fix(provider-setup): harden telegram setup flow

* guard final delivery session refresh

* add changelog for final delivery refresh guard

.agents/skills/autoreview/SKILL.md

@@ -0,0 +1,145 @@
+---
+name: autoreview
+description: "Autoreview closeout: local dirty changes, PR branch vs main, parallel tests."
+---
+
+# Autoreview
+
+Run Codex's built-in code review as a closeout check. This is code review (`codex review`), not Guardian `auto_review` approval routing.
+
+Codex native review mode performs best and is recommended. Non-Codex reviewers are fallback/second-opinion paths that receive a generated diff prompt, not the full Codex review-mode runtime.
+
+Use when:
+- user asks for Codex review / autoreview / second-model review
+- after non-trivial code edits, before final/commit/ship
+- reviewing a local branch or PR branch after fixes
+
+## Contract
+
+- Treat review output as advisory. Never blindly apply it.
+- Verify every finding by reading the real code path and adjacent files.
+- Read dependency docs/source/types when the finding depends on external behavior.
+- Reject unrealistic edge cases, speculative risks, broad rewrites, and fixes that over-complicate the codebase.
+- Prefer small fixes at the right ownership boundary; no refactor unless it clearly improves the bug class.
+- Keep going until the selected review path returns no accepted/actionable findings.
+- If a review-triggered fix changes code, rerun focused tests and rerun the review helper.
+- Default to Codex review. If Codex is unavailable or exits with an error, the helper falls back to the first configured CLI from `claude -p`, `pi -p`, `opencode run`, `droid exec`, or `copilot`. Prefer Codex for final closeout because it uses native review mode; non-Codex reviewers use a Codex-inspired generated diff prompt. The helper runs nested Codex review in yolo/full-access mode by default; use `--no-yolo` only when intentionally testing sandbox behavior.
+- Stop as soon as the review command/helper exits 0 with no accepted/actionable findings. Do not run an extra direct `codex review` just to get a nicer "clean" line, a second opinion, or clearer closeout wording.
+- Treat the helper's successful exit plus absence of actionable findings as the clean review result, even if the underlying Codex CLI output is terse.
+- If rejecting a finding as intentional/not worth fixing, add a brief inline code comment only when it explains a real invariant or ownership decision that future reviewers should know.
+- Do not push just to review. Push only when the user requested push/ship/PR update.
+- For OpenClaw maintainers, keep autoreview validation Crabbox/Testbox-aware when maintainer validation mode is enabled (`OPENCLAW_TESTBOX=1` or `AUTOREVIEW_OPENCLAW_MAINTAINER_VALIDATION=1`). A review pass may inspect files and run cheap non-Node probes, but it must not start local `pnpm`, Vitest, `tsgo`, `npm test`, or `node scripts/run-vitest.mjs` from a Codex/worktree review unless the operator explicitly requested local proof. For runtime proof, use existing evidence or route through Crabbox/Testbox and report the id. Do not apply this rule to ordinary contributors who do not have maintainer Testbox access.
+
+## Pick Target
+
+Dirty local work:
+
+```bash
+codex review --uncommitted
+```
+
+Use this only when the patch is actually unstaged/staged/untracked in the
+current checkout. For committed, pushed, or PR work, point Codex at the commit
+or branch diff instead; do not force `--mode local` / `--uncommitted` just
+because the helper docs mention dirty work first. A clean `--uncommitted` review
+only proves there is no local patch.
+
+Branch/PR work:
+
+```bash
+git fetch origin
+codex review --base origin/main
+```
+
+Do not pass any prompt with `--base`. Some Codex CLI versions reject both inline
+and stdin prompt forms, including the helper's `codex review --base <ref> -`,
+with `--base <BRANCH> cannot be used with [PROMPT]`. If the helper hits this
+error, run plain `codex review --base <ref>` and report that the helper prompt
+injection was skipped.
+
+If an open PR exists, use its actual base:
+
+```bash
+base=$(gh pr view --json baseRefName --jq .baseRefName)
+codex review --base "origin/$base"
+```
+
+Committed single change:
+
+```bash
+codex review --commit HEAD
+```
+
+or with the helper:
+
+```bash
+.agents/skills/autoreview/scripts/autoreview --mode commit --commit HEAD
+```
+
+Use commit review for already-landed or already-pushed work on `main`. Reviewing
+clean `main` against `origin/main` is usually an empty diff after push. For a
+small stack, review each commit explicitly or review the branch before merging
+with `--base`.
+
+## Parallel Closeout
+
+Format first if formatting can change line locations. Then it is OK to run tests and review in parallel:
+
+```bash
+.agents/skills/autoreview/scripts/autoreview --parallel-tests "<focused test command>"
+```
+
+Tradeoff: tests may force code changes that stale the review. If tests or review lead to code edits, rerun the affected tests and rerun review until no accepted/actionable findings remain. Once that rerun exits cleanly, stop; do not spend another long review cycle on redundant confirmation.
+
+## Context Efficiency
+
+Codex review is usually noisy. Default to a subagent filter when subagents are available. Ask it to run the review and return only:
+- actionable findings it accepts
+- findings it rejects, with one-line reason
+- exact files/tests to rerun
+
+Run inline only for tiny changes or when subagents are unavailable.
