refactor(exec): centralize native approval delivery

- cron-jobs.md: add Related section (was missing entirely)
- cron-vs-heartbeat.md: add automation overview link, normalize dash style
- tasks.md: add automation overview link
- standing-orders.md: add automation overview, hooks, webhooks links

All automation pages now link back to /automation for navigation.

.agents/skills/openclaw-release-maintainer/SKILL.md

@@ -17,7 +17,7 @@ Use this skill for release and publish-time workflow. Keep ordinary development
 
 ## Keep release channel naming aligned
 
-- `stable`: tagged releases only, with npm dist-tag `latest`
+- `stable`: tagged releases only, published to npm `latest` and then mirrored onto npm `beta` unless `beta` already points at a newer prerelease
 - `beta`: prerelease tags like `vYYYY.M.D-beta.N`, with npm dist-tag `beta`
 - Prefer `-beta.N`; do not mint new `-1` or `-2` beta suffixes
 - `dev`: moving head on `main`

.gitignore

@@ -85,6 +85,7 @@ apps/ios/*.mobileprovision
 # Local untracked files
 .local/
 docs/.local/
+docs/internal/
 tmp/
 IDENTITY.md
 USER.md

.markdownlint-cli2.jsonc

@@ -1,6 +1,11 @@
 {
   "globs": ["docs/**/*.md", "docs/**/*.mdx", "README.md"],
-  "ignores": ["docs/zh-CN/**", "docs/.i18n/**", "docs/reference/templates/**", "**/.local/**"],
+  "ignores": [
+    "docs/zh-CN/**",
+    "docs/.i18n/**",
+    "docs/reference/templates/**",
+    "**/.local/**"
+  ],
   "config": {
     "default": true,
 

.npmignore

@@ -1,2 +1,3 @@
 **/node_modules/
+**/.runtime-deps-*/
 docs/.generated/

Dockerfile

@@ -64,6 +64,7 @@ WORKDIR /app
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
 COPY ui/package.json ./ui/package.json
 COPY patches ./patches
+COPY scripts/postinstall-bundled-plugins.mjs ./scripts/postinstall-bundled-plugins.mjs
 
 COPY --from=ext-deps /out/ ./${OPENCLAW_BUNDLED_PLUGIN_DIR}/
 

SECURITY.md

@@ -101,7 +101,7 @@ OpenClaw does **not** model one gateway as a multi-tenant, adversarial user boun
 - If multiple users need OpenClaw, use one VPS (or host/OS user boundary) per user.
 - For advanced setups, multiple gateways on one machine are possible, but only with strict isolation and are not the recommended default.
 - Exec behavior is host-first by default: `agents.defaults.sandbox.mode` defaults to `off`.
-- `tools.exec.host` defaults to `sandbox` as a routing preference, but if sandbox runtime is not active for the session, exec runs on the gateway host.
+- `tools.exec.host` defaults to `auto`: sandbox when sandbox runtime is active for the session, otherwise gateway.
 - Implicit exec calls (no explicit host in the tool call) follow the same behavior.
 - This is expected in OpenClaw's one-user trusted-operator model. If you need isolation, enable sandbox mode (`non-main`/`all`) and keep strict tool policy.
 

apps/android/app/build.gradle.kts

@@ -65,8 +65,8 @@ android {
         applicationId = "ai.openclaw.app"
         minSdk = 31
         targetSdk = 36
-        versionCode = 2026032900
-        versionName = "2026.3.29"
+        versionCode = 2026033000
+        versionName = "2026.3.30"
         ndk {
             // Support all major ABIs — native libs are tiny (~47 KB per ABI)
             abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")

apps/android/app/src/main/AndroidManifest.xml

@@ -31,6 +31,13 @@
         android:name="android.hardware.telephony"
         android:required="false" />
 
+    <queries>
+        <intent>
+            <action android:name="android.intent.action.MAIN" />
+            <category android:name="android.intent.category.LAUNCHER" />
+        </intent>
+    </queries>
+
     <application
         android:name=".NodeApp"
         android:allowBackup="true"

apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt

@@ -56,6 +56,17 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
 
   val gateways: StateFlow<List<GatewayEndpoint>> = runtimeState(initial = emptyList()) { it.gateways }
   val discoveryStatusText: StateFlow<String> = runtimeState(initial = "Searching…") { it.discoveryStatusText }
+  val notificationForwardingEnabled: StateFlow<Boolean> = prefs.notificationForwardingEnabled
+  val notificationForwardingMode: StateFlow<NotificationPackageFilterMode> =
+    prefs.notificationForwardingMode
+  val notificationForwardingPackages: StateFlow<Set<String>> = prefs.notificationForwardingPackages
+  val notificationForwardingQuietHoursEnabled: StateFlow<Boolean> =
+    prefs.notificationForwardingQuietHoursEnabled
+  val notificationForwardingQuietStart: StateFlow<String> = prefs.notificationForwardingQuietStart
+  val notificationForwardingQuietEnd: StateFlow<String> = prefs.notificationForwardingQuietEnd
+  val notificationForwardingMaxEventsPerMinute: StateFlow<Int> =
+    prefs.notificationForwardingMaxEventsPerMinute
+  val notificationForwardingSessionKey: StateFlow<String?> = prefs.notificationForwardingSessionKey
 
   val isConnected: StateFlow<Boolean> = runtimeState(initial = false) { it.isConnected }
   val isNodeConnected: StateFlow<Boolean> = runtimeState(initial = false) { it.nodeConnected }
@@ -197,6 +208,39 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
     prefs.setCanvasDebugStatusEnabled(value)
   }
 
+  fun setNotificationForwardingEnabled(value: Boolean) {
+    ensureRuntime().setNotificationForwardingEnabled(value)
+  }
+
+  fun setNotificationForwardingMode(mode: NotificationPackageFilterMode) {
+    ensureRuntime().setNotificationForwardingMode(mode)
+  }
+
+  fun setNotificationForwardingPackagesCsv(csv: String) {
+    val packages =
+      csv
+        .split(',')
+        .map { it.trim() }
+        .filter { it.isNotEmpty() }
+    ensureRuntime().setNotificationForwardingPackages(packages)
+  }
+
+  fun setNotificationForwardingQuietHours(
+    enabled: Boolean,
+    start: String,
+    end: String,
+  ): Boolean {
+    return ensureRuntime().setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  }
+
+  fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
+    ensureRuntime().setNotificationForwardingMaxEventsPerMinute(value)
+  }
+
+  fun setNotificationForwardingSessionKey(value: String?) {
+    ensureRuntime().setNotificationForwardingSessionKey(value)
+  }
+
   fun setVoiceScreenActive(active: Boolean) {
     ensureRuntime().setVoiceScreenActive(active)
   }

apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt

@@ -139,6 +139,7 @@ class NodeRuntime(
     motionPedometerAvailable = { motionHandler.isPedometerAvailable() },
     sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
     readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+    smsSearchPossible = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.hasTelephonyFeature() },
     callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
     hasRecordAudioPermission = { hasRecordAudioPermission() },
     manualTls = { manualTls.value },
@@ -164,6 +165,8 @@ class NodeRuntime(
     locationEnabled = { locationMode.value != LocationMode.Off },
     sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
     readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+    smsFeatureEnabled = { BuildConfig.OPENCLAW_ENABLE_SMS },
+    smsTelephonyAvailable = { sms.hasTelephonyFeature() },
     callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
     debugBuild = { BuildConfig.DEBUG },
     refreshNodeCanvasCapability = { nodeSession.refreshNodeCanvasCapability() },
@@ -534,6 +537,17 @@ class NodeRuntime(
   fun setOnboardingCompleted(value: Boolean) = prefs.setOnboardingCompleted(value)
   val lastDiscoveredStableId: StateFlow<String> = prefs.lastDiscoveredStableId
   val canvasDebugStatusEnabled: StateFlow<Boolean> = prefs.canvasDebugStatusEnabled
+  val notificationForwardingEnabled: StateFlow<Boolean> = prefs.notificationForwardingEnabled
+  val notificationForwardingMode: StateFlow<NotificationPackageFilterMode> =
+    prefs.notificationForwardingMode
+  val notificationForwardingPackages: StateFlow<Set<String>> = prefs.notificationForwardingPackages
+  val notificationForwardingQuietHoursEnabled: StateFlow<Boolean> =
+    prefs.notificationForwardingQuietHoursEnabled
+  val notificationForwardingQuietStart: StateFlow<String> = prefs.notificationForwardingQuietStart
+  val notificationForwardingQuietEnd: StateFlow<String> = prefs.notificationForwardingQuietEnd
+  val notificationForwardingMaxEventsPerMinute: StateFlow<Int> =
+    prefs.notificationForwardingMaxEventsPerMinute
+  val notificationForwardingSessionKey: StateFlow<String?> = prefs.notificationForwardingSessionKey
 
   private var didAutoConnect = false
 
@@ -686,6 +700,34 @@ class NodeRuntime(
     prefs.setCanvasDebugStatusEnabled(value)
   }
 
+  fun setNotificationForwardingEnabled(value: Boolean) {
+    prefs.setNotificationForwardingEnabled(value)
+  }
+
+  fun setNotificationForwardingMode(mode: NotificationPackageFilterMode) {
+    prefs.setNotificationForwardingMode(mode)
+  }
+
+  fun setNotificationForwardingPackages(packages: List<String>) {
+    prefs.setNotificationForwardingPackages(packages)
+  }
+
+  fun setNotificationForwardingQuietHours(
+    enabled: Boolean,
+    start: String,
+    end: String,
+  ): Boolean {
+    return prefs.setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  }
+
+  fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
+    prefs.setNotificationForwardingMaxEventsPerMinute(value)
+  }
+
+  fun setNotificationForwardingSessionKey(value: String?) {
+    prefs.setNotificationForwardingSessionKey(value)
+  }
+
   fun setVoiceScreenActive(active: Boolean) {
     if (!active) {
       stopActiveVoiceSession()

apps/android/app/src/main/java/ai/openclaw/app/NotificationForwardingPolicy.kt

@@ -0,0 +1,102 @@
+package ai.openclaw.app
+
+import java.time.Instant
+import java.time.ZoneId
+
+enum class NotificationPackageFilterMode(val rawValue: String) {
+  Allowlist("allowlist"),
+  Blocklist("blocklist"),
+  ;
+
+  companion object {
+    fun fromRawValue(raw: String?): NotificationPackageFilterMode {
+      return entries.firstOrNull { it.rawValue == raw?.trim()?.lowercase() } ?: Blocklist
+    }
+  }
+}
+
+internal data class NotificationForwardingPolicy(
+  val enabled: Boolean,
+  val mode: NotificationPackageFilterMode,
+  val packages: Set<String>,
+  val quietHoursEnabled: Boolean,
+  val quietStart: String,
+  val quietEnd: String,
+  val maxEventsPerMinute: Int,
+  val sessionKey: String?,
+)
+
+internal fun NotificationForwardingPolicy.allowsPackage(packageName: String): Boolean {
+  val normalized = packageName.trim()
+  if (normalized.isEmpty()) {
+    return false
+  }
+  return when (mode) {
+    NotificationPackageFilterMode.Allowlist -> packages.contains(normalized)
+    NotificationPackageFilterMode.Blocklist -> !packages.contains(normalized)
+  }
+}
+
+internal fun NotificationForwardingPolicy.isWithinQuietHours(
+  nowEpochMs: Long,
+  zoneId: ZoneId = ZoneId.systemDefault(),
+): Boolean {
+  if (!quietHoursEnabled) {
+    return false
+  }
+  val startMinutes = parseLocalHourMinute(quietStart) ?: return false
+  val endMinutes = parseLocalHourMinute(quietEnd) ?: return false
+  if (startMinutes == endMinutes) {
+    return true
+  }
+  val now =
+    Instant.ofEpochMilli(nowEpochMs)
+      .atZone(zoneId)
+      .toLocalTime()
+  val nowMinutes = now.hour * 60 + now.minute
+  return if (startMinutes < endMinutes) {
+    nowMinutes in startMinutes until endMinutes
+  } else {
+    nowMinutes >= startMinutes || nowMinutes < endMinutes
+  }
+}
+
+private val localHourMinuteRegex = Regex("""^([01]\d|2[0-3]):([0-5]\d)$""")
+
+internal fun normalizeLocalHourMinute(raw: String): String? {
+  val trimmed = raw.trim()
+  val match = localHourMinuteRegex.matchEntire(trimmed) ?: return null
+  return "${match.groupValues[1]}:${match.groupValues[2]}"
+}
+
+internal fun parseLocalHourMinute(raw: String): Int? {
+  val normalized = normalizeLocalHourMinute(raw) ?: return null
+  val parts = normalized.split(':')
+  val hour = parts[0].toInt()
+  val minute = parts[1].toInt()
+  return hour * 60 + minute
+}
+
+internal class NotificationBurstLimiter {
+  private val lock = Any()
+  private var windowStartMs: Long = -1L
+  private var eventsInWindow: Int = 0
+
+  fun allow(nowEpochMs: Long, maxEventsPerMinute: Int): Boolean {
+    if (maxEventsPerMinute <= 0) {
+      return false
+    }
+    val currentWindow = nowEpochMs - (nowEpochMs % 60_000L)
+    synchronized(lock) {
+      if (currentWindow != windowStartMs) {
+        windowStartMs = currentWindow
+        eventsInWindow = 0
+      }
+      if (eventsInWindow >= maxEventsPerMinute) {
+        return false
+      }
+      eventsInWindow += 1
+      return true
+    }
+  }
+}

apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt

@@ -185,7 +185,16 @@ class PermissionRequester(private val activity: ComponentActivity) {
     when (permission) {
       Manifest.permission.CAMERA -> "Camera"
       Manifest.permission.RECORD_AUDIO -> "Microphone"
-      Manifest.permission.SEND_SMS -> "SMS"
+      Manifest.permission.SEND_SMS -> "Send SMS"
+      Manifest.permission.READ_SMS -> "Read SMS"
+      Manifest.permission.READ_CONTACTS -> "Read Contacts"
+      Manifest.permission.WRITE_CONTACTS -> "Write Contacts"
+      Manifest.permission.READ_CALENDAR -> "Read Calendar"
+      Manifest.permission.WRITE_CALENDAR -> "Write Calendar"
+      Manifest.permission.READ_CALL_LOG -> "Read Call Log"
+      Manifest.permission.ACTIVITY_RECOGNITION -> "Motion Activity"
+      Manifest.permission.READ_MEDIA_IMAGES -> "Photos"
+      Manifest.permission.READ_EXTERNAL_STORAGE -> "Photos"
       else -> permission
     }
 }

apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt

@@ -26,6 +26,17 @@ class SecurePrefs(
     private const val voiceWakeModeKey = "voiceWake.mode"
     private const val plainPrefsName = "openclaw.node"
     private const val securePrefsName = "openclaw.node.secure"
+    private const val notificationsForwardingEnabledKey = "notifications.forwarding.enabled"
+    private const val defaultNotificationForwardingEnabled = false
+    private const val notificationsForwardingModeKey = "notifications.forwarding.mode"
+    private const val notificationsForwardingPackagesKey = "notifications.forwarding.packages"
+    private const val notificationsForwardingQuietHoursEnabledKey =
+      "notifications.forwarding.quietHoursEnabled"
+    private const val notificationsForwardingQuietStartKey = "notifications.forwarding.quietStart"
+    private const val notificationsForwardingQuietEndKey = "notifications.forwarding.quietEnd"
+    private const val notificationsForwardingMaxEventsPerMinuteKey =
+      "notifications.forwarding.maxEventsPerMinute"
+    private const val notificationsForwardingSessionKeyKey = "notifications.forwarding.sessionKey"
   }
 
   private val appContext = context.applicationContext
@@ -96,6 +107,55 @@ class SecurePrefs(
     MutableStateFlow(plainPrefs.getBoolean("canvas.debugStatusEnabled", false))
   val canvasDebugStatusEnabled: StateFlow<Boolean> = _canvasDebugStatusEnabled
 
+  private val _notificationForwardingEnabled =
+    MutableStateFlow(plainPrefs.getBoolean(notificationsForwardingEnabledKey, defaultNotificationForwardingEnabled))
+  val notificationForwardingEnabled: StateFlow<Boolean> = _notificationForwardingEnabled
+
+  private val _notificationForwardingMode =
+    MutableStateFlow(
+      NotificationPackageFilterMode.fromRawValue(
+        plainPrefs.getString(notificationsForwardingModeKey, null),
+      ),
+    )
+  val notificationForwardingMode: StateFlow<NotificationPackageFilterMode> = _notificationForwardingMode
+
+  private val _notificationForwardingPackages = MutableStateFlow(loadNotificationForwardingPackages())
+  val notificationForwardingPackages: StateFlow<Set<String>> = _notificationForwardingPackages
+
+  private val storedQuietStart =
+    normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty())
+      ?: "22:00"
+  private val storedQuietEnd =
+    normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty())
+      ?: "07:00"
+  private val storedQuietHoursEnabled =
+    plainPrefs.getBoolean(notificationsForwardingQuietHoursEnabledKey, false) &&
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty()) != null &&
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty()) != null
+
+  private val _notificationForwardingQuietHoursEnabled =
+    MutableStateFlow(storedQuietHoursEnabled)
+  val notificationForwardingQuietHoursEnabled: StateFlow<Boolean> = _notificationForwardingQuietHoursEnabled
+
+  private val _notificationForwardingQuietStart = MutableStateFlow(storedQuietStart)
+  val notificationForwardingQuietStart: StateFlow<String> = _notificationForwardingQuietStart
+
+  private val _notificationForwardingQuietEnd = MutableStateFlow(storedQuietEnd)
+  val notificationForwardingQuietEnd: StateFlow<String> = _notificationForwardingQuietEnd
+
+  private val _notificationForwardingMaxEventsPerMinute =
+    MutableStateFlow(plainPrefs.getInt(notificationsForwardingMaxEventsPerMinuteKey, 20).coerceAtLeast(1))
+  val notificationForwardingMaxEventsPerMinute: StateFlow<Int> = _notificationForwardingMaxEventsPerMinute
+
+  private val _notificationForwardingSessionKey =
+    MutableStateFlow(
+      plainPrefs
+        .getString(notificationsForwardingSessionKeyKey, "")
+        ?.trim()
+        ?.takeIf { it.isNotEmpty() },
+    )
+  val notificationForwardingSessionKey: StateFlow<String?> = _notificationForwardingSessionKey
+
   private val _wakeWords = MutableStateFlow(loadWakeWords())
   val wakeWords: StateFlow<List<String>> = _wakeWords
 
@@ -185,6 +245,114 @@ class SecurePrefs(
     _canvasDebugStatusEnabled.value = value
   }
 
+  internal fun getNotificationForwardingPolicy(appPackageName: String): NotificationForwardingPolicy {
+    val modeRaw = plainPrefs.getString(notificationsForwardingModeKey, null)
+    val mode = NotificationPackageFilterMode.fromRawValue(modeRaw)
+
+    val configuredPackages = loadNotificationForwardingPackages()
+    val normalizedAppPackage = appPackageName.trim()
+    val defaultBlockedPackages =
+      if (normalizedAppPackage.isNotEmpty()) setOf(normalizedAppPackage) else emptySet()
+
+    val packages =
+      when (mode) {
+        NotificationPackageFilterMode.Allowlist -> configuredPackages
+        NotificationPackageFilterMode.Blocklist -> configuredPackages + defaultBlockedPackages
+      }
+
+    val maxEvents = plainPrefs.getInt(notificationsForwardingMaxEventsPerMinuteKey, 20)
+    val quietStart =
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty())
+        ?: "22:00"
+    val quietEnd =
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty())
+        ?: "07:00"
+    val sessionKey =
+      plainPrefs
+        .getString(notificationsForwardingSessionKeyKey, "")
+        ?.trim()
+        ?.takeIf { it.isNotEmpty() }
+
+    val quietHoursEnabled =
+      plainPrefs.getBoolean(notificationsForwardingQuietHoursEnabledKey, false) &&
+        normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty()) != null &&
+        normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty()) != null
+
+    return NotificationForwardingPolicy(
+      enabled = plainPrefs.getBoolean(notificationsForwardingEnabledKey, defaultNotificationForwardingEnabled),
+      mode = mode,
+      packages = packages,
+      quietHoursEnabled = quietHoursEnabled,
+      quietStart = quietStart,
+      quietEnd = quietEnd,
+      maxEventsPerMinute = maxEvents.coerceAtLeast(1),
+      sessionKey = sessionKey,
+    )
+  }
+
+  internal fun setNotificationForwardingEnabled(value: Boolean) {
+    plainPrefs.edit { putBoolean(notificationsForwardingEnabledKey, value) }
+    _notificationForwardingEnabled.value = value
+  }
+
+  internal fun setNotificationForwardingMode(mode: NotificationPackageFilterMode) {
+    plainPrefs.edit { putString(notificationsForwardingModeKey, mode.rawValue) }
+    _notificationForwardingMode.value = mode
+  }
+
+  internal fun setNotificationForwardingPackages(packages: List<String>) {
+    val sanitized =
+      packages
+        .asSequence()
+        .map { it.trim() }
+        .filter { it.isNotEmpty() }
+        .toSet()
+        .toList()
+        .sorted()
+    val encoded = JsonArray(sanitized.map { JsonPrimitive(it) }).toString()
+    plainPrefs.edit { putString(notificationsForwardingPackagesKey, encoded) }
+    _notificationForwardingPackages.value = sanitized.toSet()
+  }
+
+  internal fun setNotificationForwardingQuietHours(
+    enabled: Boolean,
+    start: String,
+    end: String,
+  ): Boolean {
+    if (!enabled) {
+      plainPrefs.edit { putBoolean(notificationsForwardingQuietHoursEnabledKey, false) }
+      _notificationForwardingQuietHoursEnabled.value = false
+      return true
+    }
+    val normalizedStart = normalizeLocalHourMinute(start) ?: return false
+    val normalizedEnd = normalizeLocalHourMinute(end) ?: return false
+    plainPrefs.edit {
+      putBoolean(notificationsForwardingQuietHoursEnabledKey, enabled)
+      putString(notificationsForwardingQuietStartKey, normalizedStart)
+      putString(notificationsForwardingQuietEndKey, normalizedEnd)
+    }
+    _notificationForwardingQuietHoursEnabled.value = enabled
+    _notificationForwardingQuietStart.value = normalizedStart
+    _notificationForwardingQuietEnd.value = normalizedEnd
+    return true
+  }
+
+  internal fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
+    val normalized = value.coerceAtLeast(1)
+    plainPrefs.edit {
+      putInt(notificationsForwardingMaxEventsPerMinuteKey, normalized)
+    }
+    _notificationForwardingMaxEventsPerMinute.value = normalized
+  }
+
+  internal fun setNotificationForwardingSessionKey(value: String?) {
+    val normalized = value?.trim()?.takeIf { it.isNotEmpty() }
+    plainPrefs.edit {
+      putString(notificationsForwardingSessionKeyKey, normalized.orEmpty())
+    }
+    _notificationForwardingSessionKey.value = normalized
+  }
+
   fun loadGatewayToken(): String? {
     val manual =
       _gatewayToken.value.trim().ifEmpty {
@@ -308,6 +476,28 @@ class SecurePrefs(
     _speakerEnabled.value = value
   }
 
+  private fun loadNotificationForwardingPackages(): Set<String> {
+    val raw = plainPrefs.getString(notificationsForwardingPackagesKey, null)?.trim()
+    if (raw.isNullOrEmpty()) {
+      return emptySet()
+    }
+    return try {
+      val element = json.parseToJsonElement(raw)
+      val array = element as? JsonArray ?: return emptySet()
+      array
+        .mapNotNull { item ->
+          when (item) {
+            is JsonNull -> null
+            is JsonPrimitive -> item.content.trim().takeIf { it.isNotEmpty() }
+            else -> null
+          }
+        }
+        .toSet()
+    } catch (_: Throwable) {
+      emptySet()
+    }
+  }
+
   private fun loadVoiceWakeMode(): VoiceWakeMode {
     val raw = plainPrefs.getString(voiceWakeModeKey, null)
     val resolved = VoiceWakeMode.fromRawValue(raw)

apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt

@@ -181,17 +181,10 @@ class GatewaySession(
 
   suspend fun sendNodeEvent(event: String, payloadJson: String?): Boolean {
     val conn = currentConnection ?: return false
-    val parsedPayload = payloadJson?.let { parseJsonOrNull(it) }
     val params =
       buildJsonObject {
         put("event", JsonPrimitive(event))
-        if (parsedPayload != null) {
-          put("payload", parsedPayload)
-        } else if (payloadJson != null) {
-          put("payloadJSON", JsonPrimitive(payloadJson))
-        } else {
-          put("payloadJSON", JsonNull)
-        }
+        put("payloadJSON", JsonPrimitive(payloadJson ?: "{}"))
       }
     try {
       conn.request("node.event", params, timeoutMs = 8_000)

apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt

@@ -19,6 +19,7 @@ class ConnectionManager(
   private val motionPedometerAvailable: () -> Boolean,
   private val sendSmsAvailable: () -> Boolean,
   private val readSmsAvailable: () -> Boolean,
+  private val smsSearchPossible: () -> Boolean,
   private val callLogAvailable: () -> Boolean,
   private val hasRecordAudioPermission: () -> Boolean,
   private val manualTls: () -> Boolean,
@@ -82,6 +83,7 @@ class ConnectionManager(
       locationEnabled = locationMode() != LocationMode.Off,
       sendSmsAvailable = sendSmsAvailable(),
       readSmsAvailable = readSmsAvailable(),
+      smsSearchPossible = smsSearchPossible(),
       callLogAvailable = callLogAvailable(),
       voiceWakeEnabled = voiceWakeMode() != VoiceWakeMode.Off && hasRecordAudioPermission(),
       motionActivityAvailable = motionActivityAvailable(),

apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt

@@ -1,5 +1,6 @@
 package ai.openclaw.app.node
 
+import ai.openclaw.app.BuildConfig
 import android.Manifest
 import android.app.ActivityManager
 import android.content.Context
@@ -15,9 +16,9 @@ import android.os.PowerManager
 import android.os.StatFs
 import android.os.SystemClock
 import androidx.core.content.ContextCompat
-import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.gateway.GatewaySession
 import java.util.Locale
+import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonArray
 import kotlinx.serialization.json.buildJsonObject
@@ -28,6 +29,25 @@ class DeviceHandler(
   private val smsEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_SMS,
   private val callLogEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_CALL_LOG,
 ) {
+  companion object {
+    internal fun hasAnySmsCapability(
+      smsEnabled: Boolean,
+      telephonyAvailable: Boolean,
+      smsSendGranted: Boolean,
+      smsReadGranted: Boolean,
+    ): Boolean {
+      return smsEnabled && telephonyAvailable && (smsSendGranted || smsReadGranted)
+    }
+
+    internal fun isSmsPromptable(
+      smsEnabled: Boolean,
+      telephonyAvailable: Boolean,
+      smsSendGranted: Boolean,
+      smsReadGranted: Boolean,
+    ): Boolean {
+      return smsEnabled && telephonyAvailable && (!smsSendGranted || !smsReadGranted)
+    }
+  }
   private data class BatterySnapshot(
     val status: Int,
     val plugged: Int,
@@ -131,6 +151,8 @@ class DeviceHandler(
 
   private fun permissionsPayloadJson(): String {
     val canSendSms = appContext.packageManager.hasSystemFeature(PackageManager.FEATURE_TELEPHONY)
+    val smsSendGranted = hasPermission(Manifest.permission.SEND_SMS)
+    val smsReadGranted = hasPermission(Manifest.permission.READ_SMS)
     val notificationAccess = DeviceNotificationListenerService.isAccessEnabled(appContext)
     val photosGranted =
       if (Build.VERSION.SDK_INT >= 33) {
@@ -174,10 +196,34 @@ class DeviceHandler(
           )
           put(
             "sms",
-            permissionStateJson(
-              granted = smsEnabled && hasPermission(Manifest.permission.SEND_SMS) && canSendSms,
-              promptableWhenDenied = smsEnabled && canSendSms,
-            ),
+            buildJsonObject {
+              put(
+                "status",
+                JsonPrimitive(
+                  if (hasAnySmsCapability(smsEnabled, canSendSms, smsSendGranted, smsReadGranted)) "granted" else "denied",
+                ),
+              )
+              put("promptable", JsonPrimitive(isSmsPromptable(smsEnabled, canSendSms, smsSendGranted, smsReadGranted)))
+              put(
+                "capabilities",
+                buildJsonObject {
+                  put(
+                    "send",
+                    permissionStateJson(
+                      granted = smsEnabled && smsSendGranted && canSendSms,
+                      promptableWhenDenied = smsEnabled && canSendSms,
+                    ),
+                  )
+                  put(
+                    "read",
+                    permissionStateJson(
+                      granted = smsEnabled && smsReadGranted && canSendSms,
+                      promptableWhenDenied = smsEnabled && canSendSms,
+                    ),
+                  )
+                },
+              )
+            },
           )
           put(
             "notificationListener",

apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt

@@ -8,6 +8,10 @@ import android.content.Context
 import android.content.Intent
 import android.service.notification.NotificationListenerService
 import android.service.notification.StatusBarNotification
+import ai.openclaw.app.NotificationBurstLimiter
+import ai.openclaw.app.SecurePrefs
+import ai.openclaw.app.allowsPackage
+import ai.openclaw.app.isWithinQuietHours
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonObject
@@ -126,6 +130,9 @@ private object DeviceNotificationStore {
 }
 
 class DeviceNotificationListenerService : NotificationListenerService() {
+  private val securePrefs by lazy { SecurePrefs(applicationContext) }
+  private val forwardingLimiter = NotificationBurstLimiter()
+
   override fun onListenerConnected() {
     super.onListenerConnected()
     activeService = this
@@ -152,24 +159,12 @@ class DeviceNotificationListenerService : NotificationListenerService() {
     super.onNotificationPosted(sbn)
     val entry = sbn?.toEntry() ?: return
     DeviceNotificationStore.upsert(entry)
+    rememberRecentPackage(entry.packageName)
     if (entry.packageName == packageName) {
       return
     }
-    emitNotificationsChanged(
-      buildJsonObject {
-        put("change", JsonPrimitive("posted"))
-        put("key", JsonPrimitive(entry.key))
-        put("packageName", JsonPrimitive(entry.packageName))
-        put("postTimeMs", JsonPrimitive(entry.postTimeMs))
-        put("isOngoing", JsonPrimitive(entry.isOngoing))
-        put("isClearable", JsonPrimitive(entry.isClearable))
-        entry.title?.let { put("title", JsonPrimitive(it)) }
-        entry.text?.let { put("text", JsonPrimitive(it)) }
-        entry.subText?.let { put("subText", JsonPrimitive(it)) }
-        entry.category?.let { put("category", JsonPrimitive(it)) }
-        entry.channelId?.let { put("channelId", JsonPrimitive(it)) }
-      }.toString(),
-    )
+    val payload = notificationChangedPayload(entry) ?: return
+    emitNotificationsChanged(payload)
   }
 
   override fun onNotificationRemoved(sbn: StatusBarNotification?) {
@@ -180,21 +175,79 @@ class DeviceNotificationListenerService : NotificationListenerService() {
       return
     }
     DeviceNotificationStore.remove(key)
+    rememberRecentPackage(removed.packageName)
     if (removed.packageName == packageName) {
       return
     }
-    emitNotificationsChanged(
-      buildJsonObject {
-        put("change", JsonPrimitive("removed"))
-        put("key", JsonPrimitive(key))
-        val packageName = removed.packageName.trim()
-        if (packageName.isNotEmpty()) {
-          put("packageName", JsonPrimitive(packageName))
-        }
-      }.toString(),
+    val packageName = removed.packageName.trim()
+    val payload =
+      notificationChangedPayload(
+        entry = null,
+        change = "removed",
+        key = key,
+        packageName = packageName,
+        postTimeMs = removed.postTime,
+        isOngoing = removed.isOngoing,
+        isClearable = removed.isClearable,
+      ) ?: return
+    emitNotificationsChanged(payload)
+  }
+
+  private fun notificationChangedPayload(entry: DeviceNotificationEntry): String? {
+    return notificationChangedPayload(
+      entry = entry,
+      change = "posted",
+      key = entry.key,
+      packageName = entry.packageName,
+      postTimeMs = entry.postTimeMs,
+      isOngoing = entry.isOngoing,
+      isClearable = entry.isClearable,
     )
   }
 
+  private fun notificationChangedPayload(
+    entry: DeviceNotificationEntry?,
+    change: String,
+    key: String,
+    packageName: String,
+    postTimeMs: Long,
+    isOngoing: Boolean,
+    isClearable: Boolean,
+  ): String? {
+    val normalizedPackage = packageName.trim()
+    if (normalizedPackage.isEmpty()) {
+      return null
+    }
+    val policy = securePrefs.getNotificationForwardingPolicy(appPackageName = this.packageName)
+    if (!policy.enabled) {
+      return null
+    }
+    if (!policy.allowsPackage(normalizedPackage)) {
+      return null
+    }
+    val nowEpochMs = System.currentTimeMillis()
+    if (policy.isWithinQuietHours(nowEpochMs = nowEpochMs)) {
+      return null
+    }
+    if (!forwardingLimiter.allow(nowEpochMs, policy.maxEventsPerMinute)) {
+      return null
+    }
+    return buildJsonObject {
+      put("change", JsonPrimitive(change))
+      put("key", JsonPrimitive(key))
+      put("packageName", JsonPrimitive(normalizedPackage))
+      put("postTimeMs", JsonPrimitive(postTimeMs))
+      put("isOngoing", JsonPrimitive(isOngoing))
+      put("isClearable", JsonPrimitive(isClearable))
+      policy.sessionKey?.let { put("sessionKey", JsonPrimitive(it)) }
+      entry?.title?.let { put("title", JsonPrimitive(it)) }
+      entry?.text?.let { put("text", JsonPrimitive(it)) }
+      entry?.subText?.let { put("subText", JsonPrimitive(it)) }
+      entry?.category?.let { put("category", JsonPrimitive(it)) }
+      entry?.channelId?.let { put("channelId", JsonPrimitive(it)) }
+    }.toString()
+  }
+
   private fun refreshActiveNotifications() {
     val entries =
       runCatching {
@@ -228,6 +281,9 @@ class DeviceNotificationListenerService : NotificationListenerService() {
   }
 
   companion object {
+    private const val recentPackagesPref = "notifications.forwarding.recentPackages"
+    private const val legacyRecentPackagesPref = "notifications.recentPackages"
+    private const val recentPackagesLimit = 64
     @Volatile private var activeService: DeviceNotificationListenerService? = null
     @Volatile private var nodeEventSink: ((event: String, payloadJson: String?) -> Unit)? = null
 
@@ -239,6 +295,31 @@ class DeviceNotificationListenerService : NotificationListenerService() {
       nodeEventSink = sink
     }
 
+    private fun recentPackagesPrefs(context: Context) =
+      context.applicationContext.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+
+    private fun migrateLegacyRecentPackagesIfNeeded(context: Context) {
+      val prefs = recentPackagesPrefs(context)
+      val hasNew = prefs.contains(recentPackagesPref)
+      val legacy = prefs.getString(legacyRecentPackagesPref, null)?.trim().orEmpty()
+      if (!hasNew && legacy.isNotEmpty()) {
+        prefs.edit().putString(recentPackagesPref, legacy).remove(legacyRecentPackagesPref).apply()
+      } else if (hasNew && prefs.contains(legacyRecentPackagesPref)) {
+        prefs.edit().remove(legacyRecentPackagesPref).apply()
+      }
+    }
+
+    fun recentPackages(context: Context): List<String> {
+      migrateLegacyRecentPackagesIfNeeded(context)
+      val prefs = recentPackagesPrefs(context)
+      val stored = prefs.getString(recentPackagesPref, null).orEmpty()
+      return stored
+        .split(',')
+        .map { it.trim() }
+        .filter { it.isNotEmpty() }
+        .distinct()
+    }
+
     fun isAccessEnabled(context: Context): Boolean {
       val manager = context.getSystemService(NotificationManager::class.java) ?: return false
       return manager.isNotificationListenerAccessGranted(serviceComponent(context))
@@ -276,6 +357,21 @@ class DeviceNotificationListenerService : NotificationListenerService() {
         nodeEventSink?.invoke(NOTIFICATIONS_CHANGED_EVENT, payloadJson)
       }
     }
+
+    private fun rememberRecentPackage(packageName: String?) {
+      val service = activeService ?: return
+      val normalized = packageName?.trim().orEmpty()
+      if (normalized.isEmpty() || normalized == service.packageName) return
+      migrateLegacyRecentPackagesIfNeeded(service.applicationContext)
+      val prefs = recentPackagesPrefs(service.applicationContext)
+      val existing = prefs.getString(recentPackagesPref, null).orEmpty()
+        .split(',')
+        .map { it.trim() }
+        .filter { it.isNotEmpty() && it != normalized }
+        .take(recentPackagesLimit - 1)
+      val updated = listOf(normalized) + existing
+      prefs.edit().putString(recentPackagesPref, updated.joinToString(",")).apply()
+    }
   }
 
   private fun executeActionInternal(request: NotificationActionRequest): NotificationActionResult {

apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt

@@ -20,6 +20,7 @@ data class NodeRuntimeFlags(
   val locationEnabled: Boolean,
   val sendSmsAvailable: Boolean,
   val readSmsAvailable: Boolean,
+  val smsSearchPossible: Boolean,
   val callLogAvailable: Boolean,
   val voiceWakeEnabled: Boolean,
   val motionActivityAvailable: Boolean,
@@ -33,6 +34,7 @@ enum class InvokeCommandAvailability {
   LocationEnabled,
   SendSmsAvailable,
   ReadSmsAvailable,
+  RequestableSmsSearchAvailable,
   CallLogAvailable,
   MotionActivityAvailable,
   MotionPedometerAvailable,
@@ -199,7 +201,7 @@ object InvokeCommandRegistry {
       ),
       InvokeCommandSpec(
         name = OpenClawSmsCommand.Search.rawValue,
-        availability = InvokeCommandAvailability.ReadSmsAvailable,
+        availability = InvokeCommandAvailability.RequestableSmsSearchAvailable,
       ),
       InvokeCommandSpec(
         name = OpenClawCallLogCommand.Search.rawValue,
@@ -244,6 +246,7 @@ object InvokeCommandRegistry {
           InvokeCommandAvailability.LocationEnabled -> flags.locationEnabled
           InvokeCommandAvailability.SendSmsAvailable -> flags.sendSmsAvailable
           InvokeCommandAvailability.ReadSmsAvailable -> flags.readSmsAvailable
+          InvokeCommandAvailability.RequestableSmsSearchAvailable -> flags.smsSearchPossible
           InvokeCommandAvailability.CallLogAvailable -> flags.callLogAvailable
           InvokeCommandAvailability.MotionActivityAvailable -> flags.motionActivityAvailable
           InvokeCommandAvailability.MotionPedometerAvailable -> flags.motionPedometerAvailable

apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt

@@ -14,6 +14,44 @@ import ai.openclaw.app.protocol.OpenClawNotificationsCommand
 import ai.openclaw.app.protocol.OpenClawSmsCommand
 import ai.openclaw.app.protocol.OpenClawSystemCommand
 
+internal enum class SmsSearchAvailabilityReason {
+  Available,
+  PermissionRequired,
+  Unavailable,
+}
+
+internal fun classifySmsSearchAvailability(
+  readSmsAvailable: Boolean,
+  smsFeatureEnabled: Boolean,
+  smsTelephonyAvailable: Boolean,
+): SmsSearchAvailabilityReason {
+  if (readSmsAvailable) return SmsSearchAvailabilityReason.Available
+  if (!smsFeatureEnabled || !smsTelephonyAvailable) return SmsSearchAvailabilityReason.Unavailable
+  return SmsSearchAvailabilityReason.PermissionRequired
+}
+
+internal fun smsSearchAvailabilityError(
+  readSmsAvailable: Boolean,
+  smsFeatureEnabled: Boolean,
+  smsTelephonyAvailable: Boolean,
+): GatewaySession.InvokeResult? {
+  return when (
+    classifySmsSearchAvailability(
+      readSmsAvailable = readSmsAvailable,
+      smsFeatureEnabled = smsFeatureEnabled,
+      smsTelephonyAvailable = smsTelephonyAvailable,
+    )
+  ) {
+    SmsSearchAvailabilityReason.Available,
+    SmsSearchAvailabilityReason.PermissionRequired -> null
+    SmsSearchAvailabilityReason.Unavailable ->
+      GatewaySession.InvokeResult.error(
+        code = "SMS_UNAVAILABLE",
+        message = "SMS_UNAVAILABLE: SMS not available on this device",
+      )
+  }
+}
+
 class InvokeDispatcher(
   private val canvas: CanvasController,
   private val cameraHandler: CameraHandler,
@@ -34,6 +72,8 @@ class InvokeDispatcher(
   private val locationEnabled: () -> Boolean,
   private val sendSmsAvailable: () -> Boolean,
   private val readSmsAvailable: () -> Boolean,
+  private val smsFeatureEnabled: () -> Boolean,
+  private val smsTelephonyAvailable: () -> Boolean,
   private val callLogAvailable: () -> Boolean,
   private val debugBuild: () -> Boolean,
   private val refreshNodeCanvasCapability: suspend () -> Boolean,
@@ -268,15 +308,13 @@ class InvokeDispatcher(
             message = "SMS_UNAVAILABLE: SMS not available on this device",
           )
         }
-      InvokeCommandAvailability.ReadSmsAvailable ->
-        if (readSmsAvailable()) {
-          null
-        } else {
-          GatewaySession.InvokeResult.error(
-            code = "SMS_UNAVAILABLE",
-            message = "SMS_UNAVAILABLE: SMS not available on this device",
-          )
-        }
+      InvokeCommandAvailability.ReadSmsAvailable,
+      InvokeCommandAvailability.RequestableSmsSearchAvailable ->
+        smsSearchAvailabilityError(
+          readSmsAvailable = readSmsAvailable(),
+          smsFeatureEnabled = smsFeatureEnabled(),
+          smsTelephonyAvailable = smsTelephonyAvailable(),
+        )
       InvokeCommandAvailability.CallLogAvailable ->
         if (callLogAvailable()) {
           null

apps/android/app/src/main/java/ai/openclaw/app/node/SmsHandler.kt

@@ -9,23 +9,28 @@ class SmsHandler(
     val res = sms.send(paramsJson)
     if (res.ok) {
       return GatewaySession.InvokeResult.ok(res.payloadJson)
-    } else {
-      val error = res.error ?: "SMS_SEND_FAILED"
-      val idx = error.indexOf(':')
-      val code = if (idx > 0) error.substring(0, idx).trim() else "SMS_SEND_FAILED"
-      return GatewaySession.InvokeResult.error(code = code, message = error)
     }
+    return errorResult(res.error, defaultCode = "SMS_SEND_FAILED")
   }
 
   suspend fun handleSmsSearch(paramsJson: String?): GatewaySession.InvokeResult {
     val res = sms.search(paramsJson)
     if (res.ok) {
       return GatewaySession.InvokeResult.ok(res.payloadJson)
-    } else {
-      val error = res.error ?: "SMS_SEARCH_FAILED"
-      val idx = error.indexOf(':')
-      val code = if (idx > 0) error.substring(0, idx).trim() else "SMS_SEARCH_FAILED"
-      return GatewaySession.InvokeResult.error(code = code, message = error)
     }
+    return errorResult(res.error, defaultCode = "SMS_SEARCH_FAILED")
+  }
+
+  private fun errorResult(error: String?, defaultCode: String): GatewaySession.InvokeResult {
+    val rawMessage = error ?: defaultCode
+    val idx = rawMessage.indexOf(':')
+    val code = if (idx > 0) rawMessage.substring(0, idx).trim() else defaultCode
+    val message =
+      if (idx > 0 && code == rawMessage.substring(0, idx).trim()) {
+        rawMessage.substring(idx + 1).trim().ifEmpty { rawMessage }
+      } else {
+        rawMessage
+      }
+    return GatewaySession.InvokeResult.error(code = code, message = message)
   }
 }

apps/android/app/src/main/java/ai/openclaw/app/node/SmsManager.kt

@@ -3,21 +3,21 @@ package ai.openclaw.app.node
 import android.Manifest
 import android.content.Context
 import android.content.pm.PackageManager
-import android.database.Cursor
 import android.net.Uri
 import android.provider.ContactsContract
 import android.provider.Telephony
 import android.telephony.SmsManager as AndroidSmsManager
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.PermissionRequester
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.withContext
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonElement
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.jsonObject
-import kotlinx.serialization.Serializable
-import ai.openclaw.app.PermissionRequester
 
 /**
  * Sends SMS messages via the Android SMS API.
@@ -39,7 +39,7 @@ class SmsManager(private val context: Context) {
     )
 
     /**
-     * Represents a single SMS message
+     * Represents a single SMS message.
      */
     @Serializable
     data class SmsMessage(
@@ -53,6 +53,7 @@ class SmsManager(private val context: Context) {
         val type: Int,
         val body: String?,
         val status: Int,
+        val transportType: String? = null,
     )
 
     data class SearchResult(
@@ -62,6 +63,13 @@ class SmsManager(private val context: Context) {
         val payloadJson: String,
     )
 
+    internal data class QueryMetadata(
+        val mmsRequested: Boolean,
+        val mmsEligible: Boolean,
+        val mmsAttempted: Boolean,
+        val mmsIncluded: Boolean,
+    )
+
     internal data class ParsedParams(
         val to: String,
         val message: String,
@@ -84,6 +92,8 @@ class SmsManager(private val context: Context) {
         val keyword: String? = null,
         val type: Int? = null,
         val isRead: Boolean? = null,
+        val includeMms: Boolean = false,
+        val conversationReview: Boolean = false,
         val limit: Int = DEFAULT_SMS_LIMIT,
         val offset: Int = 0,
     )
@@ -100,6 +110,11 @@ class SmsManager(private val context: Context) {
 
     companion object {
         private const val DEFAULT_SMS_LIMIT = 25
+        internal const val MAX_MIXED_BY_PHONE_CANDIDATE_WINDOW = 500
+        private const val MMS_SMS_BY_PHONE_BASE = "content://mms-sms/messages/byphone"
+        private const val MMS_CONTENT_BASE = "content://mms"
+        private const val MMS_PART_URI = "content://mms/part"
+        private val PHONE_FORMATTING_REGEX = Regex("""[\s\-()]""")
         internal val JsonConfig = Json { ignoreUnknownKeys = true }
 
         internal fun parseParams(paramsJson: String?, json: Json = JsonConfig): ParseResult {
@@ -157,31 +172,333 @@ class SmsManager(private val context: Context) {
             val keyword = (obj["keyword"] as? JsonPrimitive)?.content?.trim()
             val type = (obj["type"] as? JsonPrimitive)?.content?.toIntOrNull()
             val isRead = (obj["isRead"] as? JsonPrimitive)?.content?.toBooleanStrictOrNull()
+            val includeMms = (obj["includeMms"] as? JsonPrimitive)?.content?.toBooleanStrictOrNull() ?: false
+            val conversationReview = (obj["conversationReview"] as? JsonPrimitive)?.content?.toBooleanStrictOrNull() ?: false
             val limit = ((obj["limit"] as? JsonPrimitive)?.content?.toIntOrNull() ?: DEFAULT_SMS_LIMIT)
                 .coerceIn(1, 200)
             val offset = ((obj["offset"] as? JsonPrimitive)?.content?.toIntOrNull() ?: 0)
                 .coerceAtLeast(0)
 
