fix(exec): clean up failed approval deliveries

- cron-jobs.md: add Related section (was missing entirely)
- cron-vs-heartbeat.md: add automation overview link, normalize dash style
- tasks.md: add automation overview link
- standing-orders.md: add automation overview, hooks, webhooks links

All automation pages now link back to /automation for navigation.

.agents/skills/openclaw-parallels-smoke/SKILL.md

@@ -45,6 +45,7 @@ Use this skill for Parallels guest workflows and smoke interpretation. Do not lo
 - The macOS smoke should include a dashboard load phase after gateway health: resolve the tokenized URL with `openclaw dashboard --no-open`, verify the served HTML contains the Control UI title/root shell, then open Safari and require an established localhost TCP connection from Safari to the gateway port.
 - `prlctl exec` is fine for deterministic repo commands, but use the guest Terminal or `prlctl enter` when installer parity or shell-sensitive behavior matters.
 - Multi-word `openclaw agent --message ...` checks should go through a guest shell wrapper (`guest_current_user_sh` / `guest_current_user_cli` or `/bin/sh -lc ...`), not raw `prlctl exec ... node openclaw.mjs ...`, or the message can be split into extra argv tokens and Commander reports `too many arguments for 'agent'`.
+- When ref-mode onboarding stores `OPENAI_API_KEY` as an env secret ref, the post-onboard agent verification should also export `OPENAI_API_KEY` for the guest command. The gateway can still reject with pairing-required and fall back to embedded execution, and that fallback needs the env-backed credential available in the shell.
 - On the fresh Tahoe snapshot, `brew` exists but `node` may be missing from PATH in noninteractive exec. Use `/opt/homebrew/bin/node` when needed.
 - Fresh host-served tgz installs should install as guest root with `HOME=/var/root`, then run onboarding as the desktop user via `prlctl exec --current-user`.
 - Root-installed tgz smoke can log plugin blocks for world-writable `extensions/*`; do not treat that as an onboarding or gateway failure unless plugin loading is the task.
@@ -59,6 +60,9 @@ Use this skill for Parallels guest workflows and smoke interpretation. Do not lo
 - Multi-word `openclaw agent --message ...` checks should call `& $openclaw ...` inside PowerShell, not `Start-Process ... -ArgumentList` against `openclaw.cmd`, or Commander can see split argv and throw `too many arguments for 'agent'`.
 - Windows installer/tgz phases now retry once after guest-ready recheck; keep new Windows smoke steps idempotent so a transport-flake retry is safe.
 - Windows global `npm install -g` phases can stay quiet for a minute or more even when healthy; inspect the phase log before calling it hung, and only treat it as a regression once the retry wrapper or timeout trips.
+- Fresh Windows ref-mode onboard should use the same background PowerShell runner plus done-file/log-drain pattern as the npm-update helper, including startup materialization checks, host-side timeouts on short poll `prlctl exec` calls, and retry-on-poll-failure behavior for transient transport flakes.
+- Fresh Windows ref-mode agent verification should set `OPENAI_API_KEY` in the PowerShell environment before invoking `openclaw.cmd agent`, for the same pairing-required fallback reason as macOS.
+- The Windows upgrade smoke lane should restart the managed gateway after `upgrade.install-main` and before `upgrade.onboard-ref`, or the old process can keep the previous gateway token and fail `gateway-health` with `unauthorized: gateway token mismatch`.
 - Keep onboarding and status output ASCII-clean in logs; fancy punctuation becomes mojibake in current capture paths.
 - If you hit an older run with `rc=255` plus an empty `fresh.install-main.log` or `upgrade.install-main.log`, treat it as a likely `prlctl exec` transport drop after guest start-up, not immediate proof of an npm/package failure.
 

.agents/skills/openclaw-release-maintainer/SKILL.md

@@ -17,7 +17,7 @@ Use this skill for release and publish-time workflow. Keep ordinary development
 
 ## Keep release channel naming aligned
 
-- `stable`: tagged releases only, with npm dist-tag `latest`
+- `stable`: tagged releases only, published to npm `latest` and then mirrored onto npm `beta` unless `beta` already points at a newer prerelease
 - `beta`: prerelease tags like `vYYYY.M.D-beta.N`, with npm dist-tag `beta`
 - Prefer `-beta.N`; do not mint new `-1` or `-2` beta suffixes
 - `dev`: moving head on `main`

.github/workflows/ci-bun.yml

@@ -66,17 +66,19 @@ jobs:
         run: pnpm canvas:a2ui:bundle
 
       - name: Upload A2UI bundle artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: canvas-a2ui-bundle
           path: src/canvas-host/a2ui/
+          include-hidden-files: true
+          retention-days: 1
 
   bun-checks:
     name: ${{ matrix.check_name }}
     needs: [preflight, build-bun-artifacts]
     if: needs.preflight.outputs.run_bun_checks == 'true'
     runs-on: blacksmith-16vcpu-ubuntu-2404
-    timeout-minutes: 20
+    timeout-minutes: 60
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.preflight.outputs.bun_checks_matrix) }}

.github/workflows/ci.yml

@@ -35,7 +35,6 @@ jobs:
       has_changed_extensions: ${{ steps.manifest.outputs.has_changed_extensions }}
       changed_extensions_matrix: ${{ steps.manifest.outputs.changed_extensions_matrix }}
       run_build_artifacts: ${{ steps.manifest.outputs.run_build_artifacts }}
-      run_release_check: ${{ steps.manifest.outputs.run_release_check }}
       run_checks_fast: ${{ steps.manifest.outputs.run_checks_fast }}
       checks_fast_matrix: ${{ steps.manifest.outputs.checks_fast_matrix }}
       run_checks: ${{ steps.manifest.outputs.run_checks }}
@@ -278,40 +277,12 @@ jobs:
           include-hidden-files: true
           retention-days: 1
 
-  # Validate npm pack contents after build (only on push to main, not PRs).
-  release-check:
-    needs: [preflight, build-artifacts]
-    if: needs.preflight.outputs.run_release_check == 'true'
-    runs-on: blacksmith-16vcpu-ubuntu-2404
-    timeout-minutes: 20
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          persist-credentials: false
-          submodules: false
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          install-bun: "false"
-          use-sticky-disk: "false"
-
-      - name: Download dist artifact
-        uses: actions/download-artifact@v8
-        with:
-          name: dist-build
-          path: dist/
-
-      - name: Check release contents
-        run: pnpm release:check
-
   checks-fast:
     name: ${{ matrix.check_name }}
     needs: [preflight]
     if: needs.preflight.outputs.run_checks_fast == 'true'
     runs-on: blacksmith-16vcpu-ubuntu-2404
-    timeout-minutes: 20
+    timeout-minutes: 60
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.preflight.outputs.checks_fast_matrix) }}
@@ -339,6 +310,7 @@ jobs:
               pnpm test:extensions
               ;;
             contracts|contracts-protocol)
+              pnpm build
               pnpm test:contracts
               pnpm protocol:check
               ;;
@@ -353,7 +325,7 @@ jobs:
     needs: [preflight, build-artifacts]
     if: always() && needs.preflight.outputs.run_checks == 'true' && needs.build-artifacts.result == 'success'
     runs-on: blacksmith-16vcpu-ubuntu-2404
-    timeout-minutes: 20
+    timeout-minutes: 60
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.preflight.outputs.checks_matrix) }}
@@ -432,8 +404,6 @@ jobs:
               node openclaw.mjs --help
               node openclaw.mjs status --json --timeout 1
               pnpm test:build:singleton
-              node scripts/stage-bundled-plugin-runtime-deps.mjs
-              node --import tsx scripts/release-check.ts
               ;;
             *)
               echo "Unsupported checks task: $TASK" >&2
@@ -446,7 +416,7 @@ jobs:
     needs: [preflight]
     if: needs.preflight.outputs.run_extension_fast == 'true'
     runs-on: blacksmith-16vcpu-ubuntu-2404
-    timeout-minutes: 20
+    timeout-minutes: 60
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.preflight.outputs.extension_fast_matrix) }}
@@ -518,6 +488,51 @@ jobs:
         continue-on-error: true
         run: pnpm run lint:plugins:no-extension-imports
 
+      - name: Run no-random-messaging guard
+        id: no_random_messaging
+        continue-on-error: true
+        run: pnpm run lint:tmp:no-random-messaging
+
+      - name: Run channel-agnostic boundary guard
+        id: channel_agnostic_boundaries
+        continue-on-error: true
+        run: pnpm run lint:tmp:channel-agnostic-boundaries
+
+      - name: Run no-raw-channel-fetch guard
+        id: no_raw_channel_fetch
+        continue-on-error: true
+        run: pnpm run lint:tmp:no-raw-channel-fetch
+
+      - name: Run ingress owner guard
+        id: ingress_owner
+        continue-on-error: true
+        run: pnpm run lint:agent:ingress-owner
+
+      - name: Run no-register-http-handler guard
+        id: no_register_http_handler
+        continue-on-error: true
+        run: pnpm run lint:plugins:no-register-http-handler
+
+      - name: Run no-monolithic plugin-sdk entry import guard
+        id: no_monolithic_plugin_sdk_entry_imports
+        continue-on-error: true
+        run: pnpm run lint:plugins:no-monolithic-plugin-sdk-entry-imports
+
+      - name: Run no-extension-src-imports guard
+        id: no_extension_src_imports
+        continue-on-error: true
+        run: pnpm run lint:plugins:no-extension-src-imports
+
+      - name: Run no-extension-test-core-imports guard
+        id: no_extension_test_core_imports
+        continue-on-error: true
+        run: pnpm run lint:plugins:no-extension-test-core-imports
+
+      - name: Run plugin-sdk subpaths exported guard
+        id: plugin_sdk_subpaths_exported
+        continue-on-error: true
+        run: pnpm run lint:plugins:plugin-sdk-subpaths-exported
+
       - name: Run web search provider boundary guard
         id: web_search_provider_boundary
         continue-on-error: true
@@ -533,6 +548,11 @@ jobs:
         continue-on-error: true
         run: pnpm run lint:extensions:no-plugin-sdk-internal
 
+      - name: Run extension relative-outside-package guard
+        id: extension_relative_outside_package_boundary
+        continue-on-error: true
+        run: pnpm run lint:extensions:no-relative-outside-package
+
       - name: Enforce safe external URL opening policy
         id: no_raw_window_open
         continue-on-error: true
@@ -543,16 +563,6 @@ jobs:
         continue-on-error: true
         run: pnpm test:gateway:watch-regression
 
-      - name: Check config docs drift statefile
-        id: config_docs_drift
-        continue-on-error: true
-        run: pnpm config:docs:check
-
-      - name: Check plugin SDK API baseline drift
-        id: plugin_sdk_api_drift
-        continue-on-error: true
-        run: pnpm plugin-sdk:api:check
-
       - name: Upload gateway watch regression artifacts
         if: always()
         uses: actions/upload-artifact@v7
@@ -565,24 +575,40 @@ jobs:
         if: always()
         env:
           PLUGIN_EXTENSION_BOUNDARY_OUTCOME: ${{ steps.plugin_extension_boundary.outcome }}
+          NO_RANDOM_MESSAGING_OUTCOME: ${{ steps.no_random_messaging.outcome }}
+          CHANNEL_AGNOSTIC_BOUNDARIES_OUTCOME: ${{ steps.channel_agnostic_boundaries.outcome }}
+          NO_RAW_CHANNEL_FETCH_OUTCOME: ${{ steps.no_raw_channel_fetch.outcome }}
+          INGRESS_OWNER_OUTCOME: ${{ steps.ingress_owner.outcome }}
+          NO_REGISTER_HTTP_HANDLER_OUTCOME: ${{ steps.no_register_http_handler.outcome }}
+          NO_MONOLITHIC_PLUGIN_SDK_ENTRY_IMPORTS_OUTCOME: ${{ steps.no_monolithic_plugin_sdk_entry_imports.outcome }}
+          NO_EXTENSION_SRC_IMPORTS_OUTCOME: ${{ steps.no_extension_src_imports.outcome }}
+          NO_EXTENSION_TEST_CORE_IMPORTS_OUTCOME: ${{ steps.no_extension_test_core_imports.outcome }}
+          PLUGIN_SDK_SUBPATHS_EXPORTED_OUTCOME: ${{ steps.plugin_sdk_subpaths_exported.outcome }}
           WEB_SEARCH_PROVIDER_BOUNDARY_OUTCOME: ${{ steps.web_search_provider_boundary.outcome }}
           EXTENSION_SRC_OUTSIDE_PLUGIN_SDK_BOUNDARY_OUTCOME: ${{ steps.extension_src_outside_plugin_sdk_boundary.outcome }}
           EXTENSION_PLUGIN_SDK_INTERNAL_BOUNDARY_OUTCOME: ${{ steps.extension_plugin_sdk_internal_boundary.outcome }}
+          EXTENSION_RELATIVE_OUTSIDE_PACKAGE_BOUNDARY_OUTCOME: ${{ steps.extension_relative_outside_package_boundary.outcome }}
           NO_RAW_WINDOW_OPEN_OUTCOME: ${{ steps.no_raw_window_open.outcome }}
           GATEWAY_WATCH_REGRESSION_OUTCOME: ${{ steps.gateway_watch_regression.outcome }}
-          CONFIG_DOCS_DRIFT_OUTCOME: ${{ steps.config_docs_drift.outcome }}
-          PLUGIN_SDK_API_DRIFT_OUTCOME: ${{ steps.plugin_sdk_api_drift.outcome }}
         run: |
           failures=0
           for result in \
             "plugin-extension-boundary|$PLUGIN_EXTENSION_BOUNDARY_OUTCOME" \
+            "lint:tmp:no-random-messaging|$NO_RANDOM_MESSAGING_OUTCOME" \
+            "lint:tmp:channel-agnostic-boundaries|$CHANNEL_AGNOSTIC_BOUNDARIES_OUTCOME" \
+            "lint:tmp:no-raw-channel-fetch|$NO_RAW_CHANNEL_FETCH_OUTCOME" \
+            "lint:agent:ingress-owner|$INGRESS_OWNER_OUTCOME" \
+            "lint:plugins:no-register-http-handler|$NO_REGISTER_HTTP_HANDLER_OUTCOME" \
+            "lint:plugins:no-monolithic-plugin-sdk-entry-imports|$NO_MONOLITHIC_PLUGIN_SDK_ENTRY_IMPORTS_OUTCOME" \
+            "lint:plugins:no-extension-src-imports|$NO_EXTENSION_SRC_IMPORTS_OUTCOME" \
+            "lint:plugins:no-extension-test-core-imports|$NO_EXTENSION_TEST_CORE_IMPORTS_OUTCOME" \
+            "lint:plugins:plugin-sdk-subpaths-exported|$PLUGIN_SDK_SUBPATHS_EXPORTED_OUTCOME" \
             "web-search-provider-boundary|$WEB_SEARCH_PROVIDER_BOUNDARY_OUTCOME" \
             "extension-src-outside-plugin-sdk-boundary|$EXTENSION_SRC_OUTSIDE_PLUGIN_SDK_BOUNDARY_OUTCOME" \
             "extension-plugin-sdk-internal-boundary|$EXTENSION_PLUGIN_SDK_INTERNAL_BOUNDARY_OUTCOME" \
+            "extension-relative-outside-package-boundary|$EXTENSION_RELATIVE_OUTSIDE_PACKAGE_BOUNDARY_OUTCOME" \
             "lint:ui:no-raw-window-open|$NO_RAW_WINDOW_OPEN_OUTCOME" \
-            "gateway-watch-regression|$GATEWAY_WATCH_REGRESSION_OUTCOME" \
-            "config-docs-drift|$CONFIG_DOCS_DRIFT_OUTCOME" \
-            "plugin-sdk-api-drift|$PLUGIN_SDK_API_DRIFT_OUTCOME"; do
+            "gateway-watch-regression|$GATEWAY_WATCH_REGRESSION_OUTCOME"; do
             name="${result%%|*}"
             outcome="${result#*|}"
             if [ "$outcome" != "success" ]; then
@@ -690,7 +716,7 @@ jobs:
     needs: [preflight, build-artifacts]
     if: always() && needs.preflight.outputs.run_checks_windows == 'true' && needs.build-artifacts.result == 'success'
     runs-on: blacksmith-32vcpu-windows-2025
-    timeout-minutes: 20
+    timeout-minutes: 60
     env:
       NODE_OPTIONS: --max-old-space-size=6144
       # Keep total concurrency predictable on the 32 vCPU runner.

.github/workflows/macos-release.yml

@@ -58,6 +58,12 @@ jobs:
           RELEASE_TAG: ${{ inputs.tag }}
         run: gh release view "$RELEASE_TAG" --repo "$GITHUB_REPOSITORY" >/dev/null
 
+      - name: Build
+        run: pnpm build
+
+      - name: Build Control UI
+        run: pnpm ui:build
+
       - name: Validate release tag and package metadata
         env:
           RELEASE_TAG: ${{ inputs.tag }}

.github/workflows/openclaw-npm-release.yml

@@ -52,19 +52,6 @@ jobs:
           install-bun: "false"
           use-sticky-disk: "false"
 
-      - name: Validate release tag and package metadata
-        env:
-          RELEASE_TAG: ${{ inputs.tag }}
-          RELEASE_MAIN_REF: origin/main
-        run: |
-          set -euo pipefail
-          RELEASE_SHA=$(git rev-parse HEAD)
-          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
-          # Fetch the full main ref so merge-base ancestry checks keep working
-          # for older tagged commits that are still contained in main.
-          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
-          pnpm release:openclaw:npm:check
-
       - name: Ensure version is not already published
         env:
           PREFLIGHT_ONLY: ${{ inputs.preflight_only }}
@@ -89,6 +76,22 @@ jobs:
       - name: Build
         run: pnpm build
 
+      - name: Build Control UI
+        run: pnpm ui:build
+
+      - name: Validate release tag and package metadata
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+          RELEASE_MAIN_REF: origin/main
+        run: |
+          set -euo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
+          # Fetch the full main ref so merge-base ancestry checks keep working
+          # for older tagged commits that are still contained in main.
+          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
+          pnpm release:openclaw:npm:check
+
       - name: Verify release contents
         run: pnpm release:check
 
@@ -142,6 +145,24 @@ jobs:
           install-bun: "false"
           use-sticky-disk: "false"
 
+      - name: Ensure version is not already published
+        run: |
+          set -euo pipefail
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+
+          if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
+            echo "openclaw@${PACKAGE_VERSION} is already published on npm."
+            exit 1
+          fi
+
+          echo "Publishing openclaw@${PACKAGE_VERSION}"
+
+      - name: Build
+        run: pnpm build
+
+      - name: Build Control UI
+        run: pnpm ui:build
+
       - name: Validate release tag and package metadata
         env:
           RELEASE_TAG: ${{ inputs.tag }}
@@ -155,17 +176,5 @@ jobs:
           git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
           pnpm release:openclaw:npm:check
 
-      - name: Ensure version is not already published
-        run: |
-          set -euo pipefail
-          PACKAGE_VERSION=$(node -p "require('./package.json').version")
-
-          if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
-            echo "openclaw@${PACKAGE_VERSION} is already published on npm."
-            exit 1
-          fi
-
-          echo "Publishing openclaw@${PACKAGE_VERSION}"
-
       - name: Publish
         run: bash scripts/openclaw-npm-publish.sh --publish

.github/workflows/workflow-sanity.yml

@@ -60,8 +60,11 @@ jobs:
           ACTIONLINT_VERSION="1.7.11"
           archive="actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz"
           base_url="https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}"
-          curl -sSfL -o "${archive}" "${base_url}/${archive}"
-          curl -sSfL -o checksums.txt "${base_url}/actionlint_${ACTIONLINT_VERSION}_checksums.txt"
+          # GitHub release downloads occasionally return transient 5xx responses.
+          # Retry all curl errors here so workflow-sanity does not fail closed on
+          # a one-off release edge outage.
+          curl --retry 5 --retry-delay 2 --retry-all-errors -sSfL -o "${archive}" "${base_url}/${archive}"
+          curl --retry 5 --retry-delay 2 --retry-all-errors -sSfL -o checksums.txt "${base_url}/actionlint_${ACTIONLINT_VERSION}_checksums.txt"
           grep " ${archive}\$" checksums.txt | sha256sum -c -
           tar -xzf "${archive}" actionlint
           sudo install -m 0755 actionlint /usr/local/bin/actionlint

.gitignore

@@ -85,6 +85,7 @@ apps/ios/*.mobileprovision
 # Local untracked files
 .local/
 docs/.local/
+docs/internal/
 tmp/
 IDENTITY.md
 USER.md
@@ -137,3 +138,6 @@ docs/superpowers
 
 # Deprecated changelog fragment workflow
 changelog/fragments/
+
+# Local scratch workspace
+.tmp/

.markdownlint-cli2.jsonc

@@ -1,6 +1,11 @@
 {
   "globs": ["docs/**/*.md", "docs/**/*.mdx", "README.md"],
-  "ignores": ["docs/zh-CN/**", "docs/.i18n/**", "docs/reference/templates/**", "**/.local/**"],
+  "ignores": [
+    "docs/zh-CN/**",
+    "docs/.i18n/**",
+    "docs/reference/templates/**",
+    "**/.local/**"
+  ],
   "config": {
     "default": true,
 

.npmignore

@@ -1,2 +1,3 @@
 **/node_modules/
+**/.runtime-deps-*/
 docs/.generated/

AGENTS.md

@@ -1,7 +1,7 @@
 # Repository Guidelines
 
 - Repo: https://github.com/openclaw/openclaw
-- In chat replies, file references must be repo-root relative only (example: `extensions/bluebubbles/src/channel.ts:80`); never absolute paths or `~/...`.
+- In chat replies, file references must be repo-root relative only (example: `src/telegram/index.ts:80`); never absolute paths or `~/...`.
 - Do not edit files covered by security-focused `CODEOWNERS` rules unless a listed owner explicitly asked for the change or is already reviewing it with you. Treat those paths as restricted surfaces, not drive-by cleanup.
 
 ## Project Structure & Module Organization
@@ -9,17 +9,59 @@
 - Source code: `src/` (CLI wiring in `src/cli`, commands in `src/commands`, web provider in `src/provider-web.ts`, infra in `src/infra`, media pipeline in `src/media`).
 - Tests: colocated `*.test.ts`.
 - Docs: `docs/` (images, queue, Pi config). Built output lives in `dist/`.
-- Nomenclature: use "plugin" / "plugins" in docs, UI, changelogs, and contributor guidance. `extensions/*` remains the internal directory/package path to avoid repo-wide churn from a rename.
-- Bundled plugin naming: for repo-owned workspace plugins, keep the canonical plugin id aligned across `openclaw.plugin.json:id`, `extensions/<id>` by default, and package names anchored to the same id (`@openclaw/<id>` or approved suffix forms like `-provider`, `-plugin`, `-speech`, `-sandbox`, `-media-understanding`). Keep `openclaw.install.npmSpec` equal to the package name and `openclaw.channel.id` equal to the plugin id when present. Exceptions must be explicit and covered by the repo invariant test.
-- Plugins: live under `extensions/*` (workspace packages). Keep plugin-only deps in the extension `package.json`; do not add them to the root `package.json` unless core uses them.
+- Nomenclature: use "plugin" / "plugins" in docs, UI, changelogs, and contributor guidance. The bundled workspace plugin tree remains the internal package layout to avoid repo-wide churn from a rename.
+- Bundled plugin naming: for repo-owned workspace plugins, keep the canonical plugin id aligned across `openclaw.plugin.json:id`, the default workspace folder name, and package names anchored to the same id (`@openclaw/<id>` or approved suffix forms like `-provider`, `-plugin`, `-speech`, `-sandbox`, `-media-understanding`). Keep `openclaw.install.npmSpec` equal to the package name and `openclaw.channel.id` equal to the plugin id when present. Exceptions must be explicit and covered by the repo invariant test.
+- Plugins: live in the bundled workspace plugin tree (workspace packages). Keep plugin-only deps in the extension `package.json`; do not add them to the root `package.json` unless core uses them.
 - Plugins: install runs `npm install --omit=dev` in plugin dir; runtime deps must live in `dependencies`. Avoid `workspace:*` in `dependencies` (npm install breaks); put `openclaw` in `devDependencies` or `peerDependencies` instead (runtime resolves `openclaw/plugin-sdk` via jiti alias).
 - Import boundaries: extension production code should treat `openclaw/plugin-sdk/*` plus local `api.ts` / `runtime-api.ts` barrels as the public surface. Do not import core `src/**`, `src/plugin-sdk-internal/**`, or another extension's `src/**` directly.
 - Installers served from `https://openclaw.ai/*`: live in the sibling repo `../openclaw.ai` (`public/install.sh`, `public/install-cli.sh`, `public/install.ps1`).
 - Messaging channels: always consider **all** built-in + extension channels when refactoring shared logic (routing, allowlists, pairing, command gating, onboarding, docs).
   - Core channel docs: `docs/channels/`
   - Core channel code: `src/telegram`, `src/discord`, `src/slack`, `src/signal`, `src/imessage`, `src/web` (WhatsApp web), `src/channels`, `src/routing`
-  - Extensions (channel plugins): `extensions/*` (e.g. `extensions/msteams`, `extensions/matrix`, `extensions/zalo`, `extensions/zalouser`, `extensions/voice-call`)
-- When adding channels/extensions/apps/docs, update `.github/labeler.yml` and create matching GitHub labels (use existing channel/extension label colors).
+  - Bundled plugin channels: the workspace plugin tree (for example Matrix, Zalo, ZaloUser, Voice Call)
+- When adding channels/plugins/apps/docs, update `.github/labeler.yml` and create matching GitHub labels (use existing channel/plugin label colors).
+
+## Architecture Boundaries
+
+- Start here for the repo map:
+  - bundled workspace plugin tree = bundled plugins and the closest example surface for third-party plugins
+  - `src/plugin-sdk/*` = the public plugin contract that extensions are allowed to import
+  - `src/channels/*` = core channel implementation details behind the plugin/channel boundary
+  - `src/plugins/*` = plugin discovery, manifest validation, loader, registry, and contract enforcement
+  - `src/gateway/protocol/*` = typed Gateway control-plane and node wire protocol
+- Progressive disclosure lives in local boundary guides:
+  - bundled-plugin-tree `AGENTS.md`
+  - `src/plugin-sdk/AGENTS.md`
+  - `src/channels/AGENTS.md`
+  - `src/plugins/AGENTS.md`
+  - `src/gateway/protocol/AGENTS.md`
+- Plugin and extension boundary:
+  - Public docs: `docs/plugins/building-plugins.md`, `docs/plugins/architecture.md`, `docs/plugins/sdk-overview.md`, `docs/plugins/sdk-entrypoints.md`, `docs/plugins/sdk-runtime.md`, `docs/plugins/manifest.md`, `docs/plugins/sdk-channel-plugins.md`, `docs/plugins/sdk-provider-plugins.md`
+  - Definition files: `src/plugin-sdk/plugin-entry.ts`, `src/plugin-sdk/core.ts`, `src/plugin-sdk/provider-entry.ts`, `src/plugin-sdk/channel-contract.ts`, `scripts/lib/plugin-sdk-entrypoints.json`, `package.json`
+  - Rule: extensions must cross into core only through `openclaw/plugin-sdk/*`, manifest metadata, and documented runtime helpers. Do not import `src/**` from extension production code.
+  - Rule: core code and tests must not deep-import bundled plugin internals such as a plugin's `src/**` files or `onboard.js`. If core needs a bundled plugin helper, expose it through that plugin's `api.ts` and, when it is a real cross-package contract, through `src/plugin-sdk/<id>.ts`.
+  - Compatibility: new plugin seams are allowed, but they must be added as documented, backwards-compatible, versioned contracts. We have third-party plugins in the wild and do not break them casually.
+- Channel boundary:
+  - Public docs: `docs/plugins/sdk-channel-plugins.md`, `docs/plugins/architecture.md`
+  - Definition files: `src/channels/plugins/types.plugin.ts`, `src/channels/plugins/types.core.ts`, `src/channels/plugins/types.adapters.ts`, `src/plugin-sdk/core.ts`, `src/plugin-sdk/channel-contract.ts`
+  - Rule: `src/channels/**` is core implementation. If plugin authors need a new seam, add it to the Plugin SDK instead of telling them to import channel internals.
+- Provider/model boundary:
+  - Public docs: `docs/plugins/sdk-provider-plugins.md`, `docs/concepts/model-providers.md`, `docs/plugins/architecture.md`
+  - Definition files: `src/plugins/types.ts`, `src/plugin-sdk/provider-entry.ts`, `src/plugin-sdk/provider-auth.ts`, `src/plugin-sdk/provider-catalog-shared.ts`, `src/plugin-sdk/provider-model-shared.ts`
+  - Rule: core owns the generic inference loop; provider plugins own provider-specific behavior through registration and typed hooks. Do not solve provider needs by reaching into unrelated core internals.
+  - Rule: avoid ad hoc reads of `plugins.entries.<id>.config` from unrelated core code. If core needs plugin-owned auth/config behavior, add or use a generic seam (`resolveSyntheticAuth`, public SDK/helper facades, manifest metadata, plugin auto-enable hooks) and honor plugin disablement plus SecretRef semantics.
+  - Rule: vendor-owned tools and settings belong in the owning plugin. Do not add provider-specific tool config, secret collection, or runtime enablement to core `tools.*` surfaces unless the tool is intentionally core-owned.
+- Gateway protocol boundary:
+  - Public docs: `docs/gateway/protocol.md`, `docs/gateway/bridge-protocol.md`, `docs/concepts/architecture.md`
+  - Definition files: `src/gateway/protocol/schema.ts`, `src/gateway/protocol/schema/*.ts`, `src/gateway/protocol/index.ts`
+  - Rule: protocol changes are contract changes. Prefer additive evolution; incompatible changes require explicit versioning, docs, and client/codegen follow-through.
+- Bundled plugin contract boundary:
+  - Public docs: `docs/plugins/architecture.md`, `docs/plugins/manifest.md`, `docs/plugins/sdk-overview.md`
+- Definition files: `src/plugins/contracts/registry.ts`, `src/plugins/types.ts`, `src/plugins/public-artifacts.ts`
+  - Rule: keep manifest metadata, runtime registration, public SDK exports, and contract tests aligned. Do not create a hidden path around the declared plugin interfaces.
+- Extension test boundary:
+  - Keep extension-owned onboarding/config/provider coverage under the owning bundled plugin package when feasible.
+  - If core tests need bundled plugin behavior, consume it through public `src/plugin-sdk/<id>.ts` facades or the plugin's `api.ts`, not private extension modules.
 
 ## Docs Linking (Mintlify)
 
@@ -60,7 +102,8 @@
 - Runtime baseline: Node **22+** (keep Node + Bun paths working).
 - Install deps: `pnpm install`
 - If deps are missing (for example `node_modules` missing, `vitest not found`, or `command not found`), run the repo’s package-manager install command (prefer lockfile/README-defined PM), then rerun the exact requested command once. Apply this to test/build/lint/typecheck/dev commands; if retry still fails, report the command and first actionable error.
-- Pre-commit hooks: `prek install` (runs same checks as CI)
+- Pre-commit hooks: `prek install`. The hook runs the repo verification flow, including `pnpm check`.
+- `FAST_COMMIT=1` skips the repo-wide `pnpm format` and `pnpm check` inside the pre-commit hook only. Use it when you intentionally want a faster commit path and are running equivalent targeted verification manually. It does not change CI and does not change what `pnpm check` itself does.
 - Also supported: `bun install` (keep `pnpm-lock.yaml` + Bun patching in sync when touching deps/patches).
 - Prefer Bun for TypeScript execution (scripts, dev, tests): `bun <file.ts>` / `bunx <tool>`.
 - Run CLI in dev: `pnpm openclaw ...` (bun) or `pnpm dev`.
@@ -71,16 +114,28 @@
 - Lint/format: `pnpm check`
 - Format check: `pnpm format` (oxfmt --check)
 - Format fix: `pnpm format:fix` (oxfmt --write)
+- Terminology:
+  - "gate" means a verification command or command set that must be green for the decision you are making.
+  - A local dev gate is the fast default loop, usually `pnpm check` plus any scoped test you actually need.
+  - A landing gate is the broader bar before pushing `main`, usually `pnpm check`, `pnpm test`, and `pnpm build` when the touched surface can affect build output, packaging, lazy-loading/module boundaries, or published surfaces.
+  - A CI gate is whatever the relevant workflow enforces for that lane (for example `check`, `check-additional`, `build-smoke`, or release validation).
+- Local dev gate: prefer `pnpm check` for the normal edit loop. It keeps the repo-architecture policy guards out of the default local loop.
+- CI architecture gate: `check-additional` enforces architecture and boundary policy guards that are intentionally kept out of the default local loop.
+- Formatting gate: the pre-commit hook runs `pnpm format` before `pnpm check`. If you want a formatting-only preflight locally, run `pnpm format` explicitly.
+- If you need a fast commit loop, `FAST_COMMIT=1 git commit ...` skips the hook’s repo-wide `pnpm format` and `pnpm check`; use that only when you are deliberately covering the touched surface some other way.
 - Tests: `pnpm test` (vitest); coverage: `pnpm test:coverage`
 - Generated baseline artifacts live together under `docs/.generated/`.
 - Config schema drift uses `pnpm config:docs:gen` / `pnpm config:docs:check`.
 - Plugin SDK API drift uses `pnpm plugin-sdk:api:gen` / `pnpm plugin-sdk:api:check`.
 - If you change config schema/help or the public Plugin SDK surface, update the matching baseline artifact and keep the two drift-check flows adjacent in scripts/workflows/docs guidance rather than inventing a third pattern.
 - For narrowly scoped changes, prefer narrowly scoped tests that directly validate the touched behavior. If no meaningful scoped test exists, say so explicitly and use the next most direct validation available.
-- Preferred landing bar for pushes to `main`: `pnpm check` and `pnpm test`, with a green result when feasible.
+- Verification modes for work on `main`:
+  - Default mode: `main` is relatively stable. Count pre-commit hook coverage when it already verified the current tree, avoid rerunning the exact same checks just for ceremony, and prefer keeping CI/main green before landing.
+  - Fast-commit mode: `main` is moving fast and you intentionally optimize for shorter commit loops. Prefer explicit local verification close to the final landing point, and it is acceptable to use `--no-verify` for intermediate or catch-up commits after equivalent checks have already run locally.
+- Preferred landing bar for pushes to `main`: in Default mode, favor `pnpm check` and `pnpm test` near the final rebase/push point when feasible. In fast-commit mode, verify the touched surface locally near landing without insisting every intermediate commit replay the full hook.
 - Scoped tests prove the change itself. `pnpm test` remains the default `main` landing bar; scoped tests do not replace full-suite gates by default.
 - Hard gate: if the change can affect build output, packaging, lazy-loading/module boundaries, or published surfaces, `pnpm build` MUST be run and MUST pass before pushing `main`.
-- Default rule: do not commit or push with failing format, lint, type, build, or required test checks when those failures are caused by the change or plausibly related to the touched surface.
+- Default rule: do not land changes with failing format, lint, type, build, or required test checks when those failures are caused by the change or plausibly related to the touched surface. Fast-commit mode changes how verification is sequenced; it does not lower the requirement to validate and clean up the touched surface before final landing.
 - For narrowly scoped changes, if unrelated failures already exist on latest `origin/main`, state that clearly, report the scoped tests you ran, and ask before broadening scope into unrelated fixes or landing despite those failures.
 - Do not use scoped tests as permission to ignore plausibly related failures.
 
@@ -88,11 +143,19 @@
 
 - Language: TypeScript (ESM). Prefer strict typing; avoid `any`.
 - Formatting/linting via Oxlint and Oxfmt.
-- Never add `@ts-nocheck` and do not disable `no-explicit-any`; fix root causes and update Oxlint/Oxfmt config only when required.
+- Never add `@ts-nocheck` and do not add inline lint suppressions by default. Fix root causes first; only keep a suppression when the code is intentionally correct, the rule cannot express that safely, and the comment explains why.
+- Do not disable `no-explicit-any`; prefer real types, `unknown`, or a narrow adapter/helper instead. Update Oxlint/Oxfmt config only when required.
+- Prefer `zod` or existing schema helpers at external boundaries such as config, webhook payloads, CLI/JSON output, persisted JSON, and third-party API responses.
+- Prefer discriminated unions when parameter shape changes runtime behavior.
+- Prefer `Result<T, E>`-style outcomes and closed error-code unions for recoverable runtime decisions.
+- Keep human-readable strings for logs, CLI output, and UI; do not use freeform strings as the source of truth for internal branching.
+- Avoid `?? 0`, empty-string, empty-object, or magic-string sentinels when they can change runtime meaning silently.
+- If introducing a new optional field or nullable semantic in core logic, prefer an explicit union or dedicated type when the value changes behavior.
+- New runtime control-flow code should not branch on `error: string` or `reason: string` when a closed code union would be reasonable.
 - Dynamic import guardrail: do not mix `await import("x")` and static `import ... from "x"` for the same module in production code paths. If you need lazy loading, create a dedicated `*.runtime.ts` boundary (that re-exports from `x`) and dynamically import that boundary from lazy callers only.
 - Dynamic import verification: after refactors that touch lazy-loading/module boundaries, run `pnpm build` and check for `[INEFFECTIVE_DYNAMIC_IMPORT]` warnings before submitting.
 - Extension SDK self-import guardrail: inside an extension package, do not import that same extension via `openclaw/plugin-sdk/<extension>` from production files. Route internal imports through a local barrel such as `./api.ts` or `./runtime-api.ts`, and keep the `plugin-sdk/<extension>` path as the external contract only.
-- Extension package boundary guardrail: inside `extensions/<id>/**`, do not use relative imports/exports that resolve outside that same `extensions/<id>` package root. If shared code belongs in the plugin SDK, import `openclaw/plugin-sdk/<subpath>` instead of reaching into `src/plugin-sdk/**` or other repo paths via `../`.
+- Extension package boundary guardrail: inside a bundled plugin package, do not use relative imports/exports that resolve outside that same package root. If shared code belongs in the plugin SDK, import `openclaw/plugin-sdk/<subpath>` instead of reaching into `src/plugin-sdk/**` or other repo paths via `../`.
 - Extension API surface rule: `openclaw/plugin-sdk/<subpath>` is the only public cross-package contract for extension-facing SDK code. If an extension needs a new seam, add a public subpath first; do not reach into `src/plugin-sdk/**` by relative path.
 - Never share class behavior via prototype mutation (`applyPrototypeMixins`, `Object.defineProperty` on `.prototype`, or exporting `Class.prototype` for merges). Use explicit inheritance/composition (`A extends B extends C`) or helper composition so TypeScript can typecheck.
 - If this pattern is needed, stop and get explicit approval before shipping; default behavior is to split/refactor into an explicit class hierarchy and keep members strongly typed.
@@ -122,6 +185,7 @@
 - Keep Vitest on `forks` only. Do not introduce or reintroduce any non-`forks` Vitest pool or alternate execution mode in configs, wrapper scripts, or default test commands without explicit approval in this chat. This includes `threads`, `vmThreads`, `vmForks`, and any future/nonstandard pool variant.
 - If local Vitest runs cause memory pressure, the wrapper now derives budgets from host capabilities (CPU, memory band, current load). For a conservative explicit override during land/gate runs, use `OPENCLAW_TEST_PROFILE=serial OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test`.
 - Live tests (real keys): `OPENCLAW_LIVE_TEST=1 pnpm test:live` (OpenClaw-only) or `LIVE=1 pnpm test:live` (includes provider live tests). Docker: `pnpm test:docker:live-models`, `pnpm test:docker:live-gateway`. Onboarding Docker E2E: `pnpm test:docker:onboard`.
+- `pnpm test:live` defaults quiet now. Keep `[live]` progress; suppress profile/gateway chatter. Full logs: `OPENCLAW_LIVE_TEST_QUIET=0 pnpm test:live`.
 - Full kit + what’s covered: `docs/help/testing.md`.
 - Changelog: user-facing changes only; no internal/meta notes (version alignment, appcast reminders, release process).
 - Changelog placement: in the active version block, append new entries to the end of the target section (`### Changes` or `### Fixes`); do not insert new entries at the top of a section.
@@ -196,6 +260,7 @@
 - Patching dependencies (pnpm patches, overrides, or vendored changes) requires explicit approval; do not do this by default.
 - **Multi-agent safety:** do **not** create/apply/drop `git stash` entries unless explicitly requested (this includes `git pull --rebase --autostash`). Assume other agents may be working; keep unrelated WIP untouched and avoid cross-cutting state changes.
 - **Multi-agent safety:** when the user says "push", you may `git pull --rebase` to integrate latest changes (never discard other agents' work). When the user says "commit", scope to your changes only. When the user says "commit all", commit everything in grouped chunks.
+- **Multi-agent safety:** prefer grouped `commit` / `pull --rebase` / `push` cycles for related work instead of many tiny syncs.
 - **Multi-agent safety:** do **not** create/remove/modify `git worktree` checkouts (or edit `.worktrees/*`) unless explicitly requested.
 - **Multi-agent safety:** do **not** switch branches / check out a different branch unless explicitly requested.
 - **Multi-agent safety:** running multiple agents is OK as long as each agent has its own session.

CONTRIBUTING.md

@@ -94,6 +94,7 @@ Welcome to the lobster tank! 🦞
   - `pnpm test:extension --list` to see valid extension ids
   - If you changed shared plugin or channel surfaces, run `pnpm test:contracts`
   - For targeted shared-surface work, use `pnpm test:contracts:channels` or `pnpm test:contracts:plugins`
+  - These commands also cover the shared seam/smoke files that the default unit lane skips
   - If you changed broader runtime behavior, still run the relevant wider lanes (`pnpm test:extensions`, `pnpm test:channels`, or `pnpm test`) before asking for review
 - If you have access to Codex, run `codex review --base origin/main` locally before opening or updating your PR. Treat this as the current highest standard of AI review, even if GitHub Codex review also runs.
 - Do not submit refactor-only PRs unless a maintainer explicitly requested that refactor for an active fix or deliverable.

Dockerfile

@@ -5,15 +5,16 @@
 #
 # Multi-stage build produces a minimal runtime image without build tools,
 # source code, or Bun. Works with Docker, Buildx, and Podman.
-# The ext-deps stage extracts only the package.json files we need from
-# extensions/, so the main build layer is not invalidated by unrelated
-# extension source changes.
+# The ext-deps stage extracts only the package.json files we need from the
+# bundled plugin workspace tree, so the main build layer is not invalidated by
+# unrelated plugin source changes.
 #
 # Two runtime variants:
 #   Default (bookworm):      docker build .
 #   Slim (bookworm-slim):    docker build --build-arg OPENCLAW_VARIANT=slim .
 ARG OPENCLAW_EXTENSIONS=""
 ARG OPENCLAW_VARIANT=default
+ARG OPENCLAW_BUNDLED_PLUGIN_DIR=extensions
 ARG OPENCLAW_DOCKER_APT_UPGRADE=1
 ARG OPENCLAW_NODE_BOOKWORM_IMAGE="node:24-bookworm@sha256:3a09aa6354567619221ef6c45a5051b671f953f0a1924d1f819ffb236e520e6b"
 ARG OPENCLAW_NODE_BOOKWORM_DIGEST="sha256:3a09aa6354567619221ef6c45a5051b671f953f0a1924d1f819ffb236e520e6b"
@@ -27,18 +28,20 @@ ARG OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST="sha256:e8e2e91b1378f83c5b2dd15f0247f3411
 
 FROM ${OPENCLAW_NODE_BOOKWORM_IMAGE} AS ext-deps
 ARG OPENCLAW_EXTENSIONS
-COPY extensions /tmp/extensions
+ARG OPENCLAW_BUNDLED_PLUGIN_DIR
+COPY ${OPENCLAW_BUNDLED_PLUGIN_DIR} /tmp/${OPENCLAW_BUNDLED_PLUGIN_DIR}
 # Copy package.json for opted-in extensions so pnpm resolves their deps.
 RUN mkdir -p /out && \
     for ext in $OPENCLAW_EXTENSIONS; do \
-      if [ -f "/tmp/extensions/$ext/package.json" ]; then \
+      if [ -f "/tmp/${OPENCLAW_BUNDLED_PLUGIN_DIR}/$ext/package.json" ]; then \
         mkdir -p "/out/$ext" && \
-        cp "/tmp/extensions/$ext/package.json" "/out/$ext/package.json"; \
+        cp "/tmp/${OPENCLAW_BUNDLED_PLUGIN_DIR}/$ext/package.json" "/out/$ext/package.json"; \
       fi; \
     done
 
 # ── Stage 2: Build ──────────────────────────────────────────────
 FROM ${OPENCLAW_NODE_BOOKWORM_IMAGE} AS build
+ARG OPENCLAW_BUNDLED_PLUGIN_DIR
 
 # Install Bun (required for build scripts). Retry the whole bootstrap flow to
 # tolerate transient 5xx failures from bun.sh/GitHub during CI image builds.
@@ -61,8 +64,9 @@ WORKDIR /app
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
 COPY ui/package.json ./ui/package.json
 COPY patches ./patches
+COPY scripts/postinstall-bundled-plugins.mjs ./scripts/postinstall-bundled-plugins.mjs
 
-COPY --from=ext-deps /out/ ./extensions/
+COPY --from=ext-deps /out/ ./${OPENCLAW_BUNDLED_PLUGIN_DIR}/
 
 # Reduce OOM risk on low-memory hosts during dependency installation.
 # Docker builds on small VMs may otherwise fail with "Killed" (exit 137).
@@ -73,7 +77,7 @@ COPY . .
 
 # Normalize extension paths now so runtime COPY preserves safe modes
 # without adding a second full extensions layer.
-RUN for dir in /app/extensions /app/.agent /app/.agents; do \
+RUN for dir in /app/${OPENCLAW_BUNDLED_PLUGIN_DIR} /app/.agent /app/.agents; do \
       if [ -d "$dir" ]; then \
         find "$dir" -type d -exec chmod 755 {} +; \
         find "$dir" -type f -exec chmod 644 {} +; \
@@ -114,6 +118,7 @@ LABEL org.opencontainers.image.base.name="docker.io/library/node:24-bookworm-sli
 # ── Stage 3: Runtime ────────────────────────────────────────────
 FROM base-${OPENCLAW_VARIANT}
 ARG OPENCLAW_VARIANT
+ARG OPENCLAW_BUNDLED_PLUGIN_DIR
 ARG OPENCLAW_DOCKER_APT_UPGRADE
 
 # OCI base-image metadata for downstream image consumers.
@@ -148,13 +153,13 @@ COPY --from=runtime-assets --chown=node:node /app/dist ./dist
 COPY --from=runtime-assets --chown=node:node /app/node_modules ./node_modules
 COPY --from=runtime-assets --chown=node:node /app/package.json .
 COPY --from=runtime-assets --chown=node:node /app/openclaw.mjs .
-COPY --from=runtime-assets --chown=node:node /app/extensions ./extensions
+COPY --from=runtime-assets --chown=node:node /app/${OPENCLAW_BUNDLED_PLUGIN_DIR} ./${OPENCLAW_BUNDLED_PLUGIN_DIR}
 COPY --from=runtime-assets --chown=node:node /app/skills ./skills
 COPY --from=runtime-assets --chown=node:node /app/docs ./docs
 
 # In npm-installed Docker images, prefer the copied source extension tree for
 # bundled discovery so package metadata that points at source entries stays valid.
-ENV OPENCLAW_BUNDLED_PLUGINS_DIR=/app/extensions
+ENV OPENCLAW_BUNDLED_PLUGINS_DIR=/app/${OPENCLAW_BUNDLED_PLUGIN_DIR}
 
 # Keep pnpm available in the runtime image for container-local workflows.
 # Use a shared Corepack home so the non-root `node` user does not need a

Dockerfile.sandbox-browser

@@ -14,6 +14,7 @@ RUN --mount=type=cache,id=openclaw-sandbox-bookworm-apt-cache,target=/var/cache/
     chromium \
     curl \
     fonts-liberation \
+    fonts-noto-cjk \
     fonts-noto-color-emoji \
     git \
     jq \

SECURITY.md

@@ -101,7 +101,7 @@ OpenClaw does **not** model one gateway as a multi-tenant, adversarial user boun
 - If multiple users need OpenClaw, use one VPS (or host/OS user boundary) per user.
 - For advanced setups, multiple gateways on one machine are possible, but only with strict isolation and are not the recommended default.
 - Exec behavior is host-first by default: `agents.defaults.sandbox.mode` defaults to `off`.
-- `tools.exec.host` defaults to `sandbox` as a routing preference, but if sandbox runtime is not active for the session, exec runs on the gateway host.
+- `tools.exec.host` defaults to `auto`: sandbox when sandbox runtime is active for the session, otherwise gateway.
 - Implicit exec calls (no explicit host in the tool call) follow the same behavior.
 - This is expected in OpenClaw's one-user trusted-operator model. If you need isolation, enable sandbox mode (`non-main`/`all`) and keep strict tool policy.
 

