fix(plugins): reject unsafe staged runtime symlinks

fix(plugins): harden staged runtime aliasing
fix(plugins): share bundled runtime SDK alias prep
2026-06-22 23:13:42 +08:00 · 2026-04-23 17:28:45 -05:00 · 2026-04-23 17:20:25 -05:00 · 2026-04-23 17:00:40 -05:00
3804 changed files with 41021 additions and 220675 deletions
--- a/.agents/skills/blacksmith-testbox/SKILL.md
+++ b/.agents/skills/blacksmith-testbox/SKILL.md
@@ -1,6 +1,11 @@
 ---
 name: blacksmith-testbox
-description: Run Blacksmith Testbox for CI-parity checks, secrets, hosted services, migrations, or builds local cannot reproduce.
+description: >
+  Validate code changes against real CI when local execution is not
+  enough. Use for CI-parity checks, secrets/services, migrations, or
+  builds/tests that cannot run reliably on the local machine. Do not
+  replace repo-documented local test/build loops just because this
+  skill exists.
 ---

 # Blacksmith Testbox
--- a/.agents/skills/openclaw-ghsa-maintainer/SKILL.md
+++ b/.agents/skills/openclaw-ghsa-maintainer/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-ghsa-maintainer
-description: Inspect, patch, validate, publish, or confirm OpenClaw GHSA security advisories and private-fork state.
+description: Maintainer workflow for OpenClaw GitHub Security Advisories (GHSA). Use when Codex needs to inspect, patch, validate, or publish a repo advisory, verify private-fork state, prepare advisory Markdown or JSON payloads safely, handle GHSA API-specific publish constraints, or confirm advisory publish success.
 ---

 # OpenClaw GHSA Maintainer
--- a/.agents/skills/openclaw-parallels-smoke/SKILL.md
+++ b/.agents/skills/openclaw-parallels-smoke/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-parallels-smoke
-description: Run, rerun, debug, or interpret OpenClaw Parallels install, onboarding, gateway smoke, and upgrade checks.
+description: End-to-end Parallels smoke, upgrade, and rerun workflow for OpenClaw across macOS, Windows, and Linux guests. Use when Codex needs to run, rerun, debug, or interpret VM-based install, onboarding, gateway smoke tests, latest-release-to-main upgrade checks, fresh snapshot retests, or optional Discord roundtrip verification under Parallels.
 ---

 # OpenClaw Parallels Smoke
--- a/.agents/skills/openclaw-pr-maintainer/SKILL.md
+++ b/.agents/skills/openclaw-pr-maintainer/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-pr-maintainer
-description: Review, triage, close, label, comment on, or land OpenClaw PRs/issues with maintainer evidence checks.
+description: Maintainer workflow for reviewing, triaging, preparing, closing, or landing OpenClaw pull requests and related issues. Use when Codex needs to validate bug-fix claims, search for related issues or PRs, apply or recommend close/reason labels, prepare GitHub comments safely, check review-thread follow-up, or perform maintainer-style PR decision making before merge or closure.
 ---

 # OpenClaw PR Maintainer
@@ -68,7 +68,6 @@ gh search issues --repo openclaw/openclaw --match title,body --limit 50 \
 - Keep commit messages concise and action-oriented.
 - Group related changes; avoid bundling unrelated refactors.
 - Use `.github/pull_request_template.md` for PR submissions and `.github/ISSUE_TEMPLATE/` for issues.
- Do not commit PR-only artifacts such as screenshots under `.github/pr-assets`; attach them to the PR/comment or use an external artifact store instead.

 ## Extra safety

--- a/.agents/skills/openclaw-qa-testing/SKILL.md
+++ b/.agents/skills/openclaw-qa-testing/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-qa-testing
-description: Run, watch, debug, extend, or explain OpenClaw qa-lab and qa-channel scenarios, artifacts, and live lanes.
+description: Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
 ---

 # OpenClaw QA Testing
@@ -49,66 +49,6 @@ pnpm openclaw qa suite \
 5. If the user wants to watch the live UI, find the current `openclaw-qa` listen port and report `http://127.0.0.1:<port>`.
 6. If a scenario fails, fix the product or harness root cause, then rerun the full lane.

-## QA credentials and 1Password
-
- Use `op` only inside `tmux` for QA secret lookup in this repo.
- Quick auth check inside tmux:
-
-```bash
-op account list
-```
-
- Direct Telegram npm live test secrets currently live in 1Password item:
-  - vault: `OpenClaw`
-  - item: `Telegram E2E`
- That item is the first place to look for:
-  - `OPENCLAW_QA_TELEGRAM_DRIVER_BOT_TOKEN`
-  - `OPENCLAW_QA_TELEGRAM_SUT_BOT_TOKEN`
-  - `OPENCLAW_QA_PROVIDER_MODE`
-  - `OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC`
- Convex QA secrets currently live in 1Password items:
-  - vault: `OpenClaw`
-  - item: `OPENCLAW_QA_CONVEX_SITE_URL`
-  - item: `OPENCLAW_QA_CONVEX_SECRET_MAINTAINER`
-  - item: `OPENCLAW_QA_CONVEX_SECRET_CI`
- Additional related notes/login items seen during QA credential work:
-  - vault: `Private`
-  - items: `OPENCLAW QA`, `Convex`, `Telegram`
- If a required value is missing from those notes:
-  - do not guess
-  - ask the maintainer/operator for the current value or the current 1Password item name
-  - for Telegram direct runs, `OPENCLAW_QA_TELEGRAM_GROUP_ID` may be stored separately from `Telegram E2E`
-  - for Convex runs, the leased Telegram credential should provide the Telegram group id and bot tokens together; do not require a separate `OPENCLAW_QA_TELEGRAM_GROUP_ID`
-  - for Convex runs, prefer `OpenClaw/OPENCLAW_QA_CONVEX_SITE_URL`; if that is stale or unclear, ask for the active pool URL before running
- Prefer direct Telegram envs for the npm Telegram Docker lane when available:
-
-```bash
-OPENCLAW_QA_TELEGRAM_GROUP_ID="..." \
-OPENCLAW_QA_TELEGRAM_DRIVER_BOT_TOKEN="..." \
-OPENCLAW_QA_TELEGRAM_SUT_BOT_TOKEN="..." \
-OPENCLAW_QA_PROVIDER_MODE="mock-openai" \
-OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC="openclaw@beta" \
-pnpm test:docker:npm-telegram-live
-```
-
- Prefer Convex mode when the goal is stable shared QA infra:
-  - round-robin credential leasing
-  - thinner wrapper for channel-specific setup
-  - CLI/admin flows around the pooled credentials
- Live npm Telegram Docker lane note:
-  - `scripts/e2e/npm-telegram-live-runner.ts` reads `OPENCLAW_NPM_TELEGRAM_PROVIDER_MODE`
-  - do not assume `OPENCLAW_QA_PROVIDER_MODE` is consumed by that wrapper
-  - if a 1Password note only gives `OPENCLAW_QA_PROVIDER_MODE`, map it explicitly to `OPENCLAW_NPM_TELEGRAM_PROVIDER_MODE` before running the Docker lane
- Verified live shape:
-  - Convex mode can pass the real Docker lane without direct Telegram env vars
-  - leased Telegram payload includes the group id coupled to the driver/SUT tokens
-  - a real run of `pnpm test:docker:npm-telegram-live` passed with:
-    - `OPENCLAW_QA_CREDENTIAL_SOURCE=convex`
-    - `OPENCLAW_QA_CREDENTIAL_ROLE=maintainer`
-    - `OPENCLAW_QA_CONVEX_SITE_URL`
-    - `OPENCLAW_QA_CONVEX_SECRET_MAINTAINER`
-    - `OPENCLAW_NPM_TELEGRAM_PROVIDER_MODE=mock-openai`
-
 ## Character evals

 Use `qa character-eval` for style/persona/vibe checks across multiple live models.
--- a/.agents/skills/openclaw-release-maintainer/SKILL.md
+++ b/.agents/skills/openclaw-release-maintainer/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-release-maintainer
-description: Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.
+description: Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
 ---

 # OpenClaw Release Maintainer
@@ -97,11 +97,6 @@ Use this skill for release and publish-time workflow. Keep ordinary development

 ## Build changelog-backed release notes

- Before release branching or tagging, rewrite the target `CHANGELOG.md`
-  section from commit history, not just from existing notes: scan commits since
-  the last reachable release tag, add missed user-facing changes, dedupe
-  overlapping entries, and sort each section from most to least interesting for
-  users.
 - Changelog entries should be user-facing, not internal release-process notes.
 - GitHub release and prerelease bodies must use the full matching
  `CHANGELOG.md` version section, not highlights or an excerpt. When creating
@@ -284,20 +279,8 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
  - `node --import tsx scripts/openclaw-npm-postpublish-verify.ts <beta-version>`
  - install/update smoke against the published beta channel
  - Docker install/update coverage that exercises the published beta package
-  - published npm Telegram proof: dispatch Actions > `NPM Telegram Beta E2E`
-    from `main` with `package_spec=openclaw@<beta-version>` and
-    `provider_mode=mock-openai`, approve `npm-release`, and require success.
-    This is the default button path for installed-package onboarding,
-    Telegram setup, and real Telegram E2E against the published npm package.
-    Use the local `pnpm test:docker:npm-telegram-live` lane with the matching
-    `OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC` and Convex CI env only as a fallback
-    or debugging path.
  - Parallels published beta install/update coverage with both OpenAI and
    Anthropic provider keys available
-  - Parallels install/update proof must keep plugin installs enabled unless the
-    operator explicitly scopes a harness-only isolation check; a lane that
-    disables bundled plugin installs is not valid plugin/dependency release
-    evidence.
  - targeted QA reruns only for areas touched by fixes after the full pre-npm
    roster, unless the operator requests the full QA roster again. If the fix
    touches live channel QA, credential plumbing, Matrix, Telegram, or the QA
@@ -346,17 +329,10 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
  `openclaw/releases-private/.github/workflows/openclaw-npm-dist-tags.yml`
  workflow because `npm dist-tag` management needs `NPM_TOKEN`, while the
  public npm release workflow stays OIDC-only.
- Prefer fixing the private workflow token path over any local 1Password
-  fallback. The desired setup is a granular npm token stored as the private
-  repo's `NPM_TOKEN` secret, scoped to the `openclaw` package with read/write
-  and 2FA bypass for automation.
 - If the private dist-tag workflow cannot promote because `NPM_TOKEN` is absent
  or stale, use the local tmux + 1Password fallback:
  - Start or reuse a tmux session so interactive `npm login` and OTP prompts
    are observable and recoverable.
-  - Hard rule: never run `op` directly in the main agent shell during release
-    work. Any 1Password CLI use must happen inside that tmux session so prompts
-    and alerts are contained and observable.
  - Use the 1Password item `op://Private/Npmjs` for npm credentials and OTP.
    Do not print passwords, tokens, or OTPs to the transcript; send them through
    tmux buffers, env vars scoped to the tmux command, or `expect` with
@@ -526,11 +502,9 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
 23. Run the post-published beta verification roster. If any lane fails after
    the beta tag/package is pushed or published, fix, commit/push/pull,
    increment to the next beta tag, and restart at the full pre-npm beta test
-    roster for the new beta. The roster includes the manual Actions >
-    `NPM Telegram Beta E2E` workflow against the exact published beta package.
-    If a pre-npm lane fails before any tag/package leaves the machine, fix and
-    rerun the same intended beta attempt. Repeat up to the operator's
-    authorized beta-attempt limit, normally 4.
+    roster for the new beta. If a pre-npm lane fails before any tag/package
+    leaves the machine, fix and rerun the same intended beta attempt. Repeat up
+    to the operator's authorized beta-attempt limit, normally 4.
 24. Announce the beta/stable release on Discord best-effort using Peter's bot
    token from `.profile`.
 25. If the operator requested beta only, stop after beta verification and the
--- a/.agents/skills/openclaw-secret-scanning-maintainer/SKILL.md
+++ b/.agents/skills/openclaw-secret-scanning-maintainer/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-secret-scanning-maintainer
-description: Triage, redact, clean up, and resolve OpenClaw GitHub Secret Scanning alerts in issues or PRs.
+description: Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
 ---

 # OpenClaw Secret Scanning Maintainer
--- a/.agents/skills/openclaw-test-heap-leaks/SKILL.md
+++ b/.agents/skills/openclaw-test-heap-leaks/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-test-heap-leaks
-description: Investigate OpenClaw pnpm test memory growth, Vitest OOMs, RSS spikes, and heap snapshot deltas.
+description: Investigate `pnpm test` memory growth, Vitest worker OOMs, and suspicious RSS increases in OpenClaw using the `scripts/test-parallel.mjs` heap snapshot tooling. Use when Codex needs to reproduce test-lane memory growth, collect repeated `.heapsnapshot` files, compare snapshots from the same worker PID, triage likely transformed-module retention versus likely runtime leaks, and fix or reduce the impact by patching cleanup logic or isolating hotspot tests.
 ---

 # OpenClaw Test Heap Leaks
--- a/.agents/skills/openclaw-test-performance/SKILL.md
+++ b/.agents/skills/openclaw-test-performance/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: openclaw-test-performance
-description: Benchmark, diagnose, and optimize OpenClaw test runtime, import hotspots, CPU/RSS, and slow coverage paths.
+description: Benchmark, diagnose, and optimize OpenClaw test performance without losing coverage. Use when Codex needs to reassess `pnpm test`, compare grouped Vitest reports, identify CPU/memory/import hotspots, fix slow tests or cold runtime paths, preserve behavior proofs, update the performance report, add AGENTS guardrails, and make scoped commits/pushes for OpenClaw test-speed work.
 ---

 # OpenClaw Test Performance
--- a/.agents/skills/optimizetests/SKILL.md
+++ b/.agents/skills/optimizetests/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: optimizetests
-description: Optimize OpenClaw slow tests, imports, misplaced coverage, and CI wall time without dropping coverage.
+description: Optimize OpenClaw test runtime end to end. Use when the user asks for /optimizetests, slow-test review, import optimization, deduping tests, moving misplaced core coverage to extensions, or reducing CI/test wall time without adding shards or dropping coverage.
 ---

 # Optimize Tests
--- a/.agents/skills/parallels-discord-roundtrip/SKILL.md
+++ b/.agents/skills/parallels-discord-roundtrip/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: parallels-discord-roundtrip
-description: Run macOS Parallels smoke with Discord send, host verification, host reply, and guest readback proof.
+description: Run the macOS Parallels smoke harness with Discord end-to-end roundtrip verification, including guest send, host verification, host reply, and guest readback.
 ---

 # Parallels Discord Roundtrip
--- a/.agents/skills/security-triage/SKILL.md
+++ b/.agents/skills/security-triage/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: security-triage
-description: Triage OpenClaw security advisories, drafts, and GHSA reports with shipped-tag and trust-model proof.
+description: Triage GitHub security advisories for OpenClaw with high-confidence close/keep decisions, exact tag and commit verification, trust-model checks, optional hardening notes, and a final reply ready to post and copy to clipboard.
 ---

 # Security Triage
--- a/.agents/skills/tag-duplicate-prs-issues/SKILL.md
+++ b/.agents/skills/tag-duplicate-prs-issues/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: tag-duplicate-prs-issues
-description: Search duplicate OpenClaw PRs/issues, group related work in prtags, and sync duplicate state to GitHub.
+description: Maintainer workflow for deciding whether an OpenClaw pull request or issue is a duplicate, gathering evidence with ghreplica and pr-search-cli, grouping related work in prtags, and syncing the duplicate grouping back to GitHub through prtags. Use when Codex needs to search for duplicate PRs or issues, create or reuse a duplicate group, enforce one-group-per-target discipline, save duplicate judgments in prtags, or prepare group state for comment sync.
 ---

 # Tag Duplicate PRs and Issues
--- a/.dockerignore
+++ b/.dockerignore
@@ -8,14 +8,6 @@

 .bun-cache
 .bun
-.artifacts
-**/.artifacts
-.local
-**/.local
-.pi
-**/.pi
-__openclaw_vitest__
-**/__openclaw_vitest__
 .tmp
 **/.tmp
 .DS_Store
@@ -46,9 +38,6 @@ docs/.generated
 *.log
 tmp
 **/tmp
-dist-runtime
-**/dist-runtime
-openclaw-path-alias-*

 # build artifacts
 dist
--- a/.github/codeql/codeql-javascript-typescript.yml
+++ b/.github/codeql/codeql-javascript-typescript.yml
@@ -12,9 +12,6 @@ paths-ignore:
  - docs
  - "**/node_modules"
  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
  - "**/*.test.ts"
  - "**/*.test.tsx"
  - "**/*.e2e.test.ts"
--- a/.github/codex/prompts/docs-agent.md
+++ b/.github/codex/prompts/docs-agent.md
@@ -23,7 +23,7 @@ Allowed paths:
 Required workflow:

 1. Run `pnpm docs:list` if available and read relevant docs based on `read_when` hints.
-2. Inspect the triggering event via `$GITHUB_EVENT_PATH`, then review `$DOCS_AGENT_BASE_SHA..$DOCS_AGENT_HEAD_SHA` and its changed files. If either env var is missing, fall back to the event payload.
+2. Inspect the triggering event via `$GITHUB_EVENT_PATH`, then review the relevant commit range and changed files.
 3. Update stale existing documentation, if needed.
 4. Run `pnpm check:docs` if dependencies are available.
 5. Leave the worktree clean if no docs need changes.
--- a/.github/codex/prompts/test-performance-agent.md
+++ b/.github/codex/prompts/test-performance-agent.md
@@ -18,7 +18,6 @@ Hard limits:
 - Do not update snapshots, generated baselines, inventories, ignore files, lockfiles, package metadata, CI workflows, or release metadata.
 - Do not add dependencies.
 - Do not create, delete, or rename files.
- Do not do broad refactors or style-only rewrites.
 - Keep changes minimal and focused on the slow or failing tests you can justify from the report.
 - Prefer no edit when a performance improvement is speculative.
 - If `.artifacts/test-perf/baseline-before.json` has `"failed": true`, do not make performance-only edits. First inspect the failed config logs. Edit only when the test failure has an obvious, coverage-preserving fix. If no obvious failure fix exists, leave the worktree clean.
@@ -27,7 +26,6 @@ Good fixes:

 - Replace broad partial module mocks, especially `importOriginal()` mocks, with narrow injected dependencies or local runtime seams.
 - Avoid importing heavy barrels in hot tests when a narrow module or helper covers the same behavior.
- Add or adjust a production lazy/injection seam only when that is the narrowest way to preserve coverage while removing expensive imports or fixing an obvious mock/import failure.
 - Move expensive setup from per-test hooks to shared setup only when state isolation remains correct.
 - Reuse existing fixtures/builders instead of recreating expensive work per case.
 - Mock expensive runtime boundaries directly: filesystem crawls, package registries, provider SDKs, network/process launch, browser/runtime scanners.
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -24,16 +24,6 @@
      - any-glob-to-any-file:
          - "extensions/googlechat/**"
          - "docs/channels/googlechat.md"
-"plugin: google-meet":
-  - changed-files:
-      - any-glob-to-any-file:
-          - "extensions/google-meet/**"
-          - "docs/plugins/google-meet.md"
-"plugin: bonjour":
-  - changed-files:
-      - any-glob-to-any-file:
-          - "extensions/bonjour/**"
-          - "docs/gateway/bonjour.md"
 "channel: imessage":
  - changed-files:
      - any-glob-to-any-file:
@@ -315,11 +305,6 @@
  - changed-files:
      - any-glob-to-any-file:
          - "extensions/lmstudio/**"
-"extensions: litellm":
-  - changed-files:
-      - any-glob-to-any-file:
-          - "extensions/litellm/**"
-          - "docs/providers/litellm.md"
 "extensions: openai":
  - changed-files:
      - any-glob-to-any-file:
@@ -356,11 +341,6 @@
  - changed-files:
      - any-glob-to-any-file:
          - "extensions/qianfan/**"
-"extensions: senseaudio":
-  - changed-files:
-      - any-glob-to-any-file:
-          - "extensions/senseaudio/**"
-          - "docs/providers/senseaudio.md"
 "extensions: synthetic":
  - changed-files:
      - any-glob-to-any-file:
@@ -377,11 +357,6 @@
  - changed-files:
      - any-glob-to-any-file:
          - "extensions/together/**"
-"extensions: tts-local-cli":
-  - changed-files:
-      - any-glob-to-any-file:
-          - "extensions/tts-local-cli/**"
-          - "docs/tools/tts.md"
 "extensions: venice":
  - changed-files:
      - any-glob-to-any-file:
@@ -402,7 +377,3 @@
  - changed-files:
      - any-glob-to-any-file:
          - "extensions/fal/**"
-"extensions: gradium":
-  - changed-files:
-      - any-glob-to-any-file:
-          - "extensions/gradium/**"
--- a/.github/pr-assets/compaction-checkpoints/sessions-checkpoints-inline.png
+++ b/.github/pr-assets/compaction-checkpoints/sessions-checkpoints-inline.png
--- a/.github/pr-assets/compaction-checkpoints/sessions-overview-inline.png
+++ b/.github/pr-assets/compaction-checkpoints/sessions-overview-inline.png
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,9 +3,6 @@ name: CI
 on:
  push:
    branches: [main]
-    paths-ignore:
-      - "**/*.md"
-      - "docs/**"
  pull_request:
    types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]

@@ -40,7 +37,6 @@ jobs:
      has_changed_extensions: ${{ steps.manifest.outputs.has_changed_extensions }}
      changed_extensions_matrix: ${{ steps.manifest.outputs.changed_extensions_matrix }}
      run_build_artifacts: ${{ steps.manifest.outputs.run_build_artifacts }}
-      run_checks_fast_core: ${{ steps.manifest.outputs.run_checks_fast_core }}
      run_checks_fast: ${{ steps.manifest.outputs.run_checks_fast }}
      checks_fast_core_matrix: ${{ steps.manifest.outputs.checks_fast_core_matrix }}
      channel_contracts_matrix: ${{ steps.manifest.outputs.channel_contracts_matrix }}
@@ -131,9 +127,6 @@ jobs:
          OPENCLAW_CI_RUN_MACOS: ${{ steps.changed_scope.outputs.run_macos || 'false' }}
          OPENCLAW_CI_RUN_ANDROID: ${{ steps.changed_scope.outputs.run_android || 'false' }}
          OPENCLAW_CI_RUN_WINDOWS: ${{ steps.changed_scope.outputs.run_windows || 'false' }}
-          OPENCLAW_CI_RUN_NODE_FAST_ONLY: ${{ steps.changed_scope.outputs.run_node_fast_only || 'false' }}
-          OPENCLAW_CI_RUN_NODE_FAST_PLUGIN_CONTRACTS: ${{ steps.changed_scope.outputs.run_node_fast_plugin_contracts || 'false' }}
-          OPENCLAW_CI_RUN_NODE_FAST_CI_ROUTING: ${{ steps.changed_scope.outputs.run_node_fast_ci_routing || 'false' }}
          OPENCLAW_CI_RUN_SKILLS_PYTHON: ${{ steps.changed_scope.outputs.run_skills_python || 'false' }}
          OPENCLAW_CI_RUN_CONTROL_UI_I18N: ${{ steps.changed_scope.outputs.run_control_ui_i18n || 'false' }}
          OPENCLAW_CI_HAS_CHANGED_EXTENSIONS: ${{ steps.changed_extensions.outputs.has_changed_extensions || 'false' }}
@@ -177,23 +170,12 @@ jobs:
          const docsOnly = parseBoolean(process.env.OPENCLAW_CI_DOCS_ONLY);
          const docsChanged = parseBoolean(process.env.OPENCLAW_CI_DOCS_CHANGED);
          const runNode = parseBoolean(process.env.OPENCLAW_CI_RUN_NODE) && !docsOnly;
-          const runNodeFastOnly =
-            runNode && parseBoolean(process.env.OPENCLAW_CI_RUN_NODE_FAST_ONLY);
-          const runNodeFull = runNode && !runNodeFastOnly;
-          const runNodeFastPluginContracts =
-            runNode && parseBoolean(process.env.OPENCLAW_CI_RUN_NODE_FAST_PLUGIN_CONTRACTS);
-          const runNodeFastCiRouting =
-            runNode && parseBoolean(process.env.OPENCLAW_CI_RUN_NODE_FAST_CI_ROUTING);
-          const runChecksFastCore = runNodeFull || runNodeFastPluginContracts || runNodeFastCiRouting;
          const runMacos =
            parseBoolean(process.env.OPENCLAW_CI_RUN_MACOS) && !docsOnly && isCanonicalRepository;
          const runAndroid =
            parseBoolean(process.env.OPENCLAW_CI_RUN_ANDROID) && !docsOnly && isCanonicalRepository;
          const runWindows =
-            parseBoolean(process.env.OPENCLAW_CI_RUN_WINDOWS) &&
-            !docsOnly &&
-            !runNodeFastOnly &&
-            isCanonicalRepository;
+            parseBoolean(process.env.OPENCLAW_CI_RUN_WINDOWS) && !docsOnly && isCanonicalRepository;
          const runSkillsPython = parseBoolean(process.env.OPENCLAW_CI_RUN_SKILLS_PYTHON) && !docsOnly;
          const runControlUiI18n =
            parseBoolean(process.env.OPENCLAW_CI_RUN_CONTROL_UI_I18N) && !docsOnly;
@@ -206,49 +188,18 @@ jobs:
            ? DEFAULT_EXTENSION_TEST_SHARD_COUNT
            : Math.max(DEFAULT_EXTENSION_TEST_SHARD_COUNT, 36);
          const extensionShardMatrix = createMatrix(
-            runNodeFull
+            runNode
              ? createExtensionTestShards({
                  shardCount: extensionTestShardCount,
                }).map((shard) => ({
                  check_name: shard.checkName,
                  extensions_csv: shard.extensionIds.join(","),
-                  runner: isCanonicalRepository && [0, 3, 4].includes(shard.index)
-                    ? "blacksmith-8vcpu-ubuntu-2404"
-                    : isCanonicalRepository
-                      ? "blacksmith-4vcpu-ubuntu-2404"
-                      : "ubuntu-24.04",
                  shard_index: shard.index + 1,
                  task: "extensions-batch",
                }))
              : [],
          );
-          const checksFastCoreTasks = [];
-          if (runNodeFull) {
-            checksFastCoreTasks.push(
-              { check_name: "checks-fast-bundled", runtime: "node", task: "bundled" },
-              {
-                check_name: "checks-fast-contracts-plugins",
-                runtime: "node",
-                task: "contracts-plugins",
-              },
-            );
-          } else {
-            if (runNodeFastPluginContracts) {
-              checksFastCoreTasks.push({
-                check_name: "checks-fast-contracts-plugins",
-                runtime: "node",
-                task: runNodeFastCiRouting ? "contracts-plugins-ci-routing" : "contracts-plugins",
-              });
-            } else if (runNodeFastCiRouting) {
-              checksFastCoreTasks.push({
-                check_name: "checks-fast-ci-routing",
-                runtime: "node",
-                task: "ci-routing",
-              });
-            }
-          }
-
-          const nodeTestShards = runNodeFull
+          const nodeTestShards = runNode
            ? createNodeTestShards().map((shard) => ({
                check_name: shard.checkName,
                runtime: "node",
@@ -257,7 +208,6 @@ jobs:
                configs: shard.configs,
                includePatterns: shard.includePatterns,
                requires_dist: shard.requiresDist,
-                runner: shard.runner,
              }))
            : [];
          const nodeTestNonDistShards = nodeTestShards.filter((shard) => !shard.requires_dist);
@@ -273,17 +223,25 @@ jobs:
            run_windows: runWindows,
            has_changed_extensions: hasChangedExtensions,
            changed_extensions_matrix: changedExtensionsMatrix,
-            run_build_artifacts: runNodeFull,
-            run_checks_fast_core: runChecksFastCore,
-            run_checks_fast: runNodeFull,
-            checks_fast_core_matrix: createMatrix(checksFastCoreTasks),
-            channel_contracts_matrix: createMatrix(
-              runNodeFull ? createChannelContractTestShards() : [],
+            run_build_artifacts: runNode,
+            run_checks_fast: runNode,
+            checks_fast_core_matrix: createMatrix(
+              runNode
+                ? [
+                    { check_name: "checks-fast-bundled", runtime: "node", task: "bundled" },
+                    {
+                      check_name: "checks-fast-contracts-plugins",
+                      runtime: "node",
+                      task: "contracts-plugins",
+                    },
+                  ]
+                : [],
            ),
+            channel_contracts_matrix: createMatrix(runNode ? createChannelContractTestShards() : []),
            checks_node_extensions_matrix: extensionShardMatrix,
-            run_checks: runNodeFull,
+            run_checks: runNode,
            checks_matrix: createMatrix(
-              runNodeFull
+              runNode
                ? [
                    { check_name: "checks-node-channels", runtime: "node", task: "channels" },
                  ]
@@ -302,9 +260,9 @@ jobs:
                  }))
                : [],
            ),
-            run_check: runNodeFull,
-            run_check_additional: runNodeFull,
-            run_build_smoke: runNodeFull,
+            run_check: runNode,
+            run_check_additional: runNode,
+            run_build_smoke: runNode,
            run_check_docs: docsChanged,
            run_control_ui_i18n: runControlUiI18n,
            run_skills_python_job: runSkillsPython,
@@ -695,8 +653,8 @@ jobs:
      contents: read
    name: ${{ matrix.check_name }}
    needs: [preflight]
-    if: needs.preflight.outputs.run_checks_fast_core == 'true'
-    runs-on: ${{ github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04' }}
+    if: needs.preflight.outputs.run_checks_fast == 'true'
+    runs-on: ubuntu-24.04
    timeout-minutes: 60
    strategy:
      fail-fast: false
@@ -772,13 +730,6 @@ jobs:
            contracts-plugins)
              pnpm test:contracts:plugins
              ;;
-            contracts-plugins-ci-routing)
-              pnpm test:contracts:plugins
-              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/test-projects.test.ts
-              ;;
-            ci-routing)
-              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/test-projects.test.ts
-              ;;
            *)
              echo "Unsupported checks-fast task: $TASK" >&2
              exit 1
@@ -962,7 +913,7 @@ jobs:
    name: ${{ matrix.check_name }}
    needs: [preflight]
    if: needs.preflight.outputs.run_checks_fast == 'true'
-    runs-on: ${{ matrix.runner }}
+    runs-on: ${{ github.repository == 'openclaw/openclaw' && 'blacksmith-8vcpu-ubuntu-2404' || 'ubuntu-24.04' }}
    timeout-minutes: 60
    strategy:
      fail-fast: false
@@ -1024,7 +975,7 @@ jobs:
      - name: Run extension shard
        env:
          NODE_OPTIONS: --max-old-space-size=6144
-          OPENCLAW_EXTENSION_BATCH_PARALLEL: 2
+          OPENCLAW_EXTENSION_BATCH_PARALLEL: 1
          OPENCLAW_VITEST_MAX_WORKERS: 1
          OPENCLAW_EXTENSION_BATCH: ${{ matrix.extensions_csv }}
        run: pnpm test:extensions:batch -- "$OPENCLAW_EXTENSION_BATCH"
@@ -1084,8 +1035,8 @@ jobs:
      contents: read
    name: checks-node-compat-node22
    needs: [preflight]
-    if: needs.preflight.outputs.run_build_artifacts == 'true' && github.event_name == 'push'
-    runs-on: ${{ github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04' }}
+    if: needs.preflight.outputs.run_node == 'true' && github.event_name == 'push'
+    runs-on: ${{ github.repository == 'openclaw/openclaw' && 'blacksmith-8vcpu-ubuntu-2404' || 'ubuntu-24.04' }}
    timeout-minutes: 60
    steps:
      - name: Checkout
@@ -1162,7 +1113,10 @@ jobs:
    name: ${{ matrix.check_name }}
    needs: [preflight]
    if: needs.preflight.outputs.run_checks_node_core_nondist == 'true'
-    runs-on: ${{ github.repository == 'openclaw/openclaw' && (matrix.runner || 'ubuntu-24.04') || 'ubuntu-24.04' }}
+    # Keep core shards on GitHub-hosted runners. The Blacksmith pool is already
+    # occupied by build and extension shards; queueing these shards there hides
+    # actual test-speed improvements behind runner wait time.
+    runs-on: ubuntu-24.04
    timeout-minutes: 60
    strategy:
      fail-fast: false
@@ -1390,15 +1344,7 @@ jobs:
      - name: Run changed extension tests
        env:
          OPENCLAW_CHANGED_EXTENSION: ${{ matrix.extension }}
-        run: |
-          set -euo pipefail
-          if [ "$OPENCLAW_CHANGED_EXTENSION" = "telegram" ]; then
-            export OPENCLAW_VITEST_MAX_WORKERS=1
-            export NODE_OPTIONS="${NODE_OPTIONS:+$NODE_OPTIONS }--max-old-space-size=6144"
-            pnpm test:extension "$OPENCLAW_CHANGED_EXTENSION" -- --pool=forks
-            exit 0
-          fi
-          pnpm test:extension "$OPENCLAW_CHANGED_EXTENSION"
+        run: pnpm test:extension "$OPENCLAW_CHANGED_EXTENSION"