-            // Validate time range
             if (startTime != null && endTime != null && startTime > endTime) {
                 return QueryParseResult.Error("INVALID_REQUEST: startTime must be less than or equal to endTime")
             }
 
-            return QueryParseResult.Ok(QueryParams(
-                startTime = startTime,
-                endTime = endTime,
-                contactName = contactName,
-                phoneNumber = phoneNumber,
-                keyword = keyword,
-                type = type,
-                isRead = isRead,
-                limit = limit,
-                offset = offset,
-            ))
+            return QueryParseResult.Ok(
+                QueryParams(
+                    startTime = startTime,
+                    endTime = endTime,
+                    contactName = contactName,
+                    phoneNumber = phoneNumber,
+                    keyword = keyword,
+                    type = type,
+                    isRead = isRead,
+                    includeMms = includeMms,
+                    conversationReview = conversationReview,
+                    limit = limit,
+                    offset = offset,
+                )
+            )
         }
 
         private fun normalizePhoneNumber(phone: String): String {
-            return phone.replace(Regex("""[\s\-()]"""), "")
+            return phone.replace(PHONE_FORMATTING_REGEX, "")
+        }
+
+        internal fun normalizePhoneNumberOrNull(phone: String?): String? {
+            val normalized = phone?.let(::normalizePhoneNumber)?.trim().orEmpty()
+            if (normalized.isEmpty()) {
+                return null
+            }
+            val digits = toByPhoneLookupNumber(normalized)
+            return normalized.takeIf { digits.isNotEmpty() }
+        }
+
+        internal fun sanitizeContactPhoneNumberOrNull(phone: String?): String? {
+            val normalized = normalizePhoneNumberOrNull(phone) ?: return null
+            return normalized.takeUnless(::hasSqlLikeWildcard)
+        }
+
+        internal fun shouldPromptForContactNameSearchPermission(
+            contactName: String?,
+            phoneNumber: String?,
+            hasReadContactsPermission: Boolean,
+        ): Boolean {
+            return !contactName.isNullOrEmpty() && phoneNumber.isNullOrEmpty() && !hasReadContactsPermission
+        }
+
+        internal fun mapMmsMsgBoxToSearchType(msgBox: Int?): Int? {
+            return when (msgBox) {
+                1 -> 1 // inbox
+                2 -> 2 // sent
+                3 -> 3 // draft
+                4 -> 4 // outbox
+                5 -> 5 // failed
+                6 -> 6 // queued
+                else -> null
+            }
+        }
+
+        internal fun escapeSqlLikeLiteral(value: String): String {
+            return buildString(value.length) {
+                for (ch in value) {
+                    when (ch) {
+                        '\\', '%', '_' -> {
+                            append('\\')
+                            append(ch)
+                        }
+                        else -> append(ch)
+                    }
+                }
+            }
+        }
+
+        internal fun buildContactNameLikeSelection(): String {
+            return "${ContactsContract.CommonDataKinds.Phone.DISPLAY_NAME} LIKE ? ESCAPE '\\'"
+        }
+
+        internal fun buildContactNameLikeArg(contactName: String): String {
+            return "%${escapeSqlLikeLiteral(contactName)}%"
+        }
+
+        internal fun buildKeywordLikeSelection(): String {
+            return "${Telephony.Sms.BODY} LIKE ? ESCAPE '\\'"
+        }
+
+        internal fun buildKeywordLikeArg(keyword: String): String {
+            return "%${escapeSqlLikeLiteral(keyword)}%"
+        }
+
+        internal fun buildMixedByPhoneProjection(): Array<String> {
+            return arrayOf(
+                "_id",
+                "thread_id",
+                "transport_type",
+                "address",
+                "date",
+                "date_sent",
+                "read",
+                "type",
+                "body",
+                "status",
+            )
+        }
+
+        internal fun hasSqlLikeWildcard(value: String): Boolean {
+            return value.contains('%') || value.contains('_')
+        }
+
+        internal fun isExplicitPhoneInputInvalid(rawPhone: String?, normalizedPhone: String?): Boolean {
+            if (rawPhone.isNullOrBlank()) {
+                return false
+            }
+            if (normalizedPhone == null) {
+                return true
+            }
+            return hasSqlLikeWildcard(normalizedPhone)
+        }
+
+        internal fun resolveMixedByPhoneRowStatus(transportType: String?, smsStatus: Int?): Int {
+            return if (transportType.equals("mms", ignoreCase = true)) -1 else (smsStatus ?: 0)
+        }
+
+        internal fun resolveMixedByPhoneRowAddress(
+            providerAddress: String?,
+            phoneNumber: String,
+            mmsAddress: String? = null,
+        ): String? {
+            val resolvedMmsAddress = normalizePhoneNumberOrNull(mmsAddress)
+            if (resolvedMmsAddress != null) {
+                return resolvedMmsAddress
+            }
+
+            val resolvedProviderAddress = normalizePhoneNumberOrNull(providerAddress)
+            return resolvedProviderAddress ?: phoneNumber
+        }
+
+        internal fun selectPreferredMmsAddress(
+            addressRows: List<Pair<String?, Int?>>,
+            lookupNumber: String,
+        ): String? {
+            val lookupDigits = toByPhoneLookupNumber(lookupNumber)
+            val normalizedRows = addressRows.mapNotNull { (address, type) ->
+                val normalized = normalizePhoneNumberOrNull(address) ?: return@mapNotNull null
+                val digits = toByPhoneLookupNumber(normalized)
+                if (digits.isBlank()) return@mapNotNull null
+                Triple(normalized, digits, type)
+            }
+
+            fun firstPreferred(vararg types: Int): String? {
+                return normalizedRows.firstOrNull { row ->
+                    (types.isEmpty() || types.contains(row.third ?: -1)) && row.second != lookupDigits
+                }?.first
+            }
+
+            return firstPreferred(137)
+                ?: firstPreferred(151, 130, 129)
+                ?: firstPreferred()
+                ?: normalizedRows.firstOrNull()?.first
+        }
+
+        internal fun shouldUseConversationReviewByPhoneMode(
+            params: QueryParams,
+            resolvedPhoneNumbers: List<String> = emptyList(),
+        ): Boolean {
+            val hasExplicitPhoneNumber = !params.phoneNumber.isNullOrEmpty()
+            val hasSingleResolvedPhoneNumber = resolvedPhoneNumbers.size == 1
+            return params.conversationReview && params.includeMms && (hasExplicitPhoneNumber || hasSingleResolvedPhoneNumber)
+        }
+
+        internal fun effectiveSearchParams(
+            params: QueryParams,
+            resolvedPhoneNumbers: List<String> = emptyList(),
+        ): QueryParams {
+            if (!shouldUseConversationReviewByPhoneMode(params, resolvedPhoneNumbers)) return params
+            val reviewLimit = maxOf(params.limit, 25)
+            return params.copy(limit = reviewLimit)
+        }
+
+        internal fun resolveSearchParams(
+            params: QueryParams,
+            normalizedPhoneNumber: String?,
+            resolvedPhoneNumbers: List<String> = emptyList(),
+        ): QueryParams {
+            val effectivePhoneNumber = normalizedPhoneNumber ?: resolvedPhoneNumbers.singleOrNull()
+            val normalizedParams = params.copy(phoneNumber = effectivePhoneNumber)
+            return effectiveSearchParams(normalizedParams, resolvedPhoneNumbers)
+        }
+
+        internal fun toByPhoneLookupNumber(phone: String): String {
+            return phone.filter { it.isDigit() }
+        }
+
+        internal fun normalizeProviderDateMillis(rawDate: Long): Long {
+            return if (rawDate in 1..99_999_999_999L) rawDate * 1000L else rawDate
+        }
+
+        internal fun canonicalizeMixedPathPhoneFilters(phoneNumbers: List<String>): List<String> {
+            return phoneNumbers
+                .map(::toByPhoneLookupNumber)
+                .filter { it.isNotBlank() }
+                .distinct()
+        }
+
+        internal fun requestedMixedByPhoneCandidateWindow(params: QueryParams): Long {
+            return params.offset.toLong() + params.limit.toLong()
+        }
+
+        internal fun exceedsMixedByPhoneCandidateWindow(
+            params: QueryParams,
+            allPhoneNumbers: List<String>,
+        ): Boolean {
+            return params.includeMms &&
+                allPhoneNumbers.size == 1 &&
+                requestedMixedByPhoneCandidateWindow(params) > MAX_MIXED_BY_PHONE_CANDIDATE_WINDOW
+        }
+
+        internal fun mixedByPhoneWindowError(): String {
+            return "INVALID_REQUEST: includeMms offset+limit exceeds supported window ($MAX_MIXED_BY_PHONE_CANDIDATE_WINDOW)"
+        }
+
+        internal fun isMmsTransportRow(message: SmsMessage): Boolean {
+            return message.transportType.equals("mms", ignoreCase = true)
+        }
+
+        internal fun shouldHydrateMmsByPhoneRow(transportType: String?, body: String?, type: Int): Boolean {
+            return transportType.equals("mms", ignoreCase = true) && (body.isNullOrBlank() || type == 0)
+        }
+
+        internal fun buildQueryMetadata(
+            params: QueryParams,
+            allPhoneNumbers: List<String>,
+            messages: List<SmsMessage>,
+        ): QueryMetadata {
+            val mmsRequested = params.includeMms
+            val mmsEligible = mmsRequested && allPhoneNumbers.size == 1
+            val mmsAttempted = mmsEligible
+            val mmsIncluded = mmsAttempted && messages.any(::isMmsTransportRow)
+            return QueryMetadata(
+                mmsRequested = mmsRequested,
+                mmsEligible = mmsEligible,
+                mmsAttempted = mmsAttempted,
+                mmsIncluded = mmsIncluded,
+            )
+        }
+
+        internal fun compareByPhoneCandidateOrder(left: SmsMessage, right: SmsMessage): Int {
+            return when {
+                left.date != right.date -> right.date.compareTo(left.date)
+                left.id != right.id -> right.id.compareTo(left.id)
+                else -> 0
+            }
+        }
+
+        internal fun buildMixedRowIdentity(rowId: Long, transportType: String?): String {
+            return "${transportType?.ifBlank { "unknown" } ?: "unknown"}:$rowId"
+        }
+
+        internal fun upsertTopDateCandidates(
+            candidates: MutableList<Pair<String, SmsMessage>>,
+            identityKey: String,
+            message: SmsMessage,
+            maxCandidates: Int,
+        ) {
+            if (maxCandidates <= 0) {
+                return
+            }
+
+            candidates.removeAll { existing -> existing.first == identityKey }
+            candidates.add(identityKey to message)
+            candidates.sortWith { left, right -> compareByPhoneCandidateOrder(left.second, right.second) }
+
+            while (candidates.size > maxCandidates) {
+                candidates.removeAt(candidates.lastIndex)
+            }
+        }
+
+        internal fun materializeByPhoneCandidate(
+            candidates: MutableMap<String, SmsMessage>,
+            identityKey: String,
+            message: SmsMessage,
+        ) {
+            candidates[identityKey] = message
+        }
+
+        internal fun collectMixedByPhoneCandidate(
+            topCandidates: MutableList<Pair<String, SmsMessage>>,
+            materializedCandidates: MutableMap<String, SmsMessage>,
+            identityKey: String,
+            message: SmsMessage,
+            maxCandidates: Int,
+            reviewMode: Boolean,
+        ) {
+            if (reviewMode) {
+                materializeByPhoneCandidate(materializedCandidates, identityKey, message)
+            } else {
+                upsertTopDateCandidates(topCandidates, identityKey, message, maxCandidates)
+            }
+        }
+
+        internal fun pageMixedByPhoneCandidates(
+            topCandidates: Collection<Pair<String, SmsMessage>>,
+            materializedCandidates: Map<String, SmsMessage>,
+            params: QueryParams,
+            reviewMode: Boolean,
+        ): List<SmsMessage> {
+            return if (reviewMode) {
+                pageByPhoneCandidates(materializedCandidates.values, params)
+            } else {
+                pageByPhoneCandidates(topCandidates.map { it.second }, params)
+            }
+        }
+
+        internal fun pageByPhoneCandidates(
+            candidates: Collection<SmsMessage>,
+            params: QueryParams,
+        ): List<SmsMessage> {
+            return candidates
+                .sortedWith(::compareByPhoneCandidateOrder)
+                .drop(params.offset)
+                .take(params.limit)
         }
 
         internal fun buildSendPlan(
@@ -214,14 +531,21 @@ class SmsManager(private val context: Context) {
             ok: Boolean,
             messages: List<SmsMessage>,
             error: String? = null,
+            queryMetadata: QueryMetadata? = null,
         ): String {
             val messagesArray = json.encodeToString(messages)
             val messagesElement = json.parseToJsonElement(messagesArray)
             val payload = mutableMapOf<String, JsonElement>(
                 "ok" to JsonPrimitive(ok),
                 "count" to JsonPrimitive(messages.size),
-                "messages" to messagesElement
+                "messages" to messagesElement,
             )
+            queryMetadata?.let {
+                payload["mmsRequested"] = JsonPrimitive(it.mmsRequested)
+                payload["mmsEligible"] = JsonPrimitive(it.mmsEligible)
+                payload["mmsAttempted"] = JsonPrimitive(it.mmsAttempted)
+                payload["mmsIncluded"] = JsonPrimitive(it.mmsIncluded)
+            }
             if (!ok && error != null) {
                 payload["error"] = JsonPrimitive(error)
             }
@@ -254,10 +578,14 @@ class SmsManager(private val context: Context) {
         return hasSmsPermission() && hasTelephonyFeature()
     }
 
-    fun canReadSms(): Boolean {
+    fun canSearchSms(): Boolean {
         return hasReadSmsPermission() && hasTelephonyFeature()
     }
 
+    fun canReadSms(): Boolean {
+        return canSearchSms()
+    }
+
     fun hasTelephonyFeature(): Boolean {
         return context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
     }
@@ -302,19 +630,19 @@ class SmsManager(private val context: Context) {
             val plan = buildSendPlan(params.message) { smsManager.divideMessage(it) }
             if (plan.useMultipart) {
                 smsManager.sendMultipartTextMessage(
-                    params.to,     // destination
-                    null,          // service center (null = default)
-                    ArrayList(plan.parts),    // message parts
-                    null,          // sent intents
-                    null,          // delivery intents
+                    params.to,
+                    null,
+                    ArrayList(plan.parts),
+                    null,
+                    null,
                 )
             } else {
                 smsManager.sendTextMessage(
-                    params.to,     // destination
-                    null,          // service center (null = default)
-                    params.message,// message
-                    null,          // sent intent
-                    null,          // delivery intent
+                    params.to,
+                    null,
+                    params.message,
+                    null,
+                    null,
                 )
             }
 
@@ -334,6 +662,82 @@ class SmsManager(private val context: Context) {
         }
     }
 
+    /**
+     * Search SMS messages with the specified parameters.
+     */
+    suspend fun search(paramsJson: String?): SearchResult = withContext(Dispatchers.IO) {
+        if (!hasTelephonyFeature()) {
+            return@withContext queryError("SMS_UNAVAILABLE: telephony not available")
+        }
+
+        if (!ensureReadSmsPermission()) {
+            return@withContext queryError("SMS_PERMISSION_REQUIRED: grant READ_SMS permission")
+        }
+
+        val parseResult = parseQueryParams(paramsJson, json)
+        if (parseResult is QueryParseResult.Error) {
+            return@withContext queryError(parseResult.error)
+        }
+        val parsedParams = (parseResult as QueryParseResult.Ok).params
+        val normalizedPhoneNumber = normalizePhoneNumberOrNull(parsedParams.phoneNumber)
+        if (isExplicitPhoneInputInvalid(parsedParams.phoneNumber, normalizedPhoneNumber)) {
+            val error =
+                if (!parsedParams.phoneNumber.isNullOrBlank() && normalizedPhoneNumber != null && hasSqlLikeWildcard(normalizedPhoneNumber)) {
+                    "INVALID_REQUEST: phoneNumber must not contain SQL LIKE wildcard characters"
+                } else {
+                    "INVALID_REQUEST: phoneNumber must contain at least one digit"
+                }
+            return@withContext queryError(error)
+        }
+        val normalizedParams = resolveSearchParams(parsedParams, normalizedPhoneNumber)
+
+        return@withContext try {
+            val contactsPermissionGranted = hasReadContactsPermission()
+            val shouldPromptForContactsPermission =
+                shouldPromptForContactNameSearchPermission(
+                    contactName = normalizedParams.contactName,
+                    phoneNumber = normalizedParams.phoneNumber,
+                    hasReadContactsPermission = contactsPermissionGranted,
+                )
+            val phoneNumbers = if (!normalizedParams.contactName.isNullOrEmpty()) {
+                if (contactsPermissionGranted || (shouldPromptForContactsPermission && ensureReadContactsPermission())) {
+                    getPhoneNumbersFromContactName(normalizedParams.contactName)
+                } else if (shouldPromptForContactsPermission) {
+                    return@withContext queryError("CONTACTS_PERMISSION_REQUIRED: grant READ_CONTACTS permission")
+                } else {
+                    emptyList()
+                }
+            } else {
+                emptyList()
+            }
+            val params = resolveSearchParams(parsedParams, normalizedPhoneNumber, phoneNumbers)
+
+            val mixedPathPhoneFilters = if (!params.phoneNumber.isNullOrEmpty()) {
+                canonicalizeMixedPathPhoneFilters(phoneNumbers + params.phoneNumber)
+            } else {
+                canonicalizeMixedPathPhoneFilters(phoneNumbers)
+            }
+
+            if (exceedsMixedByPhoneCandidateWindow(params, mixedPathPhoneFilters)) {
+                val error = mixedByPhoneWindowError()
+                return@withContext queryError(error)
+            }
+
+            if (!params.contactName.isNullOrEmpty() && phoneNumbers.isEmpty() && params.phoneNumber.isNullOrEmpty()) {
+                val queryMetadata = buildQueryMetadata(params, mixedPathPhoneFilters, emptyList())
+                return@withContext queryOk(emptyList(), queryMetadata)
+            }
+
+            val messages = querySmsMessages(params, phoneNumbers)
+            val queryMetadata = buildQueryMetadata(params, mixedPathPhoneFilters, messages)
+            queryOk(messages, queryMetadata)
+        } catch (e: SecurityException) {
+            queryError("SMS_PERMISSION_REQUIRED: ${e.message}")
+        } catch (e: Throwable) {
+            queryError("SMS_QUERY_FAILED: ${e.message ?: "unknown error"}")
+        }
+    }
+
     private suspend fun ensureSmsPermission(): Boolean {
         if (hasSmsPermission()) return true
         val requester = permissionRequester ?: return false
@@ -375,98 +779,31 @@ class SmsManager(private val context: Context) {
         )
     }
 
-    /**
-     * search SMS messages with the specified parameters.
-     *
-     * @param paramsJson JSON with optional fields:
-     *   - startTime (Long): Start time in milliseconds
-     *   - endTime (Long): End time in milliseconds
-     *   - contactName (String): Contact name to search
-     *   - phoneNumber (String): Phone number to search (supports partial matching)
-     *   - keyword (String): Keyword to search in message body
-     *   - type (Int): SMS type (1=Inbox, 2=Sent, 3=Draft, etc.)
-     *   - isRead (Boolean): Read status
-     *   - limit (Int): Number of records to return (default: 25, range: 1-200)
-     *   - offset (Int): Number of records to skip (default: 0)
-     * @return SearchResult containing the list of SMS messages or an error
-     */
-    suspend fun search(paramsJson: String?): SearchResult = withContext(Dispatchers.IO) {
-        if (!hasTelephonyFeature()) {
-            return@withContext SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_UNAVAILABLE: telephony not available",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_UNAVAILABLE: telephony not available")
-            )
-        }
-
-        if (!ensureReadSmsPermission()) {
-            return@withContext SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_PERMISSION_REQUIRED: grant READ_SMS permission",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_PERMISSION_REQUIRED: grant READ_SMS permission")
-            )
-        }
-
-        val parseResult = parseQueryParams(paramsJson, json)
-        if (parseResult is QueryParseResult.Error) {
-            return@withContext SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = parseResult.error,
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = parseResult.error)
-            )
-        }
-        val params = (parseResult as QueryParseResult.Ok).params
-
-        return@withContext try {
-            // Get phone numbers from contact name if provided
-            val phoneNumbers = if (!params.contactName.isNullOrEmpty()) {
-                if (!ensureReadContactsPermission()) {
-                    return@withContext SearchResult(
-                        ok = false,
-                        messages = emptyList(),
-                        error = "CONTACTS_PERMISSION_REQUIRED: grant READ_CONTACTS permission",
-                        payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "CONTACTS_PERMISSION_REQUIRED: grant READ_CONTACTS permission")
-                    )
-                }
-                getPhoneNumbersFromContactName(params.contactName)
-            } else {
-                emptyList()
-            }
-
-            val messages = querySmsMessages(params, phoneNumbers)
-            SearchResult(
-                ok = true,
-                messages = messages,
-                error = null,
-                payloadJson = buildQueryPayloadJson(json, ok = true, messages = messages)
-            )
-        } catch (e: SecurityException) {
-            SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_PERMISSION_REQUIRED: ${e.message}",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_PERMISSION_REQUIRED: ${e.message}")
-            )
-        } catch (e: Throwable) {
-            SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_QUERY_FAILED: ${e.message ?: "unknown error"}",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_QUERY_FAILED: ${e.message ?: "unknown error"}")
-            )
-        }
+    private fun queryOk(
+        messages: List<SmsMessage>,
+        queryMetadata: QueryMetadata? = null,
+    ): SearchResult {
+        return SearchResult(
+            ok = true,
+            messages = messages,
+            error = null,
+            payloadJson = buildQueryPayloadJson(json, ok = true, messages = messages, queryMetadata = queryMetadata),
+        )
+    }
+
+    private fun queryError(error: String): SearchResult {
+        return SearchResult(
+            ok = false,
+            messages = emptyList(),
+            error = error,
+            payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = error),
+        )
     }
 
-    /**
-     * Get all phone numbers associated with a contact name
-     */
     private fun getPhoneNumbersFromContactName(contactName: String): List<String> {
         val phoneNumbers = mutableListOf<String>()
-        val selection = "${ContactsContract.CommonDataKinds.Phone.DISPLAY_NAME} LIKE ?"
-        val selectionArgs = arrayOf("%$contactName%")
+        val selection = buildContactNameLikeSelection()
+        val selectionArgs = arrayOf(buildContactNameLikeArg(contactName))
 
         val cursor = context.contentResolver.query(
             ContactsContract.CommonDataKinds.Phone.CONTENT_URI,
@@ -480,26 +817,19 @@ class SmsManager(private val context: Context) {
             val numberIndex = it.getColumnIndex(ContactsContract.CommonDataKinds.Phone.NUMBER)
             while (it.moveToNext()) {
                 val number = it.getString(numberIndex)
-                if (!number.isNullOrBlank()) {
-                    phoneNumbers.add(normalizePhoneNumber(number))
-                }
+                sanitizeContactPhoneNumberOrNull(number)?.let(phoneNumbers::add)
             }
         }
 
         return phoneNumbers
     }
 
-    /**
-     * Query SMS messages based on the provided parameters
-     */
     private fun querySmsMessages(params: QueryParams, phoneNumbers: List<String>): List<SmsMessage> {
         val messages = mutableListOf<SmsMessage>()
 
-        // Build selection and selectionArgs
         val selections = mutableListOf<String>()
         val selectionArgs = mutableListOf<String>()
 
-        // Time range
         if (params.startTime != null) {
             selections.add("${Telephony.Sms.DATE} >= ?")
             selectionArgs.add(params.startTime.toString())
@@ -509,11 +839,17 @@ class SmsManager(private val context: Context) {
             selectionArgs.add(params.endTime.toString())
         }
 
-        // Phone numbers (from contact name or direct phone number)
         val allPhoneNumbers = if (!params.phoneNumber.isNullOrEmpty()) {
-            phoneNumbers + normalizePhoneNumber(params.phoneNumber)
+            (phoneNumbers + normalizePhoneNumber(params.phoneNumber)).distinct()
         } else {
-            phoneNumbers
+            phoneNumbers.distinct()
+        }
+        val mixedPathPhoneFilters = canonicalizeMixedPathPhoneFilters(allPhoneNumbers)
+
+        // Unified SMS+MMS query path is opt-in to keep sms.search semantics
+        // stable by default. Use includeMms=true for by-phone provider behavior.
+        if (params.includeMms && mixedPathPhoneFilters.size == 1) {
+            return querySmsMmsMessagesByPhone(mixedPathPhoneFilters.first(), params)
         }
 
         if (allPhoneNumbers.isNotEmpty()) {
@@ -526,19 +862,16 @@ class SmsManager(private val context: Context) {
             }
         }
 
-        // Keyword in body
         if (!params.keyword.isNullOrEmpty()) {
-            selections.add("${Telephony.Sms.BODY} LIKE ?")
-            selectionArgs.add("%${params.keyword}%")
+            selections.add(buildKeywordLikeSelection())
+            selectionArgs.add(buildKeywordLikeArg(params.keyword))
         }
 
-        // Type
         if (params.type != null) {
             selections.add("${Telephony.Sms.TYPE} = ?")
             selectionArgs.add(params.type.toString())
         }
 
-        // Read status
         if (params.isRead != null) {
             selections.add("${Telephony.Sms.READ} = ?")
             selectionArgs.add(if (params.isRead) "1" else "0")
@@ -556,7 +889,8 @@ class SmsManager(private val context: Context) {
             null
         }
 
-        // Query SMS with SQL-level LIMIT and OFFSET to avoid loading all matching rows
+        // Android SMS providers still honor LIMIT/OFFSET through sortOrder on this path.
+        // Keep the bounded interpolation here because parseQueryParams already clamps both values.
         val sortOrder = "${Telephony.Sms.DATE} DESC LIMIT ${params.limit} OFFSET ${params.offset}"
         val cursor = context.contentResolver.query(
             Telephony.Sms.CONTENT_URI,
@@ -570,7 +904,7 @@ class SmsManager(private val context: Context) {
                 Telephony.Sms.READ,
                 Telephony.Sms.TYPE,
                 Telephony.Sms.BODY,
-                Telephony.Sms.STATUS
+                Telephony.Sms.STATUS,
             ),
             selection,
             selectionArgsArray,
@@ -601,7 +935,7 @@ class SmsManager(private val context: Context) {
                     read = it.getInt(readIndex) == 1,
                     type = it.getInt(typeIndex),
                     body = it.getString(bodyIndex),
-                    status = it.getInt(statusIndex)
+                    status = it.getInt(statusIndex),
                 )
                 messages.add(message)
                 count++
@@ -610,4 +944,184 @@ class SmsManager(private val context: Context) {
 
         return messages
     }
+
+    private fun querySmsMmsMessagesByPhone(phoneNumber: String, params: QueryParams): List<SmsMessage> {
+        val lookupNumber = toByPhoneLookupNumber(phoneNumber)
+        if (lookupNumber.isBlank()) {
+            return emptyList()
+        }
+
+        val uri = Uri.parse("$MMS_SMS_BY_PHONE_BASE/${Uri.encode(lookupNumber)}")
+        val projection = buildMixedByPhoneProjection()
+
+        val maxCandidates = params.offset + params.limit
+        if (maxCandidates <= 0) {
+            return emptyList()
+        }
+
+        val reviewMode = shouldUseConversationReviewByPhoneMode(params)
+        val topCandidates = mutableListOf<Pair<String, SmsMessage>>()
+        val materializedCandidates = linkedMapOf<String, SmsMessage>()
+        val cursor = context.contentResolver.query(uri, projection, null, null, "date DESC")
+        cursor?.use {
+            val idIndex = it.getColumnIndex("_id")
+            val threadIdIndex = it.getColumnIndex("thread_id")
+            val transportTypeIndex = it.getColumnIndex("transport_type")
+            val addressIndex = it.getColumnIndex("address")
+            val dateIndex = it.getColumnIndex("date")
+            val dateSentIndex = it.getColumnIndex("date_sent")
+            val readIndex = it.getColumnIndex("read")
+            val typeIndex = it.getColumnIndex("type")
+            val bodyIndex = it.getColumnIndex("body")
+            val statusIndex = it.getColumnIndex("status")
+
+            while (it.moveToNext()) {
+                val id = if (idIndex >= 0 && !it.isNull(idIndex)) it.getLong(idIndex) else continue
+                val rawDate = if (dateIndex >= 0 && !it.isNull(dateIndex)) it.getLong(dateIndex) else 0L
+                val dateMs = normalizeProviderDateMillis(rawDate)
+
+                if (params.startTime != null && dateMs < params.startTime) continue
+                if (params.endTime != null && dateMs > params.endTime) continue
+
+                val threadId = if (threadIdIndex >= 0 && !it.isNull(threadIdIndex)) it.getLong(threadIdIndex) else 0L
+                val transportType = if (transportTypeIndex >= 0 && !it.isNull(transportTypeIndex)) it.getString(transportTypeIndex) else null
+                val providerAddress = if (addressIndex >= 0 && !it.isNull(addressIndex)) it.getString(addressIndex) else null
+                val mmsAddress = if (transportType.equals("mms", ignoreCase = true)) getMmsAddress(id, phoneNumber) else null
+                val address = resolveMixedByPhoneRowAddress(providerAddress, phoneNumber, mmsAddress)
+                var read = if (readIndex >= 0 && !it.isNull(readIndex)) it.getInt(readIndex) == 1 else true
+                var type = if (typeIndex >= 0 && !it.isNull(typeIndex)) it.getInt(typeIndex) else 0
+                var body = if (bodyIndex >= 0 && !it.isNull(bodyIndex)) it.getString(bodyIndex) else null
+                val smsStatus = if (statusIndex >= 0 && !it.isNull(statusIndex)) it.getInt(statusIndex) else null
+
+                // Only MMS transport rows are allowed to hydrate from MMS storage.
+                if (shouldHydrateMmsByPhoneRow(transportType, body, type)) {
+                    body = body?.takeIf { msg -> msg.isNotBlank() } ?: getMmsTextBody(id)
+                    val mmsMeta = getMmsMeta(id)
+                    if (type == 0) {
+                        type = mmsMeta.first ?: type
+                    }
+                    if (readIndex < 0 || it.isNull(readIndex)) {
+                        read = mmsMeta.second ?: read
+                    }
+                }
+
+                val dateSentRaw = if (dateSentIndex >= 0 && !it.isNull(dateSentIndex)) it.getLong(dateSentIndex) else 0L
+                val dateSentMs = normalizeProviderDateMillis(dateSentRaw)
+
+                if (!params.keyword.isNullOrEmpty()) {
+                    val keyword = params.keyword
+                    if (body.isNullOrEmpty() || !body.contains(keyword, ignoreCase = true)) {
+                        continue
+                    }
+                }
+                if (params.type != null && type != params.type) continue
+                if (params.isRead != null && read != params.isRead) continue
+
+                val message = SmsMessage(
+                    id = id,
+                    threadId = threadId,
+                    address = address,
+                    person = null,
+                    date = dateMs,
+                    dateSent = dateSentMs,
+                    read = read,
+                    type = type,
+                    body = body,
+                    status = resolveMixedByPhoneRowStatus(transportType, smsStatus),
+                    transportType = transportType,
+                )
+                val identityKey = buildMixedRowIdentity(id, transportType)
+                collectMixedByPhoneCandidate(
+                    topCandidates = topCandidates,
+                    materializedCandidates = materializedCandidates,
+                    identityKey = identityKey,
+                    message = message,
+                    maxCandidates = maxCandidates,
+                    reviewMode = reviewMode,
+                )
+            }
+        }
+
+        return pageMixedByPhoneCandidates(
+            topCandidates = topCandidates,
+            materializedCandidates = materializedCandidates,
+            params = params,
+            reviewMode = reviewMode,
+        )
+    }
+
+    private fun getMmsTextBody(messageId: Long): String? {
+        val cursor = context.contentResolver.query(
+            Uri.parse(MMS_PART_URI),
+            arrayOf("text", "ct"),
+            "mid=?",
+            arrayOf(messageId.toString()),
+            null,
+        )
+
+        cursor?.use {
+            val textIndex = it.getColumnIndex("text")
+            val ctIndex = it.getColumnIndex("ct")
+            while (it.moveToNext()) {
+                val contentType = if (ctIndex >= 0 && !it.isNull(ctIndex)) it.getString(ctIndex) else null
+                if (contentType != null && contentType != "text/plain") continue
+                val text = if (textIndex >= 0 && !it.isNull(textIndex)) it.getString(textIndex) else null
+                if (!text.isNullOrBlank()) return text
+            }
+        }
+
+        return null
+    }
+
+    private fun getMmsMeta(messageId: Long): Pair<Int?, Boolean?> {
+        val cursor = context.contentResolver.query(
+            Uri.parse("$MMS_CONTENT_BASE/$messageId"),
+            arrayOf("msg_box", "read"),
+            null,
+            null,
+            null,
+        )
+
+        cursor?.use {
+            if (it.moveToFirst()) {
+                val msgBoxIndex = it.getColumnIndex("msg_box")
+                val readIndex = it.getColumnIndex("read")
+                val msgBox = if (msgBoxIndex >= 0 && !it.isNull(msgBoxIndex)) it.getInt(msgBoxIndex) else null
+                val mappedType = mapMmsMsgBoxToSearchType(msgBox)
+                val read = if (readIndex >= 0 && !it.isNull(readIndex)) it.getInt(readIndex) == 1 else null
+                return mappedType to read
+            }
+        }
+
+        return null to null
+    }
+
+    private fun getMmsAddress(messageId: Long, phoneNumber: String): String? {
+        val lookupNumber = toByPhoneLookupNumber(phoneNumber)
+        if (lookupNumber.isBlank()) {
+            return null
+        }
+
+        val cursor = context.contentResolver.query(
+            Uri.parse("$MMS_CONTENT_BASE/$messageId/addr"),
+            arrayOf("address", "type"),
+            null,
+            null,
+            null,
+        )
+
+        cursor?.use {
+            val addressIndex = it.getColumnIndex("address")
+            val typeIndex = it.getColumnIndex("type")
+            val addressRows = mutableListOf<Pair<String?, Int?>>()
+            while (it.moveToNext()) {
+                val address = if (addressIndex >= 0 && !it.isNull(addressIndex)) it.getString(addressIndex) else null
+                val type = if (typeIndex >= 0 && !it.isNull(typeIndex)) it.getInt(typeIndex) else null
+                addressRows.add(address to type)
+            }
+            return selectPreferredMmsAddress(addressRows, lookupNumber)
+        }
+
+        return null
+    }
 }

apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt

@@ -1459,8 +1459,8 @@ private fun PermissionsStep(
         subtitle = "Send and search text messages via the gateway",
         checked = enableSms,
         granted =
-          isPermissionGranted(context, Manifest.permission.SEND_SMS) &&
-                  isPermissionGranted(context, Manifest.permission.READ_SMS),
+          isPermissionGranted(context, Manifest.permission.SEND_SMS) ||
+            isPermissionGranted(context, Manifest.permission.READ_SMS),
         onCheckedChange = onSmsChange,
       )
     }

apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt

@@ -34,7 +34,6 @@ import androidx.compose.foundation.lazy.LazyColumn
 import androidx.compose.foundation.lazy.items
 import androidx.compose.foundation.lazy.rememberLazyListState
 import androidx.compose.foundation.shape.RoundedCornerShape
-import androidx.compose.material.icons.Icons
 import androidx.compose.material3.Button
 import androidx.compose.material3.ButtonDefaults
 import androidx.compose.material3.HorizontalDivider
@@ -54,20 +53,23 @@ import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
 import androidx.compose.runtime.setValue
 import androidx.compose.ui.Modifier
-import androidx.compose.ui.draw.alpha
 import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.draw.alpha
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.unit.sp
 import androidx.compose.ui.unit.dp
 import androidx.core.content.ContextCompat
+import androidx.core.net.toUri
 import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.LifecycleEventObserver
 import androidx.lifecycle.compose.LocalLifecycleOwner
 import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.LocationMode
 import ai.openclaw.app.MainViewModel
+import ai.openclaw.app.normalizeLocalHourMinute
+import ai.openclaw.app.NotificationPackageFilterMode
 import ai.openclaw.app.node.DeviceNotificationListenerService
 
 @Composable
@@ -81,6 +83,55 @@ fun SettingsSheet(viewModel: MainViewModel) {
   val locationPreciseEnabled by viewModel.locationPreciseEnabled.collectAsState()
   val preventSleep by viewModel.preventSleep.collectAsState()
   val canvasDebugStatusEnabled by viewModel.canvasDebugStatusEnabled.collectAsState()
+  val notificationForwardingEnabled by viewModel.notificationForwardingEnabled.collectAsState()
+  val notificationForwardingMode by viewModel.notificationForwardingMode.collectAsState()
+  val notificationForwardingPackages by viewModel.notificationForwardingPackages.collectAsState()
+  val notificationForwardingQuietHoursEnabled by viewModel.notificationForwardingQuietHoursEnabled.collectAsState()
+  val notificationForwardingQuietStart by viewModel.notificationForwardingQuietStart.collectAsState()
+  val notificationForwardingQuietEnd by viewModel.notificationForwardingQuietEnd.collectAsState()
+  val notificationForwardingMaxEventsPerMinute by viewModel.notificationForwardingMaxEventsPerMinute.collectAsState()
+  val notificationForwardingSessionKey by viewModel.notificationForwardingSessionKey.collectAsState()
+
+  var notificationQuietStartDraft by remember(notificationForwardingQuietStart) {
+    mutableStateOf(notificationForwardingQuietStart)
+  }
+  var notificationQuietEndDraft by remember(notificationForwardingQuietEnd) {
+    mutableStateOf(notificationForwardingQuietEnd)
+  }
+  var notificationRateDraft by remember(notificationForwardingMaxEventsPerMinute) {
+    mutableStateOf(notificationForwardingMaxEventsPerMinute.toString())
+  }
+  var notificationSessionKeyDraft by remember(notificationForwardingSessionKey) {
+    mutableStateOf(notificationForwardingSessionKey.orEmpty())
+  }
+  val normalizedQuietStartDraft = remember(notificationQuietStartDraft) {
+    normalizeLocalHourMinute(notificationQuietStartDraft)
+  }
+  val normalizedQuietEndDraft = remember(notificationQuietEndDraft) {
+    normalizeLocalHourMinute(notificationQuietEndDraft)
+  }
+  val quietHoursDraftValid = normalizedQuietStartDraft != null && normalizedQuietEndDraft != null
+  val selectedPackagesSummary = remember(notificationForwardingMode, notificationForwardingPackages) {
+    when (notificationForwardingMode) {
+      NotificationPackageFilterMode.Allowlist ->
+        if (notificationForwardingPackages.isEmpty()) {
+          "Selected: none — allowlist mode forwards nothing until you add apps."
+        } else {
+          "Selected: ${notificationForwardingPackages.size} app(s) allowed."
+        }
+      NotificationPackageFilterMode.Blocklist ->
+        if (notificationForwardingPackages.isEmpty()) {
+          "Selected: none — blocklist mode forwards all apps except OpenClaw."
+        } else {
+          "Selected: ${notificationForwardingPackages.size} app(s) blocked."
+        }
+    }
+  }
+  val quietHoursCanEnable = notificationForwardingEnabled && quietHoursDraftValid
+  val quietHoursDraftDirty =
+    notificationForwardingQuietStart != (normalizedQuietStartDraft ?: notificationQuietStartDraft.trim()) ||
+      notificationForwardingQuietEnd != (normalizedQuietEndDraft ?: notificationQuietEndDraft.trim())
+  val quietHoursSaveEnabled = notificationForwardingEnabled && quietHoursDraftValid && quietHoursDraftDirty
 
   val listState = rememberLazyListState()
   val deviceModel =
@@ -175,6 +226,16 @@ fun SettingsSheet(viewModel: MainViewModel) {
     remember {
       mutableStateOf(isNotificationListenerEnabled(context))
     }
+  val notificationForwardingAvailable = notificationForwardingEnabled && notificationListenerEnabled
+  val notificationForwardingControlsAlpha = if (notificationForwardingAvailable) 1f else 0.6f
+
+  var notificationPickerExpanded by remember { mutableStateOf(false) }
+  var notificationAppSearch by remember { mutableStateOf("") }
+  var notificationShowSystemApps by remember { mutableStateOf(false) }
+  var installedNotificationApps by
+    remember(context, notificationForwardingPackages) {
+      mutableStateOf(queryInstalledApps(context, notificationForwardingPackages))
+    }
 
   var photosPermissionGranted by
     remember {
@@ -249,16 +310,19 @@ fun SettingsSheet(viewModel: MainViewModel) {
     remember {
       mutableStateOf(
         ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
-          PackageManager.PERMISSION_GRANTED &&
+          PackageManager.PERMISSION_GRANTED ||
           ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) ==
           PackageManager.PERMISSION_GRANTED,
       )
     }
   val smsPermissionLauncher =
-    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { perms ->
-      val sendOk = perms[Manifest.permission.SEND_SMS] == true
-      val readOk = perms[Manifest.permission.READ_SMS] == true
-      smsPermissionGranted = sendOk && readOk
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) {
+      smsPermissionGranted =
+        ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
+          PackageManager.PERMISSION_GRANTED
+        ||
+          ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) ==
+          PackageManager.PERMISSION_GRANTED
       viewModel.refreshGatewayConnection()
     }
 
@@ -271,6 +335,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
               PackageManager.PERMISSION_GRANTED
           notificationsPermissionGranted = hasNotificationsPermission(context)
           notificationListenerEnabled = isNotificationListenerEnabled(context)
+          installedNotificationApps = queryInstalledApps(context, notificationForwardingPackages)
           photosPermissionGranted =
             ContextCompat.checkSelfPermission(context, photosPermission) ==
               PackageManager.PERMISSION_GRANTED
@@ -293,7 +358,8 @@ fun SettingsSheet(viewModel: MainViewModel) {
               PackageManager.PERMISSION_GRANTED
           smsPermissionGranted =
             ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
-              PackageManager.PERMISSION_GRANTED &&
+              PackageManager.PERMISSION_GRANTED
+            ||
               ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) ==
               PackageManager.PERMISSION_GRANTED
         }
@@ -351,6 +417,20 @@ fun SettingsSheet(viewModel: MainViewModel) {
     }
   }
 