appcast.xml

@@ -2,6 +2,147 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>OpenClaw</title>
+        <item>
+            <title>2026.3.28</title>
+            <pubDate>Sun, 29 Mar 2026 02:10:40 +0000</pubDate>
+            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
+            <sparkle:version>2026032890</sparkle:version>
+            <sparkle:shortVersionString>2026.3.28</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>OpenClaw 2026.3.28</h2>
+<h3>Breaking</h3>
+<ul>
+<li>Providers/Qwen: remove the deprecated <code>qwen-portal-auth</code> OAuth integration for <code>portal.qwen.ai</code>; migrate to Model Studio with <code>openclaw onboard --auth-choice modelstudio-api-key</code>. (#52709) Thanks @pomelo-nwu.</li>
+<li>Config/Doctor: drop automatic config migrations older than two months; very old legacy keys now fail validation instead of being rewritten on load or by <code>openclaw doctor</code>.</li>
+</ul>
+<h3>Changes</h3>
+<ul>
+<li>xAI/tools: move the bundled xAI provider to the Responses API, add first-class <code>x_search</code>, and auto-enable the xAI plugin from owned web-search and tool config so bundled Grok auth/configured search flows work without manual plugin toggles. (#56048) Thanks @huntharo.</li>
+<li>xAI/onboarding: let the bundled Grok web-search plugin offer optional <code>x_search</code> setup during <code>openclaw onboard</code> and <code>openclaw configure --section web</code>, including an x_search model picker with the shared xAI key.</li>
+<li>MiniMax: add image generation provider for <code>image-01</code> model, supporting generate and image-to-image editing with aspect ratio control. (#54487) Thanks @liyuan97.</li>
+<li>Plugins/hooks: add async <code>requireApproval</code> to <code>before_tool_call</code> hooks, letting plugins pause tool execution and prompt the user for approval via the exec approval overlay, Telegram buttons, Discord interactions, or the <code>/approve</code> command on any channel. The <code>/approve</code> command now handles both exec and plugin approvals with automatic fallback. (#55339) Thanks @vaclavbelak and @joshavant.</li>
+<li>ACP/channels: add current-conversation ACP binds for Discord, BlueBubbles, and iMessage so <code>/acp spawn codex --bind here</code> can turn the current chat into a Codex-backed workspace without creating a child thread, and document the distinction between chat surface, ACP session, and runtime workspace.</li>
+<li>OpenAI/apply_patch: enable <code>apply_patch</code> by default for OpenAI and OpenAI Codex models, and align its sandbox policy access with <code>write</code> permissions.</li>
+<li>Plugins/CLI backends: move bundled Claude CLI, Codex CLI, and Gemini CLI inference defaults onto the plugin surface, add bundled Gemini CLI backend support, and replace <code>gateway run --claude-cli-logs</code> with generic <code>--cli-backend-logs</code> while keeping the old flag as a compatibility alias.</li>
+<li>Plugins/startup: auto-load bundled provider and CLI-backend plugins from explicit config refs, so bundled Claude CLI, Codex CLI, and Gemini CLI message-provider setups no longer need manual <code>plugins.allow</code> entries.</li>
+<li>Podman: simplify the container setup around the current rootless user, install the launch helper under <code>~/.local/bin</code>, and document the host-CLI <code>openclaw --container <name> ...</code> workflow instead of a dedicated <code>openclaw</code> service user.</li>
+<li>Slack/tool actions: add an explicit <code>upload-file</code> Slack action that routes file uploads through the existing Slack upload transport, with optional filename/title/comment overrides for channels and DMs.</li>
+<li>Message actions/files: start unifying file-first sends on the canonical <code>upload-file</code> action by adding explicit support for Microsoft Teams and Google Chat, and by exposing BlueBubbles file sends through <code>upload-file</code> while keeping the legacy <code>sendAttachment</code> alias.</li>
+<li>Plugins/Matrix TTS: send auto-TTS replies as native Matrix voice bubbles instead of generic audio attachments. (#37080) thanks @Matthew19990919.</li>
+<li>CLI: add <code>openclaw config schema</code> to print the generated JSON schema for <code>openclaw.json</code>. (#54523) Thanks @kvokka.</li>
+<li>Config/TTS: auto-migrate legacy speech config on normal reads and secret resolution, keep legacy diagnostics for Doctor, and remove regular-mode runtime fallback for old bundled <code>tts.<provider></code> API-key shapes.</li>
+<li>Memory/plugins: move the pre-compaction memory flush plan behind the active memory plugin contract so <code>memory-core</code> owns flush prompts and target-path policy instead of hardcoded core logic.</li>
+<li>MiniMax: trim model catalog to M2.7 only, removing legacy M2, M2.1, M2.5, and VL-01 models. (#54487) Thanks @liyuan97.</li>
+<li>Plugins/runtime: expose <code>runHeartbeatOnce</code> in the plugin runtime <code>system</code> namespace so plugins can trigger a single heartbeat cycle with an explicit delivery target override (e.g. <code>heartbeat: { target: "last" }</code>). (#40299) Thanks @loveyana.</li>
+<li>Agents/compaction: preserve the post-compaction AGENTS refresh on stale-usage preflight compaction for both immediate replies and queued followups. (#49479) Thanks @jared596.</li>
+<li>Agents/compaction: surface safeguard-specific cancel reasons and relabel benign manual <code>/compact</code> no-op cases as skipped instead of failed. (#51072) Thanks @afurm.</li>
+<li>Docs: add <code>pnpm docs:check-links:anchors</code> for Mintlify anchor validation while keeping <code>scripts/docs-link-audit.mjs</code> as the stable link-audit entrypoint. (#55912) Thanks @velvet-shark.</li>
+<li>Tavily: mark outbound API requests with <code>X-Client-Source: openclaw</code> so Tavily can attribute OpenClaw-originated traffic. (#55335) Thanks @lakshyaag-tavily.</li>
+</ul>
+<h3>Fixes</h3>
+<ul>
+<li>Agents/Anthropic: recover unhandled provider stop reasons (e.g. <code>sensitive</code>) as structured assistant errors instead of crashing the agent run. (#56639)</li>
+<li>Google/models: resolve Gemini 3.1 pro, flash, and flash-lite for all Google provider aliases by passing the actual runtime provider ID and adding a template-provider fallback; fix flash-lite prefix ordering. (#56567)</li>
+<li>OpenAI Codex/image tools: register Codex for media understanding and route image prompts through Codex instructions so image analysis no longer fails on missing provider registration or missing <code>instructions</code>. (#54829) Thanks @neeravmakwana.</li>
+<li>Agents/image tool: restore the generic image-runtime fallback when no provider-specific media-understanding provider is registered, so image analysis works again for providers like <code>openrouter</code> and <code>minimax-portal</code>. (#54858) Thanks @MonkeyLeeT.</li>
+<li>WhatsApp: fix infinite echo loop in self-chat DM mode where the bot's own outbound replies were re-processed as new inbound user messages. (#54570) Thanks @joelnishanth</li>
+<li>Telegram/splitting: replace proportional text estimate with verified HTML-length search so long messages split at word boundaries instead of mid-word; gracefully degrade when tag overhead exceeds the limit. (#56595)</li>
+<li>Telegram/delivery: skip whitespace-only and hook-blanked text replies in bot delivery to prevent GrammyError 400 empty-text crashes. (#56620)</li>
+<li>Telegram/send: validate <code>replyToMessageId</code> at all four API sinks with a shared normalizer that rejects non-numeric, NaN, and mixed-content strings. (#56587)</li>
+<li>Mistral: normalize OpenAI-compatible request flags so official Mistral API runs no longer fail with remaining <code>422 status code (no body)</code> chat errors.</li>
+<li>Control UI/config: keep sensitive raw config hidden by default, replace the blank blocked editor with an explicit reveal-to-edit state, and restore raw JSON editing without auto-exposing secrets. Fixes #55322.</li>
+<li>CLI/zsh: defer <code>compdef</code> registration until <code>compinit</code> is available so zsh completion loads cleanly with plugin managers and manual setups. (#56555)</li>
+<li>BlueBubbles/debounce: guard debounce flush against null message text by sanitizing at the enqueue boundary and adding an independent combiner guard. (#56573)</li>
+<li>Auto-reply: suppress JSON-wrapped <code>{"action":"NO_REPLY"}</code> control envelopes before channel delivery with a strict single-key detector; preserves media when text is only a silent envelope. (#56612)</li>
+<li>ACP/ACPX agent registry: align OpenClaw's ACPX built-in agent mirror with the latest <code>openclaw/acpx</code> command defaults and built-in aliases, pin versioned <code>npx</code> built-ins to exact versions, and stop unknown ACP agent ids from falling through to raw <code>--agent</code> command execution on the MCP-proxy path. (#28321) Thanks @m0nkmaster and @vincentkoc.</li>
+<li>Security/audit: extend web search key audit to recognize Gemini, Grok/xAI, Kimi, Moonshot, and OpenRouter credentials via a boundary-safe bundled-web-search registry shim. (#56540)</li>
+<li>Docs/FAQ: remove broken Xfinity SSL troubleshooting cross-links from English and zh-CN FAQ entries — both sections already contain the full workaround inline. (#56500)</li>
+<li>Telegram: deliver verbose tool summaries inside forum topic sessions again, so threaded topic chats now match DM verbose behavior. (#43236) Thanks @frankbuild.</li>
+<li>BlueBubbles/CLI agents: restore inbound prompt image refs for CLI routed turns, reapply embedded runner image size guardrails, and cover both CLI image transport paths with regression tests. (#51373)</li>
+<li>BlueBubbles/groups: optionally enrich unnamed participant lists with local macOS Contacts names after group gating passes, so group member context can show names instead of only raw phone numbers.</li>
+<li>Discord/reconnect: drain stale gateway sockets, clear cached resume state before forced fresh reconnects, and fail closed when old sockets refuse to die so Discord recovery stops looping on poisoned resume state. (#54697) Thanks @ngutman.</li>
+<li>iMessage: stop leaking inline <code>[[reply_to:...]]</code> tags into delivered text by sending <code>reply_to</code> as RPC metadata and stripping stray directive tags from outbound messages. (#39512) Thanks @mvanhorn.</li>
+<li>CLI/plugins: make routed commands use the same auto-enabled bundled-channel snapshot as gateway startup, so configured bundled channels like Slack load without requiring a prior config rewrite. (#54809) Thanks @neeravmakwana.</li>
+<li>CLI/message send: write manual <code>openclaw message send</code> deliveries into the resolved agent session transcript again by always threading the default CLI agent through outbound mirroring. (#54187) Thanks @KevInTheCloud5617.</li>
+<li>CLI/onboarding: show the Kimi Code API key option again in the Moonshot setup menu so the interactive picker includes all Kimi setup paths together. Fixes #54412 Thanks @sparkyrider</li>
+<li>Agents/status: use provider-aware context window lookup for fresh Anthropic 4.6 model overrides so <code>/status</code> shows the correct 1.0m window instead of an underreported shared-cache minimum. (#54796) Thanks @neeravmakwana.</li>
+<li>OpenAI/WebSocket: preserve reasoning replay metadata and tool-call item ids on WebSocket tool turns, and start a fresh response chain when full-context resend is required. (#53856) Thanks @xujingchen1996.</li>
+<li>OpenAI/WS: restore reasoning blocks for Responses WebSocket runs and keep reasoning/tool-call replay metadata intact so resumed sessions do not lose or break follow-up reasoning-capable turns. (#53856) Thanks @xujingchen1996.</li>
+<li>Agents/errors: surface provider quota/reset details when available, but keep HTML/Cloudflare rate-limit pages on the generic fallback so raw error pages are not shown to users. (#54512) Thanks @bugkill3r.</li>
+<li>Claude CLI: switch the bundled Claude CLI backend to <code>stream-json</code> output so watchdogs see progress on long runs, and keep session/usage metadata even when Claude finishes with an empty result line. (#49698) Thanks @felear2022.</li>
+<li>Claude CLI/MCP: always pass a strict generated <code>--mcp-config</code> overlay for background Claude CLI runs, including the empty-server case, so Claude does not inherit ambient user/global MCP servers. (#54961) Thanks @markojak.</li>
+<li>Agents/embedded replies: surface mid-turn 429 and overload failures when embedded runs end without a user-visible reply, while preserving successful media-only replies that still use legacy <code>mediaUrl</code>. (#50930) Thanks @infichen.</li>
+<li>Chat/UI: move the chat send button onto the shared ghost-button theme styling, while keeping the stop button icon readable on the danger state. (#55075) Thanks @bottenbenny.</li>
+<li>WhatsApp/allowFrom: show a specific allowFrom policy error for valid blocked targets instead of the misleading <code><E.164|group JID></code> format hint. Thanks @mcaxtr.</li>
+<li>Agents/cooldowns: scope rate-limit cooldowns per model so one 429 no longer blocks every model on the same auth profile, replace the exponential 1 min -> 1 h escalation with a stepped 30 s / 1 min / 5 min ladder, and surface a user-facing countdown message when all models are rate-limited. (#49834) Thanks @kiranvk-2011.</li>
+<li>Agents/embedded transport errors: distinguish common network failures like connection refused, DNS lookup failure, and interrupted sockets from true timeouts in embedded-run user messaging and lifecycle diagnostics. (#51419) Thanks @scoootscooob.</li>
+<li>Telegram/pairing: ignore self-authored DM <code>message</code> updates so bot-pinned status cards and similar service updates do not trigger bogus pairing requests or re-enter inbound dispatch. (#54530) thanks @huntharo</li>
+<li>Mattermost/replies: keep pairing replies, slash-command fallback replies, and model-picker messages on the resolved config path so <code>exec:</code> SecretRef bot tokens work across all outbound reply branches. (#48347) thanks @mathiasnagler.</li>
+<li>Microsoft Teams/config: accept the existing <code>welcomeCard</code>, <code>groupWelcomeCard</code>, <code>promptStarters</code>, and feedback/reflection keys in strict config validation so already-supported Teams runtime settings stop failing schema checks. (#54679) Thanks @gumclaw.</li>
+<li>MCP/channels: add a Gateway-backed channel MCP bridge with Codex/Claude-facing conversation tools, Claude channel notifications, and safer stdio bridge lifecycle handling for reconnects and routed session discovery.</li>
+<li>Plugins/SDK: thread <code>moduleUrl</code> through plugin-sdk alias resolution so user-installed plugins outside the openclaw directory correctly resolve <code>openclaw/plugin-sdk/*</code> subpath imports, and gate <code>plugin-sdk:check-exports</code> in <code>release:check</code>. (#54283) Thanks @xieyongliang.</li>
+<li>Config/web fetch: allow the documented <code>tools.web.fetch.maxResponseBytes</code> setting in runtime schema validation so valid configs no longer fail with unrecognized-key errors. (#53401) Thanks @erhhung.</li>
+<li>Message tool/buttons: keep the shared <code>buttons</code> schema optional in merged tool definitions so plain <code>action=send</code> calls stop failing validation when no buttons are provided. (#54418) Thanks @adzendo.</li>
+<li>Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate <code>tool_call_id</code> values with HTTP 400. (#40996) Thanks @xaeon2026.</li>
+<li>Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition <code>strict</code> fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava.</li>
+<li>Plugins/context engines: retry strict legacy <code>assemble()</code> calls without the new <code>prompt</code> field when older engines reject it, preserving prompt-aware retrieval compatibility for pre-prompt plugins. (#50848) thanks @danhdoan.</li>
+<li>CLI/update status: explicitly say <code>up to date</code> when the local version already matches npm latest, while keeping the availability logic unchanged. (#51409) Thanks @dongzhenye.</li>
+<li>Daemon/Linux: stop flagging non-gateway systemd services as duplicate gateways just because their unit files mention OpenClaw, reducing false-positive doctor/log noise. (#45328) Thanks @gregretkowski.</li>
+<li>Feishu: close WebSocket connections on monitor stop/abort so ghost connections no longer persist, preventing duplicate event processing and resource leaks across restart cycles. (#52844) Thanks @schumilin.</li>
+<li>Feishu: use the original message <code>create_time</code> instead of <code>Date.now()</code> for inbound timestamps so offline-retried messages carry the correct authoring time, preventing mis-targeted agent actions on stale instructions. (#52809) Thanks @schumilin.</li>
+<li>Control UI/Skills: open skill detail dialogs with the browser modal lifecycle so clicking a skill row keeps the panel centered instead of rendering it off-screen at the bottom of the page.</li>
+<li>Matrix/replies: include quoted poll question/options in inbound reply context so the agent sees the original poll content when users reply to Matrix poll messages. (#55056) Thanks @alberthild.</li>
+<li>Matrix/plugins: keep plugin bootstrap from crashing when built runtime mixes bare and deep <code>matrix-js-sdk</code> entrypoints, so unrelated channels do not get taken down during plugin load. (#56273) Thanks @aquaright1.</li>
+<li>Agents/sandbox: honor <code>tools.sandbox.tools.alsoAllow</code>, let explicit sandbox re-allows remove matching built-in default-deny tools, and keep sandbox explain/error guidance aligned with the effective sandbox tool policy. (#54492) Thanks @ngutman.</li>
+<li>Agents/sandbox: make blocked-tool guidance glob-aware again, redact/sanitize session-specific explain hints for safer copy-paste, and avoid leaking control-character session keys in those hints. (#54684) Thanks @ngutman.</li>
+<li>Agents/compaction: trigger timeout recovery compaction before retrying high-context LLM timeouts so embedded runs stop repeating oversized requests. (#46417) thanks @joeykrug.</li>
+<li>Agents/compaction: reconcile <code>sessions.json.compactionCount</code> after a late embedded auto-compaction success so persisted session counts catch up once the handler reports completion. (#45493) Thanks @jackal092927.</li>
+<li>Agents/failover: classify Codex accountId token extraction failures as auth errors so model fallback continues to the next configured candidate. (#55206) Thanks @cosmicnet.</li>
+<li>Plugins/runtime: reuse only compatible active plugin registries across tools, providers, web search, and channel bootstrap, align <code>/tools/invoke</code> plugin loading with the session workspace, and retry outbound channel recovery when the pinned channel surface changes so plugin tools and channels stop disappearing or re-registering from mismatched runtime loads. Thanks @gumadeiras.</li>
+<li>Talk/macOS: stop direct system-voice failures from replaying system speech, use app-locale fallback for shared watchdog timing, and add regression coverage for the macOS fallback route and language-aware timeout policy. (#53511) thanks @hongsw.</li>
+<li>Discord/gateway cleanup: keep late Carbon reconnect-exhausted errors suppressed through startup/dispose cleanup so Discord monitor shutdown no longer crashes on late gateway close events. (#55373) Thanks @Takhoffman.</li>
+<li>Discord/gateway shutdown: treat expected reconnect-exhausted events during intentional lifecycle stop as clean shutdowns so startup-abort cleanup no longer surfaces false gateway failures. (#55324) Thanks @joelnishanth.</li>
+<li>Discord/gateway shutdown: suppress reconnect-exhausted events that were already buffered before teardown flips <code>lifecycleStopping</code>, so stale-socket Discord restarts no longer crash the whole gateway. Fixes #55403 and #55421. Thanks @lml2468 and @vincentkoc.</li>
+<li>GitHub Copilot/auth refresh: treat large <code>expires_at</code> values as seconds epochs and clamp far-future runtime auth refresh timers so Copilot token refresh cannot fall into a <code>setTimeout</code> overflow hot loop. (#55360) Thanks @michael-abdo.</li>
+<li>Agents/status: use the persisted runtime session model in <code>session_status</code> when no explicit override exists, and honor per-agent <code>thinkingDefault</code> in both <code>session_status</code> and <code>/status</code>. (#55425) Thanks @scoootscooob, @xaeon2026, and @ysfbsf.</li>
+<li>Heartbeat/runner: guarantee the interval timer is re-armed after heartbeat runs and unexpected runner errors so scheduled heartbeats do not silently stop after an interrupted cycle. (#52270) Thanks @MiloStack.</li>
+<li>Config/Doctor: rewrite stale bundled plugin load paths from legacy bundled-plugin locations to the packaged bundled path, including directory-name mismatches and slash-suffixed config entries. (#55054) Thanks @SnowSky1.</li>
+<li>WhatsApp/mentions: stop treating mentions embedded in quoted messages as direct mentions so replying to a message that @mentioned the bot no longer falsely triggers mention gating. (#52711) Thanks @lurebat.</li>
+<li>Matrix: keep separate 2-person rooms out of DM routing after <code>m.direct</code> seeds successfully, while still honoring explicit <code>is_direct</code> state and startup fallback recovery. (#54890) thanks @private-peter</li>
+<li>Agents/ollama fallback: surface non-2xx Ollama HTTP errors with a leading status code so HTTP 503 responses trigger model fallback again. (#55214) Thanks @bugkill3r.</li>
+<li>Feishu/tools: stop synthetic agent ids like <code>agent-spawner</code> from being treated as Feishu account ids during tool execution, so tools fall back to the configured/default Feishu account unless the contextual id is a real enabled Feishu account. (#55627) Thanks @MonkeyLeeT.</li>
+<li>Google/tools: strip empty <code>required: []</code> arrays from Gemini tool schemas so optional-only tool parameters no longer trigger Google validator 400s. (#52106) Thanks @oliviareid-svg.</li>
+<li>Onboarding/TUI/local gateways: show the resolved gateway port in setup output, clarify no-daemon local health/dashboard messaging, and preserve loopback Control UI auth on reruns and explicit local gateway URLs so local quickstart flows recover cleanly. (#55730) Thanks @shakkernerd.</li>
+<li>TUI/chat log: keep system messages as single logical entries and prune overflow at whole-message boundaries so wrapped system spacing stays intact. (#55732) Thanks @shakkernerd.</li>
+<li>TUI/activation: validate <code>/activation</code> arguments in the TUI and reject invalid values instead of silently coercing them to <code>mention</code>. (#55733) Thanks @shakkernerd.</li>
+<li>Agents/model switching: apply <code>/model</code> changes to active embedded runs at the next safe retry boundary, so overloaded or retrying turns switch to the newly selected model instead of staying pinned to the old provider.</li>
+<li>Agents/Codex fallback: classify Codex <code>server_error</code> payloads as failoverable, sanitize <code>Codex error:</code> payloads before they reach chat, preserve context-overflow guidance for prefixed <code>invalid_request_error</code> payloads, and omit provider <code>request_id</code> values from user-facing UI copy. (#42892) Thanks @xaeon2026.</li>
+<li>Memory/search: share memory embedding provider registrations across split plugin runtimes so memory search no longer fails with unknown provider errors after memory-core registers built-in adapters. (#55945) Thanks @glitch418x.</li>
+<li>Discord/Carbon beta: update <code>@buape/carbon</code> to the latest beta and pass the new <code>RateLimitError</code> request argument so Discord stays compatible with the upstream beta constructor change. (#55980) Thanks @ngutman.</li>
+<li>Plugins/inbound claims: pass full inbound attachment arrays through <code>inbound_claim</code> hook metadata while keeping the legacy singular media attachment fields for compatibility. (#55452) Thanks @huntharo.</li>
+<li>Plugins/Matrix: preserve sender filenames for inbound media by forwarding <code>originalFilename</code> to <code>saveMediaBuffer</code>. (#55692) thanks @esrehmki.</li>
+<li>Matrix/mentions: recognize <code>matrix.to</code> mentions whose visible label uses the bot's room display name, so <code>requireMention: true</code> rooms respond correctly in modern Matrix clients. (#55393) thanks @nickludlam.</li>
+<li>Ollama/thinking off: route <code>thinkingLevel=off</code> through the live Ollama extension request path so thinking-capable Ollama models now receive top-level <code>think: false</code> instead of silently generating hidden reasoning tokens. (#53200) Thanks @BruceMacD.</li>
+<li>Plugins/diffs: stage bundled <code>@pierre/diffs</code> runtime dependencies during packaged updates so the bundled diff viewer keeps loading after global installs and updates. (#56077) Thanks @gumadeiras.</li>
+<li>Plugins/diffs: load bundled Pierre themes without JSON module imports so diff rendering keeps working on newer Node builds. (#45869) thanks @NickHood1984.</li>
+<li>Plugins/uninstall: remove owned <code>channels.<id></code> config when uninstalling channel plugins, and keep the uninstall preview aligned with explicit channel ownership so built-in channels and shared keys stay intact. (#35915) Thanks @wbxl2000.</li>
+<li>Plugins/Matrix: prefer explicit DM signals when choosing outbound direct rooms and routing unmapped verification summaries, so strict 2-person fallback rooms do not outrank the real DM. (#56076) thanks @gumadeiras</li>
+<li>Plugins/Matrix: resolve env-backed <code>accessToken</code> and <code>password</code> SecretRefs against the active Matrix config env path during startup, and officially accept SecretRef <code>accessToken</code> config values. (#54980) thanks @kakahu2015.</li>
+<li>Microsoft Teams/proactive DMs: prefer the freshest personal conversation reference for <code>user:<aadObjectId></code> sends when multiple stored references exist, so replies stop targeting stale DM threads. (#54702) Thanks @gumclaw.</li>
+<li>Gateway/plugins: reuse the session workspace when building HTTP <code>/tools/invoke</code> tool lists and harden tool construction to infer the session agent workspace by default, so workspace plugins do not re-register on repeated HTTP tool calls. (#56101) thanks @neeravmakwana</li>
+<li>Brave/web search: normalize unsupported Brave <code>country</code> filters to <code>ALL</code> before request and cache-key generation so locale-derived values like <code>VN</code> stop failing with upstream 422 validation errors. (#55695) Thanks @chen-zhang-cs-code.</li>
+<li>Discord/replies: preserve leading indentation when stripping inline reply tags so reply-tagged plain text and fenced code blocks keep their formatting. (#55960) Thanks @Nanako0129.</li>
+<li>Daemon/status: surface immediate gateway close reasons from lightweight probes and prefer those concrete auth or pairing failures over generic timeouts in <code>openclaw daemon status</code>. (#56282) Thanks @mbelinky.</li>
+<li>Agents/failover: classify HTTP 410 errors as retryable timeouts by default while still preserving explicit session-expired, billing, and auth signals from the payload. (#55201) thanks @nikus-pan.</li>
+<li>Agents/subagents: restore completion announce delivery for extension channels like BlueBubbles. (#56348)</li>
+<li>Plugins/Matrix: load bundled <code>@matrix-org/matrix-sdk-crypto-nodejs</code> through <code>createRequire(...)</code> so E2EE media send and receive keep the package-local native binding lookup working in packaged ESM builds. (#54566) thanks @joelnishanth.</li>
+<li>Plugins/Matrix: encrypt E2EE image thumbnails with <code>thumbnail_file</code> while keeping unencrypted-room previews on <code>thumbnail_url</code>, so encrypted Matrix image events keep thumbnail metadata without leaking plaintext previews. (#54711) thanks @frischeDaten.</li>
+<li>Telegram/forum topics: keep native <code>/new</code> and <code>/reset</code> routed to the active topic by preserving the topic target on forum-thread command context. (#35963)</li>
+</ul>
+<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.3.28/OpenClaw-2026.3.28.zip" length="25811288" type="application/octet-stream" sparkle:edSignature="SJp4ptVaGlOIXRPevS89DbfN2WKP0bKMXQoaT0fmLhy7pataDfHN0kxC3zu6P0Q/HtsxaESEhJUw48SCUNNKDA=="/>
+        </item>
         <item>
             <title>2026.3.24</title>
             <pubDate>Wed, 25 Mar 2026 17:06:31 +0000</pubDate>
@@ -95,81 +236,5 @@
 ]]></description>
             <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.3.23/OpenClaw-2026.3.23.zip" length="24522883" type="application/octet-stream" sparkle:edSignature="ptBgHYLBqq/TSdONYCfIB5d6aP/ij/9G0gYQ5mJI9jf8Y31sbQIh5CqpJVxEEWLTMIGQKsHQir/kXZjtRvvZAg=="/>
         </item>
-        <item>
-            <title>2026.3.13</title>
-            <pubDate>Sat, 14 Mar 2026 05:19:48 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
-            <sparkle:version>2026031390</sparkle:version>
-            <sparkle:shortVersionString>2026.3.13</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>OpenClaw 2026.3.13</h2>
-<h3>Changes</h3>
-<ul>
-<li>Android/chat settings: redesign the chat settings sheet with grouped device and media sections, refresh the Connect and Voice tabs, and tighten the chat composer/session header for a denser mobile layout. (#44894) Thanks @obviyus.</li>
-<li>iOS/onboarding: add a first-run welcome pager before gateway setup, stop auto-opening the QR scanner, and show <code>/pair qr</code> instructions on the connect step. (#45054) Thanks @ngutman.</li>
-<li>Browser/existing-session: add an official Chrome DevTools MCP attach mode for signed-in live Chrome sessions, with docs for <code>chrome://inspect/#remote-debugging</code> enablement and direct backlinks to Chrome’s own setup guides.</li>
-<li>Browser/agents: add built-in <code>profile="user"</code> for the logged-in host browser and <code>profile="chrome-relay"</code> for the extension relay, so agent browser calls can prefer the real signed-in browser without the extra <code>browserSession</code> selector.</li>
-<li>Browser/act automation: add batched actions, selector targeting, and delayed clicks for browser act requests with normalized batch dispatch. Thanks @vincentkoc.</li>
-<li>Docker/timezone override: add <code>OPENCLAW_TZ</code> so <code>docker-setup.sh</code> can pin gateway and CLI containers to a chosen IANA timezone instead of inheriting the daemon default. (#34119) Thanks @Lanfei.</li>
-<li>Dependencies/pi: bump <code>@mariozechner/pi-agent-core</code>, <code>@mariozechner/pi-ai</code>, <code>@mariozechner/pi-coding-agent</code>, and <code>@mariozechner/pi-tui</code> to <code>0.58.0</code>.</li>
-</ul>
-<h3>Fixes</h3>
-<ul>
-<li>Dashboard/chat UI: stop reloading full chat history on every live tool result in dashboard v2 so tool-heavy runs no longer trigger UI freeze/re-render storms while the final event still refreshes persisted history. (#45541) Thanks @BunsDev.</li>
-<li>Gateway/client requests: reject unanswered gateway RPC calls after a bounded timeout and clear their pending state, so stalled connections no longer leak hanging <code>GatewayClient.request()</code> promises indefinitely.</li>
-<li>Build/plugin-sdk bundling: bundle plugin-sdk subpath entries in one shared build pass so published packages stop duplicating shared chunks and avoid the recent plugin-sdk memory blow-up. (#45426) Thanks @TarasShyn.</li>
-<li>Ollama/reasoning visibility: stop promoting native <code>thinking</code> and <code>reasoning</code> fields into final assistant text so local reasoning models no longer leak internal thoughts in normal replies. (#45330) Thanks @xi7ang.</li>
-<li>Android/onboarding QR scan: switch setup QR scanning to Google Code Scanner so onboarding uses a more reliable scanner instead of the legacy embedded ZXing flow. (#45021) Thanks @obviyus.</li>
-<li>Browser/existing-session: harden driver validation and session lifecycle so transport errors trigger reconnects while tool-level errors preserve the session, and extract shared ARIA role sets to deduplicate Playwright and Chrome MCP snapshot paths. (#45682) Thanks @odysseus0.</li>
-<li>Browser/existing-session: accept text-only <code>list_pages</code> and <code>new_page</code> responses from Chrome DevTools MCP so live-session tab discovery and new-tab open flows keep working when the server omits structured page metadata.</li>
-<li>Control UI/insecure auth: preserve explicit shared token and password auth on plain-HTTP Control UI connects so LAN and reverse-proxy sessions no longer drop shared auth before the first WebSocket handshake. (#45088) Thanks @velvet-shark.</li>
-<li>Gateway/session reset: preserve <code>lastAccountId</code> and <code>lastThreadId</code> across gateway session resets so replies keep routing back to the same account and thread after <code>/reset</code>. (#44773) Thanks @Lanfei.</li>
-<li>macOS/onboarding: avoid self-restarting freshly bootstrapped launchd gateways and give new daemon installs longer to become healthy, so <code>openclaw onboard --install-daemon</code> no longer false-fails on slower Macs and fresh VM snapshots.</li>
-<li>Gateway/status: add <code>openclaw gateway status --require-rpc</code> and clearer Linux non-interactive daemon-install failure reporting so automation can fail hard on probe misses instead of treating a printed RPC error as green.</li>
-<li>macOS/exec approvals: respect per-agent exec approval settings in the gateway prompter, including allowlist fallback when the native prompt cannot be shown, so gateway-triggered <code>system.run</code> requests follow configured policy instead of always prompting or denying unexpectedly. (#13707) Thanks @sliekens.</li>
-<li>Telegram/media downloads: thread the same direct or proxy transport policy into SSRF-guarded file fetches so inbound attachments keep working when Telegram falls back between env-proxy and direct networking. (#44639) Thanks @obviyus.</li>
-<li>Telegram/inbound media IPv4 fallback: retry SSRF-guarded Telegram file downloads once with the same IPv4 fallback policy as Bot API calls so fresh installs on IPv6-broken hosts no longer fail to download inbound images.</li>
-<li>Windows/gateway install: bound <code>schtasks</code> calls and fall back to the Startup-folder login item when task creation hangs, so native <code>openclaw gateway install</code> fails fast instead of wedging forever on broken Scheduled Task setups.</li>
-<li>Windows/gateway stop: resolve Startup-folder fallback listeners from the installed <code>gateway.cmd</code> port, so <code>openclaw gateway stop</code> now actually kills fallback-launched gateway processes before restart.</li>
-<li>Windows/gateway status: reuse the installed service command environment when reading runtime status, so startup-fallback gateways keep reporting the configured port and running state in <code>gateway status --json</code> instead of falling back to <code>gateway port unknown</code>.</li>
-<li>Windows/gateway auth: stop attaching device identity on local loopback shared-token and password gateway calls, so native Windows agent replies no longer log stale <code>device signature expired</code> fallback noise before succeeding.</li>
-<li>Discord/gateway startup: treat plain-text and transient <code>/gateway/bot</code> metadata fetch failures as transient startup errors so Discord gateway boot no longer crashes on unhandled rejections. (#44397) Thanks @jalehman.</li>
-<li>Slack/probe: keep <code>auth.test()</code> bot and team metadata mapping stable while simplifying the probe result path. (#44775) Thanks @Cafexss.</li>
-<li>Dashboard/chat UI: render oversized plain-text replies as normal paragraphs instead of capped gray code blocks, so long desktop chat responses stay readable without tab-switching refreshes.</li>
-<li>Dashboard/chat UI: restore the <code>chat-new-messages</code> class on the New messages scroll pill so the button uses its existing compact styling instead of rendering as a full-screen SVG overlay. (#44856) Thanks @Astro-Han.</li>
-<li>Gateway/Control UI: restore the operator-only device-auth bypass and classify browser connect failures so origin and device-identity problems no longer show up as auth errors in the Control UI and web chat. (#45512) thanks @sallyom.</li>
-<li>macOS/voice wake: stop crashing wake-word command extraction when speech segment ranges come from a different transcript instance.</li>
-<li>Discord/allowlists: honor raw <code>guild_id</code> when hydrated guild objects are missing so allowlisted channels and threads like <code>#maintainers</code> no longer get false-dropped before channel allowlist checks.</li>
-<li>macOS/runtime locator: require Node >=22.16.0 during macOS runtime discovery so the app no longer accepts Node versions that the main runtime guard rejects later. Thanks @sumleo.</li>
-<li>Agents/custom providers: preserve blank API keys for loopback OpenAI-compatible custom providers by clearing the synthetic Authorization header at runtime, while keeping explicit apiKey and oauth/token config from silently downgrading into fake bearer auth. (#45631) Thanks @xinhuagu.</li>
-<li>Models/google-vertex Gemini flash-lite normalization: apply existing bare-ID preview normalization to <code>google-vertex</code> model refs and provider configs so <code>google-vertex/gemini-3.1-flash-lite</code> resolves as <code>gemini-3.1-flash-lite-preview</code>. (#42435) thanks @scoootscooob.</li>
-<li>iMessage/remote attachments: reject unsafe remote attachment paths before spawning SCP, so sender-controlled filenames can no longer inject shell metacharacters into remote media staging. Thanks @lintsinghua.</li>
-<li>Telegram/webhook auth: validate the Telegram webhook secret before reading or parsing request bodies, so unauthenticated requests are rejected immediately instead of consuming up to 1 MB first. Thanks @space08.</li>
-<li>Security/device pairing: make bootstrap setup codes single-use so pending device pairing requests cannot be silently replayed and widened to admin before approval. Thanks @tdjackey.</li>
-<li>Security/external content: strip zero-width and soft-hyphen marker-splitting characters during boundary sanitization so spoofed <code>EXTERNAL_UNTRUSTED_CONTENT</code> markers fall back to the existing hardening path instead of bypassing marker normalization.</li>
-<li>Security/exec approvals: unwrap more <code>pnpm</code> runtime forms during approval binding, including <code>pnpm --reporter ... exec</code> and direct <code>pnpm node</code> file runs, with matching regression coverage and docs updates.</li>
-<li>Security/exec approvals: fail closed for Perl <code>-M</code> and <code>-I</code> approval flows so preload and load-path module resolution stays outside approval-backed runtime execution unless the operator uses a broader explicit trust path.</li>
-<li>Security/exec approvals: recognize PowerShell <code>-File</code> and <code>-f</code> wrapper forms during inline-command extraction so approval and command-analysis paths treat file-based PowerShell launches like the existing <code>-Command</code> variants.</li>
-<li>Security/exec approvals: unwrap <code>env</code> dispatch wrappers inside shell-segment allowlist resolution on macOS so <code>env FOO=bar /path/to/bin</code> resolves against the effective executable instead of the wrapper token.</li>
-<li>Security/exec approvals: treat backslash-newline as shell line continuation during macOS shell-chain parsing so line-continued <code>$(</code> substitutions fail closed instead of slipping past command-substitution checks.</li>
-<li>Security/exec approvals: bind macOS skill auto-allow trust to both executable name and resolved path so same-basename binaries no longer inherit trust from unrelated skill bins.</li>
-<li>Build/plugin-sdk bundling: bundle plugin-sdk subpath entries in one shared build pass so published packages stop duplicating shared chunks and avoid the recent plugin-sdk memory blow-up. (#45426) Thanks @TarasShyn.</li>
-<li>Cron/isolated sessions: route nested cron-triggered embedded runner work onto the nested lane so isolated cron jobs no longer deadlock when compaction or other queued inner work runs. Thanks @vincentkoc.</li>
-<li>Agents/OpenAI-compatible compat overrides: respect explicit user <code>models[].compat</code> opt-ins for non-native <code>openai-completions</code> endpoints so usage-in-streaming capability overrides no longer get forced off when the endpoint actually supports them. (#44432) Thanks @cheapestinference.</li>
-<li>Agents/Azure OpenAI startup prompts: rephrase the built-in <code>/new</code>, <code>/reset</code>, and post-compaction startup instruction so Azure OpenAI deployments no longer hit HTTP 400 false positives from the content filter. (#43403) Thanks @xingsy97.</li>
-<li>Agents/memory bootstrap: load only one root memory file, preferring <code>MEMORY.md</code> and using <code>memory.md</code> as a fallback, so case-insensitive Docker mounts no longer inject duplicate memory context. (#26054) Thanks @Lanfei.</li>
-<li>Agents/compaction: compare post-compaction token sanity checks against full-session pre-compaction totals and skip the check when token estimation fails, so sessions with large bootstrap context keep real token counts instead of falling back to unknown. (#28347) thanks @efe-arv.</li>
-<li>Agents/compaction: preserve safeguard compaction summary language continuity via default and configurable custom instructions so persona drift is reduced after auto-compaction. (#10456) Thanks @keepitmello.</li>
-<li>Agents/tool warnings: distinguish gated core tools like <code>apply_patch</code> from plugin-only unknown entries in <code>tools.profile</code> warnings, so unavailable core tools now report current runtime/provider/model/config gating instead of suggesting a missing plugin.</li>
-<li>Config/validation: accept documented <code>agents.list[].params</code> per-agent overrides in strict config validation so <code>openclaw config validate</code> no longer rejects runtime-supported <code>cacheRetention</code>, <code>temperature</code>, and <code>maxTokens</code> settings. (#41171) Thanks @atian8179.</li>
-<li>Config/web fetch: restore runtime validation for documented <code>tools.web.fetch.readability</code> and <code>tools.web.fetch.firecrawl</code> settings so valid web fetch configs no longer fail with unrecognized-key errors. (#42583) Thanks @stim64045-spec.</li>
-<li>Signal/config validation: add <code>channels.signal.groups</code> schema support so per-group <code>requireMention</code>, <code>tools</code>, and <code>toolsBySender</code> overrides no longer get rejected during config validation. (#27199) Thanks @unisone.</li>
-<li>Config/discovery: accept <code>discovery.wideArea.domain</code> in strict config validation so unicast DNS-SD gateway configs no longer fail with an unrecognized-key error. (#35615) Thanks @ingyukoh.</li>
-<li>Telegram/media errors: redact Telegram file URLs before building media fetch errors so failed inbound downloads do not leak bot tokens into logs. Thanks @space08.</li>
-</ul>
-<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.3.13/OpenClaw-2026.3.13.zip" length="23640917" type="application/octet-stream" sparkle:edSignature="Me63UHSpFLocTo5Lt7Iqsl0Hq61y3jTcZ9DUkiFl9xQvTE0+ORuqRMFWqPgYwfaKMgcgQmUbrV/uFzEoTIRHBA=="/>
-        </item>
     </channel>
 </rss>

apps/android/app/build.gradle.kts

@@ -65,8 +65,8 @@ android {
         applicationId = "ai.openclaw.app"
         minSdk = 31
         targetSdk = 36
-        versionCode = 2026032500
-        versionName = "2026.3.25"
+        versionCode = 2026033000
+        versionName = "2026.3.30"
         ndk {
             // Support all major ABIs — native libs are tiny (~47 KB per ABI)
             abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")

apps/android/app/src/main/AndroidManifest.xml

@@ -31,6 +31,13 @@
         android:name="android.hardware.telephony"
         android:required="false" />
 
+    <queries>
+        <intent>
+            <action android:name="android.intent.action.MAIN" />
+            <category android:name="android.intent.category.LAUNCHER" />
+        </intent>
+    </queries>
+
     <application
         android:name=".NodeApp"
         android:allowBackup="true"

apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt

@@ -56,6 +56,17 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
 
   val gateways: StateFlow<List<GatewayEndpoint>> = runtimeState(initial = emptyList()) { it.gateways }
   val discoveryStatusText: StateFlow<String> = runtimeState(initial = "Searching…") { it.discoveryStatusText }
+  val notificationForwardingEnabled: StateFlow<Boolean> = prefs.notificationForwardingEnabled
+  val notificationForwardingMode: StateFlow<NotificationPackageFilterMode> =
+    prefs.notificationForwardingMode
+  val notificationForwardingPackages: StateFlow<Set<String>> = prefs.notificationForwardingPackages
+  val notificationForwardingQuietHoursEnabled: StateFlow<Boolean> =
+    prefs.notificationForwardingQuietHoursEnabled
+  val notificationForwardingQuietStart: StateFlow<String> = prefs.notificationForwardingQuietStart
+  val notificationForwardingQuietEnd: StateFlow<String> = prefs.notificationForwardingQuietEnd
+  val notificationForwardingMaxEventsPerMinute: StateFlow<Int> =
+    prefs.notificationForwardingMaxEventsPerMinute
+  val notificationForwardingSessionKey: StateFlow<String?> = prefs.notificationForwardingSessionKey
 
   val isConnected: StateFlow<Boolean> = runtimeState(initial = false) { it.isConnected }
   val isNodeConnected: StateFlow<Boolean> = runtimeState(initial = false) { it.nodeConnected }
@@ -197,6 +208,39 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
     prefs.setCanvasDebugStatusEnabled(value)
   }
 
+  fun setNotificationForwardingEnabled(value: Boolean) {
+    ensureRuntime().setNotificationForwardingEnabled(value)
+  }
+
+  fun setNotificationForwardingMode(mode: NotificationPackageFilterMode) {
+    ensureRuntime().setNotificationForwardingMode(mode)
+  }
+
+  fun setNotificationForwardingPackagesCsv(csv: String) {
+    val packages =
+      csv
+        .split(',')
+        .map { it.trim() }
+        .filter { it.isNotEmpty() }
+    ensureRuntime().setNotificationForwardingPackages(packages)
+  }
+
+  fun setNotificationForwardingQuietHours(
+    enabled: Boolean,
+    start: String,
+    end: String,
+  ): Boolean {
+    return ensureRuntime().setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  }
+
+  fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
+    ensureRuntime().setNotificationForwardingMaxEventsPerMinute(value)
+  }
+
+  fun setNotificationForwardingSessionKey(value: String?) {
+    ensureRuntime().setNotificationForwardingSessionKey(value)
+  }
+
   fun setVoiceScreenActive(active: Boolean) {
     ensureRuntime().setVoiceScreenActive(active)
   }

apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt

@@ -24,7 +24,6 @@ import ai.openclaw.app.voice.TalkModeManager
 import ai.openclaw.app.voice.VoiceConversationEntry
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.Job
 import kotlinx.coroutines.SupervisorJob
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.MutableStateFlow
@@ -34,7 +33,6 @@ import kotlinx.coroutines.flow.combine
 import kotlinx.coroutines.flow.distinctUntilChanged
 import kotlinx.coroutines.launch
 import kotlinx.serialization.Serializable
-import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonObject
@@ -141,6 +139,7 @@ class NodeRuntime(
     motionPedometerAvailable = { motionHandler.isPedometerAvailable() },
     sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
     readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+    smsSearchPossible = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.hasTelephonyFeature() },
     callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
     hasRecordAudioPermission = { hasRecordAudioPermission() },
     manualTls = { manualTls.value },
@@ -166,6 +165,8 @@ class NodeRuntime(
     locationEnabled = { locationMode.value != LocationMode.Off },
     sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
     readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+    smsFeatureEnabled = { BuildConfig.OPENCLAW_ENABLE_SMS },
+    smsTelephonyAvailable = { sms.hasTelephonyFeature() },
     callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
     debugBuild = { BuildConfig.DEBUG },
     refreshNodeCanvasCapability = { nodeSession.refreshNodeCanvasCapability() },
@@ -195,7 +196,12 @@ class NodeRuntime(
   private val _pendingGatewayTrust = MutableStateFlow<GatewayTrustPrompt?>(null)
   val pendingGatewayTrust: StateFlow<GatewayTrustPrompt?> = _pendingGatewayTrust.asStateFlow()
 
-  private val _mainSessionKey = MutableStateFlow("main")
+  private fun resolveNodeMainSessionKey(agentId: String? = gatewayDefaultAgentId): String {
+    val deviceId = identityStore.loadOrCreate().deviceId
+    return buildNodeMainSessionKey(deviceId, agentId)
+  }
+
+  private val _mainSessionKey = MutableStateFlow(resolveNodeMainSessionKey())
   val mainSessionKey: StateFlow<String> = _mainSessionKey.asStateFlow()
 
   private val cameraHudSeq = AtomicLong(0)
@@ -243,7 +249,7 @@ class NodeRuntime(
         _serverName.value = name
         _remoteAddress.value = remote
         _seamColorArgb.value = DEFAULT_SEAM_COLOR_ARGB
-        applyMainSessionKey(mainSessionKey)
+        syncMainSessionKey(resolveAgentIdFromMainSessionKey(mainSessionKey))
         updateStatus()
         micCapture.onGatewayConnectionChanged(true)
         scope.launch {
@@ -259,9 +265,6 @@ class NodeRuntime(
         _serverName.value = null
         _remoteAddress.value = null
         _seamColorArgb.value = DEFAULT_SEAM_COLOR_ARGB
-        if (!isCanonicalMainSessionKey(_mainSessionKey.value)) {
-          _mainSessionKey.value = "main"
-        }
         chat.applyMainSessionKey(resolveMainSessionKey())
         chat.onDisconnected(message)
         updateStatus()
@@ -320,9 +323,11 @@ class NodeRuntime(
       session = operatorSession,
       json = json,
       supportsChatSubscribe = false,
-    )
+    ).also {
+      it.applyMainSessionKey(_mainSessionKey.value)
+    }
   private val voiceReplySpeakerLazy: Lazy<TalkModeManager> = lazy {
-    // Reuse the existing TalkMode speech engine (ElevenLabs + deterministic system-TTS fallback)
+    // Reuse the existing TalkMode speech engine for native Android TTS playback
     // without enabling the legacy talk capture loop.
     TalkModeManager(
       context = appContext,
@@ -404,13 +409,12 @@ class NodeRuntime(
     )
   }
 
-  private fun applyMainSessionKey(candidate: String?) {
-    val trimmed = normalizeMainKey(candidate) ?: return
-    if (isCanonicalMainSessionKey(_mainSessionKey.value)) return
-    if (_mainSessionKey.value == trimmed) return
-    _mainSessionKey.value = trimmed
-    talkMode.setMainSessionKey(trimmed)
-    chat.applyMainSessionKey(trimmed)
+  private fun syncMainSessionKey(agentId: String?) {
+    val resolvedKey = resolveNodeMainSessionKey(agentId)
+    if (_mainSessionKey.value == resolvedKey) return
+    _mainSessionKey.value = resolvedKey
+    talkMode.setMainSessionKey(resolvedKey)
+    chat.applyMainSessionKey(resolvedKey)
     updateHomeCanvasState()
   }
 
@@ -533,6 +537,17 @@ class NodeRuntime(
   fun setOnboardingCompleted(value: Boolean) = prefs.setOnboardingCompleted(value)
   val lastDiscoveredStableId: StateFlow<String> = prefs.lastDiscoveredStableId
   val canvasDebugStatusEnabled: StateFlow<Boolean> = prefs.canvasDebugStatusEnabled
+  val notificationForwardingEnabled: StateFlow<Boolean> = prefs.notificationForwardingEnabled
+  val notificationForwardingMode: StateFlow<NotificationPackageFilterMode> =
+    prefs.notificationForwardingMode
+  val notificationForwardingPackages: StateFlow<Set<String>> = prefs.notificationForwardingPackages
+  val notificationForwardingQuietHoursEnabled: StateFlow<Boolean> =
+    prefs.notificationForwardingQuietHoursEnabled
+  val notificationForwardingQuietStart: StateFlow<String> = prefs.notificationForwardingQuietStart
+  val notificationForwardingQuietEnd: StateFlow<String> = prefs.notificationForwardingQuietEnd
+  val notificationForwardingMaxEventsPerMinute: StateFlow<Int> =
+    prefs.notificationForwardingMaxEventsPerMinute
+  val notificationForwardingSessionKey: StateFlow<String?> = prefs.notificationForwardingSessionKey
 
   private var didAutoConnect = false
 
@@ -685,6 +700,34 @@ class NodeRuntime(
     prefs.setCanvasDebugStatusEnabled(value)
   }
 
+  fun setNotificationForwardingEnabled(value: Boolean) {
+    prefs.setNotificationForwardingEnabled(value)
+  }
+
+  fun setNotificationForwardingMode(mode: NotificationPackageFilterMode) {
+    prefs.setNotificationForwardingMode(mode)
+  }
+
+  fun setNotificationForwardingPackages(packages: List<String>) {
+    prefs.setNotificationForwardingPackages(packages)
+  }
+
+  fun setNotificationForwardingQuietHours(
+    enabled: Boolean,
+    start: String,
+    end: String,
+  ): Boolean {
+    return prefs.setNotificationForwardingQuietHours(enabled = enabled, start = start, end = end)
+  }
+
+  fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
+    prefs.setNotificationForwardingMaxEventsPerMinute(value)
+  }
+
+  fun setNotificationForwardingSessionKey(value: String?) {
+    prefs.setNotificationForwardingSessionKey(value)
+  }
+
   fun setVoiceScreenActive(active: Boolean) {
     if (!active) {
       stopActiveVoiceSession()
@@ -960,9 +1003,7 @@ class NodeRuntime(
       val config = root?.get("config").asObjectOrNull()
       val ui = config?.get("ui").asObjectOrNull()
       val raw = ui?.get("seamColor").asStringOrNull()?.trim()
-      val sessionCfg = config?.get("session").asObjectOrNull()
-      val mainKey = normalizeMainKey(sessionCfg?.get("mainKey").asStringOrNull())
-      applyMainSessionKey(mainKey)
+      syncMainSessionKey(gatewayDefaultAgentId)
 
       val parsed = parseHexColorArgb(raw)
       _seamColorArgb.value = parsed ?: DEFAULT_SEAM_COLOR_ARGB
@@ -995,7 +1036,7 @@ class NodeRuntime(
 
       gatewayDefaultAgentId = defaultAgentId.ifEmpty { null }
       gatewayAgents = agents
-      applyMainSessionKey(mainKey)
+      syncMainSessionKey(resolveAgentIdFromMainSessionKey(mainKey) ?: gatewayDefaultAgentId)
       updateHomeCanvasState()
     } catch (_: Throwable) {
       // ignore

apps/android/app/src/main/java/ai/openclaw/app/NotificationForwardingPolicy.kt

@@ -0,0 +1,102 @@
+package ai.openclaw.app
+
+import java.time.Instant
+import java.time.ZoneId
+
+enum class NotificationPackageFilterMode(val rawValue: String) {
+  Allowlist("allowlist"),
+  Blocklist("blocklist"),
+  ;
+
+  companion object {
+    fun fromRawValue(raw: String?): NotificationPackageFilterMode {
+      return entries.firstOrNull { it.rawValue == raw?.trim()?.lowercase() } ?: Blocklist
+    }
+  }
+}
+
+internal data class NotificationForwardingPolicy(
+  val enabled: Boolean,
+  val mode: NotificationPackageFilterMode,
+  val packages: Set<String>,
+  val quietHoursEnabled: Boolean,
+  val quietStart: String,
+  val quietEnd: String,
+  val maxEventsPerMinute: Int,
+  val sessionKey: String?,
+)
+
+internal fun NotificationForwardingPolicy.allowsPackage(packageName: String): Boolean {
+  val normalized = packageName.trim()
+  if (normalized.isEmpty()) {
+    return false
+  }
+  return when (mode) {
+    NotificationPackageFilterMode.Allowlist -> packages.contains(normalized)
+    NotificationPackageFilterMode.Blocklist -> !packages.contains(normalized)
+  }
+}
+
+internal fun NotificationForwardingPolicy.isWithinQuietHours(
+  nowEpochMs: Long,
+  zoneId: ZoneId = ZoneId.systemDefault(),
+): Boolean {
+  if (!quietHoursEnabled) {
+    return false
+  }
+  val startMinutes = parseLocalHourMinute(quietStart) ?: return false
+  val endMinutes = parseLocalHourMinute(quietEnd) ?: return false
+  if (startMinutes == endMinutes) {
+    return true
+  }
+  val now =
+    Instant.ofEpochMilli(nowEpochMs)
+      .atZone(zoneId)
+      .toLocalTime()
+  val nowMinutes = now.hour * 60 + now.minute
+  return if (startMinutes < endMinutes) {
+    nowMinutes in startMinutes until endMinutes
+  } else {
+    nowMinutes >= startMinutes || nowMinutes < endMinutes
+  }
+}
+
+private val localHourMinuteRegex = Regex("""^([01]\d|2[0-3]):([0-5]\d)$""")
+
+internal fun normalizeLocalHourMinute(raw: String): String? {
+  val trimmed = raw.trim()
+  val match = localHourMinuteRegex.matchEntire(trimmed) ?: return null
+  return "${match.groupValues[1]}:${match.groupValues[2]}"
+}
+
+internal fun parseLocalHourMinute(raw: String): Int? {
+  val normalized = normalizeLocalHourMinute(raw) ?: return null
+  val parts = normalized.split(':')
+  val hour = parts[0].toInt()
+  val minute = parts[1].toInt()
+  return hour * 60 + minute
+}
+
+internal class NotificationBurstLimiter {
+  private val lock = Any()
+  private var windowStartMs: Long = -1L
+  private var eventsInWindow: Int = 0
+
+  fun allow(nowEpochMs: Long, maxEventsPerMinute: Int): Boolean {
+    if (maxEventsPerMinute <= 0) {
+      return false
+    }
+    val currentWindow = nowEpochMs - (nowEpochMs % 60_000L)
+    synchronized(lock) {
+      if (currentWindow != windowStartMs) {
+        windowStartMs = currentWindow
+        eventsInWindow = 0
+      }
+      if (eventsInWindow >= maxEventsPerMinute) {
+        return false
+      }
+      eventsInWindow += 1
+      return true
+    }
+  }
+}

apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt

@@ -185,7 +185,16 @@ class PermissionRequester(private val activity: ComponentActivity) {
     when (permission) {
       Manifest.permission.CAMERA -> "Camera"
       Manifest.permission.RECORD_AUDIO -> "Microphone"
-      Manifest.permission.SEND_SMS -> "SMS"
+      Manifest.permission.SEND_SMS -> "Send SMS"
+      Manifest.permission.READ_SMS -> "Read SMS"
+      Manifest.permission.READ_CONTACTS -> "Read Contacts"
+      Manifest.permission.WRITE_CONTACTS -> "Write Contacts"
+      Manifest.permission.READ_CALENDAR -> "Read Calendar"
+      Manifest.permission.WRITE_CALENDAR -> "Write Calendar"
+      Manifest.permission.READ_CALL_LOG -> "Read Call Log"
+      Manifest.permission.ACTIVITY_RECOGNITION -> "Motion Activity"
+      Manifest.permission.READ_MEDIA_IMAGES -> "Photos"
+      Manifest.permission.READ_EXTERNAL_STORAGE -> "Photos"
       else -> permission
     }
 }

apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt

@@ -26,6 +26,17 @@ class SecurePrefs(
     private const val voiceWakeModeKey = "voiceWake.mode"
     private const val plainPrefsName = "openclaw.node"
     private const val securePrefsName = "openclaw.node.secure"
+    private const val notificationsForwardingEnabledKey = "notifications.forwarding.enabled"
+    private const val defaultNotificationForwardingEnabled = false
+    private const val notificationsForwardingModeKey = "notifications.forwarding.mode"
+    private const val notificationsForwardingPackagesKey = "notifications.forwarding.packages"
+    private const val notificationsForwardingQuietHoursEnabledKey =
+      "notifications.forwarding.quietHoursEnabled"
+    private const val notificationsForwardingQuietStartKey = "notifications.forwarding.quietStart"
+    private const val notificationsForwardingQuietEndKey = "notifications.forwarding.quietEnd"
+    private const val notificationsForwardingMaxEventsPerMinuteKey =
+      "notifications.forwarding.maxEventsPerMinute"
+    private const val notificationsForwardingSessionKeyKey = "notifications.forwarding.sessionKey"
   }
 
   private val appContext = context.applicationContext
@@ -96,6 +107,55 @@ class SecurePrefs(
     MutableStateFlow(plainPrefs.getBoolean("canvas.debugStatusEnabled", false))
   val canvasDebugStatusEnabled: StateFlow<Boolean> = _canvasDebugStatusEnabled
 
+  private val _notificationForwardingEnabled =
+    MutableStateFlow(plainPrefs.getBoolean(notificationsForwardingEnabledKey, defaultNotificationForwardingEnabled))
+  val notificationForwardingEnabled: StateFlow<Boolean> = _notificationForwardingEnabled
+
+  private val _notificationForwardingMode =
+    MutableStateFlow(
+      NotificationPackageFilterMode.fromRawValue(
+        plainPrefs.getString(notificationsForwardingModeKey, null),
+      ),
+    )
+  val notificationForwardingMode: StateFlow<NotificationPackageFilterMode> = _notificationForwardingMode
+
+  private val _notificationForwardingPackages = MutableStateFlow(loadNotificationForwardingPackages())
+  val notificationForwardingPackages: StateFlow<Set<String>> = _notificationForwardingPackages
+
+  private val storedQuietStart =
+    normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty())
+      ?: "22:00"
+  private val storedQuietEnd =
+    normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty())
+      ?: "07:00"
+  private val storedQuietHoursEnabled =
+    plainPrefs.getBoolean(notificationsForwardingQuietHoursEnabledKey, false) &&
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty()) != null &&
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty()) != null
+
+  private val _notificationForwardingQuietHoursEnabled =
+    MutableStateFlow(storedQuietHoursEnabled)
+  val notificationForwardingQuietHoursEnabled: StateFlow<Boolean> = _notificationForwardingQuietHoursEnabled
+
+  private val _notificationForwardingQuietStart = MutableStateFlow(storedQuietStart)
+  val notificationForwardingQuietStart: StateFlow<String> = _notificationForwardingQuietStart
+
+  private val _notificationForwardingQuietEnd = MutableStateFlow(storedQuietEnd)
+  val notificationForwardingQuietEnd: StateFlow<String> = _notificationForwardingQuietEnd
+
+  private val _notificationForwardingMaxEventsPerMinute =
+    MutableStateFlow(plainPrefs.getInt(notificationsForwardingMaxEventsPerMinuteKey, 20).coerceAtLeast(1))
+  val notificationForwardingMaxEventsPerMinute: StateFlow<Int> = _notificationForwardingMaxEventsPerMinute
+
+  private val _notificationForwardingSessionKey =
+    MutableStateFlow(
+      plainPrefs
+        .getString(notificationsForwardingSessionKeyKey, "")
+        ?.trim()
+        ?.takeIf { it.isNotEmpty() },
+    )
+  val notificationForwardingSessionKey: StateFlow<String?> = _notificationForwardingSessionKey
+
   private val _wakeWords = MutableStateFlow(loadWakeWords())
   val wakeWords: StateFlow<List<String>> = _wakeWords
 
@@ -185,6 +245,114 @@ class SecurePrefs(
     _canvasDebugStatusEnabled.value = value
   }
 
+  internal fun getNotificationForwardingPolicy(appPackageName: String): NotificationForwardingPolicy {
+    val modeRaw = plainPrefs.getString(notificationsForwardingModeKey, null)
+    val mode = NotificationPackageFilterMode.fromRawValue(modeRaw)
+
+    val configuredPackages = loadNotificationForwardingPackages()
+    val normalizedAppPackage = appPackageName.trim()
+    val defaultBlockedPackages =
+      if (normalizedAppPackage.isNotEmpty()) setOf(normalizedAppPackage) else emptySet()
+
+    val packages =
+      when (mode) {
+        NotificationPackageFilterMode.Allowlist -> configuredPackages
+        NotificationPackageFilterMode.Blocklist -> configuredPackages + defaultBlockedPackages
+      }
+
+    val maxEvents = plainPrefs.getInt(notificationsForwardingMaxEventsPerMinuteKey, 20)
+    val quietStart =
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty())
+        ?: "22:00"
+    val quietEnd =
+      normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty())
+        ?: "07:00"
+    val sessionKey =
+      plainPrefs
+        .getString(notificationsForwardingSessionKeyKey, "")
+        ?.trim()
+        ?.takeIf { it.isNotEmpty() }
+
+    val quietHoursEnabled =
+      plainPrefs.getBoolean(notificationsForwardingQuietHoursEnabledKey, false) &&
+        normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietStartKey, "22:00").orEmpty()) != null &&
+        normalizeLocalHourMinute(plainPrefs.getString(notificationsForwardingQuietEndKey, "07:00").orEmpty()) != null
+
+    return NotificationForwardingPolicy(
+      enabled = plainPrefs.getBoolean(notificationsForwardingEnabledKey, defaultNotificationForwardingEnabled),
+      mode = mode,
+      packages = packages,
+      quietHoursEnabled = quietHoursEnabled,
+      quietStart = quietStart,
+      quietEnd = quietEnd,
+      maxEventsPerMinute = maxEvents.coerceAtLeast(1),
+      sessionKey = sessionKey,
+    )
+  }
+
+  internal fun setNotificationForwardingEnabled(value: Boolean) {
+    plainPrefs.edit { putBoolean(notificationsForwardingEnabledKey, value) }
+    _notificationForwardingEnabled.value = value
+  }
+
+  internal fun setNotificationForwardingMode(mode: NotificationPackageFilterMode) {
+    plainPrefs.edit { putString(notificationsForwardingModeKey, mode.rawValue) }
+    _notificationForwardingMode.value = mode
+  }
+
+  internal fun setNotificationForwardingPackages(packages: List<String>) {
+    val sanitized =
+      packages
+        .asSequence()
+        .map { it.trim() }
+        .filter { it.isNotEmpty() }
+        .toSet()
+        .toList()
+        .sorted()
+    val encoded = JsonArray(sanitized.map { JsonPrimitive(it) }).toString()
+    plainPrefs.edit { putString(notificationsForwardingPackagesKey, encoded) }
+    _notificationForwardingPackages.value = sanitized.toSet()
+  }
+
+  internal fun setNotificationForwardingQuietHours(
+    enabled: Boolean,
+    start: String,
+    end: String,
+  ): Boolean {
+    if (!enabled) {
+      plainPrefs.edit { putBoolean(notificationsForwardingQuietHoursEnabledKey, false) }
+      _notificationForwardingQuietHoursEnabled.value = false
+      return true
+    }
+    val normalizedStart = normalizeLocalHourMinute(start) ?: return false
+    val normalizedEnd = normalizeLocalHourMinute(end) ?: return false
+    plainPrefs.edit {
+      putBoolean(notificationsForwardingQuietHoursEnabledKey, enabled)
+      putString(notificationsForwardingQuietStartKey, normalizedStart)
+      putString(notificationsForwardingQuietEndKey, normalizedEnd)
+    }
+    _notificationForwardingQuietHoursEnabled.value = enabled
+    _notificationForwardingQuietStart.value = normalizedStart
+    _notificationForwardingQuietEnd.value = normalizedEnd
+    return true
+  }
+
+  internal fun setNotificationForwardingMaxEventsPerMinute(value: Int) {
+    val normalized = value.coerceAtLeast(1)
+    plainPrefs.edit {
+      putInt(notificationsForwardingMaxEventsPerMinuteKey, normalized)
+    }
+    _notificationForwardingMaxEventsPerMinute.value = normalized
+  }
+
+  internal fun setNotificationForwardingSessionKey(value: String?) {
+    val normalized = value?.trim()?.takeIf { it.isNotEmpty() }
+    plainPrefs.edit {
+      putString(notificationsForwardingSessionKeyKey, normalized.orEmpty())
+    }
+    _notificationForwardingSessionKey.value = normalized
+  }
+
   fun loadGatewayToken(): String? {
     val manual =
       _gatewayToken.value.trim().ifEmpty {
@@ -308,6 +476,28 @@ class SecurePrefs(
     _speakerEnabled.value = value
   }
 