  # Types, lint, and format check shards.
  check-shard:
@@ -1418,16 +1364,16 @@ jobs:
            runner: ubuntu-24.04
          - check_name: check-prod-types
            task: prod-types
-            runner: blacksmith-4vcpu-ubuntu-2404
+            runner: ubuntu-24.04
          - check_name: check-lint
            task: lint
-            runner: blacksmith-16vcpu-ubuntu-2404
+            runner: ubuntu-24.04
          - check_name: check-policy-guards
            task: policy-guards
            runner: ubuntu-24.04
          - check_name: check-test-types
            task: test-types
-            runner: blacksmith-4vcpu-ubuntu-2404
+            runner: ubuntu-24.04
          - check_name: check-strict-smoke
            task: strict-smoke
            runner: ubuntu-24.04
@@ -1502,7 +1448,7 @@ jobs:
              pnpm tsgo:prod
              ;;
            lint)
-              pnpm lint --threads=8
+              pnpm lint
              ;;
            policy-guards)
              pnpm lint:webhook:no-low-level-body-read
@@ -1627,7 +1573,7 @@ jobs:
            packages/plugin-sdk/dist
            extensions/*/dist/.boundary-tsc.tsbuildinfo
            extensions/*/dist/.boundary-tsc.stamp
-          key: ${{ runner.os }}-extension-package-boundary-v1-${{ hashFiles('tsconfig.json', 'tsconfig.plugin-sdk.dts.json', 'packages/plugin-sdk/tsconfig.json', 'scripts/check-extension-package-tsc-boundary.mjs', 'scripts/prepare-extension-package-boundary-artifacts.mjs', 'scripts/write-plugin-sdk-entry-dts.ts', 'scripts/lib/plugin-sdk-entrypoints.json', 'scripts/lib/plugin-sdk-entries.mjs', 'src/plugin-sdk/**', 'src/auto-reply/**', 'src/video-generation/dashscope-compatible.ts', 'src/video-generation/types.ts', 'src/types/**', 'extensions/**', 'extensions/tsconfig.package-boundary*.json', 'package.json', 'pnpm-lock.yaml') }}
+          key: ${{ runner.os }}-extension-package-boundary-v1-${{ hashFiles('tsconfig.json', 'tsconfig.plugin-sdk.dts.json', 'packages/plugin-sdk/tsconfig.json', 'scripts/check-extension-package-tsc-boundary.mjs', 'scripts/prepare-extension-package-boundary-artifacts.mjs', 'scripts/write-plugin-sdk-entry-dts.ts', 'scripts/lib/plugin-sdk-entrypoints.json', 'scripts/lib/plugin-sdk-entries.mjs', 'src/plugin-sdk/**', 'src/video-generation/dashscope-compatible.ts', 'src/video-generation/types.ts', 'src/types/**', 'extensions/**', 'extensions/tsconfig.package-boundary*.json', 'package.json', 'pnpm-lock.yaml') }}
          restore-keys: |
            ${{ runner.os }}-extension-package-boundary-v1-

--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,7 +26,7 @@ jobs:
      matrix:
        include:
          - language: javascript-typescript
-            runs_on: blacksmith-32vcpu-ubuntu-2404
+            runs_on: blacksmith-16vcpu-ubuntu-2404
            needs_node: true
            needs_python: false
            needs_java: false
--- a/.github/workflows/control-ui-locale-refresh.yml
+++ b/.github/workflows/control-ui-locale-refresh.yml
@@ -137,7 +137,7 @@ jobs:
        env:
          OPENAI_API_KEY: ${{ secrets.OPENCLAW_DOCS_I18N_OPENAI_API_KEY || secrets.OPENAI_API_KEY }}
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-          OPENCLAW_CONTROL_UI_I18N_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL_BARE }}
+          OPENCLAW_CONTROL_UI_I18N_MODEL: gpt-5.4
          OPENCLAW_CONTROL_UI_I18N_THINKING: low
          LOCALE: ${{ matrix.locale }}
        run: node --import tsx scripts/control-ui-i18n.ts sync --locale "${LOCALE}" --write
--- a/.github/workflows/docs-agent.yml
+++ b/.github/workflows/docs-agent.yml
@@ -1,15 +1,16 @@
 name: Docs Agent

 on:
-  workflow_run: # zizmor: ignore[dangerous-triggers] main-only docs repair after trusted CI; job gates repository, event, branch, actor, conclusion, exact current main SHA, and hourly cadence before using write token
+  workflow_run: # zizmor: ignore[dangerous-triggers] main-only docs repair after trusted CI; job gates repository, event, branch, actor, conclusion, and exact current main SHA before using write token
    workflows:
      - CI
    types:
      - completed
+  schedule:
+    - cron: "17 5 * * *"
  workflow_dispatch:

 permissions:
-  actions: read
  contents: write

 concurrency:
@@ -40,24 +41,17 @@ jobs:
          persist-credentials: false
          submodules: false

-      - name: Gate trusted main activity and hourly cadence
-        id: gate
+      - name: Skip superseded workflow runs
+        id: superseded
        env:
          EVENT_NAME: ${{ github.event_name }}
-          GH_TOKEN: ${{ github.token }}
          WORKFLOW_HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        run: |
          set -euo pipefail

          if [ "$EVENT_NAME" != "workflow_run" ]; then
-            head_sha="$(git rev-parse HEAD)"
-            review_base="$(git rev-parse "${head_sha}^" 2>/dev/null || printf '%s' "$head_sha")"
-            {
-              echo "run_agent=true"
-              echo "base_sha=${head_sha}"
-              echo "review_base_sha=${review_base}"
-              echo "review_head_sha=${head_sha}"
-            } >> "$GITHUB_OUTPUT"
+            echo "run_agent=true" >> "$GITHUB_OUTPUT"
+            echo "base_sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
            exit 0
          fi

@@ -79,65 +73,17 @@ jobs:
            exit 0
          fi

-          runs_json="$RUNNER_TEMP/docs-agent-runs.json"
-          gh api --method GET "repos/${GITHUB_REPOSITORY}/actions/workflows/docs-agent.yml/runs" \
-            -f branch=main \
-            -f event=workflow_run \
-            -f per_page=100 > "$runs_json"
-
-          one_hour_ago="$(date -u -d '1 hour ago' +%Y-%m-%dT%H:%M:%SZ)"
-          recent_runs="$(
-            jq -r \
-              --argjson current_run_id "$GITHUB_RUN_ID" \
-              --arg one_hour_ago "$one_hour_ago" \
-              '.workflow_runs[]
-                | select(.database_id != $current_run_id)
-                | select(.created_at >= $one_hour_ago)
-                | select(.status != "cancelled")
-                | select((.conclusion // "") != "skipped")
-                | [.database_id, .status, (.conclusion // ""), .created_at, .head_sha]
-                | @tsv' "$runs_json"
-          )"
-
-          if [ -n "$recent_runs" ]; then
-            echo "Docs agent already ran or is running within the last hour; skipping."
-            printf '%s\n' "$recent_runs"
-            echo "run_agent=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          review_base="$(
-            jq -r \
-              --argjson current_run_id "$GITHUB_RUN_ID" \
-              --arg remote_main "$remote_main" \
-              '.workflow_runs[]
-                | select(.database_id != $current_run_id)
-                | select(.status != "cancelled")
-                | select((.conclusion // "") != "skipped")
-                | .head_sha
-                | select(. != null and . != "")
-                | select(. != $remote_main)
-              ' "$runs_json" | head -n 1
-          )"
-          if [ -z "$review_base" ] || ! git cat-file -e "${review_base}^{commit}" 2>/dev/null; then
-            review_base="$(git rev-parse "${remote_main}^" 2>/dev/null || printf '%s' "$remote_main")"
-          fi
-
-          {
-            echo "run_agent=true"
-            echo "base_sha=${remote_main}"
-            echo "review_base_sha=${review_base}"
-            echo "review_head_sha=${remote_main}"
-          } >> "$GITHUB_OUTPUT"
+          echo "run_agent=true" >> "$GITHUB_OUTPUT"
+          echo "base_sha=${remote_main}" >> "$GITHUB_OUTPUT"

      - name: Setup Node environment
-        if: steps.gate.outputs.run_agent == 'true'
+        if: steps.superseded.outputs.run_agent == 'true'
        uses: ./.github/actions/setup-node-env
        with:
          install-bun: "false"

      - name: Ensure docs agent key exists
-        if: steps.gate.outputs.run_agent == 'true'
+        if: steps.superseded.outputs.run_agent == 'true'
        env:
          OPENAI_API_KEY: ${{ secrets.OPENCLAW_DOCS_AGENT_OPENAI_API_KEY || secrets.OPENAI_API_KEY }}
        run: |
@@ -148,22 +94,19 @@ jobs:
          fi

      - name: Run Codex docs agent
-        if: steps.gate.outputs.run_agent == 'true'
+        if: steps.superseded.outputs.run_agent == 'true'
        uses: openai/codex-action@v1
-        env:
-          DOCS_AGENT_BASE_SHA: ${{ steps.gate.outputs.review_base_sha }}
-          DOCS_AGENT_HEAD_SHA: ${{ steps.gate.outputs.review_head_sha }}
        with:
          openai-api-key: ${{ secrets.OPENCLAW_DOCS_AGENT_OPENAI_API_KEY || secrets.OPENAI_API_KEY }}
          prompt-file: .github/codex/prompts/docs-agent.md
-          model: ${{ vars.OPENCLAW_CI_OPENAI_MODEL_BARE }}
+          model: gpt-5.4
          effort: medium
          sandbox: workspace-write
          safety-strategy: drop-sudo
          codex-args: '["--full-auto"]'

      - name: Enforce existing-docs-only patch
-        if: steps.gate.outputs.run_agent == 'true'
+        if: steps.superseded.outputs.run_agent == 'true'
        run: |
          set -euo pipefail

@@ -196,8 +139,8 @@ jobs:
          fi

      - name: Restore Node 24 path
-        if: steps.gate.outputs.run_agent == 'true'
-        run: | # zizmor: ignore[github-env] NODE_BIN is set by the trusted local setup-node-env action in this same job
+        if: steps.superseded.outputs.run_agent == 'true'
+        run: |
          set -euo pipefail
          export PATH="${NODE_BIN}:${PATH}"
          echo "${NODE_BIN}" >> "$GITHUB_PATH"
@@ -206,13 +149,13 @@ jobs:
          pnpm -v

      - name: Check docs
-        if: steps.gate.outputs.run_agent == 'true'
+        if: steps.superseded.outputs.run_agent == 'true'
        run: pnpm check:docs

      - name: Commit docs updates
-        if: steps.gate.outputs.run_agent == 'true'
+        if: steps.superseded.outputs.run_agent == 'true'
        env:
-          BASE_SHA: ${{ steps.gate.outputs.base_sha }}
+          BASE_SHA: ${{ steps.superseded.outputs.base_sha }}
          GITHUB_TOKEN: ${{ github.token }}
          TARGET_BRANCH: main
        run: |
--- a/.github/workflows/docs-sync-publish.yml
+++ b/.github/workflows/docs-sync-publish.yml
@@ -63,43 +63,18 @@ jobs:
        working-directory: publish
        run: |
          set -euo pipefail
-          remote_source_sha() {
-            git show refs/remotes/origin/main:.openclaw-sync/source.json 2>/dev/null \
-              | node -e 'const fs = require("node:fs"); try { const data = JSON.parse(fs.readFileSync(0, "utf8")); if (data.sha) process.stdout.write(data.sha); } catch {}' \
-              || true
-          }
-
-          skip_stale_source() {
-            current_source_sha="$(remote_source_sha)"
-            if [ -z "$current_source_sha" ] || [ "$current_source_sha" = "$GITHUB_SHA" ]; then
-              return
-            fi
-
-            if git -C "$GITHUB_WORKSPACE" merge-base --is-ancestor "$GITHUB_SHA" "$current_source_sha"; then
-              echo "Skipping stale publish sync for $GITHUB_SHA; origin/main already mirrors $current_source_sha."
-              exit 0
-            fi
-          }
-
          if git diff --quiet -- docs .openclaw-sync; then
            echo "No publish-repo changes."
            exit 0
          fi

-          if git fetch origin main:refs/remotes/origin/main; then
-            skip_stale_source
-          fi
-
          git config user.name "openclaw-docs-sync[bot]"
          git config user.email "openclaw-docs-sync[bot]@users.noreply.github.com"
          git add docs .openclaw-sync
          git commit -m "chore(sync): mirror docs from $GITHUB_REPOSITORY@$GITHUB_SHA"
          for attempt in 1 2 3 4 5; do
-            if git fetch origin main:refs/remotes/origin/main; then
-              skip_stale_source
-              if git rebase -X theirs origin/main && git push origin HEAD:main; then
-                exit 0
-              fi
+            if git fetch origin main && git rebase origin/main && git push origin HEAD:main; then
+              exit 0
            fi
            git rebase --abort >/dev/null 2>&1 || true
            echo "Publish sync attempt ${attempt} failed; retrying."
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -1,39 +0,0 @@
-name: Docs
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "**/*.md"
-      - "docs/**"
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ format('{0}-{1}', github.workflow, github.ref) }}
-  cancel-in-progress: true
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
-jobs:
-  docs:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 20
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 1
-          fetch-tags: false
-          persist-credentials: false
-          submodules: false
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          install-bun: "false"
-
-      - name: Check docs
-        run: pnpm check:docs
--- a/.github/workflows/install-smoke.yml
+++ b/.github/workflows/install-smoke.yml
@@ -1,32 +1,17 @@
 name: Install Smoke

 on:
-  schedule:
-    - cron: "17 3 * * *"
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
  workflow_dispatch:
-    inputs:
-      run_bun_global_install_smoke:
-        description: Run the Bun global install image-provider smoke
-        required: false
-        default: false
-        type: boolean
-  workflow_call:
-    inputs:
-      ref:
-        description: Git ref to validate
-        required: false
-        type: string
-      run_bun_global_install_smoke:
-        description: Run the Bun global install image-provider smoke
-        required: false
-        default: true
-        type: boolean

 permissions:
  contents: read

 concurrency:
-  group: ${{ github.event_name == 'workflow_dispatch' && format('{0}-manual-{1}', github.workflow, github.run_id) || format('{0}-{1}', github.workflow, github.ref) }}
+  group: ${{ github.event_name == 'workflow_dispatch' && format('{0}-manual-{1}', github.workflow, github.run_id) || github.event_name == 'pull_request' && format('{0}-{1}', github.workflow, github.event.pull_request.number) || format('{0}-{1}', github.workflow, github.ref) }}
  cancel-in-progress: true

 env:
@@ -34,148 +19,70 @@ env:

 jobs:
  preflight:
+    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
    runs-on: ubuntu-24.04
    outputs:
      docs_only: ${{ steps.manifest.outputs.docs_only }}
      run_install_smoke: ${{ steps.manifest.outputs.run_install_smoke }}
-      run_fast_install_smoke: ${{ steps.manifest.outputs.run_fast_install_smoke }}
-      run_full_install_smoke: ${{ steps.manifest.outputs.run_full_install_smoke }}
-      run_bun_global_install_smoke: ${{ steps.manifest.outputs.run_bun_global_install_smoke }}
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ inputs.ref || github.ref }}
          fetch-depth: 1
          fetch-tags: false
          persist-credentials: false
          submodules: false

+      - name: Ensure preflight base commit
+        if: github.event_name != 'workflow_dispatch'
+        uses: ./.github/actions/ensure-base-commit
+        with:
+          base-sha: ${{ github.event_name == 'push' && github.event.before || github.event.pull_request.base.sha }}
+          fetch-ref: ${{ github.event_name == 'push' && github.ref_name || github.event.pull_request.base.ref }}
+
+      - name: Detect docs-only changes
+        id: docs_scope
+        uses: ./.github/actions/detect-docs-changes
+
+      - name: Detect changed smoke scope
+        id: changed_scope
+        if: github.event_name != 'workflow_dispatch' && steps.docs_scope.outputs.docs_only != 'true'
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          if [ "${{ github.event_name }}" = "push" ]; then
+            BASE="${{ github.event.before }}"
+          else
+            BASE="${{ github.event.pull_request.base.sha }}"
+          fi
+
+          node scripts/ci-changed-scope.mjs --base "$BASE" --head HEAD
+
      - name: Build install-smoke CI manifest
        id: manifest
        env:
-          OPENCLAW_CI_EVENT_NAME: ${{ github.event_name }}
-          OPENCLAW_CI_WORKFLOW_BUN_GLOBAL_INSTALL_SMOKE: ${{ inputs.run_bun_global_install_smoke || 'false' }}
+          OPENCLAW_CI_DOCS_ONLY: ${{ steps.docs_scope.outputs.docs_only }}
+          OPENCLAW_CI_FORCE_INSTALL_SMOKE: ${{ github.event_name == 'workflow_dispatch' && 'true' || 'false' }}
+          OPENCLAW_CI_RUN_CHANGED_SMOKE: ${{ steps.changed_scope.outputs.run_changed_smoke || 'false' }}
        run: |
-          event_name="${OPENCLAW_CI_EVENT_NAME:-}"
-          workflow_bun_global_install_smoke="${OPENCLAW_CI_WORKFLOW_BUN_GLOBAL_INSTALL_SMOKE:-false}"
-          docs_only=false
-          run_fast_install_smoke=true
-          run_full_install_smoke=true
-          run_bun_global_install_smoke=false
-          run_install_smoke=true
-          if [ "$event_name" = "schedule" ]; then
-            run_bun_global_install_smoke=true
-          elif [ "$event_name" = "workflow_dispatch" ] || [ "$event_name" = "workflow_call" ]; then
-            if [ "$workflow_bun_global_install_smoke" = "true" ]; then
-              run_bun_global_install_smoke=true
-            fi
+          docs_only="${OPENCLAW_CI_DOCS_ONLY:-false}"
+          force_install_smoke="${OPENCLAW_CI_FORCE_INSTALL_SMOKE:-false}"
+          run_changed_smoke="${OPENCLAW_CI_RUN_CHANGED_SMOKE:-false}"
+          run_install_smoke=false
+          if [ "$force_install_smoke" = "true" ]; then
+            run_install_smoke=true
+          elif [ "$docs_only" != "true" ] && [ "$run_changed_smoke" = "true" ]; then
+            run_install_smoke=true
          fi
          {
            echo "docs_only=$docs_only"
            echo "run_install_smoke=$run_install_smoke"
-            echo "run_fast_install_smoke=$run_fast_install_smoke"
-            echo "run_full_install_smoke=$run_full_install_smoke"
-            echo "run_bun_global_install_smoke=$run_bun_global_install_smoke"
          } >> "$GITHUB_OUTPUT"

-  install-smoke-fast:
-    needs: [preflight]
-    if: needs.preflight.outputs.run_fast_install_smoke == 'true' && needs.preflight.outputs.run_full_install_smoke != 'true'
-    runs-on: blacksmith-16vcpu-ubuntu-2404
-    env:
-      DOCKER_BUILD_SUMMARY: "false"
-      DOCKER_BUILD_RECORD_UPLOAD: "false"
-    steps:
-      - name: Checkout CLI
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ inputs.ref || github.ref }}
-
-      - name: Set up Blacksmith Docker Builder
-        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-
-      # Blacksmith's builder owns the Docker layer cache; keep smoke builds off
-      # explicit gha cache directives so local tags still load cleanly.
-      - name: Build root Dockerfile smoke image
-        uses: useblacksmith/build-push-action@cbd1f60d194a98cb3be5523b15134501eaf0fbf3 # v2
-        with:
-          context: .
-          file: ./Dockerfile
-          build-args: |
-            OPENCLAW_DOCKER_APT_UPGRADE=0
-            OPENCLAW_EXTENSIONS=matrix
-          tags: |
-            openclaw-dockerfile-smoke:local
-            openclaw-ext-smoke:local
-          load: true
-          push: false
-          provenance: false
-
-      - name: Run root Dockerfile CLI smoke
-        run: |
-          docker run --rm --entrypoint sh openclaw-dockerfile-smoke:local -lc 'which openclaw && openclaw --version'
-
-      - name: Run agents delete shared workspace Docker CLI smoke
-        env:
-          OPENCLAW_AGENTS_DELETE_SHARED_WORKSPACE_E2E_IMAGE: openclaw-dockerfile-smoke:local
-          OPENCLAW_AGENTS_DELETE_SHARED_WORKSPACE_E2E_SKIP_BUILD: "1"
-        run: bash scripts/e2e/agents-delete-shared-workspace-docker.sh
-
-      - name: Run Docker gateway network e2e
-        env:
-          OPENCLAW_GATEWAY_NETWORK_E2E_IMAGE: openclaw-dockerfile-smoke:local
-          OPENCLAW_GATEWAY_NETWORK_E2E_SKIP_BUILD: "1"
-        run: bash scripts/e2e/gateway-network-docker.sh
-
-      - name: Smoke test Dockerfile with matrix extension build arg
-        run: |
-          docker run --rm --entrypoint sh openclaw-ext-smoke:local -lc '
-            which openclaw &&
-            openclaw --version &&
-            node -e "
-              const Module = require(\"node:module\");
-              const matrixPackage = require(\"/app/extensions/matrix/package.json\");
-              const requireFromMatrix = Module.createRequire(\"/app/extensions/matrix/package.json\");
-              const runtimeDeps = Object.keys(matrixPackage.dependencies ?? {});
-              if (runtimeDeps.length === 0) {
-                throw new Error(
-                  \"matrix package has no declared runtime dependencies; smoke cannot validate install mirroring\",
-                );
-              }
-              for (const dep of runtimeDeps) {
-                requireFromMatrix.resolve(dep);
-              }
-              const { spawnSync } = require(\"node:child_process\");
-              const run = spawnSync(\"openclaw\", [\"plugins\", \"list\", \"--json\"], { encoding: \"utf8\" });
-              if (run.status !== 0) {
-                process.stderr.write(run.stderr || run.stdout || \"plugins list failed\\n\");
-                process.exit(run.status ?? 1);
-              }
-              const parsed = JSON.parse(run.stdout);
-              const matrix = (parsed.plugins || []).find((entry) => entry.id === \"matrix\");
-              if (!matrix) {
-                throw new Error(\"matrix plugin missing from bundled plugin list\");
-              }
-              const matrixDiag = (parsed.diagnostics || []).filter(
-                (diag) =>
-                  typeof diag.source === \"string\" &&
-                  diag.source.includes(\"/extensions/matrix\") &&
-                  typeof diag.message === \"string\" &&
-                  diag.message.includes(\"extension entry escapes package directory\"),
-              );
-              if (matrixDiag.length > 0) {
-                throw new Error(
-                  \"unexpected matrix diagnostics: \" +
-                    matrixDiag.map((diag) => diag.message).join(\"; \"),
-                );
-              }
-            "
-          '
-
  install-smoke:
    needs: [preflight]
-    if: needs.preflight.outputs.run_full_install_smoke == 'true'
+    if: needs.preflight.outputs.run_install_smoke == 'true'
    runs-on: blacksmith-16vcpu-ubuntu-2404
    env:
      DOCKER_BUILD_SUMMARY: "false"
@@ -183,8 +90,6 @@ jobs:
    steps:
      - name: Checkout CLI
        uses: actions/checkout@v6
-        with:
-          ref: ${{ inputs.ref || github.ref }}

      - name: Set up Blacksmith Docker Builder
        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
@@ -217,12 +122,6 @@ jobs:
        run: |
          docker run --rm --entrypoint sh openclaw-dockerfile-smoke:local -lc 'which openclaw && openclaw --version'

-      - name: Run agents delete shared workspace Docker CLI smoke
-        env:
-          OPENCLAW_AGENTS_DELETE_SHARED_WORKSPACE_E2E_IMAGE: openclaw-dockerfile-smoke:local
-          OPENCLAW_AGENTS_DELETE_SHARED_WORKSPACE_E2E_SKIP_BUILD: "1"
-        run: bash scripts/e2e/agents-delete-shared-workspace-docker.sh
-
      - name: Run Docker gateway network e2e
        env:
          OPENCLAW_GATEWAY_NETWORK_E2E_IMAGE: openclaw-dockerfile-smoke:local
@@ -285,6 +184,7 @@ jobs:
          provenance: false

      - name: Build installer non-root image
+        if: github.event_name != 'pull_request'
        uses: useblacksmith/build-push-action@cbd1f60d194a98cb3be5523b15134501eaf0fbf3 # v2
        with:
          context: ./scripts/docker
@@ -294,14 +194,13 @@ jobs:
          push: false
          provenance: false