+  val normalizedAppSearch = notificationAppSearch.trim().lowercase()
+  val filteredNotificationApps =
+    remember(installedNotificationApps, normalizedAppSearch, notificationShowSystemApps) {
+      installedNotificationApps
+        .asSequence()
+        .filter { app -> notificationShowSystemApps || !app.isSystemApp }
+        .filter { app ->
+          normalizedAppSearch.isEmpty() ||
+            app.label.lowercase().contains(normalizedAppSearch) ||
+            app.packageName.lowercase().contains(normalizedAppSearch)
+        }
+        .toList()
+    }
+
   Box(
     modifier =
       Modifier
@@ -491,9 +571,12 @@ fun SettingsSheet(viewModel: MainViewModel) {
           ListItem(
             modifier = Modifier.fillMaxWidth(),
             colors = listItemColors,
-            headlineContent = { Text("Notification Listener", style = mobileHeadline) },
+            headlineContent = { Text("Notification Listener Access", style = mobileHeadline) },
             supportingContent = {
-              Text("Read and interact with notifications.", style = mobileCallout)
+              Text(
+                "Required for `notifications.list`, `notifications.actions`, and forwarded notification events.",
+                style = mobileCallout,
+              )
             },
             trailingContent = {
               Button(
@@ -530,7 +613,11 @@ fun SettingsSheet(viewModel: MainViewModel) {
                   shape = RoundedCornerShape(14.dp),
                 ) {
                   Text(
-                    if (smsPermissionGranted) "Manage" else "Grant",
+                    if (smsPermissionGranted) {
+                      "Manage"
+                    } else {
+                      "Grant"
+                    },
                     style = mobileCallout.copy(fontWeight = FontWeight.Bold),
                   )
                 }
@@ -539,6 +626,297 @@ fun SettingsSheet(viewModel: MainViewModel) {
           }
         }
       }
+      item {
+        ListItem(
+          modifier = Modifier.settingsRowModifier(),
+          colors = listItemColors,
+          headlineContent = { Text("Forward Notification Events", style = mobileHeadline) },
+          supportingContent = {
+            Text(
+              if (notificationListenerEnabled) {
+                "Forward listener events into gateway node events. Off by default until you enable it."
+              } else {
+                "Notification listener access is off, so no notification events can be forwarded yet."
+              },
+              style = mobileCallout,
+            )
+          },
+          trailingContent = {
+            Switch(
+              checked = notificationForwardingEnabled,
+              onCheckedChange = viewModel::setNotificationForwardingEnabled,
+              enabled = notificationListenerEnabled,
+            )
+          },
+        )
+      }
+      item {
+        Text(
+          if (notificationListenerEnabled) {
+            "Forwarding is available when enabled below."
+          } else {
+            "Forwarding controls stay disabled until Notification Listener Access is enabled in system Settings."
+          },
+          style = mobileCallout,
+          color = mobileTextSecondary,
+        )
+      }
+      item {
+        Column(
+          modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+          verticalArrangement = Arrangement.spacedBy(0.dp),
+        ) {
+          ListItem(
+            modifier = Modifier.fillMaxWidth(),
+            colors = listItemColors,
+            headlineContent = { Text("Package Filter: Allowlist", style = mobileHeadline) },
+            supportingContent = {
+              Text("Only listed package IDs are forwarded.", style = mobileCallout)
+            },
+            trailingContent = {
+              RadioButton(
+                selected = notificationForwardingMode == NotificationPackageFilterMode.Allowlist,
+                onClick = {
+                  viewModel.setNotificationForwardingMode(NotificationPackageFilterMode.Allowlist)
+                },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+          HorizontalDivider(color = mobileBorder)
+          ListItem(
+            modifier = Modifier.fillMaxWidth(),
+            colors = listItemColors,
+            headlineContent = { Text("Package Filter: Blocklist", style = mobileHeadline) },
+            supportingContent = {
+              Text("All packages except listed IDs are forwarded.", style = mobileCallout)
+            },
+            trailingContent = {
+              RadioButton(
+                selected = notificationForwardingMode == NotificationPackageFilterMode.Blocklist,
+                onClick = {
+                  viewModel.setNotificationForwardingMode(NotificationPackageFilterMode.Blocklist)
+                },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+        }
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = { notificationPickerExpanded = !notificationPickerExpanded },
+            enabled = notificationForwardingAvailable,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text(
+              if (notificationPickerExpanded) "Close App Picker" else "Open App Picker",
+              style = mobileCallout.copy(fontWeight = FontWeight.Bold),
+            )
+          }
+        }
+      }
+      item {
+        Text(
+          selectedPackagesSummary,
+          style = mobileCallout,
+          color = mobileTextSecondary,
+        )
+      }
+      if (notificationPickerExpanded) {
+        item {
+          OutlinedTextField(
+            value = notificationAppSearch,
+            onValueChange = { notificationAppSearch = it },
+            label = {
+              Text("Search apps", style = mobileCaption1, color = mobileTextSecondary)
+            },
+            modifier = Modifier.fillMaxWidth(),
+            textStyle = mobileBody.copy(color = mobileText),
+            colors = settingsTextFieldColors(),
+            enabled = notificationForwardingAvailable,
+          )
+        }
+        item {
+          ListItem(
+            modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+            colors = listItemColors,
+            headlineContent = { Text("Show System Apps", style = mobileHeadline) },
+            supportingContent = {
+              Text("Include Android/system packages in results.", style = mobileCallout)
+            },
+            trailingContent = {
+              Switch(
+                checked = notificationShowSystemApps,
+                onCheckedChange = { notificationShowSystemApps = it },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+        }
+        items(filteredNotificationApps, key = { it.packageName }) { app ->
+          ListItem(
+            modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+            colors = listItemColors,
+            headlineContent = { Text(app.label, style = mobileHeadline) },
+            supportingContent = { Text(app.packageName, style = mobileCallout) },
+            trailingContent = {
+              Switch(
+                checked = notificationForwardingPackages.contains(app.packageName),
+                onCheckedChange = { checked ->
+                  val next = notificationForwardingPackages.toMutableSet()
+                  if (checked) {
+                    next.add(app.packageName)
+                  } else {
+                    next.remove(app.packageName)
+                  }
+                  viewModel.setNotificationForwardingPackagesCsv(next.sorted().joinToString(","))
+                },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+        }
+      }
+      item {
+        ListItem(
+          modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+          colors = listItemColors,
+          headlineContent = { Text("Quiet Hours", style = mobileHeadline) },
+          supportingContent = {
+            Text("Suppress forwarding during a local time window.", style = mobileCallout)
+          },
+          trailingContent = {
+            Switch(
+              checked = notificationForwardingQuietHoursEnabled,
+              onCheckedChange = {
+                if (!quietHoursCanEnable && it) return@Switch
+                viewModel.setNotificationForwardingQuietHours(
+                  enabled = it,
+                  start = notificationQuietStartDraft,
+                  end = notificationQuietEndDraft,
+                )
+              },
+              enabled = if (notificationForwardingQuietHoursEnabled) notificationForwardingAvailable else quietHoursCanEnable,
+            )
+          },
+        )
+      }
+      item {
+        OutlinedTextField(
+          value = notificationQuietStartDraft,
+          onValueChange = { notificationQuietStartDraft = it },
+          label = { Text("Quiet Start (HH:mm)", style = mobileCaption1, color = mobileTextSecondary) },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+          isError = notificationForwardingAvailable && normalizedQuietStartDraft == null,
+          supportingText = {
+            if (notificationForwardingAvailable && normalizedQuietStartDraft == null) {
+              Text("Use 24-hour HH:mm format, for example 22:00.", style = mobileCaption1, color = mobileDanger)
+            }
+          },
+        )
+      }
+      item {
+        OutlinedTextField(
+          value = notificationQuietEndDraft,
+          onValueChange = { notificationQuietEndDraft = it },
+          label = { Text("Quiet End (HH:mm)", style = mobileCaption1, color = mobileTextSecondary) },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+          isError = notificationForwardingAvailable && normalizedQuietEndDraft == null,
+          supportingText = {
+            if (notificationForwardingAvailable && normalizedQuietEndDraft == null) {
+              Text("Use 24-hour HH:mm format, for example 07:00.", style = mobileCaption1, color = mobileDanger)
+            }
+          },
+        )
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = {
+              viewModel.setNotificationForwardingQuietHours(
+                enabled = notificationForwardingQuietHoursEnabled,
+                start = notificationQuietStartDraft,
+                end = notificationQuietEndDraft,
+              )
+            },
+            enabled = quietHoursSaveEnabled,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text("Save Quiet Hours", style = mobileCallout.copy(fontWeight = FontWeight.Bold))
+          }
+        }
+      }
+      item {
+        OutlinedTextField(
+          value = notificationRateDraft,
+          onValueChange = { notificationRateDraft = it.filter { c -> c.isDigit() } },
+          label = { Text("Max Events / Minute", style = mobileCaption1, color = mobileTextSecondary) },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+        )
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = {
+              val parsed = notificationRateDraft.toIntOrNull() ?: notificationForwardingMaxEventsPerMinute
+              viewModel.setNotificationForwardingMaxEventsPerMinute(parsed)
+            },
+            enabled = notificationForwardingAvailable,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text("Save Rate", style = mobileCallout.copy(fontWeight = FontWeight.Bold))
+          }
+        }
+      }
+      item {
+        OutlinedTextField(
+          value = notificationSessionKeyDraft,
+          onValueChange = { notificationSessionKeyDraft = it },
+          label = {
+            Text(
+              "Route Session Key (optional)",
+              style = mobileCaption1,
+              color = mobileTextSecondary,
+            )
+          },
+          placeholder = {
+            Text("Blank keeps notification events on this device's default notification route. Set a key only to pin forwarding into a different session.", style = mobileCaption1, color = mobileTextSecondary)
+          },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+        )
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = {
+              viewModel.setNotificationForwardingSessionKey(notificationSessionKeyDraft.trim().ifEmpty { null })
+            },
+            enabled = notificationForwardingAvailable,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text("Save Session Route", style = mobileCallout.copy(fontWeight = FontWeight.Bold))
+          }
+        }
+      }
+      item { HorizontalDivider(color = mobileBorder) }
 
       // ── Data Access ──
       item {
@@ -774,6 +1152,78 @@ fun SettingsSheet(viewModel: MainViewModel) {
   }
 }
 
+data class InstalledApp(
+  val label: String,
+  val packageName: String,
+  val isSystemApp: Boolean,
+)
+
+private fun queryInstalledApps(
+  context: Context,
+  configuredPackages: Set<String>,
+): List<InstalledApp> {
+  val packageManager = context.packageManager
+  val launcherIntent = Intent(Intent.ACTION_MAIN).apply { addCategory(Intent.CATEGORY_LAUNCHER) }
+
+  val launcherPackages =
+    packageManager
+      .queryIntentActivities(launcherIntent, PackageManager.MATCH_ALL)
+      .asSequence()
+      .mapNotNull { it.activityInfo?.packageName?.trim()?.takeIf(String::isNotEmpty) }
+      .toMutableSet()
+
+  val recentNotificationPackages =
+    DeviceNotificationListenerService
+      .recentPackages(context)
+      .asSequence()
+      .map { it.trim() }
+      .filter { it.isNotEmpty() }
+      .toList()
+
+  val candidatePackages =
+    resolveNotificationCandidatePackages(
+      launcherPackages = launcherPackages,
+      recentPackages = recentNotificationPackages,
+      configuredPackages = configuredPackages,
+      appPackageName = context.packageName,
+    )
+
+  return candidatePackages
+    .asSequence()
+    .mapNotNull { packageName ->
+      runCatching {
+        val appInfo = packageManager.getApplicationInfo(packageName, 0)
+        val label = packageManager.getApplicationLabel(appInfo)?.toString()?.trim().orEmpty()
+        InstalledApp(
+          label = if (label.isEmpty()) packageName else label,
+          packageName = packageName,
+          isSystemApp = (appInfo.flags and android.content.pm.ApplicationInfo.FLAG_SYSTEM) != 0,
+        )
+      }.getOrNull()
+    }
+    .sortedWith(compareBy<InstalledApp> { it.label.lowercase() }.thenBy { it.packageName })
+    .toList()
+}
+
+internal fun resolveNotificationCandidatePackages(
+  launcherPackages: Set<String>,
+  recentPackages: List<String>,
+  configuredPackages: Set<String>,
+  appPackageName: String,
+): Set<String> {
+  val blockedPackage = appPackageName.trim()
+  return sequenceOf(
+      configuredPackages.asSequence(),
+      launcherPackages.asSequence(),
+      recentPackages.asSequence(),
+    )
+    .flatten()
+    .map { it.trim() }
+    .filter { it.isNotEmpty() && it != blockedPackage }
+    .toSet()
+}
+
+
 @Composable
 private fun settingsTextFieldColors() =
   OutlinedTextFieldDefaults.colors(
@@ -842,5 +1292,5 @@ private fun isNotificationListenerEnabled(context: Context): Boolean {
 private fun hasMotionCapabilities(context: Context): Boolean {
   val sensorManager = context.getSystemService(SensorManager::class.java) ?: return false
   return sensorManager.getDefaultSensor(Sensor.TYPE_ACCELEROMETER) != null ||
-          sensorManager.getDefaultSensor(Sensor.TYPE_STEP_COUNTER) != null
+    sensorManager.getDefaultSensor(Sensor.TYPE_STEP_COUNTER) != null
 }

apps/android/app/src/test/java/ai/openclaw/app/NotificationForwardingPolicyTest.kt

@@ -0,0 +1,189 @@
+package ai.openclaw.app
+
+import java.time.LocalDateTime
+import java.time.ZoneId
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class NotificationForwardingPolicyTest {
+  @Test
+  fun parseLocalHourMinute_parsesValidValues() {
+    assertEquals(0, parseLocalHourMinute("00:00"))
+    assertEquals(23 * 60 + 59, parseLocalHourMinute("23:59"))
+    assertEquals(7 * 60 + 5, parseLocalHourMinute("07:05"))
+  }
+
+  @Test
+  fun normalizeLocalHourMinute_acceptsStrict24HourDrafts() {
+    assertEquals("00:00", normalizeLocalHourMinute("00:00"))
+    assertEquals("23:59", normalizeLocalHourMinute("23:59"))
+    assertEquals("07:05", normalizeLocalHourMinute("07:05"))
+  }
+
+  @Test
+  fun parseLocalHourMinute_rejectsInvalidValues() {
+    assertEquals(null, parseLocalHourMinute(""))
+    assertEquals(null, parseLocalHourMinute("24:00"))
+    assertEquals(null, parseLocalHourMinute("12:60"))
+    assertEquals(null, parseLocalHourMinute("abc"))
+    assertEquals(null, parseLocalHourMinute("7:05"))
+    assertEquals(null, parseLocalHourMinute("07:5"))
+  }
+
+  @Test
+  fun normalizeLocalHourMinute_rejectsNonCanonicalDrafts() {
+    assertEquals(null, normalizeLocalHourMinute(""))
+    assertEquals(null, normalizeLocalHourMinute("7:05"))
+    assertEquals(null, normalizeLocalHourMinute("07:5"))
+    assertEquals(null, normalizeLocalHourMinute("24:00"))
+    assertEquals(null, normalizeLocalHourMinute("12:60"))
+  }
+
+  @Test
+  fun allowsPackage_blocklistBlocksConfiguredPackages() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = setOf("com.blocked.app"),
+        quietHoursEnabled = false,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    assertFalse(policy.allowsPackage("com.blocked.app"))
+    assertTrue(policy.allowsPackage("com.allowed.app"))
+  }
+
+  @Test
+  fun allowsPackage_allowlistOnlyAllowsConfiguredPackages() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Allowlist,
+        packages = setOf("com.allowed.app"),
+        quietHoursEnabled = false,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    assertTrue(policy.allowsPackage("com.allowed.app"))
+    assertFalse(policy.allowsPackage("com.other.app"))
+  }
+
+  @Test
+  fun isWithinQuietHours_handlesWindowCrossingMidnight() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    val zone = ZoneId.of("UTC")
+    val at2330 =
+      LocalDateTime
+        .of(2024, 1, 6, 23, 30)
+        .atZone(zone)
+        .toInstant()
+        .toEpochMilli()
+    val at1200 =
+      LocalDateTime
+        .of(2024, 1, 6, 12, 0)
+        .atZone(zone)
+        .toInstant()
+        .toEpochMilli()
+
+    assertTrue(policy.isWithinQuietHours(nowEpochMs = at2330, zoneId = zone))
+    assertFalse(policy.isWithinQuietHours(nowEpochMs = at1200, zoneId = zone))
+  }
+
+  @Test
+  fun isWithinQuietHours_sameStartEndMeansAlwaysQuiet() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "00:00",
+        quietEnd = "00:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    assertTrue(policy.isWithinQuietHours(nowEpochMs = 1_704_098_400_000L, zoneId = ZoneId.of("UTC")))
+  }
+
+  @Test
+  fun blocksEventsWhenDisabledOrQuietHoursOrRateLimited() {
+    val disabled =
+      NotificationForwardingPolicy(
+        enabled = false,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = false,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+    assertFalse(disabled.enabled && disabled.allowsPackage("com.allowed.app"))
+
+    val quiet =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+    val zone = ZoneId.of("UTC")
+    val at2330 =
+      LocalDateTime
+        .of(2024, 1, 6, 23, 30)
+        .atZone(zone)
+        .toInstant()
+        .toEpochMilli()
+    assertTrue(quiet.isWithinQuietHours(nowEpochMs = at2330, zoneId = zone))
+
+    val limiter = NotificationBurstLimiter()
+    val minute = 1_704_098_400_000L
+    assertTrue(limiter.allow(nowEpochMs = minute, maxEventsPerMinute = 1))
+    assertFalse(limiter.allow(nowEpochMs = minute + 500L, maxEventsPerMinute = 1))
+  }
+
+  @Test
+  fun burstLimiter_blocksEventsAboveLimitInSameMinute() {
+    val limiter = NotificationBurstLimiter()
+    val minute = 1_704_098_400_000L
+
+    assertTrue(limiter.allow(nowEpochMs = minute, maxEventsPerMinute = 2))
+    assertTrue(limiter.allow(nowEpochMs = minute + 1_000L, maxEventsPerMinute = 2))
+    assertFalse(limiter.allow(nowEpochMs = minute + 2_000L, maxEventsPerMinute = 2))
+  }
+
+  @Test
+  fun burstLimiter_resetsOnNextMinuteWindow() {
+    val limiter = NotificationBurstLimiter()
+    val minute = 1_704_098_400_000L
+
+    assertTrue(limiter.allow(nowEpochMs = minute, maxEventsPerMinute = 1))
+    assertFalse(limiter.allow(nowEpochMs = minute + 1_000L, maxEventsPerMinute = 1))
+    assertTrue(limiter.allow(nowEpochMs = minute + 60_000L, maxEventsPerMinute = 1))
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/SecurePrefsNotificationForwardingTest.kt

@@ -0,0 +1,133 @@
+package ai.openclaw.app
+
+import android.content.Context
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+
+@RunWith(RobolectricTestRunner::class)
+class SecurePrefsNotificationForwardingTest {
+  @Test
+  fun setNotificationForwardingQuietHours_rejectsInvalidDraftsWithoutMutatingStoredValues() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = false,
+        start = "22:00",
+        end = "07:00",
+      ),
+    )
+
+    val originalStart = prefs.notificationForwardingQuietStart.value
+    val originalEnd = prefs.notificationForwardingQuietEnd.value
+    val originalEnabled = prefs.notificationForwardingQuietHoursEnabled.value
+
+    assertFalse(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "7:00",
+        end = "07:00",
+      ),
+    )
+
+    assertEquals(originalStart, prefs.notificationForwardingQuietStart.value)
+    assertEquals(originalEnd, prefs.notificationForwardingQuietEnd.value)
+    assertEquals(originalEnabled, prefs.notificationForwardingQuietHoursEnabled.value)
+  }
+
+  @Test
+  fun setNotificationForwardingQuietHours_persistsValidDraftsAndEnabledState() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "22:30",
+        end = "06:45",
+      ),
+    )
+
+    assertTrue(prefs.notificationForwardingQuietHoursEnabled.value)
+    assertEquals("22:30", prefs.notificationForwardingQuietStart.value)
+    assertEquals("06:45", prefs.notificationForwardingQuietEnd.value)
+  }
+
+  @Test
+  fun setNotificationForwardingQuietHours_disablesWithoutRevalidatingDrafts() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "22:30",
+        end = "06:45",
+      ),
+    )
+
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = false,
+        start = "7:00",
+        end = "06:45",
+      ),
+    )
+
+    assertFalse(prefs.notificationForwardingQuietHoursEnabled.value)
+    assertEquals("22:30", prefs.notificationForwardingQuietStart.value)
+    assertEquals("06:45", prefs.notificationForwardingQuietEnd.value)
+  }
+
+
+  @Test
+  fun getNotificationForwardingPolicy_readsLatestQuietHoursImmediately() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "21:15",
+        end = "06:10",
+      ),
+    )
+
+    val policy = prefs.getNotificationForwardingPolicy(appPackageName = "ai.openclaw.app")
+
+    assertTrue(policy.quietHoursEnabled)
+    assertEquals("21:15", policy.quietStart)
+    assertEquals("06:10", policy.quietEnd)
+  }
+
+  @Test
+  fun notificationForwarding_defaultsDisabledForSaferPosture() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+    val policy = prefs.getNotificationForwardingPolicy(appPackageName = "ai.openclaw.app")
+
+    assertFalse(prefs.notificationForwardingEnabled.value)
+    assertFalse(policy.enabled)
+    assertEquals(NotificationPackageFilterMode.Blocklist, policy.mode)
+  }
+
+}

apps/android/app/src/test/java/ai/openclaw/app/node/CallLogHandlerTest.kt

@@ -173,15 +173,50 @@ class CallLogHandlerTest : NodeHandlerRobolectricTest() {
     assertTrue(callLogObj.containsKey("number"))
     assertTrue(callLogObj.containsKey("cachedName"))
   }
+
+  @Test
+  fun handleCallLogSearch_clampsLimitAndOffsetBeforeSearch() {
+    val source = FakeCallLogDataSource(canRead = true)
+    val handler = CallLogHandler.forTesting(appContext(), source)
+
+    val result = handler.handleCallLogSearch("""{"limit":999,"offset":-5}""")
+
+    assertTrue(result.ok)
+    assertEquals(200, source.lastRequest?.limit)
+    assertEquals(0, source.lastRequest?.offset)
+  }
+
+  @Test
+  fun handleCallLogSearch_mapsSearchFailuresToUnavailable() {
+    val handler =
+      CallLogHandler.forTesting(
+        appContext(),
+        FakeCallLogDataSource(
+          canRead = true,
+          failure = IllegalStateException("provider down"),
+        ),
+      )
+
+    val result = handler.handleCallLogSearch(null)
+
+    assertFalse(result.ok)
+    assertEquals("CALL_LOG_UNAVAILABLE", result.error?.code)
+    assertEquals("CALL_LOG_UNAVAILABLE: provider down", result.error?.message)
+  }
 }
 
 private class FakeCallLogDataSource(
   private val canRead: Boolean,
   private val searchResults: List<CallLogRecord> = emptyList(),
+  private val failure: Throwable? = null,
 ) : CallLogDataSource {
+  var lastRequest: CallLogSearchRequest? = null
+
   override fun hasReadPermission(context: Context): Boolean = canRead
 
   override fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord> {
+    lastRequest = request
+    failure?.let { throw it }
     val startIndex = request.offset.coerceAtLeast(0)
     val endIndex = (startIndex + request.limit).coerceAtMost(searchResults.size)
     return if (startIndex < searchResults.size) {

apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt

@@ -1,10 +1,25 @@
 package ai.openclaw.app.node
 
+import ai.openclaw.app.LocationMode
+import ai.openclaw.app.SecurePrefs
+import ai.openclaw.app.VoiceWakeMode
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
+import ai.openclaw.app.protocol.OpenClawCameraCommand
+import ai.openclaw.app.protocol.OpenClawCapability
+import ai.openclaw.app.protocol.OpenClawLocationCommand
+import ai.openclaw.app.protocol.OpenClawMotionCommand
+import ai.openclaw.app.protocol.OpenClawSmsCommand
 import ai.openclaw.app.gateway.GatewayEndpoint
 import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
 import org.junit.Assert.assertNull
+import org.junit.Assert.assertTrue
 import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
 
+@RunWith(RobolectricTestRunner::class)
 class ConnectionManagerTest {
   @Test
   fun resolveTlsParamsForEndpoint_prefersStoredPinOverAdvertisedFingerprint() {
@@ -73,4 +88,173 @@ class ConnectionManagerTest {
     assertNull(on?.expectedFingerprint)
     assertEquals(false, on?.allowTOFU)
   }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesRequestableSmsSearchWithoutSmsCapability() {
+    val options =
+      newManager(
+        sendSmsAvailable = false,
+        readSmsAvailable = false,
+        smsSearchPossible = true,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Send.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_doesNotAdvertiseSmsWhenSearchIsImpossible() {
+    val options =
+      newManager(
+        sendSmsAvailable = false,
+        readSmsAvailable = false,
+        smsSearchPossible = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Send.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesSmsCapabilityWhenReadSmsIsAvailable() {
+    val options =
+      newManager(
+        sendSmsAvailable = false,
+        readSmsAvailable = true,
+        smsSearchPossible = true,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesSmsSendWithoutSearchWhenOnlySendIsAvailable() {
+    val options =
+      newManager(
+        sendSmsAvailable = true,
+        readSmsAvailable = false,
+        smsSearchPossible = false,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawSmsCommand.Send.rawValue))
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesAvailableNonSmsCommandsAndCapabilities() {
+    val options =
+      newManager(
+        cameraEnabled = true,
+        locationMode = LocationMode.WhileUsing,
+        voiceWakeMode = VoiceWakeMode.Always,
+        motionActivityAvailable = true,
+        callLogAvailable = true,
+        hasRecordAudioPermission = true,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawCameraCommand.List.rawValue))
+    assertTrue(options.commands.contains(OpenClawLocationCommand.Get.rawValue))
+    assertTrue(options.commands.contains(OpenClawMotionCommand.Activity.rawValue))
+    assertTrue(options.commands.contains(OpenClawCallLogCommand.Search.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Camera.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Location.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Motion.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.CallLog.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.VoiceWake.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_omitsVoiceWakeWithoutMicrophonePermission() {
+    val options =
+      newManager(
+        voiceWakeMode = VoiceWakeMode.Always,
+        hasRecordAudioPermission = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.caps.contains(OpenClawCapability.VoiceWake.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_omitsUnavailableCameraLocationAndCallLogSurfaces() {
+    val options =
+      newManager(
+        cameraEnabled = false,
+        locationMode = LocationMode.Off,
+        callLogAvailable = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawCameraCommand.List.rawValue))
+    assertFalse(options.commands.contains(OpenClawCameraCommand.Snap.rawValue))
+    assertFalse(options.commands.contains(OpenClawCameraCommand.Clip.rawValue))
+    assertFalse(options.commands.contains(OpenClawLocationCommand.Get.rawValue))
+    assertFalse(options.commands.contains(OpenClawCallLogCommand.Search.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Camera.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Location.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.CallLog.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesOnlyAvailableMotionCommand() {
+    val options =
+      newManager(
+        motionActivityAvailable = false,
+        motionPedometerAvailable = true,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawMotionCommand.Activity.rawValue))
+    assertTrue(options.commands.contains(OpenClawMotionCommand.Pedometer.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Motion.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_omitsMotionSurfaceWhenMotionApisUnavailable() {
+    val options =
+      newManager(
+        motionActivityAvailable = false,
+        motionPedometerAvailable = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawMotionCommand.Activity.rawValue))
+    assertFalse(options.commands.contains(OpenClawMotionCommand.Pedometer.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Motion.rawValue))
+  }
+
+  private fun newManager(
+    cameraEnabled: Boolean = false,
+    locationMode: LocationMode = LocationMode.Off,
+    voiceWakeMode: VoiceWakeMode = VoiceWakeMode.Off,
+    motionActivityAvailable: Boolean = false,
+    motionPedometerAvailable: Boolean = false,
+    sendSmsAvailable: Boolean = false,
+    readSmsAvailable: Boolean = false,
+    smsSearchPossible: Boolean = false,
+    callLogAvailable: Boolean = false,
+    hasRecordAudioPermission: Boolean = false,
+  ): ConnectionManager {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs =
+      SecurePrefs(
+        context,
+        securePrefsOverride = context.getSharedPreferences("connection-manager-test", android.content.Context.MODE_PRIVATE),
+      )
+
+    return ConnectionManager(
+      prefs = prefs,
+      cameraEnabled = { cameraEnabled },
+      locationMode = { locationMode },
+      voiceWakeMode = { voiceWakeMode },
+      motionActivityAvailable = { motionActivityAvailable },
+      motionPedometerAvailable = { motionPedometerAvailable },
+      sendSmsAvailable = { sendSmsAvailable },
+      readSmsAvailable = { readSmsAvailable },
+      smsSearchPossible = { smsSearchPossible },
+      callLogAvailable = { callLogAvailable },
+      hasRecordAudioPermission = { hasRecordAudioPermission },
+      manualTls = { false },
+    )
+  }
 }

apps/android/app/src/test/java/ai/openclaw/app/node/DeviceHandlerTest.kt

@@ -101,9 +101,131 @@ class DeviceHandlerTest {
       val status = state.getValue("status").jsonPrimitive.content
       assertTrue(status == "granted" || status == "denied")
       state.getValue("promptable").jsonPrimitive.boolean
+      if (key == "sms") {
+        val capabilities = state.getValue("capabilities").jsonObject
+        for (capabilityKey in listOf("send", "read")) {
+          val capability = capabilities.getValue(capabilityKey).jsonObject
+          val capabilityStatus = capability.getValue("status").jsonPrimitive.content
+          assertTrue(capabilityStatus == "granted" || capabilityStatus == "denied")
+          capability.getValue("promptable").jsonPrimitive.boolean
+        }
+      }
     }
   }
 
+  @Test
+  fun smsTopLevelStatusTreatsSendOnlyPartialGrantAsGranted() {
+    assertTrue(
+      DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = false,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsReadOnlyPartialGrantAsGranted() {
+    assertTrue(
+      DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = false,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsNoSmsGrantAsDenied() {
+    assertTrue(
+      !DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = false,
+        smsReadGranted = false,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsDisabledSmsAsDenied() {
+    assertTrue(
+      !DeviceHandler.hasAnySmsCapability(
+        smsEnabled = false,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsMissingTelephonyAsDenied() {
+    assertTrue(
+      !DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = false,
+        smsSendGranted = true,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelPromptableStaysTrueUntilBothSmsPermissionsAreGranted() {
+    assertTrue(
+      DeviceHandler.isSmsPromptable(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = false,
+      ),
+    )
+    assertTrue(
+      !DeviceHandler.isSmsPromptable(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelPromptableIsFalseWhenSmsCannotExist() {
+    assertTrue(
+      !DeviceHandler.isSmsPromptable(
+        smsEnabled = false,
+        telephonyAvailable = true,
+        smsSendGranted = false,
+        smsReadGranted = false,
+      ),
+    )
+    assertTrue(
+      !DeviceHandler.isSmsPromptable(
+        smsEnabled = true,
+        telephonyAvailable = false,
+        smsSendGranted = false,
+        smsReadGranted = false,
+      ),
+    )
+  }
+
+  @Test
+  fun handleDevicePermissions_marksCallLogUnpromptableWhenFeatureDisabled() {
+    val handler = DeviceHandler(appContext(), callLogEnabled = false)
+
+    val result = handler.handleDevicePermissions(null)
+
+    assertTrue(result.ok)
+    val payload = parsePayload(result.payloadJson)
+    val callLog = payload.getValue("permissions").jsonObject.getValue("callLog").jsonObject
+    assertEquals("denied", callLog.getValue("status").jsonPrimitive.content)
+    assertTrue(!callLog.getValue("promptable").jsonPrimitive.boolean)
+  }
+
   @Test
   fun handleDeviceHealth_returnsExpectedShape() {
     val handler = DeviceHandler(appContext())

apps/android/app/src/test/java/ai/openclaw/app/node/DeviceNotificationListenerServiceTest.kt

@@ -0,0 +1,119 @@
+package ai.openclaw.app.node
+
+import android.content.Context
+import ai.openclaw.app.NotificationBurstLimiter
+import ai.openclaw.app.NotificationForwardingPolicy
+import ai.openclaw.app.NotificationPackageFilterMode
+import ai.openclaw.app.isWithinQuietHours
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertNull
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+
+@RunWith(RobolectricTestRunner::class)
+class DeviceNotificationListenerServiceTest {
+  @Test
+  fun recentPackages_migratesLegacyPreferenceKey() {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    prefs.edit()
+      .clear()
+      .putString("notifications.recentPackages", "com.example.one, com.example.two")
+      .commit()
+
+    val packages = DeviceNotificationListenerService.recentPackages(context)
+
+    assertEquals(listOf("com.example.one", "com.example.two"), packages)
+    assertEquals(
+      "com.example.one, com.example.two",
+      prefs.getString("notifications.forwarding.recentPackages", null),
+    )
+    assertFalse(prefs.contains("notifications.recentPackages"))
+  }
+
+  @Test
+  fun recentPackages_cleansUpLegacyKeyWhenNewKeyAlreadyExists() {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    prefs.edit()
+      .clear()
+      .putString("notifications.forwarding.recentPackages", "com.example.new")
+      .putString("notifications.recentPackages", "com.example.legacy")
+      .commit()
+
+    val packages = DeviceNotificationListenerService.recentPackages(context)
+
+    assertEquals(listOf("com.example.new"), packages)
+    assertNull(prefs.getString("notifications.recentPackages", null))
+  }
+
+  @Test
+  fun recentPackages_trimsDedupesAndPreservesRecencyOrder() {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    prefs.edit()
+      .clear()
+      .putString(
+        "notifications.forwarding.recentPackages",
+        " com.example.recent , ,com.example.other,com.example.recent, com.example.third ",
+      )
+      .commit()
+
+    val packages = DeviceNotificationListenerService.recentPackages(context)
+
+    assertEquals(
+      listOf("com.example.recent", "com.example.other", "com.example.third"),
+      packages,
+    )
+  }
+
+  @Test
+  fun quietHoursAndRateLimitingUseWallClockTimeNotNotificationPostTime() {
+    val zone = java.time.ZoneId.systemDefault()
+    val now = java.time.ZonedDateTime.now(zone)
+    val quietStart = now.minusMinutes(5).toLocalTime().withSecond(0).withNano(0)
+    val quietEnd = now.plusMinutes(5).toLocalTime().withSecond(0).withNano(0)
+    val stalePostTime =
+      now
+        .minusHours(2)
+        .withMinute(0)
+        .withSecond(0)
+        .withNano(0)
+        .toInstant()
+        .toEpochMilli()
+
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "%02d:%02d".format(quietStart.hour, quietStart.minute),
+        quietEnd = "%02d:%02d".format(quietEnd.hour, quietEnd.minute),
+        maxEventsPerMinute = 1,
+        sessionKey = null,
+      )
+
+    assertFalse(policy.isWithinQuietHours(nowEpochMs = stalePostTime, zoneId = zone))
+    assertTrue(policy.isWithinQuietHours(nowEpochMs = System.currentTimeMillis(), zoneId = zone))
+
+    val limiter = NotificationBurstLimiter()
+    assertTrue(limiter.allow(nowEpochMs = stalePostTime, maxEventsPerMinute = 1))
+    assertTrue(limiter.allow(nowEpochMs = System.currentTimeMillis(), maxEventsPerMinute = 1))
+    assertFalse(limiter.allow(nowEpochMs = System.currentTimeMillis(), maxEventsPerMinute = 1))
+  }
+
+  @Test
+  fun burstLimiter_capsAnyForwardedNotificationEvent() {
+    val limiter = NotificationBurstLimiter()
+    val nowEpochMs = System.currentTimeMillis()
+
+    assertTrue(limiter.allow(nowEpochMs = nowEpochMs, maxEventsPerMinute = 2))
+    assertTrue(limiter.allow(nowEpochMs = nowEpochMs, maxEventsPerMinute = 2))
+    assertFalse(limiter.allow(nowEpochMs = nowEpochMs, maxEventsPerMinute = 2))
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/node/InvokeCommandRegistryTest.kt

@@ -12,6 +12,9 @@ import ai.openclaw.app.protocol.OpenClawNotificationsCommand
 import ai.openclaw.app.protocol.OpenClawPhotosCommand
 import ai.openclaw.app.protocol.OpenClawSmsCommand
 import ai.openclaw.app.protocol.OpenClawSystemCommand
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotNull
+import org.junit.Assert.assertNull
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
 import org.junit.Test
@@ -86,6 +89,7 @@ class InvokeCommandRegistryTest {
           locationEnabled = true,
           sendSmsAvailable = true,
           readSmsAvailable = true,
+          smsSearchPossible = true,
           callLogAvailable = true,
           voiceWakeEnabled = true,
           motionActivityAvailable = true,
@@ -113,6 +117,7 @@ class InvokeCommandRegistryTest {
           locationEnabled = true,
           sendSmsAvailable = true,
           readSmsAvailable = true,
+          smsSearchPossible = true,
           callLogAvailable = true,
           motionActivityAvailable = true,
           motionPedometerAvailable = true,
@@ -132,6 +137,7 @@ class InvokeCommandRegistryTest {
           locationEnabled = false,
           sendSmsAvailable = false,
           readSmsAvailable = false,
+          smsSearchPossible = false,
           callLogAvailable = false,
           voiceWakeEnabled = false,
           motionActivityAvailable = true,
@@ -148,17 +154,22 @@ class InvokeCommandRegistryTest {
   fun advertisedCommands_splitsSmsSendAndSearchAvailability() {
     val readOnlyCommands =
       InvokeCommandRegistry.advertisedCommands(
-        defaultFlags(readSmsAvailable = true),
+        defaultFlags(readSmsAvailable = true, smsSearchPossible = true),
       )
     val sendOnlyCommands =
       InvokeCommandRegistry.advertisedCommands(
         defaultFlags(sendSmsAvailable = true),
       )
+    val requestableSearchCommands =
+      InvokeCommandRegistry.advertisedCommands(
+        defaultFlags(smsSearchPossible = true),
+      )
 
     assertTrue(readOnlyCommands.contains(OpenClawSmsCommand.Search.rawValue))
     assertFalse(readOnlyCommands.contains(OpenClawSmsCommand.Send.rawValue))
     assertTrue(sendOnlyCommands.contains(OpenClawSmsCommand.Send.rawValue))
     assertFalse(sendOnlyCommands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertTrue(requestableSearchCommands.contains(OpenClawSmsCommand.Search.rawValue))
   }
 
   @Test
@@ -171,9 +182,14 @@ class InvokeCommandRegistryTest {
       InvokeCommandRegistry.advertisedCapabilities(
         defaultFlags(sendSmsAvailable = true),
       )
+    val requestableSearchCapabilities =
+      InvokeCommandRegistry.advertisedCapabilities(
+        defaultFlags(smsSearchPossible = true),
+      )
 
     assertTrue(readOnlyCapabilities.contains(OpenClawCapability.Sms.rawValue))
     assertTrue(sendOnlyCapabilities.contains(OpenClawCapability.Sms.rawValue))
+    assertFalse(requestableSearchCapabilities.contains(OpenClawCapability.Sms.rawValue))
   }
 
   @Test
@@ -190,11 +206,37 @@ class InvokeCommandRegistryTest {
     assertFalse(capabilities.contains(OpenClawCapability.CallLog.rawValue))
   }
 
+  @Test
+  fun advertisedCapabilities_includesVoiceWakeWithoutAdvertisingCommands() {
+    val capabilities = InvokeCommandRegistry.advertisedCapabilities(defaultFlags(voiceWakeEnabled = true))
+    val commands = InvokeCommandRegistry.advertisedCommands(defaultFlags(voiceWakeEnabled = true))
+
+    assertTrue(capabilities.contains(OpenClawCapability.VoiceWake.rawValue))
+    assertFalse(commands.any { it.contains("voice", ignoreCase = true) })
+  }
+
+  @Test
+  fun find_returnsForegroundMetadataForCameraCommands() {
+    val list = InvokeCommandRegistry.find(OpenClawCameraCommand.List.rawValue)
+    val location = InvokeCommandRegistry.find(OpenClawLocationCommand.Get.rawValue)
+
+    assertNotNull(list)
+    assertEquals(true, list?.requiresForeground)
+    assertNotNull(location)
+    assertEquals(false, location?.requiresForeground)
+  }
+
+  @Test
+  fun find_returnsNullForUnknownCommand() {
+    assertNull(InvokeCommandRegistry.find("not.real"))
+  }
+
   private fun defaultFlags(
     cameraEnabled: Boolean = false,
     locationEnabled: Boolean = false,
     sendSmsAvailable: Boolean = false,
     readSmsAvailable: Boolean = false,
+    smsSearchPossible: Boolean = false,
     callLogAvailable: Boolean = false,
     voiceWakeEnabled: Boolean = false,
     motionActivityAvailable: Boolean = false,
@@ -206,6 +248,7 @@ class InvokeCommandRegistryTest {
       locationEnabled = locationEnabled,
       sendSmsAvailable = sendSmsAvailable,
       readSmsAvailable = readSmsAvailable,
+      smsSearchPossible = smsSearchPossible,
       callLogAvailable = callLogAvailable,
       voiceWakeEnabled = voiceWakeEnabled,
       motionActivityAvailable = motionActivityAvailable,

apps/android/app/src/test/java/ai/openclaw/app/node/InvokeDispatcherTest.kt

@@ -0,0 +1,368 @@
+package ai.openclaw.app.node
+
+import ai.openclaw.app.gateway.DeviceIdentityStore
+import ai.openclaw.app.gateway.GatewaySession
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
+import ai.openclaw.app.protocol.OpenClawCameraCommand
+import ai.openclaw.app.protocol.OpenClawLocationCommand
+import ai.openclaw.app.protocol.OpenClawMotionCommand
+import ai.openclaw.app.protocol.OpenClawSmsCommand
+import android.content.Context
+import android.content.pm.PackageManager
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.test.runTest
+import kotlinx.serialization.json.Json
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+import org.robolectric.Shadows.shadowOf
+
+@RunWith(RobolectricTestRunner::class)
+class InvokeDispatcherTest {
+  @Test
+  fun classifySmsSearchAvailability_returnsAvailable_whenReadSmsIsAvailable() {
+    assertEquals(
+      SmsSearchAvailabilityReason.Available,
+      classifySmsSearchAvailability(
+        readSmsAvailable = true,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun classifySmsSearchAvailability_returnsUnavailable_whenSmsFeatureDisabled() {
+    assertEquals(
+      SmsSearchAvailabilityReason.Unavailable,
+      classifySmsSearchAvailability(
+        readSmsAvailable = false,
+        smsFeatureEnabled = false,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun classifySmsSearchAvailability_returnsUnavailable_whenTelephonyUnavailable() {
+    assertEquals(
+      SmsSearchAvailabilityReason.Unavailable,
+      classifySmsSearchAvailability(
+        readSmsAvailable = false,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = false,
+      ),
+    )
+  }
+
+  @Test
+  fun classifySmsSearchAvailability_returnsPermissionRequired_whenOnlyReadSmsPermissionIsMissing() {
+    assertEquals(
+      SmsSearchAvailabilityReason.PermissionRequired,
+      classifySmsSearchAvailability(
+        readSmsAvailable = false,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsSearchAvailabilityError_returnsNull_whenReadSmsPermissionIsRequestable() {
+    assertNull(
+      smsSearchAvailabilityError(
+        readSmsAvailable = false,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsSearchAvailabilityError_returnsUnavailable_whenSmsSearchIsImpossible() {
+    val result =
+      smsSearchAvailabilityError(
+        readSmsAvailable = false,
+        smsFeatureEnabled = false,
+        smsTelephonyAvailable = true,
+      )
+
+    assertEquals("SMS_UNAVAILABLE", result?.error?.code)
+    assertEquals("SMS_UNAVAILABLE: SMS not available on this device", result?.error?.message)
+  }
+
+  @Test
+  fun handleInvoke_allowsRequestableSmsSearchToReachHandler() =
+    runTest {
+      val result =
+        newDispatcher(
+          readSmsAvailable = false,
+          smsFeatureEnabled = true,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Search.rawValue, "not-json")
+
+      assertEquals("SMS_PERMISSION_REQUIRED", result.error?.code)
+      assertEquals("grant READ_SMS permission", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksSmsSearchWhenFeatureIsUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(
+          readSmsAvailable = false,
+          smsFeatureEnabled = false,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Search.rawValue, "not-json")
+
+      assertEquals("SMS_UNAVAILABLE", result.error?.code)
+      assertEquals("SMS_UNAVAILABLE: SMS not available on this device", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_allowsAvailableSmsSendToReachHandler() =
+    runTest {
+      val result =
+        newDispatcher(
+          sendSmsAvailable = true,
+          smsFeatureEnabled = true,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Send.rawValue, """{"to":"+15551234567","message":"hi"}""")
+
+      assertEquals("SMS_PERMISSION_REQUIRED", result.error?.code)
+      assertEquals("grant SMS permission", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksSmsSendWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(
+          sendSmsAvailable = false,
+          smsFeatureEnabled = true,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Send.rawValue, """{"to":"+15551234567","message":"hi"}""")
+
+      assertEquals("SMS_UNAVAILABLE", result.error?.code)
+      assertEquals("SMS_UNAVAILABLE: SMS not available on this device", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksCameraCommandsWhenCameraDisabled() =
+    runTest {
+      val result = newDispatcher(cameraEnabled = false).handleInvoke(OpenClawCameraCommand.List.rawValue, null)
+
+      assertEquals("CAMERA_DISABLED", result.error?.code)
+      assertEquals("CAMERA_DISABLED: enable Camera in Settings", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksLocationCommandWhenLocationDisabled() =
+    runTest {
+      val result = newDispatcher(locationEnabled = false).handleInvoke(OpenClawLocationCommand.Get.rawValue, null)
+
+      assertEquals("LOCATION_DISABLED", result.error?.code)
+      assertEquals("LOCATION_DISABLED: enable Location in Settings", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksMotionActivityWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(motionActivityAvailable = false)
+          .handleInvoke(OpenClawMotionCommand.Activity.rawValue, null)
+
+      assertEquals("MOTION_UNAVAILABLE", result.error?.code)
+      assertEquals("MOTION_UNAVAILABLE: accelerometer not available", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksMotionPedometerWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(motionPedometerAvailable = false)
+          .handleInvoke(OpenClawMotionCommand.Pedometer.rawValue, null)
+
+      assertEquals("PEDOMETER_UNAVAILABLE", result.error?.code)
+      assertEquals("PEDOMETER_UNAVAILABLE: step counter not available", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksCallLogWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(callLogAvailable = false).handleInvoke(OpenClawCallLogCommand.Search.rawValue, null)
+
+      assertEquals("CALL_LOG_UNAVAILABLE", result.error?.code)
+      assertEquals("CALL_LOG_UNAVAILABLE: call log not available on this build", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_treatsDebugCommandsAsUnknownOutsideDebugBuilds() =
+    runTest {
+      val result = newDispatcher(debugBuild = false).handleInvoke("debug.logs", null)
+
+      assertEquals("INVALID_REQUEST", result.error?.code)
+      assertEquals("INVALID_REQUEST: unknown command", result.error?.message)
+    }
+
+  private fun newDispatcher(
+    cameraEnabled: Boolean = false,
+    locationEnabled: Boolean = false,
+    sendSmsAvailable: Boolean = false,
+    readSmsAvailable: Boolean = false,
+    smsFeatureEnabled: Boolean = true,
+    smsTelephonyAvailable: Boolean = true,
+    callLogAvailable: Boolean = false,
+    debugBuild: Boolean = false,
+    motionActivityAvailable: Boolean = false,
+    motionPedometerAvailable: Boolean = false,
+  ): InvokeDispatcher {
+    val appContext = RuntimeEnvironment.getApplication()
+    shadowOf(appContext.packageManager).setSystemFeature(PackageManager.FEATURE_TELEPHONY, smsTelephonyAvailable)
+    val canvas = CanvasController()
+    return InvokeDispatcher(
+      canvas = canvas,
+      cameraHandler = newCameraHandler(appContext),
+      locationHandler =
+        LocationHandler.forTesting(
+          appContext = appContext,
+          dataSource = InvokeDispatcherFakeLocationDataSource(),
+        ),
+      deviceHandler = DeviceHandler(appContext),
+      notificationsHandler =
+        NotificationsHandler.forTesting(
+          appContext = appContext,
+          stateProvider = InvokeDispatcherFakeNotificationsStateProvider(),
+        ),
+      systemHandler = SystemHandler.forTesting(InvokeDispatcherFakeSystemNotificationPoster()),
+      photosHandler = PhotosHandler.forTesting(appContext, InvokeDispatcherFakePhotosDataSource()),
+      contactsHandler = ContactsHandler.forTesting(appContext, InvokeDispatcherFakeContactsDataSource()),
+      calendarHandler = CalendarHandler.forTesting(appContext, InvokeDispatcherFakeCalendarDataSource()),
+      motionHandler = MotionHandler.forTesting(appContext, InvokeDispatcherFakeMotionDataSource()),
+      smsHandler = SmsHandler(SmsManager(appContext)),
+      a2uiHandler =
+        A2UIHandler(
+          canvas = canvas,
+          json = Json { ignoreUnknownKeys = true },
+          getNodeCanvasHostUrl = { null },
+          getOperatorCanvasHostUrl = { null },
+        ),
+      debugHandler = DebugHandler(appContext, DeviceIdentityStore(appContext)),
+      callLogHandler = CallLogHandler.forTesting(appContext, InvokeDispatcherFakeCallLogDataSource()),
+      isForeground = { true },
+      cameraEnabled = { cameraEnabled },
+      locationEnabled = { locationEnabled },
+      sendSmsAvailable = { sendSmsAvailable },
+      readSmsAvailable = { readSmsAvailable },
+      smsFeatureEnabled = { smsFeatureEnabled },
+      smsTelephonyAvailable = { smsTelephonyAvailable },
+      callLogAvailable = { callLogAvailable },
+      debugBuild = { debugBuild },
+      refreshNodeCanvasCapability = { false },
+      onCanvasA2uiPush = {},
+      onCanvasA2uiReset = {},
+      motionActivityAvailable = { motionActivityAvailable },
+      motionPedometerAvailable = { motionPedometerAvailable },
+    )
+  }
+
+  private fun newCameraHandler(appContext: Context): CameraHandler {
+    return CameraHandler(
+      appContext = appContext,
+      camera = CameraCaptureManager(appContext),
+      externalAudioCaptureActive = MutableStateFlow(false),
+      showCameraHud = { _, _, _ -> },
+      triggerCameraFlash = {},
+      invokeErrorFromThrowable = { err -> "UNAVAILABLE" to (err.message ?: "camera failed") },
+    )
+  }
+}
+
+private class InvokeDispatcherFakeLocationDataSource : LocationDataSource {
+  override fun hasFinePermission(context: Context): Boolean = false
+
+  override fun hasCoarsePermission(context: Context): Boolean = false
+
+  override suspend fun fetchLocation(
+    desiredProviders: List<String>,
+    maxAgeMs: Long?,
+    timeoutMs: Long,
+    isPrecise: Boolean,
+  ): LocationCaptureManager.Payload {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeNotificationsStateProvider : NotificationsStateProvider {
+  override fun readSnapshot(context: Context): DeviceNotificationSnapshot {
+    return DeviceNotificationSnapshot(enabled = false, connected = false, notifications = emptyList())
+  }
+
+  override fun requestServiceRebind(context: Context) = Unit
+
+  override fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult {
+    return NotificationActionResult(ok = true, code = null, message = null)
+  }
+}
+
+private class InvokeDispatcherFakeSystemNotificationPoster : SystemNotificationPoster {
+  override fun isAuthorized(): Boolean = true
+
+  override fun post(request: SystemNotifyRequest) = Unit
+}
+
+private class InvokeDispatcherFakePhotosDataSource : PhotosDataSource {
+  override fun hasPermission(context: Context): Boolean = true
+
+  override fun latest(context: Context, request: PhotosLatestRequest): List<EncodedPhotoPayload> = emptyList()
+}
+
+private class InvokeDispatcherFakeContactsDataSource : ContactsDataSource {
+  override fun hasReadPermission(context: Context): Boolean = true
+
+  override fun hasWritePermission(context: Context): Boolean = true
+
+  override fun search(context: Context, request: ContactsSearchRequest): List<ContactRecord> = emptyList()
+
+  override fun add(context: Context, request: ContactsAddRequest): ContactRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeCalendarDataSource : CalendarDataSource {
+  override fun hasReadPermission(context: Context): Boolean = true
+
+  override fun hasWritePermission(context: Context): Boolean = true
+
+  override fun events(context: Context, request: CalendarEventsRequest): List<CalendarEventRecord> = emptyList()
+
+  override fun add(context: Context, request: CalendarAddRequest): CalendarEventRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeMotionDataSource : MotionDataSource {
+  override fun isActivityAvailable(context: Context): Boolean = false
+
+  override fun isPedometerAvailable(context: Context): Boolean = false
+
+  override fun hasPermission(context: Context): Boolean = true
+
+  override suspend fun activity(context: Context, request: MotionActivityRequest): MotionActivityRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+
+  override suspend fun pedometer(context: Context, request: MotionPedometerRequest): PedometerRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeCallLogDataSource : CallLogDataSource {
+  override fun hasReadPermission(context: Context): Boolean = true
+
+  override fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord> = emptyList()
+}

apps/android/app/src/test/java/ai/openclaw/app/node/LocationHandlerTest.kt

@@ -1,7 +1,9 @@
 package ai.openclaw.app.node
 
 import android.content.Context
+import android.location.LocationManager
 import kotlinx.coroutines.test.runTest
+import kotlinx.serialization.json.Json
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
@@ -65,12 +67,110 @@ class LocationHandlerTest : NodeHandlerRobolectricTest() {
     assertTrue(granted.hasFineLocationPermission())
     assertFalse(granted.hasCoarseLocationPermission())
   }
+
+  @Test
+  fun handleLocationGet_usesPreciseGpsFirstWhenFinePermissionAndPreciseEnabled() =
+    runTest {
+      val source =
+        FakeLocationDataSource(
+          fineGranted = true,
+          coarseGranted = true,
+          payload = LocationCaptureManager.Payload("""{"ok":true}"""),
+        )
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource = source,
+          locationPreciseEnabled = { true },
+        )
+
+      val result = handler.handleLocationGet("""{"desiredAccuracy":"precise","maxAgeMs":1234,"timeoutMs":2000}""")
+
+      assertTrue(result.ok)
+      assertEquals(listOf(LocationManager.GPS_PROVIDER, LocationManager.NETWORK_PROVIDER), source.lastDesiredProviders)
+      assertEquals(1234L, source.lastMaxAgeMs)
+      assertEquals(2000L, source.lastTimeoutMs)
+      assertTrue(source.lastIsPrecise)
+    }
+
+  @Test
+  fun handleLocationGet_fallsBackToBalancedWhenPreciseUnavailable() =
+    runTest {
+      val source =
+        FakeLocationDataSource(
+          fineGranted = false,
+          coarseGranted = true,
+          payload = LocationCaptureManager.Payload("""{"ok":true}"""),
+        )
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource = source,
+          locationPreciseEnabled = { true },
+        )
+
+      val result = handler.handleLocationGet("""{"desiredAccuracy":"precise"}""")
+
+      assertTrue(result.ok)
+      assertEquals(listOf(LocationManager.NETWORK_PROVIDER, LocationManager.GPS_PROVIDER), source.lastDesiredProviders)
+      assertFalse(source.lastIsPrecise)
+    }
+
+  @Test
+  fun handleLocationGet_mapsTimeoutToLocationTimeout() =
+    runTest {
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource =
+            FakeLocationDataSource(
+              fineGranted = true,
+              coarseGranted = true,
+              timeout = true,
+            ),
+        )
+
+      val result = handler.handleLocationGet(null)
+
+      assertFalse(result.ok)
+      assertEquals("LOCATION_TIMEOUT", result.error?.code)
+      assertEquals("LOCATION_TIMEOUT: no fix in time", result.error?.message)
+    }
+
+  @Test
+  fun handleLocationGet_mapsOtherFailuresToLocationUnavailable() =
+    runTest {
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource =
+            FakeLocationDataSource(
+              fineGranted = true,
+              coarseGranted = true,
+              failure = IllegalStateException("gps offline"),
+            ),
+        )
+
+      val result = handler.handleLocationGet(null)
+
+      assertFalse(result.ok)
+      assertEquals("LOCATION_UNAVAILABLE", result.error?.code)
+      assertEquals("gps offline", result.error?.message)
+    }
 }
 
 private class FakeLocationDataSource(
   private val fineGranted: Boolean,
   private val coarseGranted: Boolean,
+  private val payload: LocationCaptureManager.Payload? = null,
+  private val failure: Throwable? = null,
+  private val timeout: Boolean = false,
 ) : LocationDataSource {
+  var lastDesiredProviders: List<String> = emptyList()
+  var lastMaxAgeMs: Long? = null
+  var lastTimeoutMs: Long? = null
+  var lastIsPrecise: Boolean = false
+
   override fun hasFinePermission(context: Context): Boolean = fineGranted
 
   override fun hasCoarsePermission(context: Context): Boolean = coarseGranted
@@ -81,8 +181,16 @@ private class FakeLocationDataSource(
     timeoutMs: Long,
     isPrecise: Boolean,
   ): LocationCaptureManager.Payload {
-    throw IllegalStateException(
-      "LocationHandlerTest: fetchLocation must not run in this scenario",
-    )
+    lastDesiredProviders = desiredProviders
+    lastMaxAgeMs = maxAgeMs
+    lastTimeoutMs = timeoutMs
+    lastIsPrecise = isPrecise
+    if (timeout) {
+      kotlinx.coroutines.withTimeout(1) {
+        kotlinx.coroutines.delay(5)
+      }
+    }
+    failure?.let { throw it }
+    return payload ?: LocationCaptureManager.Payload(Json.encodeToString(mapOf("ok" to true)))
   }
 }

apps/android/app/src/test/java/ai/openclaw/app/node/NotificationsHandlerTest.kt

@@ -140,6 +140,46 @@ class NotificationsHandlerTest {
       assertEquals(0, provider.actionRequests)
     }
 