+  private fun loadNotificationForwardingPackages(): Set<String> {
+    val raw = plainPrefs.getString(notificationsForwardingPackagesKey, null)?.trim()
+    if (raw.isNullOrEmpty()) {
+      return emptySet()
+    }
+    return try {
+      val element = json.parseToJsonElement(raw)
+      val array = element as? JsonArray ?: return emptySet()
+      array
+        .mapNotNull { item ->
+          when (item) {
+            is JsonNull -> null
+            is JsonPrimitive -> item.content.trim().takeIf { it.isNotEmpty() }
+            else -> null
+          }
+        }
+        .toSet()
+    } catch (_: Throwable) {
+      emptySet()
+    }
+  }
+
   private fun loadVoiceWakeMode(): VoiceWakeMode {
     val raw = plainPrefs.getString(voiceWakeModeKey, null)
     val resolved = VoiceWakeMode.fromRawValue(raw)

apps/android/app/src/main/java/ai/openclaw/app/SessionKey.kt

@@ -11,3 +11,14 @@ internal fun isCanonicalMainSessionKey(raw: String?): Boolean {
   if (trimmed == "global") return true
   return trimmed.startsWith("agent:")
 }
+
+internal fun resolveAgentIdFromMainSessionKey(raw: String?): String? {
+  val trimmed = raw?.trim().orEmpty()
+  if (!trimmed.startsWith("agent:")) return null
+  return trimmed.removePrefix("agent:").substringBefore(':').trim().ifEmpty { null }
+}
+
+internal fun buildNodeMainSessionKey(deviceId: String, agentId: String?): String {
+  val resolvedAgentId = agentId?.trim().orEmpty().ifEmpty { "main" }
+  return "agent:$resolvedAgentId:node-${deviceId.take(12)}"
+}

apps/android/app/src/main/java/ai/openclaw/app/chat/ChatController.kt

@@ -24,6 +24,7 @@ class ChatController(
   private val json: Json,
   private val supportsChatSubscribe: Boolean,
 ) {
+  private var appliedMainSessionKey = "main"
   private val _sessionKey = MutableStateFlow("main")
   val sessionKey: StateFlow<String> = _sessionKey.asStateFlow()
 
@@ -73,7 +74,7 @@ class ChatController(
   }
 
   fun load(sessionKey: String) {
-    val key = sessionKey.trim().ifEmpty { "main" }
+    val key = normalizeRequestedSessionKey(sessionKey)
     _sessionKey.value = key
     scope.launch { bootstrap(forceHealth = true, refreshSessions = true) }
   }
@@ -81,9 +82,15 @@ class ChatController(
   fun applyMainSessionKey(mainSessionKey: String) {
     val trimmed = mainSessionKey.trim()
     if (trimmed.isEmpty()) return
-    if (_sessionKey.value == trimmed) return
-    if (_sessionKey.value != "main") return
-    _sessionKey.value = trimmed
+    val nextState =
+      applyMainSessionKey(
+        currentSessionKey = normalizeRequestedSessionKey(_sessionKey.value),
+        appliedMainSessionKey = appliedMainSessionKey,
+        nextMainSessionKey = trimmed,
+      )
+    appliedMainSessionKey = nextState.appliedMainSessionKey
+    if (_sessionKey.value == nextState.currentSessionKey) return
+    _sessionKey.value = nextState.currentSessionKey
     scope.launch { bootstrap(forceHealth = true, refreshSessions = true) }
   }
 
@@ -102,7 +109,7 @@ class ChatController(
   }
 
   fun switchSession(sessionKey: String) {
-    val key = sessionKey.trim()
+    val key = normalizeRequestedSessionKey(sessionKey)
     if (key.isEmpty()) return
     if (key == _sessionKey.value) return
     _sessionKey.value = key
@@ -111,6 +118,13 @@ class ChatController(
     scope.launch { bootstrap(forceHealth = true, refreshSessions = false) }
   }
 
+  private fun normalizeRequestedSessionKey(sessionKey: String): String {
+    val key = sessionKey.trim()
+    if (key.isEmpty()) return appliedMainSessionKey
+    if (key == "main" && appliedMainSessionKey != "main") return appliedMainSessionKey
+    return key
+  }
+
   fun sendMessage(
     message: String,
     thinkingLevel: String,
@@ -532,6 +546,28 @@ class ChatController(
   }
 }
 
+internal data class MainSessionState(
+  val currentSessionKey: String,
+  val appliedMainSessionKey: String,
+)
+
+internal fun applyMainSessionKey(
+  currentSessionKey: String,
+  appliedMainSessionKey: String,
+  nextMainSessionKey: String,
+): MainSessionState {
+  if (currentSessionKey == appliedMainSessionKey) {
+    return MainSessionState(
+      currentSessionKey = nextMainSessionKey,
+      appliedMainSessionKey = nextMainSessionKey,
+    )
+  }
+  return MainSessionState(
+    currentSessionKey = currentSessionKey,
+    appliedMainSessionKey = nextMainSessionKey,
+  )
+}
+
 internal fun reconcileMessageIds(previous: List<ChatMessage>, incoming: List<ChatMessage>): List<ChatMessage> {
   if (previous.isEmpty() || incoming.isEmpty()) return incoming
 

apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt

@@ -181,17 +181,10 @@ class GatewaySession(
 
   suspend fun sendNodeEvent(event: String, payloadJson: String?): Boolean {
     val conn = currentConnection ?: return false
-    val parsedPayload = payloadJson?.let { parseJsonOrNull(it) }
     val params =
       buildJsonObject {
         put("event", JsonPrimitive(event))
-        if (parsedPayload != null) {
-          put("payload", parsedPayload)
-        } else if (payloadJson != null) {
-          put("payloadJSON", JsonPrimitive(payloadJson))
-        } else {
-          put("payloadJSON", JsonNull)
-        }
+        put("payloadJSON", JsonPrimitive(payloadJson ?: "{}"))
       }
     try {
       conn.request("node.event", params, timeoutMs = 8_000)

apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt

@@ -19,6 +19,7 @@ class ConnectionManager(
   private val motionPedometerAvailable: () -> Boolean,
   private val sendSmsAvailable: () -> Boolean,
   private val readSmsAvailable: () -> Boolean,
+  private val smsSearchPossible: () -> Boolean,
   private val callLogAvailable: () -> Boolean,
   private val hasRecordAudioPermission: () -> Boolean,
   private val manualTls: () -> Boolean,
@@ -82,6 +83,7 @@ class ConnectionManager(
       locationEnabled = locationMode() != LocationMode.Off,
       sendSmsAvailable = sendSmsAvailable(),
       readSmsAvailable = readSmsAvailable(),
+      smsSearchPossible = smsSearchPossible(),
       callLogAvailable = callLogAvailable(),
       voiceWakeEnabled = voiceWakeMode() != VoiceWakeMode.Off && hasRecordAudioPermission(),
       motionActivityAvailable = motionActivityAvailable(),

apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt

@@ -1,5 +1,6 @@
 package ai.openclaw.app.node
 
+import ai.openclaw.app.BuildConfig
 import android.Manifest
 import android.app.ActivityManager
 import android.content.Context
@@ -15,9 +16,9 @@ import android.os.PowerManager
 import android.os.StatFs
 import android.os.SystemClock
 import androidx.core.content.ContextCompat
-import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.gateway.GatewaySession
 import java.util.Locale
+import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonArray
 import kotlinx.serialization.json.buildJsonObject
@@ -28,6 +29,25 @@ class DeviceHandler(
   private val smsEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_SMS,
   private val callLogEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_CALL_LOG,
 ) {
+  companion object {
+    internal fun hasAnySmsCapability(
+      smsEnabled: Boolean,
+      telephonyAvailable: Boolean,
+      smsSendGranted: Boolean,
+      smsReadGranted: Boolean,
+    ): Boolean {
+      return smsEnabled && telephonyAvailable && (smsSendGranted || smsReadGranted)
+    }
+
+    internal fun isSmsPromptable(
+      smsEnabled: Boolean,
+      telephonyAvailable: Boolean,
+      smsSendGranted: Boolean,
+      smsReadGranted: Boolean,
+    ): Boolean {
+      return smsEnabled && telephonyAvailable && (!smsSendGranted || !smsReadGranted)
+    }
+  }
   private data class BatterySnapshot(
     val status: Int,
     val plugged: Int,
@@ -131,6 +151,8 @@ class DeviceHandler(
 
   private fun permissionsPayloadJson(): String {
     val canSendSms = appContext.packageManager.hasSystemFeature(PackageManager.FEATURE_TELEPHONY)
+    val smsSendGranted = hasPermission(Manifest.permission.SEND_SMS)
+    val smsReadGranted = hasPermission(Manifest.permission.READ_SMS)
     val notificationAccess = DeviceNotificationListenerService.isAccessEnabled(appContext)
     val photosGranted =
       if (Build.VERSION.SDK_INT >= 33) {
@@ -174,10 +196,34 @@ class DeviceHandler(
           )
           put(
             "sms",
-            permissionStateJson(
-              granted = smsEnabled && hasPermission(Manifest.permission.SEND_SMS) && canSendSms,
-              promptableWhenDenied = smsEnabled && canSendSms,
-            ),
+            buildJsonObject {
+              put(
+                "status",
+                JsonPrimitive(
+                  if (hasAnySmsCapability(smsEnabled, canSendSms, smsSendGranted, smsReadGranted)) "granted" else "denied",
+                ),
+              )
+              put("promptable", JsonPrimitive(isSmsPromptable(smsEnabled, canSendSms, smsSendGranted, smsReadGranted)))
+              put(
+                "capabilities",
+                buildJsonObject {
+                  put(
+                    "send",
+                    permissionStateJson(
+                      granted = smsEnabled && smsSendGranted && canSendSms,
+                      promptableWhenDenied = smsEnabled && canSendSms,
+                    ),
+                  )
+                  put(
+                    "read",
+                    permissionStateJson(
+                      granted = smsEnabled && smsReadGranted && canSendSms,
+                      promptableWhenDenied = smsEnabled && canSendSms,
+                    ),
+                  )
+                },
+              )
+            },
           )
           put(
             "notificationListener",

apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt

@@ -8,6 +8,10 @@ import android.content.Context
 import android.content.Intent
 import android.service.notification.NotificationListenerService
 import android.service.notification.StatusBarNotification
+import ai.openclaw.app.NotificationBurstLimiter
+import ai.openclaw.app.SecurePrefs
+import ai.openclaw.app.allowsPackage
+import ai.openclaw.app.isWithinQuietHours
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonObject
@@ -126,6 +130,9 @@ private object DeviceNotificationStore {
 }
 
 class DeviceNotificationListenerService : NotificationListenerService() {
+  private val securePrefs by lazy { SecurePrefs(applicationContext) }
+  private val forwardingLimiter = NotificationBurstLimiter()
+
   override fun onListenerConnected() {
     super.onListenerConnected()
     activeService = this
@@ -152,24 +159,12 @@ class DeviceNotificationListenerService : NotificationListenerService() {
     super.onNotificationPosted(sbn)
     val entry = sbn?.toEntry() ?: return
     DeviceNotificationStore.upsert(entry)
+    rememberRecentPackage(entry.packageName)
     if (entry.packageName == packageName) {
       return
     }
-    emitNotificationsChanged(
-      buildJsonObject {
-        put("change", JsonPrimitive("posted"))
-        put("key", JsonPrimitive(entry.key))
-        put("packageName", JsonPrimitive(entry.packageName))
-        put("postTimeMs", JsonPrimitive(entry.postTimeMs))
-        put("isOngoing", JsonPrimitive(entry.isOngoing))
-        put("isClearable", JsonPrimitive(entry.isClearable))
-        entry.title?.let { put("title", JsonPrimitive(it)) }
-        entry.text?.let { put("text", JsonPrimitive(it)) }
-        entry.subText?.let { put("subText", JsonPrimitive(it)) }
-        entry.category?.let { put("category", JsonPrimitive(it)) }
-        entry.channelId?.let { put("channelId", JsonPrimitive(it)) }
-      }.toString(),
-    )
+    val payload = notificationChangedPayload(entry) ?: return
+    emitNotificationsChanged(payload)
   }
 
   override fun onNotificationRemoved(sbn: StatusBarNotification?) {
@@ -180,21 +175,79 @@ class DeviceNotificationListenerService : NotificationListenerService() {
       return
     }
     DeviceNotificationStore.remove(key)
+    rememberRecentPackage(removed.packageName)
     if (removed.packageName == packageName) {
       return
     }
-    emitNotificationsChanged(
-      buildJsonObject {
-        put("change", JsonPrimitive("removed"))
-        put("key", JsonPrimitive(key))
-        val packageName = removed.packageName.trim()
-        if (packageName.isNotEmpty()) {
-          put("packageName", JsonPrimitive(packageName))
-        }
-      }.toString(),
+    val packageName = removed.packageName.trim()
+    val payload =
+      notificationChangedPayload(
+        entry = null,
+        change = "removed",
+        key = key,
+        packageName = packageName,
+        postTimeMs = removed.postTime,
+        isOngoing = removed.isOngoing,
+        isClearable = removed.isClearable,
+      ) ?: return
+    emitNotificationsChanged(payload)
+  }
+
+  private fun notificationChangedPayload(entry: DeviceNotificationEntry): String? {
+    return notificationChangedPayload(
+      entry = entry,
+      change = "posted",
+      key = entry.key,
+      packageName = entry.packageName,
+      postTimeMs = entry.postTimeMs,
+      isOngoing = entry.isOngoing,
+      isClearable = entry.isClearable,
     )
   }
 
+  private fun notificationChangedPayload(
+    entry: DeviceNotificationEntry?,
+    change: String,
+    key: String,
+    packageName: String,
+    postTimeMs: Long,
+    isOngoing: Boolean,
+    isClearable: Boolean,
+  ): String? {
+    val normalizedPackage = packageName.trim()
+    if (normalizedPackage.isEmpty()) {
+      return null
+    }
+    val policy = securePrefs.getNotificationForwardingPolicy(appPackageName = this.packageName)
+    if (!policy.enabled) {
+      return null
+    }
+    if (!policy.allowsPackage(normalizedPackage)) {
+      return null
+    }
+    val nowEpochMs = System.currentTimeMillis()
+    if (policy.isWithinQuietHours(nowEpochMs = nowEpochMs)) {
+      return null
+    }
+    if (!forwardingLimiter.allow(nowEpochMs, policy.maxEventsPerMinute)) {
+      return null
+    }
+    return buildJsonObject {
+      put("change", JsonPrimitive(change))
+      put("key", JsonPrimitive(key))
+      put("packageName", JsonPrimitive(normalizedPackage))
+      put("postTimeMs", JsonPrimitive(postTimeMs))
+      put("isOngoing", JsonPrimitive(isOngoing))
+      put("isClearable", JsonPrimitive(isClearable))
+      policy.sessionKey?.let { put("sessionKey", JsonPrimitive(it)) }
+      entry?.title?.let { put("title", JsonPrimitive(it)) }
+      entry?.text?.let { put("text", JsonPrimitive(it)) }
+      entry?.subText?.let { put("subText", JsonPrimitive(it)) }
+      entry?.category?.let { put("category", JsonPrimitive(it)) }
+      entry?.channelId?.let { put("channelId", JsonPrimitive(it)) }
+    }.toString()
+  }
+
   private fun refreshActiveNotifications() {
     val entries =
       runCatching {
@@ -228,6 +281,9 @@ class DeviceNotificationListenerService : NotificationListenerService() {
   }
 
   companion object {
+    private const val recentPackagesPref = "notifications.forwarding.recentPackages"
+    private const val legacyRecentPackagesPref = "notifications.recentPackages"
+    private const val recentPackagesLimit = 64
     @Volatile private var activeService: DeviceNotificationListenerService? = null
     @Volatile private var nodeEventSink: ((event: String, payloadJson: String?) -> Unit)? = null
 
@@ -239,6 +295,31 @@ class DeviceNotificationListenerService : NotificationListenerService() {
       nodeEventSink = sink
     }
 
+    private fun recentPackagesPrefs(context: Context) =
+      context.applicationContext.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+
+    private fun migrateLegacyRecentPackagesIfNeeded(context: Context) {
+      val prefs = recentPackagesPrefs(context)
+      val hasNew = prefs.contains(recentPackagesPref)
+      val legacy = prefs.getString(legacyRecentPackagesPref, null)?.trim().orEmpty()
+      if (!hasNew && legacy.isNotEmpty()) {
+        prefs.edit().putString(recentPackagesPref, legacy).remove(legacyRecentPackagesPref).apply()
+      } else if (hasNew && prefs.contains(legacyRecentPackagesPref)) {
+        prefs.edit().remove(legacyRecentPackagesPref).apply()
+      }
+    }
+
+    fun recentPackages(context: Context): List<String> {
+      migrateLegacyRecentPackagesIfNeeded(context)
+      val prefs = recentPackagesPrefs(context)
+      val stored = prefs.getString(recentPackagesPref, null).orEmpty()
+      return stored
+        .split(',')
+        .map { it.trim() }
+        .filter { it.isNotEmpty() }
+        .distinct()
+    }
+
     fun isAccessEnabled(context: Context): Boolean {
       val manager = context.getSystemService(NotificationManager::class.java) ?: return false
       return manager.isNotificationListenerAccessGranted(serviceComponent(context))
@@ -276,6 +357,21 @@ class DeviceNotificationListenerService : NotificationListenerService() {
         nodeEventSink?.invoke(NOTIFICATIONS_CHANGED_EVENT, payloadJson)
       }
     }
+
+    private fun rememberRecentPackage(packageName: String?) {
+      val service = activeService ?: return
+      val normalized = packageName?.trim().orEmpty()
+      if (normalized.isEmpty() || normalized == service.packageName) return
+      migrateLegacyRecentPackagesIfNeeded(service.applicationContext)
+      val prefs = recentPackagesPrefs(service.applicationContext)
+      val existing = prefs.getString(recentPackagesPref, null).orEmpty()
+        .split(',')
+        .map { it.trim() }
+        .filter { it.isNotEmpty() && it != normalized }
+        .take(recentPackagesLimit - 1)
+      val updated = listOf(normalized) + existing
+      prefs.edit().putString(recentPackagesPref, updated.joinToString(",")).apply()
+    }
   }
 
   private fun executeActionInternal(request: NotificationActionRequest): NotificationActionResult {

apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt

@@ -20,6 +20,7 @@ data class NodeRuntimeFlags(
   val locationEnabled: Boolean,
   val sendSmsAvailable: Boolean,
   val readSmsAvailable: Boolean,
+  val smsSearchPossible: Boolean,
   val callLogAvailable: Boolean,
   val voiceWakeEnabled: Boolean,
   val motionActivityAvailable: Boolean,
@@ -33,6 +34,7 @@ enum class InvokeCommandAvailability {
   LocationEnabled,
   SendSmsAvailable,
   ReadSmsAvailable,
+  RequestableSmsSearchAvailable,
   CallLogAvailable,
   MotionActivityAvailable,
   MotionPedometerAvailable,
@@ -199,7 +201,7 @@ object InvokeCommandRegistry {
       ),
       InvokeCommandSpec(
         name = OpenClawSmsCommand.Search.rawValue,
-        availability = InvokeCommandAvailability.ReadSmsAvailable,
+        availability = InvokeCommandAvailability.RequestableSmsSearchAvailable,
       ),
       InvokeCommandSpec(
         name = OpenClawCallLogCommand.Search.rawValue,
@@ -244,6 +246,7 @@ object InvokeCommandRegistry {
           InvokeCommandAvailability.LocationEnabled -> flags.locationEnabled
           InvokeCommandAvailability.SendSmsAvailable -> flags.sendSmsAvailable
           InvokeCommandAvailability.ReadSmsAvailable -> flags.readSmsAvailable
+          InvokeCommandAvailability.RequestableSmsSearchAvailable -> flags.smsSearchPossible
           InvokeCommandAvailability.CallLogAvailable -> flags.callLogAvailable
           InvokeCommandAvailability.MotionActivityAvailable -> flags.motionActivityAvailable
           InvokeCommandAvailability.MotionPedometerAvailable -> flags.motionPedometerAvailable

apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt

@@ -14,6 +14,44 @@ import ai.openclaw.app.protocol.OpenClawNotificationsCommand
 import ai.openclaw.app.protocol.OpenClawSmsCommand
 import ai.openclaw.app.protocol.OpenClawSystemCommand
 
+internal enum class SmsSearchAvailabilityReason {
+  Available,
+  PermissionRequired,
+  Unavailable,
+}
+
+internal fun classifySmsSearchAvailability(
+  readSmsAvailable: Boolean,
+  smsFeatureEnabled: Boolean,
+  smsTelephonyAvailable: Boolean,
+): SmsSearchAvailabilityReason {
+  if (readSmsAvailable) return SmsSearchAvailabilityReason.Available
+  if (!smsFeatureEnabled || !smsTelephonyAvailable) return SmsSearchAvailabilityReason.Unavailable
+  return SmsSearchAvailabilityReason.PermissionRequired
+}
+
+internal fun smsSearchAvailabilityError(
+  readSmsAvailable: Boolean,
+  smsFeatureEnabled: Boolean,
+  smsTelephonyAvailable: Boolean,
+): GatewaySession.InvokeResult? {
+  return when (
+    classifySmsSearchAvailability(
+      readSmsAvailable = readSmsAvailable,
+      smsFeatureEnabled = smsFeatureEnabled,
+      smsTelephonyAvailable = smsTelephonyAvailable,
+    )
+  ) {
+    SmsSearchAvailabilityReason.Available,
+    SmsSearchAvailabilityReason.PermissionRequired -> null
+    SmsSearchAvailabilityReason.Unavailable ->
+      GatewaySession.InvokeResult.error(
+        code = "SMS_UNAVAILABLE",
+        message = "SMS_UNAVAILABLE: SMS not available on this device",
+      )
+  }
+}
+
 class InvokeDispatcher(
   private val canvas: CanvasController,
   private val cameraHandler: CameraHandler,
@@ -34,6 +72,8 @@ class InvokeDispatcher(
   private val locationEnabled: () -> Boolean,
   private val sendSmsAvailable: () -> Boolean,
   private val readSmsAvailable: () -> Boolean,
+  private val smsFeatureEnabled: () -> Boolean,
+  private val smsTelephonyAvailable: () -> Boolean,
   private val callLogAvailable: () -> Boolean,
   private val debugBuild: () -> Boolean,
   private val refreshNodeCanvasCapability: suspend () -> Boolean,
@@ -268,15 +308,13 @@ class InvokeDispatcher(
             message = "SMS_UNAVAILABLE: SMS not available on this device",
           )
         }
-      InvokeCommandAvailability.ReadSmsAvailable ->
-        if (readSmsAvailable()) {
-          null
-        } else {
-          GatewaySession.InvokeResult.error(
-            code = "SMS_UNAVAILABLE",
-            message = "SMS_UNAVAILABLE: SMS not available on this device",
-          )
-        }
+      InvokeCommandAvailability.ReadSmsAvailable,
+      InvokeCommandAvailability.RequestableSmsSearchAvailable ->
+        smsSearchAvailabilityError(
+          readSmsAvailable = readSmsAvailable(),
+          smsFeatureEnabled = smsFeatureEnabled(),
+          smsTelephonyAvailable = smsTelephonyAvailable(),
+        )
       InvokeCommandAvailability.CallLogAvailable ->
         if (callLogAvailable()) {
           null

apps/android/app/src/main/java/ai/openclaw/app/node/SmsHandler.kt

@@ -9,23 +9,28 @@ class SmsHandler(
     val res = sms.send(paramsJson)
     if (res.ok) {
       return GatewaySession.InvokeResult.ok(res.payloadJson)
-    } else {
-      val error = res.error ?: "SMS_SEND_FAILED"
-      val idx = error.indexOf(':')
-      val code = if (idx > 0) error.substring(0, idx).trim() else "SMS_SEND_FAILED"
-      return GatewaySession.InvokeResult.error(code = code, message = error)
     }
+    return errorResult(res.error, defaultCode = "SMS_SEND_FAILED")
   }
 
   suspend fun handleSmsSearch(paramsJson: String?): GatewaySession.InvokeResult {
     val res = sms.search(paramsJson)
     if (res.ok) {
       return GatewaySession.InvokeResult.ok(res.payloadJson)
-    } else {
-      val error = res.error ?: "SMS_SEARCH_FAILED"
-      val idx = error.indexOf(':')
-      val code = if (idx > 0) error.substring(0, idx).trim() else "SMS_SEARCH_FAILED"
-      return GatewaySession.InvokeResult.error(code = code, message = error)
     }
+    return errorResult(res.error, defaultCode = "SMS_SEARCH_FAILED")
+  }
+
+  private fun errorResult(error: String?, defaultCode: String): GatewaySession.InvokeResult {
+    val rawMessage = error ?: defaultCode
+    val idx = rawMessage.indexOf(':')
+    val code = if (idx > 0) rawMessage.substring(0, idx).trim() else defaultCode
+    val message =
+      if (idx > 0 && code == rawMessage.substring(0, idx).trim()) {
+        rawMessage.substring(idx + 1).trim().ifEmpty { rawMessage }
+      } else {
+        rawMessage
+      }
+    return GatewaySession.InvokeResult.error(code = code, message = message)
   }
 }

apps/android/app/src/main/java/ai/openclaw/app/node/SmsManager.kt

@@ -3,21 +3,21 @@ package ai.openclaw.app.node
 import android.Manifest
 import android.content.Context
 import android.content.pm.PackageManager
-import android.database.Cursor
 import android.net.Uri
 import android.provider.ContactsContract
 import android.provider.Telephony
 import android.telephony.SmsManager as AndroidSmsManager
 import androidx.core.content.ContextCompat
+import ai.openclaw.app.PermissionRequester
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.withContext
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonElement
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.jsonObject
-import kotlinx.serialization.Serializable
-import ai.openclaw.app.PermissionRequester
 
 /**
  * Sends SMS messages via the Android SMS API.
@@ -39,7 +39,7 @@ class SmsManager(private val context: Context) {
     )
 
     /**
-     * Represents a single SMS message
+     * Represents a single SMS message.
      */
     @Serializable
     data class SmsMessage(
@@ -53,6 +53,7 @@ class SmsManager(private val context: Context) {
         val type: Int,
         val body: String?,
         val status: Int,
+        val transportType: String? = null,
     )
 
     data class SearchResult(
@@ -62,6 +63,13 @@ class SmsManager(private val context: Context) {
         val payloadJson: String,
     )
 
+    internal data class QueryMetadata(
+        val mmsRequested: Boolean,
+        val mmsEligible: Boolean,
+        val mmsAttempted: Boolean,
+        val mmsIncluded: Boolean,
+    )
+
     internal data class ParsedParams(
         val to: String,
         val message: String,
@@ -84,6 +92,8 @@ class SmsManager(private val context: Context) {
         val keyword: String? = null,
         val type: Int? = null,
         val isRead: Boolean? = null,
+        val includeMms: Boolean = false,
+        val conversationReview: Boolean = false,
         val limit: Int = DEFAULT_SMS_LIMIT,
         val offset: Int = 0,
     )
@@ -100,6 +110,11 @@ class SmsManager(private val context: Context) {
 
     companion object {
         private const val DEFAULT_SMS_LIMIT = 25
+        internal const val MAX_MIXED_BY_PHONE_CANDIDATE_WINDOW = 500
+        private const val MMS_SMS_BY_PHONE_BASE = "content://mms-sms/messages/byphone"
+        private const val MMS_CONTENT_BASE = "content://mms"
+        private const val MMS_PART_URI = "content://mms/part"
+        private val PHONE_FORMATTING_REGEX = Regex("""[\s\-()]""")
         internal val JsonConfig = Json { ignoreUnknownKeys = true }
 
         internal fun parseParams(paramsJson: String?, json: Json = JsonConfig): ParseResult {
@@ -157,31 +172,333 @@ class SmsManager(private val context: Context) {
             val keyword = (obj["keyword"] as? JsonPrimitive)?.content?.trim()
             val type = (obj["type"] as? JsonPrimitive)?.content?.toIntOrNull()
             val isRead = (obj["isRead"] as? JsonPrimitive)?.content?.toBooleanStrictOrNull()
+            val includeMms = (obj["includeMms"] as? JsonPrimitive)?.content?.toBooleanStrictOrNull() ?: false
+            val conversationReview = (obj["conversationReview"] as? JsonPrimitive)?.content?.toBooleanStrictOrNull() ?: false
             val limit = ((obj["limit"] as? JsonPrimitive)?.content?.toIntOrNull() ?: DEFAULT_SMS_LIMIT)
                 .coerceIn(1, 200)
             val offset = ((obj["offset"] as? JsonPrimitive)?.content?.toIntOrNull() ?: 0)
                 .coerceAtLeast(0)
 
-            // Validate time range
             if (startTime != null && endTime != null && startTime > endTime) {
                 return QueryParseResult.Error("INVALID_REQUEST: startTime must be less than or equal to endTime")
             }
 
-            return QueryParseResult.Ok(QueryParams(
-                startTime = startTime,
-                endTime = endTime,
-                contactName = contactName,
-                phoneNumber = phoneNumber,
-                keyword = keyword,
-                type = type,
-                isRead = isRead,
-                limit = limit,
-                offset = offset,
-            ))
+            return QueryParseResult.Ok(
+                QueryParams(
+                    startTime = startTime,
+                    endTime = endTime,
+                    contactName = contactName,
+                    phoneNumber = phoneNumber,
+                    keyword = keyword,
+                    type = type,
+                    isRead = isRead,
+                    includeMms = includeMms,
+                    conversationReview = conversationReview,
+                    limit = limit,
+                    offset = offset,
+                )
+            )
         }
 
         private fun normalizePhoneNumber(phone: String): String {
-            return phone.replace(Regex("""[\s\-()]"""), "")
+            return phone.replace(PHONE_FORMATTING_REGEX, "")
+        }
+
+        internal fun normalizePhoneNumberOrNull(phone: String?): String? {
+            val normalized = phone?.let(::normalizePhoneNumber)?.trim().orEmpty()
+            if (normalized.isEmpty()) {
+                return null
+            }
+            val digits = toByPhoneLookupNumber(normalized)
+            return normalized.takeIf { digits.isNotEmpty() }
+        }
+
+        internal fun sanitizeContactPhoneNumberOrNull(phone: String?): String? {
+            val normalized = normalizePhoneNumberOrNull(phone) ?: return null
+            return normalized.takeUnless(::hasSqlLikeWildcard)
+        }
+
+        internal fun shouldPromptForContactNameSearchPermission(
+            contactName: String?,
+            phoneNumber: String?,
+            hasReadContactsPermission: Boolean,
+        ): Boolean {
+            return !contactName.isNullOrEmpty() && phoneNumber.isNullOrEmpty() && !hasReadContactsPermission
+        }
+
+        internal fun mapMmsMsgBoxToSearchType(msgBox: Int?): Int? {
+            return when (msgBox) {
+                1 -> 1 // inbox
+                2 -> 2 // sent
+                3 -> 3 // draft
+                4 -> 4 // outbox
+                5 -> 5 // failed
+                6 -> 6 // queued
+                else -> null
+            }
+        }
+
+        internal fun escapeSqlLikeLiteral(value: String): String {
+            return buildString(value.length) {
+                for (ch in value) {
+                    when (ch) {
+                        '\\', '%', '_' -> {
+                            append('\\')
+                            append(ch)
+                        }
+                        else -> append(ch)
+                    }
+                }
+            }
+        }
+
+        internal fun buildContactNameLikeSelection(): String {
+            return "${ContactsContract.CommonDataKinds.Phone.DISPLAY_NAME} LIKE ? ESCAPE '\\'"
+        }
+
+        internal fun buildContactNameLikeArg(contactName: String): String {
+            return "%${escapeSqlLikeLiteral(contactName)}%"
+        }
+
+        internal fun buildKeywordLikeSelection(): String {
+            return "${Telephony.Sms.BODY} LIKE ? ESCAPE '\\'"
+        }
+
+        internal fun buildKeywordLikeArg(keyword: String): String {
+            return "%${escapeSqlLikeLiteral(keyword)}%"
+        }
+
+        internal fun buildMixedByPhoneProjection(): Array<String> {
+            return arrayOf(
+                "_id",
+                "thread_id",
+                "transport_type",
+                "address",
+                "date",
+                "date_sent",
+                "read",
+                "type",
+                "body",
+                "status",
+            )
+        }
+
+        internal fun hasSqlLikeWildcard(value: String): Boolean {
+            return value.contains('%') || value.contains('_')
+        }
+
+        internal fun isExplicitPhoneInputInvalid(rawPhone: String?, normalizedPhone: String?): Boolean {
+            if (rawPhone.isNullOrBlank()) {
+                return false
+            }
+            if (normalizedPhone == null) {
+                return true
+            }
+            return hasSqlLikeWildcard(normalizedPhone)
+        }
+
+        internal fun resolveMixedByPhoneRowStatus(transportType: String?, smsStatus: Int?): Int {
+            return if (transportType.equals("mms", ignoreCase = true)) -1 else (smsStatus ?: 0)
+        }
+
+        internal fun resolveMixedByPhoneRowAddress(
+            providerAddress: String?,
+            phoneNumber: String,
+            mmsAddress: String? = null,
+        ): String? {
+            val resolvedMmsAddress = normalizePhoneNumberOrNull(mmsAddress)
+            if (resolvedMmsAddress != null) {
+                return resolvedMmsAddress
+            }
+
+            val resolvedProviderAddress = normalizePhoneNumberOrNull(providerAddress)
+            return resolvedProviderAddress ?: phoneNumber
+        }
+
+        internal fun selectPreferredMmsAddress(
+            addressRows: List<Pair<String?, Int?>>,
+            lookupNumber: String,
+        ): String? {
+            val lookupDigits = toByPhoneLookupNumber(lookupNumber)
+            val normalizedRows = addressRows.mapNotNull { (address, type) ->
+                val normalized = normalizePhoneNumberOrNull(address) ?: return@mapNotNull null
+                val digits = toByPhoneLookupNumber(normalized)
+                if (digits.isBlank()) return@mapNotNull null
+                Triple(normalized, digits, type)
+            }
+
+            fun firstPreferred(vararg types: Int): String? {
+                return normalizedRows.firstOrNull { row ->
+                    (types.isEmpty() || types.contains(row.third ?: -1)) && row.second != lookupDigits
+                }?.first
+            }
+
+            return firstPreferred(137)
+                ?: firstPreferred(151, 130, 129)
+                ?: firstPreferred()
+                ?: normalizedRows.firstOrNull()?.first
+        }
+
+        internal fun shouldUseConversationReviewByPhoneMode(
+            params: QueryParams,
+            resolvedPhoneNumbers: List<String> = emptyList(),
+        ): Boolean {
+            val hasExplicitPhoneNumber = !params.phoneNumber.isNullOrEmpty()
+            val hasSingleResolvedPhoneNumber = resolvedPhoneNumbers.size == 1
+            return params.conversationReview && params.includeMms && (hasExplicitPhoneNumber || hasSingleResolvedPhoneNumber)
+        }
+
+        internal fun effectiveSearchParams(
+            params: QueryParams,
+            resolvedPhoneNumbers: List<String> = emptyList(),
+        ): QueryParams {
+            if (!shouldUseConversationReviewByPhoneMode(params, resolvedPhoneNumbers)) return params
+            val reviewLimit = maxOf(params.limit, 25)
+            return params.copy(limit = reviewLimit)
+        }
+
+        internal fun resolveSearchParams(
+            params: QueryParams,
+            normalizedPhoneNumber: String?,
+            resolvedPhoneNumbers: List<String> = emptyList(),
+        ): QueryParams {
+            val effectivePhoneNumber = normalizedPhoneNumber ?: resolvedPhoneNumbers.singleOrNull()
+            val normalizedParams = params.copy(phoneNumber = effectivePhoneNumber)
+            return effectiveSearchParams(normalizedParams, resolvedPhoneNumbers)
+        }
+
+        internal fun toByPhoneLookupNumber(phone: String): String {
+            return phone.filter { it.isDigit() }
+        }
+
+        internal fun normalizeProviderDateMillis(rawDate: Long): Long {
+            return if (rawDate in 1..99_999_999_999L) rawDate * 1000L else rawDate
+        }
+
+        internal fun canonicalizeMixedPathPhoneFilters(phoneNumbers: List<String>): List<String> {
+            return phoneNumbers
+                .map(::toByPhoneLookupNumber)
+                .filter { it.isNotBlank() }
+                .distinct()
+        }
+
+        internal fun requestedMixedByPhoneCandidateWindow(params: QueryParams): Long {
+            return params.offset.toLong() + params.limit.toLong()
+        }
+
+        internal fun exceedsMixedByPhoneCandidateWindow(
+            params: QueryParams,
+            allPhoneNumbers: List<String>,
+        ): Boolean {
+            return params.includeMms &&
+                allPhoneNumbers.size == 1 &&
+                requestedMixedByPhoneCandidateWindow(params) > MAX_MIXED_BY_PHONE_CANDIDATE_WINDOW
+        }
+
+        internal fun mixedByPhoneWindowError(): String {
+            return "INVALID_REQUEST: includeMms offset+limit exceeds supported window ($MAX_MIXED_BY_PHONE_CANDIDATE_WINDOW)"
+        }
+
+        internal fun isMmsTransportRow(message: SmsMessage): Boolean {
+            return message.transportType.equals("mms", ignoreCase = true)
+        }
+
+        internal fun shouldHydrateMmsByPhoneRow(transportType: String?, body: String?, type: Int): Boolean {
+            return transportType.equals("mms", ignoreCase = true) && (body.isNullOrBlank() || type == 0)
+        }
+
+        internal fun buildQueryMetadata(
+            params: QueryParams,
+            allPhoneNumbers: List<String>,
+            messages: List<SmsMessage>,
+        ): QueryMetadata {
+            val mmsRequested = params.includeMms
+            val mmsEligible = mmsRequested && allPhoneNumbers.size == 1
+            val mmsAttempted = mmsEligible
+            val mmsIncluded = mmsAttempted && messages.any(::isMmsTransportRow)
+            return QueryMetadata(
+                mmsRequested = mmsRequested,
+                mmsEligible = mmsEligible,
+                mmsAttempted = mmsAttempted,
+                mmsIncluded = mmsIncluded,
+            )
+        }
+
+        internal fun compareByPhoneCandidateOrder(left: SmsMessage, right: SmsMessage): Int {
+            return when {
+                left.date != right.date -> right.date.compareTo(left.date)
+                left.id != right.id -> right.id.compareTo(left.id)
+                else -> 0
+            }
+        }
+
+        internal fun buildMixedRowIdentity(rowId: Long, transportType: String?): String {
+            return "${transportType?.ifBlank { "unknown" } ?: "unknown"}:$rowId"
+        }
+
+        internal fun upsertTopDateCandidates(
+            candidates: MutableList<Pair<String, SmsMessage>>,
+            identityKey: String,
+            message: SmsMessage,
+            maxCandidates: Int,
+        ) {
+            if (maxCandidates <= 0) {
+                return
+            }
+
+            candidates.removeAll { existing -> existing.first == identityKey }
+            candidates.add(identityKey to message)
+            candidates.sortWith { left, right -> compareByPhoneCandidateOrder(left.second, right.second) }
+
+            while (candidates.size > maxCandidates) {
+                candidates.removeAt(candidates.lastIndex)
+            }
+        }
+
+        internal fun materializeByPhoneCandidate(
+            candidates: MutableMap<String, SmsMessage>,
+            identityKey: String,
+            message: SmsMessage,
+        ) {
+            candidates[identityKey] = message
+        }
+
+        internal fun collectMixedByPhoneCandidate(
+            topCandidates: MutableList<Pair<String, SmsMessage>>,
+            materializedCandidates: MutableMap<String, SmsMessage>,
+            identityKey: String,
+            message: SmsMessage,
+            maxCandidates: Int,
+            reviewMode: Boolean,
+        ) {
+            if (reviewMode) {
+                materializeByPhoneCandidate(materializedCandidates, identityKey, message)
+            } else {
+                upsertTopDateCandidates(topCandidates, identityKey, message, maxCandidates)
+            }
+        }
+
+        internal fun pageMixedByPhoneCandidates(
+            topCandidates: Collection<Pair<String, SmsMessage>>,
+            materializedCandidates: Map<String, SmsMessage>,
+            params: QueryParams,
+            reviewMode: Boolean,
+        ): List<SmsMessage> {
+            return if (reviewMode) {
+                pageByPhoneCandidates(materializedCandidates.values, params)
+            } else {
+                pageByPhoneCandidates(topCandidates.map { it.second }, params)
+            }
+        }
+
+        internal fun pageByPhoneCandidates(
+            candidates: Collection<SmsMessage>,
+            params: QueryParams,
+        ): List<SmsMessage> {
+            return candidates
+                .sortedWith(::compareByPhoneCandidateOrder)
+                .drop(params.offset)
+                .take(params.limit)
         }
 
         internal fun buildSendPlan(
@@ -214,14 +531,21 @@ class SmsManager(private val context: Context) {
             ok: Boolean,
             messages: List<SmsMessage>,
             error: String? = null,
+            queryMetadata: QueryMetadata? = null,
         ): String {
             val messagesArray = json.encodeToString(messages)
             val messagesElement = json.parseToJsonElement(messagesArray)
             val payload = mutableMapOf<String, JsonElement>(
                 "ok" to JsonPrimitive(ok),
                 "count" to JsonPrimitive(messages.size),
-                "messages" to messagesElement
+                "messages" to messagesElement,
             )
+            queryMetadata?.let {
+                payload["mmsRequested"] = JsonPrimitive(it.mmsRequested)
+                payload["mmsEligible"] = JsonPrimitive(it.mmsEligible)
+                payload["mmsAttempted"] = JsonPrimitive(it.mmsAttempted)
+                payload["mmsIncluded"] = JsonPrimitive(it.mmsIncluded)
+            }
             if (!ok && error != null) {
                 payload["error"] = JsonPrimitive(error)
             }
@@ -254,10 +578,14 @@ class SmsManager(private val context: Context) {
         return hasSmsPermission() && hasTelephonyFeature()
     }
 
-    fun canReadSms(): Boolean {
+    fun canSearchSms(): Boolean {
         return hasReadSmsPermission() && hasTelephonyFeature()
     }
 
+    fun canReadSms(): Boolean {
+        return canSearchSms()
+    }
+
     fun hasTelephonyFeature(): Boolean {
         return context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
     }
@@ -302,19 +630,19 @@ class SmsManager(private val context: Context) {
             val plan = buildSendPlan(params.message) { smsManager.divideMessage(it) }
             if (plan.useMultipart) {
                 smsManager.sendMultipartTextMessage(
-                    params.to,     // destination
-                    null,          // service center (null = default)
-                    ArrayList(plan.parts),    // message parts
-                    null,          // sent intents
-                    null,          // delivery intents
+                    params.to,
+                    null,
+                    ArrayList(plan.parts),
+                    null,
+                    null,
                 )
             } else {
                 smsManager.sendTextMessage(
-                    params.to,     // destination
-                    null,          // service center (null = default)
-                    params.message,// message
-                    null,          // sent intent
-                    null,          // delivery intent
+                    params.to,
+                    null,
+                    params.message,
+                    null,
+                    null,
                 )
             }
 
@@ -334,6 +662,82 @@ class SmsManager(private val context: Context) {
         }
     }
 
+    /**
+     * Search SMS messages with the specified parameters.
+     */
+    suspend fun search(paramsJson: String?): SearchResult = withContext(Dispatchers.IO) {
+        if (!hasTelephonyFeature()) {
+            return@withContext queryError("SMS_UNAVAILABLE: telephony not available")
+        }
+
+        if (!ensureReadSmsPermission()) {
+            return@withContext queryError("SMS_PERMISSION_REQUIRED: grant READ_SMS permission")
+        }
+
+        val parseResult = parseQueryParams(paramsJson, json)
+        if (parseResult is QueryParseResult.Error) {
+            return@withContext queryError(parseResult.error)
+        }
+        val parsedParams = (parseResult as QueryParseResult.Ok).params
+        val normalizedPhoneNumber = normalizePhoneNumberOrNull(parsedParams.phoneNumber)
+        if (isExplicitPhoneInputInvalid(parsedParams.phoneNumber, normalizedPhoneNumber)) {
+            val error =
+                if (!parsedParams.phoneNumber.isNullOrBlank() && normalizedPhoneNumber != null && hasSqlLikeWildcard(normalizedPhoneNumber)) {
+                    "INVALID_REQUEST: phoneNumber must not contain SQL LIKE wildcard characters"
+                } else {
+                    "INVALID_REQUEST: phoneNumber must contain at least one digit"
+                }
+            return@withContext queryError(error)
+        }
+        val normalizedParams = resolveSearchParams(parsedParams, normalizedPhoneNumber)
+
+        return@withContext try {
+            val contactsPermissionGranted = hasReadContactsPermission()
+            val shouldPromptForContactsPermission =
+                shouldPromptForContactNameSearchPermission(
+                    contactName = normalizedParams.contactName,
+                    phoneNumber = normalizedParams.phoneNumber,
+                    hasReadContactsPermission = contactsPermissionGranted,
+                )
+            val phoneNumbers = if (!normalizedParams.contactName.isNullOrEmpty()) {
+                if (contactsPermissionGranted || (shouldPromptForContactsPermission && ensureReadContactsPermission())) {
+                    getPhoneNumbersFromContactName(normalizedParams.contactName)
+                } else if (shouldPromptForContactsPermission) {
+                    return@withContext queryError("CONTACTS_PERMISSION_REQUIRED: grant READ_CONTACTS permission")
+                } else {
+                    emptyList()
+                }
+            } else {
+                emptyList()
+            }
+            val params = resolveSearchParams(parsedParams, normalizedPhoneNumber, phoneNumbers)
+
+            val mixedPathPhoneFilters = if (!params.phoneNumber.isNullOrEmpty()) {
+                canonicalizeMixedPathPhoneFilters(phoneNumbers + params.phoneNumber)
+            } else {
+                canonicalizeMixedPathPhoneFilters(phoneNumbers)
+            }
+
+            if (exceedsMixedByPhoneCandidateWindow(params, mixedPathPhoneFilters)) {
+                val error = mixedByPhoneWindowError()
+                return@withContext queryError(error)
+            }
+
+            if (!params.contactName.isNullOrEmpty() && phoneNumbers.isEmpty() && params.phoneNumber.isNullOrEmpty()) {
+                val queryMetadata = buildQueryMetadata(params, mixedPathPhoneFilters, emptyList())
+                return@withContext queryOk(emptyList(), queryMetadata)
+            }
+
+            val messages = querySmsMessages(params, phoneNumbers)
+            val queryMetadata = buildQueryMetadata(params, mixedPathPhoneFilters, messages)
+            queryOk(messages, queryMetadata)
+        } catch (e: SecurityException) {
+            queryError("SMS_PERMISSION_REQUIRED: ${e.message}")
+        } catch (e: Throwable) {
+            queryError("SMS_QUERY_FAILED: ${e.message ?: "unknown error"}")
+        }
+    }
+
     private suspend fun ensureSmsPermission(): Boolean {
         if (hasSmsPermission()) return true
         val requester = permissionRequester ?: return false
@@ -375,98 +779,31 @@ class SmsManager(private val context: Context) {
         )
     }
 
-    /**
-     * search SMS messages with the specified parameters.
-     *
-     * @param paramsJson JSON with optional fields:
-     *   - startTime (Long): Start time in milliseconds
-     *   - endTime (Long): End time in milliseconds
-     *   - contactName (String): Contact name to search
-     *   - phoneNumber (String): Phone number to search (supports partial matching)
-     *   - keyword (String): Keyword to search in message body
-     *   - type (Int): SMS type (1=Inbox, 2=Sent, 3=Draft, etc.)
-     *   - isRead (Boolean): Read status
-     *   - limit (Int): Number of records to return (default: 25, range: 1-200)
-     *   - offset (Int): Number of records to skip (default: 0)
-     * @return SearchResult containing the list of SMS messages or an error
-     */
-    suspend fun search(paramsJson: String?): SearchResult = withContext(Dispatchers.IO) {
-        if (!hasTelephonyFeature()) {
-            return@withContext SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_UNAVAILABLE: telephony not available",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_UNAVAILABLE: telephony not available")
-            )
-        }
-
-        if (!ensureReadSmsPermission()) {
-            return@withContext SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_PERMISSION_REQUIRED: grant READ_SMS permission",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_PERMISSION_REQUIRED: grant READ_SMS permission")
-            )
-        }
-
-        val parseResult = parseQueryParams(paramsJson, json)
-        if (parseResult is QueryParseResult.Error) {
-            return@withContext SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = parseResult.error,
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = parseResult.error)
-            )
-        }
-        val params = (parseResult as QueryParseResult.Ok).params
-
-        return@withContext try {
-            // Get phone numbers from contact name if provided
-            val phoneNumbers = if (!params.contactName.isNullOrEmpty()) {
-                if (!ensureReadContactsPermission()) {
-                    return@withContext SearchResult(
-                        ok = false,
-                        messages = emptyList(),
-                        error = "CONTACTS_PERMISSION_REQUIRED: grant READ_CONTACTS permission",
-                        payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "CONTACTS_PERMISSION_REQUIRED: grant READ_CONTACTS permission")
-                    )
-                }
-                getPhoneNumbersFromContactName(params.contactName)
-            } else {
-                emptyList()
-            }
-
-            val messages = querySmsMessages(params, phoneNumbers)
-            SearchResult(
-                ok = true,
-                messages = messages,
-                error = null,
-                payloadJson = buildQueryPayloadJson(json, ok = true, messages = messages)
-            )
-        } catch (e: SecurityException) {
-            SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_PERMISSION_REQUIRED: ${e.message}",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_PERMISSION_REQUIRED: ${e.message}")
-            )
-        } catch (e: Throwable) {
-            SearchResult(
-                ok = false,
-                messages = emptyList(),
-                error = "SMS_QUERY_FAILED: ${e.message ?: "unknown error"}",
-                payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = "SMS_QUERY_FAILED: ${e.message ?: "unknown error"}")
-            )
-        }
+    private fun queryOk(
+        messages: List<SmsMessage>,
+        queryMetadata: QueryMetadata? = null,
+    ): SearchResult {
+        return SearchResult(
+            ok = true,
+            messages = messages,
+            error = null,
+            payloadJson = buildQueryPayloadJson(json, ok = true, messages = messages, queryMetadata = queryMetadata),
+        )
+    }
+
+    private fun queryError(error: String): SearchResult {
+        return SearchResult(
+            ok = false,
+            messages = emptyList(),
+            error = error,
+            payloadJson = buildQueryPayloadJson(json, ok = false, messages = emptyList(), error = error),
+        )
     }
 
-    /**
-     * Get all phone numbers associated with a contact name
-     */
     private fun getPhoneNumbersFromContactName(contactName: String): List<String> {
         val phoneNumbers = mutableListOf<String>()
-        val selection = "${ContactsContract.CommonDataKinds.Phone.DISPLAY_NAME} LIKE ?"
-        val selectionArgs = arrayOf("%$contactName%")
+        val selection = buildContactNameLikeSelection()
+        val selectionArgs = arrayOf(buildContactNameLikeArg(contactName))
 
         val cursor = context.contentResolver.query(
             ContactsContract.CommonDataKinds.Phone.CONTENT_URI,
@@ -480,26 +817,19 @@ class SmsManager(private val context: Context) {
             val numberIndex = it.getColumnIndex(ContactsContract.CommonDataKinds.Phone.NUMBER)
             while (it.moveToNext()) {
                 val number = it.getString(numberIndex)
-                if (!number.isNullOrBlank()) {
-                    phoneNumbers.add(normalizePhoneNumber(number))
-                }
+                sanitizeContactPhoneNumberOrNull(number)?.let(phoneNumbers::add)
             }
         }
 
         return phoneNumbers
     }
 
-    /**
-     * Query SMS messages based on the provided parameters
-     */
     private fun querySmsMessages(params: QueryParams, phoneNumbers: List<String>): List<SmsMessage> {
         val messages = mutableListOf<SmsMessage>()
 
-        // Build selection and selectionArgs
         val selections = mutableListOf<String>()
         val selectionArgs = mutableListOf<String>()
 
-        // Time range
         if (params.startTime != null) {
             selections.add("${Telephony.Sms.DATE} >= ?")
             selectionArgs.add(params.startTime.toString())
@@ -509,11 +839,17 @@ class SmsManager(private val context: Context) {
             selectionArgs.add(params.endTime.toString())
         }
 
-        // Phone numbers (from contact name or direct phone number)
         val allPhoneNumbers = if (!params.phoneNumber.isNullOrEmpty()) {
-            phoneNumbers + normalizePhoneNumber(params.phoneNumber)
+            (phoneNumbers + normalizePhoneNumber(params.phoneNumber)).distinct()
         } else {
-            phoneNumbers
+            phoneNumbers.distinct()
+        }
+        val mixedPathPhoneFilters = canonicalizeMixedPathPhoneFilters(allPhoneNumbers)
+
+        // Unified SMS+MMS query path is opt-in to keep sms.search semantics
+        // stable by default. Use includeMms=true for by-phone provider behavior.
+        if (params.includeMms && mixedPathPhoneFilters.size == 1) {
+            return querySmsMmsMessagesByPhone(mixedPathPhoneFilters.first(), params)
         }
 
         if (allPhoneNumbers.isNotEmpty()) {
@@ -526,19 +862,16 @@ class SmsManager(private val context: Context) {
             }
         }
 
-        // Keyword in body
         if (!params.keyword.isNullOrEmpty()) {
-            selections.add("${Telephony.Sms.BODY} LIKE ?")
-            selectionArgs.add("%${params.keyword}%")
+            selections.add(buildKeywordLikeSelection())
+            selectionArgs.add(buildKeywordLikeArg(params.keyword))
         }
 
-        // Type
         if (params.type != null) {
             selections.add("${Telephony.Sms.TYPE} = ?")
             selectionArgs.add(params.type.toString())
         }
 
-        // Read status
         if (params.isRead != null) {
             selections.add("${Telephony.Sms.READ} = ?")
             selectionArgs.add(if (params.isRead) "1" else "0")
@@ -556,7 +889,8 @@ class SmsManager(private val context: Context) {
             null
         }
 