+
+## Helper
+
+Bundled helper:
+
+```bash
+.agents/skills/autoreview/scripts/autoreview --help
+```
+
+The helper:
+- chooses dirty `--uncommitted` first
+- otherwise uses current PR base if `gh pr view` works
+- otherwise uses `origin/main` for non-main branches
+- auto-runs `PNPM_CONFIG_PM_ON_FAIL=ignore PNPM_CONFIG_VERIFY_DEPS_BEFORE_RUN=false PNPM_CONFIG_OFFLINE=true pnpm run check` in parallel when a repo has `package.json`, `pnpm-lock.yaml`, `node_modules`, and a `check` script; disable with `AUTOREVIEW_AUTO_TESTS=0`
+- use `--mode commit --commit <ref>` for already-committed work, especially clean `main` after landing
+- should be left in `--mode auto` or forced to `--mode branch` for PR/branch work; do not force `--mode local` after committing
+- supports `--reviewer codex|claude|pi|opencode|droid|copilot|auto`; `auto` means Codex first
+- supports `--fallback-reviewer auto|claude|pi|opencode|droid|copilot|none`; default is configured CLI fallback
+- falls back only when Codex is unavailable or exits nonzero, not when Codex reports findings
+- writes only to stdout unless `--output` or `AUTOREVIEW_OUTPUT` is set
+- supports `--dry-run`, `--parallel-tests`, and commit refs
+- runs nested review with `--dangerously-bypass-approvals-and-sandbox --sandbox danger-full-access` by default
+- injects maintainer-only OpenClaw validation policy into native Codex review when `OPENCLAW_TESTBOX=1` or `AUTOREVIEW_OPENCLAW_MAINTAINER_VALIDATION=1`, so local memory-heavy Node/Vitest checks are avoided in favor of Crabbox/Testbox proof
+- branch mode may fail on Codex CLI versions that reject `--base` plus the helper's stdin prompt; on that exact parser error, rerun plain `codex review --base <ref>` instead of falling back to a non-Codex reviewer
+- keeps accepting `--full-access`; use `--no-yolo` or `AUTOREVIEW_YOLO=0` to opt out
+- still accepts legacy `CODEX_REVIEW_*` env vars when the matching `AUTOREVIEW_*` var is unset
+- prints `autoreview clean: no accepted/actionable findings reported` when the selected review command exits 0
+
+## Final Report
+
+Include:
+- review command used
+- tests/proof run
+- findings accepted/rejected, briefly why
+- the clean review result from the final helper/review run, or why a remaining finding was consciously rejected
+
+Do not run another Codex review solely to improve the final report wording. If the final helper run exited 0 and produced no accepted/actionable findings, report that exact run as clean.
+
+## PR / CI Closeout
+
+- Prefer direct run/job APIs after CI starts: `gh run view <run-id> --json jobs`; use PR rollup only for final mergeability.
+- After rebase, compare `origin/main..HEAD`; drop CI-fix commits already upstream before pushing.
+- For prompt snapshot CI failures, prove/generate with Linux Node 24 before rerunning the failed job.
+- Update PR body once near the final head unless proof labels are missing or stale enough to block CI.

.agents/skills/autoreview/scripts/autoreview

@@ -0,0 +1,707 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+usage() {
+  cat <<'EOF'
+Usage: autoreview [options]
+
+Options:
+  --mode auto|local|branch|commit
+                              Target selection. Default: auto.
+  --base REF                 Base ref for branch review. Default: PR base or origin/main.
+  --commit REF               Commit ref for commit review. Default: HEAD.
+  --reviewer codex|claude|pi|opencode|droid|copilot|auto
+                              Review engine. Default: Codex with configured fallback on error.
+  --fallback-reviewer auto|claude|pi|opencode|droid|copilot|none
+                              Fallback when Codex is unavailable or exits nonzero. Default: auto.
+  --codex-bin PATH           Codex binary. Default: codex.
+  --claude-bin PATH          Claude binary. Default: claude.
+  --pi-bin PATH              Pi binary. Default: pi.
+  --opencode-bin PATH        OpenCode binary. Default: opencode.
+  --droid-bin PATH           Droid binary. Default: droid.
+  --copilot-bin PATH         GitHub Copilot binary. Default: copilot.
+  --full-access              Keep yolo/full-access mode enabled. Default.
+  --no-yolo                  Run nested Codex review with normal sandbox/approval prompts.
+  --output FILE              Also save output to file.
+  --parallel-tests CMD       Run review and test command concurrently.
+                              Default: PNPM_CONFIG_PM_ON_FAIL=ignore PNPM_CONFIG_VERIFY_DEPS_BEFORE_RUN=false PNPM_CONFIG_OFFLINE=true pnpm run check when available.
+  --dry-run                  Print selected commands, do not run.
+  -h, --help                 Show help.
+
+Environment:
+  OPENCLAW_TESTBOX=1 or AUTOREVIEW_OPENCLAW_MAINTAINER_VALIDATION=1
+                              Enable maintainer-only OpenClaw Crabbox/Testbox validation policy.