+  @Test
+  fun notificationsActions_rejectsMissingKey() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n3")),
+          ),
+        )
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"action":"open"}""")
+
+      assertFalse(result.ok)
+      assertEquals("INVALID_REQUEST", result.error?.code)
+      assertEquals(0, provider.actionRequests)
+    }
+
+  @Test
+  fun notificationsActions_rejectsInvalidAction() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n3")),
+          ),
+        )
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n3","action":"archive"}""")
+
+      assertFalse(result.ok)
+      assertEquals("INVALID_REQUEST", result.error?.code)
+      assertEquals(0, provider.actionRequests)
+    }
+
   @Test
   fun notificationsActions_propagatesProviderError() =
     runTest {
@@ -167,6 +207,29 @@ class NotificationsHandlerTest {
       assertEquals(1, provider.actionRequests)
     }
 
+  @Test
+  fun notificationsActions_fallsBackWhenProviderOmitsErrorDetails() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n4")),
+          ),
+        ).also {
+          it.actionResult = NotificationActionResult(ok = false)
+        }
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n4","action":"open"}""")
+
+      assertFalse(result.ok)
+      assertEquals("UNAVAILABLE", result.error?.code)
+      assertEquals("notification action failed", result.error?.message)
+      assertEquals(1, provider.actionRequests)
+    }
+
   @Test
   fun notificationsActions_requestsRebindWhenEnabledButDisconnected() =
     runTest {

apps/android/app/src/test/java/ai/openclaw/app/node/SmsManagerTest.kt

@@ -1,15 +1,39 @@
 package ai.openclaw.app.node
 
+import kotlinx.serialization.json.jsonArray
 import kotlinx.serialization.json.jsonObject
 import kotlinx.serialization.json.jsonPrimitive
+import org.junit.Assert.assertArrayEquals
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
+import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
 import org.junit.Test
 
 class SmsManagerTest {
   private val json = SmsManager.JsonConfig
 
+  private fun smsMessage(
+    id: Long,
+    date: Long,
+    status: Int = 0,
+    body: String? = "msg-$id",
+    transportType: String? = null,
+  ): SmsManager.SmsMessage =
+    SmsManager.SmsMessage(
+      id = id,
+      threadId = 1L,
+      address = "+15551234567",
+      person = null,
+      date = date,
+      dateSent = date,
+      read = true,
+      type = 1,
+      body = body,
+      status = status,
+      transportType = transportType,
+    )
+
   @Test
   fun parseParamsRejectsEmptyPayload() {
     val result = SmsManager.parseParams("", json)
@@ -61,6 +85,73 @@ class SmsManagerTest {
     assertEquals("Hello", ok.params.message)
   }
 
+  @Test
+  fun parseQueryParamsDefaultsWhenPayloadEmpty() {
+    val result = SmsManager.parseQueryParams(null, json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertEquals(25, ok.params.limit)
+    assertEquals(0, ok.params.offset)
+    assertEquals(null, ok.params.startTime)
+    assertEquals(null, ok.params.endTime)
+  }
+
+  @Test
+  fun parseQueryParamsRejectsInvalidJson() {
+    val result = SmsManager.parseQueryParams("not-json", json)
+    assertTrue(result is SmsManager.QueryParseResult.Error)
+    val error = result as SmsManager.QueryParseResult.Error
+    assertEquals("INVALID_REQUEST: expected JSON object", error.error)
+  }
+
+  @Test
+  fun parseQueryParamsRejectsInvertedTimeRange() {
+    val result = SmsManager.parseQueryParams("{\"startTime\":200,\"endTime\":100}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Error)
+    val error = result as SmsManager.QueryParseResult.Error
+    assertEquals("INVALID_REQUEST: startTime must be less than or equal to endTime", error.error)
+  }
+
+  @Test
+  fun parseQueryParamsClampsLimitAndOffset() {
+    val result = SmsManager.parseQueryParams("{\"limit\":999,\"offset\":-5}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertEquals(200, ok.params.limit)
+    assertEquals(0, ok.params.offset)
+  }
+
+  @Test
+  fun parseQueryParamsParsesAllSupportedFields() {
+    val result = SmsManager.parseQueryParams(
+      """
+      {
+        "startTime": 100,
+        "endTime": 200,
+        "contactName": " Leah ",
+        "phoneNumber": " +1555 ",
+        "keyword": " ping ",
+        "type": 1,
+        "isRead": true,
+        "limit": 10,
+        "offset": 2
+      }
+      """.trimIndent(),
+      json,
+    )
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertEquals(100L, ok.params.startTime)
+    assertEquals(200L, ok.params.endTime)
+    assertEquals("Leah", ok.params.contactName)
+    assertEquals("+1555", ok.params.phoneNumber)
+    assertEquals("ping", ok.params.keyword)
+    assertEquals(1, ok.params.type)
+    assertEquals(true, ok.params.isRead)
+    assertEquals(10, ok.params.limit)
+    assertEquals(2, ok.params.offset)
+  }
+
   @Test
   fun buildPayloadJsonEscapesFields() {
     val payload = SmsManager.buildPayloadJson(
@@ -75,6 +166,69 @@ class SmsManagerTest {
     assertEquals("SMS_SEND_FAILED: \"nope\"", parsed["error"]?.jsonPrimitive?.content)
   }
 
+  @Test
+  fun buildQueryPayloadJsonIncludesCountAndMessages() {
+    val payload = SmsManager.buildQueryPayloadJson(
+      json = json,
+      ok = true,
+      messages = listOf(
+        SmsManager.SmsMessage(
+          id = 1L,
+          threadId = 2L,
+          address = "+1555",
+          person = null,
+          date = 123L,
+          dateSent = 124L,
+          read = true,
+          type = 1,
+          body = "hello",
+          status = 0,
+        )
+      ),
+    )
+    val parsed = json.parseToJsonElement(payload).jsonObject
+    assertEquals("true", parsed["ok"]?.jsonPrimitive?.content)
+    assertEquals(1, parsed["count"]?.jsonPrimitive?.content?.toInt())
+    val messages = parsed["messages"]?.jsonArray
+    assertEquals(1, messages?.size)
+    assertEquals("hello", messages?.get(0)?.jsonObject?.get("body")?.jsonPrimitive?.content)
+  }
+
+  @Test
+  fun buildQueryPayloadJsonIncludesErrorOnFailure() {
+    val payload = SmsManager.buildQueryPayloadJson(
+      json = json,
+      ok = false,
+      messages = emptyList(),
+      error = "SMS_QUERY_FAILED: nope",
+    )
+    val parsed = json.parseToJsonElement(payload).jsonObject
+    assertEquals("false", parsed["ok"]?.jsonPrimitive?.content)
+    assertEquals(0, parsed["count"]?.jsonPrimitive?.content?.toInt())
+    assertEquals("SMS_QUERY_FAILED: nope", parsed["error"]?.jsonPrimitive?.content)
+  }
+
+  @Test
+  fun buildQueryPayloadJsonIncludesMmsMetadataWhenProvided() {
+    val payload = SmsManager.buildQueryPayloadJson(
+      json = json,
+      ok = true,
+      messages = listOf(smsMessage(id = 1L, date = 1000L)),
+      queryMetadata =
+        SmsManager.QueryMetadata(
+          mmsRequested = true,
+          mmsEligible = true,
+          mmsAttempted = true,
+          mmsIncluded = false,
+        ),
+    )
+    val parsed = json.parseToJsonElement(payload).jsonObject
+    assertEquals("true", parsed["mmsRequested"]?.jsonPrimitive?.content)
+    assertEquals("true", parsed["mmsEligible"]?.jsonPrimitive?.content)
+    assertEquals("true", parsed["mmsAttempted"]?.jsonPrimitive?.content)
+    assertEquals("false", parsed["mmsIncluded"]?.jsonPrimitive?.content)
+  }
+
   @Test
   fun buildSendPlanUsesMultipartWhenMultipleParts() {
     val plan = SmsManager.buildSendPlan("hello") { listOf("a", "b") }
@@ -98,14 +252,6 @@ class SmsManagerTest {
     assertEquals(0, ok.params.offset)
   }
 
-  @Test
-  fun parseQueryParamsRejectsInvalidJson() {
-    val result = SmsManager.parseQueryParams("not-json", json)
-    assertTrue(result is SmsManager.QueryParseResult.Error)
-    val error = result as SmsManager.QueryParseResult.Error
-    assertEquals("INVALID_REQUEST: expected JSON object", error.error)
-  }
-
   @Test
   fun parseQueryParamsRejectsNonObjectJson() {
     val result = SmsManager.parseQueryParams("[]", json)
@@ -179,4 +325,749 @@ class SmsManagerTest {
     val ok = result as SmsManager.QueryParseResult.Ok
     assertEquals(true, ok.params.isRead)
   }
+
+  @Test
+  fun parseQueryParamsIncludeMmsDefaultsFalse() {
+    val result = SmsManager.parseQueryParams("{}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertFalse(ok.params.includeMms)
+  }
+
+  @Test
+  fun parseQueryParamsParsesIncludeMmsTrue() {
+    val result = SmsManager.parseQueryParams("{\"includeMms\":true}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertTrue(ok.params.includeMms)
+  }
+
+  @Test
+  fun parseQueryParamsParsesConversationReviewTrue() {
+    val result = SmsManager.parseQueryParams("{\"conversationReview\":true}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertTrue(ok.params.conversationReview)
+  }
+
+  @Test
+  fun toByPhoneLookupNumberStripsFormattingToDigits() {
+    assertEquals("12107588120", SmsManager.toByPhoneLookupNumber("+1 (210) 758-8120"))
+  }
+
+  @Test
+  fun normalizePhoneNumberOrNullReturnsNullForFormattingOnlyInput() {
+    assertNull(SmsManager.normalizePhoneNumberOrNull("() -   "))
+  }
+
+  @Test
+  fun normalizePhoneNumberOrNullReturnsNullForPlusOnlyInput() {
+    assertNull(SmsManager.normalizePhoneNumberOrNull(" + "))
+  }
+
+  @Test
+  fun normalizePhoneNumberOrNullKeepsUsableNormalizedNumber() {
+    assertEquals("+15551234567", SmsManager.normalizePhoneNumberOrNull(" +1 (555) 123-4567 "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsFormattingOnlyInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull(" () -   "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsPlusOnlyInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull(" + "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullKeepsUsableNormalizedNumber() {
+    assertEquals("+15551234567", SmsManager.sanitizeContactPhoneNumberOrNull(" +1 (555) 123-4567 "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsPercentWildcardInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull("1%2"))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsUnderscoreWildcardInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull("1_2"))
+  }
+
+  @Test
+  fun shouldPromptForContactNameSearchPermissionTrueForContactNameOnlyWithoutContactsAccess() {
+    assertTrue(
+      SmsManager.shouldPromptForContactNameSearchPermission(
+        contactName = "Alice",
+        phoneNumber = null,
+        hasReadContactsPermission = false,
+      ),
+    )
+  }
+
+  @Test
+  fun shouldPromptForContactNameSearchPermissionFalseWhenExplicitPhoneFallbackExists() {
+    assertFalse(
+      SmsManager.shouldPromptForContactNameSearchPermission(
+        contactName = "Alice",
+        phoneNumber = "+15551234567",
+        hasReadContactsPermission = false,
+      ),
+    )
+  }
+
+  @Test
+  fun shouldPromptForContactNameSearchPermissionFalseWhenContactsAlreadyGranted() {
+    assertFalse(
+      SmsManager.shouldPromptForContactNameSearchPermission(
+        contactName = "Alice",
+        phoneNumber = null,
+        hasReadContactsPermission = true,
+      ),
+    )
+  }
+
+  @Test
+  fun escapeSqlLikeLiteralEscapesPercentUnderscoreAndBackslash() {
+    assertEquals("\\%a\\_b\\\\c", SmsManager.escapeSqlLikeLiteral("%a_b\\c"))
+  }
+
+  @Test
+  fun escapeSqlLikeLiteralLeavesOrdinaryTextUnchanged() {
+    assertEquals("Leah", SmsManager.escapeSqlLikeLiteral("Leah"))
+  }
+
+  @Test
+  fun buildContactNameLikeSelectionUsesSingleBackslashEscapeLiteral() {
+    assertEquals(
+      "display_name LIKE ? ESCAPE '\\'",
+      SmsManager.buildContactNameLikeSelection(),
+    )
+  }
+
+  @Test
+  fun buildContactNameLikeArgEscapesWildcardsAndBackslash() {
+    assertEquals("%\\%a\\_b\\\\c%", SmsManager.buildContactNameLikeArg("%a_b\\c"))
+  }
+
+  @Test
+  fun buildKeywordLikeSelectionUsesSingleBackslashEscapeLiteral() {
+    assertEquals(
+      "body LIKE ? ESCAPE '\\'",
+      SmsManager.buildKeywordLikeSelection(),
+    )
+  }
+
+  @Test
+  fun buildKeywordLikeArgEscapesWildcardsAndBackslash() {
+    assertEquals("%\\%a\\_b\\\\c%", SmsManager.buildKeywordLikeArg("%a_b\\c"))
+  }
+
+  @Test
+  fun buildMixedByPhoneProjectionMatchesExpectedStatusAwareShape() {
+    assertArrayEquals(
+      arrayOf(
+        "_id",
+        "thread_id",
+        "transport_type",
+        "address",
+        "date",
+        "date_sent",
+        "read",
+        "type",
+        "body",
+        "status",
+      ),
+      SmsManager.buildMixedByPhoneProjection(),
+    )
+  }
+
+  @Test
+  fun compareByPhoneCandidateOrderUsesDateThenIdDescending() {
+    val newer = smsMessage(id = 1L, date = 2000L)
+    val older = smsMessage(id = 2L, date = 1000L)
+    val sameDateHigherId = smsMessage(id = 9L, date = 1500L)
+    val sameDateLowerId = smsMessage(id = 3L, date = 1500L)
+
+    assertTrue(SmsManager.compareByPhoneCandidateOrder(newer, older) < 0)
+    assertTrue(SmsManager.compareByPhoneCandidateOrder(sameDateHigherId, sameDateLowerId) < 0)
+    assertTrue(SmsManager.compareByPhoneCandidateOrder(sameDateLowerId, sameDateHigherId) > 0)
+  }
+
+  @Test
+  fun upsertTopDateCandidatesKeepsDescendingOrderAndBounds() {
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val max = 2
+
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1", smsMessage(id = 1L, date = 1700L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:2", smsMessage(id = 2L, date = 2000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:3", smsMessage(id = 3L, date = 1500L), max)
+
+    assertEquals(listOf(2L, 1L), candidates.map { it.second.id })
+    assertEquals(listOf(2000L, 1700L), candidates.map { it.second.date })
+  }
+
+  @Test
+  fun upsertTopDateCandidatesSupportsDefaultMixedPathBoundedWindow() {
+    val params = SmsManager.QueryParams(limit = 3, offset = 2, includeMms = true, phoneNumber = "+15551234567")
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val max = params.offset + params.limit
+
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1", smsMessage(id = 1L, date = 1000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:2", smsMessage(id = 2L, date = 2000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:3", smsMessage(id = 3L, date = 3000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:4", smsMessage(id = 4L, date = 4000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:5", smsMessage(id = 5L, date = 5000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:6", smsMessage(id = 6L, date = 6000L), max)
+
+    assertEquals(5, candidates.size)
+    assertEquals(listOf(6L, 5L, 4L, 3L, 2L), candidates.map { it.second.id })
+    assertEquals(listOf(4000L, 3000L, 2000L), SmsManager.pageByPhoneCandidates(candidates.map { it.second }, params).map { it.date })
+  }
+
+  @Test
+  fun upsertTopDateCandidatesDedupesBySourceAwareIdentityAndKeepsBestOrdering() {
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val max = 5
+
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1987", smsMessage(id = 1987L, date = 1773950752506L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1986", smsMessage(id = 1986L, date = 1773899354039L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1985", smsMessage(id = 1985L, date = 1773872989602L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1981", smsMessage(id = 1981L, date = 1773790733566L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1976", smsMessage(id = 1976L, date = 1773784153770L), max)
+
+    // same source-aware identity should replace, not duplicate
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1986", smsMessage(id = 1986L, date = 1773899354039L), max)
+    // different source-aware identity with same raw id must be preserved
+    SmsManager.upsertTopDateCandidates(candidates, "mms:1986", smsMessage(id = 1986L, date = 1773899354038L), max)
+
+    assertEquals(5, candidates.size)
+    assertEquals(2, candidates.count { it.second.id == 1986L })
+    assertEquals(listOf("sms:1987", "sms:1986", "mms:1986", "sms:1985", "sms:1981"), candidates.map { it.first })
+  }
+
+  @Test
+  fun materializeByPhoneCandidateDedupesBySourceAwareIdentity() {
+    val candidates = linkedMapOf<String, SmsManager.SmsMessage>()
+
+    SmsManager.materializeByPhoneCandidate(candidates, "sms:1", smsMessage(id = 1L, date = 1000L))
+    SmsManager.materializeByPhoneCandidate(candidates, "sms:1", smsMessage(id = 1L, date = 2000L))
+    SmsManager.materializeByPhoneCandidate(candidates, "mms:1", smsMessage(id = 1L, date = 1500L))
+
+    assertEquals(2, candidates.size)
+    assertEquals(2000L, candidates["sms:1"]?.date)
+    assertEquals(1500L, candidates["mms:1"]?.date)
+  }
+
+  @Test
+  fun collectMixedByPhoneCandidateUsesBoundedCollectorWhenReviewModeDisabled() {
+    val topCandidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val materializedCandidates = linkedMapOf<String, SmsManager.SmsMessage>()
+
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "sms:1",
+      message = smsMessage(id = 1L, date = 1000L),
+      maxCandidates = 1,
+      reviewMode = false,
+    )
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "mms:2",
+      message = smsMessage(id = 2L, date = 2000L, transportType = "mms"),
+      maxCandidates = 1,
+      reviewMode = false,
+    )
+
+    assertEquals(listOf(2L), topCandidates.map { it.second.id })
+    assertTrue(materializedCandidates.isEmpty())
+  }
+
+  @Test
+  fun collectMixedByPhoneCandidateMaterializesFullSetWhenReviewModeEnabled() {
+    val topCandidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val materializedCandidates = linkedMapOf<String, SmsManager.SmsMessage>()
+
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "sms:1",
+      message = smsMessage(id = 1L, date = 1000L),
+      maxCandidates = 1,
+      reviewMode = true,
+    )
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "mms:2",
+      message = smsMessage(id = 2L, date = 2000L, transportType = "mms"),
+      maxCandidates = 1,
+      reviewMode = true,
+    )
+
+    assertTrue(topCandidates.isEmpty())
+    assertEquals(listOf(1L, 2L), materializedCandidates.values.map { it.id })
+  }
+
+  @Test
+  fun pageMixedByPhoneCandidatesLetsReviewModeSurfaceOlderRowsBeyondBoundedDefaultWindow() {
+    val params =
+      SmsManager.QueryParams(
+        limit = 2,
+        offset = 2,
+        includeMms = true,
+        phoneNumber = "+15551234567",
+        conversationReview = true,
+      )
+    val topCandidates = listOf(
+      "sms:9" to smsMessage(id = 9L, date = 9000L),
+      "sms:8" to smsMessage(id = 8L, date = 8000L),
+      "sms:7" to smsMessage(id = 7L, date = 7000L),
+    )
+    val materializedCandidates =
+      linkedMapOf(
+        "sms:9" to smsMessage(id = 9L, date = 9000L),
+        "sms:8" to smsMessage(id = 8L, date = 8000L),
+        "sms:7" to smsMessage(id = 7L, date = 7000L),
+        "mms:6" to smsMessage(id = 6L, date = 6000L, transportType = "mms"),
+      )
+
+    val defaultPage =
+      SmsManager.pageMixedByPhoneCandidates(
+        topCandidates = topCandidates,
+        materializedCandidates = materializedCandidates,
+        params = params.copy(conversationReview = false),
+        reviewMode = false,
+      )
+    val reviewPage =
+      SmsManager.pageMixedByPhoneCandidates(
+        topCandidates = topCandidates,
+        materializedCandidates = materializedCandidates,
+        params = params,
+        reviewMode = true,
+      )
+
+    assertEquals(listOf(7L), defaultPage.map { it.id })
+    assertEquals(listOf(7L, 6L), reviewPage.map { it.id })
+    assertEquals(4, materializedCandidates.size)
+  }
+
+  @Test
+  fun pageByPhoneCandidatesHonorsDeepOffsetAfterStableSort() {
+    val params = SmsManager.QueryParams(limit = 5, offset = 5, includeMms = true)
+    val candidates = listOf(
+      smsMessage(id = 1399L, date = 1741112335720L),
+      smsMessage(id = 1976L, date = 1773784153770L),
+      smsMessage(id = 1981L, date = 1773790733566L),
+      smsMessage(id = 1985L, date = 1773872989602L),
+      smsMessage(id = 1986L, date = 1773899354039L),
+      smsMessage(id = 1987L, date = 1773950752506L),
+    )
+
+    assertEquals(listOf(1399L), SmsManager.pageByPhoneCandidates(candidates, params).map { it.id })
+    assertTrue(SmsManager.pageByPhoneCandidates(candidates, params.copy(offset = 10)).isEmpty())
+  }
+
+  @Test
+  fun upsertTopDateCandidatesNoOpWhenMaxIsZero() {
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1", smsMessage(id = 1L, date = 2000L), 0)
+    assertTrue(candidates.isEmpty())
+  }
+
+  @Test
+  fun buildMixedRowIdentityUsesTransportTypeAndRowId() {
+    assertEquals("sms:7", SmsManager.buildMixedRowIdentity(7L, "sms"))
+    assertEquals("mms:7", SmsManager.buildMixedRowIdentity(7L, "mms"))
+    assertEquals("unknown:7", SmsManager.buildMixedRowIdentity(7L, null))
+    assertEquals("unknown:7", SmsManager.buildMixedRowIdentity(7L, ""))
+  }
+
+  @Test
+  fun normalizeProviderDateMillisConvertsSecondsToMillis() {
+    assertEquals(1773944910000L, SmsManager.normalizeProviderDateMillis(1773944910L))
+  }
+
+  @Test
+  fun normalizeProviderDateMillisKeepsMillisUnchanged() {
+    assertEquals(1773944910123L, SmsManager.normalizeProviderDateMillis(1773944910123L))
+  }
+
+  @Test
+  fun normalizeProviderDateMillisKeepsHistoricMillisUnchanged() {
+    assertEquals(946684800000L, SmsManager.normalizeProviderDateMillis(946684800000L))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowStatusPreservesRealSmsStatus() {
+    assertEquals(64, SmsManager.resolveMixedByPhoneRowStatus("sms", 64))
+    assertEquals(32, SmsManager.resolveMixedByPhoneRowStatus(null, 32))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowStatusKeepsMmsOnSentinelValue() {
+    assertEquals(-1, SmsManager.resolveMixedByPhoneRowStatus("mms", 64))
+    assertEquals(-1, SmsManager.resolveMixedByPhoneRowStatus("MMS", null))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowStatusFallsBackToZeroWhenSmsStatusMissing() {
+    assertEquals(0, SmsManager.resolveMixedByPhoneRowStatus("sms", null))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressPreservesProviderAddressWhenPresent() {
+    assertEquals(
+      "+12107588120",
+      SmsManager.resolveMixedByPhoneRowAddress("+12107588120", "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressFallsBackToLookupNumberWhenProviderAddressMissing() {
+    assertEquals(
+      "12107588120",
+      SmsManager.resolveMixedByPhoneRowAddress(null, "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressCanPreserveLookupNumberWhenProviderAlreadyReturnsIt() {
+    assertEquals(
+      "12107588120",
+      SmsManager.resolveMixedByPhoneRowAddress("12107588120", "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressPreservesNonMatchingProviderAddress() {
+    assertEquals(
+      "+13105550123",
+      SmsManager.resolveMixedByPhoneRowAddress("+13105550123", "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressPrefersResolvedMmsParticipantAddress() {
+    assertEquals(
+      "+13105550123",
+      SmsManager.resolveMixedByPhoneRowAddress("insert-address-token", "12107588120", "+13105550123"),
+    )
+  }
+
+  @Test
+  fun selectPreferredMmsAddressPrefersType137AddressThatDoesNotMatchLookup() {
+    assertEquals(
+      "+13105550123",
+      SmsManager.selectPreferredMmsAddress(
+        listOf(
+          "+12107588120" to 151,
+          "+13105550123" to 137,
+          "+12107588120" to 130,
+        ),
+        "12107588120",
+      ),
+    )
+  }
+
+  @Test
+  fun selectPreferredMmsAddressFallsBackToFirstNormalizedAddressWhenOnlyLookupMatchesExist() {
+    assertEquals(
+      "+12107588120",
+      SmsManager.selectPreferredMmsAddress(
+        listOf(
+          "insert-address-token" to 137,
+          "+12107588120" to 151,
+        ),
+        "12107588120",
+      ),
+    )
+  }
+
+  @Test
+  fun isExplicitPhoneInputInvalidTrueWhenCallerSuppliesOnlyFormatting() {
+    val normalized = SmsManager.normalizePhoneNumberOrNull(" + ")
+    assertTrue(SmsManager.isExplicitPhoneInputInvalid(" + ", normalized))
+  }
+
+  @Test
+  fun hasSqlLikeWildcardDetectsPercentAndUnderscore() {
+    assertTrue(SmsManager.hasSqlLikeWildcard("+1555%1234"))
+    assertTrue(SmsManager.hasSqlLikeWildcard("+1555_1234"))
+    assertFalse(SmsManager.hasSqlLikeWildcard("+15551234"))
+  }
+
+  @Test
+  fun isExplicitPhoneInputInvalidRejectsLikeWildcardPhoneFilter() {
+    assertTrue(SmsManager.isExplicitPhoneInputInvalid("+1555%1234", "+1555%1234"))
+    assertTrue(SmsManager.isExplicitPhoneInputInvalid("+1555_1234", "+1555_1234"))
+  }
+
+  @Test
+  fun isExplicitPhoneInputInvalidFalseWhenPhoneWasOmitted() {
+    assertFalse(SmsManager.isExplicitPhoneInputInvalid(null, null))
+    assertFalse(SmsManager.isExplicitPhoneInputInvalid("   ", null))
+  }
+
+  @Test
+  fun mapMmsMsgBoxToSearchTypeCoversSearchRelevantMmsBoxes() {
+    assertEquals(1, SmsManager.mapMmsMsgBoxToSearchType(1))
+    assertEquals(2, SmsManager.mapMmsMsgBoxToSearchType(2))
+    assertEquals(3, SmsManager.mapMmsMsgBoxToSearchType(3))
+    assertEquals(4, SmsManager.mapMmsMsgBoxToSearchType(4))
+    assertEquals(5, SmsManager.mapMmsMsgBoxToSearchType(5))
+    assertEquals(6, SmsManager.mapMmsMsgBoxToSearchType(6))
+  }
+
+  @Test
+  fun mapMmsMsgBoxToSearchTypeLeavesUnsupportedBoxesUnmapped() {
+    assertNull(SmsManager.mapMmsMsgBoxToSearchType(0))
+    assertNull(SmsManager.mapMmsMsgBoxToSearchType(99))
+    assertNull(SmsManager.mapMmsMsgBoxToSearchType(null))
+  }
+
+  @Test
+  fun shouldUseConversationReviewByPhoneModeOnlyForMixedByPhoneReviewPulls() {
+    val active =
+      SmsManager.QueryParams(
+        limit = 5,
+        offset = 0,
+        isRead = null,
+        contactName = null,
+        phoneNumber = "+12107588120",
+        keyword = null,
+        startTime = null,
+        endTime = null,
+        includeMms = true,
+        conversationReview = true,
+      )
+    val disabledByMode = active.copy(conversationReview = false)
+    val disabledByMms = active.copy(includeMms = false)
+    val disabledByPhone = active.copy(phoneNumber = null)
+
+    assertTrue(SmsManager.shouldUseConversationReviewByPhoneMode(active))
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(disabledByMode))
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(disabledByMms))
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(disabledByPhone))
+  }
+
+  @Test
+  fun effectiveSearchParamsRaisesConversationReviewLimitFloor() {
+    val params =
+      SmsManager.QueryParams(
+        limit = 5,
+        offset = 0,
+        isRead = null,
+        contactName = null,
+        phoneNumber = "+12107588120",
+        keyword = null,
+        startTime = null,
+        endTime = null,
+        includeMms = true,
+        conversationReview = true,
+      )
+
+    assertEquals(25, SmsManager.effectiveSearchParams(params).limit)
+    assertEquals(40, SmsManager.effectiveSearchParams(params.copy(limit = 40)).limit)
+    assertEquals(5, SmsManager.effectiveSearchParams(params.copy(conversationReview = false)).limit)
+
+    val singleResolvedContact = params.copy(phoneNumber = null, contactName = "Leah")
+    assertEquals(25, SmsManager.effectiveSearchParams(singleResolvedContact, listOf("15551234567")).limit)
+    assertEquals(5, SmsManager.effectiveSearchParams(singleResolvedContact, listOf("15551234567", "15557654321")).limit)
+    assertEquals(
+      SmsManager.effectiveSearchParams(params).limit,
+      SmsManager.effectiveSearchParams(singleResolvedContact, listOf("15551234567")).limit,
+    )
+  }
+
+  @Test
+  fun resolveSearchParamsCarriesSingleResolvedContactIntoReviewMode() {
+    val params =
+      SmsManager.QueryParams(
+        limit = 5,
+        offset = 0,
+        isRead = null,
+        contactName = "Leah",
+        phoneNumber = null,
+        keyword = null,
+        startTime = null,
+        endTime = null,
+        includeMms = true,
+        conversationReview = true,
+      )
+
+    val beforeResolution = SmsManager.resolveSearchParams(params, normalizedPhoneNumber = null)
+    val singleResolved =
+      SmsManager.resolveSearchParams(
+        params,
+        normalizedPhoneNumber = null,
+        resolvedPhoneNumbers = listOf("15551234567"),
+      )
+    val multiResolved =
+      SmsManager.resolveSearchParams(
+        params,
+        normalizedPhoneNumber = null,
+        resolvedPhoneNumbers = listOf("15551234567", "15557654321"),
+      )
+    val explicit =
+      SmsManager.resolveSearchParams(
+        params.copy(contactName = null, phoneNumber = "+12107588120"),
+        normalizedPhoneNumber = "12107588120",
+      )
+    val nonReview =
+      SmsManager.resolveSearchParams(
+        params.copy(conversationReview = false),
+        normalizedPhoneNumber = null,
+        resolvedPhoneNumbers = listOf("15551234567"),
+      )
+
+    assertEquals(5, beforeResolution.limit)
+    assertEquals(25, singleResolved.limit)
+    assertEquals("15551234567", singleResolved.phoneNumber)
+    assertTrue(SmsManager.shouldUseConversationReviewByPhoneMode(singleResolved))
+    assertEquals(5, multiResolved.limit)
+    assertNull(multiResolved.phoneNumber)
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(multiResolved))
+    assertEquals(25, explicit.limit)
+    assertEquals("12107588120", explicit.phoneNumber)
+    assertEquals(5, nonReview.limit)
+    assertEquals("15551234567", nonReview.phoneNumber)
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(nonReview))
+  }
+
+  @Test
+  fun canonicalizeMixedPathPhoneFiltersDedupesEquivalentExplicitAndContactNumbers() {
+    assertEquals(
+      listOf("15551234567"),
+      SmsManager.canonicalizeMixedPathPhoneFilters(listOf("+15551234567", "15551234567")),
+    )
+  }
+
+  @Test
+  fun canonicalizeMixedPathPhoneFiltersDropsBlankByPhoneValues() {
+    assertEquals(
+      listOf("15551234567"),
+      SmsManager.canonicalizeMixedPathPhoneFilters(listOf("+15551234567", "+", "   ")),
+    )
+  }
+
+  @Test
+  fun buildQueryMetadataUsesCanonicalizedSingleMixedFilterAsEligible() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val canonical = SmsManager.canonicalizeMixedPathPhoneFilters(listOf("+15551234567", "15551234567"))
+
+    val metadata = SmsManager.buildQueryMetadata(params, canonical, emptyList())
+
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+  }
+
+  @Test
+  fun requestedMixedByPhoneCandidateWindowAddsOffsetAndLimitSafely() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567", limit = 200, offset = 300)
+    assertEquals(500L, SmsManager.requestedMixedByPhoneCandidateWindow(params))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowFalseAtSupportedBoundary() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567", limit = 200, offset = 300)
+    assertFalse(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567")))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowTrueWhenSingleNumberMixedWindowTooLarge() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567", limit = 200, offset = 301)
+    assertTrue(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567")))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowFalseForSmsOnlyQueries() {
+    val params = SmsManager.QueryParams(includeMms = false, phoneNumber = "+15551234567", limit = 200, offset = 50000)
+    assertFalse(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567")))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowFalseWhenMultiplePhoneNumbersDisableMixedByPhonePath() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = null, limit = 200, offset = 50000)
+    assertFalse(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567", "+15557654321")))
+  }
+
+  @Test
+  fun mixedByPhoneWindowErrorMentionsSupportedWindow() {
+    assertEquals(
+      "INVALID_REQUEST: includeMms offset+limit exceeds supported window (500)",
+      SmsManager.mixedByPhoneWindowError(),
+    )
+  }
+
+  @Test
+  fun buildQueryMetadataMarksIneligibleWhenIncludeMmsNotRequested() {
+    val params = SmsManager.QueryParams(includeMms = false)
+
+    val metadata = SmsManager.buildQueryMetadata(params, emptyList(), emptyList())
+
+    assertFalse(metadata.mmsRequested)
+    assertFalse(metadata.mmsEligible)
+    assertFalse(metadata.mmsAttempted)
+    assertFalse(metadata.mmsIncluded)
+  }
+
+  @Test
+  fun buildQueryMetadataMarksEligibleAttemptedButNotIncludedForSingleNumberFallback() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val messages = listOf(smsMessage(id = 1L, date = 1000L))
+
+    val metadata = SmsManager.buildQueryMetadata(params, listOf("+15551234567"), messages)
+
+    assertTrue(metadata.mmsRequested)
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+    assertFalse(metadata.mmsIncluded)
+  }
+
+  @Test
+  fun isMmsTransportRowTrueOnlyForMmsTransport() {
+    assertTrue(SmsManager.isMmsTransportRow(smsMessage(id = 1L, date = 1000L, transportType = "mms")))
+    assertFalse(SmsManager.isMmsTransportRow(smsMessage(id = 2L, date = 1000L, transportType = "sms")))
+    assertFalse(SmsManager.isMmsTransportRow(smsMessage(id = 3L, date = 1000L, transportType = null)))
+  }
+
+  @Test
+  fun shouldHydrateMmsByPhoneRowTrueOnlyForMmsTransportWithBlankBodyOrZeroType() {
+    assertTrue(SmsManager.shouldHydrateMmsByPhoneRow("mms", null, 1))
+    assertTrue(SmsManager.shouldHydrateMmsByPhoneRow("mms", "", 1))
+    assertTrue(SmsManager.shouldHydrateMmsByPhoneRow("mms", "body", 0))
+    assertFalse(SmsManager.shouldHydrateMmsByPhoneRow("sms", null, 0))
+    assertFalse(SmsManager.shouldHydrateMmsByPhoneRow(null, null, 0))
+    assertFalse(SmsManager.shouldHydrateMmsByPhoneRow("mms", "body", 1))
+  }
+
+  @Test
+  fun buildQueryMetadataDoesNotTreatSmsStatusSentinelAsMmsInclusion() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val smsLikeMessage = smsMessage(id = 7L, date = 1000L, status = -1, transportType = "sms")
+
+    val metadata = SmsManager.buildQueryMetadata(params, listOf("15551234567"), listOf(smsLikeMessage))
+
+    assertTrue(metadata.mmsRequested)
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+    assertFalse(metadata.mmsIncluded)
+  }
+
+  @Test
+  fun buildQueryMetadataMarksIncludedWhenMixedQueryYieldsMmsTransportRow() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val mmsTransportMessage = smsMessage(id = 7L, date = 1000L, status = 0, body = null, transportType = "mms")
+
+    val metadata = SmsManager.buildQueryMetadata(params, listOf("15551234567"), listOf(mmsTransportMessage))
+
+    assertTrue(metadata.mmsRequested)
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+    assertTrue(metadata.mmsIncluded)
+  }
 }

apps/android/app/src/test/java/ai/openclaw/app/node/SystemHandlerTest.kt

@@ -26,6 +26,16 @@ class SystemHandlerTest {
     assertEquals("INVALID_REQUEST", result.error?.code)
   }
 
+  @Test
+  fun handleSystemNotify_rejectsInvalidRequestObject() {
+    val handler = SystemHandler.forTesting(poster = FakePoster(authorized = true))
+
+    val result = handler.handleSystemNotify("""{"title":"OpenClaw"}""")
+
+    assertFalse(result.ok)
+    assertEquals("INVALID_REQUEST", result.error?.code)
+  }
+
   @Test
   fun handleSystemNotify_postsNotification() {
     val poster = FakePoster(authorized = true)
@@ -37,6 +47,23 @@ class SystemHandlerTest {
     assertEquals(1, poster.posts)
   }
 
+  @Test
+  fun handleSystemNotify_trimsAndPassesOptionalFields() {
+    val poster = FakePoster(authorized = true)
+    val handler = SystemHandler.forTesting(poster = poster)
+
+    val result =
+      handler.handleSystemNotify(
+        """{"title":" OpenClaw ","body":" done ","priority":" passive ","sound":" silent "}""",
+      )
+
+    assertTrue(result.ok)
+    assertEquals("OpenClaw", poster.lastRequest?.title)
+    assertEquals("done", poster.lastRequest?.body)
+    assertEquals("passive", poster.lastRequest?.priority)
+    assertEquals("silent", poster.lastRequest?.sound)
+  }
+
   @Test
   fun handleSystemNotify_returnsUnauthorizedWhenPostFailsPermission() {
     val handler = SystemHandler.forTesting(poster = ThrowingPoster(authorized = true, error = SecurityException("denied")))
@@ -55,6 +82,7 @@ class SystemHandlerTest {
 
     assertFalse(result.ok)
     assertEquals("UNAVAILABLE", result.error?.code)
+    assertEquals("NOTIFICATION_FAILED: boom", result.error?.message)
   }
 }
 
@@ -63,11 +91,14 @@ private class FakePoster(
 ) : SystemNotificationPoster {
   var posts: Int = 0
     private set
+  var lastRequest: SystemNotifyRequest? = null
+    private set
 
   override fun isAuthorized(): Boolean = authorized
 
   override fun post(request: SystemNotifyRequest) {
     posts += 1
+    lastRequest = request
   }
 }
 

apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawProtocolConstantsTest.kt

@@ -86,13 +86,15 @@ class OpenClawProtocolConstantsTest {
     assertEquals("motion.pedometer", OpenClawMotionCommand.Pedometer.rawValue)
   }
 
+  @Test
+  fun smsCommandsUseStableStrings() {
+    assertEquals("sms.send", OpenClawSmsCommand.Send.rawValue)
+    assertEquals("sms.search", OpenClawSmsCommand.Search.rawValue)
+  }
+
   @Test
   fun callLogCommandsUseStableStrings() {
     assertEquals("callLog.search", OpenClawCallLogCommand.Search.rawValue)
   }
 
-  @Test
-  fun smsCommandsUseStableStrings() {
-    assertEquals("sms.search", OpenClawSmsCommand.Search.rawValue)
-  }
 }

apps/android/app/src/test/java/ai/openclaw/app/ui/SettingsSheetNotificationAppsTest.kt

@@ -0,0 +1,35 @@
+package ai.openclaw.app.ui
+
+import org.junit.Assert.assertEquals
+import org.junit.Test
+
+class SettingsSheetNotificationAppsTest {
+  @Test
+  fun resolveNotificationCandidatePackages_keepsConfiguredPackagesVisible() {
+    val packages =
+      resolveNotificationCandidatePackages(
+        launcherPackages = setOf("com.example.launcher"),
+        recentPackages = listOf("com.example.recent", "com.example.launcher"),
+        configuredPackages = setOf("com.example.configured"),
+        appPackageName = "ai.openclaw.app",
+      )
+
+    assertEquals(
+      setOf("com.example.launcher", "com.example.recent", "com.example.configured"),
+      packages,
+    )
+  }
+
+  @Test
+  fun resolveNotificationCandidatePackages_filtersBlankAndSelfPackages() {
+    val packages =
+      resolveNotificationCandidatePackages(
+        launcherPackages = setOf(" ", "ai.openclaw.app"),
+        recentPackages = listOf("com.example.recent", "  "),
+        configuredPackages = setOf("ai.openclaw.app", "com.example.configured"),
+        appPackageName = "ai.openclaw.app",
+      )
+
+    assertEquals(setOf("com.example.recent", "com.example.configured"), packages)
+  }
+}

apps/ios/Config/Version.xcconfig

@@ -1,8 +1,8 @@
 // Shared iOS version defaults.
 // Generated overrides live in build/Version.xcconfig (git-ignored).
 