-        // Query SMS with SQL-level LIMIT and OFFSET to avoid loading all matching rows
+        // Android SMS providers still honor LIMIT/OFFSET through sortOrder on this path.
+        // Keep the bounded interpolation here because parseQueryParams already clamps both values.
         val sortOrder = "${Telephony.Sms.DATE} DESC LIMIT ${params.limit} OFFSET ${params.offset}"
         val cursor = context.contentResolver.query(
             Telephony.Sms.CONTENT_URI,
@@ -570,7 +904,7 @@ class SmsManager(private val context: Context) {
                 Telephony.Sms.READ,
                 Telephony.Sms.TYPE,
                 Telephony.Sms.BODY,
-                Telephony.Sms.STATUS
+                Telephony.Sms.STATUS,
             ),
             selection,
             selectionArgsArray,
@@ -601,7 +935,7 @@ class SmsManager(private val context: Context) {
                     read = it.getInt(readIndex) == 1,
                     type = it.getInt(typeIndex),
                     body = it.getString(bodyIndex),
-                    status = it.getInt(statusIndex)
+                    status = it.getInt(statusIndex),
                 )
                 messages.add(message)
                 count++
@@ -610,4 +944,184 @@ class SmsManager(private val context: Context) {
 
         return messages
     }
+
+    private fun querySmsMmsMessagesByPhone(phoneNumber: String, params: QueryParams): List<SmsMessage> {
+        val lookupNumber = toByPhoneLookupNumber(phoneNumber)
+        if (lookupNumber.isBlank()) {
+            return emptyList()
+        }
+
+        val uri = Uri.parse("$MMS_SMS_BY_PHONE_BASE/${Uri.encode(lookupNumber)}")
+        val projection = buildMixedByPhoneProjection()
+
+        val maxCandidates = params.offset + params.limit
+        if (maxCandidates <= 0) {
+            return emptyList()
+        }
+
+        val reviewMode = shouldUseConversationReviewByPhoneMode(params)
+        val topCandidates = mutableListOf<Pair<String, SmsMessage>>()
+        val materializedCandidates = linkedMapOf<String, SmsMessage>()
+        val cursor = context.contentResolver.query(uri, projection, null, null, "date DESC")
+        cursor?.use {
+            val idIndex = it.getColumnIndex("_id")
+            val threadIdIndex = it.getColumnIndex("thread_id")
+            val transportTypeIndex = it.getColumnIndex("transport_type")
+            val addressIndex = it.getColumnIndex("address")
+            val dateIndex = it.getColumnIndex("date")
+            val dateSentIndex = it.getColumnIndex("date_sent")
+            val readIndex = it.getColumnIndex("read")
+            val typeIndex = it.getColumnIndex("type")
+            val bodyIndex = it.getColumnIndex("body")
+            val statusIndex = it.getColumnIndex("status")
+
+            while (it.moveToNext()) {
+                val id = if (idIndex >= 0 && !it.isNull(idIndex)) it.getLong(idIndex) else continue
+                val rawDate = if (dateIndex >= 0 && !it.isNull(dateIndex)) it.getLong(dateIndex) else 0L
+                val dateMs = normalizeProviderDateMillis(rawDate)
+
+                if (params.startTime != null && dateMs < params.startTime) continue
+                if (params.endTime != null && dateMs > params.endTime) continue
+
+                val threadId = if (threadIdIndex >= 0 && !it.isNull(threadIdIndex)) it.getLong(threadIdIndex) else 0L
+                val transportType = if (transportTypeIndex >= 0 && !it.isNull(transportTypeIndex)) it.getString(transportTypeIndex) else null
+                val providerAddress = if (addressIndex >= 0 && !it.isNull(addressIndex)) it.getString(addressIndex) else null
+                val mmsAddress = if (transportType.equals("mms", ignoreCase = true)) getMmsAddress(id, phoneNumber) else null
+                val address = resolveMixedByPhoneRowAddress(providerAddress, phoneNumber, mmsAddress)
+                var read = if (readIndex >= 0 && !it.isNull(readIndex)) it.getInt(readIndex) == 1 else true
+                var type = if (typeIndex >= 0 && !it.isNull(typeIndex)) it.getInt(typeIndex) else 0
+                var body = if (bodyIndex >= 0 && !it.isNull(bodyIndex)) it.getString(bodyIndex) else null
+                val smsStatus = if (statusIndex >= 0 && !it.isNull(statusIndex)) it.getInt(statusIndex) else null
+
+                // Only MMS transport rows are allowed to hydrate from MMS storage.
+                if (shouldHydrateMmsByPhoneRow(transportType, body, type)) {
+                    body = body?.takeIf { msg -> msg.isNotBlank() } ?: getMmsTextBody(id)
+                    val mmsMeta = getMmsMeta(id)
+                    if (type == 0) {
+                        type = mmsMeta.first ?: type
+                    }
+                    if (readIndex < 0 || it.isNull(readIndex)) {
+                        read = mmsMeta.second ?: read
+                    }
+                }
+
+                val dateSentRaw = if (dateSentIndex >= 0 && !it.isNull(dateSentIndex)) it.getLong(dateSentIndex) else 0L
+                val dateSentMs = normalizeProviderDateMillis(dateSentRaw)
+
+                if (!params.keyword.isNullOrEmpty()) {
+                    val keyword = params.keyword
+                    if (body.isNullOrEmpty() || !body.contains(keyword, ignoreCase = true)) {
+                        continue
+                    }
+                }
+                if (params.type != null && type != params.type) continue
+                if (params.isRead != null && read != params.isRead) continue
+
+                val message = SmsMessage(
+                    id = id,
+                    threadId = threadId,
+                    address = address,
+                    person = null,
+                    date = dateMs,
+                    dateSent = dateSentMs,
+                    read = read,
+                    type = type,
+                    body = body,
+                    status = resolveMixedByPhoneRowStatus(transportType, smsStatus),
+                    transportType = transportType,
+                )
+                val identityKey = buildMixedRowIdentity(id, transportType)
+                collectMixedByPhoneCandidate(
+                    topCandidates = topCandidates,
+                    materializedCandidates = materializedCandidates,
+                    identityKey = identityKey,
+                    message = message,
+                    maxCandidates = maxCandidates,
+                    reviewMode = reviewMode,
+                )
+            }
+        }
+
+        return pageMixedByPhoneCandidates(
+            topCandidates = topCandidates,
+            materializedCandidates = materializedCandidates,
+            params = params,
+            reviewMode = reviewMode,
+        )
+    }
+
+    private fun getMmsTextBody(messageId: Long): String? {
+        val cursor = context.contentResolver.query(
+            Uri.parse(MMS_PART_URI),
+            arrayOf("text", "ct"),
+            "mid=?",
+            arrayOf(messageId.toString()),
+            null,
+        )
+
+        cursor?.use {
+            val textIndex = it.getColumnIndex("text")
+            val ctIndex = it.getColumnIndex("ct")
+            while (it.moveToNext()) {
+                val contentType = if (ctIndex >= 0 && !it.isNull(ctIndex)) it.getString(ctIndex) else null
+                if (contentType != null && contentType != "text/plain") continue
+                val text = if (textIndex >= 0 && !it.isNull(textIndex)) it.getString(textIndex) else null
+                if (!text.isNullOrBlank()) return text
+            }
+        }
+
+        return null
+    }
+
+    private fun getMmsMeta(messageId: Long): Pair<Int?, Boolean?> {
+        val cursor = context.contentResolver.query(
+            Uri.parse("$MMS_CONTENT_BASE/$messageId"),
+            arrayOf("msg_box", "read"),
+            null,
+            null,
+            null,
+        )
+
+        cursor?.use {
+            if (it.moveToFirst()) {
+                val msgBoxIndex = it.getColumnIndex("msg_box")
+                val readIndex = it.getColumnIndex("read")
+                val msgBox = if (msgBoxIndex >= 0 && !it.isNull(msgBoxIndex)) it.getInt(msgBoxIndex) else null
+                val mappedType = mapMmsMsgBoxToSearchType(msgBox)
+                val read = if (readIndex >= 0 && !it.isNull(readIndex)) it.getInt(readIndex) == 1 else null
+                return mappedType to read
+            }
+        }
+
+        return null to null
+    }
+
+    private fun getMmsAddress(messageId: Long, phoneNumber: String): String? {
+        val lookupNumber = toByPhoneLookupNumber(phoneNumber)
+        if (lookupNumber.isBlank()) {
+            return null
+        }
+
+        val cursor = context.contentResolver.query(
+            Uri.parse("$MMS_CONTENT_BASE/$messageId/addr"),
+            arrayOf("address", "type"),
+            null,
+            null,
+            null,
+        )
+
+        cursor?.use {
+            val addressIndex = it.getColumnIndex("address")
+            val typeIndex = it.getColumnIndex("type")
+            val addressRows = mutableListOf<Pair<String?, Int?>>()
+            while (it.moveToNext()) {
+                val address = if (addressIndex >= 0 && !it.isNull(addressIndex)) it.getString(addressIndex) else null
+                val type = if (typeIndex >= 0 && !it.isNull(typeIndex)) it.getInt(typeIndex) else null
+                addressRows.add(address to type)
+            }
+            return selectPreferredMmsAddress(addressRows, lookupNumber)
+        }
+
+        return null
+    }
 }

apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt

@@ -1459,8 +1459,8 @@ private fun PermissionsStep(
         subtitle = "Send and search text messages via the gateway",
         checked = enableSms,
         granted =
-          isPermissionGranted(context, Manifest.permission.SEND_SMS) &&
-                  isPermissionGranted(context, Manifest.permission.READ_SMS),
+          isPermissionGranted(context, Manifest.permission.SEND_SMS) ||
+            isPermissionGranted(context, Manifest.permission.READ_SMS),
         onCheckedChange = onSmsChange,
       )
     }

apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt

@@ -34,7 +34,6 @@ import androidx.compose.foundation.lazy.LazyColumn
 import androidx.compose.foundation.lazy.items
 import androidx.compose.foundation.lazy.rememberLazyListState
 import androidx.compose.foundation.shape.RoundedCornerShape
-import androidx.compose.material.icons.Icons
 import androidx.compose.material3.Button
 import androidx.compose.material3.ButtonDefaults
 import androidx.compose.material3.HorizontalDivider
@@ -54,20 +53,23 @@ import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
 import androidx.compose.runtime.setValue
 import androidx.compose.ui.Modifier
-import androidx.compose.ui.draw.alpha
 import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.draw.alpha
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.unit.sp
 import androidx.compose.ui.unit.dp
 import androidx.core.content.ContextCompat
+import androidx.core.net.toUri
 import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.LifecycleEventObserver
 import androidx.lifecycle.compose.LocalLifecycleOwner
 import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.LocationMode
 import ai.openclaw.app.MainViewModel
+import ai.openclaw.app.normalizeLocalHourMinute
+import ai.openclaw.app.NotificationPackageFilterMode
 import ai.openclaw.app.node.DeviceNotificationListenerService
 
 @Composable
@@ -81,6 +83,55 @@ fun SettingsSheet(viewModel: MainViewModel) {
   val locationPreciseEnabled by viewModel.locationPreciseEnabled.collectAsState()
   val preventSleep by viewModel.preventSleep.collectAsState()
   val canvasDebugStatusEnabled by viewModel.canvasDebugStatusEnabled.collectAsState()
+  val notificationForwardingEnabled by viewModel.notificationForwardingEnabled.collectAsState()
+  val notificationForwardingMode by viewModel.notificationForwardingMode.collectAsState()
+  val notificationForwardingPackages by viewModel.notificationForwardingPackages.collectAsState()
+  val notificationForwardingQuietHoursEnabled by viewModel.notificationForwardingQuietHoursEnabled.collectAsState()
+  val notificationForwardingQuietStart by viewModel.notificationForwardingQuietStart.collectAsState()
+  val notificationForwardingQuietEnd by viewModel.notificationForwardingQuietEnd.collectAsState()
+  val notificationForwardingMaxEventsPerMinute by viewModel.notificationForwardingMaxEventsPerMinute.collectAsState()
+  val notificationForwardingSessionKey by viewModel.notificationForwardingSessionKey.collectAsState()
+
+  var notificationQuietStartDraft by remember(notificationForwardingQuietStart) {
+    mutableStateOf(notificationForwardingQuietStart)
+  }
+  var notificationQuietEndDraft by remember(notificationForwardingQuietEnd) {
+    mutableStateOf(notificationForwardingQuietEnd)
+  }
+  var notificationRateDraft by remember(notificationForwardingMaxEventsPerMinute) {
+    mutableStateOf(notificationForwardingMaxEventsPerMinute.toString())
+  }
+  var notificationSessionKeyDraft by remember(notificationForwardingSessionKey) {
+    mutableStateOf(notificationForwardingSessionKey.orEmpty())
+  }
+  val normalizedQuietStartDraft = remember(notificationQuietStartDraft) {
+    normalizeLocalHourMinute(notificationQuietStartDraft)
+  }
+  val normalizedQuietEndDraft = remember(notificationQuietEndDraft) {
+    normalizeLocalHourMinute(notificationQuietEndDraft)
+  }
+  val quietHoursDraftValid = normalizedQuietStartDraft != null && normalizedQuietEndDraft != null
+  val selectedPackagesSummary = remember(notificationForwardingMode, notificationForwardingPackages) {
+    when (notificationForwardingMode) {
+      NotificationPackageFilterMode.Allowlist ->
+        if (notificationForwardingPackages.isEmpty()) {
+          "Selected: none — allowlist mode forwards nothing until you add apps."
+        } else {
+          "Selected: ${notificationForwardingPackages.size} app(s) allowed."
+        }
+      NotificationPackageFilterMode.Blocklist ->
+        if (notificationForwardingPackages.isEmpty()) {
+          "Selected: none — blocklist mode forwards all apps except OpenClaw."
+        } else {
+          "Selected: ${notificationForwardingPackages.size} app(s) blocked."
+        }
+    }
+  }
+  val quietHoursCanEnable = notificationForwardingEnabled && quietHoursDraftValid
+  val quietHoursDraftDirty =
+    notificationForwardingQuietStart != (normalizedQuietStartDraft ?: notificationQuietStartDraft.trim()) ||
+      notificationForwardingQuietEnd != (normalizedQuietEndDraft ?: notificationQuietEndDraft.trim())
+  val quietHoursSaveEnabled = notificationForwardingEnabled && quietHoursDraftValid && quietHoursDraftDirty
 
   val listState = rememberLazyListState()
   val deviceModel =
@@ -175,6 +226,16 @@ fun SettingsSheet(viewModel: MainViewModel) {
     remember {
       mutableStateOf(isNotificationListenerEnabled(context))
     }
+  val notificationForwardingAvailable = notificationForwardingEnabled && notificationListenerEnabled
+  val notificationForwardingControlsAlpha = if (notificationForwardingAvailable) 1f else 0.6f
+
+  var notificationPickerExpanded by remember { mutableStateOf(false) }
+  var notificationAppSearch by remember { mutableStateOf("") }
+  var notificationShowSystemApps by remember { mutableStateOf(false) }
+  var installedNotificationApps by
+    remember(context, notificationForwardingPackages) {
+      mutableStateOf(queryInstalledApps(context, notificationForwardingPackages))
+    }
 
   var photosPermissionGranted by
     remember {
@@ -249,16 +310,19 @@ fun SettingsSheet(viewModel: MainViewModel) {
     remember {
       mutableStateOf(
         ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
-          PackageManager.PERMISSION_GRANTED &&
+          PackageManager.PERMISSION_GRANTED ||
           ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) ==
           PackageManager.PERMISSION_GRANTED,
       )
     }
   val smsPermissionLauncher =
-    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { perms ->
-      val sendOk = perms[Manifest.permission.SEND_SMS] == true
-      val readOk = perms[Manifest.permission.READ_SMS] == true
-      smsPermissionGranted = sendOk && readOk
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) {
+      smsPermissionGranted =
+        ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
+          PackageManager.PERMISSION_GRANTED
+        ||
+          ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) ==
+          PackageManager.PERMISSION_GRANTED
       viewModel.refreshGatewayConnection()
     }
 
@@ -271,6 +335,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
               PackageManager.PERMISSION_GRANTED
           notificationsPermissionGranted = hasNotificationsPermission(context)
           notificationListenerEnabled = isNotificationListenerEnabled(context)
+          installedNotificationApps = queryInstalledApps(context, notificationForwardingPackages)
           photosPermissionGranted =
             ContextCompat.checkSelfPermission(context, photosPermission) ==
               PackageManager.PERMISSION_GRANTED
@@ -293,7 +358,8 @@ fun SettingsSheet(viewModel: MainViewModel) {
               PackageManager.PERMISSION_GRANTED
           smsPermissionGranted =
             ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
-              PackageManager.PERMISSION_GRANTED &&
+              PackageManager.PERMISSION_GRANTED
+            ||
               ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) ==
               PackageManager.PERMISSION_GRANTED
         }
@@ -351,6 +417,20 @@ fun SettingsSheet(viewModel: MainViewModel) {
     }
   }
 
+  val normalizedAppSearch = notificationAppSearch.trim().lowercase()
+  val filteredNotificationApps =
+    remember(installedNotificationApps, normalizedAppSearch, notificationShowSystemApps) {
+      installedNotificationApps
+        .asSequence()
+        .filter { app -> notificationShowSystemApps || !app.isSystemApp }
+        .filter { app ->
+          normalizedAppSearch.isEmpty() ||
+            app.label.lowercase().contains(normalizedAppSearch) ||
+            app.packageName.lowercase().contains(normalizedAppSearch)
+        }
+        .toList()
+    }
+
   Box(
     modifier =
       Modifier
@@ -491,9 +571,12 @@ fun SettingsSheet(viewModel: MainViewModel) {
           ListItem(
             modifier = Modifier.fillMaxWidth(),
             colors = listItemColors,
-            headlineContent = { Text("Notification Listener", style = mobileHeadline) },
+            headlineContent = { Text("Notification Listener Access", style = mobileHeadline) },
             supportingContent = {
-              Text("Read and interact with notifications.", style = mobileCallout)
+              Text(
+                "Required for `notifications.list`, `notifications.actions`, and forwarded notification events.",
+                style = mobileCallout,
+              )
             },
             trailingContent = {
               Button(
@@ -530,7 +613,11 @@ fun SettingsSheet(viewModel: MainViewModel) {
                   shape = RoundedCornerShape(14.dp),
                 ) {
                   Text(
-                    if (smsPermissionGranted) "Manage" else "Grant",
+                    if (smsPermissionGranted) {
+                      "Manage"
+                    } else {
+                      "Grant"
+                    },
                     style = mobileCallout.copy(fontWeight = FontWeight.Bold),
                   )
                 }
@@ -539,6 +626,297 @@ fun SettingsSheet(viewModel: MainViewModel) {
           }
         }
       }
+      item {
+        ListItem(
+          modifier = Modifier.settingsRowModifier(),
+          colors = listItemColors,
+          headlineContent = { Text("Forward Notification Events", style = mobileHeadline) },
+          supportingContent = {
+            Text(
+              if (notificationListenerEnabled) {
+                "Forward listener events into gateway node events. Off by default until you enable it."
+              } else {
+                "Notification listener access is off, so no notification events can be forwarded yet."
+              },
+              style = mobileCallout,
+            )
+          },
+          trailingContent = {
+            Switch(
+              checked = notificationForwardingEnabled,
+              onCheckedChange = viewModel::setNotificationForwardingEnabled,
+              enabled = notificationListenerEnabled,
+            )
+          },
+        )
+      }
+      item {
+        Text(
+          if (notificationListenerEnabled) {
+            "Forwarding is available when enabled below."
+          } else {
+            "Forwarding controls stay disabled until Notification Listener Access is enabled in system Settings."
+          },
+          style = mobileCallout,
+          color = mobileTextSecondary,
+        )
+      }
+      item {
+        Column(
+          modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+          verticalArrangement = Arrangement.spacedBy(0.dp),
+        ) {
+          ListItem(
+            modifier = Modifier.fillMaxWidth(),
+            colors = listItemColors,
+            headlineContent = { Text("Package Filter: Allowlist", style = mobileHeadline) },
+            supportingContent = {
+              Text("Only listed package IDs are forwarded.", style = mobileCallout)
+            },
+            trailingContent = {
+              RadioButton(
+                selected = notificationForwardingMode == NotificationPackageFilterMode.Allowlist,
+                onClick = {
+                  viewModel.setNotificationForwardingMode(NotificationPackageFilterMode.Allowlist)
+                },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+          HorizontalDivider(color = mobileBorder)
+          ListItem(
+            modifier = Modifier.fillMaxWidth(),
+            colors = listItemColors,
+            headlineContent = { Text("Package Filter: Blocklist", style = mobileHeadline) },
+            supportingContent = {
+              Text("All packages except listed IDs are forwarded.", style = mobileCallout)
+            },
+            trailingContent = {
+              RadioButton(
+                selected = notificationForwardingMode == NotificationPackageFilterMode.Blocklist,
+                onClick = {
+                  viewModel.setNotificationForwardingMode(NotificationPackageFilterMode.Blocklist)
+                },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+        }
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = { notificationPickerExpanded = !notificationPickerExpanded },
+            enabled = notificationForwardingAvailable,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text(
+              if (notificationPickerExpanded) "Close App Picker" else "Open App Picker",
+              style = mobileCallout.copy(fontWeight = FontWeight.Bold),
+            )
+          }
+        }
+      }
+      item {
+        Text(
+          selectedPackagesSummary,
+          style = mobileCallout,
+          color = mobileTextSecondary,
+        )
+      }
+      if (notificationPickerExpanded) {
+        item {
+          OutlinedTextField(
+            value = notificationAppSearch,
+            onValueChange = { notificationAppSearch = it },
+            label = {
+              Text("Search apps", style = mobileCaption1, color = mobileTextSecondary)
+            },
+            modifier = Modifier.fillMaxWidth(),
+            textStyle = mobileBody.copy(color = mobileText),
+            colors = settingsTextFieldColors(),
+            enabled = notificationForwardingAvailable,
+          )
+        }
+        item {
+          ListItem(
+            modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+            colors = listItemColors,
+            headlineContent = { Text("Show System Apps", style = mobileHeadline) },
+            supportingContent = {
+              Text("Include Android/system packages in results.", style = mobileCallout)
+            },
+            trailingContent = {
+              Switch(
+                checked = notificationShowSystemApps,
+                onCheckedChange = { notificationShowSystemApps = it },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+        }
+        items(filteredNotificationApps, key = { it.packageName }) { app ->
+          ListItem(
+            modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+            colors = listItemColors,
+            headlineContent = { Text(app.label, style = mobileHeadline) },
+            supportingContent = { Text(app.packageName, style = mobileCallout) },
+            trailingContent = {
+              Switch(
+                checked = notificationForwardingPackages.contains(app.packageName),
+                onCheckedChange = { checked ->
+                  val next = notificationForwardingPackages.toMutableSet()
+                  if (checked) {
+                    next.add(app.packageName)
+                  } else {
+                    next.remove(app.packageName)
+                  }
+                  viewModel.setNotificationForwardingPackagesCsv(next.sorted().joinToString(","))
+                },
+                enabled = notificationForwardingAvailable,
+              )
+            },
+          )
+        }
+      }
+      item {
+        ListItem(
+          modifier = Modifier.settingsRowModifier().alpha(notificationForwardingControlsAlpha),
+          colors = listItemColors,
+          headlineContent = { Text("Quiet Hours", style = mobileHeadline) },
+          supportingContent = {
+            Text("Suppress forwarding during a local time window.", style = mobileCallout)
+          },
+          trailingContent = {
+            Switch(
+              checked = notificationForwardingQuietHoursEnabled,
+              onCheckedChange = {
+                if (!quietHoursCanEnable && it) return@Switch
+                viewModel.setNotificationForwardingQuietHours(
+                  enabled = it,
+                  start = notificationQuietStartDraft,
+                  end = notificationQuietEndDraft,
+                )
+              },
+              enabled = if (notificationForwardingQuietHoursEnabled) notificationForwardingAvailable else quietHoursCanEnable,
+            )
+          },
+        )
+      }
+      item {
+        OutlinedTextField(
+          value = notificationQuietStartDraft,
+          onValueChange = { notificationQuietStartDraft = it },
+          label = { Text("Quiet Start (HH:mm)", style = mobileCaption1, color = mobileTextSecondary) },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+          isError = notificationForwardingAvailable && normalizedQuietStartDraft == null,
+          supportingText = {
+            if (notificationForwardingAvailable && normalizedQuietStartDraft == null) {
+              Text("Use 24-hour HH:mm format, for example 22:00.", style = mobileCaption1, color = mobileDanger)
+            }
+          },
+        )
+      }
+      item {
+        OutlinedTextField(
+          value = notificationQuietEndDraft,
+          onValueChange = { notificationQuietEndDraft = it },
+          label = { Text("Quiet End (HH:mm)", style = mobileCaption1, color = mobileTextSecondary) },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+          isError = notificationForwardingAvailable && normalizedQuietEndDraft == null,
+          supportingText = {
+            if (notificationForwardingAvailable && normalizedQuietEndDraft == null) {
+              Text("Use 24-hour HH:mm format, for example 07:00.", style = mobileCaption1, color = mobileDanger)
+            }
+          },
+        )
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = {
+              viewModel.setNotificationForwardingQuietHours(
+                enabled = notificationForwardingQuietHoursEnabled,
+                start = notificationQuietStartDraft,
+                end = notificationQuietEndDraft,
+              )
+            },
+            enabled = quietHoursSaveEnabled,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text("Save Quiet Hours", style = mobileCallout.copy(fontWeight = FontWeight.Bold))
+          }
+        }
+      }
+      item {
+        OutlinedTextField(
+          value = notificationRateDraft,
+          onValueChange = { notificationRateDraft = it.filter { c -> c.isDigit() } },
+          label = { Text("Max Events / Minute", style = mobileCaption1, color = mobileTextSecondary) },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+        )
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = {
+              val parsed = notificationRateDraft.toIntOrNull() ?: notificationForwardingMaxEventsPerMinute
+              viewModel.setNotificationForwardingMaxEventsPerMinute(parsed)
+            },
+            enabled = notificationForwardingAvailable,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text("Save Rate", style = mobileCallout.copy(fontWeight = FontWeight.Bold))
+          }
+        }
+      }
+      item {
+        OutlinedTextField(
+          value = notificationSessionKeyDraft,
+          onValueChange = { notificationSessionKeyDraft = it },
+          label = {
+            Text(
+              "Route Session Key (optional)",
+              style = mobileCaption1,
+              color = mobileTextSecondary,
+            )
+          },
+          placeholder = {
+            Text("Blank keeps notification events on this device's default notification route. Set a key only to pin forwarding into a different session.", style = mobileCaption1, color = mobileTextSecondary)
+          },
+          modifier = Modifier.fillMaxWidth(),
+          textStyle = mobileBody.copy(color = mobileText),
+          colors = settingsTextFieldColors(),
+          enabled = notificationForwardingAvailable,
+        )
+      }
+      item {
+        Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.End) {
+          Button(
+            onClick = {
+              viewModel.setNotificationForwardingSessionKey(notificationSessionKeyDraft.trim().ifEmpty { null })
+            },
+            enabled = notificationForwardingAvailable,
+            colors = settingsPrimaryButtonColors(),
+            shape = RoundedCornerShape(14.dp),
+          ) {
+            Text("Save Session Route", style = mobileCallout.copy(fontWeight = FontWeight.Bold))
+          }
+        }
+      }
+      item { HorizontalDivider(color = mobileBorder) }
 
       // ── Data Access ──
       item {
@@ -774,6 +1152,78 @@ fun SettingsSheet(viewModel: MainViewModel) {
   }
 }
 
+data class InstalledApp(
+  val label: String,
+  val packageName: String,
+  val isSystemApp: Boolean,
+)
+
+private fun queryInstalledApps(
+  context: Context,
+  configuredPackages: Set<String>,
+): List<InstalledApp> {
+  val packageManager = context.packageManager
+  val launcherIntent = Intent(Intent.ACTION_MAIN).apply { addCategory(Intent.CATEGORY_LAUNCHER) }
+
+  val launcherPackages =
+    packageManager
+      .queryIntentActivities(launcherIntent, PackageManager.MATCH_ALL)
+      .asSequence()
+      .mapNotNull { it.activityInfo?.packageName?.trim()?.takeIf(String::isNotEmpty) }
+      .toMutableSet()
+
+  val recentNotificationPackages =
+    DeviceNotificationListenerService
+      .recentPackages(context)
+      .asSequence()
+      .map { it.trim() }
+      .filter { it.isNotEmpty() }
+      .toList()
+
+  val candidatePackages =
+    resolveNotificationCandidatePackages(
+      launcherPackages = launcherPackages,
+      recentPackages = recentNotificationPackages,
+      configuredPackages = configuredPackages,
+      appPackageName = context.packageName,
+    )
+
+  return candidatePackages
+    .asSequence()
+    .mapNotNull { packageName ->
+      runCatching {
+        val appInfo = packageManager.getApplicationInfo(packageName, 0)
+        val label = packageManager.getApplicationLabel(appInfo)?.toString()?.trim().orEmpty()
+        InstalledApp(
+          label = if (label.isEmpty()) packageName else label,
+          packageName = packageName,
+          isSystemApp = (appInfo.flags and android.content.pm.ApplicationInfo.FLAG_SYSTEM) != 0,
+        )
+      }.getOrNull()
+    }
+    .sortedWith(compareBy<InstalledApp> { it.label.lowercase() }.thenBy { it.packageName })
+    .toList()
+}
+
+internal fun resolveNotificationCandidatePackages(
+  launcherPackages: Set<String>,
+  recentPackages: List<String>,
+  configuredPackages: Set<String>,
+  appPackageName: String,
+): Set<String> {
+  val blockedPackage = appPackageName.trim()
+  return sequenceOf(
+      configuredPackages.asSequence(),
+      launcherPackages.asSequence(),
+      recentPackages.asSequence(),
+    )
+    .flatten()
+    .map { it.trim() }
+    .filter { it.isNotEmpty() && it != blockedPackage }
+    .toSet()
+}
+
+
 @Composable
 private fun settingsTextFieldColors() =
   OutlinedTextFieldDefaults.colors(
@@ -842,5 +1292,5 @@ private fun isNotificationListenerEnabled(context: Context): Boolean {
 private fun hasMotionCapabilities(context: Context): Boolean {
   val sensorManager = context.getSystemService(SensorManager::class.java) ?: return false
   return sensorManager.getDefaultSensor(Sensor.TYPE_ACCELEROMETER) != null ||
-          sensorManager.getDefaultSensor(Sensor.TYPE_STEP_COUNTER) != null
+    sensorManager.getDefaultSensor(Sensor.TYPE_STEP_COUNTER) != null
 }

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatSheetContent.kt

@@ -61,7 +61,7 @@ fun ChatSheetContent(viewModel: MainViewModel) {
   val pendingToolCalls by viewModel.chatPendingToolCalls.collectAsState()
   val sessions by viewModel.chatSessions.collectAsState()
 
-  LaunchedEffect(mainSessionKey) {
+  LaunchedEffect(Unit) {
     viewModel.loadChat(mainSessionKey)
   }
 

apps/android/app/src/main/java/ai/openclaw/app/voice/MicCaptureManager.kt

@@ -52,6 +52,7 @@ class MicCaptureManager(
     private const val speechMinSessionMs = 30_000L
     private const val speechCompleteSilenceMs = 1_500L
     private const val speechPossibleSilenceMs = 900L
+    private const val transcriptIdleFlushMs = 1_600L
     private const val maxConversationEntries = 40
     private const val pendingRunTimeoutMs = 45_000L
   }
@@ -87,8 +88,7 @@ class MicCaptureManager(
   val isSending: StateFlow<Boolean> = _isSending
 
   private val messageQueue = ArrayDeque<String>()
-  private val sessionSegments = mutableListOf<String>()
-  private var lastFinalSegment: String? = null
+  private var flushedPartialTranscript: String? = null
   private var pendingRunId: String? = null
   private var pendingAssistantEntryId: String? = null
   private var gatewayConnected = false
@@ -96,6 +96,7 @@ class MicCaptureManager(
   private var recognizer: SpeechRecognizer? = null
   private var restartJob: Job? = null
   private var drainJob: Job? = null
+  private var transcriptFlushJob: Job? = null
   private var pendingRunTimeoutJob: Job? = null
   private var stopRequested = false
 
@@ -115,10 +116,9 @@ class MicCaptureManager(
         stop()
         // Capture any partial transcript that didn't get a final result from the recognizer
         val partial = _liveTranscript.value?.trim().orEmpty()
-        if (partial.isNotEmpty() && sessionSegments.isEmpty()) {
-          sessionSegments.add(partial)
+        if (partial.isNotEmpty()) {
+          queueRecognizedMessage(partial)
         }
-        flushSessionToQueue()
         drainJob = null
         _micCooldown.value = false
         sendQueuedIfIdle()
@@ -132,6 +132,11 @@ class MicCaptureManager(
       sendQueuedIfIdle()
       return
     }
+    pendingRunTimeoutJob?.cancel()
+    pendingRunTimeoutJob = null
+    pendingRunId = null
+    pendingAssistantEntryId = null
+    _isSending.value = false
     if (messageQueue.isNotEmpty()) {
       _statusText.value = queuedWaitingStatus()
     }
@@ -210,6 +215,8 @@ class MicCaptureManager(
     stopRequested = true
     restartJob?.cancel()
     restartJob = null
+    transcriptFlushJob?.cancel()
+    transcriptFlushJob = null
     _isListening.value = false
     _statusText.value = if (_isSending.value) "Mic off · sending…" else "Mic off"
     _inputLevel.value = 0f
@@ -263,17 +270,10 @@ class MicCaptureManager(
       }
   }
 
-  private fun flushSessionToQueue() {
-    // Add sentence-ending punctuation between recognizer segments to avoid run-on text
-    val message = sessionSegments.joinToString(". ") { segment ->
-      val trimmed = segment.trimEnd()
-      if (trimmed.isNotEmpty() && trimmed.last() in ".!?,;:") trimmed else trimmed
-    }.trim().let { if (it.isNotEmpty() && it.last() !in ".!?") "$it." else it }
-    sessionSegments.clear()
+  private fun queueRecognizedMessage(text: String) {
+    val message = text.trim()
     _liveTranscript.value = null
-    lastFinalSegment = null
     if (message.isEmpty()) return
-
     appendConversation(
       role = VoiceConversationRole.User,
       text = message,
@@ -282,6 +282,20 @@ class MicCaptureManager(
     publishQueue()
   }
 
+  private fun scheduleTranscriptFlush(expectedText: String) {
+    transcriptFlushJob?.cancel()
+    transcriptFlushJob =
+      scope.launch {
+        delay(transcriptIdleFlushMs)
+        if (!_micEnabled.value || _isSending.value) return@launch
+        val current = _liveTranscript.value?.trim().orEmpty()
+        if (current.isEmpty() || current != expectedText) return@launch
+        flushedPartialTranscript = current
+        queueRecognizedMessage(current)
+        sendQueuedIfIdle()
+      }
+  }
+
   private fun publishQueue() {
     _queuedMessages.value = messageQueue.toList()
   }
@@ -436,19 +450,12 @@ class MicCaptureManager(
     }
   }
 
-  private fun onFinalTranscript(text: String) {
-    val trimmed = text.trim()
-    if (trimmed.isEmpty()) return
-    _liveTranscript.value = trimmed
-    if (lastFinalSegment == trimmed) return
-    lastFinalSegment = trimmed
-    sessionSegments.add(trimmed)
-  }
-
   private fun disableMic(status: String) {
     stopRequested = true
     restartJob?.cancel()
     restartJob = null
+    transcriptFlushJob?.cancel()
+    transcriptFlushJob = null
     _micEnabled.value = false
     _isListening.value = false
     _inputLevel.value = 0f
@@ -546,11 +553,18 @@ class MicCaptureManager(
       }
 
       override fun onResults(results: Bundle?) {
+        transcriptFlushJob?.cancel()
+        transcriptFlushJob = null
         val text = results?.getStringArrayList(SpeechRecognizer.RESULTS_RECOGNITION).orEmpty().firstOrNull()
         if (!text.isNullOrBlank()) {
-          onFinalTranscript(text)
-          // Don't auto-send on silence — accumulate transcript.
-          // Send happens when mic is toggled off (setMicEnabled(false)).
+          val trimmed = text.trim()
+          if (trimmed != flushedPartialTranscript) {
+            queueRecognizedMessage(trimmed)
+            sendQueuedIfIdle()
+          } else {
+            flushedPartialTranscript = null
+            _liveTranscript.value = null
+          }
         }
         scheduleRestart()
       }
@@ -558,7 +572,9 @@ class MicCaptureManager(
       override fun onPartialResults(partialResults: Bundle?) {
         val text = partialResults?.getStringArrayList(SpeechRecognizer.RESULTS_RECOGNITION).orEmpty().firstOrNull()
         if (!text.isNullOrBlank()) {
-          _liveTranscript.value = text.trim()
+          val trimmed = text.trim()
+          _liveTranscript.value = trimmed
+          scheduleTranscriptFlush(trimmed)
         }
       }
 

apps/android/app/src/main/java/ai/openclaw/app/voice/TalkModeManager.kt

@@ -7,7 +7,6 @@ import android.content.pm.PackageManager
 import android.media.AudioAttributes
 import android.media.AudioFocusRequest
 import android.media.AudioManager
-import android.media.MediaPlayer
 import android.os.Bundle
 import android.os.Handler
 import android.os.Looper
@@ -15,12 +14,12 @@ import android.os.SystemClock
 import android.speech.RecognitionListener
 import android.speech.RecognizerIntent
 import android.speech.SpeechRecognizer
-import android.util.Base64
 import android.util.Log
+import android.speech.tts.TextToSpeech
+import android.speech.tts.UtteranceProgressListener
 import androidx.core.content.ContextCompat
 import ai.openclaw.app.gateway.GatewaySession
-import ai.openclaw.app.isCanonicalMainSessionKey
-import java.io.File
+import java.util.Locale
 import java.util.UUID
 import java.util.concurrent.atomic.AtomicLong
 import kotlinx.coroutines.CancellationException
@@ -86,8 +85,6 @@ class TalkModeManager(
   private var lastSpokenText: String? = null
   private var lastInterruptedAtSeconds: Double? = null
 
-  private var currentVoiceId: String? = null
-  private var currentModelId: String? = null
   // Interrupt-on-speech is disabled by default: starting a SpeechRecognizer during
   // TTS creates an audio session conflict on some OEMs. Can be enabled via gateway talk config.
   private var interruptOnSpeech: Boolean = false
@@ -104,8 +101,10 @@ class TalkModeManager(
   private val playbackGeneration = AtomicLong(0L)
 
   private var ttsJob: Job? = null
-  private val playerLock = Any()
-  private var player: MediaPlayer? = null
+  private val ttsLock = Any()
+  private var textToSpeech: TextToSpeech? = null
+  private var textToSpeechInit: CompletableDeferred<TextToSpeech>? = null
+  @Volatile private var currentUtteranceId: String? = null
   @Volatile private var finalizeInFlight = false
   private var listenWatchdogJob: Job? = null
 
@@ -131,7 +130,6 @@ class TalkModeManager(
   fun setMainSessionKey(sessionKey: String?) {
     val trimmed = sessionKey?.trim().orEmpty()
     if (trimmed.isEmpty()) return
-    if (isCanonicalMainSessionKey(mainSessionKey)) return
     mainSessionKey = trimmed
   }
 
@@ -340,6 +338,7 @@ class TalkModeManager(
       recognizer?.destroy()
       recognizer = null
     }
+    shutdownTextToSpeech()
   }
 
   private fun startListeningInternal(markListening: Boolean) {
@@ -647,19 +646,6 @@ class TalkModeManager(
     val cleaned = parsed.stripped.trim()
     if (cleaned.isEmpty()) return
     _lastAssistantText.value = cleaned
-
-    val requestedVoice = directive?.voiceId?.trim()?.takeIf { it.isNotEmpty() }
-
-    if (directive?.voiceId != null) {
-      if (directive.once != true) {
-        currentVoiceId = requestedVoice
-      }
-    }
-    if (directive?.modelId != null) {
-      if (directive.once != true) {
-        currentModelId = directive.modelId?.trim()?.takeIf { it.isNotEmpty() }
-      }
-    }
     ensurePlaybackActive(playbackToken)
 
     _statusText.value = "Speaking…"
@@ -670,147 +656,98 @@ class TalkModeManager(
 
     try {
       val ttsStarted = SystemClock.elapsedRealtime()
-      val speech = requestTalkSpeak(cleaned, directive)
-      playGatewaySpeech(speech, playbackToken)
-      Log.d(tag, "talk.speak ok durMs=${SystemClock.elapsedRealtime() - ttsStarted} provider=${speech.provider}")
+      speakWithSystemTts(cleaned, directive, playbackToken)
+      Log.d(tag, "system tts ok durMs=${SystemClock.elapsedRealtime() - ttsStarted}")
     } catch (err: Throwable) {
       if (isPlaybackCancelled(err, playbackToken)) {
         Log.d(tag, "assistant speech cancelled")
         return
       }
       _statusText.value = "Speak failed: ${err.message ?: err::class.simpleName}"
-      Log.w(tag, "talk.speak failed: ${err.message ?: err::class.simpleName}")
+      Log.w(tag, "system tts failed: ${err.message ?: err::class.simpleName}")
     } finally {
 
       _isSpeaking.value = false
     }
   }
 
-  private data class GatewayTalkSpeech(
-    val audioBase64: String,
-    val provider: String,
-    val outputFormat: String?,
-    val mimeType: String?,
-    val fileExtension: String?,
-  )
-
-  private suspend fun requestTalkSpeak(text: String, directive: TalkDirective?): GatewayTalkSpeech {
-    val modelId =
-      directive?.modelId?.trim()?.takeIf { it.isNotEmpty() } ?: currentModelId?.trim()?.takeIf { it.isNotEmpty() }
-    val voiceId =
-      directive?.voiceId?.trim()?.takeIf { it.isNotEmpty() } ?: currentVoiceId?.trim()?.takeIf { it.isNotEmpty() }
-    val params =
-      buildJsonObject {
-        put("text", JsonPrimitive(text))
-        voiceId?.let { put("voiceId", JsonPrimitive(it)) }
-        modelId?.let { put("modelId", JsonPrimitive(it)) }
-        TalkModeRuntime.resolveSpeed(directive?.speed, directive?.rateWpm)?.let {
-          put("speed", JsonPrimitive(it))
-        }
-        TalkModeRuntime.validatedStability(directive?.stability, modelId)?.let {
-          put("stability", JsonPrimitive(it))
-        }
-        TalkModeRuntime.validatedUnit(directive?.similarity)?.let {
-          put("similarity", JsonPrimitive(it))
-        }
-        TalkModeRuntime.validatedUnit(directive?.style)?.let {
-          put("style", JsonPrimitive(it))
-        }
-        directive?.speakerBoost?.let { put("speakerBoost", JsonPrimitive(it)) }
-        TalkModeRuntime.validatedSeed(directive?.seed)?.let { put("seed", JsonPrimitive(it)) }
-        TalkModeRuntime.validatedNormalize(directive?.normalize)?.let {
-          put("normalize", JsonPrimitive(it))
-        }
-        TalkModeRuntime.validatedLanguage(directive?.language)?.let {
-          put("language", JsonPrimitive(it))
-        }
-        directive?.outputFormat?.trim()?.takeIf { it.isNotEmpty() }?.let {
-          put("outputFormat", JsonPrimitive(it))
-        }
-      }
-    val res = session.request("talk.speak", params.toString())
-    val root = json.parseToJsonElement(res).asObjectOrNull() ?: error("talk.speak returned invalid JSON")
-    val audioBase64 = root["audioBase64"].asStringOrNull()?.trim().orEmpty()
-    val provider = root["provider"].asStringOrNull()?.trim().orEmpty()
-    if (audioBase64.isEmpty()) {
-      error("talk.speak missing audioBase64")
-    }
-    if (provider.isEmpty()) {
-      error("talk.speak missing provider")
-    }
-    return GatewayTalkSpeech(
-      audioBase64 = audioBase64,
-      provider = provider,
-      outputFormat = root["outputFormat"].asStringOrNull()?.trim(),
-      mimeType = root["mimeType"].asStringOrNull()?.trim(),
-      fileExtension = root["fileExtension"].asStringOrNull()?.trim(),
-    )
-  }
-
-  private suspend fun playGatewaySpeech(speech: GatewayTalkSpeech, playbackToken: Long) {
+  private suspend fun speakWithSystemTts(text: String, directive: TalkDirective?, playbackToken: Long) {
     ensurePlaybackActive(playbackToken)
-    cleanupPlayer()
-    ensurePlaybackActive(playbackToken)
-
-    val audioBytes =
-      try {
-        Base64.decode(speech.audioBase64, Base64.DEFAULT)
-      } catch (err: IllegalArgumentException) {
-        throw IllegalStateException("talk.speak returned invalid audio", err)
+    val engine = ensureTextToSpeech()
+    val utteranceId = UUID.randomUUID().toString()
+    val finished = CompletableDeferred<Unit>()
+    withContext(Dispatchers.Main) {
+      ensurePlaybackActive(playbackToken)
+      synchronized(ttsLock) {
+        currentUtteranceId = utteranceId
+        engine.stop()
       }
-    val suffix = resolveGatewayAudioSuffix(speech)
-    val tempFile =
-      withContext(Dispatchers.IO) { File.createTempFile("tts_", suffix, context.cacheDir) }
-    try {
-      withContext(Dispatchers.IO) { tempFile.writeBytes(audioBytes) }
-      val player = MediaPlayer()
-      synchronized(playerLock) {
-        this.player = player
+      val locale =
+        TalkModeRuntime.validatedLanguage(directive?.language)?.let { Locale.forLanguageTag(it) }
+      if (locale != null) {
+        val localeResult = engine.setLanguage(locale)
+        if (
+          localeResult == TextToSpeech.LANG_MISSING_DATA ||
+            localeResult == TextToSpeech.LANG_NOT_SUPPORTED
+        ) {
+          throw IllegalStateException("Language unavailable on this device")
+        }
       }
-      val finished = CompletableDeferred<Unit>()
-      player.setAudioAttributes(
+      engine.setSpeechRate((TalkModeRuntime.resolveSpeed(directive?.speed, directive?.rateWpm) ?: 1.0).toFloat())
+      engine.setAudioAttributes(
         AudioAttributes.Builder()
           .setContentType(AudioAttributes.CONTENT_TYPE_SPEECH)
           .setUsage(AudioAttributes.USAGE_MEDIA)
           .build(),
       )
-      player.setOnCompletionListener { finished.complete(Unit) }
-      player.setOnErrorListener { _, what, extra ->
-        finished.completeExceptionally(IllegalStateException("MediaPlayer error what=$what extra=$extra"))
-        true
+      engine.setOnUtteranceProgressListener(
+        object : UtteranceProgressListener() {
+          override fun onStart(utteranceId: String?) = Unit
+
+          override fun onDone(utteranceId: String?) {
+            if (utteranceId == currentUtteranceId) {
+              finished.complete(Unit)
+            }
+          }
+
+          @Suppress("OVERRIDE_DEPRECATION")
+          @Deprecated("Deprecated in Java")
+          override fun onError(utteranceId: String?) {
+            if (utteranceId == currentUtteranceId) {
+              finished.completeExceptionally(IllegalStateException("TextToSpeech playback failed"))
+            }
+          }
+
+          override fun onError(utteranceId: String?, errorCode: Int) {
+            if (utteranceId == currentUtteranceId) {
+              finished.completeExceptionally(IllegalStateException("TextToSpeech playback failed ($errorCode)"))
+            }
+          }
+
+          override fun onStop(utteranceId: String?, interrupted: Boolean) {
+            if (utteranceId == currentUtteranceId) {
+              finished.completeExceptionally(CancellationException("assistant speech cancelled"))
+            }
+          }
+        },
+      )
+      val result = engine.speak(text, TextToSpeech.QUEUE_FLUSH, null, utteranceId)
+      if (result != TextToSpeech.SUCCESS) {
+        throw IllegalStateException("TextToSpeech start failed")
       }
-      player.setDataSource(tempFile.absolutePath)
-      withContext(Dispatchers.IO) { player.prepare() }
-      ensurePlaybackActive(playbackToken)
-      player.start()
+    }
+    try {
       finished.await()
       ensurePlaybackActive(playbackToken)
     } finally {
-      try {
-        cleanupPlayer(player)
-      } catch (_: Throwable) {}
-      tempFile.delete()
+      synchronized(ttsLock) {
+        if (currentUtteranceId == utteranceId) {
+          currentUtteranceId = null
+        }
+      }
     }
   }
 
-  private fun resolveGatewayAudioSuffix(speech: GatewayTalkSpeech): String {
-    val extension = speech.fileExtension?.trim()
-    if (!extension.isNullOrEmpty()) {
-      return if (extension.startsWith(".")) extension else ".$extension"
-    }
-    val mimeType = speech.mimeType?.trim()?.lowercase()
-    if (mimeType == "audio/mpeg") return ".mp3"
-    if (mimeType == "audio/ogg") return ".ogg"
-    if (mimeType == "audio/wav") return ".wav"
-    if (mimeType == "audio/webm") return ".webm"
-    val outputFormat = speech.outputFormat?.trim()?.lowercase().orEmpty()
-    if (outputFormat == "mp3" || outputFormat.startsWith("mp3_") || outputFormat.endsWith("-mp3")) return ".mp3"
-    if (outputFormat == "opus" || outputFormat.startsWith("opus_")) return ".ogg"
-    if (outputFormat.endsWith("-wav")) return ".wav"
-    if (outputFormat.endsWith("-webm")) return ".webm"
-    return ".audio"
-  }
-
   fun stopTts() {
     stopSpeaking(resetInterrupt = true)
     _isSpeaking.value = false
@@ -819,19 +756,14 @@ class TalkModeManager(
 
   private fun stopSpeaking(resetInterrupt: Boolean = true) {
     if (!_isSpeaking.value) {
-      cleanupPlayer()
+      stopTextToSpeechPlayback()
       abandonAudioFocus()
       return
     }
     if (resetInterrupt) {
-      val currentMs = synchronized(playerLock) {
-        try {
-          player?.currentPosition?.toDouble() ?: 0.0
-        } catch (_: IllegalStateException) { 0.0 }
-      }
-      lastInterruptedAtSeconds = currentMs / 1000.0
+      lastInterruptedAtSeconds = null
     }
-    cleanupPlayer()
+    stopTextToSpeechPlayback()
     _isSpeaking.value = false
     abandonAudioFocus()
   }
@@ -871,15 +803,79 @@ class TalkModeManager(
     audioFocusRequest = null
   }
 
-  private fun cleanupPlayer(expectedPlayer: MediaPlayer? = null) {
-    synchronized(playerLock) {
-      val p = player ?: return
-      if (expectedPlayer != null && p !== expectedPlayer) return
-      player = null
-      try {
-        p.stop()
-      } catch (_: IllegalStateException) {}
-      p.release()
+  private suspend fun ensureTextToSpeech(): TextToSpeech {
+    val existing = synchronized(ttsLock) { textToSpeech }
+    if (existing != null) {
+      return existing
+    }
+    val deferred: CompletableDeferred<TextToSpeech>
+    val created: Boolean
+    synchronized(ttsLock) {
+      val ready = textToSpeech
+      if (ready != null) {
+        deferred = CompletableDeferred<TextToSpeech>().also { it.complete(ready) }
+        created = false
+      } else {
+        val pending = textToSpeechInit
+        if (pending != null) {
+          deferred = pending
+          created = false
+        } else {
+          deferred = CompletableDeferred<TextToSpeech>()
+          textToSpeechInit = deferred
+          created = true
+        }
+      }
+    }
+    if (!created) {
+      return deferred.await()
+    }
+    withContext(Dispatchers.Main) {
+      synchronized(ttsLock) {
+        textToSpeech?.let {
+          textToSpeechInit = null
+          deferred.complete(it)
+          return@withContext
+        }
+      }
+      var engine: TextToSpeech? = null
+      engine = TextToSpeech(context) { status ->
+        if (status == TextToSpeech.SUCCESS) {
+          val initialized = engine ?: run {
+            deferred.completeExceptionally(IllegalStateException("TextToSpeech init failed"))
+            return@TextToSpeech
+          }
+          synchronized(ttsLock) {
+            textToSpeech = initialized
+            textToSpeechInit = null
+          }
+          deferred.complete(initialized)
+        } else {
+          synchronized(ttsLock) {
+            textToSpeechInit = null
+          }
+          engine?.shutdown()
+          deferred.completeExceptionally(IllegalStateException("TextToSpeech init failed ($status)"))
+        }
+      }
+    }
+    return deferred.await()
+  }
+
+  private fun stopTextToSpeechPlayback() {
+    synchronized(ttsLock) {
+      currentUtteranceId = null
+      textToSpeech?.stop()
+    }
+  }
+
+  private fun shutdownTextToSpeech() {
+    synchronized(ttsLock) {
+      currentUtteranceId = null
+      textToSpeech?.stop()
+      textToSpeech?.shutdown()
+      textToSpeech = null
+      textToSpeechInit = null
     }
   }
 
@@ -913,9 +909,6 @@ class TalkModeManager(
       val res = session.request("talk.config", "{}")
       val root = json.parseToJsonElement(res).asObjectOrNull()
       val parsed = TalkModeGatewayConfigParser.parse(root?.get("config").asObjectOrNull())
-      if (!isCanonicalMainSessionKey(mainSessionKey)) {
-        mainSessionKey = parsed.mainSessionKey
-      }
       silenceWindowMs = parsed.silenceTimeoutMs
       parsed.interruptOnSpeech?.let { interruptOnSpeech = it }
       configLoaded = true
@@ -944,32 +937,6 @@ class TalkModeManager(
       return null
     }
 
-    fun validatedUnit(value: Double?): Double? {
-      if (value == null) return null
-      if (value < 0 || value > 1) return null
-      return value
-    }
-
-    fun validatedStability(value: Double?, modelId: String?): Double? {
-      if (value == null) return null
-      val normalized = modelId?.trim()?.lowercase()
-      if (normalized == "eleven_v3") {
-        return if (value == 0.0 || value == 0.5 || value == 1.0) value else null
-      }
-      return validatedUnit(value)
-    }
-
-    fun validatedSeed(value: Long?): Long? {
-      if (value == null) return null
-      if (value < 0 || value > 4294967295L) return null
-      return value
-    }
-
-    fun validatedNormalize(value: String?): String? {
-      val normalized = value?.trim()?.lowercase() ?: return null
-      return if (normalized in listOf("auto", "on", "off")) normalized else null
-    }
-
     fun validatedLanguage(value: String?): String? {
       val normalized = value?.trim()?.lowercase() ?: return null
       if (normalized.length != 2) return null

apps/android/app/src/test/java/ai/openclaw/app/NotificationForwardingPolicyTest.kt

