server-derived projection of the active inventory,
+    including core, plugin, channel, and already-discovered MCP server tools.
+  - `tools.effective` is read-only for MCP: it may project a warm session MCP catalog through the
+    final tool policy, but it does not create MCP runtimes, connect transports, or issue
+    `tools/list`. If no matching warm catalog exists, the response may include a notice such as
+    `mcp-not-yet-connected`, `mcp-not-yet-listed`, or `mcp-stale-catalog`.
+  - Effective tool entries use `source="core"`, `source="plugin"`, `source="channel"`, or
+    `source="mcp"`.
 - Operators may call `tools.invoke` (`operator.write`) to invoke one available tool through the
   same gateway policy path as `/tools/invoke`.
   - `name` is required. `args`, `sessionKey`, `agentId`, `confirm`, and

docs/gateway/security/index.md

@@ -63,67 +63,11 @@ OpenClaw source checkouts use `pnpm-lock.yaml`. The published `openclaw` npm
 package and OpenClaw-owned npm plugin packages include `npm-shrinkwrap.json`,
 npm's publishable dependency lockfile, so package installs use the reviewed
 transitive dependency graph from the release instead of resolving a fresh graph
-at install time. Suitable OpenClaw-owned npm plugin packages can also publish
-with explicit `bundledDependencies`, so their runtime dependency files are
-carried in the plugin tarball instead of depending only on install-time
-resolution.
+at install time.
 
-This is a supply-chain hardening measure:
-
-- release installs are more reproducible;
-- transitive dependency updates become visible review surfaces;
-- the package tarball contains the dependency graph that release validators
-  checked;
-- suitable OpenClaw-owned plugin tarballs contain the dependency files from
-  that graph;
-- `package-lock.json` stays out of the published package, because npm does not
-  treat it as the publishable lock contract.
-
-Shrinkwrap is not a sandbox and does not make every dependency trustworthy. It
-does not replace `openclaw security audit`, host isolation, npm provenance,
-signature/audit checks, or `--ignore-scripts` install smoke tests when those are
-appropriate. Treat it as a release reproducibility and review-control boundary.
-
-Maintainers should update and verify shrinkwrap whenever the root package or an
-OpenClaw-owned published plugin package changes its published dependency graph:
-
-```bash
-pnpm deps:shrinkwrap:generate
-pnpm deps:shrinkwrap:check
-```
-
-The generator resolves npm's publishable lock format but rejects generated
-package versions that are not already present in `pnpm-lock.yaml`, preserving
-the pnpm dependency age, override, and patch review boundary.
-
-Use `pnpm deps:shrinkwrap:root:generate` and
-`pnpm deps:shrinkwrap:root:check` only when you intentionally want to refresh
-the root `openclaw` package without touching plugin packages.
-
-Review `pnpm-lock.yaml`, `npm-shrinkwrap.json`, bundled plugin dependency
-payloads, and any `package-lock.json` diff as security-sensitive. The package
-validators require shrinkwrap in new root package tarballs and the plugin npm
-publish path checks plugin-local shrinkwrap, installs package-local bundled
-dependencies, and then packs or publishes. Package validators reject
-`package-lock.json`.
-
-To inspect a published package:
-
-```bash
-npm pack openclaw@<version> --json --pack-destination /tmp/openclaw-pack
-tar -tf /tmp/openclaw-pack/openclaw-<version>.tgz | grep '^package/npm-shrinkwrap.json$'
-```
-
-To inspect an OpenClaw-owned plugin package, replace the package spec and check
-the same tar entry:
-
-```bash
-npm pack @openclaw/discord@<version> --json --pack-destination /tmp/openclaw-plugin-pack
-tar -tf /tmp/openclaw-plugin-pack/openclaw-discord-<version>.tgz | grep '^package/npm-shrinkwrap.json$'
-tar -tf /tmp/openclaw-plugin-pack/openclaw-discord-<version>.tgz | grep '^package/node_modules/'
-```
-
-Background: [npm-shrinkwrap.json](https://docs.npmjs.com/cli/v11/configuring-npm/npm-shrinkwrap-json).
+Shrinkwrap is a supply-chain hardening and release reproducibility boundary,
+not a sandbox. For the plain-English model, maintainer commands, and package
+inspection checks, see [npm shrinkwrap](/gateway/security/shrinkwrap).
 
 ### Deployment and host trust
 

docs/gateway/security/shrinkwrap.md

@@ -0,0 +1,111 @@
+---
+summary: "Plain-English and technical explanation of npm shrinkwrap in OpenClaw releases"
+read_when:
+  - You want to know what npm shrinkwrap means in an OpenClaw release
+  - You are reviewing package lockfiles, dependency changes, or supply-chain risk
+  - You are validating root or plugin npm packages before publishing
+title: "npm shrinkwrap"
+---
+
+OpenClaw source checkouts use `pnpm-lock.yaml`. Published OpenClaw npm
+packages use `npm-shrinkwrap.json`, npm's publishable dependency lockfile, so
+package installs use the dependency graph reviewed during release.
+
+## The easy version
+
+Shrinkwrap is a receipt for the dependency tree that ships with an npm package.
+It tells npm which exact transitive package versions to install.
+
+For OpenClaw releases, that means:
+
+- the published package does not ask npm to invent a fresh dependency graph at
+  install time;
+- dependency changes become easier to review because they appear in a lockfile;
+- release validation can test the same graph users will install;
+- package-size or native-dependency surprises are easier to spot before
+  publishing.
+
+Shrinkwrap is not a sandbox. It does not make a dependency safe by itself, and
+it does not replace host isolation, `openclaw security audit`, package
+provenance, or install smoke tests.
+
+The short mental model:
+
+| File                  | Where it matters         | What it means                     |
+| --------------------- | ------------------------ | --------------------------------- |
+| `pnpm-lock.yaml`      | OpenClaw source checkout | Maintainer dependency graph       |
+| `npm-shrinkwrap.json` | Published npm package    | npm install graph for users       |
+| `package-lock.json`   | Local npm apps           | Not the OpenClaw publish contract |
+
+## Why OpenClaw uses it
+
+OpenClaw is a gateway, plugin host, model router, and agent runtime. A default
+install can affect startup time, disk use, native package downloads, and
+supply-chain exposure.
+
+Shrinkwrap gives release review a stable boundary:
+
+- reviewers can see transitive dependency movement;
+- package validators can reject unexpected lockfile drift;
+- package acceptance can test installs with the graph that will ship;
+- plugin packages can carry their own locked dependency graph instead of
+  relying on the root package to own plugin-only dependencies.
+
+The goal is not "more lockfiles." The goal is reproducible release installs
+with clear ownership.
+
+## Technical details
+
+The root `openclaw` npm package and OpenClaw-owned npm plugin packages include
+`npm-shrinkwrap.json` when they publish. Suitable OpenClaw-owned plugin
+packages can also publish with explicit `bundledDependencies`, so their runtime
+dependency files are carried in the plugin tarball instead of depending only on
+install-time resolution.
+
+Maintain the boundary like this:
+
+```bash
+pnpm deps:shrinkwrap:generate
+pnpm deps:shrinkwrap:check
+```
+
+The generator resolves npm's publishable lock format but rejects generated
+package versions that are not already present in `pnpm-lock.yaml`. That keeps
+the pnpm dependency age, override, and patch-review boundary intact.
+
+Use root-only commands only when intentionally refreshing the root package
+without touching plugin packages:
+
+```bash
+pnpm deps:shrinkwrap:root:generate
+pnpm deps:shrinkwrap:root:check
+```
+
+Review these files as security-sensitive:
+
+- `pnpm-lock.yaml`
+- `npm-shrinkwrap.json`
+- bundled plugin dependency payloads
+- any `package-lock.json` diff
+
+OpenClaw package validators require shrinkwrap in new root package tarballs.
+The plugin npm publish path checks plugin-local shrinkwrap, installs
+package-local bundled dependencies, and then packs or publishes. Package
+validators reject `package-lock.json` for published OpenClaw packages.
+
+To inspect a published root package:
+
+```bash
+npm pack openclaw@<version> --json --pack-destination /tmp/openclaw-pack
+tar -tf /tmp/openclaw-pack/openclaw-<version>.tgz | grep '^package/npm-shrinkwrap.json$'
+```
+
+To inspect an OpenClaw-owned plugin package:
+
+```bash
+npm pack @openclaw/discord@<version> --json --pack-destination /tmp/openclaw-plugin-pack
+tar -tf /tmp/openclaw-plugin-pack/openclaw-discord-<version>.tgz | grep '^package/npm-shrinkwrap.json$'
+tar -tf /tmp/openclaw-plugin-pack/openclaw-discord-<version>.tgz | grep '^package/node_modules/'
+```
+
+Background: [npm-shrinkwrap.json](https://docs.npmjs.com/cli/v11/configuring-npm/npm-shrinkwrap-json).

docs/help/testing-live.md

@@ -71,12 +71,13 @@ Live tests are split into two layers so we can isolate failures:
   - Run a small completion per model (and targeted regressions where needed)
 - How to enable:
   - `pnpm test:live` (or `OPENCLAW_LIVE_TEST=1` if invoking Vitest directly)
-- Set `OPENCLAW_LIVE_MODELS=modern` (or `all`, alias for modern) to actually run this suite; otherwise it skips to keep `pnpm test:live` focused on gateway smoke
+- Set `OPENCLAW_LIVE_MODELS=modern`, `small`, or `all` (alias for modern) to actually run this suite; otherwise it skips to keep `pnpm test:live` focused on gateway smoke
 - How to select models:
   - `OPENCLAW_LIVE_MODELS=modern` to run the modern allowlist (Opus/Sonnet 4.6+, GPT-5.2 + Codex, Gemini 3, DeepSeek V4, GLM 4.7, MiniMax M2.7, Grok 4.3)
+  - `OPENCLAW_LIVE_MODELS=small` to run the constrained small-model allowlist (Qwen 8B/9B local-compatible routes, OpenRouter Qwen/GLM, and Z.AI GLM)
   - `OPENCLAW_LIVE_MODELS=all` is an alias for the modern allowlist
   - or `OPENCLAW_LIVE_MODELS="openai/gpt-5.5,openai-codex/gpt-5.5,anthropic/claude-opus-4-6,..."` (comma allowlist)
-  - Modern/all sweeps default to a curated high-signal cap; set `OPENCLAW_LIVE_MAX_MODELS=0` for an exhaustive modern sweep or a positive number for a smaller cap.
+  - Modern/all and small sweeps default to their curated caps; set `OPENCLAW_LIVE_MAX_MODELS=0` for an exhaustive selected-profile sweep or a positive number for a smaller cap.
   - Exhaustive sweeps use `OPENCLAW_LIVE_TEST_TIMEOUT_MS` for the whole direct-model test timeout. Default: 60 minutes.
   - Direct-model probes run with 20-way parallelism by default; set `OPENCLAW_LIVE_MODEL_CONCURRENCY` to override.
 - How to select providers:
@@ -339,6 +340,12 @@ Narrow, explicit allowlists are fastest and least flaky:
 - Single model, direct (no gateway):
   - `OPENCLAW_LIVE_MODELS="openai/gpt-5.5" pnpm test:live src/agents/models.profiles.live.test.ts`
 
+- Small-model direct profile:
+  - `OPENCLAW_LIVE_MODELS=small pnpm test:live src/agents/models.profiles.live.test.ts`
+
+- Ollama Cloud API smoke:
+  - `OPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_OLLAMA=1 OPENCLAW_LIVE_OLLAMA_BASE_URL=https://ollama.com OPENCLAW_LIVE_OLLAMA_MODEL=glm-5.1:cloud OPENCLAW_LIVE_OLLAMA_WEB_SEARCH=0 pnpm test:live -- extensions/ollama/ollama.live.test.ts`
+
 - Single model, gateway smoke:
   - `OPENCLAW_LIVE_GATEWAY_MODELS="openai/gpt-5.5" pnpm test:live src/gateway/gateway-models.profiles.live.test.ts`
 

docs/help/testing-updates-plugins.md

@@ -30,9 +30,9 @@ Update and plugin tests protect these contracts:
   plugin state.
 - Plugin installs work from local directories, git repos, npm packages, and the
   ClawHub registry path.
-- Plugin npm dependencies are installed in the managed npm root, scanned before
-  trust, and removed through npm during uninstall so hoisted dependencies do not
-  linger.
+- Plugin npm dependencies are installed in one managed npm project per plugin,
+  scanned before trust, and removed through npm during uninstall so hoisted
+  dependencies do not linger.
 - Plugin update is stable when nothing changed: install records, resolved
   source, installed dependency layout, and enabled state stay intact.
 
@@ -276,9 +276,9 @@ can fail for the right reason:
 - Registry/package source behavior: `test:docker:plugins` fixture or ClawHub
   fixture server.
 - Dependency layout or cleanup behavior: assert both runtime execution and the
-  filesystem boundary. npm dependencies may be hoisted under the managed npm
-  root, so tests should prove the root is scanned/cleaned instead of assuming a
-  package-local `node_modules` tree.
+  filesystem boundary. npm dependencies may be hoisted inside the plugin's
+  managed npm project, so tests should prove that project is scanned/cleaned
+  instead of assuming only the plugin package-local `node_modules` tree.
 