-OPENCLAW_GATEWAY_VERSION = 2026.3.29
-OPENCLAW_MARKETING_VERSION = 2026.3.29
-OPENCLAW_BUILD_VERSION = 2026032900
+OPENCLAW_GATEWAY_VERSION = 2026.3.30
+OPENCLAW_MARKETING_VERSION = 2026.3.30
+OPENCLAW_BUILD_VERSION = 2026033000
 
 #include? "../build/Version.xcconfig"

apps/ios/README.md

@@ -65,9 +65,9 @@ Release behavior:
 - Beta release also switches the app to `OpenClawPushTransport=relay`, `OpenClawPushDistribution=official`, and `OpenClawPushAPNsEnvironment=production`.
 - The beta flow does not modify `apps/ios/.local-signing.xcconfig` or `apps/ios/LocalSigning.xcconfig`.
 - Root `package.json.version` is the only version source for iOS.
-- A root version like `2026.3.29-beta.1` becomes:
-  - `CFBundleShortVersionString = 2026.3.29`
-  - `CFBundleVersion = next TestFlight build number for 2026.3.29`
+- A root version like `2026.3.30-beta.1` becomes:
+  - `CFBundleShortVersionString = 2026.3.30`
+  - `CFBundleVersion = next TestFlight build number for 2026.3.30`
 
 Required env for beta builds:
 

apps/ios/Sources/LiveActivity/LiveActivityManager.swift

@@ -1,4 +1,4 @@
-import ActivityKit
+@preconcurrency import ActivityKit
 import Foundation
 import os
 

apps/macos/Sources/OpenClaw/Resources/Info.plist

@@ -15,9 +15,9 @@
     <key>CFBundlePackageType</key>
     <string>APPL</string>
     <key>CFBundleShortVersionString</key>
-    <string>2026.3.29</string>
+    <string>2026.3.30</string>
     <key>CFBundleVersion</key>
-    <string>2026032900</string>
+    <string>2026033000</string>
     <key>CFBundleIconFile</key>
     <string>OpenClaw</string>
     <key>CFBundleURLTypes</key>

docs/.i18n/glossary.zh-CN.json

@@ -47,6 +47,10 @@
     "source": "Quick Start",
     "target": "快速开始"
   },
+  {
+    "source": "Diffs",
+    "target": "Diffs"
+  },
   {
     "source": "Capability Cookbook",
     "target": "能力扩展手册"

docs/automation/cron-jobs.md

@@ -14,6 +14,11 @@ title: "Cron Jobs"
 Cron is the Gateway’s built-in scheduler. It persists jobs, wakes the agent at
 the right time, and can optionally deliver output back to a chat.
 
+All cron executions create [background task](/automation/tasks) records. The key difference is visibility:
+
+- `sessionTarget: "main"` creates a task with `silent` notify policy — it schedules a system event for the main session and heartbeat flow but does not generate notifications.
+- `sessionTarget: "isolated"` or `sessionTarget: "session:..."` creates a visible task that shows up in `openclaw tasks` with delivery notifications.
+
 If you want _“run this every morning”_ or _“poke the agent in 20 minutes”_,
 cron is the mechanism.
 
@@ -155,6 +160,8 @@ They must use `payload.kind = "systemEvent"`.
 This is the best fit when you want the normal heartbeat prompt + main-session context.
 See [Heartbeat](/gateway/heartbeat).
 
+Main-session cron jobs create [background task](/automation/tasks) records with `silent` notify policy (no notifications by default). They appear in `openclaw tasks list` but do not generate delivery messages.
+
 #### Isolated jobs (dedicated cron sessions)
 
 Isolated jobs run a dedicated agent turn in session `cron:<jobId>` or a custom session.
@@ -176,6 +183,8 @@ Key behaviors:
 Use isolated jobs for noisy, frequent, or "background chores" that shouldn't spam
 your main chat history.
 
+These detached runs create [background task](/automation/tasks) records visible in `openclaw tasks` and subject to task audit and maintenance.
+
 ### Payload shapes (what runs)
 
 Two payload kinds are supported:
@@ -725,3 +734,11 @@ openclaw system event --mode now --text "Next heartbeat: check battery."
 - If the announce flow returns `false` (e.g. requester session is busy), the gateway retries up to 3 times with tracking via `announceRetryCount`.
 - Announces older than 5 minutes past `endedAt` are force-expired to prevent stale entries from looping indefinitely.
 - If you see repeated announce deliveries in logs, check the subagent registry for entries with high `announceRetryCount` values.
+
+## Related
+
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Cron vs Heartbeat](/automation/cron-vs-heartbeat) — when to use each
+- [Background Tasks](/automation/tasks) — task ledger for cron executions
+- [Heartbeat](/gateway/heartbeat) — periodic main-session turns
+- [Troubleshooting](/automation/troubleshooting) — debugging automation issues

docs/automation/cron-vs-heartbeat.md

@@ -11,6 +11,14 @@ title: "Cron vs Heartbeat"
 
 Both heartbeats and cron jobs let you run tasks on a schedule. This guide helps you choose the right mechanism for your use case.
 
+One important distinction:
+
+- **Heartbeat** is a scheduled **main-session turn** — no task record created.
+- **Cron (main)** is a scheduled **system event into the main session** — creates a task record with `silent` notify policy.
+- **Cron (isolated)** is a scheduled **background run** — creates a task record tracked in `openclaw tasks`.
+
+All cron job executions (main and isolated) create [task records](/automation/tasks). Heartbeat turns do not. Main-session cron tasks use `silent` notify policy by default so they do not generate notifications.
+
 ## Quick Decision Guide
 
 | Use Case                             | Recommended         | Why                                      |
@@ -40,6 +48,7 @@ Heartbeats run in the **main session** at a regular interval (default: 30 min).
 - **Context-aware**: The agent knows what you've been working on and can prioritize accordingly.
 - **Smart suppression**: If nothing needs attention, the agent replies `HEARTBEAT_OK` and no message is delivered.
 - **Natural timing**: Drifts slightly based on queue load, which is fine for most monitoring.
+- **No task record**: heartbeat turns stay in main-session history (see [Background Tasks](/automation/tasks)).
 
 ### Heartbeat example: HEARTBEAT.md checklist
 
@@ -98,6 +107,7 @@ per-job offset in a 0-5 minute window.
 - **Immediate delivery**: Announce mode posts directly without waiting for heartbeat.
 - **No agent context needed**: Runs even if main session is idle or compacted.
 - **One-shot support**: `--at` for precise future timestamps.
+- **Task tracking**: isolated jobs create [background task](/automation/tasks) records visible in `openclaw tasks` and `openclaw tasks audit`.
 
 ### Cron example: Daily morning briefing
 
@@ -219,13 +229,14 @@ See [Lobster](/tools/lobster) for full usage and examples.
 
 Both heartbeat and cron can interact with the main session, but differently:
 
-|         | Heartbeat                       | Cron (main)              | Cron (isolated)                                 |
-| ------- | ------------------------------- | ------------------------ | ----------------------------------------------- |
-| Session | Main                            | Main (via system event)  | `cron:<jobId>` or custom session                |
-| History | Shared                          | Shared                   | Fresh each run (isolated) / Persistent (custom) |
-| Context | Full                            | Full                     | None (isolated) / Cumulative (custom)           |
-| Model   | Main session model              | Main session model       | Can override                                    |
-| Output  | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default)                      |
+|                            | Heartbeat                       | Cron (main)              | Cron (isolated)                                 |
+| -------------------------- | ------------------------------- | ------------------------ | ----------------------------------------------- |
+| Session                    | Main                            | Main (via system event)  | `cron:<jobId>` or custom session                |
+| History                    | Shared                          | Shared                   | Fresh each run (isolated) / Persistent (custom) |
+| Context                    | Full                            | Full                     | None (isolated) / Cumulative (custom)           |
+| Model                      | Main session model              | Main session model       | Can override                                    |
+| Output                     | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default)                      |
+| [Tasks](/automation/tasks) | No task record                  | Task record (silent)     | Task record (visible in `openclaw tasks`)       |
 
 ### When to use main session cron
 
@@ -281,6 +292,8 @@ openclaw cron add \
 
 ## Related
 
-- [Heartbeat](/gateway/heartbeat) - full heartbeat configuration
-- [Cron jobs](/automation/cron-jobs) - full cron CLI and API reference
-- [System](/cli/system) - system events + heartbeat controls
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Heartbeat](/gateway/heartbeat) — full heartbeat configuration
+- [Cron jobs](/automation/cron-jobs) — full cron CLI and API reference
+- [Background Tasks](/automation/tasks) — task ledger, audit, and lifecycle
+- [System](/cli/system) — system events + heartbeat controls

docs/automation/hooks.md

@@ -129,7 +129,7 @@ Example `package.json`:
 }
 ```
 
-Each entry points to a hook directory containing `HOOK.md` and `handler.ts` (or `index.ts`).
+Each entry points to a hook directory containing `HOOK.md` and a handler file. The loader tries `handler.ts`, `handler.js`, `index.ts`, `index.js` in order.
 Hook packs can ship dependencies; they will be installed under `~/.openclaw/hooks/<id>`.
 Each `openclaw.hooks` entry must stay inside the package directory after symlink
 resolution; entries that escape are rejected.
@@ -236,6 +236,9 @@ Each event includes:
     sessionId?: string,
     // Agent bootstrap events (agent:bootstrap):
     bootstrapFiles?: WorkspaceBootstrapFile[],
+    sessionKey?: string,           // routing session key
+    sessionId?: string,            // internal session UUID
+    agentId?: string,              // resolved agent ID
     // Message events (see Message Events section for full details):
     from?: string,             // message:received
     to?: string,               // message:sent
@@ -265,6 +268,25 @@ Triggered when agent commands are issued:
 Internal hook payloads emit these as `type: "session"` with `action: "compact:before"` / `action: "compact:after"`; listeners subscribe with the combined keys above.
 Specific handler registration uses the literal key format `${type}:${action}`. For these events, register `session:compact:before` and `session:compact:after`.
 
+`session:compact:before` context fields:
+
+- `sessionId`: internal session UUID
+- `missingSessionKey`: true when no session key was available
+- `messageCount`: number of messages before compaction
+- `tokenCount`: token count before compaction (may be absent)
+- `messageCountOriginal`: message count from the full untruncated session history
+- `tokenCountOriginal`: token count of the full original history (may be absent)
+
+`session:compact:after` context fields (in addition to `sessionId` and `missingSessionKey`):
+
+- `messageCount`: message count after compaction
+- `tokenCount`: token count after compaction (may be absent)
+- `compactedCount`: number of messages that were compacted/removed
+- `summaryLength`: character length of the generated compaction summary
+- `tokensBefore`: token count from before compaction (for delta calculation)
+- `tokensAfter`: token count after compaction
+- `firstKeptEntryId`: ID of the first message entry retained after compaction
+
 ### Agent Events
 
 - **`agent:bootstrap`**: Before workspace bootstrap files are injected (hooks may mutate `context.bootstrapFiles`)
@@ -293,12 +315,16 @@ Session events include rich context about the session and changes:
     label?: string | null,           // Human-readable session label
 
     // AI model configuration
-    model?: string | null,           // Model override (e.g., "claude-opus-4-5")
+    model?: string | null,           // Model override (e.g., "claude-sonnet-4-6")
     thinkingLevel?: string | null,   // Thinking level ("off"|"low"|"med"|"high")
     verboseLevel?: string | null,    // Verbose output level
     reasoningLevel?: string | null,  // Reasoning mode override
     elevatedLevel?: string | null,   // Elevated mode override
-    responseUsage?: "off" | "tokens" | "full" | null, // Usage display mode
+    responseUsage?: "off" | "tokens" | "full" | "on" | null, // Usage display mode ("on" is backwards-compat alias for "full")
+    fastMode?: boolean | null,                    // Fast/turbo mode toggle
+    spawnedWorkspaceDir?: string | null,          // Workspace dir override for spawned subagents
+    subagentRole?: "orchestrator" | "leaf" | null, // Subagent role assignment
+    subagentControlScope?: "children" | "none" | null, // Scope of subagent control
 
     // Tool execution settings
     execHost?: string | null,        // Exec host (sandbox|gateway|node)
@@ -318,7 +344,7 @@ Session events include rich context about the session and changes:
 }
 ```
 
-**Security note:** Only privileged clients (including the Control UI) can trigger `session:patch` events. Standard WebChat clients are blocked from patching sessions (see PR #20800), so the hook will not fire from those connections.
+**Security note:** Only privileged clients (including the Control UI) can trigger `session:patch` events. Standard WebChat clients are blocked from patching sessions, so the hook will not fire from those connections.
 
 See `SessionsPatchParamsSchema` in `src/gateway/protocol/schema/sessions.ts` for the complete type definition.
 
@@ -495,6 +521,78 @@ The `pluginId` field is stamped automatically by the hook runner from the plugin
 
 If the gateway is unavailable or does not support plugin approvals, the tool call falls back to a soft block using the `description` as the block reason.
 
+#### before_install
+
+Runs after the built-in install security scan and before installation continues. OpenClaw fires this hook for interactive skill installs as well as plugin bundle, package, and single-file installs.
+
+Return fields:
+
+- **`findings`**: Additional scan findings to surface as warnings
+- **`block`**: Set to `true` to block the install
+- **`blockReason`**: Human-readable reason shown when blocked
+
+Event fields:
+
+- **`targetType`**: Install target category (`skill` or `plugin`)
+- **`targetName`**: Human-readable skill name or plugin id for the install target
+- **`sourcePath`**: Absolute path to the install target content being scanned
+- **`sourcePathKind`**: Whether the scanned content is a `file` or `directory`
+- **`origin`**: Normalized install origin when available (for example `openclaw-bundled`, `openclaw-workspace`, `plugin-bundle`, `plugin-package`, or `plugin-file`)
+- **`request`**: Provenance for the install request, including `kind`, `mode`, and optional `requestedSpecifier`
+- **`builtinScan`**: Structured result of the built-in scanner, including `status`, summary counts, findings, and optional `error`
+- **`skill`**: Skill install metadata when `targetType` is `skill`, including `installId` and the selected `installSpec`
+- **`plugin`**: Plugin install metadata when `targetType` is `plugin`, including the canonical `pluginId`, normalized `contentType`, optional `packageName` / `manifestId` / `version`, and `extensions`
+
+Example event (plugin package install):
+
+```json
+{
+  "targetType": "plugin",
+  "targetName": "acme-audit",
+  "sourcePath": "/var/folders/.../openclaw-plugin-acme-audit/package",
+  "sourcePathKind": "directory",
+  "origin": "plugin-package",
+  "request": {
+    "kind": "plugin-npm",
+    "mode": "install",
+    "requestedSpecifier": "@acme/openclaw-plugin-audit@1.4.2"
+  },
+  "builtinScan": {
+    "status": "ok",
+    "scannedFiles": 12,
+    "critical": 0,
+    "warn": 1,
+    "info": 0,
+    "findings": [
+      {
+        "severity": "warn",
+        "ruleId": "network_fetch",
+        "file": "dist/index.js",
+        "line": 88,
+        "message": "Dynamic network fetch detected during install review."
+      }
+    ]
+  },
+  "plugin": {
+    "pluginId": "acme-audit",
+    "contentType": "package",
+    "packageName": "@acme/openclaw-plugin-audit",
+    "manifestId": "acme-audit",
+    "version": "1.4.2",
+    "extensions": ["./dist/index.js"]
+  }
+}
+```
+
+Skill installs use the same event shape with `targetType: "skill"` and a `skill` object instead of `plugin`.
+
+Decision semantics:
+
+- `before_install`: `{ block: true }` is terminal and stops lower-priority handlers.
+- `before_install`: `{ block: false }` is treated as no decision.
+
+Use this hook for external security scanners, policy engines, or enterprise approval gates that need to audit install sources before they are installed.
+
 #### Compaction lifecycle
 
 Compaction lifecycle hooks exposed through the plugin hook runner:
@@ -502,12 +600,91 @@ Compaction lifecycle hooks exposed through the plugin hook runner:
 - **`before_compaction`**: Runs before compaction with count/token metadata
 - **`after_compaction`**: Runs after compaction with compaction summary metadata
 
+### Complete Plugin Hook Reference
+
+All 27 hooks registered via the Plugin SDK. Hooks marked **sequential** run in priority order and can modify results; **parallel** hooks are fire-and-forget.
+
+#### Model and prompt hooks
+
+| Hook                   | When                                         | Execution  | Returns                                                    |
+| ---------------------- | -------------------------------------------- | ---------- | ---------------------------------------------------------- |
+| `before_model_resolve` | Before model/provider lookup                 | Sequential | `{ modelOverride?, providerOverride? }`                    |
+| `before_prompt_build`  | After model resolved, session messages ready | Sequential | `{ systemPrompt?, prependContext?, appendSystemContext? }` |
+| `before_agent_start`   | Legacy combined hook (prefer the two above)  | Sequential | Union of both result shapes                                |
+| `llm_input`            | Immediately before the LLM API call          | Parallel   | `void`                                                     |
+| `llm_output`           | Immediately after LLM response received      | Parallel   | `void`                                                     |
+
+#### Agent lifecycle hooks
+
+| Hook                | When                                           | Execution | Returns |
+| ------------------- | ---------------------------------------------- | --------- | ------- |
+| `agent_end`         | After agent run completes (success or failure) | Parallel  | `void`  |
+| `before_reset`      | When `/new` or `/reset` clears a session       | Parallel  | `void`  |
+| `before_compaction` | Before compaction summarizes history           | Parallel  | `void`  |
+| `after_compaction`  | After compaction completes                     | Parallel  | `void`  |
+
+#### Session lifecycle hooks
+
+| Hook            | When                      | Execution | Returns |
+| --------------- | ------------------------- | --------- | ------- |
+| `session_start` | When a new session begins | Parallel  | `void`  |
+| `session_end`   | When a session ends       | Parallel  | `void`  |
+
+#### Message flow hooks
+
+| Hook                   | When                                              | Execution            | Returns                       |
+| ---------------------- | ------------------------------------------------- | -------------------- | ----------------------------- |
+| `inbound_claim`        | Before command/agent dispatch; first-claim wins   | Sequential           | `{ handled: boolean }`        |
+| `message_received`     | After an inbound message is received              | Parallel             | `void`                        |
+| `before_dispatch`      | After commands parsed, before model dispatch      | Sequential           | `{ handled: boolean, text? }` |
+| `message_sending`      | Before an outbound message is delivered           | Sequential           | `{ content?, cancel? }`       |
+| `message_sent`         | After an outbound message is delivered            | Parallel             | `void`                        |
+| `before_message_write` | Before a message is written to session transcript | **Sync**, sequential | `{ block?, message? }`        |
+
+#### Tool execution hooks
+
+| Hook                  | When                                          | Execution            | Returns                                               |
+| --------------------- | --------------------------------------------- | -------------------- | ----------------------------------------------------- |
+| `before_tool_call`    | Before each tool call                         | Sequential           | `{ params?, block?, blockReason?, requireApproval? }` |
+| `after_tool_call`     | After a tool call completes                   | Parallel             | `void`                                                |
+| `tool_result_persist` | Before a tool result is written to transcript | **Sync**, sequential | `{ message? }`                                        |
+
+#### Subagent hooks
+
+| Hook                       | When                                       | Execution  | Returns                           |
+| -------------------------- | ------------------------------------------ | ---------- | --------------------------------- |
+| `subagent_spawning`        | Before a subagent session is created       | Sequential | `{ status, threadBindingReady? }` |
+| `subagent_delivery_target` | After spawning, to resolve delivery target | Sequential | `{ origin? }`                     |
+| `subagent_spawned`         | After a subagent is fully spawned          | Parallel   | `void`                            |
+| `subagent_ended`           | When a subagent session terminates         | Parallel   | `void`                            |
+
+#### Gateway hooks
+
+| Hook            | When                                       | Execution | Returns |
+| --------------- | ------------------------------------------ | --------- | ------- |
+| `gateway_start` | After the gateway process is fully started | Parallel  | `void`  |
+| `gateway_stop`  | When the gateway is shutting down          | Parallel  | `void`  |
+
+#### Install hooks
+
+| Hook             | When                                                  | Execution  | Returns                               |
+| ---------------- | ----------------------------------------------------- | ---------- | ------------------------------------- |
+| `before_install` | After built-in security scan, before install proceeds | Sequential | `{ findings?, block?, blockReason? }` |
+
+<Note>
+Two hooks (`tool_result_persist` and `before_message_write`) are **synchronous only** — they must not return a Promise. Returning a Promise from these hooks is caught at runtime and the result is discarded with a warning.
+</Note>
+
+For full handler signatures and context types, see [Plugin Architecture](/plugins/architecture).
+
 ### Future Events
 
-Planned event types:
+The following event types are planned for the internal hook event stream.
+Note that `session_start` and `session_end` already exist as [Plugin Hook API](/plugins/architecture#provider-runtime-hooks) hooks
+but are not yet available as internal hook event keys in `HOOK.md` metadata:
 
-- **`session:start`**: When a new session begins
-- **`session:end`**: When a session ends
+- **`session:start`**: When a new session begins (planned for internal hook stream; available as plugin hook `session_start`)
+- **`session:end`**: When a session ends (planned for internal hook stream; available as plugin hook `session_end`)
 - **`agent:error`**: When an agent encounters an error
 
 ## Creating Custom Hooks
@@ -923,8 +1100,8 @@ metadata: { "openclaw": { "events": ["command"] } } # General - more overhead
 
 The gateway logs hook loading at startup:
 
-```
-Registered hook: session-memory -> command:new
+```text
+Registered hook: session-memory -> command:new, command:reset
 Registered hook: bootstrap-extra-files -> agent:bootstrap
 Registered hook: command-logger -> command
 Registered hook: boot-md -> gateway:startup

docs/automation/index.md

@@ -0,0 +1,73 @@
+---
+summary: "Overview of all automation mechanisms: heartbeat, cron, tasks, hooks, webhooks, and more"
+read_when:
+  - Deciding how to automate work with OpenClaw
+  - Choosing between heartbeat, cron, hooks, and webhooks
+  - Looking for the right automation entry point
+title: "Automation Overview"
+---
+
+# Automation
+
+OpenClaw provides several automation mechanisms, each suited to different use cases. This page helps you choose the right one.
+
+## Quick decision guide
+
+```
+Do you need something to run on a schedule?
+  YES → Is exact timing critical?
+    YES → Cron (isolated)
+    NO  → Can it batch with other checks?
+      YES → Heartbeat
+      NO  → Cron
+  NO → Continue...
+
+Do you need to react to an event (message, tool call, session change)?
+  YES → Hooks (or plugin hooks)
+
+Do you need to receive external HTTP events?
+  YES → Webhooks
+
+Do you want persistent instructions the agent always follows?
+  YES → Standing Orders
+
+Do you want to track what background work happened?
+  → Background Tasks (automatic for cron, ACP, subagents)
+```
+
+## Mechanisms at a glance
+
+| Mechanism | What it does | Runs in | Creates task record |
+|---|---|---|---|
+| [Heartbeat](/gateway/heartbeat) | Periodic main-session turn — batches multiple checks | Main session | No |
+| [Cron](/automation/cron-jobs) | Scheduled jobs with precise timing | Main or isolated session | Yes (all types) |
+| [Background Tasks](/automation/tasks) | Tracks detached work (cron, ACP, subagents, CLI) | N/A (ledger) | N/A |
+| [Hooks](/automation/hooks) | Event-driven scripts triggered by agent lifecycle events | Hook runner | No |
+| [Standing Orders](/automation/standing-orders) | Persistent instructions injected into the system prompt | Main session | No |
+| [Webhooks](/automation/webhook) | Receive inbound HTTP events and route to the agent | Gateway HTTP | No |
+
+### Specialized automation
+
+| Mechanism | What it does |
+|---|---|
+| [Gmail PubSub](/automation/gmail-pubsub) | Real-time Gmail notifications via Google PubSub |
+| [Polling](/automation/poll) | Periodic data source checks (RSS, APIs, etc.) |
+| [Auth Monitoring](/automation/auth-monitoring) | Credential health and expiry alerts |
+
+## How they work together
+
+The most effective setups combine multiple mechanisms:
+
+1. **Heartbeat** handles routine monitoring (inbox, calendar, notifications) in one batched turn every 30 minutes.
+2. **Cron** handles precise schedules (daily reports, weekly reviews) and one-shot reminders.
+3. **Hooks** react to specific events (tool calls, session resets, compaction) with custom scripts.
+4. **Standing Orders** give the agent persistent context ("always check the project board before replying").
+5. **Background Tasks** automatically track all detached work so you can inspect and audit it.
+
+See [Cron vs Heartbeat](/automation/cron-vs-heartbeat) for a detailed comparison of the two scheduling mechanisms.
+
+## Related
+
+- [Cron vs Heartbeat](/automation/cron-vs-heartbeat) — detailed comparison guide
+- [Troubleshooting](/automation/troubleshooting) — debugging automation issues
+- [Configuration Reference](/gateway/configuration-reference) — all config keys

docs/automation/standing-orders.md

@@ -247,5 +247,8 @@ Each program should have:
 
 ## Related
 
-- [Cron Jobs](/automation/cron-jobs) — Schedule enforcement for standing orders
-- [Agent Workspace](/concepts/agent-workspace) — Where standing orders live, including the full list of auto-injected bootstrap files (AGENTS.md, SOUL.md, etc.)
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Cron Jobs](/automation/cron-jobs) — schedule enforcement for standing orders
+- [Hooks](/automation/hooks) — event-driven scripts for agent lifecycle events
+- [Webhooks](/automation/webhook) — inbound HTTP event triggers
+- [Agent Workspace](/concepts/agent-workspace) — where standing orders live, including the full list of auto-injected bootstrap files (AGENTS.md, SOUL.md, etc.)

docs/automation/tasks.md

@@ -0,0 +1,239 @@
+---
+summary: "Background task tracking for ACP runs, subagents, isolated cron jobs, and CLI operations"
+read_when:
+  - Inspecting background work in progress or recently completed
+  - Debugging delivery failures for detached agent runs
+  - Understanding how background runs relate to sessions, cron, and heartbeat
+title: "Background Tasks"
+---
+
+# Background Tasks
+
+> **Cron vs Heartbeat vs Tasks?** See [Cron vs Heartbeat](/automation/cron-vs-heartbeat) for choosing the right scheduling mechanism. This page covers **tracking** background work, not scheduling it.
+
+Background tasks track work that runs **outside your main conversation session**:
+ACP runs, subagent spawns, isolated cron job executions, and CLI-initiated operations.
+
+Tasks do **not** replace sessions, cron jobs, or heartbeats — they are the **activity ledger** that records what detached work happened, when, and whether it succeeded.
+
+<Note>
+Not every agent run creates a task. Heartbeat turns and normal interactive chat do not. All cron executions, ACP spawns, subagent spawns, and CLI agent commands do.
+</Note>
+
+## TL;DR
+
+- Tasks are **records**, not schedulers — cron and heartbeat decide _when_ work runs, tasks track _what happened_.
+- ACP, subagents, all cron jobs, and CLI operations create tasks. Heartbeat turns do not.
+- Each task moves through `queued → running → terminal` (succeeded, failed, timed_out, cancelled, or lost).
+- Completion notifications are delivered directly to a channel or queued for the next heartbeat.
+- `openclaw tasks list` shows all tasks; `openclaw tasks audit` surfaces issues.
+- Terminal records are kept for 7 days, then automatically pruned.
+
+## Quick start
+
+```bash
+# List all tasks (newest first)
+openclaw tasks list
+
+# Filter by runtime or status
+openclaw tasks list --runtime acp
+openclaw tasks list --status running
+
+# Show details for a specific task (by ID, run ID, or session key)
+openclaw tasks show <lookup>
+
+# Cancel a running task (kills the child session)
+openclaw tasks cancel <lookup>
+
+# Change notification policy for a task
+openclaw tasks notify <lookup> state_changes
+
+# Run a health audit
+openclaw tasks audit
+```
+
+## What creates a task
+
+| Source                 | Runtime type | When a task record is created                          | Default notify policy |
+| ---------------------- | ------------ | ------------------------------------------------------ | --------------------- |
+| ACP background runs    | `acp`        | Spawning a child ACP session                           | `done_only`           |
+| Subagent orchestration | `subagent`   | Spawning a subagent via `sessions_spawn`               | `done_only`           |
+| Cron jobs (all types)  | `cron`       | Every cron execution (main-session and isolated)       | `silent`              |
+| CLI operations         | `cli`        | `openclaw agent` commands that run through the gateway | `done_only`           |
+
+Main-session cron tasks use `silent` notify policy by default — they create records for tracking but do not generate notifications. Isolated cron tasks also default to `silent` but are more visible because they run in their own session.
+
+**What does not create tasks:**
+
+- Heartbeat turns — main-session; see [Heartbeat](/gateway/heartbeat)
+- Normal interactive chat turns
+- Direct `/command` responses
+
+## Task lifecycle
+
+```mermaid
+stateDiagram-v2
+    [*] --> queued
+    queued --> running : agent starts
+    running --> succeeded : completes ok
+    running --> failed : error
+    running --> timed_out : timeout exceeded
+    running --> cancelled : operator cancels
+    queued --> lost : session gone > 5 min
+    running --> lost : session gone > 5 min
+```
+
+| Status      | What it means                                                              |
+| ----------- | -------------------------------------------------------------------------- |
+| `queued`    | Created, waiting for the agent to start                                    |
+| `running`   | Agent turn is actively executing                                           |
+| `succeeded` | Completed successfully                                                     |
+| `failed`    | Completed with an error                                                    |
+| `timed_out` | Exceeded the configured timeout                                            |
+| `cancelled` | Stopped by the operator via `openclaw tasks cancel`                        |
+| `lost`      | Backing child session disappeared (detected after a 5-minute grace period) |
+
+Transitions happen automatically — when the associated agent run ends, the task status updates to match.
+
+## Delivery and notifications
+
+When a task reaches a terminal state, OpenClaw notifies you. There are two delivery paths:
+
+**Direct delivery** — if the task has a channel target (the `requesterOrigin`), the completion message goes straight to that channel (Telegram, Discord, Slack, etc.).
+
+**Session-queued delivery** — if direct delivery fails or no origin is set, the update is queued as a system event in the requester's session and surfaces on the next heartbeat.
+
+<Tip>
+Task completion triggers an immediate heartbeat wake so you see the result quickly — you do not have to wait for the next scheduled heartbeat tick.
+</Tip>
+
+### Notification policies
+
+Control how much you hear about each task:
+
+| Policy                | What is delivered                                                       |
+| --------------------- | ----------------------------------------------------------------------- |
+| `done_only` (default) | Only terminal state (succeeded, failed, etc.) — **this is the default** |
+| `state_changes`       | Every state transition and progress update                              |
+| `silent`              | Nothing at all                                                          |
+
+Change the policy while a task is running:
+
+```bash
+openclaw tasks notify <lookup> state_changes
+```
+
+## CLI reference
+
+### `tasks list`
+
+```bash
+openclaw tasks list [--runtime <acp|subagent|cron|cli>] [--status <status>] [--json]
+```
+
+Output columns: Task ID, Kind, Status, Delivery, Run ID, Child Session, Summary.
+
+### `tasks show`
+
+```bash
+openclaw tasks show <lookup>
+```
+
+The lookup token accepts a task ID, run ID, or session key. Shows the full record including timing, delivery state, error, and terminal summary.
+
+### `tasks cancel`
+
+```bash
+openclaw tasks cancel <lookup>
+```
+
+For ACP and subagent tasks, this kills the child session. Status transitions to `cancelled` and a delivery notification is sent.
+
+### `tasks notify`
+
+```bash
+openclaw tasks notify <lookup> <done_only|state_changes|silent>
+```
+
+### `tasks audit`
+
+```bash
+openclaw tasks audit [--json]
+```
+
+Surfaces operational issues. Findings also appear in `openclaw status` when issues are detected.
+
+| Finding                   | Severity | Trigger                                               |
+| ------------------------- | -------- | ----------------------------------------------------- |
+| `stale_queued`            | warn     | Queued for more than 10 minutes                       |
+| `stale_running`           | error    | Running for more than 30 minutes                      |
+| `lost`                    | error    | Backing session is gone                               |
+| `delivery_failed`         | warn     | Delivery failed and notify policy is not `silent`     |
+| `missing_cleanup`         | warn     | Terminal task with no cleanup timestamp               |
+| `inconsistent_timestamps` | warn     | Timeline violation (for example ended before started) |
+
+## Status integration (task pressure)
+
+`openclaw status` includes an at-a-glance task summary:
+
+```
+Tasks: 3 queued · 2 running · 1 issues
+```
+
+The summary reports:
+
+- **active** — count of `queued` + `running`
+- **failures** — count of `failed` + `timed_out` + `lost`
+- **byRuntime** — breakdown by `acp`, `subagent`, `cron`, `cli`
+
+## Storage and maintenance
+
+### Where tasks live
+
+Task records persist in SQLite at:
+
+```
+$OPENCLAW_STATE_DIR/tasks/runs.sqlite
+```
+
+The registry loads into memory at gateway start and syncs writes to SQLite for durability across restarts.
+
+### Automatic maintenance
+
+A sweeper runs every **60 seconds** and handles three things:
+
+1. **Reconciliation** — checks if active tasks' backing sessions still exist. If a child session has been gone for more than 5 minutes, the task is marked `lost`.
+2. **Cleanup stamping** — sets a `cleanupAfter` timestamp on terminal tasks (endedAt + 7 days).
+3. **Pruning** — deletes records past their `cleanupAfter` date.
+
+**Retention**: terminal task records are kept for **7 days**, then automatically pruned. No configuration needed.
+
+## How tasks relate to other systems
+
+### Tasks and cron
+
+A cron job **definition** lives in `~/.openclaw/cron/jobs.json`. **Every** cron execution creates a task record — both main-session and isolated. Main-session cron tasks default to `silent` notify policy so they track without generating notifications.
+
+See [Cron Jobs](/automation/cron-jobs).
+
+### Tasks and heartbeat
+
+Heartbeat runs are main-session turns — they do not create task records. When a task completes, it can trigger a heartbeat wake so you see the result promptly.
+
+See [Heartbeat](/gateway/heartbeat).
+
+### Tasks and sessions
+
+A task may reference a `childSessionKey` (where work runs) and a `requesterSessionKey` (who started it). Sessions are conversation context; tasks are activity tracking on top of that.
+
+### Tasks and agent runs
+
+A task's `runId` links to the agent run doing the work. Agent lifecycle events (start, end, error) automatically update the task status — you do not need to manage the lifecycle manually.
+
+## Related
+
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Cron Jobs](/automation/cron-jobs) — scheduling background work
+- [Cron vs Heartbeat](/automation/cron-vs-heartbeat) — choosing the right mechanism
+- [Heartbeat](/gateway/heartbeat) — periodic main-session turns
+- [CLI: Tasks](/cli/index#tasks) — CLI command reference

docs/channels/bluebubbles.md

@@ -420,3 +420,11 @@ Prefer `chat_guid` for stable routing:
 - For status/health info: `openclaw status --all` or `openclaw status --deep`.
 
 For general channel workflow reference, see [Channels](/channels) and the [Plugins](/tools/plugin) guide.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/discord.md

@@ -103,7 +103,7 @@ openclaw config set channels.discord.enabled true --strict-json
 openclaw gateway
 ```
 
-    If OpenClaw is already running as a background service, use `openclaw gateway restart` instead.
+    If OpenClaw is already running as a background service, restart it via the OpenClaw Mac app or by stopping and restarting the `openclaw gateway run` process.
 
   </Step>
 
@@ -948,11 +948,15 @@ Default slash command settings:
     Config path:
 
     - `channels.discord.execApprovals.enabled`
-    - `channels.discord.execApprovals.approvers`
+    - `channels.discord.execApprovals.approvers` (optional; falls back to owner IDs inferred from `allowFrom` and explicit DM `defaultTo` when possible)
     - `channels.discord.execApprovals.target` (`dm` | `channel` | `both`, default: `dm`)
     - `agentFilter`, `sessionFilter`, `cleanupAfterResolve`
 
-    When `target` is `channel` or `both`, the approval prompt is visible in the channel. Only configured approvers can use the buttons; other users receive an ephemeral denial. Approval prompts include the command text, so only enable channel delivery in trusted channels. If the channel ID cannot be derived from the session key, OpenClaw falls back to DM delivery.
+    Discord becomes an approval client when `enabled: true` and at least one approver can be resolved, either from `execApprovals.approvers` or from the account's existing owner config (`allowFrom`, legacy `dm.allowFrom`, or explicit DM `defaultTo`).
+
+    When `target` is `channel` or `both`, the approval prompt is visible in the channel. Only resolved approvers can use the buttons; other users receive an ephemeral denial. Approval prompts include the command text, so only enable channel delivery in trusted channels. If the channel ID cannot be derived from the session key, OpenClaw falls back to DM delivery.
+
+    Discord also renders the shared approval buttons used by other chat channels. The native Discord adapter mainly adds approver DM routing and channel fanout.
 
     Gateway auth for this handler uses the same shared credential resolution contract as other Gateway clients:
 
@@ -961,7 +965,7 @@ Default slash command settings:
     - remote-mode support via `gateway.remote.*` when applicable
     - URL overrides are override-safe: CLI overrides do not reuse implicit credentials, and env overrides use env credentials only
 
-    If approvals fail with unknown approval IDs, verify approver list and feature enablement.
+    Exec approvals expire after 30 minutes by default. If approvals fail with unknown approval IDs, verify approver resolution and feature enablement.
 
     Related docs: [Exec approvals](/tools/exec-approvals)
 
@@ -992,7 +996,7 @@ Default gate behavior:
 
 ## Components v2 UI
 
-OpenClaw uses Discord components v2 for exec approvals and cross-context markers. Discord message actions can also accept `components` for custom UI (advanced; requires Carbon component instances), while legacy `embeds` remain available but are not recommended.
+OpenClaw uses Discord components v2 for exec approvals and cross-context markers. Discord message actions can also accept `components` for custom UI (advanced; requires constructing a component payload via the discord tool), while legacy `embeds` remain available but are not recommended.
 
 - `channels.discord.ui.components.accentColor` sets the accent color used by Discord component containers (hex).
 - Set per account with `channels.discord.accounts.<id>.ui.components.accentColor`.
@@ -1228,7 +1232,9 @@ High-signal Discord fields:
 ## Related
 
 - [Pairing](/channels/pairing)
+- [Groups](/channels/groups)
 - [Channel routing](/channels/channel-routing)
+- [Security](/gateway/security)
 - [Multi-agent routing](/concepts/multi-agent)
 - [Troubleshooting](/channels/troubleshooting)
 - [Slash commands](/tools/slash-commands)

docs/channels/feishu.md

@@ -81,7 +81,7 @@ Lark (global) tenants should use [https://open.larksuite.com/app](https://open.l
 2. Fill in the app name + description
 3. Choose an app icon
 
-![Create enterprise app](../images/feishu-step2-create-app.png)
+![Create enterprise app](/images/feishu-step2-create-app.png)
 
 ### 3. Copy credentials
 
@@ -92,7 +92,7 @@ From **Credentials & Basic Info**, copy:
 
 ❗ **Important:** keep the App Secret private.
 
-![Get credentials](../images/feishu-step3-credentials.png)
+![Get credentials](/images/feishu-step3-credentials.png)
 
 ### 4. Configure permissions
 
@@ -126,7 +126,7 @@ On **Permissions**, click **Batch import** and paste:
 }
 ```
 
-![Configure permissions](../images/feishu-step4-permissions.png)
+![Configure permissions](/images/feishu-step4-permissions.png)
 
 ### 5. Enable bot capability
 
@@ -135,7 +135,7 @@ In **App Capability** > **Bot**:
 1. Enable bot capability
 2. Set the bot name
 
-![Enable bot capability](../images/feishu-step5-bot-capability.png)
+![Enable bot capability](/images/feishu-step5-bot-capability.png)
 
 ### 6. Configure event subscription
 
@@ -151,7 +151,7 @@ In **Event Subscription**:
 
 ⚠️ If the gateway is not running, the long-connection setup may fail to save.
 
-![Configure event subscription](../images/feishu-step6-event-subscription.png)
+![Configure event subscription](/images/feishu-step6-event-subscription.png)
 
 ### 7. Publish the app
 
@@ -206,7 +206,7 @@ When using webhook mode, set both `channels.feishu.verificationToken` and `chann
 
 The screenshot below shows where to find the **Verification Token**. The **Encrypt Key** is listed in the same **Encryption** section.
 
-![Verification Token location](../images/feishu-verification-token.png)
+![Verification Token location](/images/feishu-verification-token.png)
 
 ### Configure via environment variables
 
@@ -395,6 +395,8 @@ In addition to allowing the group itself, **all messages** in that group are gat
 
 ---
 
+<a id="get-groupuser-ids"></a>
+
 ## Get group/user IDs
 
 ### Group IDs (chat_id)
@@ -748,3 +750,11 @@ Feishu currently exposes these runtime actions:
 - `channel-info`
 - `channel-list`
 - `react` and `reactions` when reactions are enabled in config
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/googlechat.md

@@ -260,3 +260,11 @@ Related docs:
 - [Gateway configuration](/gateway/configuration)
 - [Security](/gateway/security)
 - [Reactions](/tools/reactions)
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/groups.md

@@ -54,6 +54,8 @@ If you want...
 - Direct chats use the main session (or per-sender if configured).
 - Heartbeats are skipped for group sessions.
 
+<a id="pattern-personal-dms-public-groups-single-agent"></a>
+
 ## Pattern: personal DMs + public groups (single agent)
 
 Yes — this works well if your “personal” traffic is **DMs** and your “public” traffic is **groups**.

docs/channels/imessage.md

@@ -417,3 +417,11 @@ imsg send <handle> "test"
 - [Gateway configuration](/gateway/configuration)
 - [Pairing](/channels/pairing)
 - [BlueBubbles](/channels/bluebubbles)
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/irc.md

@@ -240,3 +240,11 @@ Default account supports:
 - If the bot connects but never replies in channels, verify `channels.irc.groups` **and** whether mention-gating is dropping messages (`missing-mention`). If you want it to reply without pings, set `requireMention:false` for the channel.
 - If login fails, verify nick availability and server password.
 - If TLS fails on a custom network, verify host/port and certificate setup.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/line.md

@@ -211,3 +211,11 @@ Generic media sends fall back to the existing image-only route when a LINE-speci
   and that the gateway is reachable from LINE.
 - **Media download errors:** raise `channels.line.mediaMaxMb` if media exceeds the
   default limit.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/matrix.md

@@ -679,6 +679,25 @@ openclaw matrix account add \
 This opt-in only allows trusted private/internal targets. Public cleartext homeservers such as
 `http://matrix.example.org:8008` remain blocked. Prefer `https://` whenever possible.
 
+## Proxying Matrix traffic
+
+If your Matrix deployment needs an explicit outbound HTTP(S) proxy, set `channels.matrix.proxy`:
+
+```json5
+{
+  channels: {
+    matrix: {
+      homeserver: "https://matrix.example.org",
+      accessToken: "syt_bot_xxx",
+      proxy: "http://127.0.0.1:7890",
+    },
+  },
+}
+```
+
+Named accounts can override the top-level default with `channels.matrix.accounts.<id>.proxy`.
+OpenClaw uses the same proxy setting for runtime Matrix traffic and account status probes.
+
 ## Target resolution
 
 Matrix accepts these target forms anywhere OpenClaw asks you for a room or user target:
@@ -700,6 +719,7 @@ Live directory lookup uses the logged-in Matrix account:
 - `defaultAccount`: preferred account ID when multiple Matrix accounts are configured.
 - `homeserver`: homeserver URL, for example `https://matrix.example.org`.
 - `allowPrivateNetwork`: allow this Matrix account to connect to private/internal homeservers. Enable this when the homeserver resolves to `localhost`, a LAN/Tailscale IP, or an internal host such as `matrix-synapse`.
+- `proxy`: optional HTTP(S) proxy URL for Matrix traffic. Named accounts can override the top-level default with their own `proxy`.
 - `userId`: full Matrix user ID, for example `@bot:example.org`.
 - `accessToken`: access token for token-based auth. Plaintext values and SecretRef values are supported for `channels.matrix.accessToken` and `channels.matrix.accounts.<id>.accessToken` across env/file/exec providers. See [Secrets Management](/gateway/secrets).
 - `password`: password for password-based login. Plaintext values and SecretRef values are supported.
@@ -733,3 +753,11 @@ Live directory lookup uses the logged-in Matrix account:
 - `groups`: per-room policy map. Prefer room IDs or aliases; unresolved room names are ignored at runtime. Session/group identity uses the stable room ID after resolution, while human-readable labels still come from room names.
 - `rooms`: legacy alias for `groups`.
 - `actions`: per-action tool gating (`messages`, `reactions`, `pins`, `profile`, `memberInfo`, `channelInfo`, `verification`).
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/mattermost.md

@@ -425,3 +425,11 @@ Mattermost supports multiple accounts under `channels.mattermost.accounts`:
 - Gateway logs `missing _token in context`: the `_token` field is not in the button's context. Ensure it is included when building the integration payload.
 - Confirmation shows raw ID instead of button name: `context.action_id` does not match the button's `id`. Set both to the same sanitized value.
 - Agent doesn't know about buttons: add `capabilities: ["inlineButtons"]` to the Mattermost channel config.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/msteams.md

@@ -779,3 +779,11 @@ Bots have limited support in private channels:
 - [RSC permissions reference](https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent)
 - [Teams bot file handling](https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/bots-filesv4) (channel/group requires Graph)
 - [Proactive messaging](https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/conversations/send-proactive-messages)
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/nextcloud-talk.md

@@ -136,3 +136,11 @@ Provider options:
 - `channels.nextcloud-talk.blockStreaming`: disable block streaming for this channel.
 - `channels.nextcloud-talk.blockStreamingCoalesce`: block streaming coalesce tuning.
 - `channels.nextcloud-talk.mediaMaxMb`: inbound media cap (MB).
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/nostr.md

@@ -247,3 +247,11 @@ docker run -p 7777:7777 ghcr.io/hoytech/strfry
 - Direct messages only (no group chats).
 - No media attachments.
 - NIP-04 only (NIP-17 gift-wrap planned).
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/signal.md

@@ -327,3 +327,11 @@ Related global options:
 - `agents.list[].groupChat.mentionPatterns` (Signal does not support native mentions).
 - `messages.groupChat.mentionPatterns` (global fallback).
 - `messages.responsePrefix`.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/slack.md

@@ -599,6 +599,8 @@ Primary reference:
 ## Related
 
 - [Pairing](/channels/pairing)
+- [Groups](/channels/groups)
+- [Security](/gateway/security)
 - [Channel routing](/channels/channel-routing)
 - [Troubleshooting](/channels/troubleshooting)
 - [Configuration](/gateway/configuration)

docs/channels/synology-chat.md

@@ -140,3 +140,11 @@ but duplicate exact paths are still rejected fail-closed. Prefer explicit per-ac
 - Prefer `dmPolicy: "allowlist"` for production.
 - Keep `dangerouslyAllowNameMatching` off unless you explicitly need legacy username-based reply delivery.
 - Keep `dangerouslyAllowInheritedWebhookPath` off unless you explicitly accept shared-path routing risk in a multi-account setup.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/telegram.md

@@ -806,21 +806,23 @@ openclaw message poll --channel telegram --target -1001234567890:topic:42 \
     Config path:
 
     - `channels.telegram.execApprovals.enabled`
-    - `channels.telegram.execApprovals.approvers`
+    - `channels.telegram.execApprovals.approvers` (optional; falls back to numeric owner IDs inferred from `allowFrom` and direct `defaultTo` when possible)
     - `channels.telegram.execApprovals.target` (`dm` | `channel` | `both`, default: `dm`)
     - `agentFilter`, `sessionFilter`
 
-    Approvers must be numeric Telegram user IDs. When `enabled` is false or `approvers` is empty, Telegram does not act as an exec approval client. Approval requests fall back to other configured approval routes or the exec approval fallback policy.
+    Approvers must be numeric Telegram user IDs. Telegram becomes an exec approval client when `enabled` is true and at least one approver can be resolved, either from `execApprovals.approvers` or from the account's numeric owner config (`allowFrom` and direct-message `defaultTo`). Approval requests otherwise fall back to other configured approval routes or the exec approval fallback policy.
+
+    Telegram also renders the shared approval buttons used by other chat channels. The native Telegram adapter mainly adds approver DM routing, channel/topic fanout, and typing hints before delivery.
 