@@ -0,0 +1,189 @@
+package ai.openclaw.app
+
+import java.time.LocalDateTime
+import java.time.ZoneId
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class NotificationForwardingPolicyTest {
+  @Test
+  fun parseLocalHourMinute_parsesValidValues() {
+    assertEquals(0, parseLocalHourMinute("00:00"))
+    assertEquals(23 * 60 + 59, parseLocalHourMinute("23:59"))
+    assertEquals(7 * 60 + 5, parseLocalHourMinute("07:05"))
+  }
+
+  @Test
+  fun normalizeLocalHourMinute_acceptsStrict24HourDrafts() {
+    assertEquals("00:00", normalizeLocalHourMinute("00:00"))
+    assertEquals("23:59", normalizeLocalHourMinute("23:59"))
+    assertEquals("07:05", normalizeLocalHourMinute("07:05"))
+  }
+
+  @Test
+  fun parseLocalHourMinute_rejectsInvalidValues() {
+    assertEquals(null, parseLocalHourMinute(""))
+    assertEquals(null, parseLocalHourMinute("24:00"))
+    assertEquals(null, parseLocalHourMinute("12:60"))
+    assertEquals(null, parseLocalHourMinute("abc"))
+    assertEquals(null, parseLocalHourMinute("7:05"))
+    assertEquals(null, parseLocalHourMinute("07:5"))
+  }
+
+  @Test
+  fun normalizeLocalHourMinute_rejectsNonCanonicalDrafts() {
+    assertEquals(null, normalizeLocalHourMinute(""))
+    assertEquals(null, normalizeLocalHourMinute("7:05"))
+    assertEquals(null, normalizeLocalHourMinute("07:5"))
+    assertEquals(null, normalizeLocalHourMinute("24:00"))
+    assertEquals(null, normalizeLocalHourMinute("12:60"))
+  }
+
+  @Test
+  fun allowsPackage_blocklistBlocksConfiguredPackages() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = setOf("com.blocked.app"),
+        quietHoursEnabled = false,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    assertFalse(policy.allowsPackage("com.blocked.app"))
+    assertTrue(policy.allowsPackage("com.allowed.app"))
+  }
+
+  @Test
+  fun allowsPackage_allowlistOnlyAllowsConfiguredPackages() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Allowlist,
+        packages = setOf("com.allowed.app"),
+        quietHoursEnabled = false,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    assertTrue(policy.allowsPackage("com.allowed.app"))
+    assertFalse(policy.allowsPackage("com.other.app"))
+  }
+
+  @Test
+  fun isWithinQuietHours_handlesWindowCrossingMidnight() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    val zone = ZoneId.of("UTC")
+    val at2330 =
+      LocalDateTime
+        .of(2024, 1, 6, 23, 30)
+        .atZone(zone)
+        .toInstant()
+        .toEpochMilli()
+    val at1200 =
+      LocalDateTime
+        .of(2024, 1, 6, 12, 0)
+        .atZone(zone)
+        .toInstant()
+        .toEpochMilli()
+
+    assertTrue(policy.isWithinQuietHours(nowEpochMs = at2330, zoneId = zone))
+    assertFalse(policy.isWithinQuietHours(nowEpochMs = at1200, zoneId = zone))
+  }
+
+  @Test
+  fun isWithinQuietHours_sameStartEndMeansAlwaysQuiet() {
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "00:00",
+        quietEnd = "00:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+
+    assertTrue(policy.isWithinQuietHours(nowEpochMs = 1_704_098_400_000L, zoneId = ZoneId.of("UTC")))
+  }
+
+  @Test
+  fun blocksEventsWhenDisabledOrQuietHoursOrRateLimited() {
+    val disabled =
+      NotificationForwardingPolicy(
+        enabled = false,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = false,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+    assertFalse(disabled.enabled && disabled.allowsPackage("com.allowed.app"))
+
+    val quiet =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "22:00",
+        quietEnd = "07:00",
+        maxEventsPerMinute = 20,
+        sessionKey = null,
+      )
+    val zone = ZoneId.of("UTC")
+    val at2330 =
+      LocalDateTime
+        .of(2024, 1, 6, 23, 30)
+        .atZone(zone)
+        .toInstant()
+        .toEpochMilli()
+    assertTrue(quiet.isWithinQuietHours(nowEpochMs = at2330, zoneId = zone))
+
+    val limiter = NotificationBurstLimiter()
+    val minute = 1_704_098_400_000L
+    assertTrue(limiter.allow(nowEpochMs = minute, maxEventsPerMinute = 1))
+    assertFalse(limiter.allow(nowEpochMs = minute + 500L, maxEventsPerMinute = 1))
+  }
+
+  @Test
+  fun burstLimiter_blocksEventsAboveLimitInSameMinute() {
+    val limiter = NotificationBurstLimiter()
+    val minute = 1_704_098_400_000L
+
+    assertTrue(limiter.allow(nowEpochMs = minute, maxEventsPerMinute = 2))
+    assertTrue(limiter.allow(nowEpochMs = minute + 1_000L, maxEventsPerMinute = 2))
+    assertFalse(limiter.allow(nowEpochMs = minute + 2_000L, maxEventsPerMinute = 2))
+  }
+
+  @Test
+  fun burstLimiter_resetsOnNextMinuteWindow() {
+    val limiter = NotificationBurstLimiter()
+    val minute = 1_704_098_400_000L
+
+    assertTrue(limiter.allow(nowEpochMs = minute, maxEventsPerMinute = 1))
+    assertFalse(limiter.allow(nowEpochMs = minute + 1_000L, maxEventsPerMinute = 1))
+    assertTrue(limiter.allow(nowEpochMs = minute + 60_000L, maxEventsPerMinute = 1))
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/SecurePrefsNotificationForwardingTest.kt

@@ -0,0 +1,133 @@
+package ai.openclaw.app
+
+import android.content.Context
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+
+@RunWith(RobolectricTestRunner::class)
+class SecurePrefsNotificationForwardingTest {
+  @Test
+  fun setNotificationForwardingQuietHours_rejectsInvalidDraftsWithoutMutatingStoredValues() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = false,
+        start = "22:00",
+        end = "07:00",
+      ),
+    )
+
+    val originalStart = prefs.notificationForwardingQuietStart.value
+    val originalEnd = prefs.notificationForwardingQuietEnd.value
+    val originalEnabled = prefs.notificationForwardingQuietHoursEnabled.value
+
+    assertFalse(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "7:00",
+        end = "07:00",
+      ),
+    )
+
+    assertEquals(originalStart, prefs.notificationForwardingQuietStart.value)
+    assertEquals(originalEnd, prefs.notificationForwardingQuietEnd.value)
+    assertEquals(originalEnabled, prefs.notificationForwardingQuietHoursEnabled.value)
+  }
+
+  @Test
+  fun setNotificationForwardingQuietHours_persistsValidDraftsAndEnabledState() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "22:30",
+        end = "06:45",
+      ),
+    )
+
+    assertTrue(prefs.notificationForwardingQuietHoursEnabled.value)
+    assertEquals("22:30", prefs.notificationForwardingQuietStart.value)
+    assertEquals("06:45", prefs.notificationForwardingQuietEnd.value)
+  }
+
+  @Test
+  fun setNotificationForwardingQuietHours_disablesWithoutRevalidatingDrafts() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "22:30",
+        end = "06:45",
+      ),
+    )
+
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = false,
+        start = "7:00",
+        end = "06:45",
+      ),
+    )
+
+    assertFalse(prefs.notificationForwardingQuietHoursEnabled.value)
+    assertEquals("22:30", prefs.notificationForwardingQuietStart.value)
+    assertEquals("06:45", prefs.notificationForwardingQuietEnd.value)
+  }
+
+
+  @Test
+  fun getNotificationForwardingPolicy_readsLatestQuietHoursImmediately() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+    assertTrue(
+      prefs.setNotificationForwardingQuietHours(
+        enabled = true,
+        start = "21:15",
+        end = "06:10",
+      ),
+    )
+
+    val policy = prefs.getNotificationForwardingPolicy(appPackageName = "ai.openclaw.app")
+
+    assertTrue(policy.quietHoursEnabled)
+    assertEquals("21:15", policy.quietStart)
+    assertEquals("06:10", policy.quietEnd)
+  }
+
+  @Test
+  fun notificationForwarding_defaultsDisabledForSaferPosture() {
+    val context = RuntimeEnvironment.getApplication()
+    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
+    plainPrefs.edit().clear().commit()
+
+    val prefs = SecurePrefs(context)
+    val policy = prefs.getNotificationForwardingPolicy(appPackageName = "ai.openclaw.app")
+
+    assertFalse(prefs.notificationForwardingEnabled.value)
+    assertFalse(policy.enabled)
+    assertEquals(NotificationPackageFilterMode.Blocklist, policy.mode)
+  }
+
+}

apps/android/app/src/test/java/ai/openclaw/app/SessionKeyTest.kt

@@ -0,0 +1,20 @@
+package ai.openclaw.app
+
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Test
+
+class SessionKeyTest {
+  @Test
+  fun buildNodeMainSessionKeyUsesStableDeviceScopedSuffix() {
+    val key = buildNodeMainSessionKey(deviceId = "1234567890abcdef", agentId = "ops")
+
+    assertEquals("agent:ops:node-1234567890ab", key)
+  }
+
+  @Test
+  fun resolveAgentIdFromMainSessionKeyParsesCanonicalAgentKey() {
+    assertEquals("ops", resolveAgentIdFromMainSessionKey("agent:ops:main"))
+    assertNull(resolveAgentIdFromMainSessionKey("global"))
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/chat/ChatControllerSessionPolicyTest.kt

@@ -0,0 +1,32 @@
+package ai.openclaw.app.chat
+
+import org.junit.Assert.assertEquals
+import org.junit.Test
+
+class ChatControllerSessionPolicyTest {
+  @Test
+  fun applyMainSessionKeyMovesCurrentSessionWhenStillOnDefault() {
+    val state =
+      applyMainSessionKey(
+        currentSessionKey = "main",
+        appliedMainSessionKey = "main",
+        nextMainSessionKey = "agent:ops:node-device",
+      )
+
+    assertEquals("agent:ops:node-device", state.currentSessionKey)
+    assertEquals("agent:ops:node-device", state.appliedMainSessionKey)
+  }
+
+  @Test
+  fun applyMainSessionKeyKeepsUserSelectedSession() {
+    val state =
+      applyMainSessionKey(
+        currentSessionKey = "custom",
+        appliedMainSessionKey = "agent:ops:node-old",
+        nextMainSessionKey = "agent:ops:node-new",
+      )
+
+    assertEquals("custom", state.currentSessionKey)
+    assertEquals("agent:ops:node-new", state.appliedMainSessionKey)
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/node/CallLogHandlerTest.kt

@@ -173,15 +173,50 @@ class CallLogHandlerTest : NodeHandlerRobolectricTest() {
     assertTrue(callLogObj.containsKey("number"))
     assertTrue(callLogObj.containsKey("cachedName"))
   }
+
+  @Test
+  fun handleCallLogSearch_clampsLimitAndOffsetBeforeSearch() {
+    val source = FakeCallLogDataSource(canRead = true)
+    val handler = CallLogHandler.forTesting(appContext(), source)
+
+    val result = handler.handleCallLogSearch("""{"limit":999,"offset":-5}""")
+
+    assertTrue(result.ok)
+    assertEquals(200, source.lastRequest?.limit)
+    assertEquals(0, source.lastRequest?.offset)
+  }
+
+  @Test
+  fun handleCallLogSearch_mapsSearchFailuresToUnavailable() {
+    val handler =
+      CallLogHandler.forTesting(
+        appContext(),
+        FakeCallLogDataSource(
+          canRead = true,
+          failure = IllegalStateException("provider down"),
+        ),
+      )
+
+    val result = handler.handleCallLogSearch(null)
+
+    assertFalse(result.ok)
+    assertEquals("CALL_LOG_UNAVAILABLE", result.error?.code)
+    assertEquals("CALL_LOG_UNAVAILABLE: provider down", result.error?.message)
+  }
 }
 
 private class FakeCallLogDataSource(
   private val canRead: Boolean,
   private val searchResults: List<CallLogRecord> = emptyList(),
+  private val failure: Throwable? = null,
 ) : CallLogDataSource {
+  var lastRequest: CallLogSearchRequest? = null
+
   override fun hasReadPermission(context: Context): Boolean = canRead
 
   override fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord> {
+    lastRequest = request
+    failure?.let { throw it }
     val startIndex = request.offset.coerceAtLeast(0)
     val endIndex = (startIndex + request.limit).coerceAtMost(searchResults.size)
     return if (startIndex < searchResults.size) {

apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt

@@ -1,10 +1,25 @@
 package ai.openclaw.app.node
 
+import ai.openclaw.app.LocationMode
+import ai.openclaw.app.SecurePrefs
+import ai.openclaw.app.VoiceWakeMode
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
+import ai.openclaw.app.protocol.OpenClawCameraCommand
+import ai.openclaw.app.protocol.OpenClawCapability
+import ai.openclaw.app.protocol.OpenClawLocationCommand
+import ai.openclaw.app.protocol.OpenClawMotionCommand
+import ai.openclaw.app.protocol.OpenClawSmsCommand
 import ai.openclaw.app.gateway.GatewayEndpoint
 import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
 import org.junit.Assert.assertNull
+import org.junit.Assert.assertTrue
 import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
 
+@RunWith(RobolectricTestRunner::class)
 class ConnectionManagerTest {
   @Test
   fun resolveTlsParamsForEndpoint_prefersStoredPinOverAdvertisedFingerprint() {
@@ -73,4 +88,173 @@ class ConnectionManagerTest {
     assertNull(on?.expectedFingerprint)
     assertEquals(false, on?.allowTOFU)
   }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesRequestableSmsSearchWithoutSmsCapability() {
+    val options =
+      newManager(
+        sendSmsAvailable = false,
+        readSmsAvailable = false,
+        smsSearchPossible = true,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Send.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_doesNotAdvertiseSmsWhenSearchIsImpossible() {
+    val options =
+      newManager(
+        sendSmsAvailable = false,
+        readSmsAvailable = false,
+        smsSearchPossible = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Send.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesSmsCapabilityWhenReadSmsIsAvailable() {
+    val options =
+      newManager(
+        sendSmsAvailable = false,
+        readSmsAvailable = true,
+        smsSearchPossible = true,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesSmsSendWithoutSearchWhenOnlySendIsAvailable() {
+    val options =
+      newManager(
+        sendSmsAvailable = true,
+        readSmsAvailable = false,
+        smsSearchPossible = false,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawSmsCommand.Send.rawValue))
+    assertFalse(options.commands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Sms.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesAvailableNonSmsCommandsAndCapabilities() {
+    val options =
+      newManager(
+        cameraEnabled = true,
+        locationMode = LocationMode.WhileUsing,
+        voiceWakeMode = VoiceWakeMode.Always,
+        motionActivityAvailable = true,
+        callLogAvailable = true,
+        hasRecordAudioPermission = true,
+      ).buildNodeConnectOptions()
+
+    assertTrue(options.commands.contains(OpenClawCameraCommand.List.rawValue))
+    assertTrue(options.commands.contains(OpenClawLocationCommand.Get.rawValue))
+    assertTrue(options.commands.contains(OpenClawMotionCommand.Activity.rawValue))
+    assertTrue(options.commands.contains(OpenClawCallLogCommand.Search.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Camera.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Location.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Motion.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.CallLog.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.VoiceWake.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_omitsVoiceWakeWithoutMicrophonePermission() {
+    val options =
+      newManager(
+        voiceWakeMode = VoiceWakeMode.Always,
+        hasRecordAudioPermission = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.caps.contains(OpenClawCapability.VoiceWake.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_omitsUnavailableCameraLocationAndCallLogSurfaces() {
+    val options =
+      newManager(
+        cameraEnabled = false,
+        locationMode = LocationMode.Off,
+        callLogAvailable = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawCameraCommand.List.rawValue))
+    assertFalse(options.commands.contains(OpenClawCameraCommand.Snap.rawValue))
+    assertFalse(options.commands.contains(OpenClawCameraCommand.Clip.rawValue))
+    assertFalse(options.commands.contains(OpenClawLocationCommand.Get.rawValue))
+    assertFalse(options.commands.contains(OpenClawCallLogCommand.Search.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Camera.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Location.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.CallLog.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_advertisesOnlyAvailableMotionCommand() {
+    val options =
+      newManager(
+        motionActivityAvailable = false,
+        motionPedometerAvailable = true,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawMotionCommand.Activity.rawValue))
+    assertTrue(options.commands.contains(OpenClawMotionCommand.Pedometer.rawValue))
+    assertTrue(options.caps.contains(OpenClawCapability.Motion.rawValue))
+  }
+
+  @Test
+  fun buildNodeConnectOptions_omitsMotionSurfaceWhenMotionApisUnavailable() {
+    val options =
+      newManager(
+        motionActivityAvailable = false,
+        motionPedometerAvailable = false,
+      ).buildNodeConnectOptions()
+
+    assertFalse(options.commands.contains(OpenClawMotionCommand.Activity.rawValue))
+    assertFalse(options.commands.contains(OpenClawMotionCommand.Pedometer.rawValue))
+    assertFalse(options.caps.contains(OpenClawCapability.Motion.rawValue))
+  }
+
+  private fun newManager(
+    cameraEnabled: Boolean = false,
+    locationMode: LocationMode = LocationMode.Off,
+    voiceWakeMode: VoiceWakeMode = VoiceWakeMode.Off,
+    motionActivityAvailable: Boolean = false,
+    motionPedometerAvailable: Boolean = false,
+    sendSmsAvailable: Boolean = false,
+    readSmsAvailable: Boolean = false,
+    smsSearchPossible: Boolean = false,
+    callLogAvailable: Boolean = false,
+    hasRecordAudioPermission: Boolean = false,
+  ): ConnectionManager {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs =
+      SecurePrefs(
+        context,
+        securePrefsOverride = context.getSharedPreferences("connection-manager-test", android.content.Context.MODE_PRIVATE),
+      )
+
+    return ConnectionManager(
+      prefs = prefs,
+      cameraEnabled = { cameraEnabled },
+      locationMode = { locationMode },
+      voiceWakeMode = { voiceWakeMode },
+      motionActivityAvailable = { motionActivityAvailable },
+      motionPedometerAvailable = { motionPedometerAvailable },
+      sendSmsAvailable = { sendSmsAvailable },
+      readSmsAvailable = { readSmsAvailable },
+      smsSearchPossible = { smsSearchPossible },
+      callLogAvailable = { callLogAvailable },
+      hasRecordAudioPermission = { hasRecordAudioPermission },
+      manualTls = { false },
+    )
+  }
 }

apps/android/app/src/test/java/ai/openclaw/app/node/DeviceHandlerTest.kt

@@ -101,9 +101,131 @@ class DeviceHandlerTest {
       val status = state.getValue("status").jsonPrimitive.content
       assertTrue(status == "granted" || status == "denied")
       state.getValue("promptable").jsonPrimitive.boolean
+      if (key == "sms") {
+        val capabilities = state.getValue("capabilities").jsonObject
+        for (capabilityKey in listOf("send", "read")) {
+          val capability = capabilities.getValue(capabilityKey).jsonObject
+          val capabilityStatus = capability.getValue("status").jsonPrimitive.content
+          assertTrue(capabilityStatus == "granted" || capabilityStatus == "denied")
+          capability.getValue("promptable").jsonPrimitive.boolean
+        }
+      }
     }
   }
 
+  @Test
+  fun smsTopLevelStatusTreatsSendOnlyPartialGrantAsGranted() {
+    assertTrue(
+      DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = false,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsReadOnlyPartialGrantAsGranted() {
+    assertTrue(
+      DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = false,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsNoSmsGrantAsDenied() {
+    assertTrue(
+      !DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = false,
+        smsReadGranted = false,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsDisabledSmsAsDenied() {
+    assertTrue(
+      !DeviceHandler.hasAnySmsCapability(
+        smsEnabled = false,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelStatusTreatsMissingTelephonyAsDenied() {
+    assertTrue(
+      !DeviceHandler.hasAnySmsCapability(
+        smsEnabled = true,
+        telephonyAvailable = false,
+        smsSendGranted = true,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelPromptableStaysTrueUntilBothSmsPermissionsAreGranted() {
+    assertTrue(
+      DeviceHandler.isSmsPromptable(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = false,
+      ),
+    )
+    assertTrue(
+      !DeviceHandler.isSmsPromptable(
+        smsEnabled = true,
+        telephonyAvailable = true,
+        smsSendGranted = true,
+        smsReadGranted = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsTopLevelPromptableIsFalseWhenSmsCannotExist() {
+    assertTrue(
+      !DeviceHandler.isSmsPromptable(
+        smsEnabled = false,
+        telephonyAvailable = true,
+        smsSendGranted = false,
+        smsReadGranted = false,
+      ),
+    )
+    assertTrue(
+      !DeviceHandler.isSmsPromptable(
+        smsEnabled = true,
+        telephonyAvailable = false,
+        smsSendGranted = false,
+        smsReadGranted = false,
+      ),
+    )
+  }
+
+  @Test
+  fun handleDevicePermissions_marksCallLogUnpromptableWhenFeatureDisabled() {
+    val handler = DeviceHandler(appContext(), callLogEnabled = false)
+
+    val result = handler.handleDevicePermissions(null)
+
+    assertTrue(result.ok)
+    val payload = parsePayload(result.payloadJson)
+    val callLog = payload.getValue("permissions").jsonObject.getValue("callLog").jsonObject
+    assertEquals("denied", callLog.getValue("status").jsonPrimitive.content)
+    assertTrue(!callLog.getValue("promptable").jsonPrimitive.boolean)
+  }
+
   @Test
   fun handleDeviceHealth_returnsExpectedShape() {
     val handler = DeviceHandler(appContext())

apps/android/app/src/test/java/ai/openclaw/app/node/DeviceNotificationListenerServiceTest.kt

@@ -0,0 +1,119 @@
+package ai.openclaw.app.node
+
+import android.content.Context
+import ai.openclaw.app.NotificationBurstLimiter
+import ai.openclaw.app.NotificationForwardingPolicy
+import ai.openclaw.app.NotificationPackageFilterMode
+import ai.openclaw.app.isWithinQuietHours
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertNull
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+
+@RunWith(RobolectricTestRunner::class)
+class DeviceNotificationListenerServiceTest {
+  @Test
+  fun recentPackages_migratesLegacyPreferenceKey() {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    prefs.edit()
+      .clear()
+      .putString("notifications.recentPackages", "com.example.one, com.example.two")
+      .commit()
+
+    val packages = DeviceNotificationListenerService.recentPackages(context)
+
+    assertEquals(listOf("com.example.one", "com.example.two"), packages)
+    assertEquals(
+      "com.example.one, com.example.two",
+      prefs.getString("notifications.forwarding.recentPackages", null),
+    )
+    assertFalse(prefs.contains("notifications.recentPackages"))
+  }
+
+  @Test
+  fun recentPackages_cleansUpLegacyKeyWhenNewKeyAlreadyExists() {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    prefs.edit()
+      .clear()
+      .putString("notifications.forwarding.recentPackages", "com.example.new")
+      .putString("notifications.recentPackages", "com.example.legacy")
+      .commit()
+
+    val packages = DeviceNotificationListenerService.recentPackages(context)
+
+    assertEquals(listOf("com.example.new"), packages)
+    assertNull(prefs.getString("notifications.recentPackages", null))
+  }
+
+  @Test
+  fun recentPackages_trimsDedupesAndPreservesRecencyOrder() {
+    val context = RuntimeEnvironment.getApplication()
+    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    prefs.edit()
+      .clear()
+      .putString(
+        "notifications.forwarding.recentPackages",
+        " com.example.recent , ,com.example.other,com.example.recent, com.example.third ",
+      )
+      .commit()
+
+    val packages = DeviceNotificationListenerService.recentPackages(context)
+
+    assertEquals(
+      listOf("com.example.recent", "com.example.other", "com.example.third"),
+      packages,
+    )
+  }
+
+  @Test
+  fun quietHoursAndRateLimitingUseWallClockTimeNotNotificationPostTime() {
+    val zone = java.time.ZoneId.systemDefault()
+    val now = java.time.ZonedDateTime.now(zone)
+    val quietStart = now.minusMinutes(5).toLocalTime().withSecond(0).withNano(0)
+    val quietEnd = now.plusMinutes(5).toLocalTime().withSecond(0).withNano(0)
+    val stalePostTime =
+      now
+        .minusHours(2)
+        .withMinute(0)
+        .withSecond(0)
+        .withNano(0)
+        .toInstant()
+        .toEpochMilli()
+
+    val policy =
+      NotificationForwardingPolicy(
+        enabled = true,
+        mode = NotificationPackageFilterMode.Blocklist,
+        packages = emptySet(),
+        quietHoursEnabled = true,
+        quietStart = "%02d:%02d".format(quietStart.hour, quietStart.minute),
+        quietEnd = "%02d:%02d".format(quietEnd.hour, quietEnd.minute),
+        maxEventsPerMinute = 1,
+        sessionKey = null,
+      )
+
+    assertFalse(policy.isWithinQuietHours(nowEpochMs = stalePostTime, zoneId = zone))
+    assertTrue(policy.isWithinQuietHours(nowEpochMs = System.currentTimeMillis(), zoneId = zone))
+
+    val limiter = NotificationBurstLimiter()
+    assertTrue(limiter.allow(nowEpochMs = stalePostTime, maxEventsPerMinute = 1))
+    assertTrue(limiter.allow(nowEpochMs = System.currentTimeMillis(), maxEventsPerMinute = 1))
+    assertFalse(limiter.allow(nowEpochMs = System.currentTimeMillis(), maxEventsPerMinute = 1))
+  }
+
+  @Test
+  fun burstLimiter_capsAnyForwardedNotificationEvent() {
+    val limiter = NotificationBurstLimiter()
+    val nowEpochMs = System.currentTimeMillis()
+
+    assertTrue(limiter.allow(nowEpochMs = nowEpochMs, maxEventsPerMinute = 2))
+    assertTrue(limiter.allow(nowEpochMs = nowEpochMs, maxEventsPerMinute = 2))
+    assertFalse(limiter.allow(nowEpochMs = nowEpochMs, maxEventsPerMinute = 2))
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/node/InvokeCommandRegistryTest.kt

@@ -12,6 +12,9 @@ import ai.openclaw.app.protocol.OpenClawNotificationsCommand
 import ai.openclaw.app.protocol.OpenClawPhotosCommand
 import ai.openclaw.app.protocol.OpenClawSmsCommand
 import ai.openclaw.app.protocol.OpenClawSystemCommand
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotNull
+import org.junit.Assert.assertNull
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
 import org.junit.Test
@@ -86,6 +89,7 @@ class InvokeCommandRegistryTest {
           locationEnabled = true,
           sendSmsAvailable = true,
           readSmsAvailable = true,
+          smsSearchPossible = true,
           callLogAvailable = true,
           voiceWakeEnabled = true,
           motionActivityAvailable = true,
@@ -113,6 +117,7 @@ class InvokeCommandRegistryTest {
           locationEnabled = true,
           sendSmsAvailable = true,
           readSmsAvailable = true,
+          smsSearchPossible = true,
           callLogAvailable = true,
           motionActivityAvailable = true,
           motionPedometerAvailable = true,
@@ -132,6 +137,7 @@ class InvokeCommandRegistryTest {
           locationEnabled = false,
           sendSmsAvailable = false,
           readSmsAvailable = false,
+          smsSearchPossible = false,
           callLogAvailable = false,
           voiceWakeEnabled = false,
           motionActivityAvailable = true,
@@ -148,17 +154,22 @@ class InvokeCommandRegistryTest {
   fun advertisedCommands_splitsSmsSendAndSearchAvailability() {
     val readOnlyCommands =
       InvokeCommandRegistry.advertisedCommands(
-        defaultFlags(readSmsAvailable = true),
+        defaultFlags(readSmsAvailable = true, smsSearchPossible = true),
       )
     val sendOnlyCommands =
       InvokeCommandRegistry.advertisedCommands(
         defaultFlags(sendSmsAvailable = true),
       )
+    val requestableSearchCommands =
+      InvokeCommandRegistry.advertisedCommands(
+        defaultFlags(smsSearchPossible = true),
+      )
 
     assertTrue(readOnlyCommands.contains(OpenClawSmsCommand.Search.rawValue))
     assertFalse(readOnlyCommands.contains(OpenClawSmsCommand.Send.rawValue))
     assertTrue(sendOnlyCommands.contains(OpenClawSmsCommand.Send.rawValue))
     assertFalse(sendOnlyCommands.contains(OpenClawSmsCommand.Search.rawValue))
+    assertTrue(requestableSearchCommands.contains(OpenClawSmsCommand.Search.rawValue))
   }
 
   @Test
@@ -171,9 +182,14 @@ class InvokeCommandRegistryTest {
       InvokeCommandRegistry.advertisedCapabilities(
         defaultFlags(sendSmsAvailable = true),
       )
+    val requestableSearchCapabilities =
+      InvokeCommandRegistry.advertisedCapabilities(
+        defaultFlags(smsSearchPossible = true),
+      )
 
     assertTrue(readOnlyCapabilities.contains(OpenClawCapability.Sms.rawValue))
     assertTrue(sendOnlyCapabilities.contains(OpenClawCapability.Sms.rawValue))
+    assertFalse(requestableSearchCapabilities.contains(OpenClawCapability.Sms.rawValue))
   }
 
   @Test
@@ -190,11 +206,37 @@ class InvokeCommandRegistryTest {
     assertFalse(capabilities.contains(OpenClawCapability.CallLog.rawValue))
   }
 
+  @Test
+  fun advertisedCapabilities_includesVoiceWakeWithoutAdvertisingCommands() {
+    val capabilities = InvokeCommandRegistry.advertisedCapabilities(defaultFlags(voiceWakeEnabled = true))
+    val commands = InvokeCommandRegistry.advertisedCommands(defaultFlags(voiceWakeEnabled = true))
+
+    assertTrue(capabilities.contains(OpenClawCapability.VoiceWake.rawValue))
+    assertFalse(commands.any { it.contains("voice", ignoreCase = true) })
+  }
+
+  @Test
+  fun find_returnsForegroundMetadataForCameraCommands() {
+    val list = InvokeCommandRegistry.find(OpenClawCameraCommand.List.rawValue)
+    val location = InvokeCommandRegistry.find(OpenClawLocationCommand.Get.rawValue)
+
+    assertNotNull(list)
+    assertEquals(true, list?.requiresForeground)
+    assertNotNull(location)
+    assertEquals(false, location?.requiresForeground)
+  }
+
+  @Test
+  fun find_returnsNullForUnknownCommand() {
+    assertNull(InvokeCommandRegistry.find("not.real"))
+  }
+
   private fun defaultFlags(
     cameraEnabled: Boolean = false,
     locationEnabled: Boolean = false,
     sendSmsAvailable: Boolean = false,
     readSmsAvailable: Boolean = false,
+    smsSearchPossible: Boolean = false,
     callLogAvailable: Boolean = false,
     voiceWakeEnabled: Boolean = false,
     motionActivityAvailable: Boolean = false,
@@ -206,6 +248,7 @@ class InvokeCommandRegistryTest {
       locationEnabled = locationEnabled,
       sendSmsAvailable = sendSmsAvailable,
       readSmsAvailable = readSmsAvailable,
+      smsSearchPossible = smsSearchPossible,
       callLogAvailable = callLogAvailable,
       voiceWakeEnabled = voiceWakeEnabled,
       motionActivityAvailable = motionActivityAvailable,

apps/android/app/src/test/java/ai/openclaw/app/node/InvokeDispatcherTest.kt

@@ -0,0 +1,368 @@
+package ai.openclaw.app.node
+
+import ai.openclaw.app.gateway.DeviceIdentityStore
+import ai.openclaw.app.gateway.GatewaySession
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
+import ai.openclaw.app.protocol.OpenClawCameraCommand
+import ai.openclaw.app.protocol.OpenClawLocationCommand
+import ai.openclaw.app.protocol.OpenClawMotionCommand
+import ai.openclaw.app.protocol.OpenClawSmsCommand
+import android.content.Context
+import android.content.pm.PackageManager
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.test.runTest
+import kotlinx.serialization.json.Json
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+import org.robolectric.Shadows.shadowOf
+
+@RunWith(RobolectricTestRunner::class)
+class InvokeDispatcherTest {
+  @Test
+  fun classifySmsSearchAvailability_returnsAvailable_whenReadSmsIsAvailable() {
+    assertEquals(
+      SmsSearchAvailabilityReason.Available,
+      classifySmsSearchAvailability(
+        readSmsAvailable = true,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun classifySmsSearchAvailability_returnsUnavailable_whenSmsFeatureDisabled() {
+    assertEquals(
+      SmsSearchAvailabilityReason.Unavailable,
+      classifySmsSearchAvailability(
+        readSmsAvailable = false,
+        smsFeatureEnabled = false,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun classifySmsSearchAvailability_returnsUnavailable_whenTelephonyUnavailable() {
+    assertEquals(
+      SmsSearchAvailabilityReason.Unavailable,
+      classifySmsSearchAvailability(
+        readSmsAvailable = false,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = false,
+      ),
+    )
+  }
+
+  @Test
+  fun classifySmsSearchAvailability_returnsPermissionRequired_whenOnlyReadSmsPermissionIsMissing() {
+    assertEquals(
+      SmsSearchAvailabilityReason.PermissionRequired,
+      classifySmsSearchAvailability(
+        readSmsAvailable = false,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsSearchAvailabilityError_returnsNull_whenReadSmsPermissionIsRequestable() {
+    assertNull(
+      smsSearchAvailabilityError(
+        readSmsAvailable = false,
+        smsFeatureEnabled = true,
+        smsTelephonyAvailable = true,
+      ),
+    )
+  }
+
+  @Test
+  fun smsSearchAvailabilityError_returnsUnavailable_whenSmsSearchIsImpossible() {
+    val result =
+      smsSearchAvailabilityError(
+        readSmsAvailable = false,
+        smsFeatureEnabled = false,
+        smsTelephonyAvailable = true,
+      )
+
+    assertEquals("SMS_UNAVAILABLE", result?.error?.code)
+    assertEquals("SMS_UNAVAILABLE: SMS not available on this device", result?.error?.message)
+  }
+
+  @Test
+  fun handleInvoke_allowsRequestableSmsSearchToReachHandler() =
+    runTest {
+      val result =
+        newDispatcher(
+          readSmsAvailable = false,
+          smsFeatureEnabled = true,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Search.rawValue, "not-json")
+
+      assertEquals("SMS_PERMISSION_REQUIRED", result.error?.code)
+      assertEquals("grant READ_SMS permission", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksSmsSearchWhenFeatureIsUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(
+          readSmsAvailable = false,
+          smsFeatureEnabled = false,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Search.rawValue, "not-json")
+
+      assertEquals("SMS_UNAVAILABLE", result.error?.code)
+      assertEquals("SMS_UNAVAILABLE: SMS not available on this device", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_allowsAvailableSmsSendToReachHandler() =
+    runTest {
+      val result =
+        newDispatcher(
+          sendSmsAvailable = true,
+          smsFeatureEnabled = true,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Send.rawValue, """{"to":"+15551234567","message":"hi"}""")
+
+      assertEquals("SMS_PERMISSION_REQUIRED", result.error?.code)
+      assertEquals("grant SMS permission", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksSmsSendWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(
+          sendSmsAvailable = false,
+          smsFeatureEnabled = true,
+          smsTelephonyAvailable = true,
+        ).handleInvoke(OpenClawSmsCommand.Send.rawValue, """{"to":"+15551234567","message":"hi"}""")
+
+      assertEquals("SMS_UNAVAILABLE", result.error?.code)
+      assertEquals("SMS_UNAVAILABLE: SMS not available on this device", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksCameraCommandsWhenCameraDisabled() =
+    runTest {
+      val result = newDispatcher(cameraEnabled = false).handleInvoke(OpenClawCameraCommand.List.rawValue, null)
+
+      assertEquals("CAMERA_DISABLED", result.error?.code)
+      assertEquals("CAMERA_DISABLED: enable Camera in Settings", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksLocationCommandWhenLocationDisabled() =
+    runTest {
+      val result = newDispatcher(locationEnabled = false).handleInvoke(OpenClawLocationCommand.Get.rawValue, null)
+
+      assertEquals("LOCATION_DISABLED", result.error?.code)
+      assertEquals("LOCATION_DISABLED: enable Location in Settings", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksMotionActivityWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(motionActivityAvailable = false)
+          .handleInvoke(OpenClawMotionCommand.Activity.rawValue, null)
+
+      assertEquals("MOTION_UNAVAILABLE", result.error?.code)
+      assertEquals("MOTION_UNAVAILABLE: accelerometer not available", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksMotionPedometerWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(motionPedometerAvailable = false)
+          .handleInvoke(OpenClawMotionCommand.Pedometer.rawValue, null)
+
+      assertEquals("PEDOMETER_UNAVAILABLE", result.error?.code)
+      assertEquals("PEDOMETER_UNAVAILABLE: step counter not available", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_blocksCallLogWhenUnavailable() =
+    runTest {
+      val result =
+        newDispatcher(callLogAvailable = false).handleInvoke(OpenClawCallLogCommand.Search.rawValue, null)
+
+      assertEquals("CALL_LOG_UNAVAILABLE", result.error?.code)
+      assertEquals("CALL_LOG_UNAVAILABLE: call log not available on this build", result.error?.message)
+    }
+
+  @Test
+  fun handleInvoke_treatsDebugCommandsAsUnknownOutsideDebugBuilds() =
+    runTest {
+      val result = newDispatcher(debugBuild = false).handleInvoke("debug.logs", null)
+
+      assertEquals("INVALID_REQUEST", result.error?.code)
+      assertEquals("INVALID_REQUEST: unknown command", result.error?.message)
+    }
+
+  private fun newDispatcher(
+    cameraEnabled: Boolean = false,
+    locationEnabled: Boolean = false,
+    sendSmsAvailable: Boolean = false,
+    readSmsAvailable: Boolean = false,
+    smsFeatureEnabled: Boolean = true,
+    smsTelephonyAvailable: Boolean = true,
+    callLogAvailable: Boolean = false,
+    debugBuild: Boolean = false,
+    motionActivityAvailable: Boolean = false,
+    motionPedometerAvailable: Boolean = false,
+  ): InvokeDispatcher {
+    val appContext = RuntimeEnvironment.getApplication()
+    shadowOf(appContext.packageManager).setSystemFeature(PackageManager.FEATURE_TELEPHONY, smsTelephonyAvailable)
+    val canvas = CanvasController()
+    return InvokeDispatcher(
+      canvas = canvas,
+      cameraHandler = newCameraHandler(appContext),
+      locationHandler =
+        LocationHandler.forTesting(
+          appContext = appContext,
+          dataSource = InvokeDispatcherFakeLocationDataSource(),
+        ),
+      deviceHandler = DeviceHandler(appContext),
+      notificationsHandler =
+        NotificationsHandler.forTesting(
+          appContext = appContext,
+          stateProvider = InvokeDispatcherFakeNotificationsStateProvider(),
+        ),
+      systemHandler = SystemHandler.forTesting(InvokeDispatcherFakeSystemNotificationPoster()),
+      photosHandler = PhotosHandler.forTesting(appContext, InvokeDispatcherFakePhotosDataSource()),
+      contactsHandler = ContactsHandler.forTesting(appContext, InvokeDispatcherFakeContactsDataSource()),
+      calendarHandler = CalendarHandler.forTesting(appContext, InvokeDispatcherFakeCalendarDataSource()),
+      motionHandler = MotionHandler.forTesting(appContext, InvokeDispatcherFakeMotionDataSource()),
+      smsHandler = SmsHandler(SmsManager(appContext)),
+      a2uiHandler =
+        A2UIHandler(
+          canvas = canvas,
+          json = Json { ignoreUnknownKeys = true },
+          getNodeCanvasHostUrl = { null },
+          getOperatorCanvasHostUrl = { null },
+        ),
+      debugHandler = DebugHandler(appContext, DeviceIdentityStore(appContext)),
+      callLogHandler = CallLogHandler.forTesting(appContext, InvokeDispatcherFakeCallLogDataSource()),
+      isForeground = { true },
+      cameraEnabled = { cameraEnabled },
+      locationEnabled = { locationEnabled },
+      sendSmsAvailable = { sendSmsAvailable },
+      readSmsAvailable = { readSmsAvailable },
+      smsFeatureEnabled = { smsFeatureEnabled },
+      smsTelephonyAvailable = { smsTelephonyAvailable },
+      callLogAvailable = { callLogAvailable },
+      debugBuild = { debugBuild },
+      refreshNodeCanvasCapability = { false },
+      onCanvasA2uiPush = {},
+      onCanvasA2uiReset = {},
+      motionActivityAvailable = { motionActivityAvailable },
+      motionPedometerAvailable = { motionPedometerAvailable },
+    )
+  }
+
+  private fun newCameraHandler(appContext: Context): CameraHandler {
+    return CameraHandler(
+      appContext = appContext,
+      camera = CameraCaptureManager(appContext),
+      externalAudioCaptureActive = MutableStateFlow(false),
+      showCameraHud = { _, _, _ -> },
+      triggerCameraFlash = {},
+      invokeErrorFromThrowable = { err -> "UNAVAILABLE" to (err.message ?: "camera failed") },
+    )
+  }
+}
+
+private class InvokeDispatcherFakeLocationDataSource : LocationDataSource {
+  override fun hasFinePermission(context: Context): Boolean = false
+
+  override fun hasCoarsePermission(context: Context): Boolean = false
+
+  override suspend fun fetchLocation(
+    desiredProviders: List<String>,
+    maxAgeMs: Long?,
+    timeoutMs: Long,
+    isPrecise: Boolean,
+  ): LocationCaptureManager.Payload {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeNotificationsStateProvider : NotificationsStateProvider {
+  override fun readSnapshot(context: Context): DeviceNotificationSnapshot {
+    return DeviceNotificationSnapshot(enabled = false, connected = false, notifications = emptyList())
+  }
+
+  override fun requestServiceRebind(context: Context) = Unit
+
+  override fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult {
+    return NotificationActionResult(ok = true, code = null, message = null)
+  }
+}
+
+private class InvokeDispatcherFakeSystemNotificationPoster : SystemNotificationPoster {
+  override fun isAuthorized(): Boolean = true
+
+  override fun post(request: SystemNotifyRequest) = Unit
+}
+
+private class InvokeDispatcherFakePhotosDataSource : PhotosDataSource {
+  override fun hasPermission(context: Context): Boolean = true
+
+  override fun latest(context: Context, request: PhotosLatestRequest): List<EncodedPhotoPayload> = emptyList()
+}
+
+private class InvokeDispatcherFakeContactsDataSource : ContactsDataSource {
+  override fun hasReadPermission(context: Context): Boolean = true
+
+  override fun hasWritePermission(context: Context): Boolean = true
+
+  override fun search(context: Context, request: ContactsSearchRequest): List<ContactRecord> = emptyList()
+
+  override fun add(context: Context, request: ContactsAddRequest): ContactRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeCalendarDataSource : CalendarDataSource {
+  override fun hasReadPermission(context: Context): Boolean = true
+
+  override fun hasWritePermission(context: Context): Boolean = true
+
+  override fun events(context: Context, request: CalendarEventsRequest): List<CalendarEventRecord> = emptyList()
+
+  override fun add(context: Context, request: CalendarAddRequest): CalendarEventRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeMotionDataSource : MotionDataSource {
+  override fun isActivityAvailable(context: Context): Boolean = false
+
+  override fun isPedometerAvailable(context: Context): Boolean = false
+
+  override fun hasPermission(context: Context): Boolean = true
+
+  override suspend fun activity(context: Context, request: MotionActivityRequest): MotionActivityRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+
+  override suspend fun pedometer(context: Context, request: MotionPedometerRequest): PedometerRecord {
+    error("unused in InvokeDispatcherTest")
+  }
+}
+
+private class InvokeDispatcherFakeCallLogDataSource : CallLogDataSource {
+  override fun hasReadPermission(context: Context): Boolean = true
+
+  override fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord> = emptyList()
+}

apps/android/app/src/test/java/ai/openclaw/app/node/LocationHandlerTest.kt

@@ -1,7 +1,9 @@
 package ai.openclaw.app.node
 
 import android.content.Context
+import android.location.LocationManager
 import kotlinx.coroutines.test.runTest
+import kotlinx.serialization.json.Json
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
@@ -65,12 +67,110 @@ class LocationHandlerTest : NodeHandlerRobolectricTest() {
     assertTrue(granted.hasFineLocationPermission())
     assertFalse(granted.hasCoarseLocationPermission())
   }
+
+  @Test
+  fun handleLocationGet_usesPreciseGpsFirstWhenFinePermissionAndPreciseEnabled() =
+    runTest {
+      val source =
+        FakeLocationDataSource(
+          fineGranted = true,
+          coarseGranted = true,
+          payload = LocationCaptureManager.Payload("""{"ok":true}"""),
+        )
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource = source,
+          locationPreciseEnabled = { true },
+        )
+
+      val result = handler.handleLocationGet("""{"desiredAccuracy":"precise","maxAgeMs":1234,"timeoutMs":2000}""")
+
+      assertTrue(result.ok)
+      assertEquals(listOf(LocationManager.GPS_PROVIDER, LocationManager.NETWORK_PROVIDER), source.lastDesiredProviders)
+      assertEquals(1234L, source.lastMaxAgeMs)
+      assertEquals(2000L, source.lastTimeoutMs)
+      assertTrue(source.lastIsPrecise)
+    }
+
+  @Test
+  fun handleLocationGet_fallsBackToBalancedWhenPreciseUnavailable() =
+    runTest {
+      val source =
+        FakeLocationDataSource(
+          fineGranted = false,
+          coarseGranted = true,
+          payload = LocationCaptureManager.Payload("""{"ok":true}"""),
+        )
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource = source,
+          locationPreciseEnabled = { true },
+        )
+
+      val result = handler.handleLocationGet("""{"desiredAccuracy":"precise"}""")
+
+      assertTrue(result.ok)
+      assertEquals(listOf(LocationManager.NETWORK_PROVIDER, LocationManager.GPS_PROVIDER), source.lastDesiredProviders)
+      assertFalse(source.lastIsPrecise)
+    }
+
+  @Test
+  fun handleLocationGet_mapsTimeoutToLocationTimeout() =
+    runTest {
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource =
+            FakeLocationDataSource(
+              fineGranted = true,
+              coarseGranted = true,
+              timeout = true,
+            ),
+        )
+
+      val result = handler.handleLocationGet(null)
+
+      assertFalse(result.ok)
+      assertEquals("LOCATION_TIMEOUT", result.error?.code)
+      assertEquals("LOCATION_TIMEOUT: no fix in time", result.error?.message)
+    }
+
+  @Test
+  fun handleLocationGet_mapsOtherFailuresToLocationUnavailable() =
+    runTest {
+      val handler =
+        LocationHandler.forTesting(
+          appContext = appContext(),
+          dataSource =
+            FakeLocationDataSource(
+              fineGranted = true,
+              coarseGranted = true,
+              failure = IllegalStateException("gps offline"),
+            ),
+        )
+
+      val result = handler.handleLocationGet(null)
+
+      assertFalse(result.ok)
+      assertEquals("LOCATION_UNAVAILABLE", result.error?.code)
+      assertEquals("gps offline", result.error?.message)
+    }
 }
 
 private class FakeLocationDataSource(
   private val fineGranted: Boolean,
   private val coarseGranted: Boolean,
+  private val payload: LocationCaptureManager.Payload? = null,
+  private val failure: Throwable? = null,
+  private val timeout: Boolean = false,
 ) : LocationDataSource {
+  var lastDesiredProviders: List<String> = emptyList()
+  var lastMaxAgeMs: Long? = null
+  var lastTimeoutMs: Long? = null
+  var lastIsPrecise: Boolean = false
+
   override fun hasFinePermission(context: Context): Boolean = fineGranted
 
   override fun hasCoarsePermission(context: Context): Boolean = coarseGranted
@@ -81,8 +181,16 @@ private class FakeLocationDataSource(
     timeoutMs: Long,
     isPrecise: Boolean,
   ): LocationCaptureManager.Payload {
-    throw IllegalStateException(
-      "LocationHandlerTest: fetchLocation must not run in this scenario",
-    )
+    lastDesiredProviders = desiredProviders
+    lastMaxAgeMs = maxAgeMs
+    lastTimeoutMs = timeoutMs
+    lastIsPrecise = isPrecise
+    if (timeout) {
+      kotlinx.coroutines.withTimeout(1) {
+        kotlinx.coroutines.delay(5)
+      }
+    }
+    failure?.let { throw it }
+    return payload ?: LocationCaptureManager.Payload(Json.encodeToString(mapOf("ok" to true)))
   }
 }

apps/android/app/src/test/java/ai/openclaw/app/node/NotificationsHandlerTest.kt

@@ -140,6 +140,46 @@ class NotificationsHandlerTest {
       assertEquals(0, provider.actionRequests)
     }
 
+  @Test
+  fun notificationsActions_rejectsMissingKey() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n3")),
+          ),
+        )
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"action":"open"}""")
+
+      assertFalse(result.ok)
+      assertEquals("INVALID_REQUEST", result.error?.code)
+      assertEquals(0, provider.actionRequests)
+    }
+
+  @Test
+  fun notificationsActions_rejectsInvalidAction() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n3")),
+          ),
+        )
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n3","action":"archive"}""")
+
+      assertFalse(result.ok)
+      assertEquals("INVALID_REQUEST", result.error?.code)
+      assertEquals(0, provider.actionRequests)
+    }
+
   @Test
   fun notificationsActions_propagatesProviderError() =
     runTest {
@@ -167,6 +207,29 @@ class NotificationsHandlerTest {
       assertEquals(1, provider.actionRequests)
     }
 
+  @Test
+  fun notificationsActions_fallsBackWhenProviderOmitsErrorDetails() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n4")),
+          ),
+        ).also {
+          it.actionResult = NotificationActionResult(ok = false)
+        }
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n4","action":"open"}""")
+
+      assertFalse(result.ok)
+      assertEquals("UNAVAILABLE", result.error?.code)
+      assertEquals("notification action failed", result.error?.message)
+      assertEquals(1, provider.actionRequests)
+    }
+
   @Test
   fun notificationsActions_requestsRebindWhenEnabledButDisconnected() =
     runTest {

apps/android/app/src/test/java/ai/openclaw/app/node/SmsManagerTest.kt

@@ -1,15 +1,39 @@
 package ai.openclaw.app.node
 
+import kotlinx.serialization.json.jsonArray
 import kotlinx.serialization.json.jsonObject
 import kotlinx.serialization.json.jsonPrimitive
+import org.junit.Assert.assertArrayEquals
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
+import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
 import org.junit.Test
 
 class SmsManagerTest {
   private val json = SmsManager.JsonConfig
 
+  private fun smsMessage(
+    id: Long,
+    date: Long,
+    status: Int = 0,
+    body: String? = "msg-$id",
+    transportType: String? = null,
+  ): SmsManager.SmsMessage =
+    SmsManager.SmsMessage(
+      id = id,
+      threadId = 1L,
+      address = "+15551234567",
+      person = null,
+      date = date,
+      dateSent = date,
+      read = true,
+      type = 1,
+      body = body,
+      status = status,
+      transportType = transportType,
+    )
+
   @Test
   fun parseParamsRejectsEmptyPayload() {
     val result = SmsManager.parseParams("", json)
@@ -61,6 +85,73 @@ class SmsManagerTest {
     assertEquals("Hello", ok.params.message)
   }
 
+  @Test
+  fun parseQueryParamsDefaultsWhenPayloadEmpty() {
+    val result = SmsManager.parseQueryParams(null, json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertEquals(25, ok.params.limit)
+    assertEquals(0, ok.params.offset)
+    assertEquals(null, ok.params.startTime)
+    assertEquals(null, ok.params.endTime)
+  }
+
+  @Test
+  fun parseQueryParamsRejectsInvalidJson() {
+    val result = SmsManager.parseQueryParams("not-json", json)
+    assertTrue(result is SmsManager.QueryParseResult.Error)
+    val error = result as SmsManager.QueryParseResult.Error
+    assertEquals("INVALID_REQUEST: expected JSON object", error.error)
+  }
+
+  @Test
+  fun parseQueryParamsRejectsInvertedTimeRange() {
+    val result = SmsManager.parseQueryParams("{\"startTime\":200,\"endTime\":100}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Error)
+    val error = result as SmsManager.QueryParseResult.Error
+    assertEquals("INVALID_REQUEST: startTime must be less than or equal to endTime", error.error)
+  }
+
+  @Test
+  fun parseQueryParamsClampsLimitAndOffset() {
+    val result = SmsManager.parseQueryParams("{\"limit\":999,\"offset\":-5}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertEquals(200, ok.params.limit)
+    assertEquals(0, ok.params.offset)
+  }
+
+  @Test
+  fun parseQueryParamsParsesAllSupportedFields() {
+    val result = SmsManager.parseQueryParams(
+      """
+      {
+        "startTime": 100,
+        "endTime": 200,
+        "contactName": " Leah ",
+        "phoneNumber": " +1555 ",
+        "keyword": " ping ",
+        "type": 1,
+        "isRead": true,
+        "limit": 10,
+        "offset": 2
+      }
+      """.trimIndent(),
+      json,
+    )
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertEquals(100L, ok.params.startTime)
+    assertEquals(200L, ok.params.endTime)
+    assertEquals("Leah", ok.params.contactName)
+    assertEquals("+1555", ok.params.phoneNumber)
+    assertEquals("ping", ok.params.keyword)
+    assertEquals(1, ok.params.type)
+    assertEquals(true, ok.params.isRead)
+    assertEquals(10, ok.params.limit)
+    assertEquals(2, ok.params.offset)
+  }
+
   @Test
   fun buildPayloadJsonEscapesFields() {
     val payload = SmsManager.buildPayloadJson(
@@ -75,6 +166,69 @@ class SmsManagerTest {
     assertEquals("SMS_SEND_FAILED: \"nope\"", parsed["error"]?.jsonPrimitive?.content)
   }
 
+  @Test
+  fun buildQueryPayloadJsonIncludesCountAndMessages() {
+    val payload = SmsManager.buildQueryPayloadJson(
+      json = json,
+      ok = true,
+      messages = listOf(
+        SmsManager.SmsMessage(
+          id = 1L,
+          threadId = 2L,
+          address = "+1555",
+          person = null,
+          date = 123L,
+          dateSent = 124L,
+          read = true,
+          type = 1,
+          body = "hello",
+          status = 0,
+        )
+      ),
+    )
+    val parsed = json.parseToJsonElement(payload).jsonObject
+    assertEquals("true", parsed["ok"]?.jsonPrimitive?.content)
+    assertEquals(1, parsed["count"]?.jsonPrimitive?.content?.toInt())
+    val messages = parsed["messages"]?.jsonArray
+    assertEquals(1, messages?.size)
+    assertEquals("hello", messages?.get(0)?.jsonObject?.get("body")?.jsonPrimitive?.content)
+  }
+
+  @Test
+  fun buildQueryPayloadJsonIncludesErrorOnFailure() {
+    val payload = SmsManager.buildQueryPayloadJson(
+      json = json,
+      ok = false,
+      messages = emptyList(),
+      error = "SMS_QUERY_FAILED: nope",
+    )
+    val parsed = json.parseToJsonElement(payload).jsonObject
+    assertEquals("false", parsed["ok"]?.jsonPrimitive?.content)
+    assertEquals(0, parsed["count"]?.jsonPrimitive?.content?.toInt())
+    assertEquals("SMS_QUERY_FAILED: nope", parsed["error"]?.jsonPrimitive?.content)
+  }
+
+  @Test
+  fun buildQueryPayloadJsonIncludesMmsMetadataWhenProvided() {
+    val payload = SmsManager.buildQueryPayloadJson(
+      json = json,
+      ok = true,
+      messages = listOf(smsMessage(id = 1L, date = 1000L)),
+      queryMetadata =
+        SmsManager.QueryMetadata(
+          mmsRequested = true,
+          mmsEligible = true,
+          mmsAttempted = true,
+          mmsIncluded = false,
+        ),
+    )
+    val parsed = json.parseToJsonElement(payload).jsonObject
+    assertEquals("true", parsed["mmsRequested"]?.jsonPrimitive?.content)
+    assertEquals("true", parsed["mmsEligible"]?.jsonPrimitive?.content)
+    assertEquals("true", parsed["mmsAttempted"]?.jsonPrimitive?.content)
+    assertEquals("false", parsed["mmsIncluded"]?.jsonPrimitive?.content)
+  }
+
   @Test
   fun buildSendPlanUsesMultipartWhenMultipleParts() {
     val plan = SmsManager.buildSendPlan("hello") { listOf("a", "b") }
@@ -98,14 +252,6 @@ class SmsManagerTest {
     assertEquals(0, ok.params.offset)
   }
 