 Keep new Docker fixtures hermetic by default. Use local fixture registries and
 fake packages unless the point of the test is live registry behavior.

docs/help/testing.md

@@ -84,11 +84,12 @@ When debugging real providers/models (requires real creds):
 - Codex on-demand install smoke: `pnpm test:docker:codex-on-demand`
   - Installs the packaged OpenClaw tarball in Docker, runs OpenAI API-key
     onboarding, and verifies the Codex plugin plus `@openai/codex` dependency
-    were downloaded into the managed npm root on demand.
+    were downloaded into the managed npm project root on demand.
 - Live plugin tool dependency smoke: `pnpm test:docker:live-plugin-tool`
   - Packs a fixture plugin with a real `slugify` dependency, installs it through
-    `npm-pack:`, verifies the dependency under the managed npm root, then asks a
-    live OpenAI model to call the plugin tool and return the hidden slug.
+    `npm-pack:`, verifies the dependency under the managed npm project root,
+    then asks a live OpenAI model to call the plugin tool and return the hidden
+    slug.
 - Crestodian rescue command smoke: `pnpm test:live:crestodian-rescue-channel`
   - Opt-in belt-and-suspenders check for the message-channel rescue command
     surface. It exercises `/crestodian status`, queues a persistent model
@@ -738,13 +739,13 @@ plugin validation checklist, see
 These Docker runners split into two buckets:
 
 - Live-model runners: `test:docker:live-models` and `test:docker:live-gateway` run only their matching profile-key live file inside the repo Docker image (`src/agents/models.profiles.live.test.ts` and `src/gateway/gateway-models.profiles.live.test.ts`), mounting your local config dir, workspace, and optional profile env file. The matching local entrypoints are `test:live:models-profiles` and `test:live:gateway-profiles`.
-- Docker live runners default to a smaller smoke cap so a full Docker sweep stays practical:
-  `test:docker:live-models` defaults to `OPENCLAW_LIVE_MAX_MODELS=12`, and
+- Docker live runners keep their own practical caps where needed:
+  `test:docker:live-models` defaults to the curated supported high-signal set, and
   `test:docker:live-gateway` defaults to `OPENCLAW_LIVE_GATEWAY_SMOKE=1`,
   `OPENCLAW_LIVE_GATEWAY_MAX_MODELS=8`,
   `OPENCLAW_LIVE_GATEWAY_STEP_TIMEOUT_MS=45000`, and
-  `OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS=90000`. Override those env vars when you
-  explicitly want the larger exhaustive scan.
+  `OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS=90000`. Set `OPENCLAW_LIVE_MAX_MODELS`
+  or the gateway env vars when you explicitly want a smaller cap or larger scan.
 - `test:docker:all` builds the live Docker image once via `test:docker:live-build`, packs OpenClaw once as an npm tarball through `scripts/package-openclaw-for-docker.mjs`, then builds/reuses two `scripts/e2e/Dockerfile` images. The bare image is only the Node/Git runner for install/update/plugin-dependency lanes; those lanes mount the prebuilt tarball. The functional image installs the same tarball into `/app` for built-app functionality lanes. Docker lane definitions live in `scripts/lib/docker-e2e-scenarios.mjs`; planner logic lives in `scripts/lib/docker-e2e-plan.mjs`; `scripts/test-docker-all.mjs` executes the selected plan. The aggregate uses a weighted local scheduler: `OPENCLAW_DOCKER_ALL_PARALLELISM` controls process slots, while resource caps keep heavy live, npm-install, and multi-service lanes from all starting at once. If a single lane is heavier than the active caps, the scheduler can still start it when the pool is empty and then keeps it running alone until capacity is available again. Defaults are 10 slots, `OPENCLAW_DOCKER_ALL_LIVE_LIMIT=9`, `OPENCLAW_DOCKER_ALL_NPM_LIMIT=10`, and `OPENCLAW_DOCKER_ALL_SERVICE_LIMIT=7`; tune `OPENCLAW_DOCKER_ALL_WEIGHT_LIMIT` or `OPENCLAW_DOCKER_ALL_DOCKER_LIMIT` only when the Docker host has more headroom. The runner performs a Docker preflight by default, removes stale OpenClaw E2E containers, prints status every 30 seconds, stores successful lane timings in `.artifacts/docker-tests/lane-timings.json`, and uses those timings to start longer lanes first on later runs. Use `OPENCLAW_DOCKER_ALL_DRY_RUN=1` to print the weighted lane manifest without building or running Docker, or `node scripts/test-docker-all.mjs --plan-json` to print the CI plan for selected lanes, package/image needs, and credentials.
 - `Package Acceptance` is the GitHub-native package gate for "does this installable tarball work as a product?" It resolves one candidate package from `source=npm`, `source=ref`, `source=url`, or `source=artifact`, uploads it as `package-under-test`, then runs the reusable Docker E2E lanes against that exact tarball instead of repacking the selected ref. Profiles are ordered by breadth: `smoke`, `package`, `product`, and `full`. See [Testing updates and plugins](/help/testing-updates-plugins) for the package/update/plugin contract, published-upgrade survivor matrix, release defaults, and failure triage.
 - Build and release checks run `scripts/check-cli-bootstrap-imports.mjs` after tsdown. The guard walks the static built graph from `dist/entry.js` and `dist/cli/run-main.js` and fails if pre-dispatch startup imports package dependencies such as Commander, prompt UI, undici, or logging before command dispatch; it also keeps the bundled gateway run chunk under budget and rejects static imports of known cold gateway paths. Packaged CLI smoke also covers root help, onboard help, doctor help, status, config schema, and a model-list command.

docs/plugins/codex-computer-use.md

@@ -281,8 +281,9 @@ fresh OpenClaw session.
 **A Computer Use tool says `Native hook relay unavailable`.** The Codex-native
 tool hook could not reach an active OpenClaw relay through the local bridge or
 Gateway fallback. Start a fresh OpenClaw session with `/new` or `/reset`. If it
-keeps happening, restart the gateway so old app-server threads and hook
-registrations are dropped, then retry.
+works once and then fails again on a later tool call, `/new` is only clearing the
+current attempt; restart the Codex app-server or OpenClaw Gateway so old threads
+and hook registrations are dropped, then retry in a fresh session.
 
 **Turn-start auto-install refuses a source.** This is intentional. Add the
 source with explicit `/codex computer-use install --source <marketplace-source>`

docs/plugins/codex-harness-runtime.md

@@ -99,6 +99,16 @@ OpenClaw can mirror selected events, but it cannot rewrite the native Codex
 thread unless Codex exposes that operation through app-server or native hook
 callbacks.
 
+Codex app-server report-mode `PreToolUse` events defer plugin approval requests
+to the matching app-server approval. If an OpenClaw `before_tool_call` hook
+returns `requireApproval` while the native payload sets report approval mode
+(`openclaw_approval_mode` is `"report"`), the native hook relay records the
+plugin approval requirement and returns no native decision. When Codex sends the
+app-server approval request for the same tool use, OpenClaw opens the plugin
+approval prompt and maps the decision back to Codex. Codex `PermissionRequest`
+events are a separate approval path and can still route through OpenClaw
+approvals when the runtime is configured for that bridge.
+
 Codex app-server item notifications also provide async `after_tool_call`
 observations for native tool completions that are not already covered by the
 native `PostToolUse` relay. These observations are for telemetry and plugin

docs/plugins/codex-harness.md

@@ -738,9 +738,11 @@ protocol version.
 the Codex thread is still trying to use a native hook relay id that OpenClaw no
 longer has registered. This is a native Codex hook transport problem, not an ACP
 backend, provider, GitHub, or shell-command failure. Start a fresh session in
-the affected chat with `/new` or `/reset`, then retry a harmless command. If the
-same fresh session still fails, restart the Codex app-server or OpenClaw Gateway
-so native hook registrations are recreated.
+the affected chat with `/new` or `/reset`, then retry a harmless command. If that
+works once but the next native tool call fails again, treat `/new` as a temporary
+workaround only: copy the prompt into a fresh session after restarting the Codex
+app-server or OpenClaw Gateway so old threads are dropped and native hook
+registrations are recreated.
 
 **A non-Codex model uses the built-in harness:** that is expected unless
 provider or model runtime policy routes it to another harness. Plain non-OpenAI

docs/plugins/dependency-resolution.md

@@ -34,34 +34,36 @@ OpenClaw owns only the plugin lifecycle:
 
 OpenClaw uses stable per-source roots:
 
-- npm packages install under `~/.openclaw/npm`
+- npm packages install into per-plugin projects under
+  `~/.openclaw/npm/projects/<encoded-package>`
 - git packages clone under `~/.openclaw/git`
 - local/path/archive installs are copied or referenced without dependency repair
 
-npm installs run in the npm root with:
+npm installs run in that per-plugin project root with:
 
 ```bash
-cd ~/.openclaw/npm
+cd ~/.openclaw/npm/projects/<encoded-package>
 npm install --omit=dev --omit=peer --legacy-peer-deps --ignore-scripts --no-audit --no-fund
 ```
 
-`openclaw plugins install npm-pack:<path.tgz>` uses that same managed npm root
-for a local npm-pack tarball. OpenClaw reads the tarball's npm metadata, adds it
-to the managed root as a copied `file:` dependency, runs the normal npm install,
-and then verifies the installed lockfile metadata before trusting the plugin.
+`openclaw plugins install npm-pack:<path.tgz>` uses that same per-plugin npm
+project root for a local npm-pack tarball. OpenClaw reads the tarball's npm
+metadata, adds it to the managed project as a copied `file:` dependency, runs
+the normal npm install, and then verifies the installed lockfile metadata before
+trusting the plugin.
 This is intended for package-acceptance and release-candidate proof where a
 local pack artifact should behave like the registry artifact it simulates.
 
-npm may hoist transitive dependencies to `~/.openclaw/npm/node_modules` beside
-the plugin package. OpenClaw scans the managed npm root before trusting the
-install and uses npm to remove npm-managed packages during uninstall, so hoisted
-runtime dependencies stay inside the managed cleanup boundary.
+npm may hoist transitive dependencies to the per-plugin project's
+`node_modules` beside the plugin package. OpenClaw scans the managed project
+root before trusting the install and removes that project during uninstall, so
+hoisted runtime dependencies stay inside that plugin's cleanup boundary.
 
 Published npm plugin packages can ship `npm-shrinkwrap.json`. npm uses that
-publishable lockfile during install, and OpenClaw's managed npm root supports it
-through the normal npm install path. OpenClaw-owned publishable plugin packages
-must include a package-local shrinkwrap generated from that plugin package's
-published dependency graph:
+publishable lockfile during install, and OpenClaw's managed npm project root
+supports it through the normal npm install path. OpenClaw-owned publishable
+plugin packages must include a package-local shrinkwrap generated from that
+plugin package's published dependency graph:
 
 ```bash
 pnpm deps:shrinkwrap:generate
@@ -87,11 +89,11 @@ instead of embedding every platform binary in the plugin tarball. The root
 
 Plugins that import `openclaw/plugin-sdk/*` declare `openclaw` as a peer
 dependency. OpenClaw does not let npm install a separate registry copy of the
-host package into the managed root, because stale host packages can affect npm
-peer resolution during later plugin installs. Managed npm installs skip npm peer
-resolution/materialization for the shared root and OpenClaw reasserts
-plugin-local `node_modules/openclaw` links for installed packages that declare
-the host peer after install, update, or uninstall.
+host package into a managed project, because stale host packages can affect npm
+peer resolution inside that plugin. Managed npm installs skip npm peer
+resolution/materialization and OpenClaw reasserts plugin-local
+`node_modules/openclaw` links for installed packages that declare the host peer
+after install or update.
 
 git installs clone or refresh the repository, then run:
 
@@ -155,7 +157,7 @@ not a supported way to prepare bundled plugin dependencies.
 | -------------------------------- | ------------------------------------- | -------------------------------------------------------------------- |
 | `npm install -g openclaw`        | Built runtime tree inside the package | OpenClaw package and explicit plugin install/update/doctor flows     |
 | Git checkout plus `pnpm install` | `extensions/<id>` workspace packages  | The pnpm workspace, including each plugin package's own dependencies |
-| `openclaw plugins install ...`   | Managed npm/git/ClawHub plugin root   | The plugin install/update flow                                       |
+| `openclaw plugins install ...`   | Managed npm project/git/ClawHub root  | The plugin install/update flow                                       |
 
 ## Legacy cleanup
 
@@ -168,4 +170,7 @@ stage directories, and package-local pnpm stores. Packaged postinstall also
 removes those global symlinks before pruning the legacy target roots so upgrades
 do not leave dangling ESM package imports.
 
-These paths are legacy debris only. New installs should not create them.
+Older npm installs also used a shared `~/.openclaw/npm/node_modules` root.
+Current install, update, uninstall, and doctor flows still recognize that legacy
+flat root only for recovery and cleanup. New npm installs should create
+per-plugin project roots instead.

docs/plugins/hooks.md

@@ -211,6 +211,8 @@ Hook guard behavior for typed lifecycle hooks:
 - `params` rewrites the tool parameters for execution.
 - `requireApproval` pauses the agent run and asks the user through plugin
   approvals. The `/approve` command can approve both exec and plugin approvals.
+  In Codex app-server report-mode native `PreToolUse` relays, this is deferred
+  to the matching app-server approval request; see [Codex harness runtime](/plugins/codex-harness-runtime#hook-boundaries).
 - A lower-priority `block: true` can still block after a higher-priority hook
   requested approval.
 - `onResolution` receives the resolved approval decision - `allow-once`,

docs/plugins/install-overrides.md

@@ -71,8 +71,8 @@ pnpm openclaw onboard --mode local
 Verify the installed package under the state directory:
 