     Delivery rules:
 
-    - `target: "dm"` sends approval prompts only to configured approver DMs
+    - `target: "dm"` sends approval prompts only to resolved approver DMs
     - `target: "channel"` sends the prompt back to the originating Telegram chat/topic
     - `target: "both"` sends to approver DMs and the originating chat/topic
 
-    Only configured approvers can approve or deny. Non-approvers cannot use `/approve` and cannot use Telegram approval buttons.
+    Only resolved approvers can approve or deny. Non-approvers cannot use `/approve` and cannot use Telegram approval buttons.
 
-    Channel delivery shows the command text in the chat, so only enable `channel` or `both` in trusted groups/topics. When the prompt lands in a forum topic, OpenClaw preserves the topic for both the approval prompt and the post-approval follow-up.
+    Channel delivery shows the command text in the chat, so only enable `channel` or `both` in trusted groups/topics. When the prompt lands in a forum topic, OpenClaw preserves the topic for both the approval prompt and the post-approval follow-up. Exec approvals expire after 30 minutes by default.
 
     Inline approval buttons also depend on `channels.telegram.capabilities.inlineButtons` allowing the target surface (`dm`, `group`, or `all`).
 
@@ -932,7 +934,7 @@ Primary reference:
 - top-level `bindings[]` with `type: "acp"` and canonical topic id `chatId:topic:topicId` in `match.peer.id`: persistent ACP topic binding fields (see [ACP Agents](/tools/acp-agents#channel-specific-settings)).
 - `channels.telegram.direct.<id>.topics.<threadId>.agentId`: route DM topics to a specific agent (same behavior as forum topics).
 - `channels.telegram.execApprovals.enabled`: enable Telegram as a chat-based exec approval client for this account.
-- `channels.telegram.execApprovals.approvers`: Telegram user IDs allowed to approve or deny exec requests. Required when exec approvals are enabled.
+- `channels.telegram.execApprovals.approvers`: Telegram user IDs allowed to approve or deny exec requests. Optional when `channels.telegram.allowFrom` or a direct `channels.telegram.defaultTo` already identifies the owner.
 - `channels.telegram.execApprovals.target`: `dm | channel | both` (default: `dm`). `channel` and `both` preserve the originating Telegram topic when present.
 - `channels.telegram.execApprovals.agentFilter`: optional agent ID filter for forwarded approval prompts.
 - `channels.telegram.execApprovals.sessionFilter`: optional session key filter (substring or regex) for forwarded approval prompts.
@@ -982,6 +984,8 @@ Telegram-specific high-signal fields:
 ## Related
 
 - [Pairing](/channels/pairing)
+- [Groups](/channels/groups)
+- [Security](/gateway/security)
 - [Channel routing](/channels/channel-routing)
 - [Multi-agent routing](/concepts/multi-agent)
 - [Troubleshooting](/channels/troubleshooting)

docs/channels/tlon.md

@@ -274,3 +274,11 @@ Provider options:
 - Thread replies: if the inbound message is in a thread, OpenClaw replies in-thread.
 - Rich text: Markdown formatting (bold, italic, code, headers, lists) is converted to Tlon's native format.
 - Images: URLs are uploaded to Tlon storage and embedded as image blocks.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/twitch.md

@@ -377,3 +377,11 @@ Example:
 - **500 characters** per message (auto-chunked at word boundaries)
 - Markdown is stripped before chunking
 - No rate limiting (uses Twitch's built-in rate limits)
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/whatsapp.md

@@ -455,6 +455,8 @@ High-signal WhatsApp fields:
 ## Related
 
 - [Pairing](/channels/pairing)
+- [Groups](/channels/groups)
+- [Security](/gateway/security)
 - [Channel routing](/channels/channel-routing)
 - [Multi-agent routing](/concepts/multi-agent)
 - [Troubleshooting](/channels/troubleshooting)

docs/channels/zalo.md

@@ -241,3 +241,11 @@ Multi-account options:
 - `channels.zalo.accounts.<id>.webhookSecret`: per-account webhook secret.
 - `channels.zalo.accounts.<id>.webhookPath`: per-account webhook path.
 - `channels.zalo.accounts.<id>.proxy`: per-account proxy URL.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/zalouser.md

@@ -179,3 +179,11 @@ Accounts map to `zalouser` profiles in OpenClaw state. Example:
 
 - Remove any old external `zca` process assumptions.
 - The channel now runs fully in OpenClaw without external CLI binaries.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/cli/acp.md

@@ -147,6 +147,10 @@ Per-session `mcpServers` are not supported in bridge mode. If an ACP client
 sends them during `newSession` or `loadSession`, the bridge returns a clear
 error instead of silently ignoring them.
 
+If you want ACPX-backed sessions to see OpenClaw plugin tools, enable the
+gateway-side ACPX plugin bridge instead of trying to pass per-session
+`mcpServers`. See [ACP Agents](/tools/acp-agents#plugin-tools-mcp-bridge).
+
 ## Use from `acpx` (Codex, Claude, other ACP clients)
 
 If you want a coding agent such as Codex or Claude Code to talk to your

docs/cli/index.md

@@ -64,6 +64,7 @@ This page describes the current CLI behavior. If commands change, update this do
 
 - `--dev`: isolate state under `~/.openclaw-dev` and shift default ports.
 - `--profile <name>`: isolate state under `~/.openclaw-<name>`.
+- `--container <name>`: target a named container for execution.
 - `--no-color`: disable ANSI colors.
 - `--update`: shorthand for `openclaw update` (source installs only).
 - `-V`, `--version`, `-v`: print version and exit.
@@ -155,11 +156,21 @@ openclaw [--dev] [--profile <name>] <command>
     list
     add
     delete
+    bindings
+    bind
+    unbind
+    set-identity
   acp
   mcp
   status
   health
   sessions
+    cleanup
+  tasks
+    list
+    show
+    notify
+    cancel
   gateway
     call
     health
@@ -193,7 +204,7 @@ openclaw [--dev] [--profile <name>] <command>
     fallbacks list|add|remove|clear
     image-fallbacks list|add|remove|clear
     scan
-    auth add|setup-token|paste-token
+    auth add|login|login-github-copilot|setup-token|paste-token
     auth order get|set|clear
   sandbox
     list
@@ -349,7 +360,18 @@ Options:
 - `--non-interactive`
 - `--mode <local|remote>`
 - `--flow <quickstart|advanced|manual>` (manual is an alias for advanced)
-- `--auth-choice <setup-token|token|chutes|openai-codex|openai-api-key|openrouter-api-key|ollama|ai-gateway-api-key|moonshot-api-key|moonshot-api-key-cn|kimi-code-api-key|synthetic-api-key|venice-api-key|gemini-api-key|zai-api-key|mistral-api-key|apiKey|minimax-api|minimax-api-lightning|opencode-zen|opencode-go|custom-api-key|skip>`
+- `--auth-choice <choice>` where `<choice>` is one of:
+  `setup-token`, `token`, `chutes`, `deepseek-api-key`, `openai-codex`, `openai-api-key`,
+  `openrouter-api-key`, `kilocode-api-key`, `litellm-api-key`, `ai-gateway-api-key`,
+  `cloudflare-ai-gateway-api-key`, `moonshot-api-key`, `moonshot-api-key-cn`,
+  `kimi-code-api-key`, `synthetic-api-key`, `venice-api-key`, `together-api-key`,
+  `huggingface-api-key`, `apiKey`, `gemini-api-key`, `google-gemini-cli`, `zai-api-key`,
+  `zai-coding-global`, `zai-coding-cn`, `zai-global`, `zai-cn`, `xiaomi-api-key`,
+  `minimax-global-oauth`, `minimax-global-api`, `minimax-cn-oauth`, `minimax-cn-api`,
+  `opencode-zen`, `opencode-go`, `github-copilot`, `copilot-proxy`, `xai-api-key`,
+  `mistral-api-key`, `volcengine-api-key`, `byteplus-api-key`, `qianfan-api-key`,
+  `modelstudio-standard-api-key-cn`, `modelstudio-standard-api-key`,
+  `modelstudio-api-key-cn`, `modelstudio-api-key`, `custom-api-key`, `skip`
 - `--token-provider <id>` (non-interactive; used with `--auth-choice token`)
 - `--token <token>` (non-interactive; used with `--auth-choice token`)
 - `--token-profile-id <id>` (non-interactive; default: `<provider>:manual`)
@@ -367,8 +389,8 @@ Options:
 - `--minimax-api-key <key>`
 - `--opencode-zen-api-key <key>`
 - `--opencode-go-api-key <key>`
-- `--custom-base-url <url>` (non-interactive; used with `--auth-choice custom-api-key` or `--auth-choice ollama`)
-- `--custom-model-id <id>` (non-interactive; used with `--auth-choice custom-api-key` or `--auth-choice ollama`)
+- `--custom-base-url <url>` (non-interactive; used with `--auth-choice custom-api-key`)
+- `--custom-model-id <id>` (non-interactive; used with `--auth-choice custom-api-key`)
 - `--custom-api-key <key>` (non-interactive; optional; used with `--auth-choice custom-api-key`; falls back to `CUSTOM_API_KEY` when omitted)
 - `--custom-provider-id <id>` (non-interactive; optional custom provider id)
 - `--custom-compatibility <openai|anthropic>` (non-interactive; optional; default `openai`)
@@ -387,8 +409,11 @@ Options:
 - `--daemon-runtime <node|bun>`
 - `--skip-channels`
 - `--skip-skills`
+- `--skip-search`
 - `--skip-health`
 - `--skip-ui`
+- `--cloudflare-ai-gateway-account-id <id>`
+- `--cloudflare-ai-gateway-gateway-id <id>`
 - `--node-manager <npm|pnpm|bun>` (pnpm recommended; bun not recommended for Gateway runtime)
 - `--json`
 
@@ -429,6 +454,9 @@ Options:
 - `--yes`: accept defaults without prompting (headless).
 - `--non-interactive`: skip prompts; apply safe migrations only.
 - `--deep`: scan system services for extra gateway installs.
+- `--repair` (alias: `--fix`): attempt automatic repairs for detected issues.
+- `--force`: force repairs even when not strictly needed.
+- `--generate-gateway-token`: generate a new gateway auth token.
 
 ## Channel helpers
 
@@ -582,15 +610,19 @@ Run one agent turn via the Gateway (or `--local` embedded).
 
 Required:
 
-- `--message <text>`
+- `-m, --message <text>`
 
 Options:
 
-- `--to <dest>` (for session key and optional delivery)
+- `-t, --to <dest>` (for session key and optional delivery)
 - `--session-id <id>`
-- `--thinking <off|minimal|low|medium|high|xhigh>` (GPT-5.2 + Codex models only)
-- `--verbose <on|full|off>`
-- `--channel <whatsapp|telegram|discord|slack|mattermost|signal|imessage|msteams>`
+- `--agent <id>` (agent id; overrides routing bindings)
+- `--thinking <off|minimal|low|medium|high|xhigh>` (provider support varies; not model-gated at CLI level)
+- `--verbose <on|off>`
+- `--channel <channel>` (delivery channel; omit to use the main session channel)
+- `--reply-to <target>` (delivery target override, separate from session routing)
+- `--reply-channel <channel>` (delivery channel override)
+- `--reply-account <id>` (delivery account id override)
 - `--local`
 - `--deliver`
 - `--json`
@@ -724,6 +756,12 @@ Options:
 - `--verbose`
 - `--store <path>`
 - `--active <minutes>`
+- `--agent <id>` (filter sessions by agent)
+- `--all-agents` (show sessions across all agents)
+
+Subcommands:
+
+- `sessions cleanup` — remove expired or orphaned sessions
 
 ## Reset / Uninstall
 
@@ -761,6 +799,16 @@ Notes:
 
 - `--non-interactive` requires `--yes` and explicit scopes (or `--all`).
 
+### `tasks`
+
+List and manage [background task](/automation/tasks) runs across agents.
+
+- `tasks list` — show active and recent task runs
+- `tasks show <id>` — show details for a specific task run
+- `tasks notify <id>` — change notification policy for a task run
+- `tasks cancel <id>` — cancel a running task
+- `tasks audit` — surface operational issues (stale, lost, delivery failures)
+
 ## Gateway
 
 ### `gateway`
@@ -818,10 +866,16 @@ Notes:
 
 Tail Gateway file logs via RPC.
 
-Notes:
+Options:
 
-- TTY sessions render a colorized, structured view; non-TTY falls back to plain text.
-- `--json` emits line-delimited JSON (one log event per line).
+- `--limit <n>`: maximum number of log lines to return
+- `--max-bytes <n>`: maximum bytes to read from the log file
+- `--follow`: follow the log file (tail -f style)
+- `--interval <ms>`: polling interval in ms when following
+- `--local-time`: display timestamps in local time
+- `--json`: emit line-delimited JSON
+- `--plain`: disable structured formatting
+- `--no-color`: disable ANSI colors
 
 Examples:
 
@@ -878,9 +932,10 @@ Anthropic Claude CLI migration:
 
 ```bash
 openclaw models auth login --provider anthropic --method cli --set-default
-openclaw onboard --auth-choice anthropic-cli
 ```
 
+Note: `--auth-choice anthropic-cli` is a deprecated legacy alias. Use `models auth login` instead.
+
 ### `models` (root)
 
 `openclaw models` is an alias for `models status`.
@@ -968,11 +1023,13 @@ Options:
 - `--set-image`
 - `--json`
 
-### `models auth add|setup-token|paste-token`
+### `models auth add|login|login-github-copilot|setup-token|paste-token`
 
 Options:
 
 - `add`: interactive auth helper
+- `login`: `--provider <name>`, `--method <method>`, `--set-default`
+- `login-github-copilot`: GitHub Copilot OAuth login flow
 - `setup-token`: `--provider <name>` (default `anthropic`), `--yes`
 - `paste-token`: `--provider <name>`, `--profile-id <id>`, `--expires-in <duration>`
 
@@ -1073,7 +1130,6 @@ Subcommands:
 - `nodes reject <requestId>`
 - `nodes rename --node <id|name|ip> --name <displayName>`
 - `nodes invoke --node <id|name|ip> --command <command> [--params <json>] [--invoke-timeout <ms>] [--idempotency-key <key>]`
-- `nodes run --node <id|name|ip> [--cwd <path>] [--env KEY=VAL] [--command-timeout <ms>] [--needs-screen-recording] [--invoke-timeout <ms>] <command...>` (mac node or headless node host)
 - `nodes notify --node <id|name|ip> [--title <text>] [--body <text>] [--sound <name>] [--priority <passive|active|timeSensitive>] [--delivery <system|overlay|auto>] [--invoke-timeout <ms>]` (mac only)
 
 Camera:

docs/cli/mcp.md

@@ -410,13 +410,45 @@ Example config shape:
 }
 ```
 
-Typical fields:
+### Stdio transport
 
-- `command`
-- `args`
-- `env`
-- `cwd` or `workingDirectory`
-- `url`
+Launches a local child process and communicates over stdin/stdout.
+
+| Field                      | Description                       |
+| -------------------------- | --------------------------------- |
+| `command`                  | Executable to spawn (required)    |
+| `args`                     | Array of command-line arguments   |
+| `env`                      | Extra environment variables       |
+| `cwd` / `workingDirectory` | Working directory for the process |
+
+### SSE / HTTP transport
+
+Connects to a remote MCP server over HTTP Server-Sent Events.
+
+| Field     | Description                                                      |
+| --------- | ---------------------------------------------------------------- |
+| `url`     | HTTP or HTTPS URL of the remote server (required)                |
+| `headers` | Optional key-value map of HTTP headers (for example auth tokens) |
+
+Example:
+
+```json
+{
+  "mcp": {
+    "servers": {
+      "remote-tools": {
+        "url": "https://mcp.example.com",
+        "headers": {
+          "Authorization": "Bearer <token>"
+        }
+      }
+    }
+  }
+}
+```
+
+Sensitive values in `url` (userinfo) and `headers` are redacted in logs and
+status output.
 
 These commands manage saved config only. They do not start the channel bridge,
 open a live MCP client session, or prove the target server is reachable.
@@ -430,6 +462,6 @@ Current limits:
 - conversation discovery depends on existing Gateway session route metadata
 - no generic push protocol beyond the Claude-specific adapter
 - no message edit or react tools yet
-- no dedicated HTTP MCP transport yet
+- HTTP/SSE transport connects to a single remote server; no multiplexed upstream yet
 - `permissions_list_open` only includes approvals observed while the bridge is
   connected

docs/cli/nodes.md

@@ -37,13 +37,10 @@ openclaw nodes status --last-connected 24h
 Use `--connected` to only show currently-connected nodes. Use `--last-connected <duration>` to
 filter to nodes that connected within a duration (e.g. `24h`, `7d`).
 
-## Invoke / run
+## Invoke
 
 ```bash
 openclaw nodes invoke --node <id|name|ip> --command <command> --params <json>
-openclaw nodes run --node <id|name|ip> <command...>
-openclaw nodes run --raw "git status"
-openclaw nodes run --agent main --node <id|name|ip> --raw "git status"
 ```
 
 Invoke flags:
@@ -51,25 +48,8 @@ Invoke flags:
 - `--params <json>`: JSON object string (default `{}`).
 - `--invoke-timeout <ms>`: node invoke timeout (default `15000`).
 - `--idempotency-key <key>`: optional idempotency key.
+- `system.run` and `system.run.prepare` are blocked here; use the `exec` tool with `host=node` for shell execution.
 
-### Exec-style defaults
-
-`nodes run` mirrors the model’s exec behavior (defaults + approvals):
-
-- Reads `tools.exec.*` (plus `agents.list[].tools.exec.*` overrides).
-- Uses exec approvals (`exec.approval.request`) before invoking `system.run`.
-- `--node` can be omitted when `tools.exec.node` is set.
-- Requires a node that advertises `system.run` (macOS companion app or headless node host).
-
-Flags:
-
-- `--cwd <path>`: working directory.
-- `--env <key=val>`: env override (repeatable). Note: node hosts ignore `PATH` overrides (and `tools.exec.pathPrepend` is not applied to node hosts).
-- `--command-timeout <ms>`: command timeout.
-- `--invoke-timeout <ms>`: node invoke timeout (default `30000`).
-- `--needs-screen-recording`: require screen recording permission.
-- `--raw <command>`: run a shell string (`/bin/sh -lc` or `cmd.exe /c`).
-  In allowlist mode on Windows node hosts, `cmd.exe /c` shell-wrapper runs require approval
-  (allowlist entry alone does not auto-allow the wrapper form).
-- `--agent <id>`: agent-scoped approvals/allowlists (defaults to configured agent).
-- `--ask <off|on-miss|always>`, `--security <deny|allowlist|full>`: overrides.
+For shell execution on a node, use the `exec` tool with `host=node` instead of `openclaw nodes run`.
+The `nodes` CLI is now capability-focused: direct RPC via `nodes invoke`, plus pairing, camera,
+screen, location, canvas, and notifications.

docs/concepts/agent-loop.md

@@ -87,6 +87,7 @@ These run inside the agent loop or gateway pipeline:
 - **`agent_end`**: inspect the final message list and run metadata after completion.
 - **`before_compaction` / `after_compaction`**: observe or annotate compaction cycles.
 - **`before_tool_call` / `after_tool_call`**: intercept tool params/results.
+- **`before_install`**: inspect built-in scan findings and optionally block skill or plugin installs.
 - **`tool_result_persist`**: synchronously transform tool results before they are written to the session transcript.
 - **`message_received` / `message_sending` / `message_sent`**: inbound + outbound message hooks.
 - **`session_start` / `session_end`**: session lifecycle boundaries.
@@ -96,6 +97,8 @@ Hook decision rules for outbound/tool guards:
 
 - `before_tool_call`: `{ block: true }` is terminal and stops lower-priority handlers.
 - `before_tool_call`: `{ block: false }` is a no-op and does not clear a prior block.
+- `before_install`: `{ block: true }` is terminal and stops lower-priority handlers.
+- `before_install`: `{ block: false }` is a no-op and does not clear a prior block.
 - `message_sending`: `{ cancel: true }` is terminal and stops lower-priority handlers.
 - `message_sending`: `{ cancel: false }` is a no-op and does not clear a prior cancel.
 
@@ -153,3 +156,11 @@ See [Plugin hooks](/plugins/architecture#provider-runtime-hooks) for the hook AP
 - AbortSignal (cancel)
 - Gateway disconnect or RPC timeout
 - `agent.wait` timeout (wait-only, does not stop agent)
+
+## Related
+
+- [Tools](/tools) — available agent tools
+- [Hooks](/automation/hooks) — event-driven scripts triggered by agent lifecycle events
+- [Compaction](/concepts/compaction) — how long conversations are summarized
+- [Exec Approvals](/tools/exec-approvals) — approval gates for shell commands
+- [Thinking](/tools/thinking) — thinking/reasoning level configuration

docs/concepts/compaction.md

@@ -1,123 +1,86 @@
 ---
-summary: "Context window + compaction: how OpenClaw keeps sessions under model limits"
+summary: "How OpenClaw summarizes long conversations to stay within model limits"
 read_when:
   - You want to understand auto-compaction and /compact
   - You are debugging long sessions hitting context limits
 title: "Compaction"
 ---
 
-# Context Window & Compaction
+# Compaction
 
-Every model has a **context window** (max tokens it can see). Long-running chats accumulate messages and tool results; once the window is tight, OpenClaw **compacts** older history to stay within limits.
+Every model has a context window -- the maximum number of tokens it can process.
+When a conversation approaches that limit, OpenClaw **compacts** older messages
+into a summary so the chat can continue.
 
-## What compaction is
+## How it works
 
-Compaction **summarizes older conversation** into a compact summary entry and keeps recent messages intact. The summary is stored in the session history, so future requests use:
+1. Older conversation turns are summarized into a compact entry.
+2. The summary is saved in the session transcript.
+3. Recent messages are kept intact.
 
-- The compaction summary
-- Recent messages after the compaction point
+The full conversation history stays on disk. Compaction only changes what the
+model sees on the next turn.
 
-Compaction **persists** in the session’s JSONL history.
+## Auto-compaction
 
-## Configuration
+Auto-compaction is on by default. It runs when the session nears the context
+limit, or when the model returns a context-overflow error (in which case
+OpenClaw compacts and retries).
 
-Use the `agents.defaults.compaction` setting in your `openclaw.json` to configure compaction behavior (mode, target tokens, etc.).
-Compaction summarization preserves opaque identifiers by default (`identifierPolicy: "strict"`). You can override this with `identifierPolicy: "off"` or provide custom text with `identifierPolicy: "custom"` and `identifierInstructions`.
-
-You can optionally specify a different model for compaction summarization via `agents.defaults.compaction.model`. This is useful when your primary model is a local or small model and you want compaction summaries produced by a more capable model. The override accepts any `provider/model-id` string:
-
-```json
-{
-  "agents": {
-    "defaults": {
-      "compaction": {
-        "model": "openrouter/anthropic/claude-sonnet-4-6"
-      }
-    }
-  }
-}
-```
-
-This also works with local models, for example a second Ollama model dedicated to summarization or a fine-tuned compaction specialist:
-
-```json
-{
-  "agents": {
-    "defaults": {
-      "compaction": {
-        "model": "ollama/llama3.1:8b"
-      }
-    }
-  }
-}
-```
-
-When unset, compaction uses the agent's primary model.
-
-## Auto-compaction (default on)
-
-When a session nears or exceeds the model’s context window, OpenClaw triggers auto-compaction and may retry the original request using the compacted context.
-
-You’ll see:
-
-- `🧹 Auto-compaction complete` in verbose mode
-- `/status` showing `🧹 Compactions: <count>`
-
-Before compaction, OpenClaw can run a **silent memory flush** turn to store
-durable notes to disk. See [Memory](/concepts/memory) for details and config.
+<Info>
+Before compacting, OpenClaw automatically reminds the agent to save important
+notes to [memory](/concepts/memory) files. This prevents context loss.
+</Info>
 
 ## Manual compaction
 
-Use `/compact` (optionally with instructions) to force a compaction pass:
+Type `/compact` in any chat to force a compaction. Add instructions to guide
+the summary:
 
 ```
-/compact Focus on decisions and open questions
+/compact Focus on the API design decisions
 ```
 
-## Context window source
+## Using a different model
 
-Context window is model-specific. OpenClaw uses the model definition from the configured provider catalog to determine limits.
+By default, compaction uses your agent's primary model. You can use a more
+capable model for better summaries:
+
+```json5
+{
+  agents: {
+    defaults: {
+      compaction: {
+        model: "openrouter/anthropic/claude-sonnet-4-6",
+      },
+    },
+  },
+}
+```
 
 ## Compaction vs pruning
 
-- **Compaction**: summarises and **persists** in JSONL.
-- **Session pruning**: trims old **tool results** only, **in-memory**, per request.
+|                  | Compaction                    | Pruning                          |
+| ---------------- | ----------------------------- | -------------------------------- |
+| **What it does** | Summarizes older conversation | Trims old tool results           |
+| **Saved?**       | Yes (in session transcript)   | No (in-memory only, per request) |
+| **Scope**        | Entire conversation           | Tool results only                |
 
-See [/concepts/session-pruning](/concepts/session-pruning) for pruning details.
+[Session pruning](/concepts/session-pruning) is a lighter-weight complement that
+trims tool output without summarizing.
 
-## OpenAI server-side compaction
+## Troubleshooting
 
-OpenClaw also supports OpenAI Responses server-side compaction hints for
-compatible direct OpenAI models. This is separate from local OpenClaw
-compaction and can run alongside it.
+**Compacting too often?** The model's context window may be small, or tool
+outputs may be large. Try enabling
+[session pruning](/concepts/session-pruning).
 
-- Local compaction: OpenClaw summarizes and persists into session JSONL.
-- Server-side compaction: OpenAI compacts context on the provider side when
-  `store` + `context_management` are enabled.
+**Context feels stale after compaction?** Use `/compact Focus on <topic>` to
+guide the summary, or enable the [memory flush](/concepts/memory) so notes
+survive.
 
-See [OpenAI provider](/providers/openai) for model params and overrides.
+**Need a clean slate?** `/new` starts a fresh session without compacting.
 
-## Custom context engines
-
-Compaction behavior is owned by the active
-[context engine](/concepts/context-engine). The legacy engine uses the built-in
-summarization described above. Plugin engines (selected via
-`plugins.slots.contextEngine`) can implement any compaction strategy — DAG
-summaries, vector retrieval, incremental condensation, etc.
-
-When a plugin engine sets `ownsCompaction: true`, OpenClaw delegates all
-compaction decisions to the engine and does not run built-in auto-compaction.
-
-When `ownsCompaction` is `false` or unset, OpenClaw may still use Pi's
-built-in in-attempt auto-compaction, but the active engine's `compact()` method
-still handles `/compact` and overflow recovery. There is no automatic fallback
-to the legacy engine's compaction path.
-
-If you are building a non-owning context engine, implement `compact()` by
-calling `delegateCompactionToRuntime(...)` from `openclaw/plugin-sdk/core`.
-
-## Tips
-
-- Use `/compact` when sessions feel stale or context is bloated.
-- Large tool outputs are already truncated; pruning can further reduce tool-result buildup.
-- If you need a fresh slate, `/new` or `/reset` starts a new session id.
+For advanced configuration (reserve tokens, identifier preservation, custom
+context engines, OpenAI server-side compaction), see the
+[Session Management Deep Dive](/reference/session-management-compaction).

docs/concepts/memory-builtin.md

@@ -0,0 +1,105 @@
+---
+title: "Builtin Memory Engine"
+summary: "The default SQLite-based memory backend with keyword, vector, and hybrid search"
+read_when:
+  - You want to understand the default memory backend
+  - You want to configure embedding providers or hybrid search
+---
+
+# Builtin Memory Engine
+
+The builtin engine is the default memory backend. It stores your memory index in
+a per-agent SQLite database and needs no extra dependencies to get started.
+
+## What it provides
+
+- **Keyword search** via FTS5 full-text indexing (BM25 scoring).
+- **Vector search** via embeddings from any supported provider.
+- **Hybrid search** that combines both for best results.
+- **CJK support** via trigram tokenization for Chinese, Japanese, and Korean.
+- **sqlite-vec acceleration** for in-database vector queries (optional).
+
+## Getting started
+
+If you have an API key for OpenAI, Gemini, Voyage, or Mistral, the builtin
+engine auto-detects it and enables vector search. No config needed.
+
+To set a provider explicitly:
+
+```json5
+{
+  agents: {
+    defaults: {
+      memorySearch: {
+        provider: "openai",
+      },
+    },
+  },
+}
+```
+
+Without an embedding provider, only keyword search is available.
+
+## Supported embedding providers
+
+| Provider | ID        | Auto-detected | Notes                               |
+| -------- | --------- | ------------- | ----------------------------------- |
+| OpenAI   | `openai`  | Yes           | Default: `text-embedding-3-small`   |
+| Gemini   | `gemini`  | Yes           | Supports multimodal (image + audio) |
+| Voyage   | `voyage`  | Yes           |                                     |
+| Mistral  | `mistral` | Yes           |                                     |
+| Ollama   | `ollama`  | No            | Local, set explicitly               |
+| Local    | `local`   | Yes (first)   | GGUF model, ~0.6 GB download        |
+
+Auto-detection picks the first provider whose API key can be resolved, in the
+order shown. Set `memorySearch.provider` to override.
+
+## How indexing works
+
+OpenClaw indexes `MEMORY.md` and `memory/*.md` into chunks (~400 tokens with
+80-token overlap) and stores them in a per-agent SQLite database.
+
+- **Index location:** `~/.openclaw/memory/<agentId>.sqlite`
+- **File watching:** changes to memory files trigger a debounced reindex (1.5s).
+- **Auto-reindex:** when the embedding provider, model, or chunking config
+  changes, the entire index is rebuilt automatically.
+- **Reindex on demand:** `openclaw memory index --force`
+
+<Info>
+You can also index Markdown files outside the workspace with
+`memorySearch.extraPaths`. See the
+[configuration reference](/reference/memory-config#additional-memory-paths).
+</Info>
+
+## When to use
+
+The builtin engine is the right choice for most users:
+
+- Works out of the box with no extra dependencies.
+- Handles keyword and vector search well.
+- Supports all embedding providers.
+- Hybrid search combines the best of both retrieval approaches.
+
+Consider switching to [QMD](/concepts/memory-qmd) if you need reranking, query
+expansion, or want to index directories outside the workspace.
+
+Consider [Honcho](/concepts/memory-honcho) if you want cross-session memory with
+automatic user modeling.
+
+## Troubleshooting
+
+**Memory search disabled?** Check `openclaw memory status`. If no provider is
+detected, set one explicitly or add an API key.
+
+**Stale results?** Run `openclaw memory index --force` to rebuild. The watcher
+may miss changes in rare edge cases.
+
+**sqlite-vec not loading?** OpenClaw falls back to in-process cosine similarity
+automatically. Check logs for the specific load error.
+
+## Configuration
+
+For embedding provider setup, hybrid search tuning (weights, MMR, temporal
+decay), batch indexing, multimodal memory, sqlite-vec, extra paths, and all
+other config knobs, see the
+[Memory configuration reference](/reference/memory-config).

docs/concepts/memory-honcho.md

@@ -0,0 +1,140 @@
+---
+title: "Honcho Memory"
+summary: "AI-native cross-session memory via the Honcho plugin"
+read_when:
+  - You want persistent memory that works across sessions and channels
+  - You want AI-powered recall and user modeling
+---
+
+# Honcho Memory
+
+[Honcho](https://honcho.dev) adds AI-native memory to OpenClaw. It persists
+conversations to a dedicated service and builds user and agent models over time,
+giving your agent cross-session context that goes beyond workspace Markdown
+files.
+
+## What it provides
+
+- **Cross-session memory** -- conversations are persisted after every turn, so
+  context carries across session resets, compaction, and channel switches.
+- **User modeling** -- Honcho maintains a profile for each user (preferences,
+  facts, communication style) and for the agent (personality, learned
+  behaviors).
+- **Semantic search** -- search over observations from past conversations, not
+  just the current session.
+- **Multi-agent awareness** -- parent agents automatically track spawned
+  sub-agents, with parents added as observers in child sessions.
+
+## Available tools
+
+Honcho registers tools that the agent can use during conversation:
+
+**Data retrieval (fast, no LLM call):**
+
+| Tool                        | What it does                                           |
+| --------------------------- | ------------------------------------------------------ |
+| `honcho_context`            | Full user representation across sessions               |
+| `honcho_search_conclusions` | Semantic search over stored conclusions                |
+| `honcho_search_messages`    | Find messages across sessions (filter by sender, date) |
+| `honcho_session`            | Current session history and summary                    |
+
+**Q&A (LLM-powered):**
+
+| Tool         | What it does                                                              |
+| ------------ | ------------------------------------------------------------------------- |
+| `honcho_ask` | Ask about the user. `depth='quick'` for facts, `'thorough'` for synthesis |
+
+## Getting started
+
+Install the plugin and run setup:
+
+```bash
+openclaw plugins install @honcho-ai/openclaw-honcho
+openclaw honcho setup
+openclaw gateway --force
+```
+
+The setup command prompts for your API credentials, writes the config, and
+optionally migrates existing workspace memory files.
+
+<Info>
+Honcho can run entirely locally (self-hosted) or via the managed API at
+`api.honcho.dev`. No external dependencies are required for the self-hosted
+option.
+</Info>
+
+## Configuration
+
+Settings live under `plugins.entries["openclaw-honcho"].config`:
+
+```json5
+{
+  plugins: {
+    entries: {
+      "openclaw-honcho": {
+        config: {
+          apiKey: "your-api-key", // omit for self-hosted
+          workspaceId: "openclaw", // memory isolation
+          baseUrl: "https://api.honcho.dev",
+        },
+      },
+    },
+  },
+}
+```
+
+For self-hosted instances, point `baseUrl` to your local server (for example
+`http://localhost:8000`) and omit the API key.
+
+## Migrating existing memory
+
+If you have existing workspace memory files (`USER.md`, `MEMORY.md`,
+`IDENTITY.md`, `memory/`, `canvas/`), `openclaw honcho setup` detects and
+offers to migrate them.
+
+<Info>
+Migration is non-destructive -- files are uploaded to Honcho. Originals are
+never deleted or moved.
+</Info>
+
+## How it works
+
+After every AI turn, the conversation is persisted to Honcho. Both user and
+agent messages are observed, allowing Honcho to build and refine its models over
+time.
+
+During conversation, Honcho tools query the service in the `before_prompt_build`
+phase, injecting relevant context before the model sees the prompt. This ensures
+accurate turn boundaries and relevant recall.
+
+## Honcho vs builtin memory
+
+|                   | Builtin / QMD                | Honcho                              |
+| ----------------- | ---------------------------- | ----------------------------------- |
+| **Storage**       | Workspace Markdown files     | Dedicated service (local or hosted) |
+| **Cross-session** | Via memory files             | Automatic, built-in                 |
+| **User modeling** | Manual (write to MEMORY.md)  | Automatic profiles                  |
+| **Search**        | Vector + keyword (hybrid)    | Semantic over observations          |
+| **Multi-agent**   | Not tracked                  | Parent/child awareness              |
+| **Dependencies**  | None (builtin) or QMD binary | Plugin install                      |
+
+Honcho and the builtin memory system can work together. When QMD is configured,
+additional tools become available for searching local Markdown files alongside
+Honcho's cross-session memory.
+
+## CLI commands
+
+```bash
+openclaw honcho setup                        # Configure API key and migrate files
+openclaw honcho status                       # Check connection status
+openclaw honcho ask <question>               # Query Honcho about the user
+openclaw honcho search <query> [-k N] [-d D] # Semantic search over memory
+```
+
+## Further reading
+
+- [Plugin source code](https://github.com/plastic-labs/openclaw-honcho)
+- [Honcho documentation](https://docs.honcho.dev)
+- [Honcho OpenClaw integration guide](https://docs.honcho.dev/v3/guides/integrations/openclaw)
+- [Memory](/concepts/memory) -- OpenClaw memory overview
+- [Context Engines](/concepts/context-engine) -- how plugin context engines work

docs/concepts/memory-qmd.md

@@ -0,0 +1,157 @@
+---
+title: "QMD Memory Engine"
+summary: "Local-first search sidecar with BM25, vectors, reranking, and query expansion"
+read_when:
+  - You want to set up QMD as your memory backend
+  - You want advanced memory features like reranking or extra indexed paths
+---
+
+# QMD Memory Engine
+
+[QMD](https://github.com/tobi/qmd) is a local-first search sidecar that runs
+alongside OpenClaw. It combines BM25, vector search, and reranking in a single
+binary, and can index content beyond your workspace memory files.
+
+## What it adds over builtin
+
+- **Reranking and query expansion** for better recall.
+- **Index extra directories** -- project docs, team notes, anything on disk.
+- **Index session transcripts** -- recall earlier conversations.
+- **Fully local** -- runs via Bun + node-llama-cpp, auto-downloads GGUF models.
+- **Automatic fallback** -- if QMD is unavailable, OpenClaw falls back to the
+  builtin engine seamlessly.
+
+## Getting started
+
+### Prerequisites
+
+- Install QMD: `bun install -g https://github.com/tobi/qmd`
+- SQLite build that allows extensions (`brew install sqlite` on macOS).
+- QMD must be on the gateway's `PATH`.
+- macOS and Linux work out of the box. Windows is best supported via WSL2.
+
+### Enable
+
+```json5
+{
+  memory: {
+    backend: "qmd",
+  },
+}
+```
+
+OpenClaw creates a self-contained QMD home under
+`~/.openclaw/agents/<agentId>/qmd/` and manages the sidecar lifecycle
+automatically -- collections, updates, and embedding runs are handled for you.
+
+## How the sidecar works
+
+- OpenClaw creates collections from your workspace memory files and any
+  configured `memory.qmd.paths`, then runs `qmd update` + `qmd embed` on boot
+  and periodically (default every 5 minutes).
+- Boot refresh runs in the background so chat startup is not blocked.
+- Searches use the configured `searchMode` (default: `search`; also supports
+  `vsearch` and `query`). If a mode fails, OpenClaw retries with `qmd query`.
+- If QMD fails entirely, OpenClaw falls back to the builtin SQLite engine.
+
+<Info>
+The first search may be slow -- QMD auto-downloads GGUF models (~2 GB) for
+reranking and query expansion on the first `qmd query` run.
+</Info>
+
+## Indexing extra paths
+
+Point QMD at additional directories to make them searchable:
+
+```json5
+{
+  memory: {
+    backend: "qmd",
+    qmd: {
+      paths: [{ name: "docs", path: "~/notes", pattern: "**/*.md" }],
+    },
+  },
+}
+```
+
+Snippets from extra paths appear as `qmd/<collection>/<relative-path>` in
+search results. `memory_get` understands this prefix and reads from the correct
+collection root.
+
+## Indexing session transcripts
+
+Enable session indexing to recall earlier conversations:
+
+```json5
+{
+  memory: {
+    backend: "qmd",
+    qmd: {
+      sessions: { enabled: true },
+    },
+  },
+}
+```
+
+Transcripts are exported as sanitized User/Assistant turns into a dedicated QMD
+collection under `~/.openclaw/agents/<id>/qmd/sessions/`.
+
+## Search scope
+
+By default, QMD search results are only surfaced in DM sessions (not groups or
+channels). Configure `memory.qmd.scope` to change this:
+
+```json5
+{
+  memory: {
+    qmd: {
+      scope: {
+        default: "deny",
+        rules: [{ action: "allow", match: { chatType: "direct" } }],
+      },
+    },
+  },
+}
+```
+
+When scope denies a search, OpenClaw logs a warning with the derived channel and
+chat type so empty results are easier to debug.
+
+## Citations
+
+When `memory.citations` is `auto` or `on`, search snippets include a
+`Source: <path#line>` footer. Set `memory.citations = "off"` to omit the footer
+while still passing the path to the agent internally.
+
+## When to use
+
+Choose QMD when you need:
+
+- Reranking for higher-quality results.
+- To search project docs or notes outside the workspace.
+- To recall past session conversations.
+- Fully local search with no API keys.
+
+For simpler setups, the [builtin engine](/concepts/memory-builtin) works well
+with no extra dependencies.
+
+## Troubleshooting
+
+**QMD not found?** Ensure the binary is on the gateway's `PATH`. If OpenClaw
+runs as a service, create a symlink:
+`sudo ln -s ~/.bun/bin/qmd /usr/local/bin/qmd`.
+
+**First search very slow?** QMD downloads GGUF models on first use. Pre-warm
+with `qmd query "test"` using the same XDG dirs OpenClaw uses.
+
+**Search times out?** Increase `memory.qmd.limits.timeoutMs` (default: 4000ms).
+Set to `120000` for slower hardware.
+
+**Empty results in group chats?** Check `memory.qmd.scope` -- the default only
+allows DM sessions.
+
+## Configuration
+
+For the full config surface (`memory.qmd.*`), search modes, update intervals,
+scope rules, and all other knobs, see the
+[Memory configuration reference](/reference/memory-config).

docs/concepts/memory-search.md

@@ -0,0 +1,141 @@
+---
+title: "Memory Search"
+summary: "How memory search finds relevant notes using embeddings and hybrid retrieval"
+read_when:
+  - You want to understand how memory_search works
+  - You want to choose an embedding provider
+  - You want to tune search quality
+---
+
+# Memory Search
+
+`memory_search` finds relevant notes from your memory files, even when the
+wording differs from the original text. It works by indexing memory into small
+chunks and searching them using embeddings, keywords, or both.
+
+## Quick start
+
+If you have an OpenAI, Gemini, Voyage, or Mistral API key configured, memory
+search works automatically. To set a provider explicitly:
+
+```json5
+{
+  agents: {
+    defaults: {
+      memorySearch: {
+        provider: "openai", // or "gemini", "local", "ollama", etc.
+      },
+    },
+  },
+}
+```
+
+For local embeddings with no API key, use `provider: "local"` (requires
+node-llama-cpp).
+
+## Supported providers
+
+| Provider | ID        | Needs API key | Notes                         |
+| -------- | --------- | ------------- | ----------------------------- |
+| OpenAI   | `openai`  | Yes           | Auto-detected, fast           |
+| Gemini   | `gemini`  | Yes           | Supports image/audio indexing |
+| Voyage   | `voyage`  | Yes           | Auto-detected                 |
+| Mistral  | `mistral` | Yes           | Auto-detected                 |
+| Ollama   | `ollama`  | No            | Local, must set explicitly    |
+| Local    | `local`   | No            | GGUF model, ~0.6 GB download  |
+
+## How search works
+
+OpenClaw runs two retrieval paths in parallel and merges the results:
+
+```mermaid
+flowchart LR
+    Q["Query"] --> E["Embedding"]
+    Q --> T["Tokenize"]
+    E --> VS["Vector Search"]
+    T --> BM["BM25 Search"]
+    VS --> M["Weighted Merge"]
+    BM --> M
+    M --> R["Top Results"]
+```
+
+- **Vector search** finds notes with similar meaning ("gateway host" matches
+  "the machine running OpenClaw").
+- **BM25 keyword search** finds exact matches (IDs, error strings, config
+  keys).
+
+If only one path is available (no embeddings or no FTS), the other runs alone.
+
+## Improving search quality
+
+Two optional features help when you have a large note history:
+
+### Temporal decay
+
+Old notes gradually lose ranking weight so recent information surfaces first.
+With the default half-life of 30 days, a note from last month scores at 50% of
+its original weight. Evergreen files like `MEMORY.md` are never decayed.
+
+<Tip>
+Enable temporal decay if your agent has months of daily notes and stale
+information keeps outranking recent context.
+</Tip>
+
+### MMR (diversity)
+
+Reduces redundant results. If five notes all mention the same router config, MMR
+ensures the top results cover different topics instead of repeating.
+
+<Tip>
+Enable MMR if `memory_search` keeps returning near-duplicate snippets from
+different daily notes.
+</Tip>
+
+### Enable both
+
+```json5
+{
+  agents: {
+    defaults: {
+      memorySearch: {
+        query: {
+          hybrid: {
+            mmr: { enabled: true },
+            temporalDecay: { enabled: true },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+## Multimodal memory
+
+With Gemini Embedding 2, you can index images and audio files alongside
+Markdown. Search queries remain text, but they match against visual and audio
+content. See the [Memory configuration reference](/reference/memory-config) for
+setup.
+
+## Session memory search
+
+You can optionally index session transcripts so `memory_search` can recall
+earlier conversations. This is opt-in via
+`memorySearch.experimental.sessionMemory`. See the
+[configuration reference](/reference/memory-config) for details.
+
+## Troubleshooting
+
+**No results?** Run `openclaw memory status` to check the index. If empty, run
+`openclaw memory index --force`.
+
+**Only keyword matches?** Your embedding provider may not be configured. Check
+`openclaw memory status --deep`.
+
+**CJK text not found?** Rebuild the FTS index with
+`openclaw memory index --force`.
+
+## Further reading
+
+- [Memory](/concepts/memory) -- file layout, backends, tools
+- [Memory configuration reference](/reference/memory-config) -- all config knobs

docs/concepts/memory.md

@@ -1,111 +1,102 @@
 ---
-title: "Memory"
-summary: "How OpenClaw memory works (workspace files + automatic memory flush)"
+title: "Memory Overview"
+summary: "How OpenClaw remembers things across sessions"
 read_when:
-  - You want the memory file layout and workflow
-  - You want to tune the automatic pre-compaction memory flush
+  - You want to understand how memory works
+  - You want to know what memory files to write
 ---
 
-# Memory
+# Memory Overview
 
-OpenClaw memory is **plain Markdown in the agent workspace**. The files are the
-source of truth; the model only "remembers" what gets written to disk.
+OpenClaw remembers things by writing **plain Markdown files** in your agent's
+workspace. The model only "remembers" what gets saved to disk -- there is no
+hidden state.
 
-Memory search tools are provided by the active memory plugin (default:
-`memory-core`). Disable memory plugins with `plugins.slots.memory = "none"`.
+## How it works
 
-## Memory files (Markdown)
+Your agent has two places to store memories:
 
-The default workspace layout uses two memory layers:
+- **`MEMORY.md`** -- long-term memory. Durable facts, preferences, and
+  decisions. Loaded at the start of every DM session.
+- **`memory/YYYY-MM-DD.md`** -- daily notes. Running context and observations.
+  Today and yesterday's notes are loaded automatically.
 
-- `memory/YYYY-MM-DD.md`
-  - Daily log (append-only).
-  - Read today + yesterday at session start.
-- `MEMORY.md` (optional)
-  - Curated long-term memory.
-  - If both `MEMORY.md` and `memory.md` exist at the workspace root, OpenClaw loads both (deduplicated by realpath so symlinks pointing to the same file are not injected twice).
-  - **Only load in the main, private session** (never in group contexts).
+These files live in the agent workspace (default `~/.openclaw/workspace`).
 
-These files live under the workspace (`agents.defaults.workspace`, default
-`~/.openclaw/workspace`). See [Agent workspace](/concepts/agent-workspace) for the full layout.
+<Tip>
+If you want your agent to remember something, just ask it: "Remember that I
+prefer TypeScript." It will write it to the appropriate file.
+</Tip>
 
 ## Memory tools
 
-OpenClaw exposes two agent-facing tools for these Markdown files:
+The agent has two tools for working with memory:
 
-- `memory_search` -- semantic recall over indexed snippets.
-- `memory_get` -- targeted read of a specific Markdown file/line range.
+- **`memory_search`** -- finds relevant notes using semantic search, even when
+  the wording differs from the original.
+- **`memory_get`** -- reads a specific memory file or line range.
 
-`memory_get` now **degrades gracefully when a file doesn't exist** (for example,
-today's daily log before the first write). Both the builtin manager and the QMD
-backend return `{ text: "", path }` instead of throwing `ENOENT`, so agents can
-handle "nothing recorded yet" and continue their workflow without wrapping the
-tool call in try/catch logic.
+Both tools are provided by the active memory plugin (default: `memory-core`).
 
-## When to write memory
+## Memory search
 
-- Decisions, preferences, and durable facts go to `MEMORY.md`.
-- Day-to-day notes and running context go to `memory/YYYY-MM-DD.md`.
-- If someone says "remember this," write it down (do not keep it in RAM).
-- This area is still evolving. It helps to remind the model to store memories; it will know what to do.
-- If you want something to stick, **ask the bot to write it** into memory.
+When an embedding provider is configured, `memory_search` uses **hybrid
+search** -- combining vector similarity (semantic meaning) with keyword matching
+(exact terms like IDs and code symbols). This works out of the box once you have
+an API key for any supported provider.
 
-## Automatic memory flush (pre-compaction ping)
+<Info>
+OpenClaw auto-detects your embedding provider from available API keys. If you
+have an OpenAI, Gemini, Voyage, or Mistral key configured, memory search is
+enabled automatically.
+</Info>
 
-When a session is **close to auto-compaction**, OpenClaw triggers a **silent,
-agentic turn** that reminds the model to write durable memory **before** the
-context is compacted. The default prompts explicitly say the model _may reply_,
-but usually `NO_REPLY` is the correct response so the user never sees this turn.
-The active memory plugin owns the prompt/path policy for that flush; the
-default `memory-core` plugin writes to the canonical daily file under
-`memory/YYYY-MM-DD.md`.
+For details on how search works, tuning options, and provider setup, see
+[Memory Search](/concepts/memory-search).
 
-This is controlled by `agents.defaults.compaction.memoryFlush`:
+## Memory backends
 
-```json5
-{
-  agents: {
-    defaults: {
-      compaction: {
-        reserveTokensFloor: 20000,
-        memoryFlush: {
-          enabled: true,
-          softThresholdTokens: 4000,
-          systemPrompt: "Session nearing compaction. Store durable memories now.",
-          prompt: "Write any lasting notes to memory/YYYY-MM-DD.md; reply with NO_REPLY if nothing to store.",
-        },
-      },
-    },
-  },
-}
+<CardGroup cols={3}>
+<Card title="Builtin (default)" icon="database" href="/concepts/memory-builtin">
+SQLite-based. Works out of the box with keyword search, vector similarity, and
+hybrid search. No extra dependencies.
+</Card>
+<Card title="QMD" icon="search" href="/concepts/memory-qmd">
+Local-first sidecar with reranking, query expansion, and the ability to index
+directories outside the workspace.
+</Card>
+<Card title="Honcho" icon="brain" href="/concepts/memory-honcho">
+AI-native cross-session memory with user modeling, semantic search, and
+multi-agent awareness. Plugin install.
+</Card>
+</CardGroup>
+
+## Automatic memory flush
+
+Before [compaction](/concepts/compaction) summarizes your conversation, OpenClaw
+runs a silent turn that reminds the agent to save important context to memory
+files. This is on by default -- you do not need to configure anything.
+
+<Tip>
+The memory flush prevents context loss during compaction. If your agent has
+important facts in the conversation that are not yet written to a file, they
+will be saved automatically before the summary happens.
+</Tip>
+
+## CLI
+
+```bash
+openclaw memory status          # Check index status and provider
+openclaw memory search "query"  # Search from the command line
+openclaw memory index --force   # Rebuild the index
 ```
 