-      - name: Setup Node environment for installer smoke
+      - name: Setup Node environment for local pack smoke
        uses: ./.github/actions/setup-node-env
        with:
-          install-bun: ${{ needs.preflight.outputs.run_bun_global_install_smoke }}
+          install-bun: "true"
          install-deps: "true"

      - name: Run Bun global install image-provider smoke
-        if: needs.preflight.outputs.run_bun_global_install_smoke == 'true'
        env:
          OPENCLAW_BUN_GLOBAL_SMOKE_DIST_IMAGE: openclaw-dockerfile-smoke:local
          OPENCLAW_BUN_GLOBAL_SMOKE_HOST_BUILD: "0"
@@ -314,8 +213,8 @@ jobs:
          OPENCLAW_NO_ONBOARD: "1"
          OPENCLAW_INSTALL_SMOKE_SKIP_CLI: "1"
          OPENCLAW_INSTALL_SMOKE_SKIP_IMAGE_BUILD: "1"
-          OPENCLAW_INSTALL_NONROOT_SKIP_IMAGE_BUILD: "1"
-          OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT: "0"
+          OPENCLAW_INSTALL_NONROOT_SKIP_IMAGE_BUILD: ${{ github.event_name == 'pull_request' && '0' || '1' }}
+          OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT: ${{ github.event_name == 'pull_request' && '1' || '0' }}
          OPENCLAW_INSTALL_SMOKE_SKIP_NPM_GLOBAL: "1"
          OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS: "1"
          OPENCLAW_INSTALL_SMOKE_UPDATE_BASELINE: latest
@@ -325,7 +224,7 @@ jobs:

  docker-e2e-fast:
    needs: [preflight]
-    if: needs.preflight.outputs.run_fast_install_smoke == 'true' || needs.preflight.outputs.run_full_install_smoke == 'true'
+    if: needs.preflight.outputs.run_install_smoke == 'true'
    runs-on: blacksmith-16vcpu-ubuntu-2404
    timeout-minutes: 8
    env:
@@ -334,8 +233,6 @@ jobs:
    steps:
      - name: Checkout CLI
        uses: actions/checkout@v6
-        with:
-          ref: ${{ inputs.ref || github.ref }}

      - name: Set up Blacksmith Docker Builder
        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
@@ -349,5 +246,4 @@ jobs:
      - name: Run fast bundled plugin Docker E2E
        env:
          OPENCLAW_BUNDLED_CHANNEL_DEPS_E2E_IMAGE: openclaw-bundled-channel-fast:local
-          OPENCLAW_BUNDLED_CHANNEL_DOCKER_RUN_TIMEOUT: 90s
-        run: timeout 240s pnpm test:docker:bundled-channel-deps:fast
+        run: timeout 120s pnpm test:docker:bundled-channel-deps:fast
--- a/.github/workflows/npm-telegram-beta-e2e.yml
+++ b/.github/workflows/npm-telegram-beta-e2e.yml
@@ -1,210 +0,0 @@
-name: NPM Telegram Beta E2E
-
-on:
-  workflow_dispatch:
-    inputs:
-      package_spec:
-        description: Published OpenClaw package spec to test
-        required: true
-        default: openclaw@beta
-        type: string
-      provider_mode:
-        description: QA provider mode
-        required: true
-        default: mock-openai
-        type: choice
-        options:
-          - mock-openai
-          - live-frontier
-      scenario:
-        description: Optional comma-separated Telegram scenario ids
-        required: false
-        type: string
-
-permissions:
-  contents: read
-
-concurrency:
-  group: npm-telegram-beta-e2e-${{ github.run_id }}
-  cancel-in-progress: false
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-  NODE_VERSION: "24.x"
-  PNPM_VERSION: "10.33.0"
-
-jobs:
-  validate_dispatch_ref:
-    name: Validate dispatch ref
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    steps:
-      - name: Require main workflow ref
-        env:
-          WORKFLOW_REF: ${{ github.ref }}
-        run: |
-          set -euo pipefail
-          if [[ "${WORKFLOW_REF}" != "refs/heads/main" ]]; then
-            echo "NPM Telegram beta E2E must be dispatched from main so workflow logic stays controlled." >&2
-            exit 1
-          fi
-
-  approve_release_manager:
-    name: Approve npm Telegram beta E2E
-    needs: validate_dispatch_ref
-    runs-on: ubuntu-latest
-    environment: npm-release
-    steps:
-      - name: Record approval
-        env:
-          PACKAGE_SPEC: ${{ inputs.package_spec }}
-        run: echo "Approved npm Telegram beta E2E for ${PACKAGE_SPEC}"
-
-  prepare_docker_e2e_image:
-    name: Prepare Docker E2E image
-    needs: validate_dispatch_ref
-    runs-on: blacksmith-32vcpu-ubuntu-2404
-    timeout-minutes: 90
-    permissions:
-      contents: read
-      packages: write
-    outputs:
-      image: ${{ steps.image.outputs.image }}
-    env:
-      DOCKER_BUILD_SUMMARY: "false"
-      DOCKER_BUILD_RECORD_UPLOAD: "false"
-    steps:
-      - name: Checkout main
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ github.sha }}
-          fetch-depth: 1
-
-      - name: Resolve Docker E2E image tag
-        id: image
-        shell: bash
-        env:
-          SELECTED_SHA: ${{ github.sha }}
-        run: |
-          set -euo pipefail
-          repository="${GITHUB_REPOSITORY,,}"
-          image="ghcr.io/${repository}-docker-e2e:${SELECTED_SHA}"
-          echo "image=$image" >> "$GITHUB_OUTPUT"
-          echo "Docker E2E image: \`$image\`" >> "$GITHUB_STEP_SUMMARY"
-
-      - name: Set up Blacksmith Docker Builder
-        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-
-      - name: Log in to GHCR
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Build and push Docker E2E image
-        uses: useblacksmith/build-push-action@cbd1f60d194a98cb3be5523b15134501eaf0fbf3 # v2
-        with:
-          context: .
-          file: ./scripts/e2e/Dockerfile
-          target: build
-          platforms: linux/amd64
-          tags: ${{ steps.image.outputs.image }}
-          provenance: false
-          push: true
-
-  run_npm_telegram_beta_e2e:
-    name: Run published npm Telegram E2E
-    needs: [approve_release_manager, prepare_docker_e2e_image]
-    runs-on: blacksmith-32vcpu-ubuntu-2404
-    timeout-minutes: 60
-    environment: qa-live-shared
-    permissions:
-      contents: read
-      packages: read
-    steps:
-      - name: Checkout main
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ github.sha }}
-          fetch-depth: 1
-
-      - name: Log in to GHCR
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          pnpm-version: ${{ env.PNPM_VERSION }}
-          install-bun: "true"
-
-      - name: Validate inputs and secrets
-        env:
-          PACKAGE_SPEC: ${{ inputs.package_spec }}
-          PROVIDER_MODE: ${{ inputs.provider_mode }}
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
-          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          if [[ ! "${PACKAGE_SPEC}" =~ ^openclaw@(beta|latest|[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*(-[1-9][0-9]*|-beta\.[1-9][0-9]*)?)$ ]]; then
-            echo "package_spec must be openclaw@beta, openclaw@latest, or an exact OpenClaw release version; got: ${PACKAGE_SPEC}" >&2
-            exit 1
-          fi
-
-          require_var() {
-            local key="$1"
-            if [[ -z "${!key:-}" ]]; then
-              echo "Missing required ${key}." >&2
-              exit 1
-            fi
-          }
-
-          require_var OPENCLAW_QA_CONVEX_SITE_URL
-          require_var OPENCLAW_QA_CONVEX_SECRET_CI
-          if [[ "${PROVIDER_MODE}" == "live-frontier" ]]; then
-            require_var OPENAI_API_KEY
-          fi
-
-      - name: Run npm Telegram beta E2E
-        id: run_lane
-        shell: bash
-        env:
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          OPENCLAW_SKIP_DOCKER_BUILD: "1"
-          OPENCLAW_DOCKER_E2E_IMAGE: ${{ needs.prepare_docker_e2e_image.outputs.image }}
-          OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC: ${{ inputs.package_spec }}
-          OPENCLAW_NPM_TELEGRAM_PROVIDER_MODE: ${{ inputs.provider_mode }}
-          OPENCLAW_NPM_TELEGRAM_CREDENTIAL_SOURCE: convex
-          OPENCLAW_NPM_TELEGRAM_CREDENTIAL_ROLE: ci
-          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
-          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
-          OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
-          INPUT_SCENARIO: ${{ inputs.scenario }}
-        run: |
-          set -euo pipefail
-
-          output_dir=".artifacts/qa-e2e/npm-telegram-beta-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
-          echo "output_dir=${output_dir}" >> "$GITHUB_OUTPUT"
-          export OPENCLAW_NPM_TELEGRAM_OUTPUT_DIR="${output_dir}"
-
-          if [[ -n "${INPUT_SCENARIO// }" ]]; then
-            export OPENCLAW_NPM_TELEGRAM_SCENARIOS="${INPUT_SCENARIO}"
-          fi
-
-          pnpm test:docker:npm-telegram-live
-
-      - name: Upload npm Telegram E2E artifacts
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: npm-telegram-beta-e2e-${{ github.run_id }}-${{ github.run_attempt }}
-          path: ${{ steps.run_lane.outputs.output_dir }}
-          retention-days: 14
-          if-no-files-found: warn
--- a/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
+++ b/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
@@ -432,35 +432,24 @@ jobs:
          OPENCLAW_DISCORD_SMOKE_CHANNEL_ID: ${{ secrets.OPENCLAW_DISCORD_SMOKE_CHANNEL_ID }}
          OPENCLAW_RELEASE_CHECK_OS: ${{ matrix.os_id }}
          OPENCLAW_RELEASE_CHECK_RUNNER: ${{ matrix.runner }}
-          CANDIDATE_TGZ: ${{ runner.temp }}/openclaw-cross-os-release-checks/candidate/${{ needs.prepare.outputs.candidate_file_name }}
-          CANDIDATE_VERSION: ${{ needs.prepare.outputs.candidate_version }}
-          SOURCE_SHA: ${{ needs.prepare.outputs.source_sha }}
-          BASELINE_SPEC: ${{ needs.prepare.outputs.baseline_spec }}
-          PREVIOUS_VERSION: ${{ inputs.previous_version }}
-          BASELINE_TGZ: ${{ runner.temp }}/openclaw-cross-os-release-checks/baseline/${{ needs.prepare.outputs.baseline_file_name }}
-          PROVIDER: ${{ inputs.provider }}
-          MODE: ${{ matrix.lane }}
-          SUITE: ${{ matrix.suite }}
-          REF: ${{ inputs.ref }}
-          OUTPUT_DIR: ${{ runner.temp }}/openclaw-cross-os-release-checks/${{ matrix.artifact_name }}-${{ matrix.suite }}
        run: |
          DISCORD_ARGS=()
          if [[ -n "${OPENCLAW_DISCORD_SMOKE_BOT_TOKEN}" ]] && [[ -n "${OPENCLAW_DISCORD_SMOKE_GUILD_ID}" ]] && [[ -n "${OPENCLAW_DISCORD_SMOKE_CHANNEL_ID}" ]]; then
            DISCORD_ARGS+=(--run-discord-roundtrip true)
          fi
          pnpm dlx "tsx@${TSX_VERSION}" workflow/scripts/openclaw-cross-os-release-checks.ts \
-            --candidate-tgz "${CANDIDATE_TGZ}" \
-            --candidate-version "${CANDIDATE_VERSION}" \
-            --source-sha "${SOURCE_SHA}" \
-            --baseline-spec "${BASELINE_SPEC}" \
-            --previous-version "${PREVIOUS_VERSION}" \
-            --baseline-tgz "${BASELINE_TGZ}" \
-            --provider "${PROVIDER}" \
-            --mode "${MODE}" \
-            --suite "${SUITE}" \
-            --ref "${REF}" \
+            --candidate-tgz "$RUNNER_TEMP/openclaw-cross-os-release-checks/candidate/${{ needs.prepare.outputs.candidate_file_name }}" \
+            --candidate-version "${{ needs.prepare.outputs.candidate_version }}" \
+            --source-sha "${{ needs.prepare.outputs.source_sha }}" \
+            --baseline-spec "${{ needs.prepare.outputs.baseline_spec }}" \
+            --previous-version "${{ inputs.previous_version }}" \
+            --baseline-tgz "$RUNNER_TEMP/openclaw-cross-os-release-checks/baseline/${{ needs.prepare.outputs.baseline_file_name }}" \
+            --provider "${{ inputs.provider }}" \
+            --mode "${{ matrix.lane }}" \
+            --suite "${{ matrix.suite }}" \
+            --ref "${{ inputs.ref }}" \
            "${DISCORD_ARGS[@]}" \
-            --output-dir "${OUTPUT_DIR}"
+            --output-dir "$RUNNER_TEMP/openclaw-cross-os-release-checks/${{ matrix.artifact_name }}-${{ matrix.suite }}"

      - name: Summarize release checks
        if: always()
--- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
+++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
@@ -623,9 +623,6 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ github.token }}

-      - name: Setup Docker builder
-        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-
      - name: Build and push shared Docker E2E image
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
--- a/.github/workflows/openclaw-release-checks.yml
+++ b/.github/workflows/openclaw-release-checks.yml
@@ -34,7 +34,6 @@ env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
  NODE_VERSION: "24.x"
  PNPM_VERSION: "10.33.0"
-  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}

 jobs:
  resolve_target:
@@ -124,18 +123,9 @@ jobs:
            echo "- Validated SHA: \`${RELEASE_SHA}\`"
            echo "- Cross-OS provider: \`${RELEASE_PROVIDER}\`"
            echo "- Cross-OS mode: \`${RELEASE_MODE}\`"
-            echo "- This run will execute cross-OS release validation, install smoke, QA Lab parity, Matrix, and Telegram lanes, and the non-Parallels Docker/live/openwebui coverage from the CI migration plan."
+            echo "- This run will execute cross-OS release validation, QA Lab parity, Matrix, and Telegram lanes, and the non-Parallels Docker/live/openwebui coverage from the CI migration plan."
          } >> "$GITHUB_STEP_SUMMARY"

-  install_smoke_release_checks:
-    needs: [resolve_target]
-    permissions:
-      contents: read
-    uses: ./.github/workflows/install-smoke.yml
-    with:
-      ref: ${{ needs.resolve_target.outputs.ref }}
-      run_bun_global_install_smoke: true
-
  cross_os_release_checks:
    needs: [resolve_target]
    permissions: read-all
@@ -246,13 +236,13 @@ jobs:
      - name: Build private QA runtime
        run: pnpm build

-      - name: Run OpenAI candidate lane
+      - name: Run GPT-5.4 lane
        run: |
          pnpm openclaw qa suite \
            --provider-mode mock-openai \
            --parity-pack agentic \
            --concurrency "${QA_PARITY_CONCURRENCY}" \
-            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --model openai/gpt-5.4 \
            --alt-model openai/gpt-5.4-alt \
            --output-dir .artifacts/qa-e2e/gpt54

@@ -272,7 +262,7 @@ jobs:
            --repo-root . \
            --candidate-summary .artifacts/qa-e2e/gpt54/qa-suite-summary.json \
            --baseline-summary .artifacts/qa-e2e/opus46/qa-suite-summary.json \
-            --candidate-label "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --candidate-label openai/gpt-5.4 \
            --baseline-label anthropic/claude-opus-4-6 \
            --output-dir .artifacts/qa-e2e/parity

@@ -342,8 +332,8 @@ jobs:
            --repo-root . \
            --output-dir "${output_dir}" \
            --provider-mode live-frontier \
-            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --model openai/gpt-5.4 \
+            --alt-model openai/gpt-5.4 \
            --fast

      - name: Upload Matrix QA artifacts
@@ -424,8 +414,8 @@ jobs:
            --repo-root . \
            --output-dir "${output_dir}" \
            --provider-mode live-frontier \
-            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --model openai/gpt-5.4 \
+            --alt-model openai/gpt-5.4 \
            --fast \
            --credential-source convex \
            --credential-role ci
--- a/.github/workflows/parity-gate.yml
+++ b/.github/workflows/parity-gate.yml
@@ -24,7 +24,7 @@ concurrency:

 jobs:
  parity-gate:
-    name: Run the OpenAI / Opus 4.6 parity gate against the qa-lab mock
+    name: Run the GPT-5.4 / Opus 4.6 parity gate against the qa-lab mock
    if: ${{ github.event.pull_request.draft != true }}
    runs-on: blacksmith-32vcpu-ubuntu-2404
    timeout-minutes: 30
@@ -42,7 +42,6 @@ jobs:
      # followthrough gate that expects a fast post-approval read within a 30s
      # agent.wait timeout.
      QA_PARITY_CONCURRENCY: "1"
-      OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}
      OPENCLAW_QA_TRANSPORT_READY_TIMEOUT_MS: "180000"
      OPENAI_API_KEY: ""
      ANTHROPIC_API_KEY: ""
@@ -76,13 +75,13 @@ jobs:
      # The approval-turn sentinel still runs inside the full parity pack below.
      # Keep the exact mock read-plan contract in deterministic unit tests instead
      # of paying for a separate full-runtime preflight that has been flaky in CI.
-      - name: Run OpenAI candidate lane
+      - name: Run GPT-5.4 lane
        run: |
          pnpm openclaw qa suite \
            --provider-mode mock-openai \
            --parity-pack agentic \
            --concurrency "${QA_PARITY_CONCURRENCY}" \
-            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --model openai/gpt-5.4 \
            --alt-model openai/gpt-5.4-alt \
            --output-dir .artifacts/qa-e2e/gpt54

@@ -102,7 +101,7 @@ jobs:
            --repo-root . \
            --candidate-summary .artifacts/qa-e2e/gpt54/qa-suite-summary.json \
            --baseline-summary .artifacts/qa-e2e/opus46/qa-suite-summary.json \
-            --candidate-label "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --candidate-label openai/gpt-5.4 \
            --baseline-label anthropic/claude-opus-4-6 \
            --output-dir .artifacts/qa-e2e/parity

--- a/.github/workflows/qa-live-transports-convex.yml
+++ b/.github/workflows/qa-live-transports-convex.yml
@@ -14,10 +14,6 @@ on:
        description: Optional comma-separated Telegram scenario ids
        required: false
        type: string
-      discord_scenario:
-        description: Optional comma-separated Discord scenario ids
-        required: false
-        type: string

 permissions:
  contents: read
@@ -31,7 +27,6 @@ env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
  NODE_VERSION: "24.x"
  PNPM_VERSION: "10.33.0"
-  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}
  OPENCLAW_BUILD_PRIVATE_QA: "1"
  OPENCLAW_ENABLE_PRIVATE_QA_CLI: "1"

@@ -157,13 +152,13 @@ jobs:
      - name: Build private QA runtime
        run: pnpm build

-      - name: Run OpenAI candidate lane
+      - name: Run GPT-5.4 lane
        run: |
          pnpm openclaw qa suite \
            --provider-mode mock-openai \
            --parity-pack agentic \
            --concurrency "${QA_PARITY_CONCURRENCY}" \
-            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --model openai/gpt-5.4 \
            --alt-model openai/gpt-5.4-alt \
            --output-dir .artifacts/qa-e2e/gpt54

@@ -183,7 +178,7 @@ jobs:
            --repo-root . \
            --candidate-summary .artifacts/qa-e2e/gpt54/qa-suite-summary.json \
            --baseline-summary .artifacts/qa-e2e/opus46/qa-suite-summary.json \
-            --candidate-label "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --candidate-label openai/gpt-5.4 \
            --baseline-label anthropic/claude-opus-4-6 \
            --output-dir .artifacts/qa-e2e/parity

@@ -247,8 +242,8 @@ jobs:
            --repo-root . \
            --output-dir "${output_dir}" \
            --provider-mode live-frontier \
-            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --model openai/gpt-5.4 \
+            --alt-model openai/gpt-5.4 \
            --fast

      - name: Upload Matrix QA artifacts
@@ -336,8 +331,8 @@ jobs:
            --repo-root . \
            --output-dir "${output_dir}" \
            --provider-mode live-frontier \
-            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --model openai/gpt-5.4 \
+            --alt-model openai/gpt-5.4 \
            --fast \
            --credential-source convex \
            --credential-role ci \
@@ -351,95 +346,3 @@ jobs:
          path: ${{ steps.run_lane.outputs.output_dir }}
          retention-days: 14
          if-no-files-found: warn
-
-  run_live_discord:
-    name: Run Discord live QA lane with Convex leases
-    needs: [authorize_actor, validate_selected_ref]
-    runs-on: blacksmith-32vcpu-ubuntu-2404
-    timeout-minutes: 60
-    environment: qa-live-shared
-    steps:
-      - name: Checkout selected ref
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
-          fetch-depth: 1
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          pnpm-version: ${{ env.PNPM_VERSION }}
-          install-bun: "true"
-
-      - name: Validate required QA credential env
-        env:
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
-          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          require_var() {
-            local key="$1"
-            if [[ -z "${!key:-}" ]]; then
-              echo "Missing required ${key}." >&2
-              exit 1
-            fi
-          }
-
-          require_var OPENAI_API_KEY
-          require_var OPENCLAW_QA_CONVEX_SITE_URL
-          require_var OPENCLAW_QA_CONVEX_SECRET_CI
-
-      - name: Build private QA runtime
-        run: pnpm build
-
-      - name: Run Discord live lane
-        id: run_lane
-        shell: bash
-        env:
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
-          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
-          OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
-          OPENCLAW_QA_DISCORD_CAPTURE_CONTENT: "1"
-          INPUT_SCENARIO: ${{ github.event_name == 'workflow_dispatch' && inputs.discord_scenario || '' }}
-        run: |
-          set -euo pipefail
-
-          output_dir=".artifacts/qa-e2e/discord-live-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
-          scenario_args=()
-
-          if [[ -n "${INPUT_SCENARIO// }" ]]; then
-            IFS=',' read -r -a raw_scenarios <<<"${INPUT_SCENARIO}"
-            for raw in "${raw_scenarios[@]}"; do
-              scenario="$(printf '%s' "${raw}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-              if [[ -n "${scenario}" ]]; then
-                scenario_args+=(--scenario "${scenario}")
-              fi
-            done
-          fi
-
-          echo "output_dir=${output_dir}" >> "$GITHUB_OUTPUT"
-
-          pnpm openclaw qa discord \
-            --repo-root . \
-            --output-dir "${output_dir}" \
-            --provider-mode live-frontier \
-            --model openai/gpt-5.4 \
-            --alt-model openai/gpt-5.4 \
-            --fast \
-            --credential-source convex \
-            --credential-role ci \
-            "${scenario_args[@]}"
-
-      - name: Upload Discord QA artifacts
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: qa-live-discord-${{ github.run_id }}-${{ github.run_attempt }}
-          path: ${{ steps.run_lane.outputs.output_dir }}
-          retention-days: 14
-          if-no-files-found: warn
--- a/.github/workflows/test-performance-agent.yml
+++ b/.github/workflows/test-performance-agent.yml
@@ -133,7 +133,7 @@ jobs:
        with:
          openai-api-key: ${{ secrets.OPENCLAW_TEST_PERF_AGENT_OPENAI_API_KEY || secrets.OPENAI_API_KEY }}
          prompt-file: .github/codex/prompts/test-performance-agent.md
-          model: ${{ vars.OPENCLAW_CI_OPENAI_MODEL_BARE }}
+          model: gpt-5.4
          effort: high
          sandbox: workspace-write
          safety-strategy: drop-sudo
@@ -181,7 +181,7 @@ jobs:

      - name: Restore Node 24 path
        if: steps.gate.outputs.run_agent == 'true' && steps.patch.outputs.has_changes == 'true'
-        run: | # zizmor: ignore[github-env] NODE_BIN is set by the trusted local setup-node-env action in this same job
+        run: |
          set -euo pipefail
          export PATH="${NODE_BIN}:${PATH}"
          echo "${NODE_BIN}" >> "$GITHUB_PATH"
@@ -227,6 +227,7 @@ jobs:
      - name: Commit test performance updates
        if: steps.gate.outputs.run_agent == 'true' && steps.patch.outputs.has_changes == 'true'
        env:
+          BASE_SHA: ${{ steps.gate.outputs.base_sha }}
          GITHUB_TOKEN: ${{ github.token }}
          TARGET_BRANCH: main
        run: |
@@ -252,14 +253,9 @@ jobs:
              exit 0
            fi
            remote_main="$(git rev-parse "origin/${TARGET_BRANCH}")"
-            if [ "$remote_main" != "$(git rev-parse HEAD^)" ]; then
-              echo "main advanced; rebasing test performance update onto ${remote_main}."
-              if ! git rebase "origin/${TARGET_BRANCH}"; then
-                echo "Test performance update no longer applies cleanly; skipping stale update."
-                git rebase --abort || true
-                exit 0
-              fi
-              pnpm check:changed
+            if [ "$remote_main" != "$BASE_SHA" ]; then
+              echo "main advanced from ${BASE_SHA} to ${remote_main}; skipping stale test performance update."
+              exit 0
            fi
            echo "Test performance update attempt ${attempt} failed; retrying."
            sleep $((attempt * 2))
--- a/.gitignore
+++ b/.gitignore
@@ -128,14 +128,15 @@ dist/protocol.schema.json
 # Synthing
 **/.stfolder/
 .dev-state
-docs/superpowers
-.superpowers/
+docs/superpowers/plans/2026-03-10-collapsed-side-nav.md
+docs/superpowers/specs/2026-03-10-collapsed-side-nav-design.md
 .gitignore
 test/config-form.analyze.telegram.test.ts
 ui/src/ui/theme-variants.browser.test.ts
 ui/src/ui/__screenshots__
 ui/src/ui/views/__screenshots__
 ui/.vitest-attachments
+docs/superpowers

 # Generated docs baseline artifacts (locally generated, only hashes tracked)
 docs/.generated/*.json
@@ -146,7 +147,6 @@ changelog/fragments/

 # Local scratch workspace
 .tmp/
-.vmux*
 .artifacts/
 test/fixtures/openclaw-vitest-unit-report.json
 analysis/
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,168 +1,212 @@
 # AGENTS.MD

-Telegraph style. Root rules only. Read scoped `AGENTS.md` before subtree work.
+Telegraph style. Root rules only. Read scoped `AGENTS.md` before touching a subtree.

 ## Start

 - Repo: `https://github.com/openclaw/openclaw`
- Replies: repo-root refs only: `extensions/telegram/src/index.ts:80`. No absolute paths, no `~/`.
- Run docs list first: `pnpm docs:list` if available; read relevant docs only.
- High-confidence answers only when fixing/triaging: verify source, tests, shipped/current behavior, and dependency contracts before deciding.
- Dependency-backed behavior: read upstream dependency docs/source/types first. Do not assume APIs, defaults, errors, timing, or runtime behavior.
- Live-verify when feasible. Check env/`~/.profile` for keys before assuming live tests are blocked; keep secret output redacted.
- Missing deps: `pnpm install`, retry once, then report first actionable error.
- CODEOWNERS: maint/refactor/tests ok. Larger behavior/product/security/ownership: owner ask/review.
- Wording: product/docs/UI/changelog say "plugin/plugins"; `extensions/` is internal.
- New channel/plugin/app/doc surface: update `.github/labeler.yml` + GH labels.
- New `AGENTS.md`: add sibling `CLAUDE.md` symlink.
+- Replies: repo-root file refs only, e.g. `extensions/telegram/src/index.ts:80`. No absolute paths, no `~/`.
+- CODEOWNERS: maintenance/refactors/tests are ok. For larger behavior, product, security, or ownership-sensitive changes, get a listed owner request/review first.
+- First pass: run docs list (`pnpm docs:list`; ignore if unavailable), then read only relevant docs/guides.
+- Missing deps: run `pnpm install`, rerun once, then report first actionable error.
+- Use "plugin/plugins" in docs/UI/changelog. `extensions/` remains internal workspace layout.
+- Add channel/plugin/app/doc surface: update `.github/labeler.yml` and matching GitHub labels.
+- New `AGENTS.md`: add sibling `CLAUDE.md` symlink to it.