 ```bash
-find "$OPENCLAW_STATE_DIR/npm/node_modules" -maxdepth 3 -name package.json -print
-grep -R '"@openclaw/codex"' "$OPENCLAW_STATE_DIR/npm/package-lock.json"
+find "$OPENCLAW_STATE_DIR/npm/projects" -path '*/node_modules/@openclaw/codex/package.json' -print
+grep -R '"@openclaw/codex"' "$OPENCLAW_STATE_DIR/npm/projects"/*/package-lock.json
 ```
 
 For live provider E2E, source the real API key from a trusted shell or CI secret

docs/plugins/manifest.md

@@ -1197,9 +1197,10 @@ Important examples:
 | `openclaw.install.clawhubSpec` / `openclaw.install.npmSpec` / `openclaw.install.localPath` | Install/update hints for bundled and externally published plugins.                                                                                                                   |
 | `openclaw.install.defaultChoice`                                                           | Preferred install path when multiple install sources are available.                                                                                                                  |
 | `openclaw.install.minHostVersion`                                                          | Minimum supported OpenClaw host version, using a semver floor like `>=2026.3.22` or `>=2026.5.1-beta.1`.                                                                             |
+| `openclaw.compat.pluginApi`                                                                | Minimum OpenClaw plugin API range required by this package, using a semver floor like `>=2026.5.27`.                                                                                 |
 | `openclaw.install.expectedIntegrity`                                                       | Expected npm dist integrity string such as `sha512-...`; install and update flows verify the fetched artifact against it.                                                            |
 | `openclaw.install.allowInvalidConfigRecovery`                                              | Allows a narrow bundled-plugin reinstall recovery path when config is invalid.                                                                                                       |
-| `openclaw.startup.deferConfiguredChannelFullLoadUntilAfterListen`                          | Lets setup-only channel surfaces load before the full channel plugin during startup.                                                                                                 |
+| `openclaw.startup.deferConfiguredChannelFullLoadUntilAfterListen`                          | Lets setup-runtime channel surfaces load before listen, then defers the full configured channel plugin until post-listen activation.                                                 |
 
 Manifest metadata decides which provider/channel/setup choices appear in
 onboarding before runtime loads. `package.json#openclaw.install` tells
@@ -1211,6 +1212,17 @@ registry loading for non-bundled plugin sources. Invalid values are rejected;
 newer-but-valid values skip external plugins on older hosts. Bundled source
 plugins are assumed to be co-versioned with the host checkout.
 
+`openclaw.compat.pluginApi` is enforced during package install for non-bundled
+plugin sources. Use it for the OpenClaw plugin SDK/runtime API floor that the
+package was built against. It can be stricter than `minHostVersion` when a
+plugin package needs a newer API but still keeps a lower install hint for other
+flows. Official OpenClaw release sync bumps existing official plugin API floors
+to the OpenClaw release version by default, but plugin-only releases can keep a
+lower floor when the package intentionally supports older hosts. Do not use the
+package version alone as the compatibility contract. `peerDependencies.openclaw`
+remains npm package metadata; OpenClaw uses the `openclaw.compat.pluginApi`
+contract for install compatibility decisions.
+
 Official install-on-demand metadata should use `clawhubSpec` when the plugin is
 published on ClawHub; onboarding treats that as the preferred remote source and
 records ClawHub artifact facts after install. `npmSpec` remains the compatibility

docs/plugins/sdk-entrypoints.md

@@ -246,11 +246,22 @@ export default defineBundledChannelSetupEntry({
     specifier: "./runtime-api.js",
     exportName: "setMyChannelRuntime",
   },
+  registerSetupRuntime(api) {
+    api.registerHttpRoute({
+      path: "/my-channel/events",
+      auth: "plugin",
+      handler: async (req, res) => {
+        /* setup-safe route */
+      },
+    });
+  },
 });
 ```
 
 Use that bundled contract only when setup flows truly need a lightweight runtime
-setter before the full channel entry loads.
+setter or setup-safe gateway surface before the full channel entry loads.
+`registerSetupRuntime` runs only for `"setup-runtime"` loads; keep it limited to
+config-only routes or methods that must exist before deferred full activation.
 
 ## Registration mode
 

docs/plugins/sdk-setup.md

@@ -534,7 +534,7 @@ openclaw plugins install <package-name>
 ```
 
 <Info>
-For npm-sourced installs, `openclaw plugins install` installs the package under `~/.openclaw/npm` with lifecycle scripts disabled. Keep plugin dependency trees pure JS/TS and avoid packages that require `postinstall` builds.
+For npm-sourced installs, `openclaw plugins install` installs the package into a per-plugin project under `~/.openclaw/npm/projects` with lifecycle scripts disabled. Keep plugin dependency trees pure JS/TS and avoid packages that require `postinstall` builds.
 </Info>
 
 <Note>

docs/plugins/voice-call.md

@@ -230,7 +230,7 @@ Current runtime behaviour:
 - Provider-owned raw config lives under `realtime.providers.<providerId>`.
 - Voice Call exposes the shared `openclaw_agent_consult` realtime tool by default. The realtime model can call it when the caller asks for deeper reasoning, current information, or normal OpenClaw tools.
 - `realtime.consultPolicy` optionally adds guidance for when the realtime model should call `openclaw_agent_consult`.
-- `realtime.agentContext.enabled` is default-off. When enabled, Voice Call injects a bounded agent identity, system prompt override, and selected workspace-file capsule into the realtime provider instructions at session setup.
+- `realtime.agentContext.enabled` is default-off. When enabled, Voice Call injects a bounded agent identity and selected workspace-file capsule into the realtime provider instructions at session setup.
 - `realtime.fastContext.enabled` is default-off. When enabled, Voice Call first searches indexed memory/session context for the consult question and returns those snippets to the realtime model within `realtime.fastContext.timeoutMs` before falling back to the full consult agent only if `realtime.fastContext.fallbackToConsult` is true.
 - If `realtime.provider` points at an unregistered provider, or no realtime voice provider is registered at all, Voice Call logs a warning and skips realtime media instead of failing the whole plugin.
 - Consult session keys reuse the stored call session when available, then fall back to the configured `sessionScope` (`per-phone` by default, or `per-call` for isolated calls).
@@ -278,7 +278,6 @@ for tool work, current information, memory lookups, or workspace state.
               enabled: true,
               maxChars: 6000,
               includeIdentity: true,
-              includeSystemPrompt: true,
               includeWorkspaceFiles: true,
               files: ["SOUL.md", "IDENTITY.md", "USER.md"],
             },

docs/providers/fireworks.md

@@ -82,7 +82,7 @@ openclaw onboard --non-interactive \
 
 ## Custom Fireworks model ids
 
-OpenClaw accepts any Fireworks model or router id at runtime. Use the exact id shown by Fireworks and prefix it with `fireworks/`. Dynamic resolution clones the Fire Pass template (text + image input, OpenAI-compatible API, default cost zero) and disables thinking automatically when the id matches the Kimi pattern.
+OpenClaw accepts any Fireworks model or router id at runtime. Use the exact id shown by Fireworks and prefix it with `fireworks/`. Dynamic resolution clones the Fire Pass template (text + image input, OpenAI-compatible API, default cost zero) and disables thinking automatically when the id matches the Kimi pattern. GLM dynamic ids are marked text-only unless you configure a custom model entry with image input.
 
 ```json5
 {

docs/providers/nvidia.md

@@ -62,14 +62,29 @@ openclaw onboard --auth-choice nvidia-api-key --nvidia-api-key "nvapi-..."
 }
 ```
 
-## Built-in catalog
+## Featured catalog
 
-| Model ref                                  | Name                         | Context | Max output |
-| ------------------------------------------ | ---------------------------- | ------- | ---------- |
-| `nvidia/nvidia/nemotron-3-super-120b-a12b` | NVIDIA Nemotron 3 Super 120B | 262,144 | 8,192      |
-| `nvidia/moonshotai/kimi-k2.5`              | Kimi K2.5                    | 262,144 | 8,192      |
-| `nvidia/minimaxai/minimax-m2.5`            | Minimax M2.5                 | 196,608 | 8,192      |
-| `nvidia/z-ai/glm5`                         | GLM 5                        | 202,752 | 8,192      |
+When an NVIDIA API key is configured, OpenClaw setup and model-selection paths
+try NVIDIA's public featured-model catalog from
+`https://assets.ngc.nvidia.com/products/api-catalog/featured-models.json` and
+caches the ranked result for 24 hours. New featured models from build.nvidia.com
+therefore appear in setup and model-selection surfaces without waiting for an
+OpenClaw release.
+
+The fetch uses a fixed HTTPS host policy for `assets.ngc.nvidia.com`. If no
+NVIDIA API key is configured, or if that public catalog is unavailable or
+malformed, OpenClaw falls back to the bundled catalog below.
+
+## Bundled fallback catalog
+
+| Model ref                                  | Name                         | Context | Max output | Notes                             |
+| ------------------------------------------ | ---------------------------- | ------- | ---------- | --------------------------------- |
+| `nvidia/nvidia/nemotron-3-super-120b-a12b` | NVIDIA Nemotron 3 Super 120B | 262,144 | 8,192      | Featured fallback                 |
+| `nvidia/moonshotai/kimi-k2.5`              | Kimi K2.5                    | 262,144 | 8,192      | Featured fallback                 |
+| `nvidia/minimaxai/minimax-m2.7`            | Minimax M2.7                 | 196,608 | 8,192      | Featured fallback                 |
+| `nvidia/z-ai/glm-5.1`                      | GLM 5.1                      | 202,752 | 8,192      | Featured fallback                 |
+| `nvidia/minimaxai/minimax-m2.5`            | MiniMax M2.5                 | 196,608 | 8,192      | Deprecated, upgrade compatibility |
+| `nvidia/z-ai/glm5`                         | GLM-5                        | 202,752 | 8,192      | Deprecated, upgrade compatibility |
 
 ## Advanced configuration
 
@@ -80,8 +95,11 @@ openclaw onboard --auth-choice nvidia-api-key --nvidia-api-key "nvapi-..."
   </Accordion>
 
   <Accordion title="Catalog and pricing">
-    The bundled catalog is static. Costs default to `0` in source since NVIDIA
-    currently offers free API access for the listed models.
+    OpenClaw prefers NVIDIA's public featured-model catalog when NVIDIA auth is
+    configured and caches it for 24 hours. The bundled fallback catalog is static
+    and keeps deprecated shipped refs for upgrade compatibility. Costs default to
+    `0` in source since NVIDIA currently offers free API access for the listed
+    models.
   </Accordion>
 
   <Accordion title="OpenAI-compatible endpoint">

docs/providers/together.md

@@ -33,7 +33,9 @@ models including Llama, DeepSeek, Kimi, and more through a unified API.
     {
       agents: {
         defaults: {
-          model: { primary: "together/moonshotai/Kimi-K2.5" },
+          model: {
+            primary: "together/meta-llama/Llama-3.3-70B-Instruct-Turbo",
+          },
         },
       },
     }
@@ -51,35 +53,32 @@ openclaw onboard --non-interactive \
 ```
 
 <Note>
-The onboarding preset sets `together/moonshotai/Kimi-K2.5` as the default
-model.
+The onboarding preset sets
+`together/meta-llama/Llama-3.3-70B-Instruct-Turbo` as the default model.
 </Note>
 
 ## Built-in catalog
 
 OpenClaw ships this bundled Together catalog:
 
-| Model ref                                                    | Name                                   | Input       | Context    | Notes                            |
-| ------------------------------------------------------------ | -------------------------------------- | ----------- | ---------- | -------------------------------- |
-| `together/moonshotai/Kimi-K2.5`                              | Kimi K2.5                              | text, image | 262,144    | Default model; reasoning enabled |
-| `together/zai-org/GLM-4.7`                                   | GLM 4.7 Fp8                            | text        | 202,752    | General-purpose text model       |
-| `together/meta-llama/Llama-3.3-70B-Instruct-Turbo`           | Llama 3.3 70B Instruct Turbo           | text        | 131,072    | Fast instruction model           |
-| `together/meta-llama/Llama-4-Scout-17B-16E-Instruct`         | Llama 4 Scout 17B 16E Instruct         | text, image | 10,000,000 | Multimodal                       |
-| `together/meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8` | Llama 4 Maverick 17B 128E Instruct FP8 | text, image | 20,000,000 | Multimodal                       |
-| `together/deepseek-ai/DeepSeek-V3.1`                         | DeepSeek V3.1                          | text        | 131,072    | General text model               |
-| `together/deepseek-ai/DeepSeek-R1`                           | DeepSeek R1                            | text        | 131,072    | Reasoning model                  |
-| `together/moonshotai/Kimi-K2-Instruct-0905`                  | Kimi K2-Instruct 0905                  | text        | 262,144    | Secondary Kimi text model        |
+| Model ref                                          | Name                         | Input       | Context | Notes                |
+| -------------------------------------------------- | ---------------------------- | ----------- | ------- | -------------------- |
+| `together/meta-llama/Llama-3.3-70B-Instruct-Turbo` | Llama 3.3 70B Instruct Turbo | text        | 131,072 | Default model        |
+| `together/moonshotai/Kimi-K2.6`                    | Kimi K2.6 FP4                | text, image | 262,144 | Kimi reasoning model |
+| `together/deepseek-ai/DeepSeek-V4-Pro`             | DeepSeek V4 Pro              | text        | 512,000 | Reasoning text model |
+| `together/Qwen/Qwen2.5-7B-Instruct-Turbo`          | Qwen2.5 7B Instruct Turbo    | text        | 32,768  | Fast text model      |
+| `together/zai-org/GLM-5.1`                         | GLM 5.1 FP4                  | text        | 202,752 | Reasoning text model |
 
 ## Video generation
 
 The bundled `together` plugin also registers video generation through the
 shared `video_generate` tool.
 