+
+Modes:
+  local   codex review --uncommitted
+  branch  codex review --base <base>
+  commit  codex review --commit <commit>
+  auto    dirty tree -> local, else PR/current branch -> branch
+EOF
+}
+
+mode=auto
+base_ref=
+commit_ref=HEAD
+reviewer=${AUTOREVIEW_REVIEWER:-${CODEX_REVIEW_REVIEWER:-auto}}
+fallback_reviewer=${AUTOREVIEW_FALLBACK_REVIEWER:-${CODEX_REVIEW_FALLBACK_REVIEWER:-auto}}
+codex_bin=${CODEX_BIN:-codex}
+claude_bin=${CLAUDE_BIN:-claude}
+pi_bin=${PI_BIN:-pi}
+opencode_bin=${OPENCODE_BIN:-opencode}
+droid_bin=${DROID_BIN:-droid}
+copilot_bin=${COPILOT_BIN:-copilot}
+codex_args=()
+yolo=${AUTOREVIEW_YOLO:-${CODEX_REVIEW_YOLO:-1}}
+output=${AUTOREVIEW_OUTPUT:-${CODEX_REVIEW_OUTPUT:-}}
+parallel_tests=
+parallel_tests_auto=false
+dry_run=false
+codex_review_prompt=
+codex_review_stdin_prompt=false
+codex_review_prompt_file=false
+openclaw_maintainer_validation=${AUTOREVIEW_OPENCLAW_MAINTAINER_VALIDATION:-${OPENCLAW_TESTBOX:-0}}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --mode)
+      mode=${2:-}
+      shift 2
+      ;;
+    --base)
+      base_ref=${2:-}
+      shift 2
+      ;;
+    --commit)
+      commit_ref=${2:-}
+      shift 2
+      ;;
+    --reviewer)
+      reviewer=${2:-}
+      shift 2
+      ;;
+    --fallback-reviewer)
+      fallback_reviewer=${2:-}
+      shift 2
+      ;;
+    --codex-bin)
+      codex_bin=${2:-}
+      shift 2
+      ;;
+    --claude-bin)
+      claude_bin=${2:-}
+      shift 2
+      ;;
+    --pi-bin)
+      pi_bin=${2:-}
+      shift 2
+      ;;
+    --opencode-bin)
+      opencode_bin=${2:-}
+      shift 2
+      ;;
+    --droid-bin)
+      droid_bin=${2:-}
+      shift 2
+      ;;
+    --copilot-bin)
+      copilot_bin=${2:-}
+      shift 2
+      ;;
+    --full-access)
+      yolo=1
+      shift
+      ;;
+    --no-yolo)
+      yolo=0
+      shift
+      ;;
+    --output)
+      output=${2:-}
+      shift 2
+      ;;
+    --parallel-tests)
+      parallel_tests=${2:-}
+      shift 2
+      ;;
+    --dry-run)
+      dry_run=true
+      shift
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      usage >&2
+      exit 2
+      ;;
+  esac
+done
+
+case "$yolo" in
+  0|false|False|FALSE|no|No|NO|off|Off|OFF) ;;
+  *) codex_args+=(--dangerously-bypass-approvals-and-sandbox --sandbox danger-full-access) ;;
+esac
+
+case "$mode" in
+  auto|local|branch|commit) ;;
+  *)
+    echo "invalid --mode: $mode" >&2
+    exit 2
+    ;;
+esac
+
+case "$reviewer" in
+  auto|codex|claude|pi|opencode|droid|copilot) ;;
+  *)
+    echo "invalid --reviewer: $reviewer" >&2
+    exit 2
+    ;;
+esac
+
+case "$fallback_reviewer" in
+  auto|claude|pi|opencode|droid|copilot|none) ;;
+  *)
+    echo "invalid --fallback-reviewer: $fallback_reviewer" >&2
+    exit 2
+    ;;
+esac
+
+repo_root=$(git rev-parse --show-toplevel)
+printf -v quoted_repo_root '%q' "$repo_root"
+
+has_package_check_script() {
+  command -v node >/dev/null 2>&1 || return 1
+  node -e 'const { readFileSync } = require("node:fs"); const p = JSON.parse(readFileSync(process.argv[1], "utf8")); process.exit(p.scripts?.check ? 0 : 1)' \
+    "$repo_root/package.json" \
+    >/dev/null 2>&1
+}
+
+auto_tests_disabled() {
+  case "${AUTOREVIEW_AUTO_TESTS:-${CODEX_REVIEW_AUTO_TESTS:-1}}" in
+    0|false|False|FALSE|no|No|NO|off|Off|OFF) return 0 ;;
+    *) return 1 ;;
+  esac
+}
+
+current_branch=$(git branch --show-current 2>/dev/null || true)
+dirty=false
+if [[ -n "$(git status --porcelain)" ]]; then
+  dirty=true
+fi
+
+pr_url=
+if [[ -z "$base_ref" && "$mode" != local ]] && command -v gh >/dev/null 2>&1; then
+  if pr_lines=$(gh pr view --json baseRefName,url --jq '[.baseRefName, .url] | @tsv' 2>/dev/null); then
+    base_name=${pr_lines%%$'\t'*}
+    pr_url=${pr_lines#*$'\t'}
+    if [[ -n "$base_name" ]]; then
+      base_ref="origin/$base_name"
+    fi
+  fi
+fi
+
+if [[ -z "$base_ref" ]]; then
+  base_ref=origin/main
+fi
+
+review_kind=
+if [[ "$mode" == local || ( "$mode" == auto && "$dirty" == true ) ]]; then
+  review_kind=local
+elif [[ "$mode" == commit ]]; then
+  review_kind=commit
+elif [[ "$mode" == branch || ( "$mode" == auto && -n "$current_branch" && "$current_branch" != "main" ) ]]; then
+  review_kind=branch
+else