-Details:
+## Further reading
 
-- **Soft threshold**: flush triggers when the session token estimate crosses
-  `contextWindow - reserveTokensFloor - softThresholdTokens`.
-- **Silent** by default: prompts include `NO_REPLY` so nothing is delivered.
-- **Two prompts**: a user prompt plus a system prompt append the reminder.
-- **One flush per compaction cycle** (tracked in `sessions.json`).
-- **Workspace must be writable**: if the session runs sandboxed with
-  `workspaceAccess: "ro"` or `"none"`, the flush is skipped.
-
-For the full compaction lifecycle, see
-[Session management + compaction](/reference/session-management-compaction).
-
-## Vector memory search
-
-OpenClaw can build a small vector index over `MEMORY.md` and `memory/*.md` so
-semantic queries can find related notes even when wording differs. Hybrid search
-(BM25 + vector) is available for combining semantic matching with exact keyword
-lookups.
-
-Memory search adapter ids come from the active memory plugin. The default
-`memory-core` plugin ships built-ins for OpenAI, Gemini, Voyage, Mistral,
-Ollama, and local GGUF models, plus an optional QMD sidecar backend for
-advanced retrieval and post-processing features like MMR diversity re-ranking
-and temporal decay.
-
-For the full configuration reference -- including embedding provider setup, QMD
-backend, hybrid search tuning, multimodal memory, and all config knobs -- see
-[Memory configuration reference](/reference/memory-config).
+- [Builtin Memory Engine](/concepts/memory-builtin) -- default SQLite backend
+- [QMD Memory Engine](/concepts/memory-qmd) -- advanced local-first sidecar
+- [Honcho Memory](/concepts/memory-honcho) -- AI-native cross-session memory
+- [Memory Search](/concepts/memory-search) -- search pipeline, providers, and
+  tuning
+- [Memory configuration reference](/reference/memory-config) -- all config knobs
+- [Compaction](/concepts/compaction) -- how compaction interacts with memory

docs/concepts/model-providers.md

@@ -147,7 +147,8 @@ OpenClaw ships with the pi‑ai catalog. These providers require **no**
 - Override per model via `agents.defaults.models["openai/<model>"].params.transport` (`"sse"`, `"websocket"`, or `"auto"`)
 - OpenAI Responses WebSocket warm-up defaults to enabled via `params.openaiWsWarmup` (`true`/`false`)
 - OpenAI priority processing can be enabled via `agents.defaults.models["openai/<model>"].params.serviceTier`
-- OpenAI fast mode can be enabled per model via `agents.defaults.models["<provider>/<model>"].params.fastMode`
+- `/fast` and `params.fastMode` map direct `openai/*` Responses requests to `service_tier=priority` on `api.openai.com`
+- Use `params.serviceTier` when you want an explicit tier instead of the shared `/fast` toggle
 - `openai/gpt-5.3-codex-spark` is intentionally suppressed in OpenClaw because the live OpenAI API rejects it; Spark is treated as Codex-only
 
 ```json5
@@ -163,7 +164,7 @@ OpenClaw ships with the pi‑ai catalog. These providers require **no**
 - Optional rotation: `ANTHROPIC_API_KEYS`, `ANTHROPIC_API_KEY_1`, `ANTHROPIC_API_KEY_2`, plus `OPENCLAW_LIVE_ANTHROPIC_KEY` (single override)
 - Example model: `anthropic/claude-opus-4-6`
 - CLI: `openclaw onboard --auth-choice token` (paste setup-token) or `openclaw models auth paste-token --provider anthropic`
-- Direct API-key models support the shared `/fast` toggle and `params.fastMode`; OpenClaw maps that to Anthropic `service_tier` (`auto` vs `standard_only`)
+- Direct public Anthropic requests support the shared `/fast` toggle and `params.fastMode`, including API-key and OAuth-authenticated traffic sent to `api.anthropic.com`; OpenClaw maps that to Anthropic `service_tier` (`auto` vs `standard_only`)
 - Policy note: setup-token support is technical compatibility; Anthropic has blocked some subscription usage outside Claude Code in the past. Verify current Anthropic terms and decide based on your risk tolerance.
 - Recommendation: Anthropic API key auth is the safer, recommended path over subscription setup-token auth.
 
@@ -181,7 +182,8 @@ OpenClaw ships with the pi‑ai catalog. These providers require **no**
 - CLI: `openclaw onboard --auth-choice openai-codex` or `openclaw models auth login --provider openai-codex`
 - Default transport is `auto` (WebSocket-first, SSE fallback)
 - Override per model via `agents.defaults.models["openai-codex/<model>"].params.transport` (`"sse"`, `"websocket"`, or `"auto"`)
-- Shares the same `/fast` toggle and `params.fastMode` config as direct `openai/*`
+- `params.serviceTier` is also forwarded on native Codex Responses requests (`chatgpt.com/backend-api`)
+- Shares the same `/fast` toggle and `params.fastMode` config as direct `openai/*`; OpenClaw maps that to `service_tier=priority`
 - `openai-codex/gpt-5.3-codex-spark` remains available when the Codex OAuth catalog exposes it; entitlement-dependent
 - Policy note: OpenAI Codex OAuth is explicitly supported for external tools/workflows like OpenClaw.
 

docs/concepts/multi-agent.md

@@ -550,3 +550,11 @@ If you need per-agent boundaries, use `agents.list[].tools` to deny `exec`.
 For group targeting, use `agents.list[].groupChat.mentionPatterns` so @mentions map cleanly to the intended agent.
 
 See [Multi-Agent Sandbox & Tools](/tools/multi-agent-sandbox-tools) for detailed examples.
+
+## Related
+
+- [Channel Routing](/channels/channel-routing) — how messages route to agents
+- [Sub-Agents](/tools/subagents) — spawning background agent runs
+- [ACP Agents](/tools/acp-agents) — running external coding harnesses
+- [Presence](/concepts/presence) — agent presence and availability
+- [Session](/concepts/session) — session isolation and routing

docs/concepts/queue.md

@@ -79,7 +79,7 @@ Defaults: `debounceMs: 1000`, `cap: 20`, `drop: summarize`.
 
 - Applies to auto-reply agent runs across all inbound channels that use the gateway reply pipeline (WhatsApp web, Telegram, Slack, Discord, Signal, iMessage, webchat, etc.).
 - Default lane (`main`) is process-wide for inbound + main heartbeats; set `agents.defaults.maxConcurrent` to allow multiple sessions in parallel.
-- Additional lanes may exist (e.g. `cron`, `subagent`) so background jobs can run in parallel without blocking inbound replies.
+- Additional lanes may exist (e.g. `cron`, `subagent`) so background jobs can run in parallel without blocking inbound replies. These detached runs are tracked as [background tasks](/automation/tasks).
 - Per-session lanes guarantee that only one agent run touches a given session at a time.
 - No external dependencies or background worker threads; pure TypeScript + promises.
 

docs/concepts/session-pruning.md

@@ -1,121 +1,80 @@
 ---
 title: "Session Pruning"
-summary: "Session pruning: tool-result trimming to reduce context bloat"
+summary: "Trimming old tool results to keep context lean and caching efficient"
 read_when:
-  - You want to reduce LLM context growth from tool outputs
-  - You are tuning agents.defaults.contextPruning
+  - You want to reduce context growth from tool outputs
+  - You want to understand Anthropic prompt cache optimization
 ---
 
 # Session Pruning
 
-Session pruning trims **old tool results** from the in-memory context right before each LLM call. It does **not** rewrite the on-disk session history (`*.jsonl`).
+Session pruning trims **old tool results** from the context before each LLM
+call. It reduces context bloat from accumulated tool outputs (exec results, file
+reads, search results) without touching your conversation messages.
 
-## When it runs
+<Info>
+Pruning is in-memory only -- it does not modify the on-disk session transcript.
+Your full history is always preserved.
+</Info>
 
-- When `mode: "cache-ttl"` is enabled and the last Anthropic call for the session is older than `ttl`.
-- Only affects the messages sent to the model for that request.
-- Only active for Anthropic API calls (and OpenRouter Anthropic models).
-- For best results, match `ttl` to your model `cacheRetention` policy (`short` = 5m, `long` = 1h).
-- After a prune, the TTL window resets so subsequent requests keep cache until `ttl` expires again.
+## Why it matters
 
-## Smart defaults (Anthropic)
+Long sessions accumulate tool output that inflates the context window. This
+increases cost and can force [compaction](/concepts/compaction) sooner than
+necessary.
 
-- **OAuth or setup-token** profiles: enable `cache-ttl` pruning and set heartbeat to `1h`.
-- **API key** profiles: enable `cache-ttl` pruning, set heartbeat to `30m`, and default `cacheRetention: "short"` on Anthropic models.
-- If you set any of these values explicitly, OpenClaw does **not** override them.
+Pruning is especially valuable for **Anthropic prompt caching**. After the cache
+TTL expires, the next request re-caches the full prompt. Pruning reduces the
+cache-write size, directly lowering cost.
 
-## What this improves (cost + cache behavior)
+## How it works
 
-- **Why prune:** Anthropic prompt caching only applies within the TTL. If a session goes idle past the TTL, the next request re-caches the full prompt unless you trim it first.
-- **What gets cheaper:** pruning reduces the **cacheWrite** size for that first request after the TTL expires.
-- **Why the TTL reset matters:** once pruning runs, the cache window resets, so follow‑up requests can reuse the freshly cached prompt instead of re-caching the full history again.
-- **What it does not do:** pruning doesn’t add tokens or “double” costs; it only changes what gets cached on that first post‑TTL request.
+1. Wait for the cache TTL to expire (default 5 minutes).
+2. Find old tool results (user and assistant messages are never touched).
+3. **Soft-trim** oversized results -- keep the head and tail, insert `...`.
+4. **Hard-clear** the rest -- replace with a placeholder.
+5. Reset the TTL so follow-up requests reuse the fresh cache.
 
-## What can be pruned
+## Smart defaults
 
-- Only `toolResult` messages.
-- User + assistant messages are **never** modified.
-- The last `keepLastAssistants` assistant messages are protected; tool results after that cutoff are not pruned.
-- If there aren’t enough assistant messages to establish the cutoff, pruning is skipped.
-- Tool results containing **image blocks** are skipped (never trimmed/cleared).
+OpenClaw auto-enables pruning for Anthropic profiles:
 
-## Context window estimation
+| Profile type         | Pruning enabled | Heartbeat |
+| -------------------- | --------------- | --------- |
+| OAuth or setup-token | Yes             | 1 hour    |
+| API key              | Yes             | 30 min    |
 
-Pruning uses an estimated context window (chars ≈ tokens × 4). The base window is resolved in this order:
+If you set explicit values, OpenClaw does not override them.
 
-1. `models.providers.*.models[].contextWindow` override.
-2. Model definition `contextWindow` (from the model registry).
-3. Default `200000` tokens.
+## Enable or disable
 
-If `agents.defaults.contextTokens` is set, it is treated as a cap (min) on the resolved window.
-
-## Mode
-
-### cache-ttl
-
-- Pruning only runs if the last Anthropic call is older than `ttl` (default `5m`).
-- When it runs: same soft-trim + hard-clear behavior as before.
-
-## Soft vs hard pruning
-
-- **Soft-trim**: only for oversized tool results.
-  - Keeps head + tail, inserts `...`, and appends a note with the original size.
-  - Skips results with image blocks.
-- **Hard-clear**: replaces the entire tool result with `hardClear.placeholder`.
-
-## Tool selection
-
-- `tools.allow` / `tools.deny` support `*` wildcards.
-- Deny wins.
-- Matching is case-insensitive.
-- Empty allow list => all tools allowed.
-
-## Interaction with other limits
-
-- Built-in tools already truncate their own output; session pruning is an extra layer that prevents long-running chats from accumulating too much tool output in the model context.
-- Compaction is separate: compaction summarizes and persists, pruning is transient per request. See [/concepts/compaction](/concepts/compaction).
-
-## Defaults (when enabled)
-
-- `ttl`: `"5m"`
-- `keepLastAssistants`: `3`
-- `softTrimRatio`: `0.3`
-- `hardClearRatio`: `0.5`
-- `minPrunableToolChars`: `50000`
-- `softTrim`: `{ maxChars: 4000, headChars: 1500, tailChars: 1500 }`
-- `hardClear`: `{ enabled: true, placeholder: "[Old tool result content cleared]" }`
-
-## Examples
-
-Default (off):
-
-```json5
-{
-  agents: { defaults: { contextPruning: { mode: "off" } } },
-}
-```
-
-Enable TTL-aware pruning:
-
-```json5
-{
-  agents: { defaults: { contextPruning: { mode: "cache-ttl", ttl: "5m" } } },
-}
-```
-
-Restrict pruning to specific tools:
+Pruning is off by default for non-Anthropic providers. To enable:
 
 ```json5
 {
   agents: {
     defaults: {
-      contextPruning: {
-        mode: "cache-ttl",
-        tools: { allow: ["exec", "read"], deny: ["*image*"] },
-      },
+      contextPruning: { mode: "cache-ttl", ttl: "5m" },
     },
   },
 }
 ```
 
-See config reference: [Gateway Configuration](/gateway/configuration)
+To disable: set `mode: "off"`.
+
+## Pruning vs compaction
+
+|            | Pruning            | Compaction              |
+| ---------- | ------------------ | ----------------------- |
+| **What**   | Trims tool results | Summarizes conversation |
+| **Saved?** | No (per-request)   | Yes (in transcript)     |
+| **Scope**  | Tool results only  | Entire conversation     |
+
+They complement each other -- pruning keeps tool output lean between
+compaction cycles.
+
+## Further reading
+
+- [Compaction](/concepts/compaction) -- summarization-based context reduction
+- [Gateway Configuration](/gateway/configuration) -- all pruning config knobs
+  (`contextPruning.*`)

docs/concepts/session-tool.md

@@ -1,251 +1,84 @@
 ---
-summary: "Agent session tools for listing sessions, fetching history, and sending cross-session messages"
+summary: "Agent tools for listing sessions, reading history, and cross-session messaging"
 read_when:
-  - Adding or modifying session tools
+  - You want to understand what session tools the agent has
+  - You want to configure cross-session access or sub-agent spawning
 title: "Session Tools"
 ---
 
 # Session Tools
 
-Goal: small, hard-to-misuse tool set so agents can list sessions, fetch history, and send to another session.
+OpenClaw gives agents tools to work across sessions -- listing conversations,
+reading history, sending messages to other sessions, and spawning sub-agents.
 
-## Tool Names
+## Available tools
 
-- `sessions_list`
-- `sessions_history`
-- `sessions_send`
-- `sessions_spawn`
+| Tool               | What it does                                            |
+| ------------------ | ------------------------------------------------------- |
+| `sessions_list`    | List sessions with optional filters (kind, recency)     |
+| `sessions_history` | Read the transcript of a specific session               |
+| `sessions_send`    | Send a message to another session and optionally wait   |
+| `sessions_spawn`   | Spawn an isolated sub-agent session for background work |
 
-## Key Model
+## Listing and reading sessions
 
-- Main direct chat bucket is always the literal key `"main"` (resolved to the current agent’s main key).
-- Group chats use `agent:<agentId>:<channel>:group:<id>` or `agent:<agentId>:<channel>:channel:<id>` (pass the full key).
-- Cron jobs use `cron:<job.id>`.
-- Hooks use `hook:<uuid>` unless explicitly set.
-- Node sessions use `node-<nodeId>` unless explicitly set.
+`sessions_list` returns sessions with their key, kind, channel, model, token
+counts, and timestamps. Filter by kind (`main`, `group`, `cron`, `hook`,
+`node`) or recency (`activeMinutes`).
 
-`global` and `unknown` are reserved values and are never listed. If `session.scope = "global"`, we alias it to `main` for all tools so callers never see `global`.
+`sessions_history` fetches the conversation transcript for a specific session.
+By default, tool results are excluded -- pass `includeTools: true` to see them.
 
-## sessions_list
+Both tools accept either a **session key** (like `"main"`) or a **session ID**
+from a previous list call.
 
-List sessions as an array of rows.
+## Sending cross-session messages
 
-Parameters:
+`sessions_send` delivers a message to another session and optionally waits for
+the response:
 
-- `kinds?: string[]` filter: any of `"main" | "group" | "cron" | "hook" | "node" | "other"`
-- `limit?: number` max rows (default: server default, clamp e.g. 200)
-- `activeMinutes?: number` only sessions updated within N minutes
-- `messageLimit?: number` 0 = no messages (default 0); >0 = include last N messages
+- **Fire-and-forget:** set `timeoutSeconds: 0` to enqueue and return
+  immediately.
+- **Wait for reply:** set a timeout and get the response inline.
 
-Behavior:
+After the target responds, OpenClaw can run a **reply-back loop** where the
+agents alternate messages (up to 5 turns). The target agent can reply
+`REPLY_SKIP` to stop early.
 
-- `messageLimit > 0` fetches `chat.history` per session and includes the last N messages.
-- Tool results are filtered out in list output; use `sessions_history` for tool messages.
-- When running in a **sandboxed** agent session, session tools default to **spawned-only visibility** (see below).
+## Spawning sub-agents
 
-Row shape (JSON):
+`sessions_spawn` creates an isolated session for a background task. It is always
+non-blocking -- it returns immediately with a `runId` and `childSessionKey`.
 
-- `key`: session key (string)
-- `kind`: `main | group | cron | hook | node | other`
-- `channel`: `whatsapp | telegram | discord | signal | imessage | webchat | internal | unknown`
-- `displayName` (group display label if available)
-- `updatedAt` (ms)
-- `sessionId`
-- `model`, `contextTokens`, `totalTokens`
-- `thinkingLevel`, `verboseLevel`, `systemSent`, `abortedLastRun`
-- `sendPolicy` (session override if set)
-- `lastChannel`, `lastTo`
-- `deliveryContext` (normalized `{ channel, to, accountId }` when available)
-- `transcriptPath` (best-effort path derived from store dir + sessionId)
-- `messages?` (only when `messageLimit > 0`)
+Key options:
 
-## sessions_history
+- `runtime: "subagent"` (default) or `"acp"` for external harness agents.
+- `model` and `thinking` overrides for the child session.
+- `thread: true` to bind the spawn to a chat thread (Discord, Slack, etc.).
+- `sandbox: "require"` to enforce sandboxing on the child.
 
-Fetch transcript for one session.
+Sub-agents get the full tool set minus session tools (no recursive spawning).
+After completion, an announce step posts the result to the requester's channel.
 
-Parameters:
+For ACP-specific behavior, see [ACP Agents](/tools/acp-agents).
 
-- `sessionKey` (required; accepts session key or `sessionId` from `sessions_list`)
-- `limit?: number` max messages (server clamps)
-- `includeTools?: boolean` (default false)
+## Visibility
 
-Behavior:
+Session tools are scoped to limit what the agent can see:
 
-- `includeTools=false` filters `role: "toolResult"` messages.
-- Returns messages array in the raw transcript format.
-- When given a `sessionId`, OpenClaw resolves it to the corresponding session key (missing ids error).
+| Level   | Scope                                    |
+| ------- | ---------------------------------------- |
+| `self`  | Only the current session                 |
+| `tree`  | Current session + spawned sub-agents     |
+| `agent` | All sessions for this agent              |
+| `all`   | All sessions (cross-agent if configured) |
 
-## Gateway session history and live transcript APIs
+Default is `tree`. Sandboxed sessions are clamped to `tree` regardless of
+config.
 
-Control UI and gateway clients can use the lower level history and live transcript surfaces directly.
+## Further reading
 
-HTTP:
-
-- `GET /sessions/{sessionKey}/history`
-- Query params: `limit`, `cursor`, `includeTools=1`, `follow=1`
-- Unknown sessions return HTTP `404` with `error.type = "not_found"`
-- `follow=1` upgrades the response to an SSE stream of transcript updates for that session
-
-WebSocket:
-
-- `sessions.subscribe` subscribes to all session lifecycle and transcript events visible to the client
-- `sessions.messages.subscribe { key }` subscribes only to `session.message` events for one session
-- `sessions.messages.unsubscribe { key }` removes that targeted transcript subscription
-- `session.message` carries appended transcript messages plus live usage metadata when available
-- `sessions.changed` emits `phase: "message"` for transcript appends so session lists can refresh counters and previews
-
-## sessions_send
-
-Send a message into another session.
-
-Parameters:
-
-- `sessionKey` (required; accepts session key or `sessionId` from `sessions_list`)
-- `message` (required)
-- `timeoutSeconds?: number` (default >0; 0 = fire-and-forget)
-
-Behavior:
-
-- `timeoutSeconds = 0`: enqueue and return `{ runId, status: "accepted" }`.
-- `timeoutSeconds > 0`: wait up to N seconds for completion, then return `{ runId, status: "ok", reply }`.
-- If wait times out: `{ runId, status: "timeout", error }`. Run continues; call `sessions_history` later.
-- If the run fails: `{ runId, status: "error", error }`.
-- Announce delivery runs after the primary run completes and is best-effort; `status: "ok"` does not guarantee the announce was delivered.
-- Waits via gateway `agent.wait` (server-side) so reconnects don't drop the wait.
-- Agent-to-agent message context is injected for the primary run.
-- Inter-session messages are persisted with `message.provenance.kind = "inter_session"` so transcript readers can distinguish routed agent instructions from external user input.
-- After the primary run completes, OpenClaw runs a **reply-back loop**:
-  - Round 2+ alternates between requester and target agents.
-  - Reply exactly `REPLY_SKIP` to stop the ping‑pong.
-  - Max turns is `session.agentToAgent.maxPingPongTurns` (0–5, default 5).
-- Once the loop ends, OpenClaw runs the **agent‑to‑agent announce step** (target agent only):
-  - Reply exactly `ANNOUNCE_SKIP` to stay silent.
-  - Any other reply is sent to the target channel.
-  - Announce step includes the original request + round‑1 reply + latest ping‑pong reply.
-
-## Channel Field
-
-- For groups, `channel` is the channel recorded on the session entry.
-- For direct chats, `channel` maps from `lastChannel`.
-- For cron/hook/node, `channel` is `internal`.
-- If missing, `channel` is `unknown`.
-
-## Security / Send Policy
-
-Policy-based blocking by channel/chat type (not per session id).
-
-```json
-{
-  "session": {
-    "sendPolicy": {
-      "rules": [
-        {
-          "match": { "channel": "discord", "chatType": "group" },
-          "action": "deny"
-        }
-      ],
-      "default": "allow"
-    }
-  }
-}
-```
-
-Runtime override (per session entry):
-
-- `sendPolicy: "allow" | "deny"` (unset = inherit config)
-- Settable via `sessions.patch` or owner-only `/send on|off|inherit` (standalone message).
-
-Enforcement points:
-
-- `chat.send` / `agent` (gateway)
-- auto-reply delivery logic
-
-## sessions_spawn
-
-Spawn an isolated delegated session.
-
-- Default runtime: OpenClaw sub-agent (`runtime: "subagent"`).
-- ACP harness sessions use `runtime: "acp"` and follow ACP-specific targeting/policy rules.
-- This section focuses on sub-agent behavior unless noted otherwise. For ACP-specific behavior, see [ACP Agents](/tools/acp-agents).
-
-Parameters:
-
-- `task` (required)
-- `runtime?` (`subagent|acp`; defaults to `subagent`)
-- `label?` (optional; used for logs/UI)
-- `agentId?` (optional)
-  - `runtime: "subagent"`: target another OpenClaw agent id if allowed by `subagents.allowAgents`
-  - `runtime: "acp"`: target an ACP harness id if allowed by `acp.allowedAgents`
-- `model?` (optional; overrides the sub-agent model; invalid values error)
-- `thinking?` (optional; overrides thinking level for the sub-agent run)
-- `runTimeoutSeconds?` (defaults to `agents.defaults.subagents.runTimeoutSeconds` when set, otherwise `0`; when set, aborts the sub-agent run after N seconds)
-- `thread?` (default false; request thread-bound routing for this spawn when supported by the channel/plugin)
-- `mode?` (`run|session`; defaults to `run`, but defaults to `session` when `thread=true`; `mode="session"` requires `thread=true`)
-- `cleanup?` (`delete|keep`, default `keep`)
-- `sandbox?` (`inherit|require`, default `inherit`; `require` rejects spawn unless the target child runtime is sandboxed)
-- `attachments?` (optional array of inline files; subagent runtime only, ACP rejects). Each entry: `{ name, content, encoding?: "utf8" | "base64", mimeType? }`. Files are materialized into the child workspace at `.openclaw/attachments/<uuid>/`. Returns a receipt with sha256 per file.
-- `attachAs?` (optional; `{ mountPath? }` hint reserved for future mount implementations)
-
-Allowlist:
-
-- `runtime: "subagent"`: `agents.list[].subagents.allowAgents` controls which OpenClaw agent ids are allowed via `agentId` (`["*"]` to allow any). Default: only the requester agent.
-- `runtime: "acp"`: `acp.allowedAgents` controls which ACP harness ids are allowed. This is a separate policy from `subagents.allowAgents`.
-- Sandbox inheritance guard: if the requester session is sandboxed, `sessions_spawn` rejects targets that would run unsandboxed.
-
-Discovery:
-
-- Use `agents_list` to discover allowed targets for `runtime: "subagent"`.
-- For `runtime: "acp"`, use configured ACP harness ids and `acp.allowedAgents`; `agents_list` does not list ACP harness targets.
-
-Behavior:
-
-- Starts a new `agent:<agentId>:subagent:<uuid>` session with `deliver: false`.
-- Sub-agents default to the full tool set **minus session tools** (configurable via `tools.subagents.tools`).
-- Sub-agents are not allowed to call `sessions_spawn` (no sub-agent → sub-agent spawning).
-- Always non-blocking: returns `{ status: "accepted", runId, childSessionKey }` immediately.
-- With `thread=true`, channel plugins can bind delivery/routing to a thread target (Discord support is controlled by `session.threadBindings.*` and `channels.discord.threadBindings.*`).
-- After completion, OpenClaw runs a sub-agent **announce step** and posts the result to the requester chat channel.
-  - If the assistant final reply is empty, the latest `toolResult` from sub-agent history is included as `Result`.
-- Reply exactly `ANNOUNCE_SKIP` during the announce step to stay silent.
-- Announce replies are normalized to `Status`/`Result`/`Notes`; `Status` comes from runtime outcome (not model text).
-- Sub-agent sessions are auto-archived after `agents.defaults.subagents.archiveAfterMinutes` (default: 60).
-- Announce replies include a stats line (runtime, tokens, sessionKey/sessionId, transcript path, and optional cost).
-
-## Sandbox Session Visibility
-
-Session tools can be scoped to reduce cross-session access.
-
-Default behavior:
-
-- `tools.sessions.visibility` defaults to `tree` (current session + spawned subagent sessions).
-- For sandboxed sessions, `agents.defaults.sandbox.sessionToolsVisibility` can hard-clamp visibility.
-
-Config:
-
-```json5
-{
-  tools: {
-    sessions: {
-      // "self" | "tree" | "agent" | "all"
-      // default: "tree"
-      visibility: "tree",
-    },
-  },
-  agents: {
-    defaults: {
-      sandbox: {
-        // default: "spawned"
-        sessionToolsVisibility: "spawned", // or "all"
-      },
-    },
-  },
-}
-```
-
-Notes:
-
-- `self`: only the current session key.
-- `tree`: current session + sessions spawned by the current session.
-- `agent`: any session belonging to the current agent id.
-- `all`: any session (cross-agent access still requires `tools.agentToAgent`).
-- When a session is sandboxed and `sessionToolsVisibility="spawned"`, OpenClaw clamps visibility to `tree` even if you set `tools.sessions.visibility="all"`.
+- [Session Management](/concepts/session) -- routing, lifecycle, maintenance
+- [ACP Agents](/tools/acp-agents) -- external harness spawning
+- [Multi-agent](/concepts/multi-agent) -- multi-agent architecture
+- [Gateway Configuration](/gateway/configuration) -- session tool config knobs

docs/concepts/session.md

@@ -1,310 +1,116 @@
 ---
-summary: "Session management rules, keys, and persistence for chats"
+summary: "How OpenClaw manages conversation sessions"
 read_when:
-  - Modifying session handling or storage
+  - You want to understand session routing and isolation
+  - You want to configure DM scope for multi-user setups
 title: "Session Management"
 ---
 
 # Session Management
 
-OpenClaw treats **one direct-chat session per agent** as primary. Direct chats collapse to `agent:<agentId>:<mainKey>` (default `main`), while group/channel chats get their own keys. `session.mainKey` is honored.
+OpenClaw organizes conversations into **sessions**. Each message is routed to a
+session based on where it came from -- DMs, group chats, cron jobs, etc.
 
-Use `session.dmScope` to control how **direct messages** are grouped:
+## How messages are routed
 
-- `main` (default): all DMs share the main session for continuity.
-- `per-peer`: isolate by sender id across channels.
-- `per-channel-peer`: isolate by channel + sender (recommended for multi-user inboxes).
-- `per-account-channel-peer`: isolate by account + channel + sender (recommended for multi-account inboxes).
-  Use `session.identityLinks` to map provider-prefixed peer ids to a canonical identity so the same person shares a DM session across channels when using `per-peer`, `per-channel-peer`, or `per-account-channel-peer`.
+| Source          | Behavior                  |
+| --------------- | ------------------------- |
+| Direct messages | Shared session by default |
+| Group chats     | Isolated per group        |
+| Rooms/channels  | Isolated per room         |
+| Cron jobs       | Fresh session per run     |
+| Webhooks        | Isolated per hook         |
 
-## Secure DM mode (recommended for multi-user setups)
+## DM isolation
 
-> **Security Warning:** If your agent can receive DMs from **multiple people**, you should strongly consider enabling secure DM mode. Without it, all users share the same conversation context, which can leak private information between users.
+By default, all DMs share one session for continuity. This is fine for
+single-user setups.
 
-**Example of the problem with default settings:**
+<Warning>
+If multiple people can message your agent, enable DM isolation. Without it, all
+users share the same conversation context -- Alice's private messages would be
+visible to Bob.
+</Warning>
 
-- Alice (`<SENDER_A>`) messages your agent about a private topic (for example, a medical appointment)
-- Bob (`<SENDER_B>`) messages your agent asking "What were we talking about?"
-- Because both DMs share the same session, the model may answer Bob using Alice's prior context.
-
-**The fix:** Set `dmScope` to isolate sessions per user:
+**The fix:**
 
 ```json5
-// ~/.openclaw/openclaw.json
 {
   session: {
-    // Secure DM mode: isolate DM context per channel + sender.
-    dmScope: "per-channel-peer",
+    dmScope: "per-channel-peer", // isolate by channel + sender
   },
 }
 ```
 
-**When to enable this:**
+Other options:
 
-- You have pairing approvals for more than one sender
-- You use a DM allowlist with multiple entries
-- You set `dmPolicy: "open"`
-- Multiple phone numbers or accounts can message your agent
+- `main` (default) -- all DMs share one session.
+- `per-peer` -- isolate by sender (across channels).
+- `per-channel-peer` -- isolate by channel + sender (recommended).
+- `per-account-channel-peer` -- isolate by account + channel + sender.
 
-Notes:
+<Tip>
+If the same person contacts you from multiple channels, use
+`session.identityLinks` to link their identities so they share one session.
+</Tip>
 
-- Default is `dmScope: "main"` for continuity (all DMs share the main session). This is fine for single-user setups.
-- Local CLI onboarding writes `session.dmScope: "per-channel-peer"` by default when unset (existing explicit values are preserved).
-- For multi-account inboxes on the same channel, prefer `per-account-channel-peer`.
-- If the same person contacts you on multiple channels, use `session.identityLinks` to collapse their DM sessions into one canonical identity.
-- You can verify your DM settings with `openclaw security audit` (see [security](/cli/security)).
+Verify your setup with `openclaw security audit`.
 
-## Gateway is the source of truth
+## Session lifecycle
 
-All session state is **owned by the gateway** (the “master” OpenClaw). UI clients (macOS app, WebChat, etc.) must query the gateway for session lists and token counts instead of reading local files.
+Sessions are reused until they expire:
 
-- In **remote mode**, the session store you care about lives on the remote gateway host, not your Mac.
-- Token counts shown in UIs come from the gateway’s store fields (`inputTokens`, `outputTokens`, `totalTokens`, `contextTokens`). Clients do not parse JSONL transcripts to “fix up” totals.
+- **Daily reset** (default) -- new session at 4:00 AM local time on the gateway
+  host.
+- **Idle reset** (optional) -- new session after a period of inactivity. Set
+  `session.reset.idleMinutes`.
+- **Manual reset** -- type `/new` or `/reset` in chat. `/new <model>` also
+  switches the model.
+
+When both daily and idle resets are configured, whichever expires first wins.
 
 ## Where state lives
 
-- On the **gateway host**:
-  - Store file: `~/.openclaw/agents/<agentId>/sessions/sessions.json` (per agent).
-- Transcripts: `~/.openclaw/agents/<agentId>/sessions/<SessionId>.jsonl` (Telegram topic sessions use `.../<SessionId>-topic-<threadId>.jsonl`).
-- The store is a map `sessionKey -> { sessionId, updatedAt, ... }`. Deleting entries is safe; they are recreated on demand.
-- Group entries may include `displayName`, `channel`, `subject`, `room`, and `space` to label sessions in UIs.
-- Session entries include `origin` metadata (label + routing hints) so UIs can explain where a session came from.
-- OpenClaw does **not** read legacy Pi/Tau session folders.
+All session state is owned by the **gateway**. UI clients query the gateway for
+session data.
 
-## Maintenance
+- **Store:** `~/.openclaw/agents/<agentId>/sessions/sessions.json`
+- **Transcripts:** `~/.openclaw/agents/<agentId>/sessions/<sessionId>.jsonl`
 
-OpenClaw applies session-store maintenance to keep `sessions.json` and transcript artifacts bounded over time.
+## Session maintenance
 
-### Defaults
-
-- `session.maintenance.mode`: `warn`
-- `session.maintenance.pruneAfter`: `30d`
-- `session.maintenance.maxEntries`: `500`
-- `session.maintenance.rotateBytes`: `10mb`
-- `session.maintenance.resetArchiveRetention`: defaults to `pruneAfter` (`30d`)
-- `session.maintenance.maxDiskBytes`: unset (disabled)
-- `session.maintenance.highWaterBytes`: defaults to `80%` of `maxDiskBytes` when budgeting is enabled
-
-### How it works
-
-Maintenance runs during session-store writes, and you can trigger it on demand with `openclaw sessions cleanup`.
-
-- `mode: "warn"`: reports what would be evicted but does not mutate entries/transcripts.
-- `mode: "enforce"`: applies cleanup in this order:
-  1. prune stale entries older than `pruneAfter`
-  2. cap entry count to `maxEntries` (oldest first)
-  3. archive transcript files for removed entries that are no longer referenced
-  4. purge old `*.deleted.<timestamp>` and `*.reset.<timestamp>` archives by retention policy
-  5. rotate `sessions.json` when it exceeds `rotateBytes`
-  6. if `maxDiskBytes` is set, enforce disk budget toward `highWaterBytes` (oldest artifacts first, then oldest sessions)
-
-### Performance caveat for large stores
-
-Large session stores are common in high-volume setups. Maintenance work is write-path work, so very large stores can increase write latency.
-
-What increases cost most:
-
-- very high `session.maintenance.maxEntries` values
-- long `pruneAfter` windows that keep stale entries around
-- many transcript/archive artifacts in `~/.openclaw/agents/<agentId>/sessions/`
-- enabling disk budgets (`maxDiskBytes`) without reasonable pruning/cap limits
-
-What to do:
-
-- use `mode: "enforce"` in production so growth is bounded automatically
-- set both time and count limits (`pruneAfter` + `maxEntries`), not just one
-- set `maxDiskBytes` + `highWaterBytes` for hard upper bounds in large deployments
-- keep `highWaterBytes` meaningfully below `maxDiskBytes` (default is 80%)
-- run `openclaw sessions cleanup --dry-run --json` after config changes to verify projected impact before enforcing
-- for frequent active sessions, pass `--active-key` when running manual cleanup
-
-### Customize examples
-
-Use a conservative enforce policy:
+OpenClaw automatically bounds session storage over time. By default, it runs
+in `warn` mode (reports what would be cleaned). Set `session.maintenance.mode`
+to `"enforce"` for automatic cleanup:
 