-  @Test
-  fun parseQueryParamsRejectsInvalidJson() {
-    val result = SmsManager.parseQueryParams("not-json", json)
-    assertTrue(result is SmsManager.QueryParseResult.Error)
-    val error = result as SmsManager.QueryParseResult.Error
-    assertEquals("INVALID_REQUEST: expected JSON object", error.error)
-  }
-
   @Test
   fun parseQueryParamsRejectsNonObjectJson() {
     val result = SmsManager.parseQueryParams("[]", json)
@@ -179,4 +325,749 @@ class SmsManagerTest {
     val ok = result as SmsManager.QueryParseResult.Ok
     assertEquals(true, ok.params.isRead)
   }
+
+  @Test
+  fun parseQueryParamsIncludeMmsDefaultsFalse() {
+    val result = SmsManager.parseQueryParams("{}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertFalse(ok.params.includeMms)
+  }
+
+  @Test
+  fun parseQueryParamsParsesIncludeMmsTrue() {
+    val result = SmsManager.parseQueryParams("{\"includeMms\":true}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertTrue(ok.params.includeMms)
+  }
+
+  @Test
+  fun parseQueryParamsParsesConversationReviewTrue() {
+    val result = SmsManager.parseQueryParams("{\"conversationReview\":true}", json)
+    assertTrue(result is SmsManager.QueryParseResult.Ok)
+    val ok = result as SmsManager.QueryParseResult.Ok
+    assertTrue(ok.params.conversationReview)
+  }
+
+  @Test
+  fun toByPhoneLookupNumberStripsFormattingToDigits() {
+    assertEquals("12107588120", SmsManager.toByPhoneLookupNumber("+1 (210) 758-8120"))
+  }
+
+  @Test
+  fun normalizePhoneNumberOrNullReturnsNullForFormattingOnlyInput() {
+    assertNull(SmsManager.normalizePhoneNumberOrNull("() -   "))
+  }
+
+  @Test
+  fun normalizePhoneNumberOrNullReturnsNullForPlusOnlyInput() {
+    assertNull(SmsManager.normalizePhoneNumberOrNull(" + "))
+  }
+
+  @Test
+  fun normalizePhoneNumberOrNullKeepsUsableNormalizedNumber() {
+    assertEquals("+15551234567", SmsManager.normalizePhoneNumberOrNull(" +1 (555) 123-4567 "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsFormattingOnlyInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull(" () -   "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsPlusOnlyInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull(" + "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullKeepsUsableNormalizedNumber() {
+    assertEquals("+15551234567", SmsManager.sanitizeContactPhoneNumberOrNull(" +1 (555) 123-4567 "))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsPercentWildcardInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull("1%2"))
+  }
+
+  @Test
+  fun sanitizeContactPhoneNumberOrNullDropsUnderscoreWildcardInput() {
+    assertNull(SmsManager.sanitizeContactPhoneNumberOrNull("1_2"))
+  }
+
+  @Test
+  fun shouldPromptForContactNameSearchPermissionTrueForContactNameOnlyWithoutContactsAccess() {
+    assertTrue(
+      SmsManager.shouldPromptForContactNameSearchPermission(
+        contactName = "Alice",
+        phoneNumber = null,
+        hasReadContactsPermission = false,
+      ),
+    )
+  }
+
+  @Test
+  fun shouldPromptForContactNameSearchPermissionFalseWhenExplicitPhoneFallbackExists() {
+    assertFalse(
+      SmsManager.shouldPromptForContactNameSearchPermission(
+        contactName = "Alice",
+        phoneNumber = "+15551234567",
+        hasReadContactsPermission = false,
+      ),
+    )
+  }
+
+  @Test
+  fun shouldPromptForContactNameSearchPermissionFalseWhenContactsAlreadyGranted() {
+    assertFalse(
+      SmsManager.shouldPromptForContactNameSearchPermission(
+        contactName = "Alice",
+        phoneNumber = null,
+        hasReadContactsPermission = true,
+      ),
+    )
+  }
+
+  @Test
+  fun escapeSqlLikeLiteralEscapesPercentUnderscoreAndBackslash() {
+    assertEquals("\\%a\\_b\\\\c", SmsManager.escapeSqlLikeLiteral("%a_b\\c"))
+  }
+
+  @Test
+  fun escapeSqlLikeLiteralLeavesOrdinaryTextUnchanged() {
+    assertEquals("Leah", SmsManager.escapeSqlLikeLiteral("Leah"))
+  }
+
+  @Test
+  fun buildContactNameLikeSelectionUsesSingleBackslashEscapeLiteral() {
+    assertEquals(
+      "display_name LIKE ? ESCAPE '\\'",
+      SmsManager.buildContactNameLikeSelection(),
+    )
+  }
+
+  @Test
+  fun buildContactNameLikeArgEscapesWildcardsAndBackslash() {
+    assertEquals("%\\%a\\_b\\\\c%", SmsManager.buildContactNameLikeArg("%a_b\\c"))
+  }
+
+  @Test
+  fun buildKeywordLikeSelectionUsesSingleBackslashEscapeLiteral() {
+    assertEquals(
+      "body LIKE ? ESCAPE '\\'",
+      SmsManager.buildKeywordLikeSelection(),
+    )
+  }
+
+  @Test
+  fun buildKeywordLikeArgEscapesWildcardsAndBackslash() {
+    assertEquals("%\\%a\\_b\\\\c%", SmsManager.buildKeywordLikeArg("%a_b\\c"))
+  }
+
+  @Test
+  fun buildMixedByPhoneProjectionMatchesExpectedStatusAwareShape() {
+    assertArrayEquals(
+      arrayOf(
+        "_id",
+        "thread_id",
+        "transport_type",
+        "address",
+        "date",
+        "date_sent",
+        "read",
+        "type",
+        "body",
+        "status",
+      ),
+      SmsManager.buildMixedByPhoneProjection(),
+    )
+  }
+
+  @Test
+  fun compareByPhoneCandidateOrderUsesDateThenIdDescending() {
+    val newer = smsMessage(id = 1L, date = 2000L)
+    val older = smsMessage(id = 2L, date = 1000L)
+    val sameDateHigherId = smsMessage(id = 9L, date = 1500L)
+    val sameDateLowerId = smsMessage(id = 3L, date = 1500L)
+
+    assertTrue(SmsManager.compareByPhoneCandidateOrder(newer, older) < 0)
+    assertTrue(SmsManager.compareByPhoneCandidateOrder(sameDateHigherId, sameDateLowerId) < 0)
+    assertTrue(SmsManager.compareByPhoneCandidateOrder(sameDateLowerId, sameDateHigherId) > 0)
+  }
+
+  @Test
+  fun upsertTopDateCandidatesKeepsDescendingOrderAndBounds() {
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val max = 2
+
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1", smsMessage(id = 1L, date = 1700L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:2", smsMessage(id = 2L, date = 2000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:3", smsMessage(id = 3L, date = 1500L), max)
+
+    assertEquals(listOf(2L, 1L), candidates.map { it.second.id })
+    assertEquals(listOf(2000L, 1700L), candidates.map { it.second.date })
+  }
+
+  @Test
+  fun upsertTopDateCandidatesSupportsDefaultMixedPathBoundedWindow() {
+    val params = SmsManager.QueryParams(limit = 3, offset = 2, includeMms = true, phoneNumber = "+15551234567")
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val max = params.offset + params.limit
+
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1", smsMessage(id = 1L, date = 1000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:2", smsMessage(id = 2L, date = 2000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:3", smsMessage(id = 3L, date = 3000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:4", smsMessage(id = 4L, date = 4000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:5", smsMessage(id = 5L, date = 5000L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:6", smsMessage(id = 6L, date = 6000L), max)
+
+    assertEquals(5, candidates.size)
+    assertEquals(listOf(6L, 5L, 4L, 3L, 2L), candidates.map { it.second.id })
+    assertEquals(listOf(4000L, 3000L, 2000L), SmsManager.pageByPhoneCandidates(candidates.map { it.second }, params).map { it.date })
+  }
+
+  @Test
+  fun upsertTopDateCandidatesDedupesBySourceAwareIdentityAndKeepsBestOrdering() {
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val max = 5
+
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1987", smsMessage(id = 1987L, date = 1773950752506L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1986", smsMessage(id = 1986L, date = 1773899354039L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1985", smsMessage(id = 1985L, date = 1773872989602L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1981", smsMessage(id = 1981L, date = 1773790733566L), max)
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1976", smsMessage(id = 1976L, date = 1773784153770L), max)
+
+    // same source-aware identity should replace, not duplicate
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1986", smsMessage(id = 1986L, date = 1773899354039L), max)
+    // different source-aware identity with same raw id must be preserved
+    SmsManager.upsertTopDateCandidates(candidates, "mms:1986", smsMessage(id = 1986L, date = 1773899354038L), max)
+
+    assertEquals(5, candidates.size)
+    assertEquals(2, candidates.count { it.second.id == 1986L })
+    assertEquals(listOf("sms:1987", "sms:1986", "mms:1986", "sms:1985", "sms:1981"), candidates.map { it.first })
+  }
+
+  @Test
+  fun materializeByPhoneCandidateDedupesBySourceAwareIdentity() {
+    val candidates = linkedMapOf<String, SmsManager.SmsMessage>()
+
+    SmsManager.materializeByPhoneCandidate(candidates, "sms:1", smsMessage(id = 1L, date = 1000L))
+    SmsManager.materializeByPhoneCandidate(candidates, "sms:1", smsMessage(id = 1L, date = 2000L))
+    SmsManager.materializeByPhoneCandidate(candidates, "mms:1", smsMessage(id = 1L, date = 1500L))
+
+    assertEquals(2, candidates.size)
+    assertEquals(2000L, candidates["sms:1"]?.date)
+    assertEquals(1500L, candidates["mms:1"]?.date)
+  }
+
+  @Test
+  fun collectMixedByPhoneCandidateUsesBoundedCollectorWhenReviewModeDisabled() {
+    val topCandidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val materializedCandidates = linkedMapOf<String, SmsManager.SmsMessage>()
+
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "sms:1",
+      message = smsMessage(id = 1L, date = 1000L),
+      maxCandidates = 1,
+      reviewMode = false,
+    )
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "mms:2",
+      message = smsMessage(id = 2L, date = 2000L, transportType = "mms"),
+      maxCandidates = 1,
+      reviewMode = false,
+    )
+
+    assertEquals(listOf(2L), topCandidates.map { it.second.id })
+    assertTrue(materializedCandidates.isEmpty())
+  }
+
+  @Test
+  fun collectMixedByPhoneCandidateMaterializesFullSetWhenReviewModeEnabled() {
+    val topCandidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    val materializedCandidates = linkedMapOf<String, SmsManager.SmsMessage>()
+
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "sms:1",
+      message = smsMessage(id = 1L, date = 1000L),
+      maxCandidates = 1,
+      reviewMode = true,
+    )
+    SmsManager.collectMixedByPhoneCandidate(
+      topCandidates = topCandidates,
+      materializedCandidates = materializedCandidates,
+      identityKey = "mms:2",
+      message = smsMessage(id = 2L, date = 2000L, transportType = "mms"),
+      maxCandidates = 1,
+      reviewMode = true,
+    )
+
+    assertTrue(topCandidates.isEmpty())
+    assertEquals(listOf(1L, 2L), materializedCandidates.values.map { it.id })
+  }
+
+  @Test
+  fun pageMixedByPhoneCandidatesLetsReviewModeSurfaceOlderRowsBeyondBoundedDefaultWindow() {
+    val params =
+      SmsManager.QueryParams(
+        limit = 2,
+        offset = 2,
+        includeMms = true,
+        phoneNumber = "+15551234567",
+        conversationReview = true,
+      )
+    val topCandidates = listOf(
+      "sms:9" to smsMessage(id = 9L, date = 9000L),
+      "sms:8" to smsMessage(id = 8L, date = 8000L),
+      "sms:7" to smsMessage(id = 7L, date = 7000L),
+    )
+    val materializedCandidates =
+      linkedMapOf(
+        "sms:9" to smsMessage(id = 9L, date = 9000L),
+        "sms:8" to smsMessage(id = 8L, date = 8000L),
+        "sms:7" to smsMessage(id = 7L, date = 7000L),
+        "mms:6" to smsMessage(id = 6L, date = 6000L, transportType = "mms"),
+      )
+
+    val defaultPage =
+      SmsManager.pageMixedByPhoneCandidates(
+        topCandidates = topCandidates,
+        materializedCandidates = materializedCandidates,
+        params = params.copy(conversationReview = false),
+        reviewMode = false,
+      )
+    val reviewPage =
+      SmsManager.pageMixedByPhoneCandidates(
+        topCandidates = topCandidates,
+        materializedCandidates = materializedCandidates,
+        params = params,
+        reviewMode = true,
+      )
+
+    assertEquals(listOf(7L), defaultPage.map { it.id })
+    assertEquals(listOf(7L, 6L), reviewPage.map { it.id })
+    assertEquals(4, materializedCandidates.size)
+  }
+
+  @Test
+  fun pageByPhoneCandidatesHonorsDeepOffsetAfterStableSort() {
+    val params = SmsManager.QueryParams(limit = 5, offset = 5, includeMms = true)
+    val candidates = listOf(
+      smsMessage(id = 1399L, date = 1741112335720L),
+      smsMessage(id = 1976L, date = 1773784153770L),
+      smsMessage(id = 1981L, date = 1773790733566L),
+      smsMessage(id = 1985L, date = 1773872989602L),
+      smsMessage(id = 1986L, date = 1773899354039L),
+      smsMessage(id = 1987L, date = 1773950752506L),
+    )
+
+    assertEquals(listOf(1399L), SmsManager.pageByPhoneCandidates(candidates, params).map { it.id })
+    assertTrue(SmsManager.pageByPhoneCandidates(candidates, params.copy(offset = 10)).isEmpty())
+  }
+
+  @Test
+  fun upsertTopDateCandidatesNoOpWhenMaxIsZero() {
+    val candidates = mutableListOf<Pair<String, SmsManager.SmsMessage>>()
+    SmsManager.upsertTopDateCandidates(candidates, "sms:1", smsMessage(id = 1L, date = 2000L), 0)
+    assertTrue(candidates.isEmpty())
+  }
+
+  @Test
+  fun buildMixedRowIdentityUsesTransportTypeAndRowId() {
+    assertEquals("sms:7", SmsManager.buildMixedRowIdentity(7L, "sms"))
+    assertEquals("mms:7", SmsManager.buildMixedRowIdentity(7L, "mms"))
+    assertEquals("unknown:7", SmsManager.buildMixedRowIdentity(7L, null))
+    assertEquals("unknown:7", SmsManager.buildMixedRowIdentity(7L, ""))
+  }
+
+  @Test
+  fun normalizeProviderDateMillisConvertsSecondsToMillis() {
+    assertEquals(1773944910000L, SmsManager.normalizeProviderDateMillis(1773944910L))
+  }
+
+  @Test
+  fun normalizeProviderDateMillisKeepsMillisUnchanged() {
+    assertEquals(1773944910123L, SmsManager.normalizeProviderDateMillis(1773944910123L))
+  }
+
+  @Test
+  fun normalizeProviderDateMillisKeepsHistoricMillisUnchanged() {
+    assertEquals(946684800000L, SmsManager.normalizeProviderDateMillis(946684800000L))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowStatusPreservesRealSmsStatus() {
+    assertEquals(64, SmsManager.resolveMixedByPhoneRowStatus("sms", 64))
+    assertEquals(32, SmsManager.resolveMixedByPhoneRowStatus(null, 32))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowStatusKeepsMmsOnSentinelValue() {
+    assertEquals(-1, SmsManager.resolveMixedByPhoneRowStatus("mms", 64))
+    assertEquals(-1, SmsManager.resolveMixedByPhoneRowStatus("MMS", null))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowStatusFallsBackToZeroWhenSmsStatusMissing() {
+    assertEquals(0, SmsManager.resolveMixedByPhoneRowStatus("sms", null))
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressPreservesProviderAddressWhenPresent() {
+    assertEquals(
+      "+12107588120",
+      SmsManager.resolveMixedByPhoneRowAddress("+12107588120", "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressFallsBackToLookupNumberWhenProviderAddressMissing() {
+    assertEquals(
+      "12107588120",
+      SmsManager.resolveMixedByPhoneRowAddress(null, "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressCanPreserveLookupNumberWhenProviderAlreadyReturnsIt() {
+    assertEquals(
+      "12107588120",
+      SmsManager.resolveMixedByPhoneRowAddress("12107588120", "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressPreservesNonMatchingProviderAddress() {
+    assertEquals(
+      "+13105550123",
+      SmsManager.resolveMixedByPhoneRowAddress("+13105550123", "12107588120"),
+    )
+  }
+
+  @Test
+  fun resolveMixedByPhoneRowAddressPrefersResolvedMmsParticipantAddress() {
+    assertEquals(
+      "+13105550123",
+      SmsManager.resolveMixedByPhoneRowAddress("insert-address-token", "12107588120", "+13105550123"),
+    )
+  }
+
+  @Test
+  fun selectPreferredMmsAddressPrefersType137AddressThatDoesNotMatchLookup() {
+    assertEquals(
+      "+13105550123",
+      SmsManager.selectPreferredMmsAddress(
+        listOf(
+          "+12107588120" to 151,
+          "+13105550123" to 137,
+          "+12107588120" to 130,
+        ),
+        "12107588120",
+      ),
+    )
+  }
+
+  @Test
+  fun selectPreferredMmsAddressFallsBackToFirstNormalizedAddressWhenOnlyLookupMatchesExist() {
+    assertEquals(
+      "+12107588120",
+      SmsManager.selectPreferredMmsAddress(
+        listOf(
+          "insert-address-token" to 137,
+          "+12107588120" to 151,
+        ),
+        "12107588120",
+      ),
+    )
+  }
+
+  @Test
+  fun isExplicitPhoneInputInvalidTrueWhenCallerSuppliesOnlyFormatting() {
+    val normalized = SmsManager.normalizePhoneNumberOrNull(" + ")
+    assertTrue(SmsManager.isExplicitPhoneInputInvalid(" + ", normalized))
+  }
+
+  @Test
+  fun hasSqlLikeWildcardDetectsPercentAndUnderscore() {
+    assertTrue(SmsManager.hasSqlLikeWildcard("+1555%1234"))
+    assertTrue(SmsManager.hasSqlLikeWildcard("+1555_1234"))
+    assertFalse(SmsManager.hasSqlLikeWildcard("+15551234"))
+  }
+
+  @Test
+  fun isExplicitPhoneInputInvalidRejectsLikeWildcardPhoneFilter() {
+    assertTrue(SmsManager.isExplicitPhoneInputInvalid("+1555%1234", "+1555%1234"))
+    assertTrue(SmsManager.isExplicitPhoneInputInvalid("+1555_1234", "+1555_1234"))
+  }
+
+  @Test
+  fun isExplicitPhoneInputInvalidFalseWhenPhoneWasOmitted() {
+    assertFalse(SmsManager.isExplicitPhoneInputInvalid(null, null))
+    assertFalse(SmsManager.isExplicitPhoneInputInvalid("   ", null))
+  }
+
+  @Test
+  fun mapMmsMsgBoxToSearchTypeCoversSearchRelevantMmsBoxes() {
+    assertEquals(1, SmsManager.mapMmsMsgBoxToSearchType(1))
+    assertEquals(2, SmsManager.mapMmsMsgBoxToSearchType(2))
+    assertEquals(3, SmsManager.mapMmsMsgBoxToSearchType(3))
+    assertEquals(4, SmsManager.mapMmsMsgBoxToSearchType(4))
+    assertEquals(5, SmsManager.mapMmsMsgBoxToSearchType(5))
+    assertEquals(6, SmsManager.mapMmsMsgBoxToSearchType(6))
+  }
+
+  @Test
+  fun mapMmsMsgBoxToSearchTypeLeavesUnsupportedBoxesUnmapped() {
+    assertNull(SmsManager.mapMmsMsgBoxToSearchType(0))
+    assertNull(SmsManager.mapMmsMsgBoxToSearchType(99))
+    assertNull(SmsManager.mapMmsMsgBoxToSearchType(null))
+  }
+
+  @Test
+  fun shouldUseConversationReviewByPhoneModeOnlyForMixedByPhoneReviewPulls() {
+    val active =
+      SmsManager.QueryParams(
+        limit = 5,
+        offset = 0,
+        isRead = null,
+        contactName = null,
+        phoneNumber = "+12107588120",
+        keyword = null,
+        startTime = null,
+        endTime = null,
+        includeMms = true,
+        conversationReview = true,
+      )
+    val disabledByMode = active.copy(conversationReview = false)
+    val disabledByMms = active.copy(includeMms = false)
+    val disabledByPhone = active.copy(phoneNumber = null)
+
+    assertTrue(SmsManager.shouldUseConversationReviewByPhoneMode(active))
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(disabledByMode))
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(disabledByMms))
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(disabledByPhone))
+  }
+
+  @Test
+  fun effectiveSearchParamsRaisesConversationReviewLimitFloor() {
+    val params =
+      SmsManager.QueryParams(
+        limit = 5,
+        offset = 0,
+        isRead = null,
+        contactName = null,
+        phoneNumber = "+12107588120",
+        keyword = null,
+        startTime = null,
+        endTime = null,
+        includeMms = true,
+        conversationReview = true,
+      )
+
+    assertEquals(25, SmsManager.effectiveSearchParams(params).limit)
+    assertEquals(40, SmsManager.effectiveSearchParams(params.copy(limit = 40)).limit)
+    assertEquals(5, SmsManager.effectiveSearchParams(params.copy(conversationReview = false)).limit)
+
+    val singleResolvedContact = params.copy(phoneNumber = null, contactName = "Leah")
+    assertEquals(25, SmsManager.effectiveSearchParams(singleResolvedContact, listOf("15551234567")).limit)
+    assertEquals(5, SmsManager.effectiveSearchParams(singleResolvedContact, listOf("15551234567", "15557654321")).limit)
+    assertEquals(
+      SmsManager.effectiveSearchParams(params).limit,
+      SmsManager.effectiveSearchParams(singleResolvedContact, listOf("15551234567")).limit,
+    )
+  }
+
+  @Test
+  fun resolveSearchParamsCarriesSingleResolvedContactIntoReviewMode() {
+    val params =
+      SmsManager.QueryParams(
+        limit = 5,
+        offset = 0,
+        isRead = null,
+        contactName = "Leah",
+        phoneNumber = null,
+        keyword = null,
+        startTime = null,
+        endTime = null,
+        includeMms = true,
+        conversationReview = true,
+      )
+
+    val beforeResolution = SmsManager.resolveSearchParams(params, normalizedPhoneNumber = null)
+    val singleResolved =
+      SmsManager.resolveSearchParams(
+        params,
+        normalizedPhoneNumber = null,
+        resolvedPhoneNumbers = listOf("15551234567"),
+      )
+    val multiResolved =
+      SmsManager.resolveSearchParams(
+        params,
+        normalizedPhoneNumber = null,
+        resolvedPhoneNumbers = listOf("15551234567", "15557654321"),
+      )
+    val explicit =
+      SmsManager.resolveSearchParams(
+        params.copy(contactName = null, phoneNumber = "+12107588120"),
+        normalizedPhoneNumber = "12107588120",
+      )
+    val nonReview =
+      SmsManager.resolveSearchParams(
+        params.copy(conversationReview = false),
+        normalizedPhoneNumber = null,
+        resolvedPhoneNumbers = listOf("15551234567"),
+      )
+
+    assertEquals(5, beforeResolution.limit)
+    assertEquals(25, singleResolved.limit)
+    assertEquals("15551234567", singleResolved.phoneNumber)
+    assertTrue(SmsManager.shouldUseConversationReviewByPhoneMode(singleResolved))
+    assertEquals(5, multiResolved.limit)
+    assertNull(multiResolved.phoneNumber)
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(multiResolved))
+    assertEquals(25, explicit.limit)
+    assertEquals("12107588120", explicit.phoneNumber)
+    assertEquals(5, nonReview.limit)
+    assertEquals("15551234567", nonReview.phoneNumber)
+    assertFalse(SmsManager.shouldUseConversationReviewByPhoneMode(nonReview))
+  }
+
+  @Test
+  fun canonicalizeMixedPathPhoneFiltersDedupesEquivalentExplicitAndContactNumbers() {
+    assertEquals(
+      listOf("15551234567"),
+      SmsManager.canonicalizeMixedPathPhoneFilters(listOf("+15551234567", "15551234567")),
+    )
+  }
+
+  @Test
+  fun canonicalizeMixedPathPhoneFiltersDropsBlankByPhoneValues() {
+    assertEquals(
+      listOf("15551234567"),
+      SmsManager.canonicalizeMixedPathPhoneFilters(listOf("+15551234567", "+", "   ")),
+    )
+  }
+
+  @Test
+  fun buildQueryMetadataUsesCanonicalizedSingleMixedFilterAsEligible() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val canonical = SmsManager.canonicalizeMixedPathPhoneFilters(listOf("+15551234567", "15551234567"))
+
+    val metadata = SmsManager.buildQueryMetadata(params, canonical, emptyList())
+
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+  }
+
+  @Test
+  fun requestedMixedByPhoneCandidateWindowAddsOffsetAndLimitSafely() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567", limit = 200, offset = 300)
+    assertEquals(500L, SmsManager.requestedMixedByPhoneCandidateWindow(params))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowFalseAtSupportedBoundary() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567", limit = 200, offset = 300)
+    assertFalse(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567")))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowTrueWhenSingleNumberMixedWindowTooLarge() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567", limit = 200, offset = 301)
+    assertTrue(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567")))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowFalseForSmsOnlyQueries() {
+    val params = SmsManager.QueryParams(includeMms = false, phoneNumber = "+15551234567", limit = 200, offset = 50000)
+    assertFalse(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567")))
+  }
+
+  @Test
+  fun exceedsMixedByPhoneCandidateWindowFalseWhenMultiplePhoneNumbersDisableMixedByPhonePath() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = null, limit = 200, offset = 50000)
+    assertFalse(SmsManager.exceedsMixedByPhoneCandidateWindow(params, listOf("+15551234567", "+15557654321")))
+  }
+
+  @Test
+  fun mixedByPhoneWindowErrorMentionsSupportedWindow() {
+    assertEquals(
+      "INVALID_REQUEST: includeMms offset+limit exceeds supported window (500)",
+      SmsManager.mixedByPhoneWindowError(),
+    )
+  }
+
+  @Test
+  fun buildQueryMetadataMarksIneligibleWhenIncludeMmsNotRequested() {
+    val params = SmsManager.QueryParams(includeMms = false)
+
+    val metadata = SmsManager.buildQueryMetadata(params, emptyList(), emptyList())
+
+    assertFalse(metadata.mmsRequested)
+    assertFalse(metadata.mmsEligible)
+    assertFalse(metadata.mmsAttempted)
+    assertFalse(metadata.mmsIncluded)
+  }
+
+  @Test
+  fun buildQueryMetadataMarksEligibleAttemptedButNotIncludedForSingleNumberFallback() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val messages = listOf(smsMessage(id = 1L, date = 1000L))
+
+    val metadata = SmsManager.buildQueryMetadata(params, listOf("+15551234567"), messages)
+
+    assertTrue(metadata.mmsRequested)
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+    assertFalse(metadata.mmsIncluded)
+  }
+
+  @Test
+  fun isMmsTransportRowTrueOnlyForMmsTransport() {
+    assertTrue(SmsManager.isMmsTransportRow(smsMessage(id = 1L, date = 1000L, transportType = "mms")))
+    assertFalse(SmsManager.isMmsTransportRow(smsMessage(id = 2L, date = 1000L, transportType = "sms")))
+    assertFalse(SmsManager.isMmsTransportRow(smsMessage(id = 3L, date = 1000L, transportType = null)))
+  }
+
+  @Test
+  fun shouldHydrateMmsByPhoneRowTrueOnlyForMmsTransportWithBlankBodyOrZeroType() {
+    assertTrue(SmsManager.shouldHydrateMmsByPhoneRow("mms", null, 1))
+    assertTrue(SmsManager.shouldHydrateMmsByPhoneRow("mms", "", 1))
+    assertTrue(SmsManager.shouldHydrateMmsByPhoneRow("mms", "body", 0))
+    assertFalse(SmsManager.shouldHydrateMmsByPhoneRow("sms", null, 0))
+    assertFalse(SmsManager.shouldHydrateMmsByPhoneRow(null, null, 0))
+    assertFalse(SmsManager.shouldHydrateMmsByPhoneRow("mms", "body", 1))
+  }
+
+  @Test
+  fun buildQueryMetadataDoesNotTreatSmsStatusSentinelAsMmsInclusion() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val smsLikeMessage = smsMessage(id = 7L, date = 1000L, status = -1, transportType = "sms")
+
+    val metadata = SmsManager.buildQueryMetadata(params, listOf("15551234567"), listOf(smsLikeMessage))
+
+    assertTrue(metadata.mmsRequested)
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+    assertFalse(metadata.mmsIncluded)
+  }
+
+  @Test
+  fun buildQueryMetadataMarksIncludedWhenMixedQueryYieldsMmsTransportRow() {
+    val params = SmsManager.QueryParams(includeMms = true, phoneNumber = "+15551234567")
+    val mmsTransportMessage = smsMessage(id = 7L, date = 1000L, status = 0, body = null, transportType = "mms")
+
+    val metadata = SmsManager.buildQueryMetadata(params, listOf("15551234567"), listOf(mmsTransportMessage))
+
+    assertTrue(metadata.mmsRequested)
+    assertTrue(metadata.mmsEligible)
+    assertTrue(metadata.mmsAttempted)
+    assertTrue(metadata.mmsIncluded)
+  }
 }

apps/android/app/src/test/java/ai/openclaw/app/node/SystemHandlerTest.kt

@@ -26,6 +26,16 @@ class SystemHandlerTest {
     assertEquals("INVALID_REQUEST", result.error?.code)
   }
 
+  @Test
+  fun handleSystemNotify_rejectsInvalidRequestObject() {
+    val handler = SystemHandler.forTesting(poster = FakePoster(authorized = true))
+
+    val result = handler.handleSystemNotify("""{"title":"OpenClaw"}""")
+
+    assertFalse(result.ok)
+    assertEquals("INVALID_REQUEST", result.error?.code)
+  }
+
   @Test
   fun handleSystemNotify_postsNotification() {
     val poster = FakePoster(authorized = true)
@@ -37,6 +47,23 @@ class SystemHandlerTest {
     assertEquals(1, poster.posts)
   }
 
+  @Test
+  fun handleSystemNotify_trimsAndPassesOptionalFields() {
+    val poster = FakePoster(authorized = true)
+    val handler = SystemHandler.forTesting(poster = poster)
+
+    val result =
+      handler.handleSystemNotify(
+        """{"title":" OpenClaw ","body":" done ","priority":" passive ","sound":" silent "}""",
+      )
+
+    assertTrue(result.ok)
+    assertEquals("OpenClaw", poster.lastRequest?.title)
+    assertEquals("done", poster.lastRequest?.body)
+    assertEquals("passive", poster.lastRequest?.priority)
+    assertEquals("silent", poster.lastRequest?.sound)
+  }
+
   @Test
   fun handleSystemNotify_returnsUnauthorizedWhenPostFailsPermission() {
     val handler = SystemHandler.forTesting(poster = ThrowingPoster(authorized = true, error = SecurityException("denied")))
@@ -55,6 +82,7 @@ class SystemHandlerTest {
 
     assertFalse(result.ok)
     assertEquals("UNAVAILABLE", result.error?.code)
+    assertEquals("NOTIFICATION_FAILED: boom", result.error?.message)
   }
 }
 
@@ -63,11 +91,14 @@ private class FakePoster(
 ) : SystemNotificationPoster {
   var posts: Int = 0
     private set
+  var lastRequest: SystemNotifyRequest? = null
+    private set
 
   override fun isAuthorized(): Boolean = authorized
 
   override fun post(request: SystemNotifyRequest) {
     posts += 1
+    lastRequest = request
   }
 }
 

apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawProtocolConstantsTest.kt

@@ -86,13 +86,15 @@ class OpenClawProtocolConstantsTest {
     assertEquals("motion.pedometer", OpenClawMotionCommand.Pedometer.rawValue)
   }
 
+  @Test
+  fun smsCommandsUseStableStrings() {
+    assertEquals("sms.send", OpenClawSmsCommand.Send.rawValue)
+    assertEquals("sms.search", OpenClawSmsCommand.Search.rawValue)
+  }
+
   @Test
   fun callLogCommandsUseStableStrings() {
     assertEquals("callLog.search", OpenClawCallLogCommand.Search.rawValue)
   }
 
-  @Test
-  fun smsCommandsUseStableStrings() {
-    assertEquals("sms.search", OpenClawSmsCommand.Search.rawValue)
-  }
 }

apps/android/app/src/test/java/ai/openclaw/app/ui/SettingsSheetNotificationAppsTest.kt

@@ -0,0 +1,35 @@
+package ai.openclaw.app.ui
+
+import org.junit.Assert.assertEquals
+import org.junit.Test
+
+class SettingsSheetNotificationAppsTest {
+  @Test
+  fun resolveNotificationCandidatePackages_keepsConfiguredPackagesVisible() {
+    val packages =
+      resolveNotificationCandidatePackages(
+        launcherPackages = setOf("com.example.launcher"),
+        recentPackages = listOf("com.example.recent", "com.example.launcher"),
+        configuredPackages = setOf("com.example.configured"),
+        appPackageName = "ai.openclaw.app",
+      )
+
+    assertEquals(
+      setOf("com.example.launcher", "com.example.recent", "com.example.configured"),
+      packages,
+    )
+  }
+
+  @Test
+  fun resolveNotificationCandidatePackages_filtersBlankAndSelfPackages() {
+    val packages =
+      resolveNotificationCandidatePackages(
+        launcherPackages = setOf(" ", "ai.openclaw.app"),
+        recentPackages = listOf("com.example.recent", "  "),
+        configuredPackages = setOf("ai.openclaw.app", "com.example.configured"),
+        appPackageName = "ai.openclaw.app",
+      )
+
+    assertEquals(setOf("com.example.recent", "com.example.configured"), packages)
+  }
+}

apps/ios/Config/Version.xcconfig

@@ -1,8 +1,8 @@
 // Shared iOS version defaults.
 // Generated overrides live in build/Version.xcconfig (git-ignored).
 
-OPENCLAW_GATEWAY_VERSION = 2026.3.25
-OPENCLAW_MARKETING_VERSION = 2026.3.25
-OPENCLAW_BUILD_VERSION = 202603250
+OPENCLAW_GATEWAY_VERSION = 2026.3.30
+OPENCLAW_MARKETING_VERSION = 2026.3.30
+OPENCLAW_BUILD_VERSION = 2026033000
 
 #include? "../build/Version.xcconfig"

apps/ios/README.md

@@ -65,9 +65,9 @@ Release behavior:
 - Beta release also switches the app to `OpenClawPushTransport=relay`, `OpenClawPushDistribution=official`, and `OpenClawPushAPNsEnvironment=production`.
 - The beta flow does not modify `apps/ios/.local-signing.xcconfig` or `apps/ios/LocalSigning.xcconfig`.
 - Root `package.json.version` is the only version source for iOS.
-- A root version like `2026.3.22-beta.1` becomes:
-  - `CFBundleShortVersionString = 2026.3.22`
-  - `CFBundleVersion = next TestFlight build number for 2026.3.22`
+- A root version like `2026.3.30-beta.1` becomes:
+  - `CFBundleShortVersionString = 2026.3.30`
+  - `CFBundleVersion = next TestFlight build number for 2026.3.30`
 
 Required env for beta builds:
 

apps/ios/Sources/LiveActivity/LiveActivityManager.swift

@@ -1,4 +1,4 @@
-import ActivityKit
+@preconcurrency import ActivityKit
 import Foundation
 import os
 

apps/macos/Package.resolved

@@ -43,7 +43,7 @@
       "location" : "https://github.com/steipete/Peekaboo.git",
       "state" : {
         "branch" : "main",
-        "revision" : "bace59f90bb276f1c6fb613acfda3935ec4a7a90"
+        "revision" : "8659b70d386d02f831e277386b3216023ccc707e"
       }
     },
     {
@@ -96,8 +96,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/swiftlang/swift-subprocess.git",
       "state" : {
-        "revision" : "ba5888ad7758cbcbe7abebac37860b1652af2d9c",
-        "version" : "0.3.0"
+        "revision" : "13d087685b95d64d6aac9b94500d347bbe84c39b",
+        "version" : "0.4.0"
       }
     },
     {

apps/macos/Package.swift

@@ -16,9 +16,9 @@ let package = Package(
     ],
     dependencies: [
         .package(url: "https://github.com/orchetect/MenuBarExtraAccess", exact: "1.2.2"),
-        .package(url: "https://github.com/swiftlang/swift-subprocess.git", from: "0.1.0"),
-        .package(url: "https://github.com/apple/swift-log.git", from: "1.8.0"),
-        .package(url: "https://github.com/sparkle-project/Sparkle", from: "2.8.1"),
+        .package(url: "https://github.com/swiftlang/swift-subprocess.git", from: "0.4.0"),
+        .package(url: "https://github.com/apple/swift-log.git", from: "1.10.1"),
+        .package(url: "https://github.com/sparkle-project/Sparkle", from: "2.9.0"),
         .package(url: "https://github.com/steipete/Peekaboo.git", branch: "main"),
         .package(path: "../shared/OpenClawKit"),
         .package(path: "../../Swabble"),

apps/macos/Sources/OpenClaw/DebugSettings.swift

@@ -768,10 +768,8 @@ struct DebugSettings: View {
     }
 
     private func loadSessionStorePath() {
-        let url = self.configURL()
+        let parsed = OpenClawConfigFile.loadDict()
         guard
-            let data = try? Data(contentsOf: url),
-            let parsed = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
             let session = parsed["session"] as? [String: Any],
             let path = session["store"] as? String
         else {
@@ -783,28 +781,14 @@ struct DebugSettings: View {
 
     private func saveSessionStorePath() {
         let trimmed = self.sessionStorePath.trimmingCharacters(in: .whitespacesAndNewlines)
-        var root: [String: Any] = [:]
-        let url = self.configURL()
-        if let data = try? Data(contentsOf: url),
-           let parsed = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
-        {
-            root = parsed
-        }
+        var root = OpenClawConfigFile.loadDict()
 
         var session = root["session"] as? [String: Any] ?? [:]
         session["store"] = trimmed.isEmpty ? SessionLoader.defaultStorePath : trimmed
         root["session"] = session
 
-        do {
-            let data = try JSONSerialization.data(withJSONObject: root, options: [.prettyPrinted, .sortedKeys])
-            try FileManager().createDirectory(
-                at: url.deletingLastPathComponent(),
-                withIntermediateDirectories: true)
-            try data.write(to: url, options: [.atomic])
-            self.sessionStoreSaveError = nil
-        } catch {
-            self.sessionStoreSaveError = error.localizedDescription
-        }
+        OpenClawConfigFile.saveDict(root)
+        self.sessionStoreSaveError = nil
     }
 
     private var bindingOverride: Binding<String> {
@@ -828,10 +812,6 @@ struct DebugSettings: View {
     private var canRestartGateway: Bool {
         self.state.connectionMode == .local
     }
-
-    private func configURL() -> URL {
-        OpenClawPaths.configURL
-    }
 }
 
 extension DebugSettings {

apps/macos/Sources/OpenClaw/GatewayEnvironment.swift

@@ -193,7 +193,7 @@ enum GatewayEnvironment {
         let port = self.gatewayPort()
         if let gatewayBin {
             let bind = self.preferredGatewayBind() ?? "loopback"
-            let cmd = [gatewayBin, "gateway-daemon", "--port", "\(port)", "--bind", bind]
+            let cmd = [gatewayBin, "gateway", "--port", "\(port)", "--bind", bind]
             return GatewayCommandResolution(status: status, command: cmd)
         }
 
@@ -201,7 +201,7 @@ enum GatewayEnvironment {
            case let .success(resolvedRuntime) = runtime
         {
             let bind = self.preferredGatewayBind() ?? "loopback"
-            let cmd = [resolvedRuntime.path, entry, "gateway-daemon", "--port", "\(port)", "--bind", bind]
+            let cmd = [resolvedRuntime.path, entry, "gateway", "--port", "\(port)", "--bind", bind]
             return GatewayCommandResolution(status: status, command: cmd)
         }
 
@@ -291,6 +291,17 @@ enum GatewayEnvironment {
 
     // MARK: - Internals
 
+    /// Exposed for tests so CLI version output normalization stays local to gateway checks.
+    static func normalizeGatewayVersionOutput(_ raw: String?) -> String? {
+        guard var normalized = raw?.trimmingCharacters(in: .whitespacesAndNewlines), !normalized.isEmpty else {
+            return nil
+        }
+        if normalized.lowercased().hasPrefix("openclaw ") {
+            normalized = String(normalized.dropFirst("openclaw ".count))
+        }
+        return normalized
+    }
+
     private static func readGatewayVersion(binary: String) -> Semver? {
         let start = Date()
         let process = Process()
@@ -317,9 +328,8 @@ enum GatewayEnvironment {
                     bin=\(binary, privacy: .public)
                     """)
             }
-            let raw = String(data: data, encoding: .utf8)?
-                .trimmingCharacters(in: .whitespacesAndNewlines)
-            return Semver.parse(raw)
+            let raw = String(data: data, encoding: .utf8)
+            return Semver.parse(self.normalizeGatewayVersionOutput(raw))
         } catch {
             let elapsedMs = Int(Date().timeIntervalSince(start) * 1000)
             self.logger.error(

apps/macos/Sources/OpenClaw/GatewayProcessManager.swift

@@ -44,6 +44,7 @@ final class GatewayProcessManager {
     private var logRefreshTask: Task<Void, Never>?
     #if DEBUG
     private var testingConnection: GatewayConnection?
+    private var testingSkipControlChannelRefresh = false
     #endif
     private let logger = Logger(subsystem: "ai.openclaw", category: "gateway.process")
 
@@ -364,6 +365,11 @@ final class GatewayProcessManager {
     }
 
     private func refreshControlChannelIfNeeded(reason: String) {
+        #if DEBUG
+        if self.testingSkipControlChannelRefresh {
+            return
+        }
+        #endif
         switch ControlChannel.shared.state {
         case .connected, .connecting:
             return
@@ -421,6 +427,10 @@ extension GatewayProcessManager {
         self.testingConnection = connection
     }
 
+    func setTestingSkipControlChannelRefresh(_ skip: Bool) {
+        self.testingSkipControlChannelRefresh = skip
+    }
+
     func setTestingDesiredActive(_ active: Bool) {
         self.desiredActive = active
     }
@@ -428,5 +438,9 @@ extension GatewayProcessManager {
     func setTestingLastFailureReason(_ reason: String?) {
         self.lastFailureReason = reason
     }
+
+    func _testAttachExistingGatewayIfAvailable() async -> Bool {
+        await self.attachExistingGatewayIfAvailable()
+    }
 }
 #endif

apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift

@@ -18,6 +18,7 @@ enum HostEnvSecurityPolicy {
         "ENV",
         "GIT_EXTERNAL_DIFF",
         "GIT_EXEC_PATH",
+        "GIT_TEMPLATE_DIR",
         "SHELL",
         "SHELLOPTS",
         "PS4",
@@ -79,7 +80,8 @@ enum HostEnvSecurityPolicy {
         "GEM_PATH",
         "BUNDLE_GEMFILE",
         "COMPOSER_HOME",
-        "XDG_CONFIG_HOME"
+        "XDG_CONFIG_HOME",
+        "AWS_CONFIG_FILE"
     ]
 
     static let blockedOverridePrefixes: [String] = [

apps/macos/Sources/OpenClaw/OpenClawConfigFile.swift

@@ -44,6 +44,7 @@ enum OpenClawConfigFile {
         let previousData = try? Data(contentsOf: url)
         let previousRoot = previousData.flatMap { self.parseConfigData($0) }
         let previousBytes = previousData?.count
+        let previousAttributes = try? FileManager().attributesOfItem(atPath: url.path)
         let hadMetaBefore = self.hasMeta(previousRoot)
         let gatewayModeBefore = self.gatewayMode(previousRoot)
 
@@ -57,6 +58,7 @@ enum OpenClawConfigFile {
                 withIntermediateDirectories: true)
             try data.write(to: url, options: [.atomic])
             let nextBytes = data.count
+            let nextAttributes = try? FileManager().attributesOfItem(atPath: url.path)
             let gatewayModeAfter = self.gatewayMode(output)
             let suspicious = self.configWriteSuspiciousReasons(
                 existsBefore: previousData != nil,
@@ -74,6 +76,18 @@ enum OpenClawConfigFile {
                 "existsBefore": previousData != nil,
                 "previousBytes": previousBytes ?? NSNull(),
                 "nextBytes": nextBytes,
+                "previousDev": self.fileSystemNumber(previousAttributes?[.systemNumber]) ?? NSNull(),
+                "nextDev": self.fileSystemNumber(nextAttributes?[.systemNumber]) ?? NSNull(),
+                "previousIno": self.fileSystemNumber(previousAttributes?[.systemFileNumber]) ?? NSNull(),
+                "nextIno": self.fileSystemNumber(nextAttributes?[.systemFileNumber]) ?? NSNull(),
+                "previousMode": self.posixMode(previousAttributes?[.posixPermissions]) ?? NSNull(),
+                "nextMode": self.posixMode(nextAttributes?[.posixPermissions]) ?? NSNull(),
+                "previousNlink": self.fileAttributeInt(previousAttributes?[.referenceCount]) ?? NSNull(),
+                "nextNlink": self.fileAttributeInt(nextAttributes?[.referenceCount]) ?? NSNull(),
+                "previousUid": self.fileAttributeInt(previousAttributes?[.ownerAccountID]) ?? NSNull(),
+                "nextUid": self.fileAttributeInt(nextAttributes?[.ownerAccountID]) ?? NSNull(),
+                "previousGid": self.fileAttributeInt(previousAttributes?[.groupOwnerAccountID]) ?? NSNull(),
+                "nextGid": self.fileAttributeInt(nextAttributes?[.groupOwnerAccountID]) ?? NSNull(),
                 "hasMetaBefore": hadMetaBefore,
                 "hasMetaAfter": self.hasMeta(output),
                 "gatewayModeBefore": gatewayModeBefore ?? NSNull(),
@@ -384,6 +398,23 @@ enum OpenClawConfigFile {
         return date.timeIntervalSince1970 * 1000
     }
 
+    private static func fileAttributeInt(_ value: Any?) -> Int? {
+        if let number = value as? NSNumber { return number.intValue }
+        if let number = value as? Int { return number }
+        return nil
+    }
+
+    private static func fileSystemNumber(_ value: Any?) -> String? {
+        if let number = value as? NSNumber { return number.stringValue }
+        if let number = value as? Int { return String(number) }
+        return nil
+    }
+
+    private static func posixMode(_ value: Any?) -> Int? {
+        guard let mode = self.fileAttributeInt(value) else { return nil }
+        return mode & 0o777
+    }
+
     private static func configFingerprint(
         data: Data,
         root: [String: Any]?,
@@ -396,6 +427,12 @@ enum OpenClawConfigFile {
             "bytes": data.count,
             "mtimeMs": self.fileTimestampMs(attributes?[.modificationDate]) ?? NSNull(),
             "ctimeMs": self.fileTimestampMs(attributes?[.creationDate]) ?? NSNull(),
+            "dev": self.fileSystemNumber(attributes?[.systemNumber]) ?? NSNull(),
+            "ino": self.fileSystemNumber(attributes?[.systemFileNumber]) ?? NSNull(),
+            "mode": self.posixMode(attributes?[.posixPermissions]) ?? NSNull(),
+            "nlink": self.fileAttributeInt(attributes?[.referenceCount]) ?? NSNull(),
+            "uid": self.fileAttributeInt(attributes?[.ownerAccountID]) ?? NSNull(),
+            "gid": self.fileAttributeInt(attributes?[.groupOwnerAccountID]) ?? NSNull(),
             "hasMeta": self.hasMeta(root),
             "gatewayMode": self.gatewayMode(root) ?? NSNull(),
             "observedAt": observedAt,
@@ -408,6 +445,12 @@ enum OpenClawConfigFile {
             (left["bytes"] as? Int) == (right["bytes"] as? Int) &&
             (left["mtimeMs"] as? Double) == (right["mtimeMs"] as? Double) &&
             (left["ctimeMs"] as? Double) == (right["ctimeMs"] as? Double) &&
+            (left["dev"] as? String) == (right["dev"] as? String) &&
+            (left["ino"] as? String) == (right["ino"] as? String) &&
+            (left["mode"] as? Int) == (right["mode"] as? Int) &&
+            (left["nlink"] as? Int) == (right["nlink"] as? Int) &&
+            (left["uid"] as? Int) == (right["uid"] as? Int) &&
+            (left["gid"] as? Int) == (right["gid"] as? Int) &&
             (left["hasMeta"] as? Bool) == (right["hasMeta"] as? Bool) &&
             (left["gatewayMode"] as? String) == (right["gatewayMode"] as? String)
     }
@@ -509,6 +552,12 @@ enum OpenClawConfigFile {
             "bytes": current["bytes"] ?? NSNull(),
             "mtimeMs": current["mtimeMs"] ?? NSNull(),
             "ctimeMs": current["ctimeMs"] ?? NSNull(),
+            "dev": current["dev"] ?? NSNull(),
+            "ino": current["ino"] ?? NSNull(),
+            "mode": current["mode"] ?? NSNull(),
+            "nlink": current["nlink"] ?? NSNull(),
+            "uid": current["uid"] ?? NSNull(),
+            "gid": current["gid"] ?? NSNull(),
             "hasMeta": current["hasMeta"] ?? false,
             "gatewayMode": current["gatewayMode"] ?? NSNull(),
             "suspicious": suspicious,
@@ -516,11 +565,23 @@ enum OpenClawConfigFile {
             "lastKnownGoodBytes": lastKnownGood?["bytes"] ?? NSNull(),
             "lastKnownGoodMtimeMs": lastKnownGood?["mtimeMs"] ?? NSNull(),
             "lastKnownGoodCtimeMs": lastKnownGood?["ctimeMs"] ?? NSNull(),
+            "lastKnownGoodDev": lastKnownGood?["dev"] ?? NSNull(),
+            "lastKnownGoodIno": lastKnownGood?["ino"] ?? NSNull(),
+            "lastKnownGoodMode": lastKnownGood?["mode"] ?? NSNull(),
+            "lastKnownGoodNlink": lastKnownGood?["nlink"] ?? NSNull(),
+            "lastKnownGoodUid": lastKnownGood?["uid"] ?? NSNull(),
+            "lastKnownGoodGid": lastKnownGood?["gid"] ?? NSNull(),
             "lastKnownGoodGatewayMode": lastKnownGood?["gatewayMode"] ?? NSNull(),
             "backupHash": backup?["hash"] ?? NSNull(),
             "backupBytes": backup?["bytes"] ?? NSNull(),
             "backupMtimeMs": backup?["mtimeMs"] ?? NSNull(),
             "backupCtimeMs": backup?["ctimeMs"] ?? NSNull(),
+            "backupDev": backup?["dev"] ?? NSNull(),
+            "backupIno": backup?["ino"] ?? NSNull(),
+            "backupMode": backup?["mode"] ?? NSNull(),
+            "backupNlink": backup?["nlink"] ?? NSNull(),
+            "backupUid": backup?["uid"] ?? NSNull(),
+            "backupGid": backup?["gid"] ?? NSNull(),
             "backupGatewayMode": backup?["gatewayMode"] ?? NSNull(),
             "clobberedPath": clobberedPath ?? NSNull(),
         ])

apps/macos/Sources/OpenClaw/PortGuardian.swift

@@ -23,6 +23,9 @@ actor PortGuardian {
 
     private var records: [Record] = []
     private let logger = Logger(subsystem: "ai.openclaw", category: "portguard")
+    #if DEBUG
+    private var testingDescriptors: [Int: Descriptor] = [:]
+    #endif
     private nonisolated static let appSupportDir: URL = {
         let base = FileManager().urls(for: .applicationSupportDirectory, in: .userDomainMask).first!
         return base.appendingPathComponent("OpenClaw", isDirectory: true)
@@ -130,6 +133,11 @@ actor PortGuardian {
     }
 
     func describe(port: Int) async -> Descriptor? {
+        #if DEBUG
+        if let descriptor = self.testingDescriptors[port] {
+            return descriptor
+        }
+        #endif
         guard let listener = await self.listeners(on: port).first else { return nil }
         let path = Self.executablePath(for: listener.pid)
         return Descriptor(pid: listener.pid, command: listener.command, executablePath: path)
@@ -368,8 +376,12 @@ actor PortGuardian {
             if port == GatewayEnvironment.gatewayPort() { return true }
             return false
         case .local:
-            // The gateway daemon may listen as `openclaw` or as its runtime (`node`, `bun`, etc).
-            if full.contains("gateway-daemon") { return true }
+            // Preserve both the legacy hidden alias and the current service process title.
+            if full.contains("gateway-daemon") || full.contains("openclaw-gateway")
+                || cmd.contains("openclaw-gateway")
+            {
+                return true
+            }
             // If args are unavailable, treat a CLI listener as expected.
             if cmd.contains("openclaw"), full == cmd { return true }
             return false
@@ -402,6 +414,18 @@ actor PortGuardian {
     }
 }
 
+#if DEBUG
+extension PortGuardian {
+    func setTestingDescriptor(_ descriptor: Descriptor?, forPort port: Int) {
+        if let descriptor {
+            self.testingDescriptors[port] = descriptor
+        } else {
+            self.testingDescriptors.removeValue(forKey: port)
+        }
+    }
+}
+#endif
+
 #if DEBUG
 extension PortGuardian {
     static func _testParseListeners(_ text: String) -> [(

apps/macos/Sources/OpenClaw/Resources/Info.plist

@@ -15,9 +15,9 @@
     <key>CFBundlePackageType</key>
     <string>APPL</string>
     <key>CFBundleShortVersionString</key>
-    <string>2026.3.25</string>
+    <string>2026.3.30</string>
     <key>CFBundleVersion</key>
-    <string>202603250</string>
+    <string>2026033000</string>
     <key>CFBundleIconFile</key>
     <string>OpenClaw</string>
     <key>CFBundleURLTypes</key>

apps/macos/Sources/OpenClawProtocol/GatewayModels.swift

@@ -9,6 +9,7 @@ public enum ErrorCode: String, Codable, Sendable {
     case notPaired = "NOT_PAIRED"
     case agentTimeout = "AGENT_TIMEOUT"
     case invalidRequest = "INVALID_REQUEST"
+    case approvalNotFound = "APPROVAL_NOT_FOUND"
     case unavailable = "UNAVAILABLE"
 }
 
@@ -2234,21 +2235,29 @@ public struct AgentSummary: Codable, Sendable {
     public let id: String
     public let name: String?
     public let identity: [String: AnyCodable]?
+    public let workspace: String?
+    public let model: [String: AnyCodable]?
 
     public init(
         id: String,
         name: String?,
-        identity: [String: AnyCodable]?)
+        identity: [String: AnyCodable]?,
+        workspace: String?,
+        model: [String: AnyCodable]?)
     {
         self.id = id
         self.name = name
         self.identity = identity
+        self.workspace = workspace
+        self.model = model
     }
 
     private enum CodingKeys: String, CodingKey {
         case id
         case name
         case identity
+        case workspace
+        case model
     }
 }
 
@@ -3434,6 +3443,90 @@ public struct ExecApprovalResolveParams: Codable, Sendable {
     }
 }
 
+public struct PluginApprovalRequestParams: Codable, Sendable {
+    public let pluginid: String?
+    public let title: String
+    public let description: String
+    public let severity: String?
+    public let toolname: String?
+    public let toolcallid: String?
+    public let agentid: String?
+    public let sessionkey: String?
+    public let turnsourcechannel: String?
+    public let turnsourceto: String?
+    public let turnsourceaccountid: String?
+    public let turnsourcethreadid: AnyCodable?
+    public let timeoutms: Int?
+    public let twophase: Bool?
+
+    public init(
+        pluginid: String?,
+        title: String,
+        description: String,
+        severity: String?,
+        toolname: String?,
+        toolcallid: String?,
+        agentid: String?,
+        sessionkey: String?,
+        turnsourcechannel: String?,
+        turnsourceto: String?,
+        turnsourceaccountid: String?,
+        turnsourcethreadid: AnyCodable?,
+        timeoutms: Int?,
+        twophase: Bool?)
+    {
+        self.pluginid = pluginid
+        self.title = title
+        self.description = description
+        self.severity = severity
+        self.toolname = toolname
+        self.toolcallid = toolcallid
+        self.agentid = agentid
+        self.sessionkey = sessionkey
+        self.turnsourcechannel = turnsourcechannel
+        self.turnsourceto = turnsourceto
+        self.turnsourceaccountid = turnsourceaccountid
+        self.turnsourcethreadid = turnsourcethreadid
+        self.timeoutms = timeoutms
+        self.twophase = twophase
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case pluginid = "pluginId"
+        case title
+        case description
+        case severity
+        case toolname = "toolName"
+        case toolcallid = "toolCallId"
+        case agentid = "agentId"
+        case sessionkey = "sessionKey"
+        case turnsourcechannel = "turnSourceChannel"
+        case turnsourceto = "turnSourceTo"
+        case turnsourceaccountid = "turnSourceAccountId"
+        case turnsourcethreadid = "turnSourceThreadId"
+        case timeoutms = "timeoutMs"
+        case twophase = "twoPhase"
+    }
+}
+
+public struct PluginApprovalResolveParams: Codable, Sendable {
+    public let id: String
+    public let decision: String
+
+    public init(
+        id: String,
+        decision: String)
+    {
+        self.id = id
+        self.decision = decision
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case id
+        case decision
+    }
+}
+
 public struct DevicePairListParams: Codable, Sendable {}
 
 public struct DevicePairApproveParams: Codable, Sendable {
@@ -3637,6 +3730,10 @@ public struct ChatSendParams: Codable, Sendable {
     public let message: String
     public let thinking: String?
     public let deliver: Bool?
+    public let originatingchannel: String?
+    public let originatingto: String?
+    public let originatingaccountid: String?
+    public let originatingthreadid: String?
     public let attachments: [AnyCodable]?
     public let timeoutms: Int?
     public let systeminputprovenance: [String: AnyCodable]?
@@ -3648,6 +3745,10 @@ public struct ChatSendParams: Codable, Sendable {
         message: String,
         thinking: String?,
         deliver: Bool?,
+        originatingchannel: String?,
+        originatingto: String?,
+        originatingaccountid: String?,
+        originatingthreadid: String?,
         attachments: [AnyCodable]?,
         timeoutms: Int?,
         systeminputprovenance: [String: AnyCodable]?,
@@ -3658,6 +3759,10 @@ public struct ChatSendParams: Codable, Sendable {
         self.message = message
         self.thinking = thinking
         self.deliver = deliver
+        self.originatingchannel = originatingchannel
+        self.originatingto = originatingto
+        self.originatingaccountid = originatingaccountid
+        self.originatingthreadid = originatingthreadid
         self.attachments = attachments
         self.timeoutms = timeoutms
         self.systeminputprovenance = systeminputprovenance
@@ -3670,6 +3775,10 @@ public struct ChatSendParams: Codable, Sendable {
         case message
         case thinking
         case deliver
+        case originatingchannel = "originatingChannel"
+        case originatingto = "originatingTo"
+        case originatingaccountid = "originatingAccountId"
+        case originatingthreadid = "originatingThreadId"
         case attachments
         case timeoutms = "timeoutMs"
         case systeminputprovenance = "systemInputProvenance"

apps/macos/Tests/OpenClawIPCTests/GatewayEnvironmentTests.swift

@@ -19,6 +19,15 @@ struct GatewayEnvironmentTests {
         #expect(Semver.parse("invalid") == nil)
         #expect(Semver.parse("1.2") == nil)
         #expect(Semver.parse("1.2.x") == nil)
+        // Product-prefixed output from `openclaw --version` should NOT parse as semver
+        // (the prefix must be stripped by the caller, not the parser).
+        #expect(Semver.parse("OpenClaw 2026.3.23-1") == nil)
+    }
+
+    @Test func `gateway version output strips product prefix before parsing`() {
+        let normalized = GatewayEnvironment.normalizeGatewayVersionOutput("  OpenClaw 2026.3.23-1 \n")
+        #expect(normalized == "2026.3.23-1")
+        #expect(Semver.parse(normalized) == Semver(major: 2026, minor: 3, patch: 23))
     }
 