+  echo "no review target: clean main checkout and no forced mode" >&2
+  exit 1
+fi
+
+if [[ "$review_kind" == local ]]; then
+  review_cmd=("$codex_bin" "${codex_args[@]}" review --uncommitted)
+elif [[ "$review_kind" == commit ]]; then
+  review_cmd=("$codex_bin" "${codex_args[@]}" review --commit "$commit_ref")
+else
+  review_cmd=("$codex_bin" "${codex_args[@]}" review --base "$base_ref")
+fi
+
+repo_url=$(git -C "$repo_root" config --get remote.origin.url 2>/dev/null || true)
+case "$openclaw_maintainer_validation" in
+  1|true|True|TRUE|yes|Yes|YES|on|On|ON) openclaw_maintainer_validation=1 ;;
+  *) openclaw_maintainer_validation=0 ;;
+esac
+if [[ -z "$parallel_tests" && "$openclaw_maintainer_validation" != 1 ]] &&
+  ! auto_tests_disabled; then
+  if [[ -f "$repo_root/package.json" && -f "$repo_root/pnpm-lock.yaml" && -d "$repo_root/node_modules" ]] &&
+    command -v pnpm >/dev/null 2>&1 &&
+    has_package_check_script; then
+    parallel_tests="cd $quoted_repo_root && PNPM_CONFIG_PM_ON_FAIL=ignore PNPM_CONFIG_VERIFY_DEPS_BEFORE_RUN=false PNPM_CONFIG_OFFLINE=true pnpm run check"
+    parallel_tests_auto=true
+  fi
+fi
+if [[ "$repo_url" == *"openclaw/openclaw"* && "$openclaw_maintainer_validation" == 1 ]]; then
+  codex_review_prompt=$(cat <<'EOF'
+OpenClaw maintainer autoreview validation policy:
+- Review the diff by reading code, tests, and dependency contracts.
+- Do not run local memory-heavy Node validation from review mode. This includes local pnpm checks/tests, Vitest, tsgo, npm test, and node scripts/run-vitest.mjs.
+- If runtime proof is needed, use existing proof or route validation through Crabbox / Blacksmith Testbox and report the exact provider and id.
+- If remote validation is not necessary for the finding, state the targeted proof that should be run instead of starting local tests.
+EOF
+)
+  if [[ "$review_kind" == local ]]; then
+    review_cmd+=(-)
+    codex_review_stdin_prompt=true
+  else
+    review_cmd=("$codex_bin" "${codex_args[@]}" review -)
+    codex_review_prompt_file=true
+  fi
+fi
+
+printf 'autoreview target: %s\n' "$review_kind"
+printf 'branch: %s\n' "${current_branch:-detached}"
+if [[ -n "$pr_url" ]]; then
+  printf 'pr: %s\n' "$pr_url"
+fi
+if [[ "$reviewer" == auto ]]; then
+  printf 'reviewer: codex\n'
+else
+  printf 'reviewer: %s\n' "$reviewer"
+fi
+case "$reviewer" in
+  codex|auto) ;;
+  *)
+    printf 'note: Codex native review mode is the recommended and best-supported review path; %s uses a generated diff prompt.\n' "$reviewer"
+    ;;
+esac
+if [[ "$reviewer" == auto || "$reviewer" == codex ]]; then
+  printf 'review:'
+  printf ' %q' "${review_cmd[@]}"
+  printf '\n'
+  if [[ "$codex_review_stdin_prompt" == true || "$codex_review_prompt_file" == true ]]; then
+    printf 'review policy: OpenClaw maintainer Crabbox/Testbox-aware validation prompt injected\n'
+  fi
+else
+  printf 'review: %s prompt review\n' "$reviewer"
+fi
+if [[ -n "$parallel_tests" ]]; then
+  printf 'tests: %s' "$parallel_tests"
+  if [[ "$parallel_tests_auto" == true ]]; then
+    printf ' (auto)'
+  fi
+  printf '\n'
+fi
+if [[ "$review_kind" == branch ]]; then
+  printf 'fetch: git fetch origin --quiet\n'
+fi
+if [[ -n "$output" ]]; then
+  printf 'output: %s\n' "$output"
+fi
+
+if [[ "$dry_run" == true ]]; then
+  exit 0
+fi
+
+if [[ "$review_kind" == branch ]]; then
+  git fetch origin --quiet || {
+    echo "warning: git fetch origin failed; reviewing with existing refs" >&2
+  }
+fi
+
+review_output=$output
+review_output_is_temp=false
+if [[ -z "$review_output" ]]; then
+  review_output=$(mktemp)
+  review_output_is_temp=true
+fi
+mkdir -p "$(dirname "$review_output")"
+: > "$review_output"
+
+cleanup() {
+  if [[ "${review_output_is_temp:-false}" == true && -n "${review_output:-}" ]]; then
+    rm -f "$review_output"
+  fi
+  if [[ -n "${prompt_file:-}" ]]; then
+    rm -f "$prompt_file"
+  fi
+}
+trap cleanup EXIT
+
+run_review() {
+  local status=0
+  mkdir -p "$(dirname "$review_output")"
+  if [[ "$codex_review_prompt_file" == true ]]; then
+    build_prompt_file || return
+    "${review_cmd[@]}" < "$prompt_file" 2>&1 | tee "$review_output"
+    status=${PIPESTATUS[0]}
+    rm -f "$prompt_file"
+    prompt_file=
+    return "$status"
+  elif [[ "$codex_review_stdin_prompt" == true ]]; then