 ```json5
 {
   session: {
     maintenance: {
       mode: "enforce",
-      pruneAfter: "45d",
-      maxEntries: 800,
-      rotateBytes: "20mb",
-      resetArchiveRetention: "14d",
+      pruneAfter: "30d",
+      maxEntries: 500,
     },
   },
 }
 ```
 
-Enable a hard disk budget for the sessions directory:
+Preview with `openclaw sessions cleanup --dry-run`.
 
-```json5
-{
-  session: {
-    maintenance: {
-      mode: "enforce",
-      maxDiskBytes: "1gb",
-      highWaterBytes: "800mb",
-    },
-  },
-}
-```
+## Inspecting sessions
 
-Tune for larger installs (example):
+- `openclaw status` -- session store path and recent activity.
+- `openclaw sessions --json` -- all sessions (filter with `--active <minutes>`).
+- `/status` in chat -- context usage, model, and toggles.
+- `/context list` -- what is in the system prompt.
 
-```json5
-{
-  session: {
-    maintenance: {
-      mode: "enforce",
-      pruneAfter: "14d",
-      maxEntries: 2000,
-      rotateBytes: "25mb",
-      maxDiskBytes: "2gb",
-      highWaterBytes: "1.6gb",
-    },
-  },
-}
-```
+## Further reading
 
-Preview or force maintenance from CLI:
-
-```bash
-openclaw sessions cleanup --dry-run
-openclaw sessions cleanup --enforce
-```
-
-## Session pruning
-
-OpenClaw trims **old tool results** from the in-memory context right before LLM calls by default.
-This does **not** rewrite JSONL history. See [/concepts/session-pruning](/concepts/session-pruning).
-
-## Pre-compaction memory flush
-
-When a session nears auto-compaction, OpenClaw can run a **silent memory flush**
-turn that reminds the model to write durable notes to disk. This only runs when
-the workspace is writable. See [Memory](/concepts/memory) and
-[Compaction](/concepts/compaction).
-
-## Mapping transports → session keys
-
-- Direct chats follow `session.dmScope` (default `main`).
-  - `main`: `agent:<agentId>:<mainKey>` (continuity across devices/channels).
-    - Multiple phone numbers and channels can map to the same agent main key; they act as transports into one conversation.
-  - `per-peer`: `agent:<agentId>:direct:<peerId>`.
-  - `per-channel-peer`: `agent:<agentId>:<channel>:direct:<peerId>`.
-  - `per-account-channel-peer`: `agent:<agentId>:<channel>:<accountId>:direct:<peerId>` (accountId defaults to `default`).
-  - If `session.identityLinks` matches a provider-prefixed peer id (for example `telegram:123`), the canonical key replaces `<peerId>` so the same person shares a session across channels.
-- Group chats isolate state: `agent:<agentId>:<channel>:group:<id>` (rooms/channels use `agent:<agentId>:<channel>:channel:<id>`).
-  - Telegram forum topics append `:topic:<threadId>` to the group id for isolation.
-  - Legacy `group:<id>` keys are still recognized for migration.
-- Inbound contexts may still use `group:<id>`; the channel is inferred from `Provider` and normalized to the canonical `agent:<agentId>:<channel>:group:<id>` form.
-- Other sources:
-  - Cron jobs: `cron:<job.id>` (isolated) or custom `session:<custom-id>` (persistent)
-  - Webhooks: `hook:<uuid>` (unless explicitly set by the hook)
-  - Node runs: `node-<nodeId>`
-
-## Lifecycle
-
-- Reset policy: sessions are reused until they expire, and expiry is evaluated on the next inbound message.
-- Daily reset: defaults to **4:00 AM local time on the gateway host**. A session is stale once its last update is earlier than the most recent daily reset time.
-- Idle reset (optional): `idleMinutes` adds a sliding idle window. When both daily and idle resets are configured, **whichever expires first** forces a new session.
-- Legacy idle-only: if you set `session.idleMinutes` without any `session.reset`/`resetByType` config, OpenClaw stays in idle-only mode for backward compatibility.
-- Per-type overrides (optional): `resetByType` lets you override the policy for `direct`, `group`, and `thread` sessions (thread = Slack/Discord threads, Telegram topics, Matrix threads when provided by the connector).
-- Per-channel overrides (optional): `resetByChannel` overrides the reset policy for a channel (applies to all session types for that channel and takes precedence over `reset`/`resetByType`).
-- Reset triggers: exact `/new` or `/reset` (plus any extras in `resetTriggers`) start a fresh session id and pass the remainder of the message through. `/new <model>` accepts a model alias, `provider/model`, or provider name (fuzzy match) to set the new session model. If `/new` or `/reset` is sent alone, OpenClaw runs a short “hello” greeting turn to confirm the reset.
-- Manual reset: delete specific keys from the store or remove the JSONL transcript; the next message recreates them.
-- Isolated cron jobs always mint a fresh `sessionId` per run (no idle reuse).
-
-## Send policy (optional)
-
-Block delivery for specific session types without listing individual ids.
-
-```json5
-{
-  session: {
-    sendPolicy: {
-      rules: [
-        { action: "deny", match: { channel: "discord", chatType: "group" } },
-        { action: "deny", match: { keyPrefix: "cron:" } },
-        // Match the raw session key (including the `agent:<id>:` prefix).
-        { action: "deny", match: { rawKeyPrefix: "agent:main:discord:" } },
-      ],
-      default: "allow",
-    },
-  },
-}
-```
-
-Runtime override (owner only):
-
-- `/send on` → allow for this session
-- `/send off` → deny for this session
-- `/send inherit` → clear override and use config rules
-  Send these as standalone messages so they register.
-
-## Configuration (optional rename example)
-
-```json5
-// ~/.openclaw/openclaw.json
-{
-  session: {
-    scope: "per-sender", // keep group keys separate
-    dmScope: "main", // DM continuity (set per-channel-peer/per-account-channel-peer for shared inboxes)
-    identityLinks: {
-      alice: ["telegram:123456789", "discord:987654321012345678"],
-    },
-    reset: {
-      // Defaults: mode=daily, atHour=4 (gateway host local time).
-      // If you also set idleMinutes, whichever expires first wins.
-      mode: "daily",
-      atHour: 4,
-      idleMinutes: 120,
-    },
-    resetByType: {
-      thread: { mode: "daily", atHour: 4 },
-      direct: { mode: "idle", idleMinutes: 240 },
-      group: { mode: "idle", idleMinutes: 120 },
-    },
-    resetByChannel: {
-      discord: { mode: "idle", idleMinutes: 10080 },
-    },
-    resetTriggers: ["/new", "/reset"],
-    store: "~/.openclaw/agents/{agentId}/sessions/sessions.json",
-    mainKey: "main",
-  },
-}
-```
-
-## Inspecting
-
-- `openclaw status` — shows store path and recent sessions.
-- `openclaw sessions --json` — dumps every entry (filter with `--active <minutes>`).
-- `openclaw gateway call sessions.list --params '{}'` — fetch sessions from the running gateway (use `--url`/`--token` for remote gateway access).
-- Send `/status` as a standalone message in chat to see whether the agent is reachable, how much of the session context is used, current thinking/fast/verbose toggles, and when your WhatsApp web creds were last refreshed (helps spot relink needs).
-- Send `/context list` or `/context detail` to see what’s in the system prompt and injected workspace files (and the biggest context contributors).
-- Send `/stop` (or standalone abort phrases like `stop`, `stop action`, `stop run`, `stop openclaw`) to abort the current run, clear queued followups for that session, and stop any sub-agent runs spawned from it (the reply includes the stopped count).
-- Send `/compact` (optional instructions) as a standalone message to summarize older context and free up window space. See [/concepts/compaction](/concepts/compaction).
-- JSONL transcripts can be opened directly to review full turns.
-
-## Tips
-
-- Keep the primary key dedicated to 1:1 traffic; let groups keep their own keys.
-- When automating cleanup, delete individual keys instead of the whole store to preserve context elsewhere.
-
-## Session origin metadata
-
-Each session entry records where it came from (best-effort) in `origin`:
-
-- `label`: human label (resolved from conversation label + group subject/channel)
-- `provider`: normalized channel id (including extensions)
-- `from`/`to`: raw routing ids from the inbound envelope
-- `accountId`: provider account id (when multi-account)
-- `threadId`: thread/topic id when the channel supports it
-  The origin fields are populated for direct messages, channels, and groups. If a
-  connector only updates delivery routing (for example, to keep a DM main session
-  fresh), it should still provide inbound context so the session keeps its
-  explainer metadata. Extensions can do this by sending `ConversationLabel`,
-  `GroupSubject`, `GroupChannel`, `GroupSpace`, and `SenderName` in the inbound
-  context and calling `recordSessionMetaFromInbound` (or passing the same context
-  to `updateLastRoute`).
+- [Session Pruning](/concepts/session-pruning) -- trimming tool results
+- [Compaction](/concepts/compaction) -- summarizing long conversations
+- [Session Tools](/concepts/session-tool) -- agent tools for cross-session work
+- [Session Management Deep Dive](/reference/session-management-compaction) --
+  store schema, transcripts, send policy, origin metadata, and advanced config
+- [Multi-Agent](/concepts/multi-agent) — routing and session isolation across agents
+- [Background Tasks](/automation/tasks) — how detached work creates task records with session references
+- [Channel Routing](/channels/channel-routing) — how inbound messages are routed to sessions

docs/concepts/timezone.md

@@ -89,3 +89,9 @@ The system prompt includes:
 You can control the prompt format with `agents.defaults.timeFormat` (`auto` | `12` | `24`).
 
 See [Date & Time](/date-time) for the full behavior and examples.
+
+## Related
+
+- [Heartbeat](/gateway/heartbeat) — active hours use timezone for scheduling
+- [Cron Jobs](/automation/cron-jobs) — cron expressions use timezone for scheduling
+- [Date & Time](/date-time) — full date/time behavior and examples

docs/docs.json

@@ -924,6 +924,7 @@
                 "pages": [
                   "install/ansible",
                   "install/bun",
+                  "install/clawdock",
                   "install/docker",
                   "install/nix",
                   "install/podman"
@@ -989,7 +990,6 @@
                   "channels/telegram",
                   "channels/tlon",
                   "channels/twitch",
-                  "plugins/voice-call",
                   "channels/whatsapp",
                   "channels/zalo",
                   "channels/zalouser"
@@ -1032,7 +1032,16 @@
                   "concepts/session",
                   "concepts/session-pruning",
                   "concepts/session-tool",
-                  "concepts/memory",
+                  {
+                    "group": "Memory",
+                    "pages": [
+                      "concepts/memory",
+                      "concepts/memory-builtin",
+                      "concepts/memory-qmd",
+                      "concepts/memory-honcho",
+                      "concepts/memory-search"
+                    ]
+                  },
                   "concepts/compaction"
                 ]
               },
@@ -1068,6 +1077,7 @@
                   "tools/plugin",
                   "plugins/community",
                   "plugins/bundles",
+                  "plugins/voice-call",
                   {
                     "group": "Building Plugins",
                     "pages": [
@@ -1105,10 +1115,12 @@
               {
                 "group": "Automation",
                 "pages": [
+                  "automation/index",
                   "automation/hooks",
                   "automation/standing-orders",
                   "automation/cron-jobs",
                   "automation/cron-vs-heartbeat",
+                  "automation/tasks",
                   "automation/troubleshooting",
                   "automation/webhook",
                   "automation/gmail-pubsub",
@@ -1151,6 +1163,7 @@
                   "tools/elevated",
                   "tools/exec",
                   "tools/exec-approvals",
+                  "tools/image-generation",
                   "tools/llm-task",
                   "tools/lobster",
                   "tools/loop-detection",
@@ -1337,18 +1350,28 @@
                 ]
               },
               {
-                "group": "Nodes and devices",
+                "group": "Nodes and media",
                 "pages": [
                   "nodes/index",
                   "nodes/troubleshooting",
-                  "nodes/media-understanding",
-                  "nodes/images",
-                  "nodes/audio",
-                  "nodes/camera",
-                  "nodes/talk",
-                  "nodes/voicewake",
-                  "nodes/location-command",
-                  "tools/tts"
+                  {
+                    "group": "Media capabilities",
+                    "pages": [
+                      "nodes/media-understanding",
+                      "nodes/images",
+                      "nodes/audio",
+                      "nodes/camera",
+                      "tools/tts"
+                    ]
+                  },
+                  {
+                    "group": "Node features",
+                    "pages": [
+                      "nodes/talk",
+                      "nodes/voicewake",
+                      "nodes/location-command"
+                    ]
+                  }
                 ]
               },
               {

docs/gateway/configuration-reference.md

@@ -571,6 +571,45 @@ exec ssh -T gateway-host imsg "$@"
 
 </Accordion>
 
+### Matrix
+
+Matrix is extension-backed and configured under `channels.matrix`.
+
+```json5
+{
+  channels: {
+    matrix: {
+      enabled: true,
+      homeserver: "https://matrix.example.org",
+      accessToken: "syt_bot_xxx",
+      proxy: "http://127.0.0.1:7890",
+      encryption: true,
+      initialSyncLimit: 20,
+      defaultAccount: "ops",
+      accounts: {
+        ops: {
+          name: "Ops",
+          userId: "@ops:example.org",
+          accessToken: "syt_ops_xxx",
+        },
+        alerts: {
+          userId: "@alerts:example.org",
+          password: "secret",
+          proxy: "http://127.0.0.1:7891",
+        },
+      },
+    },
+  },
+}
+```
+
+- Token auth uses `accessToken`; password auth uses `userId` + `password`.
+- `channels.matrix.proxy` routes Matrix HTTP traffic through an explicit HTTP(S) proxy. Named accounts can override it with `channels.matrix.accounts.<id>.proxy`.
+- `channels.matrix.allowPrivateNetwork` allows private/internal homeservers. `proxy` and `allowPrivateNetwork` are independent controls.
+- `channels.matrix.defaultAccount` selects the preferred account in multi-account setups.
+- Matrix status probes and live directory lookups use the same proxy policy as runtime traffic.
+- Full Matrix configuration, targeting rules, and setup examples are documented in [Matrix](/channels/matrix).
+
 ### Microsoft Teams
 
 Microsoft Teams is extension-backed and configured under `channels.msteams`.
@@ -906,7 +945,7 @@ Time format in system prompt. Default: `auto` (OS preference).
   - Also used as fallback routing when the selected/default model cannot accept image input.
 - `imageGenerationModel`: accepts either a string (`"provider/model"`) or an object (`{ primary, fallbacks }`).
   - Used by the shared image-generation capability and any future tool/plugin surface that generates images.
-  - Typical values: `google/gemini-3-pro-image-preview` for the native Nano Banana-style flow, `fal/fal-ai/flux/dev` for fal, or `openai/gpt-image-1` for OpenAI Images.
+  - Typical values: `google/gemini-3-pro-image-preview` for native Gemini image generation, `fal/fal-ai/flux/dev` for fal, or `openai/gpt-image-1` for OpenAI Images.
   - If you select a provider/model directly, configure the matching provider auth/API key too (for example `GEMINI_API_KEY` or `GOOGLE_API_KEY` for `google/*`, `OPENAI_API_KEY` for `openai/*`, `FAL_KEY` for `fal/*`).
   - If omitted, `image_generate` can still infer a best-effort provider default from compatible auth-backed image-generation providers.
 - `pdfModel`: accepts either a string (`"provider/model"`) or an object (`{ primary, fallbacks }`).
@@ -914,11 +953,13 @@ Time format in system prompt. Default: `auto` (OS preference).
   - If omitted, the PDF tool falls back to `imageModel`, then to best-effort provider defaults.
 - `pdfMaxBytesMb`: default PDF size limit for the `pdf` tool when `maxBytesMb` is not passed at call time.
 - `pdfMaxPages`: default maximum pages considered by extraction fallback mode in the `pdf` tool.
+- `verboseDefault`: default verbose level for agents. Values: `"off"`, `"on"`, `"full"`. Default: `"off"`.
+- `elevatedDefault`: default elevated-output level for agents. Values: `"off"`, `"on"`, `"ask"`, `"full"`. Default: `"on"`.
 - `model.primary`: format `provider/model` (e.g. `anthropic/claude-opus-4-6`). If you omit the provider, OpenClaw assumes `anthropic` (deprecated).
 - `models`: the configured model catalog and allowlist for `/model`. Each entry can include `alias` (shortcut) and `params` (provider-specific, for example `temperature`, `maxTokens`, `cacheRetention`, `context1m`).
 - `params` merge precedence (config): `agents.defaults.models["provider/model"].params` is the base, then `agents.list[].params` (matching agent id) overrides by key.
 - Config writers that mutate these fields (for example `/models set`, `/models set-image`, and fallback add/remove commands) save canonical object form and preserve existing fallback lists when possible.
-- `maxConcurrent`: max parallel agent runs across sessions (each session still serialized). Default: 1.
+- `maxConcurrent`: max parallel agent runs across sessions (each session still serialized). Default: 4.
 
 **Built-in alias shorthands** (only apply when the model is in `agents.defaults.models`):
 
@@ -999,7 +1040,7 @@ Periodic heartbeat runs.
 }
 ```
 
-- `every`: duration string (ms/s/m/h). Default: `30m`.
+- `every`: duration string (ms/s/m/h). Default: `30m` (API-key auth) or `1h` (OAuth auth). Set to `0m` to disable.
 - `suppressToolErrorWarnings`: when true, suppresses tool error warning payloads during heartbeat runs.
 - `directPolicy`: direct/DM delivery policy. `allow` (default) permits direct-target delivery. `block` suppresses direct-target delivery and emits `reason=dm-blocked`.
 - `lightContext`: when true, heartbeat runs use lightweight bootstrap context and keep only `HEARTBEAT.md` from workspace bootstrap files.
@@ -1125,6 +1166,8 @@ See [Streaming](/concepts/streaming) for behavior + chunking details.
 
 See [Typing Indicators](/concepts/typing-indicators).
 
+<a id="agentsdefaultssandbox"></a>
+
 ### `agents.defaults.sandbox`
 
 Optional sandboxing for the embedded agent. See [Sandboxing](/gateway/sandboxing) for the full guide.
@@ -1612,6 +1655,9 @@ See [Multi-Agent Sandbox & Tools](/tools/multi-agent-sandbox-tools) for preceden
 
 <Accordion title="Session field details">
 
+- **`scope`**: base session grouping strategy for group-chat contexts.
+  - `per-sender` (default): each sender gets an isolated session within a channel context.
+  - `global`: all participants in a channel context share a single session (use only when shared context is intended).
 - **`dmScope`**: how DMs are grouped.
   - `main`: all DMs share the main session.
   - `per-peer`: isolate by sender id across channels.
@@ -1624,6 +1670,7 @@ See [Multi-Agent Sandbox & Tools](/tools/multi-agent-sandbox-tools) for preceden
   - If parent `totalTokens` is above this value, OpenClaw starts a fresh thread session instead of inheriting parent transcript history.
   - Set `0` to disable this guard and always allow parent forking.
 - **`mainKey`**: legacy field. Runtime now always uses `"main"` for the main direct-chat bucket.
+- **`agentToAgent.maxPingPongTurns`**: maximum reply-back turns between agents during agent-to-agent exchanges (integer, range: `0`–`5`). `0` disables ping-pong chaining.
 - **`sendPolicy`**: match by `channel`, `chatType` (`direct|group|channel`, with legacy `dm` alias), `keyPrefix`, or `rawKeyPrefix`. First deny wins.
 - **`maintenance`**: session-store cleanup + retention controls.
   - `mode`: `warn` emits warnings only; `enforce` applies cleanup.
@@ -2059,7 +2106,7 @@ Notes:
 - File permissions are `0700` for directories and `0600` for files.
 - Cleanup follows the `cleanup` policy: `delete` always removes attachments; `keep` retains them only when `retainOnSessionKeep: true`.
 
-### `tools.subagents`
+### `agents.defaults.subagents`
 
 ```json5
 {
@@ -2067,7 +2114,7 @@ Notes:
     defaults: {
       subagents: {
         model: "minimax/MiniMax-M2.7",
-        maxConcurrent: 1,
+        maxConcurrent: 8,
         runTimeoutSeconds: 900,
         archiveAfterMinutes: 60,
       },
@@ -2084,7 +2131,7 @@ Notes:
 
 ## Custom providers and base URLs
 
-OpenClaw uses the pi-coding-agent model catalog. Add custom providers via `models.providers` in config or `~/.openclaw/agents/<agentId>/agent/models.json`.
+OpenClaw uses the built-in model catalog. Add custom providers via `models.providers` in config or `~/.openclaw/agents/<agentId>/agent/models.json`.
 
 ```json5
 {
@@ -2113,7 +2160,7 @@ OpenClaw uses the pi-coding-agent model catalog. Add custom providers via `model
 ```
 
 - Use `authHeader: true` + `headers` for custom auth needs.
-- Override agent config root with `OPENCLAW_AGENT_DIR` (or `PI_CODING_AGENT_DIR`).
+- Override agent config root with `OPENCLAW_AGENT_DIR` (or `PI_CODING_AGENT_DIR`, a legacy environment variable alias).
 - Merge precedence for matching provider IDs:
   - Non-empty agent `models.json` `baseUrl` values win.
   - Non-empty agent `apiKey` values win only when that provider is not SecretRef-managed in current config/auth-profile context.
@@ -2644,6 +2691,50 @@ Convenience flags: `--dev` (uses `~/.openclaw-dev` + port `19001`), `--profile <
 
 See [Multiple Gateways](/gateway/multiple-gateways).
 
+### `gateway.tls`
+
+```json5
+{
+  gateway: {
+    tls: {
+      enabled: false,
+      autoGenerate: false,
+      certPath: "/etc/openclaw/tls/server.crt",
+      keyPath: "/etc/openclaw/tls/server.key",
+      caPath: "/etc/openclaw/tls/ca-bundle.crt",
+    },
+  },
+}
+```
+
+- `enabled`: enables TLS termination at the gateway listener (HTTPS/WSS) (default: `false`).
+- `autoGenerate`: auto-generates a local self-signed cert/key pair when explicit files are not configured; for local/dev use only.
+- `certPath`: filesystem path to the TLS certificate file.
+- `keyPath`: filesystem path to the TLS private key file; keep permission-restricted.
+- `caPath`: optional CA bundle path for client verification or custom trust chains.
+
+### `gateway.reload`
+
+```json5
+{
+  gateway: {
+    reload: {
+      mode: "hybrid", // off | restart | hot | hybrid
+      debounceMs: 500,
+      deferralTimeoutMs: 300000,
+    },
+  },
+}
+```
+
+- `mode`: controls how config edits are applied at runtime.
+  - `"off"`: ignore live edits; changes require an explicit restart.
+  - `"restart"`: always restart the gateway process on config change.
+  - `"hot"`: apply changes in-process without restarting.
+  - `"hybrid"` (default): try hot reload first; fall back to restart if required.
+- `debounceMs`: debounce window in ms before config changes are applied (non-negative integer).
+- `deferralTimeoutMs`: maximum time in ms to wait for in-flight operations before forcing a restart (default: `300000` = 5 minutes).
+
 ---
 
 ## Hooks
@@ -2926,6 +3017,26 @@ Notes:
 - See [OAuth](/concepts/oauth).
 - Secrets runtime behavior and `audit/configure/apply` tooling: [Secrets Management](/gateway/secrets).
 
+### `auth.cooldowns`
+
+```json5
+{
+  auth: {
+    cooldowns: {
+      billingBackoffHours: 5,
+      billingBackoffHoursByProvider: { anthropic: 3, openai: 8 },
+      billingMaxHours: 24,
+      failureWindowHours: 24,
+    },
+  },
+}
+```
+
+- `billingBackoffHours`: base backoff in hours when a profile fails due to billing/insufficient credits (default: `5`).
+- `billingBackoffHoursByProvider`: optional per-provider overrides for billing backoff hours.
+- `billingMaxHours`: cap in hours for billing backoff exponential growth (default: `24`).
+- `failureWindowHours`: rolling window in hours used for backoff counters (default: `24`).
+
 ---
 
 ## Logging
@@ -2946,6 +3057,128 @@ Notes:
 - Default log file: `/tmp/openclaw/openclaw-YYYY-MM-DD.log`.
 - Set `logging.file` for a stable path.
 - `consoleLevel` bumps to `debug` when `--verbose`.
+- `maxFileBytes`: maximum log file size in bytes before writes are suppressed (positive integer; default: `524288000` = 500 MB). Use external log rotation for production deployments.
+
+---
+
+## Diagnostics
+
+```json5
+{
+  diagnostics: {
+    enabled: true,
+    flags: ["telegram.*"],
+    stuckSessionWarnMs: 30000,
+
+    otel: {
+      enabled: false,
+      endpoint: "https://otel-collector.example.com:4318",
+      protocol: "http/protobuf", // http/protobuf | grpc
+      headers: { "x-tenant-id": "my-org" },
+      serviceName: "openclaw-gateway",
+      traces: true,
+      metrics: true,
+      logs: false,
+      sampleRate: 1.0,
+      flushIntervalMs: 5000,
+    },
+
+    cacheTrace: {
+      enabled: false,
+      includeMessages: true,
+      includePrompt: true,
+      includeSystem: true,
+    },
+  },
+}
+```
+
+- `enabled`: master toggle for instrumentation output (default: `true`).
+- `flags`: array of flag strings enabling targeted log output (supports wildcards like `"telegram.*"` or `"*"`).
+- `stuckSessionWarnMs`: age threshold in ms for emitting stuck-session warnings while a session remains in processing state.
+- `otel.enabled`: enables the OpenTelemetry export pipeline (default: `false`).
+- `otel.endpoint`: collector URL for OTel export.
+- `otel.protocol`: `"http/protobuf"` (default) or `"grpc"`.
+- `otel.headers`: extra HTTP/gRPC metadata headers sent with OTel export requests.
+- `otel.serviceName`: service name for resource attributes.
+- `otel.traces` / `otel.metrics` / `otel.logs`: enable trace, metrics, or log export.
+- `otel.sampleRate`: trace sampling rate `0`–`1`.
+- `otel.flushIntervalMs`: periodic telemetry flush interval in ms.
+- `cacheTrace.enabled`: log cache trace snapshots for embedded runs (default: `false`).
+- `cacheTrace.includeMessages` / `includePrompt` / `includeSystem`: control what is included in cache trace output (all default: `true`).
+
+---
+
+## Update
+
+```json5
+{
+  update: {
+    channel: "stable", // stable | beta | dev
+    checkOnStart: true,
+
+    auto: {
+      enabled: false,
+      stableDelayHours: 6,
+      stableJitterHours: 12,
+      betaCheckIntervalHours: 1,
+    },
+  },
+}
+```
+
+- `channel`: release channel for npm/git installs — `"stable"`, `"beta"`, or `"dev"`.
+- `checkOnStart`: check for npm updates when the gateway starts (default: `true`).
+- `auto.enabled`: enable background auto-update for package installs (default: `false`).
+- `auto.stableDelayHours`: minimum delay in hours before stable-channel auto-apply (default: `6`; max: `168`).
+- `auto.stableJitterHours`: extra stable-channel rollout spread window in hours (default: `12`; max: `168`).
+- `auto.betaCheckIntervalHours`: how often beta-channel checks run in hours (default: `1`; max: `24`).
+
+---
+
+## ACP
+
+```json5
+{
+  acp: {
+    enabled: false,
+    dispatch: { enabled: true },
+    backend: "acpx",
+    defaultAgent: "main",
+    allowedAgents: ["main", "ops"],
+    maxConcurrentSessions: 10,
+
+    stream: {
+      coalesceIdleMs: 50,
+      maxChunkChars: 1000,
+      repeatSuppression: true,
+      deliveryMode: "live", // live | final_only
+      hiddenBoundarySeparator: "paragraph", // none | space | newline | paragraph
+      maxOutputChars: 50000,
+      maxSessionUpdateChars: 500,
+    },
+
+    runtime: {
+      ttlMinutes: 30,
+    },
+  },
+}
+```
+
+- `enabled`: global ACP feature gate (default: `false`).
+- `dispatch.enabled`: independent gate for ACP session turn dispatch (default: `true`). Set `false` to keep ACP commands available while blocking execution.
+- `backend`: default ACP runtime backend id (must match a registered ACP runtime plugin).
+- `defaultAgent`: fallback ACP target agent id when spawns do not specify an explicit target.
+- `allowedAgents`: allowlist of agent ids permitted for ACP runtime sessions; empty means no additional restriction.
+- `maxConcurrentSessions`: maximum concurrently active ACP sessions.
+- `stream.coalesceIdleMs`: idle flush window in ms for streamed text.
+- `stream.maxChunkChars`: maximum chunk size before splitting streamed block projection.
+- `stream.repeatSuppression`: suppress repeated status/tool lines per turn (default: `true`).
+- `stream.deliveryMode`: `"live"` streams incrementally; `"final_only"` buffers until turn terminal events.
+- `stream.hiddenBoundarySeparator`: separator before visible text after hidden tool events (default: `"paragraph"`).
+- `stream.maxOutputChars`: maximum assistant output characters projected per ACP turn.
+- `stream.maxSessionUpdateChars`: maximum characters for projected ACP status/update lines.
+- `runtime.ttlMinutes`: idle TTL in minutes for ACP session workers before eligible cleanup.
 
 ---
 
@@ -2989,29 +3222,7 @@ Metadata written by CLI guided setup flows (`onboard`, `configure`, `doctor`):
 
 ## Identity
 
-```json5
-{
-  agents: {
-    list: [
-      {
-        id: "main",
-        identity: {
-          name: "Samantha",
-          theme: "helpful sloth",
-          emoji: "🦥",
-          avatar: "avatars/samantha.png",
-        },
-      },
-    ],
-  },
-}
-```
-
-Written by the macOS onboarding assistant. Derives defaults:
-
-- `messages.ackReaction` from `identity.emoji` (falls back to 👀)
-- `mentionPatterns` from `identity.name`/`identity.emoji`
-- `avatar` accepts: workspace-relative path, `http(s)` URL, or `data:` URI
+See `agents.list` identity fields under [Agent defaults](#agent-defaults).
 
 ---
 
@@ -3063,7 +3274,49 @@ Current builds no longer include the TCP bridge. Nodes connect over the Gateway
 - `webhookToken`: bearer token used for cron webhook POST delivery (`delivery.mode = "webhook"`), if omitted no auth header is sent.
 - `webhook`: deprecated legacy fallback webhook URL (http/https) used only for stored jobs that still have `notify: true`.
 
-See [Cron Jobs](/automation/cron-jobs).
+### `cron.retry`
+
+```json5
+{
+  cron: {
+    retry: {
+      maxAttempts: 3,
+      backoffMs: [30000, 60000, 300000],
+      retryOn: ["rate_limit", "overloaded", "network", "timeout", "server_error"],
+    },
+  },
+}
+```
+
+- `maxAttempts`: maximum retries for one-shot jobs on transient errors (default: `3`; range: `0`–`10`).
+- `backoffMs`: array of backoff delays in ms for each retry attempt (default: `[30000, 60000, 300000]`; 1–10 entries).
+- `retryOn`: error types that trigger retries — `"rate_limit"`, `"overloaded"`, `"network"`, `"timeout"`, `"server_error"`. Omit to retry all transient types.
+
+Applies only to one-shot cron jobs. Recurring jobs use separate failure handling.
+
+### `cron.failureAlert`
+
+```json5
+{
+  cron: {
+    failureAlert: {
+      enabled: false,
+      after: 3,
+      cooldownMs: 3600000,
+      mode: "announce",
+      accountId: "main",
+    },
+  },
+}
+```
+
+- `enabled`: enable failure alerts for cron jobs (default: `false`).
+- `after`: consecutive failures before an alert fires (positive integer, min: `1`).
+- `cooldownMs`: minimum milliseconds between repeated alerts for the same job (non-negative integer).
+- `mode`: delivery mode — `"announce"` sends via a channel message; `"webhook"` posts to the configured webhook.
+- `accountId`: optional account or channel id to scope alert delivery.
+
+See [Cron Jobs](/automation/cron-jobs). Isolated cron executions are tracked as [background tasks](/automation/tasks).
 
 ---
 

docs/gateway/heartbeat.md

@@ -13,6 +13,9 @@ title: "Heartbeat"
 Heartbeat runs **periodic agent turns** in the main session so the model can
 surface anything that needs attention without spamming you.
 
+Heartbeat is a scheduled main-session turn — it does **not** create [background task](/automation/tasks) records.
+Task records are for detached work (ACP runs, subagents, isolated cron jobs).
+
 Troubleshooting: [/automation/troubleshooting](/automation/troubleshooting)
 
 ## Quick start (beginner)
@@ -65,6 +68,8 @@ The default prompt is intentionally broad:
   occasional lightweight “anything you need?” message, but avoids night-time spam
   by using your configured local timezone (see [/concepts/timezone](/concepts/timezone)).
 
+Heartbeat can react to completed [background tasks](/automation/tasks), but a heartbeat run itself does not create a task record.
+
 If you want a heartbeat to do something very specific (e.g. “check Gmail PubSub
 stats” or “verify gateway health”), set `agents.defaults.heartbeat.prompt` (or
 `agents.list[].heartbeat.prompt`) to a custom body (sent verbatim).
@@ -253,6 +258,7 @@ Use `accountId` to target a specific account on multi-account channels like Tele
   outbound message is sent.
 - Heartbeat-only replies do **not** keep the session alive; the last `updatedAt`
   is restored so idle expiry behaves normally.
+- Detached [background tasks](/automation/tasks) can enqueue a system event and wake heartbeat when the main session should notice something quickly. That wake does not make the heartbeat run a background task.
 
 ## Visibility controls
 
@@ -391,3 +397,11 @@ Heartbeats run full agent turns. Shorter intervals burn more tokens. To reduce c
 - Set a cheaper `model` (e.g. `ollama/llama3.2:1b`).
 - Keep `HEARTBEAT.md` small.
 - Use `target: "none"` if you only want internal state updates.
+
+## Related
+
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Cron vs Heartbeat](/automation/cron-vs-heartbeat) — when to use each
+- [Background Tasks](/automation/tasks) — how detached work is tracked
+- [Timezone](/concepts/timezone) — how timezone affects heartbeat scheduling
+- [Troubleshooting](/automation/troubleshooting) — debugging automation issues

docs/gateway/index.md

@@ -63,6 +63,7 @@ openclaw channels status --probe
 <Note>
 Gateway config reload watches the active config file path (resolved from profile/state defaults, or `OPENCLAW_CONFIG_PATH` when set).
 Default mode is `gateway.reload.mode="hybrid"`.
+After the first successful load, the running process serves the active in-memory config snapshot; successful reload swaps that snapshot atomically.
 </Note>
 
 ## Runtime model

docs/gateway/protocol.md

@@ -195,6 +195,12 @@ The Gateway treats these as **claims** and enforces server-side allowlists.
 - Operator clients resolve by calling `exec.approval.resolve` (requires `operator.approvals` scope).
 - For `host=node`, `exec.approval.request` must include `systemRunPlan` (canonical `argv`/`cwd`/`rawCommand`/session metadata). Requests missing `systemRunPlan` are rejected.
 
+## Agent delivery fallback
+
+- `agent` requests can include `deliver=true` to request outbound delivery.
+- `bestEffortDeliver=false` keeps strict behavior: unresolved or internal-only delivery targets return `INVALID_REQUEST`.
+- `bestEffortDeliver=true` allows fallback to session-only execution when no external deliverable route can be resolved (for example internal/webchat sessions or ambiguous multi-channel configs).
+
 ## Versioning
 
 - `PROTOCOL_VERSION` lives in `src/gateway/protocol/schema.ts`.

docs/gateway/secrets.md

@@ -21,6 +21,7 @@ Secrets are resolved into an in-memory runtime snapshot.
 - Startup fails fast when an effectively active SecretRef cannot be resolved.
 - Reload uses atomic swap: full success, or keep the last-known-good snapshot.
 - Runtime requests read from the active in-memory snapshot only.
+- After the first successful config activation/load, runtime code paths keep reading that active in-memory snapshot until a successful reload swaps it.
 - Outbound delivery paths also read from that active snapshot (for example Discord reply/thread delivery and Telegram action sends); they do not re-resolve SecretRefs on each send.
 
 This keeps secret-provider outages off hot request paths.
@@ -288,6 +289,39 @@ Optional per-id errors:
 }
 ```
 
+## MCP server environment variables
+
+MCP server env vars configured via `plugins.entries.acpx.config.mcpServers` support SecretInput. This keeps API keys and tokens out of plaintext config:
+
+```json5
+{
+  plugins: {
+    entries: {
+      acpx: {
+        enabled: true,
+        config: {
+          mcpServers: {
+            github: {
+              command: "npx",
+              args: ["-y", "@modelcontextprotocol/server-github"],
+              env: {
+                GITHUB_PERSONAL_ACCESS_TOKEN: {
+                  source: "env",
+                  provider: "default",
+                  id: "MCP_GITHUB_PAT",
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Plaintext string values still work. Env-template refs like `${MCP_SERVER_API_KEY}` and SecretRef objects are resolved during gateway activation before the MCP server process is spawned. As with other SecretRef surfaces, unresolved refs only block activation when the `acpx` plugin is effectively active.
+
 ## Sandbox SSH auth material
 
 The core `ssh` sandbox backend also supports SecretRefs for SSH auth material:

docs/gateway/security/index.md

@@ -7,10 +7,13 @@ title: "Security"
 
 # Security
 
-> [!WARNING]
-> **Personal assistant trust model:** this guidance assumes one trusted operator boundary per gateway (single-user/personal assistant model).
-> OpenClaw is **not** a hostile multi-tenant security boundary for multiple adversarial users sharing one agent/gateway.
-> If you need mixed-trust or adversarial-user operation, split trust boundaries (separate gateway + credentials, ideally separate OS users/hosts).
+<Warning>
+**Personal assistant trust model:** this guidance assumes one trusted operator boundary per gateway (single-user/personal assistant model).
+OpenClaw is **not** a hostile multi-tenant security boundary for multiple adversarial users sharing one agent/gateway.
+If you need mixed-trust or adversarial-user operation, split trust boundaries (separate gateway + credentials, ideally separate OS users/hosts).
+</Warning>
+
+**On this page:** [Trust model](#scope-first-personal-assistant-security-model) | [Quick audit](#quick-check-openclaw-security-audit) | [Hardened baseline](#hardened-baseline-in-60-seconds) | [DM access model](#dm-access-model-pairing--allowlist--open--disabled) | [Configuration hardening](#configuration-hardening-examples) | [Incident response](#incident-response)
 
 ## Scope first: personal assistant security model
 
@@ -46,34 +49,17 @@ OpenClaw is both a product and an experiment: you’re wiring frontier-model beh
 
 Start with the smallest access that still works, then widen it as you gain confidence.
 
-## Deployment assumption (important)
+### Deployment and host trust
 
 OpenClaw assumes the host and config boundary are trusted:
 
 - If someone can modify Gateway host state/config (`~/.openclaw`, including `openclaw.json`), treat them as a trusted operator.
 - Running one Gateway for multiple mutually untrusted/adversarial operators is **not a recommended setup**.
 - For mixed-trust teams, split trust boundaries with separate gateways (or at minimum separate OS users/hosts).
-- OpenClaw can run multiple gateway instances on one machine, but recommended operations favor clean trust-boundary separation.
 - Recommended default: one user per machine/host (or VPS), one gateway for that user, and one or more agents in that gateway.
-- If multiple users want OpenClaw, use one VPS/host per user.
-
-### Practical consequence (operator trust boundary)
-
-Inside one Gateway instance, authenticated operator access is a trusted control-plane role, not a per-user tenant role.
-
-- Operators with read/control-plane access can inspect gateway session metadata/history by design.
+- Inside one Gateway instance, authenticated operator access is a trusted control-plane role, not a per-user tenant role.
 - Session identifiers (`sessionKey`, session IDs, labels) are routing selectors, not authorization tokens.
-- Example: expecting per-operator isolation for methods like `sessions.list`, `sessions.preview`, or `chat.history` is outside this model.
-- If you need adversarial-user isolation, run separate gateways per trust boundary.
-- Multiple gateways on one machine are technically possible, but not the recommended baseline for multi-user isolation.
-
-## Personal assistant model (not a multi-tenant bus)
-
-OpenClaw is designed as a personal assistant security model: one trusted operator boundary, potentially many agents.
-
-- If several people can message one tool-enabled agent, each of them can steer that same permission set.
-- Per-user session/memory isolation helps privacy, but does not convert a shared agent into per-user host authorization.
-- If users may be adversarial to each other, run separate gateways (or separate OS users/hosts) per trust boundary.
+- If several people can message one tool-enabled agent, each of them can steer that same permission set. Per-user session/memory isolation helps privacy, but does not convert a shared agent into per-user host authorization.
 
 ### Shared Slack workspace: real risk
 
@@ -181,7 +167,7 @@ If more than one person can DM your bot:
 - Never combine shared DMs with broad tool access.
 - This hardens cooperative/shared inboxes, but is not designed as hostile co-tenant isolation when users share host/config write access.
 
-### What the audit checks (high level)
+## What the audit checks (high level)
 
 - **Inbound access** (DM policies, group policies, allowlists): can strangers trigger the bot?
 - **Tool blast radius** (elevated tools + open rooms): could prompt injection turn into shell/file/network actions?
@@ -191,7 +177,7 @@ If more than one person can DM your bot:
 - **Local disk hygiene** (permissions, symlinks, config includes, “synced folder” paths).
 - **Plugins** (extensions exist without an explicit allowlist).
 - **Policy drift/misconfig** (sandbox docker settings configured but sandbox mode off; ineffective `gateway.nodes.denyCommands` patterns because matching is exact command-name only (for example `system.run`) and does not inspect shell text; dangerous `gateway.nodes.allowCommands` entries; global `tools.profile="minimal"` overridden by per-agent profiles; extension plugin tools reachable under permissive tool policy).
-- **Runtime expectation drift** (for example `tools.exec.host="sandbox"` while sandbox mode is off, which now fails closed because no sandbox runtime is available).
+- **Runtime expectation drift** (for example assuming implicit exec still means `sandbox` when `tools.exec.host` now defaults to `auto`, or explicitly setting `tools.exec.host="sandbox"` while sandbox mode is off).
 - **Model hygiene** (warn when configured models look legacy; not a hard block).
 
 If you run `--deep`, OpenClaw also attempts a best-effort live Gateway probe.
@@ -211,7 +197,7 @@ Use this when auditing access or deciding what to back up:
 - **File-backed secrets payload (optional)**: `~/.openclaw/secrets.json`
 - **Legacy OAuth import**: `~/.openclaw/credentials/oauth.json`
 
-## Security Audit Checklist
+## Security audit checklist
 
 When the audit prints findings, treat this as a priority order:
 
@@ -504,6 +490,7 @@ Treat the snippet above as **secure DM mode**:
 - Default: `session.dmScope: "main"` (all DMs share one session for continuity).
 - Local CLI onboarding default: writes `session.dmScope: "per-channel-peer"` when unset (keeps existing explicit values).
 - Secure DM mode: `session.dmScope: "per-channel-peer"` (each channel+sender pair gets an isolated DM context).
+- Cross-channel peer isolation: `session.dmScope: "per-peer"` (each sender gets one session across all channels of the same type).
 
 If you run multiple accounts on the same channel, use `per-account-channel-peer` instead. If the same person contacts you on multiple channels, use `session.identityLinks` to collapse those DM sessions into one canonical identity. See [Session Management](/concepts/session) and [Configuration](/gateway/configuration).
 
@@ -534,7 +521,7 @@ Even with strong system prompts, **prompt injection is not solved**. System prom
 - Prefer mention gating in groups; avoid “always-on” bots in public rooms.
 - Treat links, attachments, and pasted instructions as hostile by default.
 - Run sensitive tool execution in a sandbox; keep secrets out of the agent’s reachable filesystem.
-- Note: sandboxing is opt-in. If sandbox mode is off, `host=sandbox` fails closed even though tools.exec.host defaults to sandbox. To run on the gateway host, set `host=gateway` and configure exec approvals.
+- Note: sandboxing is opt-in. If sandbox mode is off, implicit `host=auto` resolves to the gateway host. Explicit `host=sandbox` still fails closed because no sandbox runtime is available. Set `host=gateway` if you want that behavior to be explicit in config.
 - Limit high-risk tools (`exec`, `browser`, `web_fetch`, `web_search`) to trusted agents or explicit allowlists.
 - If you allowlist interpreters (`python`, `node`, `ruby`, `perl`, `php`, `lua`, `osascript`), enable `tools.exec.strictInlineEval` so inline eval forms still need explicit approval.
 - **Model choice matters:** older/smaller/legacy models are significantly less robust against prompt injection and tool misuse. For tool-enabled agents, use the strongest latest-generation, instruction-hardened model available.
@@ -602,6 +589,8 @@ Recommendations:
 - When running small models, **enable sandboxing for all sessions** and **disable web_search/web_fetch/browser** unless inputs are tightly controlled.
 - For chat-only personal assistants with trusted input and no tools, smaller models are usually fine.
 
+<a id="reasoning-verbose-output-in-groups"></a>
+
 ## Reasoning & verbose output in groups
 
 `/reasoning` and `/verbose` can expose internal reasoning or tool output that
@@ -916,22 +905,20 @@ Details: [Logging](/gateway/logging)
 
 In group chats, only respond when explicitly mentioned.
 
-### 3. Separate Numbers
+### 3) Separate numbers (WhatsApp, Signal, Telegram)
 
-Consider running your AI on a separate phone number from your personal one:
+For phone-number-based channels, consider running your AI on a separate phone number from your personal one:
 
 - Personal number: Your conversations stay private
 - Bot number: AI handles these, with appropriate boundaries
 
-### 4. Read-Only Mode (Today, via sandbox + tools)
+### 4) Read-only mode (via sandbox + tools)
 
-You can already build a read-only profile by combining:
+You can build a read-only profile by combining:
 
 - `agents.defaults.sandbox.workspaceAccess: "ro"` (or `"none"` for no workspace access)
 - tool allow/deny lists that block `write`, `edit`, `apply_patch`, `exec`, `process`, etc.
 
-We may add a single `readOnlyMode` flag later to simplify this configuration.
-
 Additional hardening options:
 
 - `tools.exec.applyPatch.workspaceOnly: true` (default): ensures `apply_patch` cannot write/delete outside the workspace directory even when sandboxing is off. Set to `false` only if you intentionally want `apply_patch` to touch files outside the workspace.

docs/help/faq.md

@@ -287,6 +287,8 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
     See what changed:
     [https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md](https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md)
 
+    For install one-liners and the difference between beta and dev, see the accordion below.
+
   </Accordion>
 
   <Accordion title="How do I install the beta version and what is the difference between beta and dev?">
@@ -585,11 +587,12 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
 
   </Accordion>
 
-  <Accordion title="Why am I seeing HTTP 429 rate_limit_error from Anthropic?">
-    That means your **Anthropic quota/rate limit** is exhausted for the current window. If you
-    use a **Claude subscription** (setup-token), wait for the window to
-    reset or upgrade your plan. If you use an **Anthropic API key**, check the Anthropic Console
-    for usage/billing and raise limits as needed.
+<a id="why-am-i-seeing-http-429-ratelimiterror-from-anthropic"></a>
+<Accordion title="Why am I seeing HTTP 429 rate_limit_error from Anthropic?">
+That means your **Anthropic quota/rate limit** is exhausted for the current window. If you
+use a **Claude subscription** (setup-token), wait for the window to
+reset or upgrade your plan. If you use an **Anthropic API key**, check the Anthropic Console
+for usage/billing and raise limits as needed.
 
     If the message is specifically:
     `Extra usage is required for long context requests`, the request is trying to use
@@ -949,7 +952,7 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
     Token tip: long tasks and sub-agents both consume tokens. If cost is a concern, set a
     cheaper model for sub-agents via `agents.defaults.subagents.model`.
 
-    Docs: [Sub-agents](/tools/subagents).
+    Docs: [Sub-agents](/tools/subagents), [Background Tasks](/automation/tasks).
 
   </Accordion>
 
@@ -1306,7 +1309,7 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
 
   </Accordion>
 
-  <Accordion title="I'm in remote mode - where is the session store?">
+  <Accordion title="Remote mode: where is the session store?">
     Session state is owned by the **gateway host**. If you're in remote mode, the session store you care about is on the remote machine, not your local laptop. See [Session management](/concepts/session).
   </Accordion>
 </AccordionGroup>
@@ -1780,9 +1783,10 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
   </Accordion>
 
   <Accordion title="Do sessions reset automatically if I never send /new?">
-    Yes. Sessions expire after `session.idleMinutes` (default **60**). The **next**
-    message starts a fresh session id for that chat key. This does not delete
-    transcripts - it just starts a new session.
+    Sessions can expire after `session.idleMinutes`, but this is **disabled by default** (default **0**).
+    Set it to a positive value to enable idle expiry. When enabled, the **next**
+    message after the idle period starts a fresh session id for that chat key.
+    This does not delete transcripts - it just starts a new session.
 
     ```json5
     {
@@ -1885,7 +1889,7 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
   </Accordion>
 
   <Accordion title="Why am I getting heartbeat messages every 30 minutes?">
-    Heartbeats run every **30m** by default. Tune or disable them:
+    Heartbeats run every **30m** by default (**1h** when using OAuth auth). Tune or disable them:
 
     ```json5
     {
@@ -2085,14 +2089,16 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
 
     ```
     /model sonnet
-    /model haiku
     /model opus
     /model gpt
     /model gpt-mini
     /model gemini
     /model gemini-flash
+    /model gemini-flash-lite
     ```
 
+    These are the built-in aliases. Custom aliases can be added via `agents.defaults.models`.
+
     You can list available models with `/model`, `/model list`, or `/model status`.
 
     `/model` (and `/model list`) shows a compact, numbered picker. Select by number:
@@ -2127,8 +2133,8 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
   <Accordion title="Can I use GPT 5.2 for daily tasks and Codex 5.3 for coding?">
     Yes. Set one as default and switch as needed:
 
-    - **Quick switch (per session):** `/model gpt-5.2` for daily tasks, `/model openai-codex/gpt-5.4` for coding with Codex OAuth.
-    - **Default + switch:** set `agents.defaults.model.primary` to `openai/gpt-5.2`, then switch to `openai-codex/gpt-5.4` when coding (or the other way around).
+    - **Quick switch (per session):** `/model gpt-5.4` for daily tasks, `/model openai-codex/gpt-5.4` for coding with Codex OAuth.
+    - **Default + switch:** set `agents.defaults.model.primary` to `openai/gpt-5.4`, then switch to `openai-codex/gpt-5.4` when coding (or the other way around).
     - **Sub-agents:** route coding tasks to sub-agents with a different default model.
 
     See [Models](/concepts/models) and [Slash commands](/tools/slash-commands).
@@ -2185,7 +2191,7 @@ Quick answers plus deeper troubleshooting for real-world setups (local dev, VPS,
           model: { primary: "minimax/MiniMax-M2.7" },
           models: {
             "minimax/MiniMax-M2.7": { alias: "minimax" },
-            "openai/gpt-5.2": { alias: "gpt" },
+            "openai/gpt-5.4": { alias: "gpt" },
           },
         },
       },
@@ -2952,23 +2958,18 @@ Related: [/concepts/oauth](/concepts/oauth) (OAuth flows, token storage, multi-a
 
     ```json5
     {
-      agents: {
-        defaults: {
-          tools: {
-            message: {
-              crossContext: {
-                allowAcrossProviders: true,
-                marker: { enabled: true, prefix: "[from {channel}] " },
-              },
-            },
+      tools: {
+        message: {
+          crossContext: {
+            allowAcrossProviders: true,
+            marker: { enabled: true, prefix: "[from {channel}] " },
           },
         },
       },
     }
     ```
 
-    Restart the gateway after editing config. If you only want this for a single
-    agent, set it under `agents.list[].tools.message` instead.
+    Restart the gateway after editing config.
 
   </Accordion>
 

docs/help/troubleshooting.md

@@ -266,6 +266,51 @@ flowchart TD
 
   </Accordion>
 
+  <Accordion title="Exec suddenly asks for approval">
+    ```bash
+    openclaw config get tools.exec.host
+    openclaw config get tools.exec.security
+    openclaw config get tools.exec.ask
+    openclaw gateway restart
+    ```
+
+    What changed:
+
+    - If `tools.exec.host` is unset, the default is `auto`.
+    - `host=auto` resolves to `sandbox` when a sandbox runtime is active, `gateway` otherwise.
+    - On `gateway` and `node`, unset `tools.exec.security` defaults to `allowlist`.
+    - Unset `tools.exec.ask` defaults to `on-miss`.
+    - Result: ordinary host commands can now pause with `Approval required` instead of running immediately.
+
+    Restore the old gateway no-approval behavior:
+
+    ```bash
+    openclaw config set tools.exec.host gateway
+    openclaw config set tools.exec.security full
+    openclaw config set tools.exec.ask off
+    openclaw gateway restart
+    ```
+
+    Safer alternatives:
+
+    - Set only `tools.exec.host=gateway` if you just want stable host routing and still want approvals.
+    - Keep `security=allowlist` with `ask=on-miss` if you want host exec but still want review on allowlist misses.
+    - Enable sandbox mode if you want `host=auto` to resolve back to `sandbox`.
+
+    Common log signatures:
+
+    - `Approval required.` → command is waiting on `/approve ...`.
+    - `SYSTEM_RUN_DENIED: approval required` → node-host exec approval is pending.
+    - `exec host=sandbox requires a sandbox runtime for this session` → implicit/explicit sandbox selection but sandbox mode is off.
+
+    Deep pages:
+
+    - [/tools/exec](/tools/exec)
+    - [/tools/exec-approvals](/tools/exec-approvals)
+    - [/gateway/security#runtime-expectation-drift](/gateway/security#runtime-expectation-drift)
+
+  </Accordion>
+
   <Accordion title="Browser tool fails">
     ```bash
     openclaw status