     @Test func `semver compatibility requires same major and not older`() {

apps/macos/Tests/OpenClawIPCTests/GatewayLaunchAgentManagerTests.swift

@@ -7,7 +7,7 @@ struct GatewayLaunchAgentManagerTests {
         let url = FileManager().temporaryDirectory
             .appendingPathComponent("openclaw-launchd-\(UUID().uuidString).plist")
         let plist: [String: Any] = [
-            "ProgramArguments": ["openclaw", "gateway-daemon", "--port", "18789", "--bind", "loopback"],
+            "ProgramArguments": ["openclaw", "gateway", "--port", "18789", "--bind", "loopback"],
             "EnvironmentVariables": [
                 "OPENCLAW_GATEWAY_TOKEN": " secret ",
                 "OPENCLAW_GATEWAY_PASSWORD": "pw",
@@ -28,7 +28,7 @@ struct GatewayLaunchAgentManagerTests {
         let url = FileManager().temporaryDirectory
             .appendingPathComponent("openclaw-launchd-\(UUID().uuidString).plist")
         let plist: [String: Any] = [
-            "ProgramArguments": ["openclaw", "gateway-daemon", "--port", "18789"],
+            "ProgramArguments": ["openclaw", "gateway", "--port", "18789"],
         ]
         let data = try PropertyListSerialization.data(fromPropertyList: plist, format: .xml, options: 0)
         try data.write(to: url, options: [.atomic])

apps/macos/Tests/OpenClawIPCTests/GatewayProcessManagerTests.swift

@@ -35,4 +35,92 @@ struct GatewayProcessManagerTests {
         #expect(ready)
         #expect(manager.lastFailureReason == nil)
     }
+
+    @Test func `attaches to existing gateway without spawning launchd`() async throws {
+        let healthData = Data(
+            """
+            {
+              "ok": true,
+              "ts": 1,
+              "durationMs": 0,
+              "channels": {
+                "telegram": {
+                  "configured": true,
+                  "linked": true,
+                  "authAgeMs": 60000
+                }
+              },
+              "channelOrder": ["telegram"],
+              "channelLabels": {
+                "telegram": "Telegram"
+              },
+              "heartbeatSeconds": 30,
+              "sessions": {
+                "path": "/tmp/sessions",
+                "count": 1,
+                "recent": []
+              }
+            }
+            """.utf8)
+        let session = GatewayTestWebSocketSession(
+            taskFactory: {
+                GatewayTestWebSocketTask(
+                    sendHook: { task, message, sendIndex in
+                        guard sendIndex > 0 else { return }
+                        guard let id = GatewayWebSocketTestSupport.requestID(from: message) else { return }
+                        let json = """
+                        {
+                          "type": "res",
+                          "id": "\(id)",
+                          "ok": true,
+                          "payload": \(String(decoding: healthData, as: UTF8.self))
+                        }
+                        """
+                        task.emitReceiveSuccess(.data(Data(json.utf8)))
+                    })
+            })
+        let url = try #require(URL(string: "ws://example.invalid"))
+        let connection = GatewayConnection(
+            configProvider: { (url: url, token: nil, password: nil) },
+            sessionBox: WebSocketSessionBox(session: session))
+        let port = GatewayEnvironment.gatewayPort()
+        let descriptor = PortGuardian.Descriptor(
+            pid: 4242,
+            command: "openclaw-gateway",
+            executablePath: "/tmp/openclaw-gateway")
+
+        let manager = GatewayProcessManager.shared
+        await PortGuardian.shared.setTestingDescriptor(descriptor, forPort: port)
+        manager.setTestingConnection(connection)
+        manager.setTestingSkipControlChannelRefresh(true)
+        manager.setTestingLastFailureReason("stale")
+
+        func cleanup() async {
+            await PortGuardian.shared.setTestingDescriptor(nil, forPort: port)
+            manager.setTestingConnection(nil)
+            manager.setTestingSkipControlChannelRefresh(false)
+            manager.setTestingDesiredActive(false)
+            manager.setTestingLastFailureReason(nil)
+        }
+
+        do {
+            let attached = await manager._testAttachExistingGatewayIfAvailable()
+            #expect(attached)
+            #expect(manager.lastFailureReason == nil)
+            guard case let .attachedExisting(statusDetails) = manager.status else {
+                Issue.record("expected attachedExisting status")
+                await cleanup()
+                return
+            }
+            let details = try #require(statusDetails)
+            #expect(details.contains("port \(port)"))
+            #expect(details.contains("Telegram linked"))
+            #expect(details.contains("auth 1m"))
+            #expect(details.contains("pid 4242 openclaw-gateway @ /tmp/openclaw-gateway"))
+            await cleanup()
+        } catch {
+            await cleanup()
+            throw error
+        }
+    }
 }

apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift

@@ -167,6 +167,11 @@ struct LowCoverageHelperTests {
             fullCommand: "python server.py",
             port: 18789, mode: .local) == false)
 
+        #expect(PortGuardian._testIsExpected(
+            command: "node",
+            fullCommand: "openclaw-gateway",
+            port: 18789, mode: .local) == true)
+
         #expect(PortGuardian._testIsExpected(
             command: "node",
             fullCommand: "node /path/to/gateway-daemon",

apps/macos/Tests/OpenClawIPCTests/NodeServiceManagerTests.swift

@@ -3,17 +3,19 @@ import Testing
 @testable import OpenClaw
 
 @Suite(.serialized) struct NodeServiceManagerTests {
-    @Test func `builds node service commands with current CLI shape`() throws {
-        let tmp = try makeTempDirForTests()
-        CommandResolver.setProjectRoot(tmp.path)
+    @Test func `builds node service commands with current CLI shape`() async throws {
+        try await TestIsolation.withUserDefaultsValues(["openclaw.gatewayProjectRootPath": nil]) {
+            let tmp = try makeTempDirForTests()
+            CommandResolver.setProjectRoot(tmp.path)
 
-        let openclawPath = tmp.appendingPathComponent("node_modules/.bin/openclaw")
-        try makeExecutableForTests(at: openclawPath)
+            let openclawPath = tmp.appendingPathComponent("node_modules/.bin/openclaw")
+            try makeExecutableForTests(at: openclawPath)
 
-        let start = NodeServiceManager._testServiceCommand(["start"])
-        #expect(start == [openclawPath.path, "node", "start", "--json"])
+            let start = NodeServiceManager._testServiceCommand(["start"])
+            #expect(start == [openclawPath.path, "node", "start", "--json"])
 
-        let stop = NodeServiceManager._testServiceCommand(["stop"])
-        #expect(stop == [openclawPath.path, "node", "stop", "--json"])
+            let stop = NodeServiceManager._testServiceCommand(["stop"])
+            #expect(stop == [openclawPath.path, "node", "stop", "--json"])
+        }
     }
 }

apps/macos/Tests/OpenClawIPCTests/OpenClawConfigFileTests.swift

@@ -133,6 +133,10 @@ struct OpenClawConfigFileTests {
             #expect(auditRoot?["event"] as? String == "config.write")
             #expect(auditRoot?["result"] as? String == "success")
             #expect(auditRoot?["configPath"] as? String == configPath.path)
+            #expect(auditRoot?["previousMode"] is NSNull)
+            #expect(auditRoot?["nextMode"] is NSNumber)
+            #expect(auditRoot?["previousIno"] is NSNull)
+            #expect(auditRoot?["nextIno"] as? String != nil)
         }
     }
 
@@ -188,6 +192,10 @@ struct OpenClawConfigFileTests {
             let auditRoot = try JSONSerialization.jsonObject(with: Data(observeLine.utf8)) as? [String: Any]
             #expect(auditRoot?["source"] as? String == "macos-openclaw-config-file")
             #expect(auditRoot?["configPath"] as? String == configPath.path)
+            #expect(auditRoot?["mode"] is NSNumber)
+            #expect(auditRoot?["ino"] as? String != nil)
+            #expect(auditRoot?["lastKnownGoodMode"] is NSNumber)
+            #expect(auditRoot?["backupMode"] is NSNull)
             let suspicious = auditRoot?["suspicious"] as? [String] ?? []
             #expect(suspicious.contains("gateway-mode-missing-vs-last-good"))
             #expect(suspicious.contains("update-channel-only-root"))

apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift

@@ -9,6 +9,7 @@ public enum ErrorCode: String, Codable, Sendable {
     case notPaired = "NOT_PAIRED"
     case agentTimeout = "AGENT_TIMEOUT"
     case invalidRequest = "INVALID_REQUEST"
+    case approvalNotFound = "APPROVAL_NOT_FOUND"
     case unavailable = "UNAVAILABLE"
 }
 
@@ -2234,21 +2235,29 @@ public struct AgentSummary: Codable, Sendable {
     public let id: String
     public let name: String?
     public let identity: [String: AnyCodable]?
+    public let workspace: String?
+    public let model: [String: AnyCodable]?
 
     public init(
         id: String,
         name: String?,
-        identity: [String: AnyCodable]?)
+        identity: [String: AnyCodable]?,
+        workspace: String?,
+        model: [String: AnyCodable]?)
     {
         self.id = id
         self.name = name
         self.identity = identity
+        self.workspace = workspace
+        self.model = model
     }
 
     private enum CodingKeys: String, CodingKey {
         case id
         case name
         case identity
+        case workspace
+        case model
     }
 }
 
@@ -3434,6 +3443,90 @@ public struct ExecApprovalResolveParams: Codable, Sendable {
     }
 }
 
+public struct PluginApprovalRequestParams: Codable, Sendable {
+    public let pluginid: String?
+    public let title: String
+    public let description: String
+    public let severity: String?
+    public let toolname: String?
+    public let toolcallid: String?
+    public let agentid: String?
+    public let sessionkey: String?
+    public let turnsourcechannel: String?
+    public let turnsourceto: String?
+    public let turnsourceaccountid: String?
+    public let turnsourcethreadid: AnyCodable?
+    public let timeoutms: Int?
+    public let twophase: Bool?
+
+    public init(
+        pluginid: String?,
+        title: String,
+        description: String,
+        severity: String?,
+        toolname: String?,
+        toolcallid: String?,
+        agentid: String?,
+        sessionkey: String?,
+        turnsourcechannel: String?,
+        turnsourceto: String?,
+        turnsourceaccountid: String?,
+        turnsourcethreadid: AnyCodable?,
+        timeoutms: Int?,
+        twophase: Bool?)
+    {
+        self.pluginid = pluginid
+        self.title = title
+        self.description = description
+        self.severity = severity
+        self.toolname = toolname
+        self.toolcallid = toolcallid
+        self.agentid = agentid
+        self.sessionkey = sessionkey
+        self.turnsourcechannel = turnsourcechannel
+        self.turnsourceto = turnsourceto
+        self.turnsourceaccountid = turnsourceaccountid
+        self.turnsourcethreadid = turnsourcethreadid
+        self.timeoutms = timeoutms
+        self.twophase = twophase
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case pluginid = "pluginId"
+        case title
+        case description
+        case severity
+        case toolname = "toolName"
+        case toolcallid = "toolCallId"
+        case agentid = "agentId"
+        case sessionkey = "sessionKey"
+        case turnsourcechannel = "turnSourceChannel"
+        case turnsourceto = "turnSourceTo"
+        case turnsourceaccountid = "turnSourceAccountId"
+        case turnsourcethreadid = "turnSourceThreadId"
+        case timeoutms = "timeoutMs"
+        case twophase = "twoPhase"
+    }
+}
+
+public struct PluginApprovalResolveParams: Codable, Sendable {
+    public let id: String
+    public let decision: String
+
+    public init(
+        id: String,
+        decision: String)
+    {
+        self.id = id
+        self.decision = decision
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case id
+        case decision
+    }
+}
+
 public struct DevicePairListParams: Codable, Sendable {}
 
 public struct DevicePairApproveParams: Codable, Sendable {
@@ -3637,6 +3730,10 @@ public struct ChatSendParams: Codable, Sendable {
     public let message: String
     public let thinking: String?
     public let deliver: Bool?
+    public let originatingchannel: String?
+    public let originatingto: String?
+    public let originatingaccountid: String?
+    public let originatingthreadid: String?
     public let attachments: [AnyCodable]?
     public let timeoutms: Int?
     public let systeminputprovenance: [String: AnyCodable]?
@@ -3648,6 +3745,10 @@ public struct ChatSendParams: Codable, Sendable {
         message: String,
         thinking: String?,
         deliver: Bool?,
+        originatingchannel: String?,
+        originatingto: String?,
+        originatingaccountid: String?,
+        originatingthreadid: String?,
         attachments: [AnyCodable]?,
         timeoutms: Int?,
         systeminputprovenance: [String: AnyCodable]?,
@@ -3658,6 +3759,10 @@ public struct ChatSendParams: Codable, Sendable {
         self.message = message
         self.thinking = thinking
         self.deliver = deliver
+        self.originatingchannel = originatingchannel
+        self.originatingto = originatingto
+        self.originatingaccountid = originatingaccountid
+        self.originatingthreadid = originatingthreadid
         self.attachments = attachments
         self.timeoutms = timeoutms
         self.systeminputprovenance = systeminputprovenance
@@ -3670,6 +3775,10 @@ public struct ChatSendParams: Codable, Sendable {
         case message
         case thinking
         case deliver
+        case originatingchannel = "originatingChannel"
+        case originatingto = "originatingTo"
+        case originatingaccountid = "originatingAccountId"
+        case originatingthreadid = "originatingThreadId"
         case attachments
         case timeoutms = "timeoutMs"
         case systeminputprovenance = "systemInputProvenance"

docs/.generated/config-baseline.jsonl

@@ -1,4 +1,4 @@
-{"generatedBy":"scripts/generate-config-doc-baseline.ts","recordType":"meta","totalPaths":5531}
+{"generatedBy":"scripts/generate-config-doc-baseline.ts","recordType":"meta","totalPaths":5593}
 {"recordType":"path","path":"acp","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"ACP","help":"ACP runtime controls for enabling dispatch, selecting backends, constraining allowed agent targets, and tuning streamed turn projection behavior.","hasChildren":true}
 {"recordType":"path","path":"acp.allowedAgents","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"ACP Allowed Agents","help":"Allowlist of ACP target agent ids permitted for ACP runtime sessions. Empty means no additional allowlist restriction.","hasChildren":true}
 {"recordType":"path","path":"acp.allowedAgents.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -217,6 +217,8 @@
 {"recordType":"path","path":"agents.defaults.memorySearch.sources.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"agents.defaults.memorySearch.store","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"agents.defaults.memorySearch.store.driver","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"agents.defaults.memorySearch.store.fts","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"agents.defaults.memorySearch.store.fts.tokenizer","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"agents.defaults.memorySearch.store.path","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"Memory Search Index Path","help":"Sets where the SQLite memory index is stored on disk for each agent. Keep the default `~/.openclaw/memory/{agentId}.sqlite` unless you need custom storage placement or backup policy alignment.","hasChildren":false}
 {"recordType":"path","path":"agents.defaults.memorySearch.store.vector","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"agents.defaults.memorySearch.store.vector.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"Memory Search Vector Index","help":"Enables the sqlite-vec extension used for vector similarity queries in memory search (default: true). Keep this enabled for normal semantic recall; disable only for debugging or fallback-only operation.","hasChildren":false}
@@ -443,6 +445,8 @@
 {"recordType":"path","path":"agents.list.*.memorySearch.sources.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"agents.list.*.memorySearch.store","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"agents.list.*.memorySearch.store.driver","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"agents.list.*.memorySearch.store.fts","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"agents.list.*.memorySearch.store.fts.tokenizer","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"agents.list.*.memorySearch.store.path","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"agents.list.*.memorySearch.store.vector","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"agents.list.*.memorySearch.store.vector.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -467,7 +471,7 @@
 {"recordType":"path","path":"agents.list.*.reasoningDefault","kind":"core","type":"string","required":false,"enumValues":["on","off","stream"],"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent Reasoning Default","help":"Optional per-agent default reasoning visibility (on|off|stream). Applies when no per-message or session reasoning override is set.","hasChildren":false}
 {"recordType":"path","path":"agents.list.*.runtime","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent Runtime","help":"Optional runtime descriptor for this agent. Use embedded for default OpenClaw execution or acp for external ACP harness defaults.","hasChildren":true}
 {"recordType":"path","path":"agents.list.*.runtime.acp","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent ACP Runtime","help":"ACP runtime defaults for this agent when runtime.type=acp. Binding-level ACP overrides still take precedence per conversation.","hasChildren":true}
-{"recordType":"path","path":"agents.list.*.runtime.acp.agent","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent ACP Harness Agent","help":"Optional ACP harness agent id to use for this OpenClaw agent (for example codex, claude).","hasChildren":false}
+{"recordType":"path","path":"agents.list.*.runtime.acp.agent","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent ACP Harness Agent","help":"Optional ACP harness agent id to use for this OpenClaw agent (for example codex, claude, cursor, gemini, openclaw).","hasChildren":false}
 {"recordType":"path","path":"agents.list.*.runtime.acp.backend","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent ACP Backend","help":"Optional ACP backend override for this agent's ACP sessions (falls back to global acp.backend).","hasChildren":false}
 {"recordType":"path","path":"agents.list.*.runtime.acp.cwd","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent ACP Working Directory","help":"Optional default working directory for this agent's ACP sessions.","hasChildren":false}
 {"recordType":"path","path":"agents.list.*.runtime.acp.mode","kind":"core","type":"string","required":false,"enumValues":["persistent","oneshot"],"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Agent ACP Mode","help":"Optional ACP session mode default for this agent (persistent or oneshot).","hasChildren":false}
@@ -638,7 +642,7 @@
 {"recordType":"path","path":"agents.list.*.tools.sandbox.tools.deny","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"agents.list.*.tools.sandbox.tools.deny.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"agents.list.*.workspace","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"approvals","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Approvals","help":"Approval routing controls for forwarding exec approval requests to chat destinations outside the originating session. Keep this disabled unless operators need explicit out-of-band approval visibility.","hasChildren":true}
+{"recordType":"path","path":"approvals","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Approvals","help":"Approval routing controls for forwarding exec and plugin approval requests to chat destinations outside the originating session. Keep these disabled unless operators need explicit out-of-band approval visibility.","hasChildren":true}
 {"recordType":"path","path":"approvals.exec","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Exec Approval Forwarding","help":"Groups exec-approval forwarding behavior including enablement, routing mode, filters, and explicit targets. Configure here when approval prompts must reach operational channels instead of only the origin thread.","hasChildren":true}
 {"recordType":"path","path":"approvals.exec.agentFilter","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Approval Agent Filter","help":"Optional allowlist of agent IDs eligible for forwarded approvals, for example `[\"primary\", \"ops-agent\"]`. Use this to limit forwarding blast radius and avoid notifying channels for unrelated agents.","hasChildren":true}
 {"recordType":"path","path":"approvals.exec.agentFilter.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -652,6 +656,19 @@
 {"recordType":"path","path":"approvals.exec.targets.*.channel","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Approval Target Channel","help":"Channel/provider ID used for forwarded approval delivery, such as discord, slack, or a plugin channel id. Use valid channel IDs only so approvals do not silently fail due to unknown routes.","hasChildren":false}
 {"recordType":"path","path":"approvals.exec.targets.*.threadId","kind":"core","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Approval Target Thread ID","help":"Optional thread/topic target for channels that support threaded delivery of forwarded approvals. Use this to keep approval traffic contained in operational threads instead of main channels.","hasChildren":false}
 {"recordType":"path","path":"approvals.exec.targets.*.to","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Approval Target Destination","help":"Destination identifier inside the target channel (channel ID, user ID, or thread root depending on provider). Verify semantics per provider because destination format differs across channel integrations.","hasChildren":false}
+{"recordType":"path","path":"approvals.plugin","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Forwarding","help":"Groups plugin-approval forwarding behavior including enablement, routing mode, filters, and explicit targets. Independent of exec approval forwarding. Configure here when plugin approval prompts must reach operational channels.","hasChildren":true}
+{"recordType":"path","path":"approvals.plugin.agentFilter","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Agent Filter","help":"Optional allowlist of agent IDs eligible for forwarded plugin approvals, for example `[\"primary\", \"ops-agent\"]`. Use this to limit forwarding blast radius.","hasChildren":true}
+{"recordType":"path","path":"approvals.plugin.agentFilter.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"approvals.plugin.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Forward Plugin Approvals","help":"Enables forwarding of plugin approval requests to configured delivery destinations (default: false). Independent of approvals.exec.enabled.","hasChildren":false}
+{"recordType":"path","path":"approvals.plugin.mode","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Forwarding Mode","help":"Controls where plugin approval prompts are sent: \"session\" uses origin chat, \"targets\" uses configured targets, and \"both\" sends to both paths.","hasChildren":false}
+{"recordType":"path","path":"approvals.plugin.sessionFilter","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["storage"],"label":"Plugin Approval Session Filter","help":"Optional session-key filters matched as substring or regex-style patterns, for example `[\"discord:\", \"^agent:ops:\"]`. Use narrow patterns so only intended approval contexts are forwarded.","hasChildren":true}
+{"recordType":"path","path":"approvals.plugin.sessionFilter.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"approvals.plugin.targets","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Forwarding Targets","help":"Explicit delivery targets used when plugin approval forwarding mode includes targets, each with channel and destination details.","hasChildren":true}
+{"recordType":"path","path":"approvals.plugin.targets.*","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"approvals.plugin.targets.*.accountId","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Target Account ID","help":"Optional account selector for multi-account channel setups when plugin approvals must route through a specific account context.","hasChildren":false}
+{"recordType":"path","path":"approvals.plugin.targets.*.channel","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Target Channel","help":"Channel/provider ID used for forwarded plugin approval delivery, such as discord, slack, or a plugin channel id.","hasChildren":false}
+{"recordType":"path","path":"approvals.plugin.targets.*.threadId","kind":"core","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Target Thread ID","help":"Optional thread/topic target for channels that support threaded delivery of forwarded plugin approvals.","hasChildren":false}
+{"recordType":"path","path":"approvals.plugin.targets.*.to","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Approval Target Destination","help":"Destination identifier inside the target channel (channel ID, user ID, or thread root depending on provider).","hasChildren":false}
 {"recordType":"path","path":"audio","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Audio","help":"Global audio ingestion settings used before higher-level tools process speech or media content. Configure this when you need deterministic transcription behavior for voice notes and clips.","hasChildren":true}
 {"recordType":"path","path":"audio.transcription","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["media"],"label":"Audio Transcription","help":"Command-based transcription settings for converting audio files into text before agent handling. Keep a simple, deterministic command path here so failures are easy to diagnose in logs.","hasChildren":true}
 {"recordType":"path","path":"audio.transcription.command","kind":"core","type":"array","required":true,"deprecated":false,"sensitive":false,"tags":["media"],"label":"Audio Transcription Command","help":"Executable + args used to transcribe audio (first token must be a safe binary/path), for example `[\"whisper-cli\", \"--model\", \"small\", \"{input}\"]`. Prefer a pinned command so runtime environments behave consistently.","hasChildren":true}
@@ -734,7 +751,7 @@
 {"recordType":"path","path":"canvasHost.liveReload","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["reliability"],"label":"Canvas Host Live Reload","help":"Enables automatic live-reload behavior for canvas assets during development workflows. Keep disabled in production-like environments where deterministic output is preferred.","hasChildren":false}
 {"recordType":"path","path":"canvasHost.port","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Canvas Host Port","help":"TCP port used by the canvas host HTTP server when canvas hosting is enabled. Choose a non-conflicting port and align firewall/proxy policy accordingly.","hasChildren":false}
 {"recordType":"path","path":"canvasHost.root","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Canvas Host Root Directory","help":"Filesystem root directory served by canvas host for canvas content and static assets. Use a dedicated directory and avoid broad repo roots for least-privilege file exposure.","hasChildren":false}
-{"recordType":"path","path":"channels","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Channels","help":"Channel provider configurations plus shared defaults that control access policies, heartbeat visibility, and per-surface behavior. Keep defaults centralized and override per provider only where required.","hasChildren":true}
+{"recordType":"path","path":"channels","kind":"core","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Channels","help":"Channel provider configurations plus shared defaults that control access policies, heartbeat visibility, and per-surface behavior. Keep defaults centralized and override per provider only where required.","hasChildren":true}
 {"recordType":"path","path":"channels.bluebubbles","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"BlueBubbles","help":"iMessage via the BlueBubbles mac app + REST API.","hasChildren":true}
 {"recordType":"path","path":"channels.bluebubbles.accounts","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.bluebubbles.accounts.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
@@ -1287,7 +1304,7 @@
 {"recordType":"path","path":"channels.feishu.accounts.*.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.accounts.*.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.appId","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.feishu.accounts.*.appSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.feishu.accounts.*.appSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.accounts.*.appSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.appSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.appSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1308,7 +1325,7 @@
 {"recordType":"path","path":"channels.feishu.accounts.*.dms.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.domain","kind":"channel","type":"string","required":false,"enumValues":["feishu","lark"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.feishu.accounts.*.encryptKey","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.feishu.accounts.*.encryptKey","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.accounts.*.encryptKey.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.encryptKey.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.encryptKey.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1361,7 +1378,7 @@
 {"recordType":"path","path":"channels.feishu.accounts.*.tools.wiki","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.topicSessionMode","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.typingIndicator","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.feishu.accounts.*.verificationToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.feishu.accounts.*.verificationToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.accounts.*.verificationToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.verificationToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.accounts.*.verificationToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1373,7 +1390,7 @@
 {"recordType":"path","path":"channels.feishu.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.appId","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.feishu.appSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.feishu.appSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.appSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.appSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.appSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1400,7 +1417,7 @@
 {"recordType":"path","path":"channels.feishu.dynamicAgentCreation.maxAgents","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.dynamicAgentCreation.workspaceTemplate","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.feishu.encryptKey","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.feishu.encryptKey","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.encryptKey.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.encryptKey.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.encryptKey.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1452,14 +1469,14 @@
 {"recordType":"path","path":"channels.feishu.tools.wiki","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.topicSessionMode","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.typingIndicator","kind":"channel","type":"boolean","required":true,"defaultValue":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.feishu.verificationToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.feishu.verificationToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.feishu.verificationToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.verificationToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.verificationToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.webhookHost","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.webhookPath","kind":"channel","type":"string","required":true,"defaultValue":"/feishu/events","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.feishu.webhookPort","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.googlechat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Google Chat","help":"Google Workspace Chat app via HTTP webhooks.","hasChildren":true}
+{"recordType":"path","path":"channels.googlechat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Google Chat","help":"Google Workspace Chat app with HTTP webhook.","hasChildren":true}
 {"recordType":"path","path":"channels.googlechat.accounts","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.googlechat.accounts.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.googlechat.accounts.*.actions","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
@@ -1855,13 +1872,13 @@
 {"recordType":"path","path":"channels.irc.textChunkLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.irc.tls","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.irc.username","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.line","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"LINE","help":"LINE Messaging API bot for Japan/Taiwan/Thailand markets.","hasChildren":true}
+{"recordType":"path","path":"channels.line","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"LINE","help":"LINE Messaging API webhook bot.","hasChildren":true}
 {"recordType":"path","path":"channels.line.accounts","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.line.accounts.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.line.accounts.*.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.line.accounts.*.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.line.accounts.*.channelAccessToken","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.line.accounts.*.channelSecret","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.channelAccessToken","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["access","auth","channels","network","security"],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.channelSecret","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":false}
 {"recordType":"path","path":"channels.line.accounts.*.dmPolicy","kind":"channel","type":"string","required":true,"enumValues":["open","allowlist","pairing","disabled"],"defaultValue":"pairing","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.accounts.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.accounts.*.groupAllowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
@@ -1879,13 +1896,19 @@
 {"recordType":"path","path":"channels.line.accounts.*.mediaMaxMb","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.accounts.*.name","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.accounts.*.responsePrefix","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.line.accounts.*.secretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.secretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security","storage"],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.threadBindings","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.line.accounts.*.threadBindings.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.threadBindings.idleHours","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.threadBindings.maxAgeHours","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.threadBindings.spawnAcpSessions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.accounts.*.threadBindings.spawnSubagentSessions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.accounts.*.tokenFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.accounts.*.webhookPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.line.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.line.channelAccessToken","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.line.channelSecret","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.channelAccessToken","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["access","auth","channels","network","security"],"hasChildren":false}
+{"recordType":"path","path":"channels.line.channelSecret","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":false}
 {"recordType":"path","path":"channels.line.defaultAccount","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.dmPolicy","kind":"channel","type":"string","required":true,"enumValues":["open","allowlist","pairing","disabled"],"defaultValue":"pairing","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1904,11 +1927,20 @@
 {"recordType":"path","path":"channels.line.mediaMaxMb","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.name","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.responsePrefix","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.line.secretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.secretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security","storage"],"hasChildren":false}
+{"recordType":"path","path":"channels.line.threadBindings","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.line.threadBindings.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.threadBindings.idleHours","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.threadBindings.maxAgeHours","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.threadBindings.spawnAcpSessions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.line.threadBindings.spawnSubagentSessions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.tokenFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.line.webhookPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Matrix","help":"open protocol; install the plugin to enable.","hasChildren":true}
-{"recordType":"path","path":"channels.matrix.accessToken","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.matrix.accessToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["access","auth","channels","network","security"],"hasChildren":true}
+{"recordType":"path","path":"channels.matrix.accessToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.matrix.accessToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.matrix.accessToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.accounts","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.matrix.accounts.*","kind":"channel","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.ackReaction","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1921,7 +1953,7 @@
 {"recordType":"path","path":"channels.matrix.actions.profile","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.actions.reactions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.actions.verification","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.matrix.allowBots","kind":"channel","type":["boolean","string"],"required":false,"deprecated":false,"sensitive":false,"tags":["access","channels","network"],"label":"Matrix Allow Bot Messages","help":"Allow messages from other configured Matrix bot accounts to trigger replies (default: false). Set \"mentions\" to only accept bot messages that visibly mention this bot.","hasChildren":false}
+{"recordType":"path","path":"channels.matrix.allowBots","kind":"channel","type":["boolean","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.allowlistOnly","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.allowPrivateNetwork","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.autoJoin","kind":"channel","type":"string","required":false,"enumValues":["always","allowlist","off"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1967,7 +1999,7 @@
 {"recordType":"path","path":"channels.matrix.markdown.tables","kind":"channel","type":"string","required":false,"enumValues":["off","bullets","code"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.mediaMaxMb","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.name","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.matrix.password","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.matrix.password","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.matrix.password.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.password.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.password.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -1995,6 +2027,7 @@
 {"recordType":"path","path":"channels.matrix.rooms.*.users.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.startupVerification","kind":"channel","type":"string","required":false,"enumValues":["off","if-unverified"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.startupVerificationCooldownHours","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.matrix.streaming","kind":"channel","type":["boolean","string"],"required":false,"enumValues":["partial","off"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.textChunkLimit","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.matrix.threadBindings","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.matrix.threadBindings.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -2018,7 +2051,7 @@
 {"recordType":"path","path":"channels.mattermost.accounts.*.blockStreamingCoalesce.idleMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.accounts.*.blockStreamingCoalesce.maxChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.accounts.*.blockStreamingCoalesce.minChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.mattermost.accounts.*.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.mattermost.accounts.*.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.accounts.*.botToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.accounts.*.botToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.accounts.*.botToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -2061,26 +2094,26 @@
 {"recordType":"path","path":"channels.mattermost.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.allowPrivateNetwork","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.mattermost.baseUrl","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Mattermost Base URL","help":"Base URL for your Mattermost server (e.g., https://chat.example.com).","hasChildren":false}
+{"recordType":"path","path":"channels.mattermost.baseUrl","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.blockStreaming","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.blockStreamingCoalesce","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.blockStreamingCoalesce.idleMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.blockStreamingCoalesce.maxChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.blockStreamingCoalesce.minChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.mattermost.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"label":"Mattermost Bot Token","help":"Bot token from Mattermost System Console -> Integrations -> Bot Accounts.","hasChildren":true}
+{"recordType":"path","path":"channels.mattermost.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.botToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.botToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.botToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.capabilities","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.capabilities.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.mattermost.chatmode","kind":"channel","type":"string","required":false,"enumValues":["oncall","onmessage","onchar"],"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Mattermost Chat Mode","help":"Reply to channel messages on mention (\"oncall\"), on trigger chars (\">\" or \"!\") (\"onchar\"), or on every message (\"onmessage\").","hasChildren":false}
+{"recordType":"path","path":"channels.mattermost.chatmode","kind":"channel","type":"string","required":false,"enumValues":["oncall","onmessage","onchar"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.chunkMode","kind":"channel","type":"string","required":false,"enumValues":["length","newline"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.commands","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.commands.callbackPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.commands.callbackUrl","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.commands.native","kind":"channel","type":["boolean","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.commands.nativeSkills","kind":"channel","type":["boolean","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.mattermost.configWrites","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Mattermost Config Writes","help":"Allow Mattermost to write config in response to channel events/commands (default: true).","hasChildren":false}
+{"recordType":"path","path":"channels.mattermost.configWrites","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.dangerouslyAllowNameMatching","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.defaultAccount","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.dmChannelRetry","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
@@ -2100,10 +2133,10 @@
 {"recordType":"path","path":"channels.mattermost.markdown","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.markdown.tables","kind":"channel","type":"string","required":false,"enumValues":["off","bullets","code"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.name","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.mattermost.oncharPrefixes","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Mattermost Onchar Prefixes","help":"Trigger prefixes for onchar mode (default: [\">\", \"!\"]).","hasChildren":true}
+{"recordType":"path","path":"channels.mattermost.oncharPrefixes","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.mattermost.oncharPrefixes.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.replyToMode","kind":"channel","type":"string","required":false,"enumValues":["off","first","all"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.mattermost.requireMention","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Mattermost Require Mention","help":"Require @mention in channels before responding (default: true).","hasChildren":false}
+{"recordType":"path","path":"channels.mattermost.requireMention","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.responsePrefix","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.mattermost.textChunkLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.msteams","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Microsoft Teams","help":"Teams SDK; enterprise support.","hasChildren":true}
@@ -2114,6 +2147,7 @@
 {"recordType":"path","path":"channels.msteams.appPassword.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.msteams.appPassword.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.msteams.appPassword.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.msteams.blockStreaming","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.msteams.blockStreamingCoalesce","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.msteams.blockStreamingCoalesce.idleMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.msteams.blockStreamingCoalesce.maxChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -2207,7 +2241,7 @@
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.allowFrom.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.allowPrivateNetwork","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.nextcloud-talk.accounts.*.apiPassword","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.nextcloud-talk.accounts.*.apiPassword","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.apiPassword.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.apiPassword.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.apiPassword.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -2219,11 +2253,11 @@
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.blockStreamingCoalesce.idleMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.blockStreamingCoalesce.maxChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.blockStreamingCoalesce.minChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.nextcloud-talk.accounts.*.botSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.nextcloud-talk.accounts.*.botSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.botSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.botSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.botSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.nextcloud-talk.accounts.*.botSecretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.nextcloud-talk.accounts.*.botSecretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security","storage"],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.chunkMode","kind":"channel","type":"string","required":false,"enumValues":["length","newline"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.dmHistoryLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.accounts.*.dmPolicy","kind":"channel","type":"string","required":true,"enumValues":["pairing","allowlist","open","disabled"],"defaultValue":"pairing","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -2264,7 +2298,7 @@
 {"recordType":"path","path":"channels.nextcloud-talk.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.nextcloud-talk.allowFrom.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.allowPrivateNetwork","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.nextcloud-talk.apiPassword","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.nextcloud-talk.apiPassword","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.nextcloud-talk.apiPassword.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.apiPassword.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.apiPassword.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -2276,11 +2310,11 @@
 {"recordType":"path","path":"channels.nextcloud-talk.blockStreamingCoalesce.idleMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.blockStreamingCoalesce.maxChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.blockStreamingCoalesce.minChars","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.nextcloud-talk.botSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.nextcloud-talk.botSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.nextcloud-talk.botSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.botSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.botSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.nextcloud-talk.botSecretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"channels.nextcloud-talk.botSecretFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security","storage"],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.chunkMode","kind":"channel","type":"string","required":false,"enumValues":["length","newline"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.defaultAccount","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.nextcloud-talk.dmHistoryLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -3324,7 +3358,7 @@
 {"recordType":"path","path":"channels.zalo.accounts.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.zalo.accounts.*.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.zalo.accounts.*.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.zalo.accounts.*.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.zalo.accounts.*.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.zalo.accounts.*.botToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.accounts.*.botToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.accounts.*.botToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -3341,14 +3375,14 @@
 {"recordType":"path","path":"channels.zalo.accounts.*.responsePrefix","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.accounts.*.tokenFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.accounts.*.webhookPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.zalo.accounts.*.webhookSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.zalo.accounts.*.webhookSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.zalo.accounts.*.webhookSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.accounts.*.webhookSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.accounts.*.webhookSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.accounts.*.webhookUrl","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"channels.zalo.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.zalo.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.zalo.botToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.zalo.botToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.botToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.botToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -3366,7 +3400,7 @@
 {"recordType":"path","path":"channels.zalo.responsePrefix","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.tokenFile","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.webhookPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"channels.zalo.webhookSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"channels.zalo.webhookSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","channels","network","security"],"hasChildren":true}
 {"recordType":"path","path":"channels.zalo.webhookSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.webhookSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"channels.zalo.webhookSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -3937,6 +3971,8 @@
 {"recordType":"path","path":"models.providers.*.models.*.compat.thinkingFormat","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"models.providers.*.models.*.compat.toolCallArgumentsEncoding","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"models.providers.*.models.*.compat.toolSchemaProfile","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"models.providers.*.models.*.compat.unsupportedToolSchemaKeywords","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"models.providers.*.models.*.compat.unsupportedToolSchemaKeywords.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"models.providers.*.models.*.contextWindow","kind":"core","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"models.providers.*.models.*.cost","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"models.providers.*.models.*.cost.cacheRead","kind":"core","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -4313,6 +4349,15 @@
 {"recordType":"path","path":"plugins.entries.line.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true}
 {"recordType":"path","path":"plugins.entries.line.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"plugins.entries.line.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.litellm","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/litellm-provider","help":"OpenClaw LiteLLM provider plugin (plugin: litellm)","hasChildren":true}
+{"recordType":"path","path":"plugins.entries.litellm.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/litellm-provider Config","help":"Plugin-defined config payload for litellm.","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.litellm.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable @openclaw/litellm-provider","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.litellm.hooks","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Hook Policy","help":"Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.","hasChildren":true}
+{"recordType":"path","path":"plugins.entries.litellm.hooks.allowPromptInjection","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Prompt Injection Hooks","help":"Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.litellm.subagent","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Plugin Subagent Policy","help":"Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.","hasChildren":true}
+{"recordType":"path","path":"plugins.entries.litellm.subagent.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Plugin Subagent Allowed Models","help":"Allowed override targets for trusted plugin subagent runs as canonical \"provider/model\" refs. Use \"*\" only when you intentionally allow any model.","hasChildren":true}
+{"recordType":"path","path":"plugins.entries.litellm.subagent.allowedModels.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"plugins.entries.litellm.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.llm-task","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"LLM Task","help":"Generic JSON-only LLM tool for structured tasks callable from workflows. (plugin: llm-task)","hasChildren":true}
 {"recordType":"path","path":"plugins.entries.llm-task.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"LLM Task Config","help":"Plugin-defined config payload for llm-task.","hasChildren":true}
 {"recordType":"path","path":"plugins.entries.llm-task.config.allowedModels","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
@@ -4539,6 +4584,7 @@
 {"recordType":"path","path":"plugins.entries.openshell.config.gateway","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Gateway Name","help":"Optional OpenShell gateway name passed as --gateway.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.openshell.config.gatewayEndpoint","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Gateway Endpoint","help":"Optional OpenShell gateway endpoint passed as --gateway-endpoint.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.openshell.config.gpu","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"GPU","help":"Request GPU resources when creating the sandbox.","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.openshell.config.mode","kind":"plugin","type":"string","required":false,"enumValues":["mirror","remote"],"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Mode","help":"Sandbox mode. Use mirror for the default local-workspace flow or remote for a fully remote workspace.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.openshell.config.policy","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Policy File","help":"Optional path to a custom OpenShell sandbox policy YAML.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.openshell.config.providers","kind":"plugin","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Providers","help":"Provider names to attach when a sandbox is created.","hasChildren":true}
 {"recordType":"path","path":"plugins.entries.openshell.config.providers.*","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -4739,7 +4785,7 @@
 {"recordType":"path","path":"plugins.entries.voice-call.config.outbound.notifyHangupDelaySec","kind":"plugin","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Notify Hangup Delay (sec)","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.voice-call.config.plivo","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"plugins.entries.voice-call.config.plivo.authId","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"plugins.entries.voice-call.config.plivo.authToken","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"plugins.entries.voice-call.config.plivo.authToken","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":true,"tags":["auth","security"],"hasChildren":false}
 {"recordType":"path","path":"plugins.entries.voice-call.config.provider","kind":"plugin","type":"string","required":false,"enumValues":["telnyx","twilio","plivo","mock"],"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Provider","help":"Use twilio, telnyx, or mock for dev/no-network.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.voice-call.config.publicUrl","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Public Webhook URL","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.voice-call.config.responseModel","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Response Model","hasChildren":false}
@@ -4869,6 +4915,11 @@
 {"recordType":"path","path":"plugins.entries.whatsapp.subagent.allowModelOverride","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"Allow Plugin Subagent Model Override","help":"Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.xai","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/xai-plugin","help":"OpenClaw xAI plugin (plugin: xai)","hasChildren":true}
 {"recordType":"path","path":"plugins.entries.xai.config","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"@openclaw/xai-plugin Config","help":"Plugin-defined config payload for xai.","hasChildren":true}
+{"recordType":"path","path":"plugins.entries.xai.config.codeExecution","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"plugins.entries.xai.config.codeExecution.enabled","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Enable Code Execution","help":"Enable the code_execution tool for remote xAI sandbox analysis.","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.xai.config.codeExecution.maxTurns","kind":"plugin","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"Code Execution Max Turns","help":"Optional max internal tool turns xAI may use for code_execution.","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.xai.config.codeExecution.model","kind":"plugin","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["models"],"label":"Code Execution Model","help":"xAI model override for code_execution.","hasChildren":false}
+{"recordType":"path","path":"plugins.entries.xai.config.codeExecution.timeoutSeconds","kind":"plugin","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"Code Execution Timeout","help":"Timeout in seconds for code_execution requests.","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.xai.config.webSearch","kind":"plugin","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"plugins.entries.xai.config.webSearch.apiKey","kind":"plugin","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","security"],"label":"Grok Search API Key","help":"xAI API key for Grok web search (fallback: XAI_API_KEY env var).","hasChildren":false}
 {"recordType":"path","path":"plugins.entries.xai.config.webSearch.inlineCitations","kind":"plugin","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Inline Citations","help":"Include inline markdown citations in Grok responses.","hasChildren":false}
@@ -5122,7 +5173,7 @@
 {"recordType":"path","path":"tools.exec.applyPatch","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
 {"recordType":"path","path":"tools.exec.applyPatch.allowModels","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access","tools"],"label":"apply_patch Model Allowlist","help":"Optional allowlist of model ids (e.g. \"gpt-5.2\" or \"openai/gpt-5.2\").","hasChildren":true}
 {"recordType":"path","path":"tools.exec.applyPatch.allowModels.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
-{"recordType":"path","path":"tools.exec.applyPatch.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["tools"],"label":"Enable apply_patch","help":"Experimental. Enables apply_patch for OpenAI models when allowed by tool policy.","hasChildren":false}
+{"recordType":"path","path":"tools.exec.applyPatch.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["tools"],"label":"Enable apply_patch","help":"Enable or disable apply_patch for OpenAI and OpenAI Codex models when allowed by tool policy (default: true).","hasChildren":false}
 {"recordType":"path","path":"tools.exec.applyPatch.workspaceOnly","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["access","advanced","security","tools"],"label":"apply_patch Workspace-Only","help":"Restrict apply_patch paths to the workspace directory (default: true). Set false to allow writing outside the workspace (dangerous).","hasChildren":false}
 {"recordType":"path","path":"tools.exec.ask","kind":"core","type":"string","required":false,"enumValues":["off","on-miss","always"],"deprecated":false,"sensitive":false,"tags":["tools"],"label":"Exec Ask","help":"Approval strategy for when exec commands require human confirmation before running. Use stricter ask behavior in shared channels and lower-friction settings in private operator contexts.","hasChildren":false}
 {"recordType":"path","path":"tools.exec.backgroundMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
@@ -5502,6 +5553,17 @@
 {"recordType":"path","path":"tools.web.search.perplexity.model","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
 {"recordType":"path","path":"tools.web.search.provider","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["tools"],"label":"Web Search Provider","help":"Search provider id. Auto-detected from available API keys if omitted.","hasChildren":false}
 {"recordType":"path","path":"tools.web.search.timeoutSeconds","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["performance","tools"],"label":"Web Search Timeout (sec)","help":"Timeout in seconds for web_search requests.","hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true}
+{"recordType":"path","path":"tools.web.x_search.apiKey","kind":"core","type":["object","string"],"required":false,"deprecated":false,"sensitive":true,"tags":["auth","security","tools"],"label":"xAI API Key","help":"xAI API key for X search (fallback: XAI_API_KEY env var).","hasChildren":true}
+{"recordType":"path","path":"tools.web.x_search.apiKey.id","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.apiKey.provider","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.apiKey.source","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.cacheTtlMinutes","kind":"core","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":["performance","storage","tools"],"label":"X Search Cache TTL (min)","help":"Cache TTL in minutes for x_search results.","hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["tools"],"label":"Enable X Search Tool","help":"Enable the x_search tool (requires XAI_API_KEY or tools.web.x_search.apiKey).","hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.inlineCitations","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["tools"],"label":"X Search Inline Citations","help":"Keep inline citations from xAI in x_search responses when available (default: false).","hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.maxTurns","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["performance","tools"],"label":"X Search Max Turns","help":"Optional max internal search/tool turns xAI may use per x_search request. Omit to let xAI choose.","hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.model","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["models","tools"],"label":"X Search Model","help":"Model to use for X search (default: \"grok-4-1-fast-non-reasoning\").","hasChildren":false}
+{"recordType":"path","path":"tools.web.x_search.timeoutSeconds","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["performance","tools"],"label":"X Search Timeout (sec)","help":"Timeout in seconds for x_search requests.","hasChildren":false}
 {"recordType":"path","path":"ui","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"UI","help":"UI presentation settings for accenting and assistant identity shown in control surfaces. Use this for branding and readability customization without changing runtime behavior.","hasChildren":true}
 {"recordType":"path","path":"ui.assistant","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Assistant Appearance","help":"Assistant display identity settings for name and avatar shown in UI surfaces. Keep these values aligned with your operator-facing persona and support expectations.","hasChildren":true}
 {"recordType":"path","path":"ui.assistant.avatar","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Assistant Avatar","help":"Assistant avatar image source used in UI surfaces (URL, path, or data URI depending on runtime support). Use trusted assets and consistent branding dimensions for clean rendering.","hasChildren":false}

docs/.i18n/glossary.zh-CN.json

@@ -47,6 +47,10 @@
     "source": "Quick Start",
     "target": "快速开始"
   },
+  {
+    "source": "Diffs",
+    "target": "Diffs"
+  },
   {
     "source": "Capability Cookbook",
     "target": "能力扩展手册"

docs/automation/cron-jobs.md

@@ -14,6 +14,11 @@ title: "Cron Jobs"
 Cron is the Gateway’s built-in scheduler. It persists jobs, wakes the agent at
 the right time, and can optionally deliver output back to a chat.
 
+All cron executions create [background task](/automation/tasks) records. The key difference is visibility:
+
+- `sessionTarget: "main"` creates a task with `silent` notify policy — it schedules a system event for the main session and heartbeat flow but does not generate notifications.
+- `sessionTarget: "isolated"` or `sessionTarget: "session:..."` creates a visible task that shows up in `openclaw tasks` with delivery notifications.
+
 If you want _“run this every morning”_ or _“poke the agent in 20 minutes”_,
 cron is the mechanism.
 
@@ -155,6 +160,8 @@ They must use `payload.kind = "systemEvent"`.
 This is the best fit when you want the normal heartbeat prompt + main-session context.
 See [Heartbeat](/gateway/heartbeat).
 
+Main-session cron jobs create [background task](/automation/tasks) records with `silent` notify policy (no notifications by default). They appear in `openclaw tasks list` but do not generate delivery messages.
+
 #### Isolated jobs (dedicated cron sessions)
 
 Isolated jobs run a dedicated agent turn in session `cron:<jobId>` or a custom session.
@@ -176,6 +183,8 @@ Key behaviors:
 Use isolated jobs for noisy, frequent, or "background chores" that shouldn't spam
 your main chat history.
 
+These detached runs create [background task](/automation/tasks) records visible in `openclaw tasks` and subject to task audit and maintenance.
+
 ### Payload shapes (what runs)
 
 Two payload kinds are supported:
@@ -725,3 +734,11 @@ openclaw system event --mode now --text "Next heartbeat: check battery."
 - If the announce flow returns `false` (e.g. requester session is busy), the gateway retries up to 3 times with tracking via `announceRetryCount`.
 - Announces older than 5 minutes past `endedAt` are force-expired to prevent stale entries from looping indefinitely.
 - If you see repeated announce deliveries in logs, check the subagent registry for entries with high `announceRetryCount` values.
+
+## Related
+
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Cron vs Heartbeat](/automation/cron-vs-heartbeat) — when to use each
+- [Background Tasks](/automation/tasks) — task ledger for cron executions
+- [Heartbeat](/gateway/heartbeat) — periodic main-session turns
+- [Troubleshooting](/automation/troubleshooting) — debugging automation issues

docs/automation/cron-vs-heartbeat.md

@@ -11,6 +11,14 @@ title: "Cron vs Heartbeat"
 
 Both heartbeats and cron jobs let you run tasks on a schedule. This guide helps you choose the right mechanism for your use case.
 
+One important distinction:
+
+- **Heartbeat** is a scheduled **main-session turn** — no task record created.
+- **Cron (main)** is a scheduled **system event into the main session** — creates a task record with `silent` notify policy.
+- **Cron (isolated)** is a scheduled **background run** — creates a task record tracked in `openclaw tasks`.
+
+All cron job executions (main and isolated) create [task records](/automation/tasks). Heartbeat turns do not. Main-session cron tasks use `silent` notify policy by default so they do not generate notifications.
+
 ## Quick Decision Guide
 
 | Use Case                             | Recommended         | Why                                      |
@@ -40,6 +48,7 @@ Heartbeats run in the **main session** at a regular interval (default: 30 min).
 - **Context-aware**: The agent knows what you've been working on and can prioritize accordingly.
 - **Smart suppression**: If nothing needs attention, the agent replies `HEARTBEAT_OK` and no message is delivered.
 - **Natural timing**: Drifts slightly based on queue load, which is fine for most monitoring.
+- **No task record**: heartbeat turns stay in main-session history (see [Background Tasks](/automation/tasks)).
 
 ### Heartbeat example: HEARTBEAT.md checklist
 
@@ -98,6 +107,7 @@ per-job offset in a 0-5 minute window.
 - **Immediate delivery**: Announce mode posts directly without waiting for heartbeat.
 - **No agent context needed**: Runs even if main session is idle or compacted.
 - **One-shot support**: `--at` for precise future timestamps.
+- **Task tracking**: isolated jobs create [background task](/automation/tasks) records visible in `openclaw tasks` and `openclaw tasks audit`.
 
 ### Cron example: Daily morning briefing
 
@@ -219,13 +229,14 @@ See [Lobster](/tools/lobster) for full usage and examples.
 
 Both heartbeat and cron can interact with the main session, but differently:
 
-|         | Heartbeat                       | Cron (main)              | Cron (isolated)                                 |
-| ------- | ------------------------------- | ------------------------ | ----------------------------------------------- |
-| Session | Main                            | Main (via system event)  | `cron:<jobId>` or custom session                |
-| History | Shared                          | Shared                   | Fresh each run (isolated) / Persistent (custom) |
-| Context | Full                            | Full                     | None (isolated) / Cumulative (custom)           |
-| Model   | Main session model              | Main session model       | Can override                                    |
-| Output  | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default)                      |
+|                            | Heartbeat                       | Cron (main)              | Cron (isolated)                                 |
+| -------------------------- | ------------------------------- | ------------------------ | ----------------------------------------------- |
+| Session                    | Main                            | Main (via system event)  | `cron:<jobId>` or custom session                |
+| History                    | Shared                          | Shared                   | Fresh each run (isolated) / Persistent (custom) |
+| Context                    | Full                            | Full                     | None (isolated) / Cumulative (custom)           |
+| Model                      | Main session model              | Main session model       | Can override                                    |
+| Output                     | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default)                      |
+| [Tasks](/automation/tasks) | No task record                  | Task record (silent)     | Task record (visible in `openclaw tasks`)       |
 
 ### When to use main session cron
 
@@ -281,6 +292,8 @@ openclaw cron add \
 
 ## Related
 
-- [Heartbeat](/gateway/heartbeat) - full heartbeat configuration
-- [Cron jobs](/automation/cron-jobs) - full cron CLI and API reference
-- [System](/cli/system) - system events + heartbeat controls
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Heartbeat](/gateway/heartbeat) — full heartbeat configuration
+- [Cron jobs](/automation/cron-jobs) — full cron CLI and API reference
+- [Background Tasks](/automation/tasks) — task ledger, audit, and lifecycle
+- [System](/cli/system) — system events + heartbeat controls

docs/automation/hooks.md

@@ -129,7 +129,7 @@ Example `package.json`:
 }
 ```
 
-Each entry points to a hook directory containing `HOOK.md` and `handler.ts` (or `index.ts`).
+Each entry points to a hook directory containing `HOOK.md` and a handler file. The loader tries `handler.ts`, `handler.js`, `index.ts`, `index.js` in order.
 Hook packs can ship dependencies; they will be installed under `~/.openclaw/hooks/<id>`.
 Each `openclaw.hooks` entry must stay inside the package directory after symlink
 resolution; entries that escape are rejected.
@@ -236,6 +236,9 @@ Each event includes:
     sessionId?: string,
     // Agent bootstrap events (agent:bootstrap):
     bootstrapFiles?: WorkspaceBootstrapFile[],
+    sessionKey?: string,           // routing session key
+    sessionId?: string,            // internal session UUID
+    agentId?: string,              // resolved agent ID
     // Message events (see Message Events section for full details):
     from?: string,             // message:received
     to?: string,               // message:sent
@@ -265,6 +268,25 @@ Triggered when agent commands are issued:
 Internal hook payloads emit these as `type: "session"` with `action: "compact:before"` / `action: "compact:after"`; listeners subscribe with the combined keys above.
 Specific handler registration uses the literal key format `${type}:${action}`. For these events, register `session:compact:before` and `session:compact:after`.
 
+`session:compact:before` context fields:
+
+- `sessionId`: internal session UUID
+- `missingSessionKey`: true when no session key was available
+- `messageCount`: number of messages before compaction
+- `tokenCount`: token count before compaction (may be absent)
+- `messageCountOriginal`: message count from the full untruncated session history
+- `tokenCountOriginal`: token count of the full original history (may be absent)
+
+`session:compact:after` context fields (in addition to `sessionId` and `missingSessionKey`):
+
+- `messageCount`: message count after compaction
+- `tokenCount`: token count after compaction (may be absent)
+- `compactedCount`: number of messages that were compacted/removed
+- `summaryLength`: character length of the generated compaction summary
+- `tokensBefore`: token count from before compaction (for delta calculation)
+- `tokensAfter`: token count after compaction
+- `firstKeptEntryId`: ID of the first message entry retained after compaction
+
 ### Agent Events
 
 - **`agent:bootstrap`**: Before workspace bootstrap files are injected (hooks may mutate `context.bootstrapFiles`)
@@ -293,12 +315,16 @@ Session events include rich context about the session and changes:
     label?: string | null,           // Human-readable session label
 
     // AI model configuration
-    model?: string | null,           // Model override (e.g., "claude-opus-4-5")
+    model?: string | null,           // Model override (e.g., "claude-sonnet-4-6")
     thinkingLevel?: string | null,   // Thinking level ("off"|"low"|"med"|"high")
     verboseLevel?: string | null,    // Verbose output level
     reasoningLevel?: string | null,  // Reasoning mode override
     elevatedLevel?: string | null,   // Elevated mode override
-    responseUsage?: "off" | "tokens" | "full" | null, // Usage display mode
+    responseUsage?: "off" | "tokens" | "full" | "on" | null, // Usage display mode ("on" is backwards-compat alias for "full")
+    fastMode?: boolean | null,                    // Fast/turbo mode toggle
+    spawnedWorkspaceDir?: string | null,          // Workspace dir override for spawned subagents
+    subagentRole?: "orchestrator" | "leaf" | null, // Subagent role assignment
+    subagentControlScope?: "children" | "none" | null, // Scope of subagent control
 
     // Tool execution settings
     execHost?: string | null,        // Exec host (sandbox|gateway|node)
@@ -318,7 +344,7 @@ Session events include rich context about the session and changes:
 }
 ```
 
-**Security note:** Only privileged clients (including the Control UI) can trigger `session:patch` events. Standard WebChat clients are blocked from patching sessions (see PR #20800), so the hook will not fire from those connections.
+**Security note:** Only privileged clients (including the Control UI) can trigger `session:patch` events. Standard WebChat clients are blocked from patching sessions, so the hook will not fire from those connections.
 