-| Property             | Value                                 |
-| -------------------- | ------------------------------------- |
-| Default video model  | `together/Wan-AI/Wan2.2-T2V-A14B`     |
-| Modes                | text-to-video, single-image reference |
-| Supported parameters | `aspectRatio`, `resolution`           |
+| Property             | Value                                                                    |
+| -------------------- | ------------------------------------------------------------------------ |
+| Default video model  | `together/Wan-AI/Wan2.2-T2V-A14B`                                        |
+| Modes                | text-to-video; single-image reference only with `Wan-AI/Wan2.2-I2V-A14B` |
+| Supported parameters | `aspectRatio`, `resolution`                                              |
 
 To use Together as the default video provider:
 

docs/reference/RELEASING.md

@@ -141,6 +141,12 @@ vYYYY.M.D-beta.N` from the matching `release/YYYY.M.D` branch. The helper runs
   exports, and plugin SDK API baseline. `pnpm release:check` re-runs those
   guards in check mode and reports every generated drift failure it finds in one
   pass before running package release checks.
+- Plugin version sync updates official plugin package versions and existing
+  `openclaw.compat.pluginApi` floors to the OpenClaw release version by
+  default. Treat that field as the plugin SDK/runtime API floor, not just a copy
+  of the package version: for plugin-only releases that intentionally remain
+  compatible with older OpenClaw hosts, keep the floor at the oldest supported
+  host API and document that choice in the plugin release proof.
 - Run the manual `Full Release Validation` workflow before release approval to
   kick off all pre-release test boxes from one entrypoint. It accepts a branch,
   tag, or full commit SHA, dispatches manual `CI`, and dispatches

docs/reference/memory-config.md

@@ -557,11 +557,12 @@ For conceptual behavior and slash commands, see [Dreaming](/concepts/dreaming).
 
 ### User settings
 
-| Key         | Type      | Default       | Description                                       |
-| ----------- | --------- | ------------- | ------------------------------------------------- |
-| `enabled`   | `boolean` | `false`       | Enable or disable dreaming entirely               |
-| `frequency` | `string`  | `0 3 * * *`   | Optional cron cadence for the full dreaming sweep |
-| `model`     | `string`  | default model | Optional Dream Diary subagent model override      |
+| Key                                    | Type      | Default       | Description                                                                                                                      |
+| -------------------------------------- | --------- | ------------- | -------------------------------------------------------------------------------------------------------------------------------- |
+| `enabled`                              | `boolean` | `false`       | Enable or disable dreaming entirely                                                                                              |
+| `frequency`                            | `string`  | `0 3 * * *`   | Optional cron cadence for the full dreaming sweep                                                                                |
+| `model`                                | `string`  | default model | Optional Dream Diary subagent model override                                                                                     |
+| `phases.deep.maxPromotedSnippetTokens` | `number`  | `160`         | Maximum estimated tokens kept from each short-term recall snippet promoted into `MEMORY.md`; provenance metadata remains visible |
 
 ### Example
 

docs/reference/release-performance-sweep.md

@@ -0,0 +1,360 @@
+---
+summary: "Visual summary and technical evidence for the May 2026 performance, package-size, dependency, and shrinkwrap cleanup"
+read_when:
+  - You are validating the May 2026 performance and package-size cleanup
+  - You need the numbers behind the OpenClaw performance and dependency blog post
+  - You are changing release gates, package shrinkwrap, or plugin dependency boundaries
+title: "Release performance sweep"
+---
+
+This page captures the evidence behind the May 2026 OpenClaw performance,
+package-size, dependency, and shrinkwrap cleanup. It is the technical companion
+to the public blog post.
+
+Two audits are combined here:
+
+- **Release performance sweep:** GitHub Releases from `v2026.5.27` back through
+  stable `v2026.4.23`, using the `OpenClaw Performance` workflow,
+  `profile=smoke`, `repeat=1`, mock-provider lane.
+- **Earlier April context:** published `clawgrit-reports` mock-provider
+  baselines from `v2026.4.1` through `v2026.5.2`, used only to avoid treating
+  the broken late-April releases as the public performance baseline.
+- **Install footprint sweep:** fresh `npm install --ignore-scripts` installs
+  into temporary packages, with `du -sk node_modules` for size and a
+  `node_modules` walk for package-instance counts.
+- **npm package size sweep:** `npm pack openclaw@<version> --dry-run --json`
+  for published releases, recording compressed tarball size, unpacked size, and
+  file count.
+
+<Warning>
+The main performance sweep uses one smoke sample per tag. Earlier April context
+uses published repeat-3 medians from `clawgrit-reports`. Treat the numbers as
+trend evidence and regression-hunting signal, not as release-gate statistics.
+</Warning>
+
+## Snapshot
+
+Performance coverage: **76 requested releases**, **73 artifact-backed points**,
+and **3 unavailable CI runs**. Latest stable measured point: `v2026.5.27`.
+
+<CardGroup cols={2}>
+  <Card title="Stable agent turn" icon="gauge">
+    **2.9x faster cold turn**
+
+    - `v2026.4.14`: 9.8s
+    - `v2026.5.27`: 3.4s
+
+  </Card>
+  <Card title="Published package" icon="package">
+    **17.8MB tarball**
+
+    Latest stable package, down from the 43.3MB March package-size peak.
+
+  </Card>
+  <Card title="Latest stable install" icon="hard-drive">
+    **786.9MB fresh install**
+
+    `v2026.5.27` still contains the nested OpenClaw dependency tree. The
+    next-release state on `main` is 407.4MB.
+
+  </Card>
+  <Card title="Dependency graph" icon="boxes">
+    **371 installed packages**
+
+    Latest stable release. Current `main` is down to 314 after the follow-up
+    dependency cleanup.
+
+  </Card>
+</CardGroup>
+
+## Install Footprint Timeline
+
+<CardGroup cols={2}>
+  <Card title="Monthly high" icon="triangle-alert">
+    **645 dependencies**
+
+    `2026.2.26` was the monthly dependency-count high in this sample.
+
+  </Card>
+  <Card title="Shrinkwrap introduced" icon="lock">
+    **1,020.6MB install**
+
+    `2026.5.22` added root shrinkwrap and exposed a package-shape problem:
+    911.8MB landed under nested `openclaw/node_modules`.
+
+  </Card>
+  <Card title="Latest stable" icon="tag">
+    **786.9MB install**
+
+    `2026.5.27` reduced the peak but still installed a 675.9MB nested
+    OpenClaw tree.
+
+  </Card>
+  <Card title="Next-release state" icon="scissors">
+    **407.4MB install**
+
+    Current `main` keeps shrinkwrap, removes the nested tree, and installs
+    314 packages.
+
+  </Card>
+</CardGroup>
+
+<Tip>
+Shrinkwrap was not the problem by itself. The bad package shape was. Current
+`main` still ships shrinkwrap, but npm no longer materializes a second
+OpenClaw dependency tree during install.
+</Tip>
+
+## What Changed After 5.27
+
+The cleanup between `v2026.5.27` and current `main` removed the duplicate
+default-install graph instead of removing the capabilities themselves.
+
+<CardGroup cols={2}>
+  <Card title="Root default graph" icon="git-branch">
+    Root shrinkwrap package paths fell from **372** to **331**. Unique package
+    names fell from **357** to **318**.
+  </Card>
+  <Card title="Direct root dependencies" icon="unplug">
+    `@earendil-works/pi-agent-core`, `@earendil-works/pi-ai`,
+    `@earendil-works/pi-coding-agent`, and `pdfjs-dist` left the default root
+    dependency path.
+  </Card>
+  <Card title="Native optional cones" icon="cpu">
+    The all-platform `@napi-rs/canvas` and `@mariozechner/clipboard` native
+    package cones stopped landing in the default install.
+  </Card>
+  <Card title="Supply-chain surface" icon="shield">
+    Fewer default packages means fewer tarballs, maintainers, native binaries,
+    install-time behaviors, and transitive update paths to trust by default.
+  </Card>
+</CardGroup>
+
+## Headline Numbers
+
+Do not use the late-April broken rows as public performance baselines.
+`v2026.4.23` and `v2026.4.29` are useful regression evidence, but the large
+`14x`-style deltas mostly describe the recovery from a bad release line.
+
+For the blog narrative, use the earlier April published baseline as scale:
+
+| Metric          | Earlier April baseline | `v2026.5.27` |                    Delta |
+| --------------- | ---------------------: | -----------: | -----------------------: |
+| Cold agent turn |                9,819ms |      3,378ms | 65.6% lower, 2.9x faster |
+| Warm agent turn |                7,458ms |      2,973ms | 60.1% lower, 2.5x faster |
+| Agent peak RSS  |                686.2MB |      635.5MB |               7.4% lower |
+
+The earlier April baseline is `v2026.4.14` from the published
+`clawgrit-reports` mock-provider run. That run used repeat 3 and failed only
+because the diagnostic timeline was not emitted; the cold, warm, and RSS
+medians are still useful as rough scale. Treat this as narrative context, not a
+release-gate statistic.
+
+Within the single-sample stable May sweep, the line moved more modestly:
+
+| Metric          | `v2026.5.2` | `v2026.5.27` |       Delta |
+| --------------- | ----------: | -----------: | ----------: |
+| Cold agent turn |     3,897ms |      3,378ms | 13.3% lower |
+| Warm agent turn |     3,610ms |      2,973ms | 17.6% lower |
+| Agent peak RSS  |     613.7MB |      635.5MB | 3.6% higher |
+
+Best prerelease point in the single-sample sweep:
+
+| Metric          | `v2026.5.27` | `v2026.5.27-beta.1` |       Delta |
+| --------------- | -----------: | ------------------: | ----------: |
+| Cold agent turn |      3,378ms |             2,575ms | 23.8% lower |
+| Warm agent turn |      2,973ms |             2,217ms | 25.4% lower |
+| Agent peak RSS  |      635.5MB |             635.3MB |        flat |
+
+### Install footprint
+
+| Metric                                          |  Baseline | Current main |       Delta |
+| ----------------------------------------------- | --------: | -----------: | ----------: |
+| Install size from `2026.5.22` peak              | 1,020.6MB |      407.4MB | 60.1% lower |
+| Install size from latest release `2026.5.27`    |   786.9MB |      407.4MB | 48.2% lower |
+| Dependencies from monthly high `2026.2.26`      |       645 |          314 | 51.3% lower |
+| Dependencies from latest release `2026.5.27`    |       371 |          314 | 15.4% lower |
+| Nested `openclaw/node_modules` from `2026.5.22` |   911.8MB |          0MB |     removed |
+| Nested `openclaw/node_modules` from `2026.5.27` |   675.9MB |          0MB |     removed |
+
+### npm package size
+
+| Version     | Compressed tarball | Unpacked package |  Files | Notes                             |
+| ----------- | -----------------: | ---------------: | -----: | --------------------------------- |
+| `2026.1.30` |             12.8MB |           33.5MB |  4,607 | early rebranded package           |
+| `2026.2.26` |             23.6MB |           82.9MB | 10,125 | feature growth                    |
+| `2026.3.31` |             43.3MB |          182.6MB | 21,037 | package-size high point           |
+| `2026.4.29` |             22.9MB |           74.6MB |  9,309 | package pruning visible           |
+| `2026.5.12` |             23.4MB |           80.1MB | 12,035 | major external-plugin split       |
+| `2026.5.22` |             17.2MB |           76.9MB | 12,386 | docs/assets excluded from package |
+| `2026.5.27` |             17.8MB |           79.0MB | 12,509 | latest stable package             |
+
+`2026.5.12` is the visible plugin-extraction milestone in the changelog:
+Amazon Bedrock, Bedrock Mantle, Slack, OpenShell sandbox, Anthropic Vertex,
+Matrix, and WhatsApp moved out of the core dependency path so their dependency
+cones install with those plugins instead of every core install.
+
+## Kova agent turn summary
+
+The April stable line contains two different stories. Earlier April was slow
+but recognizable. Late April became a regression cliff. `v2026.5.2` is where
+the mock-provider lane first drops into the 3-5s range and starts passing
+consistently in the supplied sweep.
+
+Earlier published context:
+
+| Release      | Kova | Cold turn | Warm turn | Agent peak RSS |
+| ------------ | ---- | --------: | --------: | -------------: |
+| `v2026.4.10` | FAIL |  11,031ms |   7,962ms |        679.0MB |
+| `v2026.4.12` | FAIL |  11,965ms |   8,289ms |        713.5MB |
+| `v2026.4.14` | FAIL |   9,819ms |   7,458ms |        686.2MB |
+| `v2026.4.20` | FAIL |  22,314ms |  18,811ms |        810.8MB |
+| `v2026.4.22` | FAIL |   9,630ms |   7,459ms |        743.0MB |
+
+Supplied single-sample sweep:
+
+| Release             | Kova | Cold turn | Warm turn | Agent peak RSS |
+| ------------------- | ---- | --------: | --------: | -------------: |
+| `v2026.4.23`        | FAIL |  47,847ms |   8,010ms |      1,082.7MB |
+| `v2026.4.24`        | FAIL |  48,264ms |  25,483ms |        996.0MB |
+| `v2026.4.25`        | FAIL |  81,080ms |  59,172ms |      1,113.9MB |
+| `v2026.4.26`        | FAIL |  76,771ms |  54,941ms |      1,140.8MB |
+| `v2026.4.27`        | FAIL |  60,902ms |  33,699ms |      1,156.0MB |
+| `v2026.4.29`        | FAIL |  94,031ms |  57,334ms |      3,613.7MB |
+| `v2026.5.2`         | PASS |   3,897ms |   3,610ms |        613.7MB |
+| `v2026.5.7`         | PASS |   3,923ms |   3,693ms |        654.1MB |
+| `v2026.5.12`        | PASS |   7,248ms |   6,629ms |        834.8MB |
+| `v2026.5.18`        | PASS |   3,301ms |   2,913ms |        630.3MB |
+| `v2026.5.20`        | PASS |   3,413ms |   2,952ms |        643.2MB |
+| `v2026.5.22`        | PASS |   4,494ms |   4,093ms |        654.3MB |
+| `v2026.5.26`        | PASS |   2,626ms |   2,282ms |        660.4MB |
+| `v2026.5.27-beta.1` | PASS |   2,575ms |   2,217ms |        635.3MB |
+| `v2026.5.27`        | PASS |   3,378ms |   2,973ms |        635.5MB |
+
+## Source probes
+
+Source probes were skipped for 17 successful older refs because those source
+trees did not yet have the required probe entry points. Agent-turn metrics still
+exist for those refs.
+
+Representative source-probe points:
+
+| Release             | Default `readyz` p50 | 50 plugins `readyz` p50 | CLI health p50 | Plugin max RSS |
+| ------------------- | -------------------: | ----------------------: | -------------: | -------------: |
+| `v2026.4.29`        |              2,819ms |                 2,618ms |        1,679ms |        389.0MB |
+| `v2026.5.2`         |              2,324ms |                 2,013ms |        1,384ms |        377.2MB |
+| `v2026.5.7`         |              1,649ms |                 1,540ms |        1,175ms |        387.6MB |
+| `v2026.5.18`        |              1,942ms |                 1,927ms |          607ms |        426.5MB |
+| `v2026.5.20`        |              1,966ms |                 1,987ms |          621ms |        455.0MB |
+| `v2026.5.22`        |              2,081ms |                 1,884ms |        5,095ms |        444.2MB |
+| `v2026.5.26`        |              1,546ms |                 1,634ms |          656ms |        400.4MB |
+| `v2026.5.27-beta.1` |              1,462ms |                 1,548ms |          548ms |        394.0MB |
+| `v2026.5.27`        |              1,874ms |                 1,925ms |          660ms |        398.0MB |
+
+The `v2026.5.22` CLI health spike is visible in this table even though the
+agent-turn lane still passed. Keep the source probes when investigating
+targeted CLI or gateway regressions.
+
+## Install footprint audit
+
+Dependency samples use one stable release per month, plus the
+`2026.5.22` shrinkwrap-introduction event, latest `2026.5.27`, and current
+`main`.
+
+| Point              | Installed deps | Fresh install | OpenClaw package | Nested `openclaw/node_modules` | Root shrinkwrap | Canvas install behavior                   |
+| ------------------ | -------------: | ------------: | ---------------: | -----------------------------: | --------------- | ----------------------------------------- |
+| Jan `2026.1.30`    |            605 |       438.4MB |           45.8MB |                          2.4MB | no              | top-level wrapper + `darwin-arm64`        |
+| Feb `2026.2.26`    |            645 |       575.7MB |          110.1MB |                          3.5MB | no              | top-level wrapper + `darwin-arm64`        |
+| Mar `2026.3.31`    |            438 |       584.1MB |          234.8MB |                            0MB | no              | top-level wrapper + `darwin-arm64`        |
+| Apr `2026.4.29`    |            392 |       335.0MB |           97.4MB |                            0MB | no              | none installed                            |
+| `2026.5.22`        |            401 |     1,020.6MB |        1,020.4MB |                        911.8MB | yes             | nested: all 12 `@napi-rs/canvas` packages |
+| May `2026.5.26`    |            371 |       767.5MB |          767.4MB |                        656.4MB | yes             | nested: all 12 `@napi-rs/canvas` packages |
+| Latest `2026.5.27` |            371 |       786.9MB |          786.7MB |                        675.9MB | yes             | nested: all 12 `@napi-rs/canvas` packages |
+| Current `main`     |            314 |       407.4MB |          101.0MB |                            0MB | yes             | top-level wrapper + `darwin-arm64`        |
+
+### Shrinkwrap boundary
+
+<CardGroup cols={2}>
+  <Card title="Before shrinkwrap" icon="unlock">
+    `2026.5.20` has no root shrinkwrap and no large nested OpenClaw dependency
+    tree.
+  </Card>
+  <Card title="Introduced" icon="lock">
+    `2026.5.22` adds root shrinkwrap and installs 911.8MB under nested
+    `openclaw/node_modules`.
+  </Card>
+  <Card title="Latest stable" icon="tag">
+    `2026.5.27` keeps shrinkwrap and still installs 675.9MB under nested
+    `openclaw/node_modules`.
+  </Card>
+  <Card title="Current main" icon="check">
+    `main` keeps shrinkwrap and removes the nested OpenClaw dependency tree.
+  </Card>
+</CardGroup>
+
+Published tarball inspection verifies the boundary:
+
+| Version     | Published stable? | Root `npm-shrinkwrap.json` | Notes                                 |
+| ----------- | ----------------- | -------------------------- | ------------------------------------- |
+| `2026.5.20` | yes               | no                         | last stable release before shrinkwrap |
+| `2026.5.21` | no                | n/a                        | no stable npm release                 |
+| `2026.5.22` | yes               | yes                        | shrinkwrap introduced                 |
+| `2026.5.23` | no                | n/a                        | no stable npm release                 |
+| `2026.5.24` | no                | n/a                        | no stable npm release                 |
+| `2026.5.25` | no                | n/a                        | no stable npm release                 |
+| `2026.5.26` | yes               | yes                        | nested dependency tree still present  |
+| `2026.5.27` | yes               | yes                        | nested dependency tree still present  |
+| `main`      | n/a               | yes                        | nested dependency tree removed        |
+
+The important distinction: **shrinkwrap itself is not the problem**. Current
+`main` still ships root shrinkwrap. The problem was the package shape that made
+npm materialize a large nested OpenClaw dependency tree and all 12
+`@napi-rs/canvas` platform packages.
+
+For a plain-English explanation of shrinkwrap and the maintainer-level package
+checks, see [npm shrinkwrap](/gateway/security/shrinkwrap).
+
+## Supply-chain interpretation
+
+Dependency count is an operational security metric, not only an install-size
+metric. Every package expands the set of maintainers, tarballs, transitive
+updates, optional native binaries, and install-time behaviors that operators
+must trust.
+
+The cleanup direction is:
+
+- keep heavy and optional capabilities outside the default core install
+- make plugin packages own their runtime dependency graph
+- avoid runtime package-manager repair during Gateway startup
+- preserve deterministic installs without causing all-platform native package
+  materialization
+- keep install scripts disabled in package acceptance and measurement paths
+- catch nested dependency trees and native optional dependency explosions before
+  publishing
+
+Related docs:
+
+- [Plugin dependency resolution](/plugins/dependency-resolution)
+- [Plugin inventory](/plugins/plugin-inventory)
+- [Full release validation](/reference/full-release-validation)
+
+## Unavailable performance runs
+
+| Release             | Run                                                                          | Result    | Reason                                                                                                        |
+| ------------------- | ---------------------------------------------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------- |
+| `v2026.5.3-1`       | [26561664645](https://github.com/openclaw/openclaw/actions/runs/26561664645) | failure   | mock-provider job failed: CLI startup timed out waiting for qa-channel ready; no qa-channel accounts reported |
+| `v2026.5.3`         | [26561666722](https://github.com/openclaw/openclaw/actions/runs/26561666722) | failure   | mock-provider job failed: CLI startup timed out waiting for qa-channel ready; no qa-channel accounts reported |
+| `v2026.4.29-beta.2` | [26561683635](https://github.com/openclaw/openclaw/actions/runs/26561683635) | cancelled | optional baseline fetch hung before artifact upload                                                           |
+
+## Follow-up gates
+
+Recommended release checks from this sweep:
+
+1. Run the mock-provider performance smoke for release candidates and retain
+   artifacts.
+2. Track cold turn, warm turn, agent RSS, Gateway `readyz`, and CLI health.
+3. Fresh-install the packed tarball with scripts disabled.
+4. Record installed dependency count, install size, package size, nested
+   `openclaw/node_modules` size, and native optional package shape.
+5. Fail or hold release review when nested dependency trees or all-platform
+   native packages appear unexpectedly.