+    printf '%s\n' "$codex_review_prompt" | "${review_cmd[@]}" 2>&1 | tee "$review_output"
+  else
+    "${review_cmd[@]}" 2>&1 | tee "$review_output"
+  fi
+}
+
+diff_for_review() {
+  case "$review_kind" in
+    local)
+      git -C "$repo_root" diff --stat
+      git -C "$repo_root" diff --cached --stat
+      git -C "$repo_root" diff --find-renames
+      git -C "$repo_root" diff --cached --find-renames
+      while IFS= read -r untracked_file; do
+        [[ -n "$untracked_file" ]] || continue
+        git -C "$repo_root" diff --no-index -- /dev/null "$untracked_file" || true
+      done < <(git -C "$repo_root" ls-files --others --exclude-standard)
+      ;;
+    commit)
+      git -C "$repo_root" show --find-renames --stat --format=fuller "$commit_ref"
+      git -C "$repo_root" show --find-renames --format=medium "$commit_ref"
+      ;;
+    branch)
+      git -C "$repo_root" diff --find-renames --stat "$base_ref"...HEAD
+      git -C "$repo_root" diff --find-renames "$base_ref"...HEAD
+      ;;
+  esac
+}
+
+build_prompt_file() {
+  prompt_file=$(mktemp)
+  {
+    cat <<EOF
+You are performing a closeout code review for the current repository.
+
+Review target: $review_kind
+Branch: ${current_branch:-detached}
+Base: ${base_ref:-}
+Commit: ${commit_ref:-}
+
+Rules:
+- Review the proposed code change as a closeout reviewer.
+- Focus on the diff below. If your CLI exposes read-only repository tools, inspect surrounding code and tests to verify findings; never modify files.
+- Do not modify files.
+${codex_review_prompt}
+- Report only discrete, actionable issues introduced by this change.
+- Prioritize correctness, regressions, security, data loss, performance cliffs, and missing tests that would catch a real bug.
+- Do not report pre-existing issues, speculative risks, broad rewrites, style nits, changelog gaps, or findings that depend on unstated assumptions.
+- Identify the concrete scenario where the issue appears, and keep the line reference as small as possible.
+- A finding should overlap changed code or clearly cite changed code as the cause.
+- For each accepted/actionable finding, use exactly this format:
+  [P<0-3>] Short title
+  File: path:line
+  Why: one sentence
+  Fix: one sentence
+- If no accepted/actionable findings, output exactly:
+  autoreview clean: no accepted/actionable findings reported
+
+Diff:
+EOF
+    diff_for_review
+  } > "$prompt_file" || return
+}
+
+reviewer_output_has_clean_marker() {
+  local path=$1
+  grep -Eq '^[^[:alnum:]]*autoreview clean: no accepted/actionable findings reported[[:space:]]*$' "$path"
+}
+
+run_prompt_reviewer() {
+  local selected=$1
+  local copilot_prompt=
+  local prompt_bytes=0
+  local reviewer_output
+  local status=0
+
+  if ! build_prompt_file; then
+    rm -f "${prompt_file:-}"
+    prompt_file=
+    return 1
+  fi
+  reviewer_output=$(mktemp)
+  mkdir -p "$(dirname "$review_output")"
+
+  case "$selected" in
+    claude)
+      if ! command -v "$claude_bin" >/dev/null 2>&1; then
+        echo "fallback reviewer unavailable: $claude_bin" >&2
+        status=127
+      elif printf 'fallback: claude -p\n' | tee -a "$review_output"; then
+        "$claude_bin" --tools "" --no-session-persistence -p < "$prompt_file" 2>&1 | tee -a "$review_output" "$reviewer_output"
+        status=$?
+      else
+        status=$?
+      fi
+      ;;
+    pi)
+      if ! command -v "$pi_bin" >/dev/null 2>&1; then
+        echo "fallback reviewer unavailable: $pi_bin" >&2
+        status=127
+      elif printf 'fallback: pi -p\n' | tee -a "$review_output"; then
+        "$pi_bin" --no-tools --no-session -p < "$prompt_file" 2>&1 | tee -a "$review_output" "$reviewer_output"
+        status=$?
+      else
+        status=$?
+      fi
+      ;;
+    opencode)
+      if ! command -v "$opencode_bin" >/dev/null 2>&1; then
+        echo "fallback reviewer unavailable: $opencode_bin" >&2
+        status=127
+      elif printf 'fallback: opencode run\n' | tee -a "$review_output"; then
+        "$opencode_bin" run --pure --dir "$repo_root" \
+          "Review the attached prompt file. Do not modify files." \
+          --file "$prompt_file" 2>&1 | tee -a "$review_output" "$reviewer_output"
+        status=$?