 See `SessionsPatchParamsSchema` in `src/gateway/protocol/schema/sessions.ts` for the complete type definition.
 
@@ -459,17 +485,206 @@ These hooks are not event-stream listeners; they let plugins synchronously adjus
 
 ### Plugin Hook Events
 
+#### before_tool_call
+
+Runs before each tool call. Plugins can modify parameters, block the call, or request user approval.
+
+Return fields:
+
+- **`params`**: Override tool parameters (merged with original params)
+- **`block`**: Set to `true` to block the tool call
+- **`blockReason`**: Reason shown to the agent when blocked
+- **`requireApproval`**: Pause execution and wait for user approval via channels
+
+The `requireApproval` field triggers native platform approval (Telegram buttons, Discord components, `/approve` command) instead of relying on the agent to cooperate:
+
+```typescript
+{
+  requireApproval: {
+    title: "Sensitive operation",
+    description: "This tool call modifies production data",
+    severity: "warning",       // "info" | "warning" | "critical"
+    timeoutMs: 120000,         // default: 120s
+    timeoutBehavior: "deny",   // "allow" | "deny" (default)
+    onResolution: async (decision) => {
+      // Called after the user resolves: "allow-once", "allow-always", "deny", "timeout", or "cancelled"
+    },
+  }
+}
+```
+
+The `onResolution` callback is invoked with the final decision string after the approval resolves, times out, or is cancelled. It runs in-process within the plugin (not sent to the gateway). Use it to persist decisions, update caches, or perform cleanup.
+
+The `pluginId` field is stamped automatically by the hook runner from the plugin registration. When multiple plugins return `requireApproval`, the first one (highest priority) wins.
+
+`block` takes precedence over `requireApproval`: if the merged hook result has both `block: true` and a `requireApproval` field, the tool call is blocked immediately without triggering the approval flow. This ensures a higher-priority plugin's block cannot be overridden by a lower-priority plugin's approval request.
+
+If the gateway is unavailable or does not support plugin approvals, the tool call falls back to a soft block using the `description` as the block reason.
+
+#### before_install
+
+Runs after the built-in install security scan and before installation continues. OpenClaw fires this hook for interactive skill installs as well as plugin bundle, package, and single-file installs.
+
+Return fields:
+
+- **`findings`**: Additional scan findings to surface as warnings
+- **`block`**: Set to `true` to block the install
+- **`blockReason`**: Human-readable reason shown when blocked
+
+Event fields:
+
+- **`targetType`**: Install target category (`skill` or `plugin`)
+- **`targetName`**: Human-readable skill name or plugin id for the install target
+- **`sourcePath`**: Absolute path to the install target content being scanned
+- **`sourcePathKind`**: Whether the scanned content is a `file` or `directory`
+- **`origin`**: Normalized install origin when available (for example `openclaw-bundled`, `openclaw-workspace`, `plugin-bundle`, `plugin-package`, or `plugin-file`)
+- **`request`**: Provenance for the install request, including `kind`, `mode`, and optional `requestedSpecifier`
+- **`builtinScan`**: Structured result of the built-in scanner, including `status`, summary counts, findings, and optional `error`
+- **`skill`**: Skill install metadata when `targetType` is `skill`, including `installId` and the selected `installSpec`
+- **`plugin`**: Plugin install metadata when `targetType` is `plugin`, including the canonical `pluginId`, normalized `contentType`, optional `packageName` / `manifestId` / `version`, and `extensions`
+
+Example event (plugin package install):
+
+```json
+{
+  "targetType": "plugin",
+  "targetName": "acme-audit",
+  "sourcePath": "/var/folders/.../openclaw-plugin-acme-audit/package",
+  "sourcePathKind": "directory",
+  "origin": "plugin-package",
+  "request": {
+    "kind": "plugin-npm",
+    "mode": "install",
+    "requestedSpecifier": "@acme/openclaw-plugin-audit@1.4.2"
+  },
+  "builtinScan": {
+    "status": "ok",
+    "scannedFiles": 12,
+    "critical": 0,
+    "warn": 1,
+    "info": 0,
+    "findings": [
+      {
+        "severity": "warn",
+        "ruleId": "network_fetch",
+        "file": "dist/index.js",
+        "line": 88,
+        "message": "Dynamic network fetch detected during install review."
+      }
+    ]
+  },
+  "plugin": {
+    "pluginId": "acme-audit",
+    "contentType": "package",
+    "packageName": "@acme/openclaw-plugin-audit",
+    "manifestId": "acme-audit",
+    "version": "1.4.2",
+    "extensions": ["./dist/index.js"]
+  }
+}
+```
+
+Skill installs use the same event shape with `targetType: "skill"` and a `skill` object instead of `plugin`.
+
+Decision semantics:
+
+- `before_install`: `{ block: true }` is terminal and stops lower-priority handlers.
+- `before_install`: `{ block: false }` is treated as no decision.
+
+Use this hook for external security scanners, policy engines, or enterprise approval gates that need to audit install sources before they are installed.
+
+#### Compaction lifecycle
+
 Compaction lifecycle hooks exposed through the plugin hook runner:
 
 - **`before_compaction`**: Runs before compaction with count/token metadata
 - **`after_compaction`**: Runs after compaction with compaction summary metadata
 
+### Complete Plugin Hook Reference
+
+All 27 hooks registered via the Plugin SDK. Hooks marked **sequential** run in priority order and can modify results; **parallel** hooks are fire-and-forget.
+
+#### Model and prompt hooks
+
+| Hook                   | When                                         | Execution  | Returns                                                    |
+| ---------------------- | -------------------------------------------- | ---------- | ---------------------------------------------------------- |
+| `before_model_resolve` | Before model/provider lookup                 | Sequential | `{ modelOverride?, providerOverride? }`                    |
+| `before_prompt_build`  | After model resolved, session messages ready | Sequential | `{ systemPrompt?, prependContext?, appendSystemContext? }` |
+| `before_agent_start`   | Legacy combined hook (prefer the two above)  | Sequential | Union of both result shapes                                |
+| `llm_input`            | Immediately before the LLM API call          | Parallel   | `void`                                                     |
+| `llm_output`           | Immediately after LLM response received      | Parallel   | `void`                                                     |
+
+#### Agent lifecycle hooks
+
+| Hook                | When                                           | Execution | Returns |
+| ------------------- | ---------------------------------------------- | --------- | ------- |
+| `agent_end`         | After agent run completes (success or failure) | Parallel  | `void`  |
+| `before_reset`      | When `/new` or `/reset` clears a session       | Parallel  | `void`  |
+| `before_compaction` | Before compaction summarizes history           | Parallel  | `void`  |
+| `after_compaction`  | After compaction completes                     | Parallel  | `void`  |
+
+#### Session lifecycle hooks
+
+| Hook            | When                      | Execution | Returns |
+| --------------- | ------------------------- | --------- | ------- |
+| `session_start` | When a new session begins | Parallel  | `void`  |
+| `session_end`   | When a session ends       | Parallel  | `void`  |
+
+#### Message flow hooks
+
+| Hook                   | When                                              | Execution            | Returns                       |
+| ---------------------- | ------------------------------------------------- | -------------------- | ----------------------------- |
+| `inbound_claim`        | Before command/agent dispatch; first-claim wins   | Sequential           | `{ handled: boolean }`        |
+| `message_received`     | After an inbound message is received              | Parallel             | `void`                        |
+| `before_dispatch`      | After commands parsed, before model dispatch      | Sequential           | `{ handled: boolean, text? }` |
+| `message_sending`      | Before an outbound message is delivered           | Sequential           | `{ content?, cancel? }`       |
+| `message_sent`         | After an outbound message is delivered            | Parallel             | `void`                        |
+| `before_message_write` | Before a message is written to session transcript | **Sync**, sequential | `{ block?, message? }`        |
+
+#### Tool execution hooks
+
+| Hook                  | When                                          | Execution            | Returns                                               |
+| --------------------- | --------------------------------------------- | -------------------- | ----------------------------------------------------- |
+| `before_tool_call`    | Before each tool call                         | Sequential           | `{ params?, block?, blockReason?, requireApproval? }` |
+| `after_tool_call`     | After a tool call completes                   | Parallel             | `void`                                                |
+| `tool_result_persist` | Before a tool result is written to transcript | **Sync**, sequential | `{ message? }`                                        |
+
+#### Subagent hooks
+
+| Hook                       | When                                       | Execution  | Returns                           |
+| -------------------------- | ------------------------------------------ | ---------- | --------------------------------- |
+| `subagent_spawning`        | Before a subagent session is created       | Sequential | `{ status, threadBindingReady? }` |
+| `subagent_delivery_target` | After spawning, to resolve delivery target | Sequential | `{ origin? }`                     |
+| `subagent_spawned`         | After a subagent is fully spawned          | Parallel   | `void`                            |
+| `subagent_ended`           | When a subagent session terminates         | Parallel   | `void`                            |
+
+#### Gateway hooks
+
+| Hook            | When                                       | Execution | Returns |
+| --------------- | ------------------------------------------ | --------- | ------- |
+| `gateway_start` | After the gateway process is fully started | Parallel  | `void`  |
+| `gateway_stop`  | When the gateway is shutting down          | Parallel  | `void`  |
+
+#### Install hooks
+
+| Hook             | When                                                  | Execution  | Returns                               |
+| ---------------- | ----------------------------------------------------- | ---------- | ------------------------------------- |
+| `before_install` | After built-in security scan, before install proceeds | Sequential | `{ findings?, block?, blockReason? }` |
+
+<Note>
+Two hooks (`tool_result_persist` and `before_message_write`) are **synchronous only** — they must not return a Promise. Returning a Promise from these hooks is caught at runtime and the result is discarded with a warning.
+</Note>
+
+For full handler signatures and context types, see [Plugin Architecture](/plugins/architecture).
+
 ### Future Events
 
-Planned event types:
+The following event types are planned for the internal hook event stream.
+Note that `session_start` and `session_end` already exist as [Plugin Hook API](/plugins/architecture#provider-runtime-hooks) hooks
+but are not yet available as internal hook event keys in `HOOK.md` metadata:
 
-- **`session:start`**: When a new session begins
-- **`session:end`**: When a session ends
+- **`session:start`**: When a new session begins (planned for internal hook stream; available as plugin hook `session_start`)
+- **`session:end`**: When a session ends (planned for internal hook stream; available as plugin hook `session_end`)
 - **`agent:error`**: When an agent encounters an error
 
 ## Creating Custom Hooks
@@ -885,8 +1100,8 @@ metadata: { "openclaw": { "events": ["command"] } } # General - more overhead
 
 The gateway logs hook loading at startup:
 
-```
-Registered hook: session-memory -> command:new
+```text
+Registered hook: session-memory -> command:new, command:reset
 Registered hook: bootstrap-extra-files -> agent:bootstrap
 Registered hook: command-logger -> command
 Registered hook: boot-md -> gateway:startup

docs/automation/index.md

@@ -0,0 +1,73 @@
+---
+summary: "Overview of all automation mechanisms: heartbeat, cron, tasks, hooks, webhooks, and more"
+read_when:
+  - Deciding how to automate work with OpenClaw
+  - Choosing between heartbeat, cron, hooks, and webhooks
+  - Looking for the right automation entry point
+title: "Automation Overview"
+---
+
+# Automation
+
+OpenClaw provides several automation mechanisms, each suited to different use cases. This page helps you choose the right one.
+
+## Quick decision guide
+
+```
+Do you need something to run on a schedule?
+  YES → Is exact timing critical?
+    YES → Cron (isolated)
+    NO  → Can it batch with other checks?
+      YES → Heartbeat
+      NO  → Cron
+  NO → Continue...
+
+Do you need to react to an event (message, tool call, session change)?
+  YES → Hooks (or plugin hooks)
+
+Do you need to receive external HTTP events?
+  YES → Webhooks
+
+Do you want persistent instructions the agent always follows?
+  YES → Standing Orders
+
+Do you want to track what background work happened?
+  → Background Tasks (automatic for cron, ACP, subagents)
+```
+
+## Mechanisms at a glance
+
+| Mechanism | What it does | Runs in | Creates task record |
+|---|---|---|---|
+| [Heartbeat](/gateway/heartbeat) | Periodic main-session turn — batches multiple checks | Main session | No |
+| [Cron](/automation/cron-jobs) | Scheduled jobs with precise timing | Main or isolated session | Yes (all types) |
+| [Background Tasks](/automation/tasks) | Tracks detached work (cron, ACP, subagents, CLI) | N/A (ledger) | N/A |
+| [Hooks](/automation/hooks) | Event-driven scripts triggered by agent lifecycle events | Hook runner | No |
+| [Standing Orders](/automation/standing-orders) | Persistent instructions injected into the system prompt | Main session | No |
+| [Webhooks](/automation/webhook) | Receive inbound HTTP events and route to the agent | Gateway HTTP | No |
+
+### Specialized automation
+
+| Mechanism | What it does |
+|---|---|
+| [Gmail PubSub](/automation/gmail-pubsub) | Real-time Gmail notifications via Google PubSub |
+| [Polling](/automation/poll) | Periodic data source checks (RSS, APIs, etc.) |
+| [Auth Monitoring](/automation/auth-monitoring) | Credential health and expiry alerts |
+
+## How they work together
+
+The most effective setups combine multiple mechanisms:
+
+1. **Heartbeat** handles routine monitoring (inbox, calendar, notifications) in one batched turn every 30 minutes.
+2. **Cron** handles precise schedules (daily reports, weekly reviews) and one-shot reminders.
+3. **Hooks** react to specific events (tool calls, session resets, compaction) with custom scripts.
+4. **Standing Orders** give the agent persistent context ("always check the project board before replying").
+5. **Background Tasks** automatically track all detached work so you can inspect and audit it.
+
+See [Cron vs Heartbeat](/automation/cron-vs-heartbeat) for a detailed comparison of the two scheduling mechanisms.
+
+## Related
+
+- [Cron vs Heartbeat](/automation/cron-vs-heartbeat) — detailed comparison guide
+- [Troubleshooting](/automation/troubleshooting) — debugging automation issues
+- [Configuration Reference](/gateway/configuration-reference) — all config keys

docs/automation/standing-orders.md

@@ -247,5 +247,8 @@ Each program should have:
 
 ## Related
 
-- [Cron Jobs](/automation/cron-jobs) — Schedule enforcement for standing orders
-- [Agent Workspace](/concepts/agent-workspace) — Where standing orders live, including the full list of auto-injected bootstrap files (AGENTS.md, SOUL.md, etc.)
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Cron Jobs](/automation/cron-jobs) — schedule enforcement for standing orders
+- [Hooks](/automation/hooks) — event-driven scripts for agent lifecycle events
+- [Webhooks](/automation/webhook) — inbound HTTP event triggers
+- [Agent Workspace](/concepts/agent-workspace) — where standing orders live, including the full list of auto-injected bootstrap files (AGENTS.md, SOUL.md, etc.)

docs/automation/tasks.md

@@ -0,0 +1,239 @@
+---
+summary: "Background task tracking for ACP runs, subagents, isolated cron jobs, and CLI operations"
+read_when:
+  - Inspecting background work in progress or recently completed
+  - Debugging delivery failures for detached agent runs
+  - Understanding how background runs relate to sessions, cron, and heartbeat
+title: "Background Tasks"
+---
+
+# Background Tasks
+
+> **Cron vs Heartbeat vs Tasks?** See [Cron vs Heartbeat](/automation/cron-vs-heartbeat) for choosing the right scheduling mechanism. This page covers **tracking** background work, not scheduling it.
+
+Background tasks track work that runs **outside your main conversation session**:
+ACP runs, subagent spawns, isolated cron job executions, and CLI-initiated operations.
+
+Tasks do **not** replace sessions, cron jobs, or heartbeats — they are the **activity ledger** that records what detached work happened, when, and whether it succeeded.
+
+<Note>
+Not every agent run creates a task. Heartbeat turns and normal interactive chat do not. All cron executions, ACP spawns, subagent spawns, and CLI agent commands do.
+</Note>
+
+## TL;DR
+
+- Tasks are **records**, not schedulers — cron and heartbeat decide _when_ work runs, tasks track _what happened_.
+- ACP, subagents, all cron jobs, and CLI operations create tasks. Heartbeat turns do not.
+- Each task moves through `queued → running → terminal` (succeeded, failed, timed_out, cancelled, or lost).
+- Completion notifications are delivered directly to a channel or queued for the next heartbeat.
+- `openclaw tasks list` shows all tasks; `openclaw tasks audit` surfaces issues.
+- Terminal records are kept for 7 days, then automatically pruned.
+
+## Quick start
+
+```bash
+# List all tasks (newest first)
+openclaw tasks list
+
+# Filter by runtime or status
+openclaw tasks list --runtime acp
+openclaw tasks list --status running
+
+# Show details for a specific task (by ID, run ID, or session key)
+openclaw tasks show <lookup>
+
+# Cancel a running task (kills the child session)
+openclaw tasks cancel <lookup>
+
+# Change notification policy for a task
+openclaw tasks notify <lookup> state_changes
+
+# Run a health audit
+openclaw tasks audit
+```
+
+## What creates a task
+
+| Source                 | Runtime type | When a task record is created                          | Default notify policy |
+| ---------------------- | ------------ | ------------------------------------------------------ | --------------------- |
+| ACP background runs    | `acp`        | Spawning a child ACP session                           | `done_only`           |
+| Subagent orchestration | `subagent`   | Spawning a subagent via `sessions_spawn`               | `done_only`           |
+| Cron jobs (all types)  | `cron`       | Every cron execution (main-session and isolated)       | `silent`              |
+| CLI operations         | `cli`        | `openclaw agent` commands that run through the gateway | `done_only`           |
+
+Main-session cron tasks use `silent` notify policy by default — they create records for tracking but do not generate notifications. Isolated cron tasks also default to `silent` but are more visible because they run in their own session.
+
+**What does not create tasks:**
+
+- Heartbeat turns — main-session; see [Heartbeat](/gateway/heartbeat)
+- Normal interactive chat turns
+- Direct `/command` responses
+
+## Task lifecycle
+
+```mermaid
+stateDiagram-v2
+    [*] --> queued
+    queued --> running : agent starts
+    running --> succeeded : completes ok
+    running --> failed : error
+    running --> timed_out : timeout exceeded
+    running --> cancelled : operator cancels
+    queued --> lost : session gone > 5 min
+    running --> lost : session gone > 5 min
+```
+
+| Status      | What it means                                                              |
+| ----------- | -------------------------------------------------------------------------- |
+| `queued`    | Created, waiting for the agent to start                                    |
+| `running`   | Agent turn is actively executing                                           |
+| `succeeded` | Completed successfully                                                     |
+| `failed`    | Completed with an error                                                    |
+| `timed_out` | Exceeded the configured timeout                                            |
+| `cancelled` | Stopped by the operator via `openclaw tasks cancel`                        |
+| `lost`      | Backing child session disappeared (detected after a 5-minute grace period) |
+
+Transitions happen automatically — when the associated agent run ends, the task status updates to match.
+
+## Delivery and notifications
+
+When a task reaches a terminal state, OpenClaw notifies you. There are two delivery paths:
+
+**Direct delivery** — if the task has a channel target (the `requesterOrigin`), the completion message goes straight to that channel (Telegram, Discord, Slack, etc.).
+
+**Session-queued delivery** — if direct delivery fails or no origin is set, the update is queued as a system event in the requester's session and surfaces on the next heartbeat.
+
+<Tip>
+Task completion triggers an immediate heartbeat wake so you see the result quickly — you do not have to wait for the next scheduled heartbeat tick.
+</Tip>
+
+### Notification policies
+
+Control how much you hear about each task:
+
+| Policy                | What is delivered                                                       |
+| --------------------- | ----------------------------------------------------------------------- |
+| `done_only` (default) | Only terminal state (succeeded, failed, etc.) — **this is the default** |
+| `state_changes`       | Every state transition and progress update                              |
+| `silent`              | Nothing at all                                                          |
+
+Change the policy while a task is running:
+
+```bash
+openclaw tasks notify <lookup> state_changes
+```
+
+## CLI reference
+
+### `tasks list`
+
+```bash
+openclaw tasks list [--runtime <acp|subagent|cron|cli>] [--status <status>] [--json]
+```
+
+Output columns: Task ID, Kind, Status, Delivery, Run ID, Child Session, Summary.
+
+### `tasks show`
+
+```bash
+openclaw tasks show <lookup>
+```
+
+The lookup token accepts a task ID, run ID, or session key. Shows the full record including timing, delivery state, error, and terminal summary.
+
+### `tasks cancel`
+
+```bash
+openclaw tasks cancel <lookup>
+```
+
+For ACP and subagent tasks, this kills the child session. Status transitions to `cancelled` and a delivery notification is sent.
+
+### `tasks notify`
+
+```bash
+openclaw tasks notify <lookup> <done_only|state_changes|silent>
+```
+
+### `tasks audit`
+
+```bash
+openclaw tasks audit [--json]
+```
+
+Surfaces operational issues. Findings also appear in `openclaw status` when issues are detected.
+
+| Finding                   | Severity | Trigger                                               |
+| ------------------------- | -------- | ----------------------------------------------------- |
+| `stale_queued`            | warn     | Queued for more than 10 minutes                       |
+| `stale_running`           | error    | Running for more than 30 minutes                      |
+| `lost`                    | error    | Backing session is gone                               |
+| `delivery_failed`         | warn     | Delivery failed and notify policy is not `silent`     |
+| `missing_cleanup`         | warn     | Terminal task with no cleanup timestamp               |
+| `inconsistent_timestamps` | warn     | Timeline violation (for example ended before started) |
+
+## Status integration (task pressure)
+
+`openclaw status` includes an at-a-glance task summary:
+
+```
+Tasks: 3 queued · 2 running · 1 issues
+```
+
+The summary reports:
+
+- **active** — count of `queued` + `running`
+- **failures** — count of `failed` + `timed_out` + `lost`
+- **byRuntime** — breakdown by `acp`, `subagent`, `cron`, `cli`
+
+## Storage and maintenance
+
+### Where tasks live
+
+Task records persist in SQLite at:
+
+```
+$OPENCLAW_STATE_DIR/tasks/runs.sqlite
+```
+
+The registry loads into memory at gateway start and syncs writes to SQLite for durability across restarts.
+
+### Automatic maintenance
+
+A sweeper runs every **60 seconds** and handles three things:
+
+1. **Reconciliation** — checks if active tasks' backing sessions still exist. If a child session has been gone for more than 5 minutes, the task is marked `lost`.
+2. **Cleanup stamping** — sets a `cleanupAfter` timestamp on terminal tasks (endedAt + 7 days).
+3. **Pruning** — deletes records past their `cleanupAfter` date.
+
+**Retention**: terminal task records are kept for **7 days**, then automatically pruned. No configuration needed.
+
+## How tasks relate to other systems
+
+### Tasks and cron
+
+A cron job **definition** lives in `~/.openclaw/cron/jobs.json`. **Every** cron execution creates a task record — both main-session and isolated. Main-session cron tasks default to `silent` notify policy so they track without generating notifications.
+
+See [Cron Jobs](/automation/cron-jobs).
+
+### Tasks and heartbeat
+
+Heartbeat runs are main-session turns — they do not create task records. When a task completes, it can trigger a heartbeat wake so you see the result promptly.
+
+See [Heartbeat](/gateway/heartbeat).
+
+### Tasks and sessions
+
+A task may reference a `childSessionKey` (where work runs) and a `requesterSessionKey` (who started it). Sessions are conversation context; tasks are activity tracking on top of that.
+
+### Tasks and agent runs
+
+A task's `runId` links to the agent run doing the work. Agent lifecycle events (start, end, error) automatically update the task status — you do not need to manage the lifecycle manually.
+
+## Related
+
+- [Automation Overview](/automation) — all automation mechanisms at a glance
+- [Cron Jobs](/automation/cron-jobs) — scheduling background work
+- [Cron vs Heartbeat](/automation/cron-vs-heartbeat) — choosing the right mechanism
+- [Heartbeat](/gateway/heartbeat) — periodic main-session turns
+- [CLI: Tasks](/cli/index#tasks) — CLI command reference

docs/channels/bluebubbles.md

@@ -212,6 +212,60 @@ Per-group configuration:
 - Uses `allowFrom` and `groupAllowFrom` to determine command authorization.
 - Authorized senders can run control commands even without mentioning in groups.
 
+## ACP conversation bindings
+
+BlueBubbles chats can be turned into durable ACP workspaces without changing the transport layer.
+
+Fast operator flow:
+
+- Run `/acp spawn codex --bind here` inside the DM or allowed group chat.
+- Future messages in that same BlueBubbles conversation route to the spawned ACP session.
+- `/new` and `/reset` reset the same bound ACP session in place.
+- `/acp close` closes the ACP session and removes the binding.
+
+Configured persistent bindings are also supported through top-level `bindings[]` entries with `type: "acp"` and `match.channel: "bluebubbles"`.
+
+`match.peer.id` can use any supported BlueBubbles target form:
+
+- normalized DM handle such as `+15555550123` or `user@example.com`
+- `chat_id:<id>`
+- `chat_guid:<guid>`
+- `chat_identifier:<identifier>`
+
+For stable group bindings, prefer `chat_id:*` or `chat_identifier:*`.
+
+Example:
+
+```json5
+{
+  agents: {
+    list: [
+      {
+        id: "codex",
+        runtime: {
+          type: "acp",
+          acp: { agent: "codex", backend: "acpx", mode: "persistent" },
+        },
+      },
+    ],
+  },
+  bindings: [
+    {
+      type: "acp",
+      agentId: "codex",
+      match: {
+        channel: "bluebubbles",
+        accountId: "default",
+        peer: { kind: "dm", id: "+15555550123" },
+      },
+      acp: { label: "codex-imessage" },
+    },
+  ],
+}
+```
+
+See [ACP Agents](/tools/acp-agents) for shared ACP binding behavior.
+
 ## Typing + read receipts
 
 - **Typing indicators**: Sent automatically before and during response generation.
@@ -266,8 +320,9 @@ Available actions:
 - **addParticipant**: Add someone to a group (`chatGuid`, `address`)
 - **removeParticipant**: Remove someone from a group (`chatGuid`, `address`)
 - **leaveGroup**: Leave a group chat (`chatGuid`)
-- **sendAttachment**: Send media/files (`to`, `buffer`, `filename`, `asVoice`)
+- **upload-file**: Send media/files (`to`, `buffer`, `filename`, `asVoice`)
   - Voice memos: set `asVoice: true` with **MP3** or **CAF** audio to send as an iMessage voice message. BlueBubbles converts MP3 → CAF when sending voice memos.
+- Legacy alias: `sendAttachment` still works, but `upload-file` is the canonical action name.
 
 ### Message IDs (short vs full)
 
@@ -365,3 +420,11 @@ Prefer `chat_guid` for stable routing:
 - For status/health info: `openclaw status --all` or `openclaw status --deep`.
 
 For general channel workflow reference, see [Channels](/channels) and the [Plugins](/tools/plugin) guide.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/discord.md

@@ -103,7 +103,7 @@ openclaw config set channels.discord.enabled true --strict-json
 openclaw gateway
 ```
 
-    If OpenClaw is already running as a background service, use `openclaw gateway restart` instead.
+    If OpenClaw is already running as a background service, restart it via the OpenClaw Mac app or by stopping and restarting the `openclaw gateway run` process.
 
   </Step>
 
@@ -750,9 +750,13 @@ Default slash command settings:
 
     Notes:
 
+    - `/acp spawn codex --bind here` binds the current Discord channel or thread in place and keeps future messages routed to the same ACP session.
+    - That can still mean "start a fresh Codex ACP session", but it does not create a new Discord thread by itself. The existing channel stays the chat surface.
+    - Codex may still run in its own `cwd` or backend workspace on disk. That workspace is runtime state, not a Discord thread.
     - Thread messages can inherit the parent channel ACP binding.
     - In a bound channel or thread, `/new` and `/reset` reset the same ACP session in place.
     - Temporary thread bindings still work and can override target resolution while active.
+    - `spawnAcpSessions` is only required when OpenClaw needs to create/bind a child thread via `--thread auto|here`. It is not required for `/acp spawn ... --bind here` in the current channel.
 
     See [ACP Agents](/tools/acp-agents) for binding behavior details.
 
@@ -944,11 +948,15 @@ Default slash command settings:
     Config path:
 
     - `channels.discord.execApprovals.enabled`
-    - `channels.discord.execApprovals.approvers`
+    - `channels.discord.execApprovals.approvers` (optional; falls back to owner IDs inferred from `allowFrom` and explicit DM `defaultTo` when possible)
     - `channels.discord.execApprovals.target` (`dm` | `channel` | `both`, default: `dm`)
     - `agentFilter`, `sessionFilter`, `cleanupAfterResolve`
 
-    When `target` is `channel` or `both`, the approval prompt is visible in the channel. Only configured approvers can use the buttons; other users receive an ephemeral denial. Approval prompts include the command text, so only enable channel delivery in trusted channels. If the channel ID cannot be derived from the session key, OpenClaw falls back to DM delivery.
+    Discord becomes an approval client when `enabled: true` and at least one approver can be resolved, either from `execApprovals.approvers` or from the account's existing owner config (`allowFrom`, legacy `dm.allowFrom`, or explicit DM `defaultTo`).
+
+    When `target` is `channel` or `both`, the approval prompt is visible in the channel. Only resolved approvers can use the buttons; other users receive an ephemeral denial. Approval prompts include the command text, so only enable channel delivery in trusted channels. If the channel ID cannot be derived from the session key, OpenClaw falls back to DM delivery.
+
+    Discord also renders the shared approval buttons used by other chat channels. The native Discord adapter mainly adds approver DM routing and channel fanout.
 
     Gateway auth for this handler uses the same shared credential resolution contract as other Gateway clients:
 
@@ -957,7 +965,7 @@ Default slash command settings:
     - remote-mode support via `gateway.remote.*` when applicable
     - URL overrides are override-safe: CLI overrides do not reuse implicit credentials, and env overrides use env credentials only
 
-    If approvals fail with unknown approval IDs, verify approver list and feature enablement.
+    Exec approvals expire after 30 minutes by default. If approvals fail with unknown approval IDs, verify approver resolution and feature enablement.
 
     Related docs: [Exec approvals](/tools/exec-approvals)
 
@@ -988,7 +996,7 @@ Default gate behavior:
 
 ## Components v2 UI
 
-OpenClaw uses Discord components v2 for exec approvals and cross-context markers. Discord message actions can also accept `components` for custom UI (advanced; requires Carbon component instances), while legacy `embeds` remain available but are not recommended.
+OpenClaw uses Discord components v2 for exec approvals and cross-context markers. Discord message actions can also accept `components` for custom UI (advanced; requires constructing a component payload via the discord tool), while legacy `embeds` remain available but are not recommended.
 
 - `channels.discord.ui.components.accentColor` sets the accent color used by Discord component containers (hex).
 - Set per account with `channels.discord.accounts.<id>.ui.components.accentColor`.
@@ -1224,7 +1232,9 @@ High-signal Discord fields:
 ## Related
 
 - [Pairing](/channels/pairing)
+- [Groups](/channels/groups)
 - [Channel routing](/channels/channel-routing)
+- [Security](/gateway/security)
 - [Multi-agent routing](/concepts/multi-agent)
 - [Troubleshooting](/channels/troubleshooting)
 - [Slash commands](/tools/slash-commands)

docs/channels/feishu.md

@@ -81,7 +81,7 @@ Lark (global) tenants should use [https://open.larksuite.com/app](https://open.l
 2. Fill in the app name + description
 3. Choose an app icon
 
-![Create enterprise app](../images/feishu-step2-create-app.png)
+![Create enterprise app](/images/feishu-step2-create-app.png)
 
 ### 3. Copy credentials
 
@@ -92,7 +92,7 @@ From **Credentials & Basic Info**, copy:
 
 ❗ **Important:** keep the App Secret private.
 
-![Get credentials](../images/feishu-step3-credentials.png)
+![Get credentials](/images/feishu-step3-credentials.png)
 
 ### 4. Configure permissions
 
@@ -126,7 +126,7 @@ On **Permissions**, click **Batch import** and paste:
 }
 ```
 
-![Configure permissions](../images/feishu-step4-permissions.png)
+![Configure permissions](/images/feishu-step4-permissions.png)
 
 ### 5. Enable bot capability
 
@@ -135,7 +135,7 @@ In **App Capability** > **Bot**:
 1. Enable bot capability
 2. Set the bot name
 
-![Enable bot capability](../images/feishu-step5-bot-capability.png)
+![Enable bot capability](/images/feishu-step5-bot-capability.png)
 
 ### 6. Configure event subscription
 
@@ -151,7 +151,7 @@ In **Event Subscription**:
 
 ⚠️ If the gateway is not running, the long-connection setup may fail to save.
 
-![Configure event subscription](../images/feishu-step6-event-subscription.png)
+![Configure event subscription](/images/feishu-step6-event-subscription.png)
 
 ### 7. Publish the app
 
@@ -206,7 +206,7 @@ When using webhook mode, set both `channels.feishu.verificationToken` and `chann
 
 The screenshot below shows where to find the **Verification Token**. The **Encrypt Key** is listed in the same **Encryption** section.
 
-![Verification Token location](../images/feishu-verification-token.png)
+![Verification Token location](/images/feishu-verification-token.png)
 
 ### Configure via environment variables
 
@@ -395,6 +395,8 @@ In addition to allowing the group itself, **all messages** in that group are gat
 
 ---
 
+<a id="get-groupuser-ids"></a>
+
 ## Get group/user IDs
 
 ### Group IDs (chat_id)
@@ -748,3 +750,11 @@ Feishu currently exposes these runtime actions:
 - `channel-info`
 - `channel-list`
 - `react` and `reactions` when reactions are enabled in config
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/googlechat.md

@@ -201,6 +201,7 @@ Notes:
 - Default webhook path is `/googlechat` if `webhookPath` isn’t set.
 - `dangerouslyAllowNameMatching` re-enables mutable email principal matching for allowlists (break-glass compatibility mode).
 - Reactions are available via the `reactions` tool and `channels action` when `actions.reactions` is enabled.
+- Message actions expose `send` for text and `upload-file` for explicit attachment sends. `upload-file` accepts `media` / `filePath` / `path` plus optional `message`, `filename`, and thread targeting.
 - `typingIndicator` supports `none`, `message` (default), and `reaction` (reaction requires user OAuth).
 - Attachments are downloaded through the Chat API and stored in the media pipeline (size capped by `mediaMaxMb`).
 
@@ -259,3 +260,11 @@ Related docs:
 - [Gateway configuration](/gateway/configuration)
 - [Security](/gateway/security)
 - [Reactions](/tools/reactions)
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/groups.md

@@ -1,5 +1,5 @@
 ---
-summary: "Group chat behavior across surfaces (WhatsApp/Telegram/Discord/Slack/Signal/iMessage/Microsoft Teams/Zalo)"
+summary: "Group chat behavior across surfaces (Discord/iMessage/Matrix/Microsoft Teams/Signal/Slack/Telegram/WhatsApp/Zalo)"
 read_when:
   - Changing group chat behavior or mention gating
 title: "Groups"
@@ -7,7 +7,7 @@ title: "Groups"
 
 # Groups
 
-OpenClaw treats group chats consistently across surfaces: WhatsApp, Telegram, Discord, Slack, Signal, iMessage, Microsoft Teams, Zalo.
+OpenClaw treats group chats consistently across surfaces: Discord, iMessage, Matrix, Microsoft Teams, Signal, Slack, Telegram, WhatsApp, Zalo.
 
 ## Beginner intro (2 minutes)
 
@@ -54,6 +54,8 @@ If you want...
 - Direct chats use the main session (or per-sender if configured).
 - Heartbeats are skipped for group sessions.
 
+<a id="pattern-personal-dms-public-groups-single-agent"></a>
+
 ## Pattern: personal DMs + public groups (single agent)
 
 Yes — this works well if your “personal” traffic is **DMs** and your “public” traffic is **groups**.
@@ -187,7 +189,7 @@ Notes:
 - DM pairing approvals (`*-allowFrom` store entries) apply to DM access only; group sender authorization stays explicit to group allowlists.
 - Discord: allowlist uses `channels.discord.guilds.<id>.channels`.
 - Slack: allowlist uses `channels.slack.channels`.
-- Matrix: allowlist uses `channels.matrix.groups` (room IDs, aliases, or names). Use `channels.matrix.groupAllowFrom` to restrict senders; per-room `users` allowlists are also supported.
+- Matrix: allowlist uses `channels.matrix.groups`. Prefer room IDs or aliases; joined-room name lookup is best-effort, and unresolved names are ignored at runtime. Use `channels.matrix.groupAllowFrom` to restrict senders; per-room `users` allowlists are also supported.
 - Group DMs are controlled separately (`channels.discord.dm.*`, `channels.slack.dm.*`).
 - Telegram allowlist can match user IDs (`"123456789"`, `"telegram:123456789"`, `"tg:123456789"`) or usernames (`"@alice"` or `"alice"`); prefixes are case-insensitive.
 - Default is `groupPolicy: "allowlist"`; if your group allowlist is empty, group messages are blocked.

docs/channels/imessage.md

@@ -184,6 +184,58 @@ imsg send <handle> "test"
   </Tab>
 </Tabs>
 
+## ACP conversation bindings
+
+Legacy iMessage chats can also be bound to ACP sessions.
+
+Fast operator flow:
+
+- Run `/acp spawn codex --bind here` inside the DM or allowed group chat.
+- Future messages in that same iMessage conversation route to the spawned ACP session.
+- `/new` and `/reset` reset the same bound ACP session in place.
+- `/acp close` closes the ACP session and removes the binding.
+
+Configured persistent bindings are supported through top-level `bindings[]` entries with `type: "acp"` and `match.channel: "imessage"`.
+
+`match.peer.id` can use:
+
+- normalized DM handle such as `+15555550123` or `user@example.com`
+- `chat_id:<id>` (recommended for stable group bindings)
+- `chat_guid:<guid>`
+- `chat_identifier:<identifier>`
+
+Example:
+
+```json5
+{
+  agents: {
+    list: [
+      {
+        id: "codex",
+        runtime: {
+          type: "acp",
+          acp: { agent: "codex", backend: "acpx", mode: "persistent" },
+        },
+      },
+    ],
+  },
+  bindings: [
+    {
+      type: "acp",
+      agentId: "codex",
+      match: {
+        channel: "imessage",
+        accountId: "default",
+        peer: { kind: "group", id: "chat_id:123" },
+      },
+      acp: { label: "codex-group" },
+    },
+  ],
+}
+```
+
+See [ACP Agents](/tools/acp-agents) for shared ACP binding behavior.
+
 ## Deployment patterns
 
 <AccordionGroup>
@@ -365,3 +417,11 @@ imsg send <handle> "test"
 - [Gateway configuration](/gateway/configuration)
 - [Pairing](/channels/pairing)
 - [BlueBubbles](/channels/bluebubbles)
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/irc.md

@@ -240,3 +240,11 @@ Default account supports:
 - If the bot connects but never replies in channels, verify `channels.irc.groups` **and** whether mention-gating is dropping messages (`missing-mention`). If you want it to reply without pings, set `requireMention:false` for the channel.
 - If login fails, verify nick availability and server password.
 - If TLS fails on a custom network, verify host/port and certificate setup.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/line.md

@@ -28,7 +28,7 @@ openclaw plugins install @openclaw/line
 Local checkout (when running from a git repo):
 
 ```bash
-openclaw plugins install ./extensions/line
+openclaw plugins install ./path/to/local/line-plugin
 ```
 
 ## Setup
@@ -184,6 +184,25 @@ The LINE plugin also ships a `/card` command for Flex message presets:
 /card info "Welcome" "Thanks for joining!"
 ```
 
+## ACP support
+
+LINE supports ACP (Agent Communication Protocol) conversation bindings:
+
+- `/acp spawn <agent> --bind here` binds the current LINE chat to an ACP session without creating a child thread.
+- Configured ACP bindings and active conversation-bound ACP sessions work on LINE like other conversation channels.
+
+See [ACP agents](/tools/acp-agents) for details.
+
+## Outbound media
+
+The LINE plugin supports sending images, videos, and audio files through the agent message tool. Media is sent via the LINE-specific delivery path with appropriate preview and tracking handling:
+
+- **Images**: sent as LINE image messages with automatic preview generation.
+- **Videos**: sent with explicit preview and content-type handling.
+- **Audio**: sent as LINE audio messages.
+
+Generic media sends fall back to the existing image-only route when a LINE-specific path is not available.
+
 ## Troubleshooting
 
 - **Webhook verification fails:** ensure the webhook URL is HTTPS and the
@@ -192,3 +211,11 @@ The LINE plugin also ships a `/card` command for Flex message presets:
   and that the gateway is reachable from LINE.
 - **Media download errors:** raise `channels.line.mediaMaxMb` if media exceeds the
   default limit.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/location.md

@@ -1,5 +1,5 @@
 ---
-summary: "Inbound channel location parsing (Telegram + WhatsApp) and context fields"
+summary: "Inbound channel location parsing (Telegram/WhatsApp/Matrix) and context fields"
 read_when:
   - Adding or modifying channel location parsing
   - Using location context fields in agent prompts or tools

docs/channels/matrix.md

@@ -24,7 +24,7 @@ openclaw plugins install @openclaw/matrix
 Install from a local checkout:
 
 ```bash
-openclaw plugins install ./extensions/matrix
+openclaw plugins install ./path/to/local/matrix-plugin
 ```
 
 See [Plugins](/tools/plugin) for plugin behavior and install rules.
@@ -157,14 +157,41 @@ This is a practical baseline config with DM pairing, room allowlist, and E2EE en
       autoJoinAllowlist: ["!roomid:example.org"],
       threadReplies: "inbound",
       replyToMode: "off",
+      streaming: "partial",
     },
   },
 }
 ```
 
-## E2EE setup
+## Streaming previews
 
-## Bot to bot rooms
+Matrix reply streaming is opt-in.
+
+Set `channels.matrix.streaming` to `"partial"` when you want OpenClaw to send a single draft reply,
+edit that draft in place while the model is generating text, and then finalize it when the reply is
+done:
+
+```json5
+{
+  channels: {
+    matrix: {
+      streaming: "partial",
+    },
+  },
+}
+```
+
+- `streaming: "off"` is the default. OpenClaw waits for the final reply and sends it once.
+- `streaming: "partial"` creates one editable preview message instead of sending multiple partial messages.
+- If the preview no longer fits in one Matrix event, OpenClaw stops preview streaming and falls back to normal final delivery.
+- Media replies still send attachments normally. If a stale preview can no longer be reused safely, OpenClaw redacts it before sending the final media reply.
+- Preview edits cost extra Matrix API calls. Leave streaming off if you want the most conservative rate-limit behavior.
+
+## Encryption and verification
+
+In encrypted (E2EE) rooms, outbound image events use `thumbnail_file` so image previews are encrypted alongside the full attachment. Unencrypted rooms still use plain `thumbnail_url`. No configuration is needed — the plugin detects E2EE state automatically.
+
+### Bot to bot rooms
 
 By default, Matrix messages from other configured OpenClaw Matrix accounts are ignored.
 
@@ -401,6 +428,19 @@ Planned improvement:
 
 - add SecretRef support for persistent Matrix key material so recovery keys and related store-encryption secrets can be sourced from OpenClaw secrets providers instead of only local files
 
+## Profile management
+
+Update the Matrix self-profile for the selected account with:
+
+```bash
+openclaw matrix profile set --name "OpenClaw Assistant"
+openclaw matrix profile set --avatar-url https://cdn.example.org/avatar.png
+```
+
+Add `--account <id>` when you want to target a named Matrix account explicitly.
+
+Matrix accepts `mxc://` avatar URLs directly. When you pass an `http://` or `https://` avatar URL, OpenClaw uploads it to Matrix first and stores the resolved `mxc://` URL back into `channels.matrix.avatarUrl` (or the selected account override).
+
 ## Automatic verification notices
 
 Matrix now posts verification lifecycle notices directly into the strict DM verification room as `m.notice` messages.
@@ -470,6 +510,23 @@ Matrix supports native Matrix threads for both automatic replies and message-too
 - Top-level Matrix room/DM `/focus` creates a new Matrix thread and binds it to the target session when `threadBindings.spawnSubagentSessions=true`.
 - Running `/focus` or `/acp spawn --thread here` inside an existing Matrix thread binds that current thread instead.
 
+## ACP conversation bindings
+
+Matrix rooms, DMs, and existing Matrix threads can be turned into durable ACP workspaces without changing the chat surface.
+
+Fast operator flow:
+
+- Run `/acp spawn codex --bind here` inside the Matrix DM, room, or existing thread you want to keep using.
+- In a top-level Matrix DM or room, the current DM/room stays the chat surface and future messages route to the spawned ACP session.
+- Inside an existing Matrix thread, `--bind here` binds that current thread in place.
+- `/new` and `/reset` reset the same bound ACP session in place.
+- `/acp close` closes the ACP session and removes the binding.
+
+Notes:
+
+- `--bind here` does not create a child Matrix thread.
+- `threadBindings.spawnAcpSessions` is only required for `/acp spawn --thread auto|here`, where OpenClaw needs to create or bind a child Matrix thread.
+
 ### Thread Binding Config
 
 Matrix inherits global defaults from `session.threadBindings`, and also supports per-channel overrides:
@@ -622,6 +679,25 @@ openclaw matrix account add \
 This opt-in only allows trusted private/internal targets. Public cleartext homeservers such as
 `http://matrix.example.org:8008` remain blocked. Prefer `https://` whenever possible.
 
+## Proxying Matrix traffic
+
+If your Matrix deployment needs an explicit outbound HTTP(S) proxy, set `channels.matrix.proxy`:
+
+```json5
+{
+  channels: {
+    matrix: {
+      homeserver: "https://matrix.example.org",
+      accessToken: "syt_bot_xxx",
+      proxy: "http://127.0.0.1:7890",
+    },
+  },
+}
+```
+
+Named accounts can override the top-level default with `channels.matrix.accounts.<id>.proxy`.
+OpenClaw uses the same proxy setting for runtime Matrix traffic and account status probes.
+
 ## Target resolution
 
 Matrix accepts these target forms anywhere OpenClaw asks you for a room or user target:
@@ -643,9 +719,10 @@ Live directory lookup uses the logged-in Matrix account:
 - `defaultAccount`: preferred account ID when multiple Matrix accounts are configured.
 - `homeserver`: homeserver URL, for example `https://matrix.example.org`.
 - `allowPrivateNetwork`: allow this Matrix account to connect to private/internal homeservers. Enable this when the homeserver resolves to `localhost`, a LAN/Tailscale IP, or an internal host such as `matrix-synapse`.
+- `proxy`: optional HTTP(S) proxy URL for Matrix traffic. Named accounts can override the top-level default with their own `proxy`.
 - `userId`: full Matrix user ID, for example `@bot:example.org`.
-- `accessToken`: access token for token-based auth.
-- `password`: password for password-based login.
+- `accessToken`: access token for token-based auth. Plaintext values and SecretRef values are supported for `channels.matrix.accessToken` and `channels.matrix.accounts.<id>.accessToken` across env/file/exec providers. See [Secrets Management](/gateway/secrets).
+- `password`: password for password-based login. Plaintext values and SecretRef values are supported.
 - `deviceId`: explicit Matrix device ID.
 - `deviceName`: device display name for password login.
 - `avatarUrl`: stored self-avatar URL for profile sync and `set-profile` updates.
@@ -656,6 +733,7 @@ Live directory lookup uses the logged-in Matrix account:
 - `groupAllowFrom`: allowlist of user IDs for room traffic.
 - `groupAllowFrom` entries should be full Matrix user IDs. Unresolved names are ignored at runtime.
 - `replyToMode`: `off`, `first`, or `all`.
+- `streaming`: `off` (default) or `partial`. `partial` enables single-message draft previews with edit-in-place updates.
 - `threadReplies`: `off`, `inbound`, or `always`.
 - `threadBindings`: per-channel overrides for thread-bound session routing and lifecycle.
 - `startupVerification`: automatic self-verification request mode on startup (`if-unverified`, `off`).
@@ -666,7 +744,7 @@ Live directory lookup uses the logged-in Matrix account:
 - `ackReaction`: optional ack reaction override for this channel/account.
 - `ackReactionScope`: optional ack reaction scope override (`group-mentions`, `group-all`, `direct`, `all`, `none`, `off`).
 - `reactionNotifications`: inbound reaction notification mode (`own`, `off`).
-- `mediaMaxMb`: outbound media size cap in MB.
+- `mediaMaxMb`: media size cap in MB for Matrix media handling. It applies to outbound sends and inbound media processing.
 - `autoJoin`: invite auto-join policy (`always`, `allowlist`, `off`). Default: `off`.
 - `autoJoinAllowlist`: rooms/aliases allowed when `autoJoin` is `allowlist`. Alias entries are resolved to room IDs during invite handling; OpenClaw does not trust alias state claimed by the invited room.
 - `dm`: DM policy block (`enabled`, `policy`, `allowFrom`).
@@ -675,3 +753,11 @@ Live directory lookup uses the logged-in Matrix account:
 - `groups`: per-room policy map. Prefer room IDs or aliases; unresolved room names are ignored at runtime. Session/group identity uses the stable room ID after resolution, while human-readable labels still come from room names.
 - `rooms`: legacy alias for `groups`.
 - `actions`: per-action tool gating (`messages`, `reactions`, `pins`, `profile`, `memberInfo`, `channelInfo`, `verification`).
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/mattermost.md

@@ -25,7 +25,7 @@ openclaw plugins install @openclaw/mattermost
 Local checkout (when running from a git repo):
 
 ```bash
-openclaw plugins install ./extensions/mattermost
+openclaw plugins install ./path/to/local/mattermost-plugin
 ```
 
 If you choose Mattermost during setup and a git checkout is detected,
@@ -425,3 +425,11 @@ Mattermost supports multiple accounts under `channels.mattermost.accounts`:
 - Gateway logs `missing _token in context`: the `_token` field is not in the button's context. Ensure it is included when building the integration payload.
 - Confirmation shows raw ID instead of button name: `context.action_id` does not match the button's `id`. Set both to the same sanitized value.
 - Agent doesn't know about buttons: add `capabilities: ["inlineButtons"]` to the Mattermost channel config.
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/msteams.md

@@ -11,7 +11,7 @@ title: "Microsoft Teams"
 
 Updated: 2026-01-21
 
-Status: text + DM attachments are supported; channel/group file sending requires `sharePointSiteId` + Graph permissions (see [Sending files in group chats](#sending-files-in-group-chats)). Polls are sent via Adaptive Cards.
+Status: text + DM attachments are supported; channel/group file sending requires `sharePointSiteId` + Graph permissions (see [Sending files in group chats](#sending-files-in-group-chats)). Polls are sent via Adaptive Cards. Message actions expose explicit `upload-file` for file-first sends.
 
 ## Plugin required
 
@@ -30,7 +30,7 @@ openclaw plugins install @openclaw/msteams
 Local checkout (when running from a git repo):
 
 ```bash
-openclaw plugins install ./extensions/msteams
+openclaw plugins install ./path/to/local/msteams-plugin
 ```
 
 If you choose Teams during setup and a git checkout is detected,
@@ -242,7 +242,7 @@ This is often easier than hand-editing JSON manifests.
 
 1. **Install the Microsoft Teams plugin**
    - From npm: `openclaw plugins install @openclaw/msteams`
-   - From a local checkout: `openclaw plugins install ./extensions/msteams`
+   - From a local checkout: `openclaw plugins install ./path/to/local/msteams-plugin`
 
 2. **Bot registration**
    - Create an Azure Bot (see above) and note:
@@ -527,6 +527,7 @@ Teams recently introduced two channel UI styles over the same underlying data mo
 
 - **DMs:** Images and file attachments work via Teams bot file APIs.
 - **Channels/groups:** Attachments live in M365 storage (SharePoint/OneDrive). The webhook payload only includes an HTML stub, not the actual file bytes. **Graph API permissions are required** to download channel attachments.
+- For explicit file-first sends, use `action=upload-file` with `media` / `filePath` / `path`; optional `message` becomes the accompanying text/comment, and `filename` overrides the uploaded name.
 
 Without Graph permissions, channel messages with images will be received as text-only (the image content is not accessible to the bot).
 By default, OpenClaw only downloads media from Microsoft/Teams hostnames. Override with `channels.msteams.mediaAllowHosts` (use `["*"]` to allow any host).
@@ -778,3 +779,11 @@ Bots have limited support in private channels:
 - [RSC permissions reference](https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent)
 - [Teams bot file handling](https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/bots-filesv4) (channel/group requires Graph)
 - [Proactive messaging](https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/conversations/send-proactive-messages)
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/nextcloud-talk.md

@@ -22,7 +22,7 @@ openclaw plugins install @openclaw/nextcloud-talk
 Local checkout (when running from a git repo):
 
 ```bash
-openclaw plugins install ./extensions/nextcloud-talk
+openclaw plugins install ./path/to/local/nextcloud-talk-plugin
 ```
 
 If you choose Nextcloud Talk during setup and a git checkout is detected,
@@ -136,3 +136,11 @@ Provider options:
 - `channels.nextcloud-talk.blockStreaming`: disable block streaming for this channel.
 - `channels.nextcloud-talk.blockStreamingCoalesce`: block streaming coalesce tuning.
 - `channels.nextcloud-talk.mediaMaxMb`: inbound media cap (MB).
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening

docs/channels/nostr.md

@@ -35,7 +35,7 @@ openclaw plugins install @openclaw/nostr
 Use a local checkout (dev workflows):
 
 ```bash
-openclaw plugins install --link <path-to-openclaw>/extensions/nostr
+openclaw plugins install --link <path-to-local-nostr-plugin>
 ```
 
 Restart the Gateway after installing or enabling plugins.
@@ -247,3 +247,11 @@ docker run -p 7777:7777 ghcr.io/hoytech/strfry
 - Direct messages only (no group chats).
 - No media attachments.
 - NIP-04 only (NIP-17 gift-wrap planned).
+
+## Related
+
+- [Channels Overview](/channels) — all supported channels
+- [Pairing](/channels/pairing) — DM authentication and pairing flow
+- [Groups](/channels/groups) — group chat behavior and mention gating
+- [Channel Routing](/channels/channel-routing) — session routing for messages
+- [Security](/gateway/security) — access model and hardening