docs/reference/test.md

@@ -8,6 +8,10 @@ title: "Tests"
 - Full testing kit (suites, live, Docker): [Testing](/help/testing)
 - Update and plugin package validation: [Testing updates and plugins](/help/testing-updates-plugins)
 
+- Routine local test order:
+  1. `pnpm test:changed` for changed-scope Vitest proof.
+  2. `pnpm test <path-or-filter>` for one file, directory, or explicit target.
+  3. `pnpm test` only when you intentionally need the full local Vitest suite.
 - `pnpm test:force`: Kills any lingering gateway process holding the default control port, then runs the full Vitest suite with an isolated gateway port so server tests don't collide with a running instance. Use this when a prior gateway run left port 18789 occupied.
 - `pnpm test:coverage`: Runs the unit suite with V8 coverage (via `vitest.unit.config.ts`). This is a default-unit-lane coverage gate, not whole-repo all-file coverage. Thresholds are 70% lines/functions/statements and 55% branches. Because `coverage.all` is false and the default lane scopes coverage includes to non-fast unit tests with sibling source files, the gate measures source owned by this lane instead of every transitive import it happens to load.
 - `pnpm test:coverage:changed`: Runs unit coverage only for files changed since `origin/main`.
@@ -17,7 +21,7 @@ title: "Tests"
 - `pnpm check:changed`: runs the smart changed check gate for the diff against `origin/main`. It runs typecheck, lint, and guard commands for the affected architectural lanes, but does not run Vitest tests. Use `pnpm test:changed` or explicit `pnpm test <target>` for test proof.
 - Codex worktrees and linked/sparse checkouts: avoid direct local `pnpm test*`, `pnpm check*`, and `pnpm crabbox:run` unless you have verified pnpm will not reconcile dependencies. For tiny explicit-file proof use `node scripts/run-vitest.mjs <path-or-filter>`; for changed gates or broad proof use `node scripts/crabbox-wrapper.mjs run --provider blacksmith-testbox ... --shell -- "pnpm check:changed"` so pnpm runs inside Testbox.
 - `OPENCLAW_HEAVY_CHECK_LOCK_SCOPE=worktree <local-heavy-check command>`: keeps heavy-check serialization inside the current worktree instead of the Git common dir for commands such as `pnpm check:changed` and targeted `pnpm test ...`. Use it only on high-capacity local hosts when you intentionally run independent checks across linked worktrees.
-- `pnpm test`: routes explicit file/directory targets through scoped Vitest lanes. Untargeted runs use fixed shard groups and expand to leaf configs for local parallel execution; the extension group always expands to the per-extension shard configs instead of one giant root-project process.
+- `pnpm test`: routes explicit file/directory targets through scoped Vitest lanes. Untargeted runs are full-suite proof: they use fixed shard groups, expand to leaf configs for local parallel execution, and print the expected local shard fanout before starting. The extension group always expands to the per-extension shard configs instead of one giant root-project process.
 - Test wrapper runs end with a short `[test] passed|failed|skipped ... in ...` summary. Vitest's own duration line stays the per-shard detail.
 - Shared OpenClaw test state: use `src/test-utils/openclaw-test-state.ts` from Vitest when a test needs an isolated `HOME`, `OPENCLAW_STATE_DIR`, `OPENCLAW_CONFIG_PATH`, config fixture, workspace, agent dir, or auth-profile store.
 - Control UI mocked E2E: use `pnpm test:ui:e2e` for the Vitest + Playwright lane that starts the Vite Control UI and drives a real Chromium page against a mocked Gateway WebSocket. Tests live in `ui/src/**/*.e2e.test.ts`; shared mocks and controls live in `ui/src/test-helpers/control-ui-e2e.ts`. `pnpm test:e2e` includes this lane. In Codex worktrees, prefer `node scripts/run-vitest.mjs run --config test/vitest/vitest.ui-e2e.config.ts --configLoader runner ui/src/ui/e2e/chat-flow.e2e.test.ts` for tiny targeted proof after dependencies are installed, or Testbox/Crabbox for broader GUI proof.
@@ -39,6 +43,7 @@ title: "Tests"
 - `pnpm test:perf:profile:runner`: writes CPU + heap profiles for the unit runner (`.artifacts/vitest-runner-profile`).
 - `pnpm test:perf:groups --full-suite --allow-failures --output .artifacts/test-perf/baseline-before.json`: runs every full-suite Vitest leaf config serially and writes grouped duration data plus per-config JSON/log artifacts. The Test Performance Agent uses this as its baseline before attempting slow-test fixes.
 - `pnpm test:perf:groups:compare .artifacts/test-perf/baseline-before.json .artifacts/test-perf/after-agent.json`: compares grouped reports after a performance-focused change.
+- `pnpm test:docker:timings <summary.json>` inspects slow Docker lanes after a Docker all run; use `pnpm test:docker:rerun <run-id|summary.json|failures.json>` to print cheap targeted rerun commands from the same artifacts.
 - Gateway integration: opt-in via `OPENCLAW_TEST_INCLUDE_GATEWAY=1 pnpm test` or `pnpm test:gateway`.
 - `pnpm test:e2e`: Runs the repo E2E aggregate: gateway end-to-end smoke tests plus the Control UI mocked browser E2E lane.
 - `pnpm test:e2e:gateway`: Runs gateway end-to-end smoke tests (multi-instance WS/HTTP/node pairing). Defaults to `threads` + `isolate: false` with adaptive workers in `vitest.e2e.config.ts`; tune with `OPENCLAW_E2E_WORKERS=<n>` and set `OPENCLAW_E2E_VERBOSE=1` for verbose logs.

docs/tools/acp-agents.md

@@ -837,8 +837,9 @@ permission modes, see
 <Note>
 `Command blocked by PreToolUse hook: Native hook relay unavailable` belongs to
 the native Codex hook relay, not ACP/acpx. In a bound Codex chat, start a fresh
-session with `/new` or `/reset`; if it persists, restart the Codex app-server or
-OpenClaw Gateway. See [Codex harness troubleshooting](/plugins/codex-harness#troubleshooting).
+session with `/new` or `/reset`; if it works once and then returns on the next
+native tool call, restart the Codex app-server or OpenClaw Gateway instead of
+repeating `/new`. See [Codex harness troubleshooting](/plugins/codex-harness#troubleshooting).
 </Note>
 
 ## Related

docs/tools/creating-skills.md

@@ -21,6 +21,16 @@ For how skills are loaded and prioritized, see [Skills](/tools/skills).
     mkdir -p ~/.openclaw/workspace/skills/hello-world
     ```
 
+    You can group skills in subfolders when your library grows:
+
+    ```bash
+    mkdir -p ~/.openclaw/workspace/skills/personal/hello-world
+    ```
+
+    Group folders are only organizational. The skill is still named by
+    `SKILL.md` frontmatter, so `name: hello-world` is invoked as
+    `/hello-world`.
+
   </Step>
 
   <Step title="Write SKILL.md">
@@ -40,7 +50,7 @@ For how skills are loaded and prioritized, see [Skills](/tools/skills).
     ```
 
     Use hyphen-case with lowercase letters, digits, and hyphens for the skill
-    `name`. Keep the folder name and frontmatter `name` aligned.
+    `name`. Keep the leaf folder name and frontmatter `name` aligned.
 