+      else
+        status=$?
+      fi
+      ;;
+    droid)
+      if ! command -v "$droid_bin" >/dev/null 2>&1; then
+        echo "fallback reviewer unavailable: $droid_bin" >&2
+        status=127
+      elif printf 'fallback: droid exec\n' | tee -a "$review_output"; then
+        "$droid_bin" exec --cwd "$repo_root" -f "$prompt_file" 2>&1 | tee -a "$review_output" "$reviewer_output"
+        status=$?
+      else
+        status=$?
+      fi
+      ;;
+    copilot)
+      if ! command -v "$copilot_bin" >/dev/null 2>&1; then
+        echo "fallback reviewer unavailable: $copilot_bin" >&2
+        status=127
+      elif printf 'fallback: copilot\n' | tee -a "$review_output"; then
+        prompt_bytes=$(wc -c < "$prompt_file" | tr -d '[:space:]')
+        if (( prompt_bytes > 120000 )); then
+          echo "copilot reviewer unavailable: generated prompt is too large for copilot -p; use codex, droid, or another file/stdin-capable reviewer" \
+            2>&1 | tee -a "$review_output" "$reviewer_output"
+          status=1
+        else
+          copilot_prompt=$(< "$prompt_file")
+          "$copilot_bin" -C "$repo_root" --available-tools=none --stream off --output-format text --silent \
+            -p "$copilot_prompt" \
+            2>&1 | tee -a "$review_output" "$reviewer_output"
+          status=$?
+        fi
+      else
+        status=$?
+      fi
+      ;;
+    *)
+      echo "unsupported prompt reviewer: $selected" >&2
+      status=2
+      ;;
+  esac
+  if [[ "$status" == 0 ]]; then
+    if grep -Eq '\[P[0-3]\]' "$reviewer_output"; then
+      status=1
+    elif ! grep -q '[^[:space:]]' "$reviewer_output"; then
+      status=1
+    elif ! reviewer_output_has_clean_marker "$reviewer_output"; then
+      status=1
+    fi
+  fi
+  rm -f "$reviewer_output"
+  rm -f "$prompt_file"
+  prompt_file=
+  return "$status"
+}
+
+run_selected_review() {
+  local selected=$1
+  case "$selected" in
+    codex)
+      if ! command -v "$codex_bin" >/dev/null 2>&1; then
+        echo "codex reviewer unavailable: $codex_bin" >&2
+        return 127
+      fi
+      run_review
+      ;;
+    claude|pi|opencode|droid|copilot)
+      run_prompt_reviewer "$selected"
+      ;;
+    *)
+      echo "unsupported reviewer: $selected" >&2
+      return 2
+      ;;
+  esac
+}
+
+fallback_reviewer_is_available() {
+  local selected=$1
+  case "$selected" in
+    claude) command -v "$claude_bin" >/dev/null 2>&1 ;;
+    pi) command -v "$pi_bin" >/dev/null 2>&1 ;;
+    opencode) command -v "$opencode_bin" >/dev/null 2>&1 ;;
+    droid) command -v "$droid_bin" >/dev/null 2>&1 ;;
+    copilot) command -v "$copilot_bin" >/dev/null 2>&1 ;;
+    *) return 1 ;;
+  esac
+}
+
+run_auto_fallback_review() {
+  local selected
+  if [[ "$fallback_reviewer" != auto ]]; then
+    run_selected_review "$fallback_reviewer"
+    return $?
+  fi
+
+  for selected in claude pi opencode droid copilot; do
+    if fallback_reviewer_is_available "$selected"; then
+      run_selected_review "$selected"
+      return $?
+    fi
+  done
+
+  echo "fallback reviewer unavailable: no configured fallback CLI found" >&2
+  return 127
+}
+
+run_auto_review() {
+  run_selected_review codex
+  local status=$?