-## Map
+## Repo Map

- Core TS: `src/`, `ui/`, `packages/`; plugins: `extensions/`; SDK: `src/plugin-sdk/*`; channels: `src/channels/*`; loader: `src/plugins/*`; protocol: `src/gateway/protocol/*`; docs/apps: `docs/`, `apps/`, `Swabble/`.
- Installers: sibling `../openclaw.ai`.
- Scoped guides exist in: `extensions/`, `src/{plugin-sdk,channels,plugins,gateway,gateway/protocol,agents}/`, `test/helpers*/`, `docs/`, `ui/`, `scripts/`.
+- Core TS: `src/`, `ui/`, `packages/`
+- Bundled plugins: `extensions/`
+- Plugin SDK/public contract: `src/plugin-sdk/*`
+- Core channel internals: `src/channels/*`
+- Plugin loader/registry/contracts: `src/plugins/*`
+- Gateway protocol: `src/gateway/protocol/*`
+- Docs: `docs/`
+- Apps: `apps/`, `Swabble/`
+- Installers served from `openclaw.ai`: sibling `../openclaw.ai`
+
+Scoped guides:
+
+- `extensions/AGENTS.md`: bundled plugin rules
+- `src/plugin-sdk/AGENTS.md`: public SDK rules
+- `src/channels/AGENTS.md`: channel core rules
+- `src/plugins/AGENTS.md`: plugin loader/registry rules
+- `src/gateway/AGENTS.md`, `src/gateway/protocol/AGENTS.md`: gateway/protocol rules
+- `src/agents/AGENTS.md`: agent import/test perf rules
+- `test/helpers/AGENTS.md`, `test/helpers/channels/AGENTS.md`: shared test helpers
+- `docs/AGENTS.md`, `ui/AGENTS.md`, `scripts/AGENTS.md`: docs/UI/scripts

 ## Architecture

- Core stays extension-agnostic. No bundled ids in core when manifest/registry/capability contracts work.
- Extensions cross into core only via `openclaw/plugin-sdk/*`, manifest metadata, injected runtime helpers, documented barrels (`api.ts`, `runtime-api.ts`).
- Extension prod code: no core `src/**`, `src/plugin-sdk-internal/**`, other extension `src/**`, or relative outside package.
- Core/tests: no deep plugin internals (`extensions/*/src/**`, `onboard.js`). Use `api.ts`, SDK facade, generic contracts.
- Extension-owned behavior stays extension-owned: repair, detection, onboarding, auth/provider defaults, provider tools/settings.
- Legacy config repair: doctor/fix paths, not startup/load-time core migrations.
- Core test asserting extension-specific behavior: move to owner extension or generic contract test.
+- Core must stay extension-agnostic. No core special cases for bundled plugin/provider/channel ids when manifest/registry/capability contracts can express it.
+- Extensions cross into core only via `openclaw/plugin-sdk/*`, manifest metadata, injected runtime helpers, and documented local barrels (`api.ts`, `runtime-api.ts`).
+- Extension production code must not import core `src/**`, `src/plugin-sdk-internal/**`, another extension's `src/**`, or relative paths outside its package.
+- Core code/tests must not deep-import plugin internals (`extensions/*/src/**`, `onboard.js`). Use plugin `api.ts` / public SDK facade / generic contract.
+- Extension-owned behavior stays in the extension: legacy repair, detection, onboarding, auth/provider defaults, provider tools/settings.
+- Legacy config repair: prefer doctor/fix paths over startup/load-time core migrations.
+- If a core test asserts extension-specific behavior, move it to the owning extension or a generic contract test.
 - New seams: backwards-compatible, documented, versioned. Third-party plugins exist.
- Channels: `src/channels/**` is implementation; plugin authors get SDK seams.
- Providers: core owns generic loop; provider plugins own auth/catalog/runtime hooks.
- Gateway protocol changes: additive first; incompatible needs versioning/docs/client follow-through.
- Config contract: exported types, schema/help, metadata, baselines, docs aligned. Retired public keys stay retired; compat in raw migration/doctor.
- Direction: manifest-first control plane; targeted runtime loaders; no hidden contract bypasses; broad mutable registries transitional.
- Prompt cache: deterministic ordering for maps/sets/registries/plugin lists/files/network results before model/tool payloads. Preserve old transcript bytes when possible.
+- Channels: `src/channels/**` is implementation. Plugin authors get SDK seams, not channel internals.
+- Providers: core owns generic inference loop; provider plugins own provider-specific auth/catalog/runtime hooks.
+- Gateway protocol changes are contract changes: additive first; incompatible needs versioning/docs/client follow-through.
+- Config contract: keep exported types, schema/help, generated metadata, baselines, docs aligned. Retired public keys stay retired; compatibility belongs in raw migration/doctor paths.
+- Plugin architecture direction: manifest-first control plane; targeted runtime loaders; no hidden paths around declared contracts; broad mutable registries are transitional.
+- Prompt-cache rule: deterministic ordering for maps/sets/registries/plugin lists/files/network results before model/tool payloads. Preserve old transcript bytes when possible.

 ## Commands

- Runtime: Node 22+. Keep Node + Bun paths working.
- Install: `pnpm install` (keep Bun lock/patches aligned if touched).
- CLI: `pnpm openclaw ...` or `pnpm dev`; build: `pnpm build`.
- Smart gate: `pnpm check:changed`; explain `pnpm changed:lanes --json`; staged preview `pnpm check:changed --staged`.
- Sparse worktrees: `pnpm check:changed` is sparse-safe and may skip sparse-missing typecheck projects; do not expand sparse checkout just to satisfy changed-gate tsgo. Direct `pnpm tsgo*` remains strict; use a fuller worktree when you need direct typecheck proof.
- Prod sweep: `pnpm check`; tests: `pnpm test`, `pnpm test:changed`, `pnpm test:serial`, `pnpm test:coverage`.
- Extension tests: `pnpm test:extensions`, `pnpm test extensions`, `pnpm test extensions/<id>`.
- Targeted tests: `pnpm test <path-or-filter> [vitest args...]`; never raw `vitest`.
- Typecheck: `tsgo` lanes only (`pnpm tsgo*`, `pnpm check:test-types`); do not add `tsc --noEmit`, `typecheck`, `check:types`.
- Format/lint: `pnpm format:check`/`pnpm format`; `pnpm lint*` lanes.
- Heavy checks: `OPENCLAW_LOCAL_CHECK=1`, mode `OPENCLAW_LOCAL_CHECK_MODE=throttled|full`; CI/shared use `OPENCLAW_LOCAL_CHECK=0`.
- Local first. Use repo `pnpm` lanes before Blacksmith/Testbox. Remote only for parity-only failures, secrets/services, or explicit ask.
+- Runtime: Node 22+. Keep Node and Bun paths working.
+- Install: `pnpm install` (Bun supported; keep lockfiles/patches aligned if touched).
+- Dev CLI: `pnpm openclaw ...` or `pnpm dev`.
+- Build: `pnpm build`
+- Smart local gate: `pnpm check:changed` (scoped typecheck/lint/guards + relevant tests)
+- Explain smart gate: `pnpm changed:lanes --json`
+- Pre-commit view: `pnpm check:changed --staged`
+- Normal full prod sweep: `pnpm check` (prod typecheck/lint/guards, no tests)
+- Full tests: `pnpm test`
+- Changed tests only: `pnpm test:changed`
+- Local serial loop: `pnpm test:serial`
+- Extension tests: `pnpm test:extensions` or `pnpm test extensions` = all extension shards; `pnpm test extensions/<id>` = one extension lane. Heavy channels/OpenAI have dedicated shards.
+- Shard timing artifact: `.artifacts/vitest-shard-timings.json`; auto-used for balanced shard ordering. Disable with `OPENCLAW_TEST_PROJECTS_TIMINGS=0`.
+- Targeted tests: `pnpm test <path-or-filter> [vitest args...]`; do not call raw `vitest`.
+- Coverage: `pnpm test:coverage`
+- Format check/fix: `pnpm format:check` / `pnpm format`
+- Typecheck:
+  - `pnpm tsgo`: fastest core prod graph
+  - `pnpm tsgo:prod`: core + extensions prod graphs; used by `pnpm check`
+  - `pnpm check:test-types` / `pnpm tsgo:test`: all test graphs
+  - `pnpm tsgo:all`: all prod + test project refs
+  - Debug slices exist; do not present as normal user flow.
+  - Profile: `pnpm tsgo:profile [core-test|extensions-test|--all]`
+- Type policy: use `tsgo`; do not add `tsc --noEmit`, `typecheck`, or `check:types` lanes. `tsc` only for declaration/package-boundary emit gaps.
+- Lint:
+  - `pnpm lint`: core/extensions/scripts shards
+  - `pnpm lint:core`, `pnpm lint:extensions`, `pnpm lint:scripts`
+  - `pnpm lint:apps`: Swift/app surface, separate from TS lint
+  - `pnpm lint:all`: legacy comparison lane
+- Local heavy-check behavior: `OPENCLAW_LOCAL_CHECK=1` default; `OPENCLAW_LOCAL_CHECK_MODE=throttled|full`; `OPENCLAW_LOCAL_CHECK=0` for CI/shared runs.
+- Local validation is local-first. Do not default to Blacksmith/Testbox for routine OpenClaw iteration; it burns warm caches and startup time. Use repo `pnpm` lanes first, then reach for remote CI/Testbox only for parity-only failures, secrets/services, or when explicitly requested.

-## GitHub / CI
+## GitHub API

- Triage: list first, hydrate few. Use bounded `gh --json --jq`; avoid repeated full comment scans.
- Search/dedupe: prefer `gh search issues 'repo:openclaw/openclaw is:open <terms>' --json number,title,state,updatedAt --limit 20`.
- PR shortlist: `gh pr list ...`; then `gh pr view <n> --json number,title,body,closingIssuesReferences,files,statusCheckRollup,reviewDecision`.
- After landing PR: search duplicate open issues/PRs. Before closing: comment why + canonical link.
- GH comments with markdown backticks, `$`, or shell snippets: avoid inline double-quoted `--body`; use single quotes or `--body-file`.
- PR execution artifacts/screenshots: attach them to the PR, comment, or an external artifact store. Do not add `.github/pr-assets` or other PR-only assets to the repo.
- PR review answer must explicitly cover: what bug/behavior we are trying to fix; PR/issue URL(s) and affected endpoint/surface; whether this is the best possible fix, with high-certainty evidence from code, tests, CI, and shipped/current behavior.
- CI polling: exact SHA, needed fields only. Example: `gh api repos/<owner>/<repo>/actions/runs/<id> --jq '{status,conclusion,head_sha,updated_at,name,path}'`.
- Post-land wait: minimal. Exact landed SHA only. If superseded on `main`, same-branch `cancel-in-progress` cancellations are expected; stop once local touched-surface proof exists. Never wait for newer unrelated `main` unless asked.
- Wait matrix:
-  - never: `Auto response`, `Labeler`, `Docs Sync Publish Repo`, `Docs Agent`, `Test Performance Agent`, `Stale`.
-  - conditional: `CI` exact SHA only; `Docs` only docs task/no local docs proof; `Workflow Sanity` only workflow/composite/CI-policy edits; `Plugin NPM Release` only plugin package/release metadata.
-  - release/manual only: `Docker Release`, `OpenClaw NPM Release`, `macOS Release`, `OpenClaw Release Checks`, `Cross-OS Release Checks`, `NPM Telegram Beta E2E`.
-  - explicit/surface only: `QA-Lab - All Lanes`, `Scheduled Live And E2E`, `Install Smoke`, `CodeQL`, `Sandbox Common Smoke`, `Parity gate`, `Blacksmith Testbox`, `Control UI Locale Refresh`.
- `/landpr`: do not idle on `auto-response` or `check-docs`. Treat docs as local proof unless `check-docs` already failed with actionable relevant error.
- Poll 30-60s. Fetch jobs/logs/artifacts only after failure/completion or concrete need.
+- Issue/PR triage: list first, hydrate few. Use bounded fields + `--jq`, e.g. `gh issue list --state open --limit 80 --json number,title,labels,updatedAt,comments --jq '.[]|[.number,.updatedAt,.comments,.title]|@tsv'`; then `gh issue view <n> --json title,body,comments,labels,createdAt,updatedAt,url --jq '{title,labels,createdAt,updatedAt,url,body,comments:[.comments[]|{author:.author.login,createdAt,body}]}'` only for shortlisted items.
+- Search/dedupe: prefer `gh search issues 'repo:openclaw/openclaw is:open <terms>' --json number,title,state,updatedAt --limit 20 --jq '.[]|[.number,.updatedAt,.title]|@tsv'`; avoid repeated full `--comments` scans.
+- After landing a PR: search for duplicate open issues/PRs that can be closed.
+- Before closing an issue/PR: add a comment explaining why, usually duplicate/invalid, with the canonical issue/PR when relevant.
+- PR links: `gh pr list --state open --search '<issue-or-terms>' --json number,title,updatedAt,headRefName --limit 20`; use `gh pr view <n> --json number,title,body,closingIssuesReferences,files,statusCheckRollup,reviewDecision` only after shortlist.
+- CI polling: keep full `gh` capability, but request only needed fields. Known run status: `gh api repos/<owner>/<repo>/actions/runs/<id> --jq '{status,conclusion,head_sha,updated_at,name,path}'`.
+- Waiting: poll lightly, usually 30-60s backoff. Fetch jobs/logs/artifacts only after completion/failure or when job detail is needed; avoid repeated workflow + run + jobs loops.

 ## Gates

- Pre-commit hook: staged formatting only. Validation explicit.
+- Pre-commit hook: staged format/lint, then `pnpm check:changed --staged`; docs/markdown-only skips changed-scope check; `FAST_COMMIT=1` / `scripts/committer --fast` skips changed-scope check only.
 - Changed lanes:
-  - core prod: core prod typecheck + core tests
-  - core tests: core test typecheck/tests
-  - extension prod: extension prod typecheck + extension tests
-  - extension tests: extension test typecheck/tests
-  - public SDK/plugin contract: extension prod/test too
-  - unknown root/config: all lanes
- Before handoff/push: `pnpm check:changed`. Tests-only: `pnpm test:changed`. Full prod sweep: `pnpm check`.
- Landing on `main`: verify touched surface near landing. Default feasible bar: `pnpm check` + `pnpm test`.
- Hard build gate: `pnpm build` before push if build output, packaging, lazy/module boundaries, or published surfaces can change.
- Do not land related failing format/lint/type/build/tests. If unrelated on latest `origin/main`, say so with scoped proof.
- Generated/API drift: `pnpm check:architecture`, `pnpm config:docs:gen/check`, `pnpm plugin-sdk:api:gen/check`. Track `docs/.generated/*.sha256`; full JSON ignored.
+  - core prod => core prod typecheck + core tests
+  - core tests => core test typecheck/tests only
+  - extension prod => extension prod typecheck + extension tests
+  - extension tests => extension test typecheck/tests only
+  - public SDK/plugin contract => extension prod/test validation too
+  - unknown root/config => all lanes
+- Local loop: prefer `pnpm check:changed`; use `pnpm test:changed` for tests only; use `pnpm check` for full prod TS/lint sweep without tests.
+- Landing on `main`: verify touched surface near landing; default bar is `pnpm check` + `pnpm test` when feasible.
+- Hard build gate: run/pass `pnpm build` before push if build output, packaging, lazy/module boundaries, or published surfaces can change.
+- Do not land related failing format/lint/type/build/tests. If failures are unrelated on latest `origin/main`, say so and give scoped proof.
+- Fast commit escape hatch: use `scripts/committer --fast "<msg>" <file...>` only after the exact staged change set was already validated with equal-or-stronger gates, or after rerunning an isolated flaky failure with proof. State the gates/proof in handoff.
+- CI architecture gate: `check-additional`; local equivalent `pnpm check:architecture`.
+- Config docs drift: `pnpm config:docs:gen/check`
+- Plugin SDK API drift: `pnpm plugin-sdk:api:gen/check`
+- Generated docs baselines: tracked `docs/.generated/*.sha256`; full JSON ignored.

-## Code
+## Code Style

- TS ESM, strict. Avoid `any`; prefer real types, `unknown`, narrow adapters.
- No `@ts-nocheck`. Lint suppressions only intentional + explained.
+- TypeScript ESM. Strict types. Avoid `any`; prefer real types/`unknown`/narrow adapters.
+- No `@ts-nocheck`. No lint suppressions unless intentional and explained.
 - External boundaries: prefer `zod` or existing schema helpers.
- Runtime branching: discriminated unions/closed codes over freeform strings.
- Avoid semantic sentinels: `?? 0`, empty object/string, etc.
- Dynamic import: no static+dynamic import for same prod module. Use `*.runtime.ts` lazy boundary. After edits: `pnpm build`; check `[INEFFECTIVE_DYNAMIC_IMPORT]`.
- Cycles: keep `pnpm check:import-cycles` + architecture/madge green.
- Classes: no prototype mixins/mutations. Prefer inheritance/composition. Tests prefer per-instance stubs.
- Comments: brief, only non-obvious logic.
- Split files around ~700 LOC when clarity/testability improves.
- Naming: **OpenClaw** product/docs; `openclaw` CLI/package/path/config.
- English: American spelling.
+- Runtime branching: prefer discriminated unions / closed codes over freeform strings.
+- Avoid magic sentinels like `?? 0`, empty object/string when semantics change.
+- Dynamic import: do not mix static and dynamic import for same module in prod path. Use dedicated `*.runtime.ts` lazy boundary. After lazy-boundary edits, run `pnpm build` and check `[INEFFECTIVE_DYNAMIC_IMPORT]`.
+- Cycles: keep `pnpm check:import-cycles` and architecture/madge cycle checks green.
+- Classes: no prototype mixins/mutations. Use explicit inheritance/composition. Tests prefer per-instance stubs.
+- Comments: brief only for non-obvious logic.
+- File size: split around ~700 LOC when it improves clarity/testability.
+- Product naming: **OpenClaw** product/docs; `openclaw` CLI/package/path/config.
+- Written English: American spelling.

 ## Tests

- Vitest. Colocated `*.test.ts`; e2e `*.e2e.test.ts`; example models `sonnet-4.6`, `gpt-5.4`.
- Clean timers/env/globals/mocks/sockets/temp dirs/module state; `--isolate=false` safe.
- Hot tests: avoid per-test `vi.resetModules()` + heavy imports. Measure with `pnpm test:perf:imports <file>` / `pnpm test:perf:hotspots --limit N`.
- Seam depth: pure helper/contract unit tests; one integration smoke per boundary.
- Mock expensive seams directly: scanners, manifests, registries, fs crawls, provider SDKs, network/process launch.
- Prefer injection; if module mocking, mock narrow local `*.runtime.ts`, not broad barrels or `openclaw/plugin-sdk/*`.
- Share fixtures/builders; delete duplicate assertions; assert behavior that can regress here.
- Do not edit baseline/inventory/ignore/snapshot/expected-failure files to silence checks without explicit approval.
- Test workers max 16. Memory pressure: `OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test`.
- Live: `OPENCLAW_LIVE_TEST=1 pnpm test:live`; verbose `OPENCLAW_LIVE_TEST_QUIET=0`.
- Guide: `docs/help/testing.md`.
+- Vitest. Tests colocated `*.test.ts`; e2e `*.e2e.test.ts`.
+- Example models in tests: `sonnet-4.6`, `gpt-5.4`.
+- Clean up timers/env/globals/mocks/sockets/temp dirs/module state; `--isolate=false` must stay safe.
+- Hot tests: avoid per-test `vi.resetModules()` + fresh heavy imports; prefer static or `beforeAll` imports and reset state directly.
+- Measure first: `pnpm test:perf:imports <file>` for import drag; `pnpm test:perf:hotspots --limit N` for suite targets.
+- Keep tests at seam depth: unit-test pure helpers/contracts; one integration smoke per boundary, not per branch.
+- Mock expensive runtime seams directly: scanners, manifests, package registries, filesystem crawls, provider SDKs, network/process launch.
+- Prefer injected deps over module mocks; if mocking modules, mock narrow local `*.runtime.ts` seams, not broad barrels.
+- Share fixtures/builders; do not recreate temp dirs, package manifests, or plugin workspaces in every case unless state isolation needs it.
+- Delete duplicate assertions when another test owns the boundary; assert only the behavior that can regress here.
+- Avoid broad `importOriginal()` / broad `openclaw/plugin-sdk/*` partial mocks in hot tests. Add narrow local `*.runtime.ts` seam and mock it.
+- Use existing deps/callback/runtime injection seams before module mocks.
+- Import-dominated test time is a boundary smell; shrink import surface before adding cases.
+- Replacing slow integration coverage: extract production composition into a named helper and test that helper.
+- Do not modify baseline/inventory/ignore/snapshot/expected-failure files to silence checks without explicit approval.
+- Do not set test workers above 16. For memory pressure: `OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test`.
+- Live: `OPENCLAW_LIVE_TEST=1 pnpm test:live`; full logs `OPENCLAW_LIVE_TEST_QUIET=0`.
+- Full testing guide: `docs/help/testing.md`.

 ## Docs / Changelog

- Docs change with behavior/API. Use docs list/read_when hints; docs links per `docs/AGENTS.md`.
- Changelog user-facing only; pure test/internal usually no entry.
- Changelog placement: active version `### Changes`/`### Fixes`; every added entry must include at least one `Thanks @author` attribution, using credited GitHub username(s).
+- Update docs when behavior/API changes. Use docs list/read_when hints.
+- Docs links: see `docs/AGENTS.md`.
+- Changelog: user-facing only. Pure test/internal changes usually no entry.
+- Changelog placement: append to active version `### Changes`/`### Fixes`; at most one contributor mention, prefer `Thanks @user`.

 ## Git

- Commit via `scripts/committer "<msg>" <file...>`; stage intended files only. It formats staged files; still run gates.
- Commits: conventional-ish, concise, grouped.
- No manual stash/autostash unless explicit. No branch/worktree changes unless requested.
- `main`: no merge commits; rebase on latest `origin/main` before push.
- User says `commit`: your changes only. `commit all`: all changes in grouped chunks. `push`: may `git pull --rebase` first.
- Do not delete/rename unexpected files; ask if blocking, else ignore.
- Bulk PR close/reopen >5: ask with count/scope.
- PR/issue workflows: `$openclaw-pr-maintainer`. `/landpr`: `~/.codex/prompts/landpr.md`.
+- Use `scripts/committer "<msg>" <file...>`; stage only intended files. Use `--fast` only under the Gates escape-hatch rule above.
+- Commits: conventional-ish, concise/action-oriented. Group related changes.
+- No manual stash/autostash unless explicitly requested. No branch/worktree changes unless requested.
+- No merge commits on `main`; rebase on latest `origin/main` before push.
+- User says "commit": commit your changes only. "commit all": commit everything in grouped chunks. "push": may `git pull --rebase` first.
+- Do not delete/rename unexpected files; ask if it blocks. Otherwise ignore unrelated WIP.
+- If bulk PR close/reopen affects >5 PRs, ask with exact count/scope.
+- PR/issue workflows: use `$openclaw-pr-maintainer`.
+- `/landpr`: use `~/.codex/prompts/landpr.md`.

 ## Security / Release

 - Never commit real phone numbers, videos, credentials, live config.
- Secrets: channel/provider creds in `~/.openclaw/credentials/`; model auth profiles in `~/.openclaw/agents/<agentId>/agent/auth-profiles.json`.
+- Secrets: channel/provider credentials under `~/.openclaw/credentials/`; model auth profiles under `~/.openclaw/agents/<agentId>/agent/auth-profiles.json`.
 - Env keys: check `~/.profile`.
- Dependency patches/overrides/vendor changes need explicit approval. `pnpm.patchedDependencies` exact versions only.
- Carbon pins owner-only: do not change `@buape/carbon` unless Shadow (`@thewilloftheshadow`, verified by `gh`) asks.
- Releases/publish/version bumps need explicit approval. Release docs: `docs/reference/RELEASING.md`; use `$openclaw-release-maintainer`.
- GHSA/advisories: `$openclaw-ghsa-maintainer`.
- Beta tag/version match: `vYYYY.M.D-beta.N` -> npm `YYYY.M.D-beta.N --tag beta`.
+- Dependency patches/overrides/vendor changes require explicit approval. `pnpm.patchedDependencies` must use exact versions.
+- Carbon pins owner-only: do not change `@buape/carbon` versions unless Shadow (`@thewilloftheshadow`, verified by `gh`) asks.
+- Releases/publish/version bumps require explicit approval.
+- Release docs: `docs/reference/RELEASING.md`; use `$openclaw-release-maintainer`.
+- GHSA/advisories: use `$openclaw-ghsa-maintainer`.
+- Beta tag/version must match, e.g. `vYYYY.M.D-beta.N` => npm `YYYY.M.D-beta.N --tag beta`.

 ## Apps / Platform

- Before simulator/emulator testing, check real iOS/Android devices.
+- Before simulator/emulator testing, check connected real iOS/Android devices first.
 - "restart iOS/Android apps" = rebuild/reinstall/relaunch, not kill/launch.
- SwiftUI: Observation (`@Observable`, `@Bindable`) over new `ObservableObject`.
- Mac gateway: use app or `openclaw gateway restart/status --deep`; no ad-hoc tmux gateway. Logs: `./scripts/clawlog.sh`.
- Version bump touches: `package.json`, `apps/android/app/build.gradle.kts`, `apps/ios/version.json` + `pnpm ios:version:sync`, macOS `Info.plist`, `docs/install/updating.md`. Appcast only for Sparkle release.
- Mobile LAN pairing: plaintext `ws://` loopback-only. Private-network `ws://` needs `OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1`; Tailscale/public use `wss://` or tunnel.
+- SwiftUI: prefer Observation (`@Observable`, `@Bindable`) over new `ObservableObject`.
+- mac gateway: use app or `openclaw gateway restart/status --deep`; avoid ad-hoc tmux gateway sessions. Rebuild mac app locally, not over SSH.
+- mac logs: `./scripts/clawlog.sh`.
+- Version bump touches: `package.json`, `apps/android/app/build.gradle.kts`, `apps/ios/version.json` then `pnpm ios:version:sync`, `apps/macos/.../Info.plist`, `docs/install/updating.md`. Appcast only for Sparkle release.
+- iOS Team ID: `security find-identity -p codesigning -v`; fallback `defaults read com.apple.dt.Xcode IDEProvisioningTeamIdentifiers`.
+- Mobile LAN pairing: plaintext `ws://` is loopback-only by default. Trusted private-network `ws://` needs `OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1`; Tailscale/public use `wss://` or a tunnel.
 - A2UI hash `src/canvas-host/a2ui/.bundle.hash`: generated; ignore unless running `pnpm canvas:a2ui:bundle`; commit separately.