   </Step>
 
@@ -52,7 +62,15 @@ For how skills are loaded and prioritized, see [Skills](/tools/skills).
   </Step>
 
   <Step title="Load the skill">
-    Start a new session so OpenClaw picks up the skill:
+    Verify the skill loaded:
+
+    ```bash
+    openclaw skills list
+    ```
+
+    OpenClaw watches nested `SKILL.md` files under skills roots. If the watcher
+    is disabled or you are continuing an existing session, start a new session
+    so the model receives the refreshed skills list:
 
     ```bash
     # From chat
@@ -62,12 +80,6 @@ For how skills are loaded and prioritized, see [Skills](/tools/skills).
     openclaw gateway restart
     ```
 
-    Verify the skill loaded:
-
-    ```bash
-    openclaw skills list
-    ```
-
   </Step>
 
   <Step title="Test it">
@@ -134,6 +146,10 @@ Once a basic skill works, these fields help make it reliable and portable:
 | Bundled (shipped with OpenClaw) | Low        | Global                |
 | `skills.load.extraDirs`         | Lowest     | Custom shared folders |
 
+Each skills root can contain direct skill folders such as
+`skills/hello-world/SKILL.md` or grouped folders such as
+`skills/personal/hello-world/SKILL.md`.
+
 ## Related
 
 - [Skills reference](/tools/skills) — loading, precedence, and gating rules

docs/tools/pdf.md

@@ -53,6 +53,10 @@ Analysis prompt.
 Page filter like `1-5` or `1,3,7-9`.
 </ParamField>
 
+<ParamField path="password" type="string">
+Password for encrypted PDFs in extraction fallback mode.
+</ParamField>
+
 <ParamField path="model" type="string">
 Optional model override in `provider/model` form.
 </ParamField>
@@ -66,6 +70,7 @@ Input notes:
 - `pdf` and `pdfs` are merged and deduplicated before loading.
 - If no PDF input is provided, the tool errors.
 - `pages` is parsed as 1-based page numbers, deduped, sorted, and clamped to the configured max pages.
+- `password` applies to every PDF in the request and is only used by extraction fallback mode.
 - `maxBytesMb` defaults to `agents.defaults.pdfMaxBytesMb` or `10`.
 
 ## Supported PDF references
@@ -92,6 +97,7 @@ The tool sends raw PDF bytes directly to provider APIs.
 Native mode limits:
 
 - `pages` is not supported. If set, the tool returns an error.
+- `password` is not supported. Use a non-native model to analyze encrypted PDFs.
 - Multi-PDF input is supported; each PDF is sent as a native document block /
   inline PDF part before the prompt.
 
@@ -108,13 +114,14 @@ Flow:
 Fallback details:
 
 - Page image extraction uses a pixel budget of `4,000,000`.
+- Encrypted PDFs can be opened with the top-level `password` parameter.
 - If the target model does not support image input and there is no extractable text, the tool errors.
 - If text extraction succeeds but image extraction would require vision on a
   text-only model, OpenClaw drops the rendered images and continues with the
   extracted text.
 - Extraction fallback uses the bundled `document-extract` plugin. The plugin owns
-  `pdfjs-dist`; `@napi-rs/canvas` is used only when image rendering fallback is
-  available.
+  `clawpdf`, which provides text extraction and image rendering through PDFium
+  WebAssembly.
 