+  if [[ "$status" == 0 ]]; then
+    return 0
+  fi
+  if (( status > 128 && status < 192 )); then
+    return "$status"
+  fi
+  if review_output_has_findings; then
+    return "$status"
+  fi
+  if [[ "$fallback_reviewer" == none ]]; then
+    return "$status"
+  fi
+  if [[ "$fallback_reviewer" == auto ]]; then
+    printf 'autoreview warning: codex exited %s; trying configured fallback reviewers\n' "$status" >&2
+  else
+    printf 'autoreview warning: codex exited %s; falling back to %s\n' "$status" "$fallback_reviewer" >&2
+  fi
+  run_auto_fallback_review
+}
+
+elapsed_since() {
+  local started_at=$1
+  local finished_at
+  finished_at=$(date +%s)
+  printf '%s\n' "$((finished_at - started_at))"
+}
+
+format_elapsed() {
+  local seconds=$1
+  if (( seconds < 60 )); then
+    printf '%ss\n' "$seconds"
+  else
+    printf '%sm%ss\n' "$((seconds / 60))" "$((seconds % 60))"
+  fi
+}
+
+review_output_empty() {
+  [[ ! -s "$review_output" ]] || ! grep -q '[^[:space:]]' "$review_output"
+}
+
+review_findings_text() {
+  if grep -Fxq 'codex' "$review_output"; then
+    awk '
+      $0 == "codex" {
+        capture = 1
+        output = $0 ORS
+        next
+      }
+      capture {
+        output = output $0 ORS
+      }
+      END {
+        printf "%s", output
+      }
+    ' "$review_output"
+    return
+  fi
+  cat "$review_output"
+}
+
+review_output_has_findings() {
+  review_findings_text | grep -Eq '\[P[0-3]\]'
+}
+
+report_clean_review_or_fail() {
+  local elapsed_text
+  elapsed_text=$(format_elapsed "${review_elapsed_seconds:-0}")
+
+  if review_output_has_findings; then
+    printf 'autoreview complete after %s\n' "$elapsed_text"
+    printf 'autoreview findings: accepted/actionable findings reported\n'
+    return 1
+  fi
+  if review_output_empty; then
+    printf 'autoreview complete after %s; no output\n' "$elapsed_text"
+    return 1
+  fi
+  printf 'autoreview complete after %s\n' "$elapsed_text"
+  printf 'autoreview clean: no accepted/actionable findings reported\n'
+}
+
+if [[ -z "$parallel_tests" ]]; then
+  review_started_at=$(date +%s)
+  set +e
+  if [[ "$reviewer" == auto ]]; then
+    run_auto_review
+  else
+    run_selected_review "$reviewer"
+  fi
+  review_status=$?
+  review_elapsed_seconds=$(elapsed_since "$review_started_at")
+  set -e
+  if [[ "$review_status" == 0 ]]; then
+    report_clean_review_or_fail
+    exit $?
+  fi
+  exit "$review_status"
+fi
+
+review_status_file=$(mktemp)
+review_elapsed_file=$(mktemp)
+tests_status_file=$(mktemp)
+
+(
+  set +e
+  review_started_at=$(date +%s)
+  if [[ "$reviewer" == auto ]]; then
+    run_auto_review
+  else
+    run_selected_review "$reviewer"
+  fi
+  status=$?
+  elapsed=$(elapsed_since "$review_started_at")
+  printf '%s\n' "$status" > "$review_status_file"
+  printf '%s\n' "$elapsed" > "$review_elapsed_file"
+) &
+review_pid=$!
+
+(
+  set +e
+  bash -lc "$parallel_tests"
+  status=$?
+  printf '%s\n' "$status" > "$tests_status_file"
+) &
+tests_pid=$!
+
+wait "$review_pid" || true
+wait "$tests_pid" || true
+
+review_status=$(cat "$review_status_file")
+review_elapsed_seconds=$(cat "$review_elapsed_file")
+tests_status=$(cat "$tests_status_file")
+rm -f "$review_status_file" "$review_elapsed_file" "$tests_status_file"
+
+printf 'autoreview exit: %s\n' "$review_status"
+printf 'tests exit: %s\n' "$tests_status"
+
+if [[ "$review_status" != 0 || "$tests_status" != 0 ]]; then
+  exit 1
+fi
+
+report_clean_review_or_fail

.agents/skills/codex-review/SKILL.md

@@ -1,103 +0,0 @@
----
-name: codex-review
-description: "Codex code review closeout: local dirty changes, PR branch vs main, parallel tests."
----
-
-# Codex Review
-
-Run Codex's built-in code review as a closeout check. This is code review (`codex review`), not Guardian `auto_review` approval routing.
-
-Use when:
-- user asks for Codex review / autoreview / second-model review
-- after non-trivial code edits, before final/commit/ship
-- reviewing a local branch or PR branch after fixes
-
-## Contract
-
-- Treat review output as advisory. Never blindly apply it.
-- Verify every finding by reading the real code path and adjacent files.
-- Read dependency docs/source/types when the finding depends on external behavior.
-- Reject unrealistic edge cases, speculative risks, broad rewrites, and fixes that over-complicate the codebase.
-- Prefer small fixes at the right ownership boundary; no refactor unless it clearly improves the bug class.
-- Keep going until Codex review returns no accepted/actionable findings.
-- If a review-triggered fix changes code, rerun focused tests and rerun Codex review.
-- If rejecting a finding as intentional/not worth fixing, add a brief inline code comment only when it explains a real invariant or ownership decision that future reviewers should know.
-- Do not push just to review. Push only when the user requested push/ship/PR update.
-
-## Pick Target
-
-Dirty local work:
-
-```bash
-codex review --uncommitted
-```
-
-Branch/PR work:
-
-```bash
-git fetch origin
-codex review --base origin/main
-```
-
-Do not pass an inline prompt with `--base`; current CLI rejects `--base` + `[PROMPT]` even though help text is ambiguous. If custom instructions are needed, run the plain base review first, then do a local/manual follow-up pass.
-
-If an open PR exists, use its actual base:
-
-```bash
-base=$(gh pr view --json baseRefName --jq .baseRefName)
-codex review --base "origin/$base"
-```
-
-Committed single change:
-
-```bash
-codex review --commit HEAD
-```
-
-## Parallel Closeout
-
-Format first if formatting can change line locations. Then it is OK to run tests and review in parallel:
-
-```bash
-scripts/codex-review --parallel-tests "<focused test command>"
-```
-
-Tradeoff: tests may force code changes that stale the review. If tests or review lead to code edits, rerun the affected tests and rerun review until no accepted/actionable findings remain.