-## Ops / Footguns
+## External Ops
+
+- Remote install docs: `docs/install/exe-dev.md`, `docs/install/fly.md`, `docs/install/hetzner.md`.
+- Parallels smoke: `$openclaw-parallels-smoke`; Discord roundtrip: `parallels-discord-roundtrip`.
+
+## Misc Footguns

- Remote install docs: `docs/install/{exe-dev,fly,hetzner}.md`. Parallels smoke: `$openclaw-parallels-smoke`; Discord roundtrip: `parallels-discord-roundtrip`.
 - Rebrand/migration/config warnings: run `openclaw doctor`.
 - Never edit `node_modules`.
- Local-only `.agents` ignores: `.git/info/exclude`, not repo `.gitignore`.
- CLI progress: `src/cli/progress.ts`; status tables: `src/terminal/table.ts`.
+- Local-only `.agents` ignores: use `.git/info/exclude`, not repo `.gitignore`.
+- CLI progress: use `src/cli/progress.ts`; status tables: `src/terminal/table.ts`.
 - Connection/provider additions: update all UI surfaces + docs + status/config forms.
- Provider tool schemas: prefer flat string enum helpers over `Type.Union([Type.Literal(...)])`; some providers reject `anyOf`. Not a repo-wide protocol/schema ban.
- External messaging: no token-delta channel messages. Follow `docs/concepts/streaming.md`; preview/block streaming uses edits/chunks and preserves final/fallback delivery.
+- Provider-facing tool schemas: prefer flat string enum helpers over `Type.Union([Type.Literal(...)])`; some providers reject generated `anyOf`. Do not treat this as a repo-wide protocol/schema ban.
+- External messaging surfaces: no token-delta channel messages. Follow `docs/concepts/streaming.md`; preview/block streaming uses message edits/chunks and must preserve final/fallback delivery.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/4
+++ b/4
@@ -29,9 +29,9 @@ ARG OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST="sha256:e8e2e91b1378f83c5b2dd15f0247f3411
 FROM ${OPENCLAW_NODE_BOOKWORM_IMAGE} AS ext-deps
 ARG OPENCLAW_EXTENSIONS
 ARG OPENCLAW_BUNDLED_PLUGIN_DIR
+COPY ${OPENCLAW_BUNDLED_PLUGIN_DIR} /tmp/${OPENCLAW_BUNDLED_PLUGIN_DIR}
 # Copy package.json for opted-in extensions so pnpm resolves their deps.
-RUN --mount=type=bind,source=${OPENCLAW_BUNDLED_PLUGIN_DIR},target=/tmp/${OPENCLAW_BUNDLED_PLUGIN_DIR},readonly \
-    mkdir -p /out && \
+RUN mkdir -p /out && \
    for ext in $OPENCLAW_EXTENSIONS; do \
      if [ -f "/tmp/${OPENCLAW_BUNDLED_PLUGIN_DIR}/$ext/package.json" ]; then \
        mkdir -p "/out/$ext" && \
--- a/README.md
+++ b/README.md
@@ -96,7 +96,7 @@ Model note: while many providers and models are supported, prefer a current flag

 ## Install (recommended)

-Runtime: **Node 24 (recommended) or Node 22.14+**.
+Runtime: **Node 24 (recommended) or Node 22.16+**.

 ```bash
 npm install -g openclaw@latest
@@ -109,7 +109,7 @@ OpenClaw Onboard installs the Gateway daemon (launchd/systemd user service) so i

 ## Quick start (TL;DR)

-Runtime: **Node 24 (recommended) or Node 22.14+**.
+Runtime: **Node 24 (recommended) or Node 22.16+**.

 Full beginner guide (auth, pairing, channels): [Getting started](https://docs.openclaw.ai/start/getting-started)

@@ -119,7 +119,7 @@ openclaw onboard --install-daemon
 openclaw gateway --port 18789 --verbose

 # Send a message
-openclaw message send --target +1234567890 --message "Hello from OpenClaw"
+openclaw message send --to +1234567890 --message "Hello from OpenClaw"

 # Talk to the assistant (optionally deliver back to any connected channel: WhatsApp/Telegram/Slack/Discord/Google Chat/Signal/iMessage/BlueBubbles/IRC/Microsoft Teams/Matrix/Feishu/LINE/Mattermost/Nextcloud Talk/Nostr/Synology Chat/Tlon/Twitch/Zalo/Zalo Personal/WeChat/QQ/WebChat)
 openclaw agent --message "Ship checklist" --thinking high
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -288,7 +288,7 @@ OpenClaw's web interface (Gateway Control UI + HTTP endpoints) is intended for *

 ### Node.js Version

-OpenClaw requires **Node.js 22.14.0 or later** (LTS). This version includes important security patches:
+OpenClaw requires **Node.js 22.12.0 or later** (LTS). This version includes important security patches:

 - CVE-2025-59466: async_hooks DoS vulnerability
 - CVE-2026-21636: Permission model bypass vulnerability
@@ -296,7 +296,7 @@ OpenClaw requires **Node.js 22.14.0 or later** (LTS). This version includes impo
 Verify your Node.js version:

 ```bash
-node --version  # Should be v22.14.0 or later
+node --version  # Should be v22.12.0 or later
 ```

 ### Docker Security
--- a/VISION.md
+++ b/VISION.md
@@ -53,24 +53,12 @@ We prioritize secure defaults, but also expose clear knobs for trusted high-powe

 OpenClaw has an extensive plugin API.
 Core stays lean; optional capability should usually ship as plugins.
-We are generally slimming down core while expanding what plugins can do.
-If a useful feature cannot be built as a plugin yet, we welcome PRs and design discussions that extend the plugin API instead of adding one-off core behavior.
-
-There are two broad plugin styles:
-
- Code plugins run OpenClaw plugin code and are appropriate for deeper runtime extension.
- Bundle-style plugins package stable external surfaces such as skills, MCP servers, and related configuration.
-
-Prefer bundle-style plugins when they can express the capability.
-They have a smaller, more stable interface and better security boundaries.
-Use code plugins when the capability needs runtime hooks, providers, channels, tools, or other in-process extension points.

 Preferred plugin path is npm package distribution plus local extension loading for development.
 If you build a plugin, host and maintain it in your own repository.
 The bar for adding optional plugins to core is intentionally high.
 Plugin docs: [`docs/tools/plugin.md`](docs/tools/plugin.md)
-Plugin discovery, official publisher status, provenance, and security review live in [ClawHub](https://clawhub.ai/).
-OpenClaw docs should document core extension points; plugin promotion belongs in ClawHub, preferably under vetted org publishers for official plugins.
+Community plugin listing + PR bar: https://docs.openclaw.ai/plugins/community

 Memory is a special plugin slot where only one memory plugin can be active at a time.
 Today we ship multiple memory options; over time we plan to converge on one recommended default path.
@@ -78,16 +66,21 @@ Today we ship multiple memory options; over time we plan to converge on one reco
 ### Skills

 We still ship some bundled skills for baseline UX.
-New skills should be published through [ClawHub](https://clawhub.ai/) first, not added to core by default.
-Official or bundled promotion should require a clear product, security, or maintainer-ownership reason.
+New skills should be published to ClawHub first (`clawhub.ai`), not added to core by default.
+Core skill additions should be rare and require a strong product or security reason.

 ### MCP Support

-OpenClaw supports MCP as both a server and a runtime integration surface.
-MCP details live in [`docs/cli/mcp.md`](docs/cli/mcp.md).
+OpenClaw supports MCP through `mcporter`: https://github.com/steipete/mcporter

-The project goal is pragmatic MCP support without duplicating existing agent,
-tool, ACPX, plugin, or ClawHub paths.
+This keeps MCP integration flexible and decoupled from core runtime:
+
+- add or change MCP servers without restarting the gateway
+- keep core tool/context surface lean
+- reduce MCP churn impact on core stability and security
+
+For now, we prefer this bridge model over building first-class MCP runtime into core.
+If there is an MCP server or feature `mcporter` does not support yet, please open an issue there.

 ### Setup

@@ -105,11 +98,11 @@ It is widely known, fast to iterate in, and easy to read, modify, and extend.

 ## What We Will Not Merge (For Now)

- New core skills when they can live on [ClawHub](https://clawhub.ai/)
+- New core skills when they can live on ClawHub
 - Full-doc translation sets for all docs (deferred; we plan AI-generated translations later)
 - Commercial service integrations that do not clearly fit the model-provider category
 - Wrapper channels around already supported channels without a clear capability or security gap
- MCP work that duplicates existing MCP, ACPX, plugin, or ClawHub paths without a clear product or security gap
+- First-class MCP runtime in core when `mcporter` already provides the integration path
 - Agent-hierarchy frameworks (manager-of-managers / nested planner trees) as a default architecture
 - Heavy orchestration layers that duplicate existing agent and tool infrastructure

--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -65,8 +65,8 @@ android {
        applicationId = "ai.openclaw.app"
        minSdk = 31
        targetSdk = 36
-        versionCode = 2026042500
-        versionName = "2026.4.25"
+        versionCode = 2026042300
+        versionName = "2026.4.23"
        ndk {
            // Support all major ABIs — native libs are tiny (~47 KB per ABI)
            abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")
--- a/apps/android/app/src/main/AndroidManifest.xml
+++ b/apps/android/app/src/main/AndroidManifest.xml
@@ -3,7 +3,6 @@
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_DATA_SYNC" />
-    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_MICROPHONE" />
    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
    <uses-permission
        android:name="android.permission.NEARBY_WIFI_DEVICES"
@@ -53,7 +52,7 @@
        <service
            android:name=".NodeForegroundService"
            android:exported="false"
-            android:foregroundServiceType="dataSync|microphone" />
+            android:foregroundServiceType="dataSync" />
        <service
            android:name=".node.DeviceNotificationListenerService"
            android:label="@string/app_name"
--- a/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt
@@ -101,8 +101,7 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
  val onboardingCompleted: StateFlow<Boolean> = prefs.onboardingCompleted
  val canvasDebugStatusEnabled: StateFlow<Boolean> = prefs.canvasDebugStatusEnabled
  val speakerEnabled: StateFlow<Boolean> = prefs.speakerEnabled
-  val voiceCaptureMode: StateFlow<VoiceCaptureMode> = runtimeState(initial = VoiceCaptureMode.Off) { it.voiceCaptureMode }
-  val micEnabled: StateFlow<Boolean> = runtimeState(initial = false) { it.micEnabled }
+  val micEnabled: StateFlow<Boolean> = prefs.talkEnabled

  val micCooldown: StateFlow<Boolean> = runtimeState(initial = false) { it.micCooldown }
  val micStatusText: StateFlow<String> = runtimeState(initial = "Mic off") { it.micStatusText }
@@ -112,10 +111,6 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
  val micConversation: StateFlow<List<VoiceConversationEntry>> = runtimeState(initial = emptyList()) { it.micConversation }
  val micInputLevel: StateFlow<Float> = runtimeState(initial = 0f) { it.micInputLevel }
  val micIsSending: StateFlow<Boolean> = runtimeState(initial = false) { it.micIsSending }
-  val talkModeEnabled: StateFlow<Boolean> = runtimeState(initial = false) { it.talkModeEnabled }
-  val talkModeListening: StateFlow<Boolean> = runtimeState(initial = false) { it.talkModeListening }
-  val talkModeSpeaking: StateFlow<Boolean> = runtimeState(initial = false) { it.talkModeSpeaking }
-  val talkModeStatusText: StateFlow<String> = runtimeState(initial = "Off") { it.talkModeStatusText }

  val chatSessionKey: StateFlow<String> = runtimeState(initial = "main") { it.chatSessionKey }
  val chatSessionId: StateFlow<String?> = runtimeState(initial = null) { it.chatSessionId }
@@ -288,10 +283,6 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
    ensureRuntime().setMicEnabled(enabled)
  }

-  fun setTalkModeEnabled(enabled: Boolean) {
-    ensureRuntime().setTalkModeEnabled(enabled)
-  }
-
  fun setSpeakerEnabled(enabled: Boolean) {
    ensureRuntime().setSpeakerEnabled(enabled)
  }
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeForegroundService.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeForegroundService.kt
@@ -3,14 +3,12 @@ package ai.openclaw.app
 import android.app.Notification
 import android.app.NotificationChannel
 import android.app.NotificationManager
-import android.app.PendingIntent
 import android.app.Service
+import android.app.PendingIntent
 import android.content.Context
 import android.content.Intent
 import android.content.pm.ServiceInfo
 import androidx.core.app.NotificationCompat
-import androidx.core.app.ServiceCompat
-import androidx.core.content.ContextCompat
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
@@ -23,7 +21,6 @@ class NodeForegroundService : Service() {
  private val scope: CoroutineScope = CoroutineScope(SupervisorJob() + Dispatchers.Main)
  private var notificationJob: Job? = null
  private var didStartForeground = false
-  private var voiceCaptureMode = VoiceCaptureMode.Off

  override fun onCreate() {
    super.onCreate()
@@ -39,51 +36,22 @@ class NodeForegroundService : Service() {
    notificationJob =
      scope.launch {
        combine(
-          combine(
-            runtime.statusText,
-            runtime.serverName,
-            runtime.isConnected,
-            runtime.voiceCaptureMode,
-          ) { status, server, connected, mode ->
-            VoiceNotificationBase(
-              status = status,
-              server = server,
-              connected = connected,
-              mode = mode,
-            )
-          },
-          combine(
-            runtime.micEnabled,
-            runtime.micIsListening,
-            runtime.talkModeListening,
-            runtime.talkModeSpeaking,
-          ) { micEnabled, micListening, talkListening, talkSpeaking ->
-            VoiceNotificationCapture(
-              micEnabled = micEnabled,
-              micListening = micListening,
-              talkListening = talkListening,
-              talkSpeaking = talkSpeaking,
-            )
-          },
-        ) { base, capture ->
-          VoiceNotificationState(base = base, capture = capture)
-        }.collect { state ->
-          voiceCaptureMode = state.mode
-          val title =
-            when {
-              state.connected && state.mode == VoiceCaptureMode.TalkMode -> "OpenClaw Node · Talk"
-              state.connected -> "OpenClaw Node · Connected"
-              else -> "OpenClaw Node"
+          runtime.statusText,
+          runtime.serverName,
+          runtime.isConnected,
+          runtime.micEnabled,
+          runtime.micIsListening,
+        ) { status, server, connected, micEnabled, micListening ->
+          Quint(status, server, connected, micEnabled, micListening)
+        }.collect { (status, server, connected, micEnabled, micListening) ->
+          val title = if (connected) "OpenClaw Node · Connected" else "OpenClaw Node"
+          val micSuffix =
+            if (micEnabled) {
+              if (micListening) " · Mic: Listening" else " · Mic: Pending"
+            } else {
+              ""
            }
-          val text =
-            (state.server?.let { "${state.status} · $it" } ?: state.status) +
-              voiceNotificationSuffix(
-                mode = state.mode,
-                manualMicEnabled = state.capture.micEnabled,
-                manualMicListening = state.capture.micListening,
-                talkListening = state.capture.talkListening,
-                talkSpeaking = state.capture.talkSpeaking,
-              )
+          val text = (server?.let { "$status · $it" } ?: status) + micSuffix

          startForegroundWithTypes(
            notification = buildNotification(title = title, text = text),
@@ -92,27 +60,13 @@ class NodeForegroundService : Service() {
      }
  }

-  override fun onStartCommand(
-    intent: Intent?,
-    flags: Int,
-    startId: Int,
-  ): Int {
+  override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
    when (intent?.action) {
      ACTION_STOP -> {
        (application as NodeApp).peekRuntime()?.disconnect()
        stopSelf()
        return START_NOT_STICKY
      }
-      ACTION_SET_VOICE_CAPTURE_MODE -> {
-        voiceCaptureMode = intent.getStringExtra(EXTRA_VOICE_CAPTURE_MODE).toVoiceCaptureMode()
-        startForegroundWithTypes(
-          notification =
-            buildNotification(
-              title = "OpenClaw Node",
-              text = if (voiceCaptureMode == VoiceCaptureMode.TalkMode) "Talk mode active" else "Connected",
-            ),
-        )
-      }
    }
    // Keep running; connection is managed by NodeRuntime (auto-reconnect + manual).
    return START_STICKY
@@ -173,13 +127,17 @@ class NodeForegroundService : Service() {
      .build()
  }

+  private fun updateNotification(notification: Notification) {
+    val mgr = getSystemService(Context.NOTIFICATION_SERVICE) as NotificationManager
+    mgr.notify(NOTIFICATION_ID, notification)
+  }
+
  private fun startForegroundWithTypes(notification: Notification) {
-    val serviceTypes = foregroundServiceTypesForVoiceMode(voiceCaptureMode)
    if (didStartForeground) {
-      ServiceCompat.startForeground(this, NOTIFICATION_ID, notification, serviceTypes)
+      updateNotification(notification)
      return
    }
-    ServiceCompat.startForeground(this, NOTIFICATION_ID, notification, serviceTypes)
+    startForeground(NOTIFICATION_ID, notification, ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC)
    didStartForeground = true
  }

@@ -188,8 +146,6 @@ class NodeForegroundService : Service() {
    private const val NOTIFICATION_ID = 1

    private const val ACTION_STOP = "ai.openclaw.app.action.STOP"
-    private const val ACTION_SET_VOICE_CAPTURE_MODE = "ai.openclaw.app.action.SET_VOICE_CAPTURE_MODE"
-    private const val EXTRA_VOICE_CAPTURE_MODE = "ai.openclaw.app.extra.VOICE_CAPTURE_MODE"

    fun start(context: Context) {
      val intent = Intent(context, NodeForegroundService::class.java)
@@ -200,85 +156,7 @@ class NodeForegroundService : Service() {
      val intent = Intent(context, NodeForegroundService::class.java).setAction(ACTION_STOP)
      context.startService(intent)
    }
-
-    fun setVoiceCaptureMode(
-      context: Context,
-      mode: VoiceCaptureMode,
-    ) {
-      val intent =
-        Intent(context, NodeForegroundService::class.java)
-          .setAction(ACTION_SET_VOICE_CAPTURE_MODE)
-          .putExtra(EXTRA_VOICE_CAPTURE_MODE, mode.name)
-      if (mode == VoiceCaptureMode.TalkMode) {
-        ContextCompat.startForegroundService(context, intent)
-      } else {
-        context.startService(intent)
-      }
-    }
  }
 }

-internal fun foregroundServiceTypesForVoiceMode(mode: VoiceCaptureMode): Int {
-  val base = ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC
-  return if (mode == VoiceCaptureMode.TalkMode) {
-    base or ServiceInfo.FOREGROUND_SERVICE_TYPE_MICROPHONE
-  } else {
-    base
-  }
-}
-
-internal fun voiceNotificationSuffix(
-  mode: VoiceCaptureMode,
-  manualMicEnabled: Boolean,
-  manualMicListening: Boolean,
-  talkListening: Boolean,
-  talkSpeaking: Boolean,
-): String {
-  return when (mode) {
-    VoiceCaptureMode.TalkMode ->
-      when {
-        talkSpeaking -> " · Talk: Speaking"
-        talkListening -> " · Talk: Listening"
-        else -> " · Talk: On"
-      }
-    VoiceCaptureMode.ManualMic ->
-      if (manualMicEnabled) {
-        if (manualMicListening) " · Mic: Listening" else " · Mic: Pending"
-      } else {
-        ""
-      }
-    VoiceCaptureMode.Off -> ""
-  }
-}
-
-private fun String?.toVoiceCaptureMode(): VoiceCaptureMode {
-  return VoiceCaptureMode.entries.firstOrNull { it.name == this } ?: VoiceCaptureMode.Off
-}
-
-private data class VoiceNotificationBase(
-  val status: String,
-  val server: String?,
-  val connected: Boolean,
-  val mode: VoiceCaptureMode,
-)
-
-private data class VoiceNotificationCapture(
-  val micEnabled: Boolean,
-  val micListening: Boolean,
-  val talkListening: Boolean,
-  val talkSpeaking: Boolean,
-)
-
-private data class VoiceNotificationState(
-  val base: VoiceNotificationBase,
-  val capture: VoiceNotificationCapture,
-) {
-  val status: String
-    get() = base.status
-  val server: String?
-    get() = base.server
-  val connected: Boolean
-    get() = base.connected
-  val mode: VoiceCaptureMode
-    get() = base.mode
-}
+private data class Quint<A, B, C, D, E>(val first: A, val second: B, val third: C, val fourth: D, val fifth: E)
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
@@ -64,8 +64,6 @@ class NodeRuntime(
  private val json = Json { ignoreUnknownKeys = true }

  private val externalAudioCaptureActive = MutableStateFlow(false)
-  private val _voiceCaptureMode = MutableStateFlow(VoiceCaptureMode.Off)
-  val voiceCaptureMode: StateFlow<VoiceCaptureMode> = _voiceCaptureMode.asStateFlow()

  private val discovery = GatewayDiscovery(appContext, scope = scope)
  val gateways: StateFlow<List<GatewayEndpoint>> = discovery.gateways
@@ -430,18 +428,6 @@ class NodeRuntime(
    )
  }

-  val talkModeEnabled: StateFlow<Boolean>
-    get() = talkMode.isEnabled
-
-  val talkModeListening: StateFlow<Boolean>
-    get() = talkMode.isListening
-
-  val talkModeSpeaking: StateFlow<Boolean>
-    get() = talkMode.isSpeaking
-
-  val talkModeStatusText: StateFlow<String>
-    get() = talkMode.statusText
-
  private fun syncMainSessionKey(agentId: String?) {
    val resolvedKey = resolveNodeMainSessionKey(agentId)
    // Always push the resolved session key into TalkMode, even when the
@@ -613,8 +599,17 @@ class NodeRuntime(
      prefs.loadGatewayToken()
    }

-    if (prefs.voiceMicEnabled.value) {
-      setVoiceCaptureMode(VoiceCaptureMode.ManualMic, persistManualMic = false)
+    scope.launch {
+      prefs.talkEnabled.collect { enabled ->
+        // MicCaptureManager handles STT + send to gateway, while the dedicated
+        // reply speaker handles TTS for assistant replies in the voice tab.
+        micCapture.setMicEnabled(enabled)
+        if (enabled) {
+          talkMode.ttsOnAllResponses = false
+          scope.launch { talkMode.ensureChatSubscribed() }
+        }
+        externalAudioCaptureActive.value = enabled
+      }
    }

    scope.launch(Dispatchers.Default) {
@@ -648,7 +643,7 @@ class NodeRuntime(
    if (value) {
      reconnectPreferredGatewayOnForeground()
    } else {
-      stopManualVoiceSession()
+      stopActiveVoiceSession()
    }
  }

@@ -762,17 +757,21 @@ class NodeRuntime(

  fun setVoiceScreenActive(active: Boolean) {
    if (!active) {
-      stopManualVoiceSession()
+      stopActiveVoiceSession()
    }
    // Don't re-enable on active=true; mic toggle drives that
  }

  fun setMicEnabled(value: Boolean) {
-    setVoiceCaptureMode(if (value) VoiceCaptureMode.ManualMic else VoiceCaptureMode.Off)
-  }
-
-  fun setTalkModeEnabled(value: Boolean) {
-    setVoiceCaptureMode(if (value) VoiceCaptureMode.TalkMode else VoiceCaptureMode.Off)
+    prefs.setTalkEnabled(value)
+    if (value) {
+      // Tapping mic on interrupts any active TTS (barge-in)
+      stopVoicePlayback()
+      talkMode.ttsOnAllResponses = false
+      scope.launch { talkMode.ensureChatSubscribed() }
+    }
+    micCapture.setMicEnabled(value)
+    externalAudioCaptureActive.value = value
  }

  val speakerEnabled: StateFlow<Boolean>
@@ -787,72 +786,11 @@ class NodeRuntime(
    talkMode.setPlaybackEnabled(value)
  }

-  private fun setVoiceCaptureMode(
-    mode: VoiceCaptureMode,
-    persistManualMic: Boolean = true,
-  ) {
-    if (mode == VoiceCaptureMode.TalkMode && !hasRecordAudioPermission()) {
-      _voiceCaptureMode.value = VoiceCaptureMode.Off
-      externalAudioCaptureActive.value = false
-      return
-    }
-    if (_voiceCaptureMode.value == mode) return
-    _voiceCaptureMode.value = mode
-    when (mode) {
-      VoiceCaptureMode.Off -> {
-        talkMode.ttsOnAllResponses = false
-        talkMode.setEnabled(false)
-        stopVoicePlayback()
-        micCapture.setMicEnabled(false)
-        if (persistManualMic) {
-          prefs.setVoiceMicEnabled(false)
-        }
-        NodeForegroundService.setVoiceCaptureMode(appContext, VoiceCaptureMode.Off)
-        externalAudioCaptureActive.value = false
-      }
-
-      VoiceCaptureMode.ManualMic -> {
-        talkMode.ttsOnAllResponses = false
-        talkMode.setEnabled(false)
-        NodeForegroundService.setVoiceCaptureMode(appContext, VoiceCaptureMode.ManualMic)
-        if (persistManualMic) {
-          prefs.setVoiceMicEnabled(true)
-        }
-        // Tapping mic on interrupts any active TTS (barge-in).
-        stopVoicePlayback()
-        scope.launch { talkMode.ensureChatSubscribed() }
-        micCapture.setMicEnabled(true)
-        externalAudioCaptureActive.value = true
-      }
-
-      VoiceCaptureMode.TalkMode -> {
-        if (persistManualMic) {
-          prefs.setVoiceMicEnabled(false)
-        }
-        micCapture.setMicEnabled(false)
-        NodeForegroundService.setVoiceCaptureMode(appContext, VoiceCaptureMode.TalkMode)
-        talkMode.ttsOnAllResponses = true
-        talkMode.setPlaybackEnabled(speakerEnabled.value)
-        scope.launch { talkMode.ensureChatSubscribed() }
-        talkMode.setEnabled(true)
-        externalAudioCaptureActive.value = true
-      }
-    }
-  }
-
-  private fun stopManualVoiceSession() {
-    if (_voiceCaptureMode.value != VoiceCaptureMode.ManualMic) return
-    setVoiceCaptureMode(VoiceCaptureMode.Off)
-  }
-
  private fun stopActiveVoiceSession() {
    talkMode.ttsOnAllResponses = false
-    talkMode.setEnabled(false)
    stopVoicePlayback()
    micCapture.setMicEnabled(false)
-    prefs.setVoiceMicEnabled(false)
-    NodeForegroundService.setVoiceCaptureMode(appContext, VoiceCaptureMode.Off)
-    _voiceCaptureMode.value = VoiceCaptureMode.Off
+    prefs.setTalkEnabled(false)
    externalAudioCaptureActive.value = false
  }

@@ -1032,7 +970,6 @@ class NodeRuntime(
  }

  fun disconnect() {
-    stopActiveVoiceSession()
    connectedEndpoint = null
    activeGatewayAuth = null
    _pendingGatewayTrust.value = null
--- a/apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt
@@ -37,7 +37,6 @@ class SecurePrefs(
    private const val notificationsForwardingMaxEventsPerMinuteKey =
      "notifications.forwarding.maxEventsPerMinute"
    private const val notificationsForwardingSessionKeyKey = "notifications.forwarding.sessionKey"
-    private const val voiceMicEnabledKey = "voice.micEnabled"
  }

  private val appContext = context.applicationContext
@@ -163,8 +162,8 @@ class SecurePrefs(
  private val _voiceWakeMode = MutableStateFlow(loadVoiceWakeMode())
  val voiceWakeMode: StateFlow<VoiceWakeMode> = _voiceWakeMode

-  private val _voiceMicEnabled = MutableStateFlow(plainPrefs.getBoolean(voiceMicEnabledKey, false))
-  val voiceMicEnabled: StateFlow<Boolean> = _voiceMicEnabled
+  private val _talkEnabled = MutableStateFlow(plainPrefs.getBoolean("talk.enabled", false))
+  val talkEnabled: StateFlow<Boolean> = _talkEnabled

  private val _speakerEnabled = MutableStateFlow(plainPrefs.getBoolean("voice.speakerEnabled", true))
  val speakerEnabled: StateFlow<Boolean> = _speakerEnabled
@@ -479,9 +478,9 @@ class SecurePrefs(
    _voiceWakeMode.value = mode
  }

-  fun setVoiceMicEnabled(value: Boolean) {
-    plainPrefs.edit { putBoolean(voiceMicEnabledKey, value) }
-    _voiceMicEnabled.value = value
+  fun setTalkEnabled(value: Boolean) {
+    plainPrefs.edit { putBoolean("talk.enabled", value) }
+    _talkEnabled.value = value
  }

  fun setSpeakerEnabled(value: Boolean) {
--- a/apps/android/app/src/main/java/ai/openclaw/app/VoiceCaptureMode.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/VoiceCaptureMode.kt
@@ -1,7 +0,0 @@
-package ai.openclaw.app
-
-enum class VoiceCaptureMode {
-  Off,
-  ManualMic,
-  TalkMode,
-}
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt
@@ -35,11 +35,10 @@ import androidx.compose.foundation.lazy.rememberLazyListState
 import androidx.compose.foundation.shape.CircleShape
 import androidx.compose.foundation.shape.RoundedCornerShape
 import androidx.compose.material.icons.Icons
-import androidx.compose.material.icons.automirrored.filled.VolumeOff
-import androidx.compose.material.icons.automirrored.filled.VolumeUp
 import androidx.compose.material.icons.filled.Mic
 import androidx.compose.material.icons.filled.MicOff
-import androidx.compose.material.icons.filled.RecordVoiceOver
+import androidx.compose.material.icons.automirrored.filled.VolumeOff
+import androidx.compose.material.icons.automirrored.filled.VolumeUp
 import androidx.compose.material3.Button
 import androidx.compose.material3.ButtonDefaults
 import androidx.compose.material3.Icon
@@ -70,7 +69,6 @@ import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.LifecycleEventObserver
 import androidx.lifecycle.compose.LocalLifecycleOwner
 import ai.openclaw.app.MainViewModel
-import ai.openclaw.app.VoiceCaptureMode
 import ai.openclaw.app.voice.VoiceConversationEntry
 import ai.openclaw.app.voice.VoiceConversationRole
 import kotlin.math.max
@@ -83,7 +81,6 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
  val listState = rememberLazyListState()

  val gatewayStatus by viewModel.statusText.collectAsState()
-  val voiceCaptureMode by viewModel.voiceCaptureMode.collectAsState()
  val micEnabled by viewModel.micEnabled.collectAsState()
  val micCooldown by viewModel.micCooldown.collectAsState()
  val speakerEnabled by viewModel.speakerEnabled.collectAsState()
@@ -93,15 +90,12 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
  val micConversation by viewModel.micConversation.collectAsState()
  val micInputLevel by viewModel.micInputLevel.collectAsState()
  val micIsSending by viewModel.micIsSending.collectAsState()
-  val talkModeEnabled by viewModel.talkModeEnabled.collectAsState()
-  val talkModeListening by viewModel.talkModeListening.collectAsState()
-  val talkModeSpeaking by viewModel.talkModeSpeaking.collectAsState()

  val hasStreamingAssistant = micConversation.any { it.role == VoiceConversationRole.Assistant && it.isStreaming }
  val showThinkingBubble = micIsSending && !hasStreamingAssistant

  var hasMicPermission by remember { mutableStateOf(context.hasRecordAudioPermission()) }
-  var pendingVoicePermissionAction by remember { mutableStateOf<PendingVoicePermissionAction?>(null) }
+  var pendingMicEnable by remember { mutableStateOf(false) }

  DisposableEffect(lifecycleOwner, context) {
    val observer =
@@ -113,7 +107,7 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
    lifecycleOwner.lifecycle.addObserver(observer)
    onDispose {
      lifecycleOwner.lifecycle.removeObserver(observer)
-      // Manual mic is tied to the Voice tab; Talk Mode is explicit and can continue.
+      // Stop TTS when leaving the voice screen
      viewModel.setVoiceScreenActive(false)
    }
  }
@@ -121,14 +115,10 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
  val requestMicPermission =
    rememberLauncherForActivityResult(ActivityResultContracts.RequestPermission()) { granted ->
      hasMicPermission = granted
-      if (granted) {
-        when (pendingVoicePermissionAction) {
-          PendingVoicePermissionAction.ManualMic -> viewModel.setMicEnabled(true)
-          PendingVoicePermissionAction.TalkMode -> viewModel.setTalkModeEnabled(true)
-          null -> Unit
-        }
+      if (granted && pendingMicEnable) {
+        viewModel.setMicEnabled(true)
      }
-      pendingVoicePermissionAction = null
+      pendingMicEnable = false
    }

  LaunchedEffect(micConversation.size, showThinkingBubble) {
@@ -171,12 +161,12 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
                tint = mobileTextTertiary,
              )
              Text(
-                "Tap mic or Talk",
+                "Tap the mic to start",
                style = mobileHeadline,
                color = mobileTextSecondary,
              )
              Text(
-                "Mic sends turns; Talk keeps the conversation open.",
+                "Each pause sends a turn automatically.",
                style = mobileCallout,
                color = mobileTextTertiary,
              )
@@ -273,7 +263,7 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
              if (hasMicPermission) {
                viewModel.setMicEnabled(true)
              } else {
-                pendingVoicePermissionAction = PendingVoicePermissionAction.ManualMic
+                pendingMicEnable = true
                requestMicPermission.launch(Manifest.permission.RECORD_AUDIO)
              }
            },
@@ -297,39 +287,11 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
          }
        }

-        Column(horizontalAlignment = Alignment.CenterHorizontally, verticalArrangement = Arrangement.spacedBy(4.dp)) {
-          IconButton(
-            onClick = {
-              if (talkModeEnabled) {
-                viewModel.setTalkModeEnabled(false)
-                return@IconButton
-              }
-              if (hasMicPermission) {
-                viewModel.setTalkModeEnabled(true)
-              } else {
-                pendingVoicePermissionAction = PendingVoicePermissionAction.TalkMode
-                requestMicPermission.launch(Manifest.permission.RECORD_AUDIO)
-              }
-            },
-            modifier = Modifier.size(48.dp),
-            colors =
-              IconButtonDefaults.iconButtonColors(
-                containerColor = if (talkModeEnabled) mobileSuccessSoft else mobileSurface,
-              ),
-          ) {
-            Icon(
-              imageVector = Icons.Default.RecordVoiceOver,
-              contentDescription = if (talkModeEnabled) "Turn Talk Mode off" else "Turn Talk Mode on",
-              modifier = Modifier.size(22.dp),
-              tint = if (talkModeEnabled) mobileSuccess else mobileTextSecondary,
-            )
-          }
+        // Invisible spacer to balance the row (matches speaker column width)
+        Column(horizontalAlignment = Alignment.CenterHorizontally) {
+          Box(modifier = Modifier.size(48.dp))
          Spacer(modifier = Modifier.height(4.dp))
-          Text(
-            if (talkModeEnabled) "Talk on" else "Talk",
-            style = mobileCaption2,
-            color = if (talkModeEnabled) mobileSuccess else mobileTextTertiary,
-          )
+          Text("", style = mobileCaption2)
        }
      }

@@ -337,9 +299,6 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
      val queueCount = micQueuedMessages.size
      val stateText =
        when {
-          voiceCaptureMode == VoiceCaptureMode.TalkMode && talkModeSpeaking -> "Talk speaking"
-          voiceCaptureMode == VoiceCaptureMode.TalkMode && talkModeListening -> "Talk listening"
-          voiceCaptureMode == VoiceCaptureMode.TalkMode -> "Talk on"
          queueCount > 0 -> "$queueCount queued"
          micIsSending -> "Sending"
          micCooldown -> "Cooldown"
@@ -348,15 +307,14 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
        }
      val stateColor =
        when {
-          voiceCaptureMode == VoiceCaptureMode.TalkMode -> mobileSuccess
          micEnabled -> mobileSuccess
          micIsSending -> mobileAccent
          else -> mobileTextSecondary
        }
      Surface(
        shape = RoundedCornerShape(999.dp),
-        color = if (micEnabled || talkModeEnabled) mobileSuccessSoft else mobileSurface,
-        border = BorderStroke(1.dp, if (micEnabled || talkModeEnabled) mobileSuccess.copy(alpha = 0.3f) else mobileBorder),
+        color = if (micEnabled) mobileSuccessSoft else mobileSurface,
+        border = BorderStroke(1.dp, if (micEnabled) mobileSuccess.copy(alpha = 0.3f) else mobileBorder),
      ) {
        Text(
          "$gatewayStatus · $stateText",
@@ -395,11 +353,6 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
  }
 }

-private enum class PendingVoicePermissionAction {
-  ManualMic,
-  TalkMode,
-}
-
@Composable
 private fun VoiceTurnBubble(entry: VoiceConversationEntry) {
  val isUser = entry.role == VoiceConversationRole.User
--- a/apps/android/app/src/test/java/ai/openclaw/app/NodeForegroundServiceTest.kt
+++ b/apps/android/app/src/test/java/ai/openclaw/app/NodeForegroundServiceTest.kt
@@ -2,7 +2,6 @@ package ai.openclaw.app

 import android.app.Notification
 import android.content.Intent
-import android.content.pm.ServiceInfo
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertNotNull
 import org.junit.Test
@@ -31,35 +30,6 @@ class NodeForegroundServiceTest {
    assertEquals(expectedFlags, savedIntent.flags and expectedFlags)
  }

-  @Test
-  fun foregroundServiceTypesForVoiceMode_addsMicrophoneOnlyForTalkMode() {
-    assertEquals(
-      ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC,
-      foregroundServiceTypesForVoiceMode(VoiceCaptureMode.Off),
-    )
-    assertEquals(
-      ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC,
-      foregroundServiceTypesForVoiceMode(VoiceCaptureMode.ManualMic),
-    )
-    assertEquals(
-      ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC or ServiceInfo.FOREGROUND_SERVICE_TYPE_MICROPHONE,
-      foregroundServiceTypesForVoiceMode(VoiceCaptureMode.TalkMode),
-    )
-  }
-
-  @Test
-  fun voiceNotificationSuffixReflectsActiveCaptureMode() {
-    assertEquals("", voiceNotificationSuffix(VoiceCaptureMode.Off, false, false, false, false))
-    assertEquals(
-      " · Mic: Listening",
-      voiceNotificationSuffix(VoiceCaptureMode.ManualMic, true, true, false, false),
-    )
-    assertEquals(
-      " · Talk: Speaking",
-      voiceNotificationSuffix(VoiceCaptureMode.TalkMode, false, false, true, true),
-    )
-  }
-
  private fun buildNotification(service: NodeForegroundService): Notification {
    val method =
      NodeForegroundService::class.java.getDeclaredMethod(
--- a/apps/android/app/src/test/java/ai/openclaw/app/SecurePrefsTest.kt
+++ b/apps/android/app/src/test/java/ai/openclaw/app/SecurePrefsTest.kt
@@ -2,9 +2,7 @@ package ai.openclaw.app

 import android.content.Context
 import org.junit.Assert.assertEquals
-import org.junit.Assert.assertFalse
 import org.junit.Assert.assertNull
-import org.junit.Assert.assertTrue
 import org.junit.Test
 import org.junit.runner.RunWith
 import org.robolectric.RobolectricTestRunner
@@ -24,32 +22,6 @@ class SecurePrefsTest {
    assertEquals("whileUsing", plainPrefs.getString("location.enabledMode", null))
  }

-  @Test
-  fun voiceMicEnabled_ignoresOldTalkEnabledKey() {
-    val context = RuntimeEnvironment.getApplication()
-    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
-    plainPrefs.edit().clear().putBoolean("talk.enabled", true).commit()
-
-    val prefs = SecurePrefs(context)
-
-    assertFalse(prefs.voiceMicEnabled.value)
-    assertFalse(plainPrefs.contains("voice.micEnabled"))
-  }
-
-  @Test
-  fun setVoiceMicEnabled_persistsNewKeyOnly() {
-    val context = RuntimeEnvironment.getApplication()
-    val plainPrefs = context.getSharedPreferences("openclaw.node", Context.MODE_PRIVATE)
-    plainPrefs.edit().clear().putBoolean("talk.enabled", false).commit()
-    val prefs = SecurePrefs(context)
-
-    prefs.setVoiceMicEnabled(true)
-
-    assertTrue(prefs.voiceMicEnabled.value)
-    assertTrue(plainPrefs.getBoolean("voice.micEnabled", false))
-    assertFalse(plainPrefs.getBoolean("talk.enabled", false))
-  }
-
  @Test
  fun saveGatewayBootstrapToken_persistsSeparatelyFromSharedToken() {
    val context = RuntimeEnvironment.getApplication()
--- a/apps/ios/CHANGELOG.md
+++ b/apps/ios/CHANGELOG.md
@@ -1,9 +1,5 @@
 # OpenClaw iOS Changelog

-## 2026.4.25 - 2026-04-25
-
-Maintenance update for the current OpenClaw development release.
-
 ## 2026.4.23 - 2026-04-23

 Maintenance update for the current OpenClaw development release.
--- a/apps/ios/Config/Version.xcconfig
+++ b/apps/ios/Config/Version.xcconfig
@@ -2,8 +2,8 @@
 // Source of truth: apps/ios/version.json
 // Generated by scripts/ios-sync-versioning.ts.

-OPENCLAW_IOS_VERSION = 2026.4.25
-OPENCLAW_MARKETING_VERSION = 2026.4.25
+OPENCLAW_IOS_VERSION = 2026.4.23
+OPENCLAW_MARKETING_VERSION = 2026.4.23
 OPENCLAW_BUILD_VERSION = 1

 #include? "../build/Version.xcconfig"
--- a/apps/ios/version.json
+++ b/apps/ios/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "2026.4.25"
+  "version": "2026.4.23"
 }
--- a/apps/macos/Sources/OpenClaw/ChannelsStore+Lifecycle.swift
+++ b/apps/macos/Sources/OpenClaw/ChannelsStore+Lifecycle.swift
@@ -1,24 +1,6 @@
 import Foundation
 import OpenClawProtocol

-func whatsappLoginWaitRequestTimeoutMs(
-    startedAt: Date,
-    timeoutMs: Int,
-    didRunFinalWait: inout Bool,
-    now: Date = Date()) -> Int?
-{
-    let elapsedMs = Int(now.timeIntervalSince(startedAt) * 1000)
-    let remainingMs = max(timeoutMs - elapsedMs, 0)
-    if remainingMs > 0 {
-        return remainingMs
-    }
-    if didRunFinalWait {
-        return nil
-    }
-    didRunFinalWait = true
-    return 1
-}
-
 extension ChannelsStore {
    func start() {
        guard !self.isPreview else { return }
@@ -95,28 +77,18 @@ extension ChannelsStore {
        guard !self.whatsappBusy else { return }
        self.whatsappBusy = true
        defer { self.whatsappBusy = false }
-        let startedAt = Date()
-        var didRunFinalWait = false
        do {
-            while let remainingMs = whatsappLoginWaitRequestTimeoutMs(
-                startedAt: startedAt,
-                timeoutMs: timeoutMs,
-                didRunFinalWait: &didRunFinalWait)
-            {
-                var params: [String: AnyCodable] = [
-                    "timeoutMs": AnyCodable(remainingMs),
-                ]
-                if let currentQrDataUrl = self.whatsappLoginQrDataUrl {
-                    params["currentQrDataUrl"] = AnyCodable(currentQrDataUrl)
-                }
-                let result: WhatsAppLoginWaitResult = try await GatewayConnection.shared.requestDecoded(
-                    method: .webLoginWait,
-                    params: params,
-                    timeoutMs: Double(remainingMs) + 5000)
-                self.applyWhatsAppLoginWaitResult(result)
-                if result.connected || result.qrDataUrl == nil || didRunFinalWait {
-                    break
-                }
+            let params: [String: AnyCodable] = [
+                "timeoutMs": AnyCodable(timeoutMs),
+            ]
+            let result: WhatsAppLoginWaitResult = try await GatewayConnection.shared.requestDecoded(
+                method: .webLoginWait,
+                params: params,
+                timeoutMs: Double(timeoutMs) + 5000)
+            self.whatsappLoginMessage = result.message
+            self.whatsappLoginConnected = result.connected
+            if result.connected {
+                self.whatsappLoginQrDataUrl = nil
            }
        } catch {
            self.whatsappLoginMessage = error.localizedDescription
@@ -179,10 +151,9 @@ private struct WhatsAppLoginStartResult: Codable {
    let connected: Bool?
 }

-struct WhatsAppLoginWaitResult: Codable {
+private struct WhatsAppLoginWaitResult: Codable {
    let connected: Bool
    let message: String
-    let qrDataUrl: String?
 }

 private struct ChannelLogoutResult: Codable {
--- a/apps/macos/Sources/OpenClaw/ChannelsStore.swift
+++ b/apps/macos/Sources/OpenClaw/ChannelsStore.swift
@@ -290,16 +290,6 @@ final class ChannelsStore {
        return self.snapshot?.channelOrder ?? []
    }

-    func applyWhatsAppLoginWaitResult(_ result: WhatsAppLoginWaitResult) {
-        self.whatsappLoginMessage = result.message
-        self.whatsappLoginConnected = result.connected
-        if let qrDataUrl = result.qrDataUrl {
-            self.whatsappLoginQrDataUrl = qrDataUrl
-        } else if result.connected {
-            self.whatsappLoginQrDataUrl = nil
-        }
-    }
-
    init(isPreview: Bool = ProcessInfo.processInfo.isPreview) {
        self.isPreview = isPreview
    }
--- a/apps/macos/Sources/OpenClaw/ExecAllowlistMatcher.swift
+++ b/apps/macos/Sources/OpenClaw/ExecAllowlistMatcher.swift
@@ -9,14 +9,8 @@ enum ExecAllowlistMatcher {
        for entry in entries {
            switch ExecApprovalHelpers.validateAllowlistPattern(entry.pattern) {
            case let .valid(pattern):
-                if ExecApprovalHelpers.patternHasPathSelector(pattern) {
-                    let target = resolvedPath ?? rawExecutable
-                    if self.matches(pattern: pattern, target: target) { return entry }
-                } else if pattern != "*",
-                          !ExecApprovalHelpers.patternHasPathSelector(rawExecutable),
-                          self.matchesExecutableBasename(pattern: pattern, resolution: resolution) {
-                    return entry
-                }
+                let target = resolvedPath ?? rawExecutable
+                if self.matches(pattern: pattern, target: target) { return entry }
            case .invalid:
                continue
            }
@@ -40,20 +34,6 @@ enum ExecAllowlistMatcher {
        return matches
    }

-    private static func matchesExecutableBasename(
-        pattern: String,
-        resolution: ExecCommandResolution) -> Bool
-    {
-        var candidates = Set<String>()
-        if !resolution.executableName.isEmpty {
-            candidates.insert(resolution.executableName)
-        }
-        if let resolvedPath = resolution.resolvedPath, !resolvedPath.isEmpty {
-            candidates.insert(URL(fileURLWithPath: resolvedPath).lastPathComponent)
-        }
-        return candidates.contains { self.matches(pattern: pattern, target: $0) }
-    }
-
    private static func matches(pattern: String, target: String) -> Bool {
        let trimmed = pattern.trimmingCharacters(in: .whitespacesAndNewlines)
        guard !trimmed.isEmpty else { return false }
--- a/apps/macos/Sources/OpenClaw/ExecApprovals.swift
+++ b/apps/macos/Sources/OpenClaw/ExecApprovals.swift
@@ -616,17 +616,6 @@ enum ExecApprovalsStore {
        let trimmedResolved = entry.lastResolvedPath?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
        let normalizedResolved = trimmedResolved.isEmpty ? nil : trimmedResolved

-        if !ExecApprovalHelpers.patternHasPathSelector(trimmedPattern),
-           !trimmedResolved.isEmpty,
-           case let .valid(migratedPattern) = ExecApprovalHelpers.validateAllowlistPattern(trimmedResolved) {
-            return ExecAllowlistEntry(
-                id: entry.id,
-                pattern: migratedPattern,
-                lastUsedAt: entry.lastUsedAt,
-                lastUsedCommand: entry.lastUsedCommand,
-                lastResolvedPath: normalizedResolved)
-        }
-
        switch ExecApprovalHelpers.validateAllowlistPattern(trimmedPattern) {
        case let .valid(pattern):
            return ExecAllowlistEntry(
@@ -735,10 +724,11 @@ enum ExecApprovalHelpers {
    static func validateAllowlistPattern(_ pattern: String?) -> ExecAllowlistPatternValidation {
        let trimmed = pattern?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
        guard !trimmed.isEmpty else { return .invalid(.empty) }
+        guard self.containsPathComponent(trimmed) else { return .invalid(.missingPathComponent) }
        return .valid(trimmed)
    }

-    static func isValidAllowlistPattern(_ pattern: String?) -> Bool {
+    static func isPathPattern(_ pattern: String?) -> Bool {
        switch self.validateAllowlistPattern(pattern) {
        case .valid:
            true
@@ -747,11 +737,6 @@ enum ExecApprovalHelpers {
        }
    }

-    static func isPathPattern(_ pattern: String?) -> Bool {
-        let trimmed = pattern?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-        return self.patternHasPathSelector(trimmed)
-    }
-
    static func parseDecision(_ raw: String?) -> ExecApprovalDecision? {
        let trimmed = raw?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
        guard !trimmed.isEmpty else { return nil }
@@ -774,7 +759,7 @@ enum ExecApprovalHelpers {
        return pattern.isEmpty ? nil : pattern
    }

-    static func patternHasPathSelector(_ pattern: String) -> Bool {
+    private static func containsPathComponent(_ pattern: String) -> Bool {
        pattern.contains("/") || pattern.contains("~") || pattern.contains("\\")
    }
 }
--- a/apps/macos/Sources/OpenClaw/GatewayConnection.swift
+++ b/apps/macos/Sources/OpenClaw/GatewayConnection.swift
@@ -70,7 +70,6 @@ actor GatewayConnection {
        case wizardStatus = "wizard.status"
        case talkConfig = "talk.config"
        case talkMode = "talk.mode"
-        case talkSpeak = "talk.speak"
        case webLoginStart = "web.login.start"
        case webLoginWait = "web.login.wait"
        case channelsLogout = "channels.logout"
--- a/apps/macos/Sources/OpenClaw/Resources/Info.plist
+++ b/apps/macos/Sources/OpenClaw/Resources/Info.plist
@@ -15,9 +15,9 @@
    <key>CFBundlePackageType</key>
    <string>APPL</string>
    <key>CFBundleShortVersionString</key>
-    <string>2026.4.25</string>
+    <string>2026.4.23</string>
    <key>CFBundleVersion</key>
-    <string>2026042500</string>
+    <string>2026042300</string>
    <key>CFBundleIconFile</key>
    <string>OpenClaw</string>
    <key>CFBundleURLTypes</key>
--- a/apps/macos/Sources/OpenClaw/SystemRunSettingsView.swift
+++ b/apps/macos/Sources/OpenClaw/SystemRunSettingsView.swift
@@ -105,7 +105,7 @@ struct SystemRunSettingsView: View {
                    .foregroundStyle(.secondary)
            } else {
                HStack(spacing: 8) {
-                    TextField("Add command name or path glob", text: self.$newPattern)
+                    TextField("Add allowlist path pattern (case-insensitive globs)", text: self.$newPattern)
                        .textFieldStyle(.roundedBorder)
                    Button("Add") {
                        if self.model.addEntry(self.newPattern) == nil {
@@ -113,10 +113,10 @@ struct SystemRunSettingsView: View {
                        }
                    }
                    .buttonStyle(.bordered)
-                    .disabled(!self.model.isValidPattern(self.newPattern))
+                    .disabled(!self.model.isPathPattern(self.newPattern))
                }

-                Text("Bare names match PATH-resolved commands. Use a path glob for a specific binary.")
+                Text("Path patterns only. Basename entries like \"echo\" are ignored.")
                    .font(.footnote)
                    .foregroundStyle(.secondary)
                if let validationMessage = self.model.allowlistValidationMessage {
@@ -424,8 +424,8 @@ final class ExecApprovalsSettingsModel {
        self.entries.first(where: { $0.id == id })
    }

-    func isValidPattern(_ pattern: String) -> Bool {
-        ExecApprovalHelpers.isValidAllowlistPattern(pattern)
+    func isPathPattern(_ pattern: String) -> Bool {
+        ExecApprovalHelpers.isPathPattern(pattern)
    }

    func refreshSkillBins(force: Bool = false) async {
--- a/apps/macos/Sources/OpenClaw/TalkModeRuntime.swift
+++ b/apps/macos/Sources/OpenClaw/TalkModeRuntime.swift
@@ -2,7 +2,6 @@ import AVFoundation
 import Foundation
 import OpenClawChatUI
 import OpenClawKit
-import OpenClawProtocol
 import OSLog
 import Speech

@@ -476,16 +475,7 @@ actor TalkModeRuntime {
                self.ttsLogger
                    .error(
                        "talk TTS failed: \(error.localizedDescription, privacy: .public); " +
-                            "retrying gateway talk.speak")
-                do {
-                    try await self.playGatewayTalkSpeak(input: input)
-                    return
-                } catch {
-                    self.ttsLogger
-                        .error(
-                            "talk gateway TTS failed: \(error.localizedDescription, privacy: .public); " +
-                                "falling back to system voice")
-                }
+                            "falling back to system voice")
                do {
                    try await self.playSystemVoice(input: input)
                } catch {
@@ -730,42 +720,6 @@ actor TalkModeRuntime {
        return await self.playMP3(stream: stream)
    }

-    private func playGatewayTalkSpeak(input: TalkPlaybackInput) async throws {
-        let params = Self.makeTalkSpeakParams(
-            text: input.cleanedText,
-            voiceId: input.voiceId,
-            modelId: self.currentModelId ?? self.defaultModelId,
-            outputFormat: self.defaultOutputFormat,
-            directive: input.directive)
-        let result: TalkSpeakResult = try await GatewayConnection.shared.requestDecoded(
-            method: .talkSpeak,
-            params: params,
-            timeoutMs: max(30000, input.synthTimeoutSeconds * 1000 + 5000))
-        guard let audioData = Data(base64Encoded: result.audiobase64), !audioData.isEmpty else {
-            throw NSError(domain: "TalkSpeak", code: 1, userInfo: [
-                NSLocalizedDescriptionKey: "gateway talk.speak returned empty audio",
-            ])
-        }
-        _ = await self.stopPCM()
-        _ = await self.stopMP3()
-        if self.interruptOnSpeech {
-            guard await self.prepareForPlayback(generation: input.generation) else { return }
-        }
-        await MainActor.run { TalkModeController.shared.updatePhase(.speaking) }
-        self.phase = .speaking
-        let playback = await self.playTalkAudio(data: audioData)
-        self.ttsLogger
-            .info(
-                "talk gateway audio provider=\(result.provider, privacy: .public) " +
-                    "format=\(result.outputformat ?? "unknown", privacy: .public) " +
-                    "finished=\(playback.finished, privacy: .public)")
-        if !playback.finished, playback.interruptedAt == nil {
-            throw NSError(domain: "TalkSpeak", code: 2, userInfo: [
-                NSLocalizedDescriptionKey: "gateway talk.speak audio playback failed",
-            ])
-        }
-    }
-
    private func playSystemVoice(input: TalkPlaybackInput) async throws {
        self.ttsLogger.info("talk system voice start chars=\(input.cleanedText.count, privacy: .public)")
        if self.interruptOnSpeech {
@@ -893,54 +847,6 @@ actor TalkModeRuntime {
 }

 extension TalkModeRuntime {
-    static func makeTalkSpeakParams(
-        text: String,
-        voiceId: String?,
-        modelId: String?,
-        outputFormat: String?,
-        directive: TalkDirective?) -> [String: AnyCodable]
-    {
-        var params: [String: AnyCodable] = ["text": AnyCodable(text)]
-
-        func addString(_ key: String, _ value: String?) {
-            let trimmed = value?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-            guard !trimmed.isEmpty else { return }
-            params[key] = AnyCodable(trimmed)
-        }
-
-        addString("voiceId", voiceId)
-        addString("modelId", directive?.modelId ?? modelId)
-        addString("outputFormat", directive?.outputFormat ?? outputFormat)
-        if let speed = directive?.speed {
-            params["speed"] = AnyCodable(speed)
-        }
-        if let rateWPM = directive?.rateWPM {
-            params["rateWpm"] = AnyCodable(rateWPM)
-        }
-        if let stability = directive?.stability {
-            params["stability"] = AnyCodable(stability)
-        }
-        if let similarity = directive?.similarity {
-            params["similarity"] = AnyCodable(similarity)
-        }
-        if let style = directive?.style {
-            params["style"] = AnyCodable(style)
-        }
-        if let speakerBoost = directive?.speakerBoost {
-            params["speakerBoost"] = AnyCodable(speakerBoost)
-        }
-        if let seed = directive?.seed {
-            params["seed"] = AnyCodable(seed)
-        }
-        addString("normalize", directive?.normalize)
-        addString("language", directive?.language)
-        if let latencyTier = directive?.latencyTier {
-            params["latencyTier"] = AnyCodable(latencyTier)
-        }
-
-        return params
-    }
-
    // MARK: - Audio playback (MainActor helpers)

    @MainActor
--- a/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift
+++ b/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift
@@ -723,26 +723,17 @@ public struct AgentIdentityResult: Codable, Sendable {
    public let agentid: String
    public let name: String?
    public let avatar: String?
-    public let avatarsource: String?
-    public let avatarstatus: String?
-    public let avatarreason: String?
    public let emoji: String?

    public init(
        agentid: String,
        name: String?,
        avatar: String?,
-        avatarsource: String?,
-        avatarstatus: String?,
-        avatarreason: String?,
        emoji: String?)
    {
        self.agentid = agentid
        self.name = name
        self.avatar = avatar
-        self.avatarsource = avatarsource
-        self.avatarstatus = avatarstatus
-        self.avatarreason = avatarreason
        self.emoji = emoji
    }

@@ -750,9 +741,6 @@ public struct AgentIdentityResult: Codable, Sendable {
        case agentid = "agentId"
        case name
        case avatar
-        case avatarsource = "avatarSource"
-        case avatarstatus = "avatarStatus"
-        case avatarreason = "avatarReason"
        case emoji
    }
 }
@@ -2337,62 +2325,6 @@ public struct TalkConfigResult: Codable, Sendable {
    }
 }

-public struct TalkRealtimeSessionParams: Codable, Sendable {
-    public let sessionkey: String?
-    public let provider: String?
-    public let model: String?
-    public let voice: String?
-
-    public init(
-        sessionkey: String?,
-        provider: String?,
-        model: String?,
-        voice: String?)
-    {
-        self.sessionkey = sessionkey
-        self.provider = provider
-        self.model = model
-        self.voice = voice
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case sessionkey = "sessionKey"
-        case provider
-        case model
-        case voice
-    }
-}
-
-public struct TalkRealtimeSessionResult: Codable, Sendable {
-    public let provider: String
-    public let clientsecret: String
-    public let model: String?
-    public let voice: String?
-    public let expiresat: Double?
-
-    public init(
-        provider: String,
-        clientsecret: String,
-        model: String?,
-        voice: String?,
-        expiresat: Double?)
-    {
-        self.provider = provider
-        self.clientsecret = clientsecret
-        self.model = model
-        self.voice = voice
-        self.expiresat = expiresat
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case provider
-        case clientsecret = "clientSecret"
-        case model
-        case voice
-        case expiresat = "expiresAt"
-    }
-}
-
 public struct TalkSpeakParams: Codable, Sendable {
    public let text: String
    public let voiceid: String?
@@ -2622,22 +2554,18 @@ public struct WebLoginStartParams: Codable, Sendable {
 public struct WebLoginWaitParams: Codable, Sendable {
    public let timeoutms: Int?
    public let accountid: String?
-    public let currentqrdataurl: String?

    public init(
        timeoutms: Int?,
-        accountid: String?,
-        currentqrdataurl: String?)
+        accountid: String?)
    {
        self.timeoutms = timeoutms
        self.accountid = accountid
-        self.currentqrdataurl = currentqrdataurl
    }

    private enum CodingKeys: String, CodingKey {
        case timeoutms = "timeoutMs"
        case accountid = "accountId"
-        case currentqrdataurl = "currentQrDataUrl"
    }
 }

--- a/apps/macos/Tests/OpenClawIPCTests/ChannelsSettingsSmokeTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/ChannelsSettingsSmokeTests.swift
@@ -156,63 +156,4 @@ struct ChannelsSettingsSmokeTests {
        let view = ChannelsSettings(store: store)
        _ = view.body
    }
-
-    @Test func `whatsapp login wait result keeps latest qr until connected`() {
-        let store = makeChannelsStore(channels: [:])
-        store.whatsappLoginQrDataUrl = "data:image/png;base64,initial"
-
-        store.applyWhatsAppLoginWaitResult(
-            WhatsAppLoginWaitResult(
-                connected: false,
-                message: "QR refreshed. Scan the latest code in WhatsApp → Linked Devices.",
-                qrDataUrl: "data:image/png;base64,rotated"))
-
-        #expect(store.whatsappLoginQrDataUrl == "data:image/png;base64,rotated")
-        #expect(store.whatsappLoginConnected == false)
-
-        store.applyWhatsAppLoginWaitResult(
-            WhatsAppLoginWaitResult(
-                connected: false,
-                message: "Still waiting for the QR scan. Let me know when you’ve scanned it.",
-                qrDataUrl: nil))
-
-        #expect(store.whatsappLoginQrDataUrl == "data:image/png;base64,rotated")
-
-        store.applyWhatsAppLoginWaitResult(
-            WhatsAppLoginWaitResult(
-                connected: true,
-                message: "✅ Linked! WhatsApp is ready.",
-                qrDataUrl: nil))
-
-        #expect(store.whatsappLoginQrDataUrl == nil)
-        #expect(store.whatsappLoginConnected == true)
-    }
-
-    @Test func `whatsapp login wait budget allows one final poll`() {
-        let startedAt = Date(timeIntervalSince1970: 1_700_000_000)
-        var didRunFinalWait = false
-
-        #expect(
-            whatsappLoginWaitRequestTimeoutMs(
-                startedAt: startedAt,
-                timeoutMs: 1_000,
-                didRunFinalWait: &didRunFinalWait,
-                now: Date(timeInterval: 0.25, since: startedAt)) == 750)
-        #expect(didRunFinalWait == false)
-
-        #expect(
-            whatsappLoginWaitRequestTimeoutMs(
-                startedAt: startedAt,
-                timeoutMs: 1_000,
-                didRunFinalWait: &didRunFinalWait,
-                now: Date(timeInterval: 1.25, since: startedAt)) == 1)
-        #expect(didRunFinalWait == true)
-
-        #expect(
-            whatsappLoginWaitRequestTimeoutMs(
-                startedAt: startedAt,
-                timeoutMs: 1_000,
-                didRunFinalWait: &didRunFinalWait,
-                now: Date(timeInterval: 1.5, since: startedAt)) == nil)
-    }
 }
--- a/apps/macos/Tests/OpenClawIPCTests/ExecAllowlistTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/ExecAllowlistTests.swift
@@ -66,34 +66,22 @@ struct ExecAllowlistTests {
        #expect(match?.pattern == entry.pattern)
    }

-    @Test func `match accepts basename pattern for PATH resolved executable`() {
+    @Test func `match ignores basename pattern`() {
        let entry = ExecAllowlistEntry(pattern: "rg")
        let resolution = Self.homebrewRGResolution()
        let match = ExecAllowlistMatcher.match(entries: [entry], resolution: resolution)
-        #expect(match?.pattern == entry.pattern)
+        #expect(match == nil)
    }

-    @Test func `match accepts basename glob for PATH resolved executable`() {
-        let entry = ExecAllowlistEntry(pattern: "r?")
-        let resolution = Self.homebrewRGResolution()
-        let match = ExecAllowlistMatcher.match(entries: [entry], resolution: resolution)
-        #expect(match?.pattern == entry.pattern)
-    }
-
-    @Test func `match ignores basename for path selected executable`() {
+    @Test func `match ignores basename for relative executable`() {
        let entry = ExecAllowlistEntry(pattern: "echo")
-        let relativeResolution = ExecCommandResolution(
+        let resolution = ExecCommandResolution(
            rawExecutable: "./echo",
            resolvedPath: "/tmp/oc-basename/echo",
            executableName: "echo",
            cwd: "/tmp/oc-basename")
-        let absoluteResolution = ExecCommandResolution(
-            rawExecutable: "/tmp/oc-basename/echo",
-            resolvedPath: "/tmp/oc-basename/echo",
-            executableName: "echo",
-            cwd: "/tmp/oc-basename")
-        #expect(ExecAllowlistMatcher.match(entries: [entry], resolution: relativeResolution) == nil)
-        #expect(ExecAllowlistMatcher.match(entries: [entry], resolution: absoluteResolution) == nil)
+        let match = ExecAllowlistMatcher.match(entries: [entry], resolution: resolution)
+        #expect(match == nil)
    }

    @Test func `match is case insensitive`() {
--- a/apps/macos/Tests/OpenClawIPCTests/ExecApprovalHelpersTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/ExecApprovalHelpersTests.swift
@@ -33,13 +33,18 @@ struct ExecApprovalHelpersTests {
        #expect(ExecApprovalHelpers.isPathPattern("/usr/bin/rg"))
        #expect(ExecApprovalHelpers.isPathPattern(" ~/bin/rg "))
        #expect(!ExecApprovalHelpers.isPathPattern("rg"))
-        #expect(ExecApprovalHelpers.isValidAllowlistPattern("rg"))

        if case let .invalid(reason) = ExecApprovalHelpers.validateAllowlistPattern("  ") {
            #expect(reason == .empty)
        } else {
            Issue.record("Expected empty pattern rejection")
        }
+
+        if case let .invalid(reason) = ExecApprovalHelpers.validateAllowlistPattern("echo") {
+            #expect(reason == .missingPathComponent)
+        } else {
+            Issue.record("Expected basename pattern rejection")
+        }
    }

    @Test func `requires ask matches policy`() {
--- a/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsStoreRefactorTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsStoreRefactorTests.swift
@@ -31,7 +31,7 @@ struct ExecApprovalsStoreRefactorTests {
    }

    @Test
-    func `update allowlist accepts basename pattern`() async throws {
+    func `update allowlist reports rejected basename pattern`() async throws {
        try await self.withTempStateDir { _ in
            let rejected = ExecApprovalsStore.updateAllowlist(
                agentId: "main",
@@ -39,10 +39,12 @@ struct ExecApprovalsStoreRefactorTests {
                    ExecAllowlistEntry(pattern: "echo"),
                    ExecAllowlistEntry(pattern: "/bin/echo"),
                ])
-            #expect(rejected.isEmpty)
+            #expect(rejected.count == 1)
+            #expect(rejected.first?.reason == .missingPathComponent)
+            #expect(rejected.first?.pattern == "echo")

            let resolved = ExecApprovalsStore.resolve(agentId: "main")
-            #expect(resolved.allowlist.map(\.pattern) == ["echo", "/bin/echo"])
+            #expect(resolved.allowlist.map(\.pattern) == ["/bin/echo"])
        }
    }

--- a/apps/macos/Tests/OpenClawIPCTests/TalkModeRuntimeSpeechTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/TalkModeRuntimeSpeechTests.swift
@@ -1,4 +1,3 @@
-import OpenClawKit
 import Speech
 import Testing
@testable import OpenClaw
@@ -17,19 +16,23 @@ struct TalkModeRuntimeSpeechTests {
        let elevenLabsPlan = TalkModeRuntime.playbackPlan(
            provider: "elevenlabs",
            apiKey: "key",
-            voiceId: "voice")
+            voiceId: "voice"
+        )
        let missingKeyPlan = TalkModeRuntime.playbackPlan(
            provider: "elevenlabs",
            apiKey: nil,
-            voiceId: "voice")
+            voiceId: "voice"
+        )
        let missingVoicePlan = TalkModeRuntime.playbackPlan(
            provider: "elevenlabs",
            apiKey: "key",
-            voiceId: nil)
+            voiceId: nil
+        )
        let blankKeyPlan = TalkModeRuntime.playbackPlan(
            provider: "elevenlabs",
            apiKey: "",
-            voiceId: "voice")
+            voiceId: "voice"
+        )
        let mlxPlan = TalkModeRuntime.playbackPlan(provider: "mlx", apiKey: nil, voiceId: nil)
        let systemPlan = TalkModeRuntime.playbackPlan(provider: "system", apiKey: nil, voiceId: nil)

@@ -40,40 +43,4 @@ struct TalkModeRuntimeSpeechTests {
        #expect(mlxPlan == .mlxThenSystemVoice)
        #expect(systemPlan == .systemVoiceOnly)
    }
-
-    @Test func `talk speak params carry resolved voice and directive overrides`() {
-        let params = TalkModeRuntime.makeTalkSpeakParams(
-            text: "hello",
-            voiceId: "voice-123",
-            modelId: "eleven_v3",
-            outputFormat: "mp3_44100_128",
-            directive: TalkDirective(
-                modelId: "eleven_turbo_v2_5",
-                speed: 1.1,
-                rateWPM: 180,
-                stability: 0.4,
-                similarity: 0.7,
-                style: 0.2,
-                speakerBoost: true,
-                seed: 42,
-                normalize: "auto",
-                language: "en",
-                outputFormat: "mp3_44100_128",
-                latencyTier: 3))
-
-        #expect(params["text"]?.value as? String == "hello")
-        #expect(params["voiceId"]?.value as? String == "voice-123")
-        #expect(params["modelId"]?.value as? String == "eleven_turbo_v2_5")
-        #expect(params["outputFormat"]?.value as? String == "mp3_44100_128")
-        #expect(params["speed"]?.value as? Double == 1.1)
-        #expect(params["rateWpm"]?.value as? Int == 180)
-        #expect(params["stability"]?.value as? Double == 0.4)
-        #expect(params["similarity"]?.value as? Double == 0.7)
-        #expect(params["style"]?.value as? Double == 0.2)
-        #expect(params["speakerBoost"]?.value as? Bool == true)
-        #expect(params["seed"]?.value as? Int == 42)
-        #expect(params["normalize"]?.value as? String == "auto")
-        #expect(params["language"]?.value as? String == "en")
-        #expect(params["latencyTier"]?.value as? Int == 3)
-    }
 }
--- a/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift
+++ b/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift
@@ -723,26 +723,17 @@ public struct AgentIdentityResult: Codable, Sendable {
    public let agentid: String
    public let name: String?
    public let avatar: String?
-    public let avatarsource: String?
-    public let avatarstatus: String?
-    public let avatarreason: String?
    public let emoji: String?

    public init(
        agentid: String,
        name: String?,
        avatar: String?,
-        avatarsource: String?,
-        avatarstatus: String?,
-        avatarreason: String?,
        emoji: String?)
    {
        self.agentid = agentid
        self.name = name
        self.avatar = avatar
-        self.avatarsource = avatarsource
-        self.avatarstatus = avatarstatus
-        self.avatarreason = avatarreason
        self.emoji = emoji
    }

@@ -750,9 +741,6 @@ public struct AgentIdentityResult: Codable, Sendable {
        case agentid = "agentId"
        case name
        case avatar
-        case avatarsource = "avatarSource"
-        case avatarstatus = "avatarStatus"
-        case avatarreason = "avatarReason"
        case emoji
    }
 }
@@ -2337,62 +2325,6 @@ public struct TalkConfigResult: Codable, Sendable {
    }
 }

-public struct TalkRealtimeSessionParams: Codable, Sendable {
-    public let sessionkey: String?
-    public let provider: String?
-    public let model: String?
-    public let voice: String?
-
-    public init(
-        sessionkey: String?,
-        provider: String?,
-        model: String?,
-        voice: String?)
-    {
-        self.sessionkey = sessionkey
-        self.provider = provider
-        self.model = model
-        self.voice = voice
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case sessionkey = "sessionKey"
-        case provider
-        case model
-        case voice
-    }
-}
-
-public struct TalkRealtimeSessionResult: Codable, Sendable {
-    public let provider: String
-    public let clientsecret: String
-    public let model: String?
-    public let voice: String?
-    public let expiresat: Double?
-
-    public init(
-        provider: String,
-        clientsecret: String,
-        model: String?,
-        voice: String?,
-        expiresat: Double?)
-    {
-        self.provider = provider
-        self.clientsecret = clientsecret
-        self.model = model
-        self.voice = voice
-        self.expiresat = expiresat
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case provider
-        case clientsecret = "clientSecret"
-        case model
-        case voice
-        case expiresat = "expiresAt"
-    }
-}
-
 public struct TalkSpeakParams: Codable, Sendable {
    public let text: String
    public let voiceid: String?
@@ -2622,22 +2554,18 @@ public struct WebLoginStartParams: Codable, Sendable {
 public struct WebLoginWaitParams: Codable, Sendable {
    public let timeoutms: Int?
    public let accountid: String?
-    public let currentqrdataurl: String?

    public init(
        timeoutms: Int?,
-        accountid: String?,
-        currentqrdataurl: String?)
+        accountid: String?)
    {
        self.timeoutms = timeoutms
        self.accountid = accountid
-        self.currentqrdataurl = currentqrdataurl
    }

    private enum CodingKeys: String, CodingKey {
        case timeoutms = "timeoutMs"
        case accountid = "accountId"
-        case currentqrdataurl = "currentQrDataUrl"
    }
 }

--- a/docs/.generated/config-baseline.sha256
+++ b/docs/.generated/config-baseline.sha256
@@ -1,4 +1,4 @@
-6ed33ef102e7c92816243bfabc3626222a679c3270c12ec5ea47b28b66204b3b  config-baseline.json
-f86cb4d57ec1f5fd75008be0ab86151194945eb013a47ab4bdeaddafd3780da7  config-baseline.core.json
-7cd9c908f066c143eab2a201efbc9640f483ab28bba92ddeca1d18cc2b528bc3  config-baseline.channel.json
-7825b56a5b3fcdbe2e09ef8fe5d9f12ac3598435afebe20413051e45b0d1968e  config-baseline.plugin.json
+6b142e6a8aa513ccd8f9cfbf7e95fa4919fb6fca7aeaa841f57ad9e39e8901a9  config-baseline.json
+a4e167f169db58d71c385a31fa2b980772f9fee963e70dd9553f63536cae5aed  config-baseline.core.json
+22d7cd6d8279146b2d79c9531a55b80b52a2c99c81338c508104729154fdd02d  config-baseline.channel.json
+a91304e3566ecc8906f199b88a2e38eaee86130aad799bf4d62921e2f0ddc1b5  config-baseline.plugin.json
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-f813474b1623f06e1465daacd56db970e8e92ab1be122faee0fa2a1dc2d4fc43  plugin-sdk-api-baseline.json
-b3ea88c0c9b4cf6d9a46f0d34149063303853e78ef9708224608e4da79b23190  plugin-sdk-api-baseline.jsonl
+bc55649a80027756f37892424598653a81fec4bff7b074358fe34d08c7696ebc  plugin-sdk-api-baseline.json
+312a29d50b4959e4a8e242bb7559548d895a2e03d5ed1b5a395b1133de090578  plugin-sdk-api-baseline.jsonl
--- a/docs/.i18n/glossary.zh-CN.json
+++ b/docs/.i18n/glossary.zh-CN.json
@@ -3,18 +3,6 @@
    "source": "OpenClaw",
    "target": "OpenClaw"
  },
-  {
-    "source": "OpenAI",
-    "target": "OpenAI"
-  },
-  {
-    "source": "OpenAI provider",
-    "target": "OpenAI provider"
-  },
-  {
-    "source": "Status",
-    "target": "Status"
-  },
  {
    "source": "Gateway",
    "target": "Gateway 网关"
@@ -23,30 +11,6 @@
    "source": "Pi",
    "target": "Pi"
  },
-  {
-    "source": "Agent runtimes",
-    "target": "Agent Runtimes"
-  },
-  {
-    "source": "Agent Runtimes",
-    "target": "Agent Runtimes"
-  },
-  {
-    "source": "Codex harness",
-    "target": "Codex harness"
-  },
-  {
-    "source": "Agent harness plugins",
-    "target": "Agent harness plugins"
-  },
-  {
-    "source": "Agent loop",
-    "target": "Agent loop"
-  },
-  {
-    "source": "Models",
-    "target": "Models"
-  },
  {
    "source": "Skills",
    "target": "Skills"
@@ -359,26 +323,14 @@
    "source": "env var",
    "target": "环境变量"
  },
-  {
-    "source": "Google Meet Plugin",
-    "target": "Google Meet 插件"
-  },
  {
    "source": "Plugin SDK",
    "target": "插件 SDK"
  },
-  {
-    "source": "Building plugins",
-    "target": "构建插件"
-  },
  {
    "source": "Plugin SDK Overview",
    "target": "插件 SDK 概览"
  },
-  {
-    "source": "Plugin SDK overview",
-    "target": "插件 SDK 概览"
-  },
  {
    "source": "SDK Overview",
    "target": "SDK 概览"
@@ -387,22 +339,6 @@
    "source": "Plugin Entry Points",
    "target": "插件入口点"
  },
-  {
-    "source": "Plugin entry points",
-    "target": "插件入口点"
-  },
-  {
-    "source": "Plugin hooks",
-    "target": "插件钩子"
-  },
-  {
-    "source": "Internal hooks",
-    "target": "内部钩子"
-  },
-  {
-    "source": "Plugin architecture internals",
-    "target": "插件架构内部机制"
-  },
  {
    "source": "Entry Points",
    "target": "入口点"
@@ -463,10 +399,6 @@
    "source": "Tencent Cloud (TokenHub)",
    "target": "腾讯云（TokenHub）"
  },
-  {
-    "source": "Codex Harness Context Engine Port",
-    "target": "Codex Harness Context Engine Port"
-  },
  {
    "source": "/gateway/configuration#strict-validation",
    "target": "/gateway/configuration#strict-validation"
--- a/docs/auth-credential-semantics.md
+++ b/docs/auth-credential-semantics.md
@@ -76,8 +76,3 @@ For script compatibility, probe errors keep this first line unchanged:
 `Auth profile credentials are missing or expired.`

 Human-friendly detail and stable reason codes may be added on subsequent lines.
-
-## Related
-
- [Secrets management](/gateway/secrets)
- [Auth storage](/concepts/oauth)
--- a/docs/automation/auth-monitoring.md
+++ b/docs/automation/auth-monitoring.md
@@ -4,8 +4,3 @@ title: "Auth monitoring"
 ---

 This page moved to [Authentication](/gateway/authentication). See [Authentication](/gateway/authentication) for auth monitoring documentation.
-
-## Related
-
- [Automation troubleshooting](/automation/troubleshooting)
- [Hooks](/automation/hooks)
--- a/docs/automation/clawflow.md
+++ b/docs/automation/clawflow.md
@@ -4,9 +4,3 @@ title: "ClawFlow"
 ---

 ClawFlow was renamed to [Task Flow](/automation/taskflow). See [Task Flow](/automation/taskflow) for the current documentation.
-
-## Related
-
- [Task flow](/automation/taskflow)
- [Standing orders](/automation/standing-orders)
- [Hooks](/automation/hooks)
--- a/docs/automation/cron-jobs.md
+++ b/docs/automation/cron-jobs.md
@@ -7,6 +7,8 @@ read_when:
 title: "Scheduled tasks"
 ---

+# Scheduled Tasks (Cron)
+
 Cron is the Gateway's built-in scheduler. It persists jobs, wakes the agent at the right time, and can deliver output back to a chat channel or webhook endpoint.

 ## Quick start
@@ -86,8 +88,6 @@ This fires ~5–6 times per month instead of 0–1 times per month. OpenClaw use

 **Main session** jobs enqueue a system event and optionally wake the heartbeat (`--wake now` or `--wake next-heartbeat`). **Isolated** jobs run a dedicated agent turn with a fresh session. **Custom sessions** (`session:xxx`) persist context across runs, enabling workflows like daily standups that build on previous summaries.

-For isolated jobs, “fresh session” means a new transcript/session id for each run. OpenClaw may carry safe preferences such as thinking/fast/verbose settings, labels, and explicit user-selected model/auth overrides, but it does not inherit ambient conversation context from an older cron row: channel/group routing, send or queue policy, elevation, origin, or ACP runtime binding. Use `current` or `session:<id>` when a recurring job should deliberately build on the same conversation context.
-
 For isolated jobs, runtime teardown now includes best-effort browser cleanup for that cron session. Cleanup failures are ignored so the actual cron result still wins.

 Isolated cron runs also dispose any bundled MCP runtime instances created for the job through the shared runtime-cleanup path. This matches how main-session and custom-session MCP clients are torn down, so isolated cron jobs do not leak stdio child processes or long-lived MCP connections across runs.
@@ -96,11 +96,6 @@ When isolated cron runs orchestrate subagents, delivery also prefers the final
 descendant output over stale parent interim text. If descendants are still
 running, OpenClaw suppresses that partial parent update instead of announcing it.

-For text-only Discord announce targets, OpenClaw sends the canonical final
-assistant text once instead of replaying both streamed/intermediate text payloads
-and the final answer. Media and structured Discord payloads are still delivered
-as separate payloads so attachments and components are not dropped.
-
 ### Payload options for isolated jobs

 - `--message`: prompt text (required for isolated)
@@ -118,7 +113,7 @@ Model-selection precedence for isolated jobs is:

 1. Gmail hook model override (when the run came from Gmail and that override is allowed)
 2. Per-job payload `model`
-3. User-selected stored cron session model override
+3. Stored cron session model override
 4. Agent/default model selection

 Fast mode follows the resolved live selection too. If the selected model config
@@ -126,11 +121,10 @@ has `params.fastMode`, isolated cron uses that by default. A stored session
 `fastMode` override still wins over config in either direction.

 If an isolated run hits a live model-switch handoff, cron retries with the
-switched provider/model and persists that live selection for the active run
-before retrying. When the switch also carries a new auth profile, cron persists
-that auth profile override for the active run too. Retries are bounded: after
-the initial attempt plus 2 switch retries, cron aborts instead of looping
-forever.
+switched provider/model and persists that live selection before retrying. When
+the switch also carries a new auth profile, cron persists that auth profile
+override too. Retries are bounded: after the initial attempt plus 2 switch
+retries, cron aborts instead of looping forever.

 ## Delivery and output

@@ -241,7 +235,7 @@ Run an isolated agent turn:
 curl -X POST http://127.0.0.1:18789/hooks/agent \
  -H 'Authorization: Bearer SECRET' \
  -H 'Content-Type: application/json' \
-  -d '{"message":"Summarize inbox","name":"Email","model":"openai/gpt-5.4"}'
+  -d '{"message":"Summarize inbox","name":"Email","model":"openai/gpt-5.5"}'
 ```