 ## Config
 
@@ -189,6 +196,17 @@ Page-filtered fallback model:
 }
 ```
 
+Encrypted PDF with extraction fallback:
+
+```json
+{
+  "pdf": "/tmp/locked.pdf",
+  "password": "example-password",
+  "model": "openai/gpt-5.4-mini",
+  "prompt": "Summarize this contract"
+}
+```
+
 ## Related
 
 - [Tools Overview](/tools) - all available agent tools

docs/tools/plugin.md

@@ -136,6 +136,13 @@ bundled copy. Use `clawhub:`, `npm:`, `git:`, or `npm-pack:` when you need
 deterministic source selection. See [`openclaw plugins`](/cli/plugins#install)
 for the full command contract.
 
+For npm installs, unpinned package specs and `@latest` choose the newest stable
+package that advertises compatibility with this OpenClaw build. If npm's
+current latest release declares a newer `openclaw.compat.pluginApi` or
+`openclaw.install.minHostVersion`, OpenClaw scans older stable package versions
+and installs the newest one that fits. Exact versions and explicit channel tags
+such as `@beta` stay pinned to the selected package and fail when incompatible.
+
 ### Configure plugin policy
 
 The common plugin config shape is:

docs/tools/skills.md

@@ -29,6 +29,19 @@ OpenClaw loads skills from these sources, **highest precedence first**:
 
 If a skill name conflicts, the highest source wins.
 
+Skill roots can be organized with folders. A skill is discovered when a
+`SKILL.md` appears under a configured skills root, so these are both valid:
+
+```text
+<workspace>/skills/research/SKILL.md
+<workspace>/skills/personal/research/SKILL.md
+```
+
+The folder path is only for organization. The skill's visible name, slash
+command, and allowlist key come from `SKILL.md` frontmatter `name` (or the skill
+directory name when `name` is missing), so a nested skill with `name: research`
+is still invoked as `/research`, not `/personal/research`.
+
 Codex CLI's native `$CODEX_HOME/skills` directory is not one of these OpenClaw
 skill roots. In Codex harness mode, local app-server launches use isolated
 per-agent Codex homes, so skills in the operator's personal `~/.codex/skills`
@@ -149,9 +162,11 @@ all local agents unless agent skill allowlists narrow visibility. The separate
 `clawhub` CLI also installs into `./skills` under your current working
 directory (or falls back to the configured OpenClaw workspace). OpenClaw picks
 that up as `<workspace>/skills` on the next session.
-Configured skill roots also support one grouping level, such as
-`skills/<group>/<skill>/SKILL.md`, so related third-party skills can be
-kept under a shared folder without broad recursive scanning.
+Configured skill roots also support grouped layouts, such as
+`skills/<group>/<skill>/SKILL.md`, so related third-party skills can be kept
+under shared folders without broad recursive scanning. Use flat frontmatter
+names when grouping, for example `skills/imported/research/SKILL.md` with
+`name: research`.
 
 Git and local directory installs expect a `SKILL.md` at the source root. The
 install slug comes from `SKILL.md` frontmatter `name` when it is a valid slug,
@@ -196,6 +211,11 @@ Prefer sandboxed runs for untrusted inputs and risky tools. See
 </Warning>
 
 - Workspace, project-agent, and extra-dir skill discovery only accepts skill roots whose resolved realpath stays inside the configured root unless `skills.load.allowSymlinkTargets` explicitly trusts a target root. Bundled skills always stay contained. Managed `~/.openclaw/skills` and personal `~/.agents/skills` roots may contain symlinked skill folders installed by ClawHub or another local skill manager, but every `SKILL.md` realpath must still stay inside its resolved skill directory.
+- Nested discovery is bounded. OpenClaw scans grouped skill folders under
+  skills roots such as `<workspace>/skills`, `<workspace>/.agents/skills`,
+  `~/.agents/skills`, and `~/.openclaw/skills`, but skips hidden directories,
+  `node_modules`, oversized `SKILL.md` files, escaped symlinks, and suspiciously
+  large directory trees.
 - Gateway private archive installs are off by default. When explicitly enabled,
   they require a committed zip upload containing `SKILL.md` and reuse the same
   archive extraction, path traversal, symlink, force, and rollback protections as
@@ -488,6 +508,10 @@ layouts where a skill root contains a symlink, for example
 symlinks from local skill managers by default, but the target list is still
 matched after realpath resolution and should stay narrow when configured.
 
+The watcher covers nested `SKILL.md` files under grouped skill roots. Adding or
+editing `skills/personal/foo/SKILL.md` refreshes the snapshot the same way as
+editing `skills/foo/SKILL.md`.
+
 ### Remote macOS nodes (Linux gateway)
 
 If the Gateway runs on Linux but a **macOS node** is connected with

docs/tools/video-generation.md

@@ -122,7 +122,7 @@ generation.
 | OpenRouter            | `google/veo-3.1-fast`           |  ✓   | Up to 4 images (first/last frame or references)      | -                                               | `OPENROUTER_API_KEY`                     |
 | Qwen                  | `wan2.6-t2v`                    |  ✓   | Yes (remote URL)                                     | Yes (remote URL)                                | `QWEN_API_KEY`                           |
 | Runway                | `gen4.5`                        |  ✓   | 1 image                                              | 1 video                                         | `RUNWAYML_API_SECRET`                    |
-| Together              | `Wan-AI/Wan2.2-T2V-A14B`        |  ✓   | 1 image                                              | -                                               | `TOGETHER_API_KEY`                       |
+| Together              | `Wan-AI/Wan2.2-T2V-A14B`        |  ✓   | `Wan-AI/Wan2.2-I2V-A14B` only                        | -                                               | `TOGETHER_API_KEY`                       |
 | Vydra                 | `veo3`                          |  ✓   | 1 image (`kling`)                                    | -                                               | `VYDRA_API_KEY`                          |
 | xAI                   | `grok-imagine-video`            |  ✓   | 1 first-frame image or up to 7 `reference_image`s    | 1 video                                         | `XAI_API_KEY`                            |
 

docs/web/webchat.md

@@ -60,12 +60,15 @@ Normal agent-run final answers should be durable because the embedded runtime wr
 ## Control UI agents tools panel
 
 - The Control UI `/agents` Tools panel has two separate views:
-  - **Available Right Now** uses `tools.effective(sessionKey=...)` and shows what the current
-    session can actually use at runtime, including core, plugin, and channel-owned tools.
+  - **Available Right Now** uses `tools.effective(sessionKey=...)` and shows a server-derived
+    read-only projection of the current session inventory, including core, plugin, channel-owned,
+    and already-discovered MCP server tools.
   - **Tool Configuration** uses `tools.catalog` and stays focused on profiles, overrides, and
     catalog semantics.
 - Runtime availability is session-scoped. Switching sessions on the same agent can change the
-  **Available Right Now** list.
+  **Available Right Now** list. If configured MCP servers have not been connected or were changed
+  since the last discovery, the panel shows a notice instead of silently starting MCP transports
+  from the read path.
 - The config editor does not imply runtime availability; effective access still follows policy
   precedence (`allow`/`deny`, per-agent and provider/channel overrides).
 

extensions/amazon-bedrock-mantle/npm-shrinkwrap.json

@@ -592,12 +592,12 @@
       }
     },
     "node_modules/@smithy/node-http-handler": {
-      "version": "4.7.3",
-      "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.7.3.tgz",
-      "integrity": "sha512-/jPhevcTFPMVl6KNjbaI47iOg1zxC7IsnX4PQDGVZKMFceOXtB8IEYaB7a9VvkP/3oC60WzTeKocvSI7vLT0vA==",
+      "version": "4.7.4",
+      "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.7.4.tgz",
+      "integrity": "sha512-HIeF+1vrDGzPkkv39Hj2vlHSXHY3p958jd/8ZnePIY6+ZOsQX8coyEUKO5yQu4r0bQIVsbpotVIrXXwyycMStQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/core": "^3.24.3",
+        "@smithy/core": "^3.24.4",
         "@smithy/types": "^4.14.2",
         "tslib": "^2.6.2"
       },

extensions/amazon-bedrock/npm-shrinkwrap.json

@@ -11,7 +11,7 @@
         "@aws-sdk/client-bedrock": "3.1053.0",
         "@aws-sdk/client-bedrock-runtime": "3.1053.0",
         "@aws-sdk/credential-provider-node": "3.972.44",
-        "@smithy/node-http-handler": "4.7.3",
+        "@smithy/node-http-handler": "4.7.4",
         "@smithy/shared-ini-file-loader": "4.5.4",
         "@smithy/types": "4.14.2"
       }
@@ -528,12 +528,12 @@
       }
     },
     "node_modules/@smithy/node-http-handler": {
-      "version": "4.7.3",
-      "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.7.3.tgz",
-      "integrity": "sha512-/jPhevcTFPMVl6KNjbaI47iOg1zxC7IsnX4PQDGVZKMFceOXtB8IEYaB7a9VvkP/3oC60WzTeKocvSI7vLT0vA==",
+      "version": "4.7.4",
+      "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.7.4.tgz",
+      "integrity": "sha512-HIeF+1vrDGzPkkv39Hj2vlHSXHY3p958jd/8ZnePIY6+ZOsQX8coyEUKO5yQu4r0bQIVsbpotVIrXXwyycMStQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/core": "^3.24.3",
+        "@smithy/core": "^3.24.4",
         "@smithy/types": "^4.14.2",
         "tslib": "^2.6.2"
       },

extensions/amazon-bedrock/package.json

@@ -11,7 +11,7 @@
     "@aws-sdk/client-bedrock": "3.1053.0",
     "@aws-sdk/client-bedrock-runtime": "3.1053.0",
     "@aws-sdk/credential-provider-node": "3.972.44",
-    "@smithy/node-http-handler": "4.7.3",
+    "@smithy/node-http-handler": "4.7.4",
     "@smithy/shared-ini-file-loader": "4.5.4",
     "@smithy/types": "4.14.2"
   },

extensions/anthropic/claude-model-refs.ts

@@ -4,7 +4,7 @@ import { CLAUDE_CLI_BACKEND_ID, CLAUDE_CLI_MODEL_ALIASES } from "./cli-constants
 const DEFAULT_CLAUDE_MODEL_BY_FAMILY: Record<string, string> = {
   opus: "claude-opus-4-7",
   sonnet: "claude-sonnet-4-6",
-  haiku: "claude-sonnet-4-6",
+  haiku: "claude-haiku-4-5",
 };
 
 export type ClaudeCliAnthropicModelRefs = {
@@ -117,6 +117,10 @@ function upgradeOldClaudeModelId(normalized: string): string | null {
   if (normalized.startsWith("claude-sonnet-4-6") || normalized.startsWith("claude-sonnet-4.6")) {
     return null;
   }
+  // claude-haiku-4-5 is a current production model and must not be migrated.
+  if (normalized.startsWith("claude-haiku-4-5") || normalized.startsWith("claude-haiku-4.5")) {
+    return null;
+  }
   if (
     normalized === "claude-opus-4" ||
     hasAnyRetiredVersionPrefix(normalized, [
@@ -140,8 +144,6 @@ function upgradeOldClaudeModelId(normalized: string): string | null {
       "claude-sonnet-4.1",
       "claude-sonnet-4-0",
       "claude-sonnet-4.0",
-      "claude-haiku-4-5",
-      "claude-haiku-4.5",
     ]) ||
     /^claude-sonnet-4-20\d{6}/.test(normalized)
   ) {
@@ -172,7 +174,6 @@ function upgradeOldClaudeModelId(normalized: string): string | null {
     normalized === "sonnet-3.7" ||
     normalized === "sonnet-3.5" ||
     normalized === "sonnet-3" ||
-    normalized === "haiku-4.5" ||
     normalized === "haiku-3.5" ||
     normalized === "haiku-3"
   ) {

extensions/anthropic/cli-migration.test.ts

@@ -55,6 +55,28 @@ describe("anthropic Claude model refs", () => {
     expect(resolveKnownAnthropicModelRef("anthropic/claude-sonnet-4-7")).toBe(
       "anthropic/claude-sonnet-4-7",
     );
+    expect(resolveKnownAnthropicModelRef("anthropic/claude-haiku-4-5")).toBe(
+      "anthropic/claude-haiku-4-5",
+    );
+  });
+
+  it("preserves the current claude-haiku-4-5 model and its bare alias", () => {
+    // claude-haiku-4-5 is a current production model (not retired), so neither
+    // its full ref, its dotted variant, nor the bare "haiku" family alias must
+    // be rewritten to sonnet.
+    expect(resolveKnownAnthropicModelRef("anthropic/claude-haiku-4-5")).toBe(
+      "anthropic/claude-haiku-4-5",
+    );
+    expect(resolveKnownAnthropicModelRef("anthropic/claude-haiku-4.5")).toBe(
+      "anthropic/claude-haiku-4.5",
+    );
+    expect(resolveKnownAnthropicModelRef("anthropic/claude-haiku-4-5@anthropic:work")).toBe(
+      "anthropic/claude-haiku-4-5@anthropic:work",
+    );
+    // Genuinely retired Claude 3 Haiku still upgrades to the current sonnet.
+    expect(resolveKnownAnthropicModelRef("anthropic/claude-3-5-haiku-20241022")).toBe(
+      "anthropic/claude-sonnet-4-6",
+    );
   });
 });
 

extensions/anthropic/cli-shared.test.ts

@@ -271,8 +271,8 @@ describe("normalizeClaudeBackendConfig", () => {
   });
 
   it("passes system prompt on every turn (issue #80374 — systemPromptWhen must be 'always')", () => {
-    // Before fix this was hardcoded to "first", which silently dropped
-    // systemPromptOverride on every resumed / compacted claude-cli session.
+    // Before fix this was hardcoded to "first", which silently dropped updated
+    // OpenClaw system prompt context on resumed / compacted claude-cli sessions.
     const backend = buildAnthropicCliBackend();
     expect(backend.config.systemPromptWhen).toBe("always");
   });

extensions/bonjour/manifest.test.ts

@@ -15,8 +15,8 @@ describe("bonjour package manifest", () => {
       fs.readFileSync(new URL("../../package.json", import.meta.url), "utf8"),
     ) as PackageManifest;
 
-    expect(pluginPackageJson.dependencies?.["@homebridge/ciao"]).toBe("1.3.8");
-    expect(rootPackageJson.dependencies?.["@homebridge/ciao"]).toBe("1.3.8");
+    expect(pluginPackageJson.dependencies?.["@homebridge/ciao"]).toBe("1.3.9");
+    expect(rootPackageJson.dependencies?.["@homebridge/ciao"]).toBe("1.3.9");
     expect(pluginPackageJson.devDependencies?.["@homebridge/ciao"]).toBeUndefined();
   });
 });

extensions/bonjour/package.json

@@ -4,7 +4,7 @@
   "description": "OpenClaw Bonjour/mDNS gateway discovery",
   "type": "module",
   "dependencies": {
-    "@homebridge/ciao": "1.3.8"
+    "@homebridge/ciao": "1.3.9"
   },
   "devDependencies": {
     "@openclaw/plugin-sdk": "workspace:*"

extensions/brave/src/brave-web-search-provider.runtime.ts

@@ -7,11 +7,12 @@ import {
   buildSearchCacheKey,
   DEFAULT_SEARCH_COUNT,
   formatCliCommand,
+  MAX_SEARCH_COUNT,
   normalizeFreshness,
   parseIsoDateRange,
   readCachedSearchPayload,
   readConfiguredSecretString,
-  readNumberParam,
+  readPositiveIntegerParam,
   readProviderEnvValue,
   readStringParam,
   resolveSearchCacheTtlMs,
@@ -351,7 +352,12 @@ export async function executeBraveSearch(
   const braveEndpointMode = await validateBraveBaseUrl(braveBaseUrl);
   const query = readStringParam(args, "query", { required: true });
   const count =
-    readNumberParam(args, "count", { integer: true }) ?? searchConfig?.maxResults ?? undefined;
+    readPositiveIntegerParam(args, "count", {
+      max: MAX_SEARCH_COUNT,
+      message: `count must be an integer from 1 to ${MAX_SEARCH_COUNT}.`,
+    }) ??
+    searchConfig?.maxResults ??
+    undefined;
   const country = normalizeBraveCountry(readStringParam(args, "country"));
   const language = readStringParam(args, "language");
   const search_lang = readStringParam(args, "search_lang");

extensions/brave/src/brave-web-search-provider.ts

@@ -28,7 +28,7 @@ const BraveSearchSchema = {
   properties: {
     query: { type: "string", description: "Search query string." },
     count: {
-      type: "number",
+      type: "integer",
       description: "Number of results to return (1-10).",
       minimum: 1,
       maximum: 10,

extensions/browser/index.test.ts

@@ -1,7 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { createTestPluginApi } from "openclaw/plugin-sdk/plugin-test-api";
-import { beforeAll, describe, expect, it, vi } from "vitest";
+import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import {
   browserPluginNodeHostCommands,
   browserPluginReload,
@@ -25,6 +25,7 @@ const runtimeApiMocks = vi.hoisted(() => ({
   handleBrowserGatewayRequest: vi.fn(),
   registerBrowserCli: vi.fn(),
   runBrowserProxyCommand: vi.fn(async () => "ok"),
+  stopBrowserControlService: vi.fn(async () => undefined),
 }));
 
 vi.mock("./register.runtime.js", async () => {
@@ -44,10 +45,22 @@ vi.mock("./src/cli/browser-cli.js", () => ({
   registerBrowserCli: runtimeApiMocks.registerBrowserCli,
 }));
 
+vi.mock("./src/control-service.js", () => ({
+  stopBrowserControlService: runtimeApiMocks.stopBrowserControlService,
+}));
+
 beforeAll(async () => {
   await import("./register.runtime.js");