 Fields: `message` (required), `name`, `agentId`, `wakeMode`, `deliver`, `channel`, `to`, `model`, `thinking`, `timeoutSeconds`.
--- a/docs/automation/cron-vs-heartbeat.md
+++ b/docs/automation/cron-vs-heartbeat.md
@@ -4,8 +4,3 @@ title: "Cron vs heartbeat"
 ---

 This page moved to [Automation & Tasks](/automation). See [Automation & Tasks](/automation) for the decision guide comparing cron and heartbeat.
-
-## Related
-
- [Scheduled tasks](/automation/cron-jobs)
- [Background tasks](/automation/tasks)
--- a/docs/automation/gmail-pubsub.md
+++ b/docs/automation/gmail-pubsub.md
@@ -4,8 +4,3 @@ title: "Gmail PubSub"
 ---

 This page moved to [Scheduled Tasks](/automation/cron-jobs#gmail-pubsub-integration). See [Scheduled Tasks](/automation/cron-jobs#gmail-pubsub-integration) for Gmail PubSub documentation.
-
-## Related
-
- [Webhook](/automation/webhook)
- [Automation troubleshooting](/automation/troubleshooting)
--- a/docs/automation/hooks.md
+++ b/docs/automation/hooks.md
@@ -106,7 +106,7 @@ const handler = async (event) => {
 export default handler;
 ```

-Each event includes: `type`, `action`, `sessionKey`, `timestamp`, `messages` (push to send to user), and `context` (event-specific data). Agent and tool plugin hook contexts can also include `trace`, a read-only W3C-compatible diagnostic trace context that plugins may pass into structured logs for OTEL correlation.
+Each event includes: `type`, `action`, `sessionKey`, `timestamp`, `messages` (push to send to user), and `context` (event-specific data).

 ### Event context highlights

@@ -205,12 +205,9 @@ Runs `BOOT.md` from the active workspace when the gateway starts.

 ## Plugin hooks

-Plugins can register typed hooks through the Plugin SDK for deeper integration:
-intercepting tool calls, modifying prompts, controlling message flow, and more.
-Use plugin hooks when you need `before_tool_call`, `before_agent_reply`,
-`before_install`, or other in-process lifecycle hooks.
+Plugins can register hooks through the Plugin SDK for deeper integration: intercepting tool calls, modifying prompts, controlling message flow, and more. The Plugin SDK exposes 28 hooks covering model resolution, agent lifecycle, message flow, tool execution, subagent coordination, and gateway lifecycle.

-For the complete plugin hook reference, see [Plugin hooks](/plugins/hooks).
+For the complete plugin hook reference including `before_tool_call`, `before_agent_reply`, `before_install`, and all other plugin hooks, see [Plugin Architecture](/plugins/architecture#provider-runtime-hooks).

 ## Configuration

@@ -318,5 +315,5 @@ Check for missing binaries (PATH), environment variables, config values, or OS c

 - [CLI Reference: hooks](/cli/hooks)
 - [Webhooks](/automation/cron-jobs#webhooks)
- [Plugin hooks](/plugins/hooks) — in-process plugin lifecycle hooks
+- [Plugin Architecture](/plugins/architecture#provider-runtime-hooks) — full plugin hook reference
 - [Configuration](/gateway/configuration-reference#hooks)
--- a/docs/automation/index.md
+++ b/docs/automation/index.md
@@ -40,7 +40,7 @@ flowchart TD
 | Audit what ran and when                 | Background Tasks       | `openclaw tasks list` and `openclaw tasks audit` |
 | Multi-step research then summarize      | Task Flow              | Durable orchestration with revision tracking     |
 | Run a script on session reset           | Hooks                  | Event-driven, fires on lifecycle events          |
-| Execute code on every tool call         | Plugin hooks           | In-process hooks can intercept tool calls        |
+| Execute code on every tool call         | Hooks                  | Hooks can filter by event type                   |
 | Always check compliance before replying | Standing Orders        | Injected into every session automatically        |

 ### Scheduled Tasks (Cron) vs Heartbeat
@@ -83,11 +83,7 @@ See [Standing Orders](/automation/standing-orders).

 ### Hooks

-Internal hooks are event-driven scripts triggered by agent lifecycle events
-(`/new`, `/reset`, `/stop`), session compaction, gateway startup, and message
-flow. They are automatically discovered from directories and can be managed
-with `openclaw hooks`. For in-process tool-call interception, use
-[Plugin hooks](/plugins/hooks).
+Hooks are event-driven scripts triggered by agent lifecycle events (`/new`, `/reset`, `/stop`), session compaction, gateway startup, message flow, and tool calls. Hooks are automatically discovered from directories and can be managed with `openclaw hooks`.

 See [Hooks](/automation/hooks).

@@ -101,7 +97,7 @@ See [Heartbeat](/gateway/heartbeat).

 - **Cron** handles precise schedules (daily reports, weekly reviews) and one-shot reminders. All cron executions create task records.
 - **Heartbeat** handles routine monitoring (inbox, calendar, notifications) in one batched turn every 30 minutes.
- **Hooks** react to specific events (session resets, compaction, message flow) with custom scripts. Plugin hooks cover tool calls.
+- **Hooks** react to specific events (tool calls, session resets, compaction) with custom scripts.
 - **Standing orders** give the agent persistent context and authority boundaries.
 - **Task Flow** coordinates multi-step flows above individual tasks.
 - **Tasks** automatically track all detached work so you can inspect and audit it.
@@ -112,7 +108,6 @@ See [Heartbeat](/gateway/heartbeat).
 - [Background Tasks](/automation/tasks) — task ledger for all detached work
 - [Task Flow](/automation/taskflow) — durable multi-step flow orchestration
 - [Hooks](/automation/hooks) — event-driven lifecycle scripts
- [Plugin hooks](/plugins/hooks) — in-process tool, prompt, message, and lifecycle hooks
 - [Standing Orders](/automation/standing-orders) — persistent agent instructions
 - [Heartbeat](/gateway/heartbeat) — periodic main-session turns
 - [Configuration Reference](/gateway/configuration-reference) — all config keys
--- a/docs/automation/poll.md
+++ b/docs/automation/poll.md
@@ -4,9 +4,3 @@ title: "Polls"
 ---

 This page moved to [Message tool](/cli/message). See [Message tool](/cli/message) for poll documentation.
-
-## Related
-
- [Webhook](/automation/webhook)
- [Scheduled tasks](/automation/cron-jobs)
- [Background tasks](/automation/tasks)
--- a/docs/automation/standing-orders.md
+++ b/docs/automation/standing-orders.md
@@ -27,7 +27,7 @@ This is the difference between telling your assistant "send the weekly report" e
 - You only get involved for exceptions and approvals
 - The agent fills idle time productively

-## How they work
+## How They Work

 Standing orders are defined in your [agent workspace](/concepts/agent-workspace) files. The recommended approach is to include them directly in `AGENTS.md` (which is auto-injected every session) so the agent always has them in context. For larger configurations, you can also place them in a dedicated file like `standing-orders.md` and reference it from `AGENTS.md`.

@@ -198,6 +198,8 @@ This pattern prevents the most common agent failure mode: acknowledging a task w
 For agents managing multiple concerns, organize standing orders as separate programs with clear boundaries:

 ```markdown
+# Standing Orders
+
 ## Program 1: [Domain A] (Weekly)

 ...
--- a/docs/automation/taskflow.md
+++ b/docs/automation/taskflow.md
@@ -20,78 +20,6 @@ Use Task Flow when work spans multiple sequential or branching steps and you nee
 | Observe externally created tasks      | Task Flow (mirrored) |
 | One-shot reminder                     | Cron job             |

-## Reliable scheduled workflow pattern
-
-For recurring workflows such as market intelligence briefings, treat the schedule, orchestration, and reliability checks as separate layers:
-
-1. Use [Scheduled Tasks](/automation/cron-jobs) for timing.
-2. Use a persistent cron session when the workflow should build on prior context.
-3. Use [Lobster](/tools/lobster) for deterministic steps, approval gates, and resume tokens.
-4. Use Task Flow to track the multi-step run across child tasks, waits, retries, and gateway restarts.
-
-Example cron shape:
-
-```bash
-openclaw cron add \
-  --name "Market intelligence brief" \
-  --cron "0 7 * * 1-5" \
-  --tz "America/New_York" \
-  --session session:market-intel \
-  --message "Run the market-intel Lobster workflow. Verify source freshness before summarizing." \
-  --announce \
-  --channel slack \
-  --to "channel:C1234567890"
-```
-
-Use `session:<id>` instead of `isolated` when the recurring workflow needs deliberate history, previous run summaries, or standing context. Use `isolated` when each run should start fresh and all required state is explicit in the workflow.
-
-Inside the workflow, put reliability checks before the LLM summary step:
-
-```yaml
-name: market-intel-brief
-steps:
-  - id: preflight
-    command: market-intel check --json
-  - id: collect
-    command: market-intel collect --json
-    stdin: $preflight.json
-  - id: summarize
-    command: market-intel summarize --json
-    stdin: $collect.json
-  - id: approve
-    command: market-intel deliver --preview
-    stdin: $summarize.json
-    approval: required
-  - id: deliver
-    command: market-intel deliver --execute
-    stdin: $summarize.json
-    condition: $approve.approved
-```
-
-Recommended preflight checks:
-
- Browser availability and profile choice, for example `openclaw` for managed state or `user` when a signed-in Chrome session is required. See [Browser](/tools/browser).
- API credentials and quota for each source.
- Network reachability for required endpoints.
- Required tools enabled for the agent, such as `lobster`, `browser`, and `llm-task`.
- Failure destination configured for cron so preflight failures are visible. See [Scheduled Tasks](/automation/cron-jobs#delivery-and-output).
-
-Recommended data provenance fields for every collected item:
-
-```json
-{
-  "sourceUrl": "https://example.com/report",
-  "retrievedAt": "2026-04-24T12:00:00Z",
-  "asOf": "2026-04-24",
-  "title": "Example report",
-  "content": "..."
-}
-```
-
-Have the workflow reject or mark stale items before summarization. The LLM step should receive only structured JSON and should be asked to preserve `sourceUrl`, `retrievedAt`, and `asOf` in its output. Use [LLM Task](/tools/llm-task) when you need a schema-validated model step inside the workflow.
-
-For reusable team or community workflows, package the CLI, `.lobster` files, and any setup notes as a skill or plugin and publish it through [ClawHub](/tools/clawhub). Keep workflow-specific guardrails in that package unless the plugin API is missing a needed generic capability.
-
 ## Sync modes

 ### Managed mode
--- a/docs/automation/troubleshooting.md
+++ b/docs/automation/troubleshooting.md
@@ -4,9 +4,3 @@ title: "Automation troubleshooting"
 ---

 This page moved to [Scheduled Tasks](/automation/cron-jobs#troubleshooting). See [Scheduled Tasks](/automation/cron-jobs#troubleshooting) for troubleshooting documentation.
-
-## Related
-
- [Hooks](/automation/hooks)
- [Background tasks](/automation/tasks)
- [Gateway troubleshooting](/gateway/troubleshooting)
--- a/docs/automation/webhook.md
+++ b/docs/automation/webhook.md
@@ -4,9 +4,3 @@ title: "Webhooks"
 ---

 This page moved to [Scheduled Tasks](/automation/cron-jobs#webhooks). See [Scheduled Tasks](/automation/cron-jobs#webhooks) for webhook documentation.
-
-## Related
-
- [Poll](/automation/poll)
- [Gmail PubSub](/automation/gmail-pubsub)
- [Hooks](/automation/hooks)
--- a/docs/brave-search.md
+++ b/docs/brave-search.md
@@ -101,7 +101,3 @@ await web_search({
 - Results are cached for 15 minutes by default (configurable via `cacheTtlMinutes`).

 See [Web tools](/tools/web) for the full web_search configuration.
-
-## Related
-
- [Brave search](/tools/brave-search)
--- a/docs/channels/bluebubbles.md
+++ b/docs/channels/bluebubbles.md
@@ -7,6 +7,8 @@ read_when:
 title: "BlueBubbles"
 ---

+# BlueBubbles (macOS REST)
+
 Status: bundled plugin that talks to the BlueBubbles macOS server over HTTP. **Recommended for iMessage integration** due to its richer API and easier setup compared to the legacy imsg channel.

 ## Bundled plugin
--- a/docs/channels/broadcast-groups.md
+++ b/docs/channels/broadcast-groups.md
@@ -433,10 +433,8 @@ Planned features:
 - [ ] Dynamic agent selection (choose agents based on message content)
 - [ ] Agent priorities (some agents respond before others)

-## Related
+## See Also

- [Groups](/channels/groups)
- [Channel routing](/channels/channel-routing)
- [Pairing](/channels/pairing)
- [Multi-agent sandbox tools](/tools/multi-agent-sandbox-tools)
- [Session management](/concepts/session)
+- [Multi-Agent Configuration](/tools/multi-agent-sandbox-tools)
+- [Routing Configuration](/channels/channel-routing)
+- [Session Management](/concepts/session)
--- a/docs/channels/channel-routing.md
+++ b/docs/channels/channel-routing.md
@@ -141,9 +141,3 @@ Inbound replies include:
 - Quoted context is appended to `Body` as a `[Replying to ...]` block.

 This is consistent across channels.
-
-## Related
-
- [Groups](/channels/groups)
- [Broadcast groups](/channels/broadcast-groups)
- [Pairing](/channels/pairing)
--- a/docs/channels/discord.md
+++ b/docs/channels/discord.md
@@ -267,9 +267,6 @@ Now create some channels on your Discord server and start chatting. Your agent c
 - Guild channels are isolated session keys (`agent:<agentId>:discord:channel:<channelId>`).
 - Group DMs are ignored by default (`channels.discord.dm.groupEnabled=false`).
 - Native slash commands run in isolated command sessions (`agent:<agentId>:discord:slash:<userId>`), while still carrying `CommandTargetSessionKey` to the routed conversation session.
- Text-only cron/heartbeat announce delivery to Discord uses the final
-  assistant-visible answer once. Media and structured component payloads remain
-  multi-message when the agent emits multiple deliverable payloads.

 ## Forum channels

@@ -308,7 +305,7 @@ By default, components are single use. Set `components.reusable=true` to allow b

 To restrict who can click a button, set `allowedUsers` on that button (Discord user IDs, tags, or `*`). When configured, unmatched users receive an ephemeral denial.

-The `/model` and `/models` slash commands open an interactive model picker with provider, model, and compatible runtime dropdowns plus a Submit step. `/models add` is deprecated and now returns a deprecation message instead of registering models from chat. The picker reply is ephemeral and only the invoking user can use it.
+The `/model` and `/models` slash commands open an interactive model picker with provider and model dropdowns plus a Submit step. Unless `commands.modelsWrite=false`, `/models add` also supports adding a new provider/model entry from chat, and newly added models show up without restarting the gateway. The picker reply is ephemeral and only the invoking user can use it.

 File attachments:

@@ -961,23 +958,14 @@ Discord has two distinct voice surfaces: realtime **voice channels** (continuous

 ### Voice channels

-Setup checklist:
+Requirements:

-1. Enable Message Content Intent in the Discord Developer Portal.
-2. Enable Server Members Intent when role/user allowlists are used.
-3. Invite the bot with `bot` and `applications.commands` scopes.
-4. Grant Connect, Speak, Send Messages, and Read Message History in the target voice channel.
-5. Enable native commands (`commands.native` or `channels.discord.commands.native`).
-6. Configure `channels.discord.voice`.
+- Enable native commands (`commands.native` or `channels.discord.commands.native`).
+- Configure `channels.discord.voice`.
+- The bot needs Connect + Speak permissions in the target voice channel.

 Use `/vc join|leave|status` to control sessions. The command uses the account default agent and follows the same allowlist and group policy rules as other Discord commands.

-```bash
-/vc join channel:<voice-channel-id>
-/vc status
-/vc leave
-```
-
 Auto-join example:

 ```json5
@@ -986,7 +974,6 @@ Auto-join example:
    discord: {
      voice: {
        enabled: true,
-        model: "openai/gpt-5.4-mini",
        autoJoin: [
          {
            guildId: "123456789012345678",
@@ -997,7 +984,7 @@ Auto-join example:
        decryptionFailureTolerance: 24,
        tts: {
          provider: "openai",
-          openai: { voice: "onyx" },
+          openai: { voice: "alloy" },
        },
      },
    },
@@ -1008,24 +995,12 @@ Auto-join example:
 Notes:

 - `voice.tts` overrides `messages.tts` for voice playback only.
- `voice.model` overrides the LLM used for Discord voice channel responses only. Leave it unset to inherit the routed agent model.
- STT uses `tools.media.audio`; `voice.model` does not affect transcription.
 - Voice transcript turns derive owner status from Discord `allowFrom` (or `dm.allowFrom`); non-owner speakers cannot access owner-only tools (for example `gateway` and `cron`).
 - Voice is enabled by default; set `channels.discord.voice.enabled=false` to disable it.
 - `voice.daveEncryption` and `voice.decryptionFailureTolerance` pass through to `@discordjs/voice` join options.
 - `@discordjs/voice` defaults are `daveEncryption=true` and `decryptionFailureTolerance=24` if unset.
 - OpenClaw also watches receive decrypt failures and auto-recovers by leaving/rejoining the voice channel after repeated failures in a short window.
- If receive logs repeatedly show `DecryptionFailed(UnencryptedWhenPassthroughDisabled)` after updating, collect a dependency report and logs. The bundled `@discordjs/voice` line includes the upstream padding fix from discord.js PR #11449, which closed discord.js issue #11419.
-
-Voice channel pipeline:
-
- Discord PCM capture is converted to a WAV temp file.
- `tools.media.audio` handles STT, for example `openai/gpt-4o-mini-transcribe`.
- The transcript is sent through normal Discord ingress and routing.
- `voice.model`, when set, overrides only the response LLM for this voice-channel turn.
- `voice.tts` is merged over `messages.tts`; the resulting audio is played in the joined channel.
-
-Credentials are resolved per component: LLM route auth for `voice.model`, STT auth for `tools.media.audio`, and TTS auth for `messages.tts`/`voice.tts`.
+- If receive logs repeatedly show `DecryptionFailed(UnencryptedWhenPassthroughDisabled)`, this may be the upstream `@discordjs/voice` receive bug tracked in [discord.js #11419](https://github.com/discordjs/discord.js/issues/11419).

 ### Voice messages

@@ -1152,14 +1127,14 @@ openclaw logs --follow
    - watch logs for:
      - `discord voice: DAVE decrypt failures detected`
      - `discord voice: repeated decrypt failures; attempting rejoin`
-    - if failures continue after automatic rejoin, collect logs and compare against the upstream DAVE receive history in [discord.js #11419](https://github.com/discordjs/discord.js/issues/11419) and [discord.js #11449](https://github.com/discordjs/discord.js/pull/11449)
+    - if failures continue after automatic rejoin, collect logs and compare against [discord.js #11419](https://github.com/discordjs/discord.js/issues/11419)

  </Accordion>
 </AccordionGroup>

 ## Configuration reference

-Primary reference: [Configuration reference - Discord](/gateway/config-channels#discord).
+Primary reference: [Configuration reference - Discord](/gateway/configuration-reference#discord).

 <Accordion title="High-signal Discord fields">

--- a/docs/channels/feishu.md
+++ b/docs/channels/feishu.md
@@ -16,7 +16,7 @@ Feishu/Lark is an all-in-one collaboration platform where teams chat, share docu

 ## Quick start

-> **Requires OpenClaw 2026.4.25 or above.** Run `openclaw --version` to check. Upgrade with `openclaw update`.
+> **Requires OpenClaw 2026.4.23 or above.** Run `openclaw --version` to check. Upgrade with `openclaw update`.

 <Steps>
  <Step title="Run the channel setup wizard">
@@ -424,26 +424,12 @@ Full configuration: [Gateway configuration](/gateway/configuration)
 - ✅ Interactive cards (including streaming updates)
 - ⚠️ Rich text (post-style formatting; doesn't support full Feishu/Lark authoring capabilities)

-Native Feishu/Lark audio bubbles use the Feishu `audio` message type and require
-Ogg/Opus upload media (`file_type: "opus"`). Existing `.opus` and `.ogg` media
-is sent directly as native audio. MP3/WAV/M4A and other likely audio formats are
-transcoded to 48kHz Ogg/Opus with `ffmpeg` only when the reply requests voice
-delivery (`audioAsVoice` / message tool `asVoice`, including TTS voice-note
-replies). Ordinary MP3 attachments stay regular files. If `ffmpeg` is missing or
-conversion fails, OpenClaw falls back to a file attachment and logs the reason.
-
 ### Threads and replies

 - ✅ Inline replies
 - ✅ Thread replies
 - ✅ Media replies stay thread-aware when replying to a thread message

-For `groupSessionScope: "group_topic"` and `"group_topic_sender"`, native
-Feishu/Lark topic groups use the event `thread_id` (`omt_*`) as the canonical
-topic session key. Normal group replies that OpenClaw turns into threads keep
-using the reply root message ID (`om_*`) so the first turn and follow-up turn
-stay in the same session.
-
 ---

 ## Related
--- a/docs/channels/group-messages.md
+++ b/docs/channels/group-messages.md
@@ -5,6 +5,8 @@ read_when:
 title: "Group messages"
 ---

+# Group messages (WhatsApp web channel)
+
 Goal: let Clawd sit in WhatsApp groups, wake up only when pinged, and keep that thread separate from the personal DM session.

 Note: `agents.list[].groupChat.mentionPatterns` is now used by Telegram/Discord/Slack/iMessage as well; this doc focuses on WhatsApp-specific behavior. For multi-agent setups, set `agents.list[].groupChat.mentionPatterns` per agent (or use `messages.groupChat.mentionPatterns` as a global fallback).
@@ -80,9 +82,3 @@ Only the owner number (from `channels.whatsapp.allowFrom`, or the bot’s own E.
 - Echo suppression uses the combined batch string; if you send identical text twice without mentions, only the first will get a response.
 - Session store entries will appear as `agent:<agentId>:whatsapp:group:<jid>` in the session store (`~/.openclaw/agents/<agentId>/sessions/sessions.json` by default); a missing entry just means the group hasn’t triggered a run yet.
 - Typing indicators in groups follow `agents.defaults.typingMode` (default: `message` when unmentioned).
-
-## Related
-
- [Groups](/channels/groups)
- [Channel routing](/channels/channel-routing)
- [Broadcast groups](/channels/broadcast-groups)
--- a/docs/channels/groups.md
+++ b/docs/channels/groups.md
@@ -138,7 +138,7 @@ Want “groups can only see folder X” instead of “no host access”? Keep `w

 Related:

- Configuration keys and defaults: [Gateway configuration](/gateway/config-agents#agentsdefaultssandbox)
+- Configuration keys and defaults: [Gateway configuration](/gateway/configuration-reference#agentsdefaultssandbox)
 - Debugging why a tool is blocked: [Sandbox vs Tool Policy vs Elevated](/gateway/sandbox-vs-tool-policy-vs-elevated)
 - Bind mounts details: [Sandboxing](/gateway/sandboxing#custom-bind-mounts)

@@ -413,10 +413,3 @@ See [WhatsApp](/channels/whatsapp#system-prompts) for the canonical WhatsApp sys
 ## WhatsApp specifics

 See [Group messages](/channels/group-messages) for WhatsApp-only behavior (history injection, mention handling details).
-
-## Related
-
- [Group messages](/channels/group-messages)
- [Broadcast groups](/channels/broadcast-groups)
- [Channel routing](/channels/channel-routing)
- [Pairing](/channels/pairing)
--- a/docs/channels/imessage.md
+++ b/docs/channels/imessage.md
@@ -6,6 +6,8 @@ read_when:
 title: "iMessage"
 ---

+# iMessage (legacy: imsg)
+
 <Warning>
 For new iMessage deployments, use <a href="/channels/bluebubbles">BlueBubbles</a>.

@@ -21,7 +23,7 @@ Status: legacy external CLI integration. Gateway spawns `imsg rpc` and communica
  <Card title="Pairing" icon="link" href="/channels/pairing">
    iMessage DMs default to pairing mode.
  </Card>
-  <Card title="Configuration reference" icon="settings" href="/gateway/config-channels#imessage">
+  <Card title="Configuration reference" icon="settings" href="/gateway/configuration-reference#imessage">
    Full iMessage field reference.
  </Card>
 </CardGroup>
@@ -411,7 +413,7 @@ imsg send <handle> "test"

 ## Configuration reference pointers

- [Configuration reference - iMessage](/gateway/config-channels#imessage)
+- [Configuration reference - iMessage](/gateway/configuration-reference#imessage)
 - [Gateway configuration](/gateway/configuration)
 - [Pairing](/channels/pairing)
 - [BlueBubbles](/channels/bluebubbles)
--- a/docs/channels/index.md
+++ b/docs/channels/index.md
@@ -9,16 +9,6 @@ title: "Chat channels"
 OpenClaw can talk to you on any chat app you already use. Each channel connects via the Gateway.
 Text is supported everywhere; media and reactions vary by channel.

-## Delivery notes
-
- Telegram replies that contain markdown image syntax, such as `![alt](url)`,
-  are converted into media replies on the final outbound path when possible.
- Slack multi-person DMs route as group chats, so group policy, mention
-  behavior, and group-session rules apply to MPIM conversations.
- WhatsApp setup is install-on-demand: onboarding can show the setup flow before
-  Baileys runtime dependencies are staged, and the Gateway loads the WhatsApp
-  runtime only when the channel is actually active.
-
 ## Supported channels

 - [BlueBubbles](/channels/bluebubbles) — **Recommended for iMessage**; uses the BlueBubbles macOS server REST API with full feature support (bundled plugin; edit, unsend, effects, reactions, group management — edit currently broken on macOS 26 Tahoe).
--- a/docs/channels/location.md
+++ b/docs/channels/location.md
@@ -63,9 +63,3 @@ The prompt renderer treats `LocationName`, `LocationAddress`, and `LocationCapti
 - **Telegram**: venues map to `LocationName/LocationAddress`; live locations use `live_period`.
 - **WhatsApp**: `locationMessage.comment` and `liveLocationMessage.caption` populate `LocationCaption`.
 - **Matrix**: `geo_uri` is parsed as a pin location; altitude is ignored and `LocationIsLive` is always false.
-
-## Related
-
- [Location command (nodes)](/nodes/location-command)
- [Camera capture](/nodes/camera)
- [Media understanding](/nodes/media-understanding)
--- a/docs/channels/matrix.md
+++ b/docs/channels/matrix.md
@@ -310,127 +310,16 @@ Enable encryption:

 Verification commands (all take `--verbose` for diagnostics and `--json` for machine-readable output):

-```bash
-openclaw matrix verify status
-```
-
-Verbose status (full diagnostics):
-
-```bash
-openclaw matrix verify status --verbose
-```
-
-Include the stored recovery key in machine-readable output:
-
-```bash
-openclaw matrix verify status --include-recovery-key --json
-```
-
-Bootstrap cross-signing and verification state:
-
-```bash
-openclaw matrix verify bootstrap
-```
-
-Verbose bootstrap diagnostics:
-
-```bash
-openclaw matrix verify bootstrap --verbose
-```
-
-Force a fresh cross-signing identity reset before bootstrapping:
-
-```bash
-openclaw matrix verify bootstrap --force-reset-cross-signing
-```
-
-Verify this device with a recovery key:
-
-```bash
-openclaw matrix verify device "<your-recovery-key>"
-```
-
-This command reports three separate states:
-
- `Recovery key accepted`: Matrix accepted the recovery key for secret storage or device trust.
- `Backup usable`: room-key backup can be loaded with trusted recovery material.
- `Device verified by owner`: the current OpenClaw device has full Matrix cross-signing identity trust.
-
-`Signed by owner` in verbose or JSON output is diagnostic only. OpenClaw does not
-treat that as sufficient unless `Cross-signing verified` is also `yes`.
-
-The command still exits non-zero when full Matrix identity trust is incomplete,
-even if the recovery key can unlock backup material. In that case, complete
-self-verification from another Matrix client:
-
-```bash
-openclaw matrix verify self
-```
-
-Accept the request in another Matrix client, compare the SAS emoji or decimals,
-and type `yes` only when they match. The command waits for Matrix to report
-`Cross-signing verified: yes` before it exits successfully.
-
-Use `verify bootstrap --force-reset-cross-signing` only when you intentionally
-want to replace the current cross-signing identity.
-
-Verbose device verification details:
-
-```bash
-openclaw matrix verify device "<your-recovery-key>" --verbose
-```
-
-Check room-key backup health:
-
-```bash
-openclaw matrix verify backup status
-```
-
-Verbose backup health diagnostics:
-
-```bash
-openclaw matrix verify backup status --verbose
-```
-
-Restore room keys from server backup:
-
-```bash
-openclaw matrix verify backup restore
-```
-
-Interactive self-verification flow:
-
-```bash
-openclaw matrix verify self
-```
-
-For lower-level or inbound verification requests, use:
-
-```bash
-openclaw matrix verify accept <id>
-openclaw matrix verify start <id>
-openclaw matrix verify sas <id>
-openclaw matrix verify confirm-sas <id>
-```
-
-Use `openclaw matrix verify cancel <id>` to cancel a request.
-
-Verbose restore diagnostics:
-
-```bash
-openclaw matrix verify backup restore --verbose
-```
-
-Delete the current server backup and create a fresh backup baseline. If the stored
-backup key cannot be loaded cleanly, this reset can also recreate secret storage so
-future cold starts can load the new backup key:
-
-```bash
-openclaw matrix verify backup reset --yes
-```
-
-All `verify` commands are concise by default (including quiet internal SDK logging) and show detailed diagnostics only with `--verbose`.
-Use `--json` for full machine-readable output when scripting.
+| Command                                                        | Purpose                                                                             |
+| -------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
+| `openclaw matrix verify status`                                | Check cross-signing and device verification state                                   |
+| `openclaw matrix verify status --include-recovery-key --json`  | Include the stored recovery key                                                     |
+| `openclaw matrix verify bootstrap`                             | Bootstrap cross-signing and verification (see below)                                |
+| `openclaw matrix verify bootstrap --force-reset-cross-signing` | Discard the current cross-signing identity and create a new one                     |
+| `openclaw matrix verify device "<recovery-key>"`               | Verify this device with a recovery key                                              |
+| `openclaw matrix verify backup status`                         | Check room-key backup health                                                        |
+| `openclaw matrix verify backup restore`                        | Restore room keys from server backup                                                |
+| `openclaw matrix verify backup reset --yes`                    | Delete the current backup and create a fresh baseline (may recreate secret storage) |

 In multi-account setups, Matrix CLI commands use the implicit Matrix default account unless you pass `--account <id>`.
 If you configure multiple named accounts, set `channels.matrix.defaultAccount` first or those implicit CLI operations will stop and ask you to choose an account explicitly.
@@ -452,9 +341,7 @@ When encryption is disabled or unavailable for a named account, Matrix warnings
    - `Cross-signing verified`: the SDK reports verification via cross-signing
    - `Signed by owner`: signed by your own self-signing key

-    `Verified by owner` becomes `yes` only when cross-signing verification is present.
-    Local trust or an owner signature by itself is not enough for OpenClaw to treat
-    the device as fully verified.
+    `Verified by owner` becomes `yes` only when cross-signing or owner-signing is present. Local trust alone is not enough.

  </Accordion>

@@ -783,7 +670,7 @@ If multiple Matrix accounts are configured and one account id is `default`, Open
 If you configure multiple named accounts, set `defaultAccount` or pass `--account <id>` for CLI commands that rely on implicit account selection.
 Pass `--account <id>` to `openclaw matrix verify ...` and `openclaw matrix devices ...` when you want to override that implicit selection for one command.

-See [Configuration reference](/gateway/config-channels#multi-account-all-channels) for the shared multi-account pattern.
+See [Configuration reference](/gateway/configuration-reference#multi-account-all-channels) for the shared multi-account pattern.

 ## Private/LAN homeservers

--- a/docs/channels/msteams.md
+++ b/docs/channels/msteams.md
@@ -75,7 +75,7 @@ Disable with:

 - Default: `channels.msteams.dmPolicy = "pairing"`. Unknown senders are ignored until approved.
 - `channels.msteams.allowFrom` should use stable AAD object IDs.
- Do not rely on UPN/display-name matching for allowlists — they can change. OpenClaw disables direct name matching by default; opt in explicitly with `channels.msteams.dangerouslyAllowNameMatching: true`.
+- UPNs/display names are mutable; direct matching is disabled by default and only enabled with `channels.msteams.dangerouslyAllowNameMatching: true`.
 - The wizard can resolve names to IDs via Microsoft Graph when credentials allow.

 **Group access**
--- a/docs/channels/nextcloud-talk.md
+++ b/docs/channels/nextcloud-talk.md
@@ -44,31 +44,6 @@ Details: [Plugins](/tools/plugin)
 4. Configure OpenClaw:
   - Config: `channels.nextcloud-talk.baseUrl` + `channels.nextcloud-talk.botSecret`
   - Or env: `NEXTCLOUD_TALK_BOT_SECRET` (default account only)
-
-   CLI setup:
-
-   ```bash
-   openclaw channels add --channel nextcloud-talk \
-     --url https://cloud.example.com \
-     --token "<shared-secret>"
-   ```
-
-   Equivalent explicit fields:
-
-   ```bash
-   openclaw channels add --channel nextcloud-talk \
-     --base-url https://cloud.example.com \
-     --secret "<shared-secret>"
-   ```
-
-   File-backed secret:
-
-   ```bash
-   openclaw channels add --channel nextcloud-talk \
-     --base-url https://cloud.example.com \
-     --secret-file /path/to/nextcloud-talk-secret
-   ```
-
 5. Restart the gateway (or finish setup).

 Minimal config:
--- a/docs/channels/pairing.md
+++ b/docs/channels/pairing.md
@@ -104,28 +104,6 @@ existing approval as-is and creates a fresh pending upgrade request. Use
 `openclaw devices list` to compare the currently approved access with the newly
 requested access before you approve.

-### Optional trusted-CIDR node auto-approve
-
-Device pairing remains manual by default. For tightly controlled node networks,
-you can opt in to first-time node auto-approval with explicit CIDRs or exact IPs:
-
-```json5
-{
-  gateway: {
-    nodes: {
-      pairing: {
-        autoApproveCidrs: ["192.168.1.0/24"],
-      },
-    },
-  },
-}
-```
-
-This only applies to fresh `role: node` pairing requests with no requested
-scopes. Operator, browser, Control UI, and WebChat clients still require manual
-approval. Role, scope, metadata, and public-key changes still require manual
-approval.
-
 ### Node pairing state storage

 Stored under `~/.openclaw/devices/`:
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tak Hoffman	d2ab66e944	fix(plugins): reject unsafe staged runtime symlinks	2026-04-23 17:28:45 -05:00
Tak Hoffman	0295cd2adb	fix(plugins): harden staged runtime aliasing	2026-04-23 17:20:25 -05:00
Tak Hoffman	a044877bee	fix(plugins): share bundled runtime SDK alias prep	2026-04-23 17:00:40 -05:00