 });
 
+beforeEach(() => {
+  vi.clearAllMocks();
+});
+
+afterEach(() => {
+  vi.unstubAllEnvs();
+});
+
 function createApi() {
   const registerCli = vi.fn();
   const registerGatewayMethod = vi.fn();
@@ -189,7 +202,7 @@ describe("browser plugin", () => {
     expect(runtimeApiMocks.collectBrowserSecurityAuditFindings).toHaveBeenCalled();
   });
 
-  it("lazy-loads the browser service on start", async () => {
+  it("registers a lazy browser control service", async () => {
     const { api, registerService } = createApi();
     registerBrowserPlugin(api);
 
@@ -203,10 +216,43 @@ describe("browser plugin", () => {
     expect(typeof service?.stop).toBe("function");
     expect(runtimeApiMocks.createBrowserPluginService).not.toHaveBeenCalled();
 
+    await service.start({ config: {}, stateDir: "/tmp/openclaw", logger: { warn: vi.fn() } });
+    expect(runtimeApiMocks.createBrowserPluginService).not.toHaveBeenCalled();
+
+    await service.stop({ config: {}, stateDir: "/tmp/openclaw", logger: { warn: vi.fn() } });
+    expect(runtimeApiMocks.stopBrowserControlService).toHaveBeenCalledOnce();
+  });
+
+  it("eager-loads the browser control service when explicitly requested", async () => {
+    vi.stubEnv("OPENCLAW_EAGER_BROWSER_CONTROL_SERVER", "1");
+    const { api, registerService } = createApi();
+    registerBrowserPlugin(api);
+
+    const service = mockCallArg(registerService) as {
+      id: string;
+      start: (...args: unknown[]) => unknown;
+    };
+
     await service.start({ config: {}, stateDir: "/tmp/openclaw", logger: { warn: vi.fn() } });
     expect(runtimeApiMocks.createBrowserPluginService).toHaveBeenCalledOnce();
   });
 
+  for (const value of ["false", "", "disabled"]) {
+    it(`keeps browser control service env value ${JSON.stringify(value)} lazy`, async () => {
+      vi.stubEnv("OPENCLAW_EAGER_BROWSER_CONTROL_SERVER", value);
+      const { api, registerService } = createApi();
+      registerBrowserPlugin(api);
+
+      const service = mockCallArg(registerService) as {
+        id: string;
+        start: (...args: unknown[]) => unknown;
+      };
+
+      await service.start({ config: {}, stateDir: "/tmp/openclaw", logger: { warn: vi.fn() } });
+      expect(runtimeApiMocks.createBrowserPluginService).not.toHaveBeenCalled();
+    });
+  }
+
   it("declares setup auto-enable reasons for browser config surfaces", () => {
     const probe = registerBrowserAutoEnableProbe();
 

extensions/browser/plugin-registration.ts

@@ -13,6 +13,12 @@ import {
 } from "./src/browser-gateway-contract.js";
 import { BrowserToolSchema } from "./src/browser-tool.schema.js";
 
+const EAGER_BROWSER_CONTROL_SERVICE_ENV = "OPENCLAW_EAGER_BROWSER_CONTROL_SERVER";
+
+function isTruthyEnvValue(value: string | undefined): boolean {
+  return /^(?:1|true|yes|on)$/iu.test(value?.trim() ?? "");
+}
+
 const BROWSER_CLI_DESCRIPTOR = {
   name: "browser",
   description: "Manage OpenClaw's dedicated browser (Chrome/Chromium)",
@@ -84,14 +90,19 @@ function createLazyBrowserPluginService(): OpenClawPluginService {
   return {
     id: "browser-control",
     start: async (ctx) => {
+      if (!isTruthyEnvValue(process.env[EAGER_BROWSER_CONTROL_SERVICE_ENV])) {
+        return;
+      }
       const loaded = await loadService();
       await loaded.start(ctx);
     },
     stop: async (ctx) => {
-      if (!service?.stop) {
+      if (!service) {
+        const { stopBrowserControlService } = await import("./src/control-service.js");
+        await stopBrowserControlService().catch(() => {});
         return;
       }
-      await service.stop(ctx);
+      await service.stop?.(ctx);
     },
   };
 }

extensions/browser/src/browser-tool.actions.ts

@@ -1,4 +1,8 @@
 import type { AgentToolResult } from "openclaw/plugin-sdk/agent-core";
+import {
+  readNonNegativeIntegerParam,
+  readPositiveIntegerParam,
+} from "openclaw/plugin-sdk/param-readers";
 import {
   DEFAULT_AI_SNAPSHOT_MAX_CHARS,
   browserAct,
@@ -346,16 +350,18 @@ export async function executeSnapshotAction(params: {
     input.refs === "aria" || input.refs === "role" ? input.refs : undefined;
   const hasMaxChars = Object.hasOwn(input, "maxChars");
   const targetId = normalizeOptionalString(input.targetId);
-  const limit =
-    typeof input.limit === "number" && Number.isFinite(input.limit) ? input.limit : undefined;
-  const maxChars =
-    typeof input.maxChars === "number" && Number.isFinite(input.maxChars) && input.maxChars > 0
-      ? Math.floor(input.maxChars)
-      : undefined;
+  const limit = readPositiveIntegerParam(input, "limit", {
+    message: "limit must be a positive integer.",
+  });
+  const maxCharsRaw = readNonNegativeIntegerParam(input, "maxChars", {
+    message: "maxChars must be a non-negative integer.",
+  });
+  const maxChars = maxCharsRaw !== undefined && maxCharsRaw > 0 ? maxCharsRaw : undefined;
   const interactive = typeof input.interactive === "boolean" ? input.interactive : undefined;
   const compact = typeof input.compact === "boolean" ? input.compact : undefined;
-  const depth =
-    typeof input.depth === "number" && Number.isFinite(input.depth) ? input.depth : undefined;
+  const depth = readNonNegativeIntegerParam(input, "depth", {
+    message: "depth must be a non-negative integer.",
+  });
   const selector = normalizeOptionalString(input.selector);
   const frame = normalizeOptionalString(input.frame);
   const resolvedMaxChars =
@@ -369,7 +375,9 @@ export async function executeSnapshotAction(params: {
         ? maxChars
         : undefined;
   const snapshotTimeoutMs =
-    normalizePositiveTimeoutMs(input.timeoutMs) ?? DEFAULT_BROWSER_SNAPSHOT_TIMEOUT_MS;
+    readPositiveIntegerParam(input, "timeoutMs", {
+      message: "timeoutMs must be a positive integer.",
+    }) ?? DEFAULT_BROWSER_SNAPSHOT_TIMEOUT_MS;
   const snapshotQuery = {
     ...(format ? { format } : {}),
     targetId,

extensions/browser/src/browser-tool.runtime.ts

@@ -13,6 +13,7 @@ export {
   imageResultFromFile,
   jsonResult,
   listNodes,
+  readPositiveIntegerParam,
   readStringParam,
   resolveNodeIdFromList,
   selectDefaultNodeFromList,

extensions/browser/src/browser-tool.schema.ts

@@ -1,4 +1,9 @@
-import { optionalStringEnum, stringEnum } from "openclaw/plugin-sdk/channel-actions";
+import {
+  optionalNonNegativeIntegerSchema,
+  optionalPositiveIntegerSchema,
+  optionalStringEnum,
+  stringEnum,
+} from "openclaw/plugin-sdk/channel-actions";
 import { Type } from "typebox";
 
 const BROWSER_ACT_KINDS = [
@@ -81,7 +86,7 @@ const BrowserActSchema = Type.Object({
   url: Type.Optional(Type.String()),
   loadState: Type.Optional(Type.String()),
   textGone: Type.Optional(Type.String()),
-  timeoutMs: Type.Optional(Type.Number()),
+  timeoutMs: optionalPositiveIntegerSchema(),
   // evaluate
   fn: Type.Optional(Type.String()),
 });
@@ -98,14 +103,14 @@ export const BrowserToolSchema = Type.Object({
   url: Type.Optional(Type.String()),
   targetId: Type.Optional(Type.String()),
   label: Type.Optional(Type.String()),
-  limit: Type.Optional(Type.Number()),
-  maxChars: Type.Optional(Type.Number()),
+  limit: optionalPositiveIntegerSchema(),
+  maxChars: optionalNonNegativeIntegerSchema(),
   mode: optionalStringEnum(BROWSER_SNAPSHOT_MODES),
   snapshotFormat: optionalStringEnum(BROWSER_SNAPSHOT_FORMATS),
   refs: optionalStringEnum(BROWSER_SNAPSHOT_REFS),
   interactive: Type.Optional(Type.Boolean()),
   compact: Type.Optional(Type.Boolean()),
-  depth: Type.Optional(Type.Number()),
+  depth: optionalNonNegativeIntegerSchema(),
   selector: Type.Optional(Type.String()),
   frame: Type.Optional(Type.String()),
   labels: Type.Optional(Type.Boolean()),
@@ -117,7 +122,7 @@ export const BrowserToolSchema = Type.Object({
   level: Type.Optional(Type.String()),
   paths: Type.Optional(Type.Array(Type.String())),
   inputRef: Type.Optional(Type.String()),
-  timeoutMs: Type.Optional(Type.Number()),
+  timeoutMs: optionalPositiveIntegerSchema(),
   dialogId: Type.Optional(Type.String()),
   accept: Type.Optional(Type.Boolean()),
   promptText: Type.Optional(Type.String()),

extensions/browser/src/browser-tool.test.ts

@@ -204,6 +204,26 @@ vi.mock("./browser-tool.runtime.js", () => {
     listNodes: nodesUtilsMocks.listNodes,
     normalizeOptionalString: (value: unknown) => readStringValue(value)?.trim() || undefined,
     persistBrowserProxyFiles: vi.fn(async () => new Map<string, string>()),
+    readPositiveIntegerParam: (
+      params: Record<string, unknown>,
+      key: string,
+      options?: { message?: string },
+    ) => {
+      const raw = params[key];
+      if (raw == null) {
+        return undefined;
+      }
+      const value =
+        typeof raw === "number"
+          ? raw
+          : typeof raw === "string" && /^\d+$/.test(raw.trim())
+            ? Number(raw.trim())
+            : undefined;
+      if (value === undefined || !Number.isInteger(value) || value <= 0) {
+        throw new Error(options?.message ?? `${key} must be a positive integer`);
+      }
+      return value;
+    },
     readStringParam,
     readStringValue,
     resolveExistingPathsWithinRoot: vi.fn(async ({ requestedPaths }) => ({
@@ -458,6 +478,44 @@ describe("browser tool snapshot maxChars", () => {
     expect(opts.maxChars).toBe(override);
   });
 
+  it("parses string snapshot numeric options", async () => {
+    const tool = createBrowserTool();
+    await tool.execute?.("call-1", {
+      action: "snapshot",
+      target: "host",
+      snapshotFormat: "ai",
+      depth: "2",
+      limit: "4",
+      maxChars: "2000",
+      timeoutMs: "9000",
+    });
+
+    const opts = lastMockCallArg<{
+      depth?: number;
+      limit?: number;
+      maxChars?: number;
+      timeoutMs?: number;
+    }>(browserClientMocks.browserSnapshot, 1);
+    expect(opts.depth).toBe(2);
+    expect(opts.limit).toBe(4);
+    expect(opts.maxChars).toBe(2000);
+    expect(opts.timeoutMs).toBe(9000);
+  });
+
+  it("rejects fractional snapshot numeric options", async () => {
+    const tool = createBrowserTool();
+
+    await expect(
+      tool.execute?.("call-1", {
+        action: "snapshot",
+        target: "host",
+        snapshotFormat: "ai",
+        maxChars: 12.5,
+      }),
+    ).rejects.toThrow("maxChars must be a non-negative integer.");
+    expect(browserClientMocks.browserSnapshot).not.toHaveBeenCalled();
+  });
+
   it("skips the default when maxChars is explicitly zero", async () => {
     const tool = createBrowserTool();
     await tool.execute?.("call-1", {
@@ -516,6 +574,37 @@ describe("browser tool snapshot maxChars", () => {
     expect(opts.timeoutMs).toBe(60_000);
   });
 
+  it("parses string top-level timeoutMs values", async () => {
+    setResolvedBrowserProfiles({
+      user: { driver: "existing-session", attachOnly: true, color: "#00AA00" },
+    });
+    const tool = createBrowserTool();
+    await tool.execute?.("call-1", {
+      action: "open",
+      profile: "user",
+      url: "https://example.com",
+      timeoutMs: "60000",
+    });
+
+    const opts = lastMockCallArg<{ profile?: string; timeoutMs?: number }>(
+      browserClientMocks.browserOpenTab,
+      2,
+    );
+    expect(opts.timeoutMs).toBe(60_000);
+  });
+
+  it("rejects fractional top-level timeoutMs values", async () => {
+    const tool = createBrowserTool();
+
+    await expect(
+      tool.execute?.("call-1", {
+        action: "profiles",
+        timeoutMs: 12.5,
+      }),
+    ).rejects.toThrow("timeoutMs must be a positive integer.");
+    expect(browserClientMocks.browserProfiles).not.toHaveBeenCalled();
+  });
+
   it("passes top-level timeoutMs through to close without targetId", async () => {
     setResolvedBrowserProfiles({
       user: { driver: "existing-session", attachOnly: true, color: "#00AA00" },
@@ -802,6 +891,22 @@ describe("browser tool snapshot maxChars", () => {
     expect(opts.timeoutMs).toBe(12_345);
   });
 
+  it("parses string screenshot timeoutMs values", async () => {
+    const tool = createBrowserTool();
+    await tool.execute?.("call-1", {
+      action: "screenshot",
+      target: "host",
+      targetId: "tab-1",
+      timeoutMs: "12345",
+    });
+
+    const opts = lastMockCallArg<{ targetId?: string; timeoutMs?: number }>(
+      browserActionsMocks.browserScreenshotAction,
+      1,
+    );
+    expect(opts.timeoutMs).toBe(12_345);
+  });
+
   it("passes configured image sanitization to screenshot image results", async () => {
     configMocks.loadConfig.mockReturnValue({
       browser: {},

extensions/browser/src/browser-tool.ts

@@ -33,6 +33,7 @@ import {
   listNodes,
   normalizeOptionalString,
   persistBrowserProxyFiles,
+  readPositiveIntegerParam,
   readStringParam,
   readStringValue,
   resolveBrowserConfig,
@@ -128,10 +129,9 @@ export const testing = {
 
 function readOptionalTargetAndTimeout(params: Record<string, unknown>) {
   const targetId = normalizeOptionalString(params.targetId);
-  const timeoutMs =
-    typeof params.timeoutMs === "number" && Number.isFinite(params.timeoutMs)
-      ? params.timeoutMs
-      : undefined;
+  const timeoutMs = readPositiveIntegerParam(params, "timeoutMs", {
+    message: "timeoutMs must be a positive integer.",
+  });
   return { targetId, timeoutMs };
 }
 
@@ -422,9 +422,9 @@ function usesExistingSessionManageFlow(params: { action: string; profileName?: s
 }
 
 function readToolTimeoutMs(params: Record<string, unknown>) {
-  return typeof params.timeoutMs === "number" && Number.isFinite(params.timeoutMs)
-    ? Math.max(1, Math.floor(params.timeoutMs))
-    : undefined;
+  return readPositiveIntegerParam(params, "timeoutMs", {
+    message: "timeoutMs must be a positive integer.",
+  });
 }
 
 export function createBrowserTool(opts?: {
@@ -735,11 +735,7 @@ export function createBrowserTool(opts?: {
           const element = readStringParam(params, "element");
           const labels = typeof params.labels === "boolean" ? params.labels : undefined;
           const type = params.type === "jpeg" ? "jpeg" : "png";
-          const timeoutMs =
-            typeof params.timeoutMs === "number" && Number.isFinite(params.timeoutMs)
-              ? Math.max(1, Math.floor(params.timeoutMs))
-              : undefined;
-          const effectiveTimeoutMs = timeoutMs ?? DEFAULT_BROWSER_SCREENSHOT_TIMEOUT_MS;
+          const effectiveTimeoutMs = requestedTimeoutMs ?? DEFAULT_BROWSER_SCREENSHOT_TIMEOUT_MS;
           const result = proxyRequest
             ? ((await proxyRequest({
                 method: "POST",

extensions/browser/src/browser/chrome-mcp.test.ts

@@ -5,6 +5,7 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import {
   clickChromeMcpElement,
   buildChromeMcpArgs,
+  decodeChromeMcpStderrTail,
   ensureChromeMcpAvailable,
   evaluateChromeMcpScript,
   listChromeMcpTabs,
@@ -451,6 +452,14 @@ describe("chrome MCP page parsing", () => {
     expect(message).not.toContain(userDataDir);
   });
 
+  it("keeps Chrome MCP stderr tails within the byte cap without splitting UTF-8", () => {
+    const output = decodeChromeMcpStderrTail(Buffer.from(`${"x".repeat(8191)}é`));
+
+    expect(output).toMatch(/é$/);
+    expect(output).not.toContain("<22>");
+    expect(Buffer.byteLength(output, "utf8")).toBeLessThanOrEqual(8192);
+  });
+
   it("parses new_page text responses and returns the created tab", async () => {
     const factory: ChromeMcpSessionFactory = async () => createFakeSession();
     setChromeMcpSessionFactoryForTest(factory);

extensions/browser/src/browser/chrome-mcp.ts

@@ -123,6 +123,18 @@ const pendingSessions = new Map<string, Promise<ChromeMcpSession>>();
 let sessionFactory: ChromeMcpSessionFactory | null = null;
 let chromeMcpProcessCleanupDepsForTest: ChromeMcpProcessCleanupDeps | null = null;
 
+export function decodeChromeMcpStderrTail(buffer: Buffer): string {
+  if (buffer.length <= CHROME_MCP_STDERR_MAX_BYTES) {
+    return buffer.toString("utf8").trim();
+  }
+
+  let start = buffer.length - CHROME_MCP_STDERR_MAX_BYTES;
+  while (start < buffer.length && (buffer[start] & 0xc0) === 0x80) {
+    start++;
+  }
+  return buffer.subarray(start).toString("utf8").trim();
+}
+
 function asPages(value: unknown): ChromeMcpStructuredPage[] {
   if (!Array.isArray(value)) {
     return [];
@@ -408,7 +420,7 @@ function drainStderr(transport: StdioClientTransport): () => string {
     }
   });
   stream.on("error", () => {});
-  return () => Buffer.concat(chunks).toString("utf8").trim().slice(-CHROME_MCP_STDERR_MAX_BYTES);
+  return () => decodeChromeMcpStderrTail(Buffer.concat(chunks));
 }
 
 function redactChromeMcpDiagnosticText(text: string): string {