-
-## Context Efficiency
-
-Codex review is usually noisy. Default to a subagent filter when subagents are available. Ask it to run the review and return only:
-- actionable findings it accepts
-- findings it rejects, with one-line reason
-- exact files/tests to rerun
-
-Run inline only for tiny changes or when subagents are unavailable.
-
-## Helper
-
-Bundled helper:
-
-```bash
-~/.codex/skills/codex-review/scripts/codex-review --help
-```
-
-If installed from `agent-scripts`, path is:
-
-```bash
-/Users/steipete/Projects/agent-scripts/skills/codex-review/scripts/codex-review --help
-```
-
-The helper:
-- chooses dirty `--uncommitted` first
-- otherwise uses current PR base if `gh pr view` works
-- otherwise uses `origin/main` for non-main branches
-- writes only to stdout unless `--output` or `CODEX_REVIEW_OUTPUT` is set
-- supports `--dry-run` and `--parallel-tests`
-
-## Final Report
-
-Include:
-- review command used
-- tests/proof run
-- findings accepted/rejected, briefly why
-- final clean review command, or why a remaining finding was consciously rejected

.agents/skills/codex-review/scripts/codex-review

@@ -1,188 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-usage() {
-  cat <<'EOF'
-Usage: codex-review [options]
-
-Options:
-  --mode auto|local|branch   Target selection. Default: auto.
-  --base REF                 Base ref for branch review. Default: PR base or origin/main.
-  --codex-bin PATH           Codex binary. Default: codex.
-  --output FILE              Also save output to file.
-  --parallel-tests CMD       Run review and test command concurrently.
-  --dry-run                  Print selected commands, do not run.
-  -h, --help                 Show help.
-
-Modes:
-  local   codex review --uncommitted
-  branch  codex review --base <base>
-  auto    dirty tree -> local, else PR/current branch -> branch
-EOF
-}
-
-mode=auto
-base_ref=
-codex_bin=${CODEX_BIN:-codex}
-output=${CODEX_REVIEW_OUTPUT:-}
-parallel_tests=
-dry_run=false
-
-while [[ $# -gt 0 ]]; do
-  case "$1" in
-    --mode)
-      mode=${2:-}
-      shift 2
-      ;;
-    --base)
-      base_ref=${2:-}
-      shift 2
-      ;;
-    --codex-bin)
-      codex_bin=${2:-}
-      shift 2
-      ;;
-    --output)
-      output=${2:-}
-      shift 2
-      ;;
-    --parallel-tests)
-      parallel_tests=${2:-}
-      shift 2
-      ;;
-    --dry-run)
-      dry_run=true
-      shift
-      ;;
-    -h|--help)
-      usage
-      exit 0
-      ;;
-    *)
-      usage >&2
-      exit 2
-      ;;
-  esac
-done
-
-case "$mode" in
-  auto|local|branch) ;;
-  *)
-    echo "invalid --mode: $mode" >&2
-    exit 2
-    ;;
-esac
-
-git rev-parse --show-toplevel >/dev/null
-
-current_branch=$(git branch --show-current 2>/dev/null || true)
-dirty=false
-if [[ -n "$(git status --porcelain)" ]]; then
-  dirty=true
-fi
-
-pr_url=
-if [[ -z "$base_ref" && "$mode" != local ]] && command -v gh >/dev/null 2>&1; then
-  if pr_lines=$(gh pr view --json baseRefName,url --jq '[.baseRefName, .url] | @tsv' 2>/dev/null); then
-    base_name=${pr_lines%%$'\t'*}
-    pr_url=${pr_lines#*$'\t'}
-    if [[ -n "$base_name" ]]; then
-      base_ref="origin/$base_name"
-    fi
-  fi
-fi
-
-if [[ -z "$base_ref" ]]; then
-  base_ref=origin/main
-fi
-
-review_kind=
-if [[ "$mode" == local || ( "$mode" == auto && "$dirty" == true ) ]]; then
-  review_kind=local
-elif [[ "$mode" == branch || ( "$mode" == auto && -n "$current_branch" && "$current_branch" != "main" ) ]]; then
-  review_kind=branch
-else
-  echo "no review target: clean main checkout and no forced mode" >&2
-  exit 1
-fi
-
-if [[ "$review_kind" == local ]]; then
-  review_cmd=("$codex_bin" review --uncommitted)
-else
-  review_cmd=("$codex_bin" review --base "$base_ref")
-fi
-
-printf 'codex-review target: %s\n' "$review_kind"
-printf 'branch: %s\n' "${current_branch:-detached}"
-if [[ -n "$pr_url" ]]; then
-  printf 'pr: %s\n' "$pr_url"
-fi
-printf 'review:'
-printf ' %q' "${review_cmd[@]}"
-printf '\n'
-if [[ -n "$parallel_tests" ]]; then
-  printf 'tests: %s\n' "$parallel_tests"
-fi
-if [[ "$review_kind" == branch ]]; then
-  printf 'fetch: git fetch origin --quiet\n'
-fi
-if [[ -n "$output" ]]; then
-  printf 'output: %s\n' "$output"
-fi
-
-if [[ "$dry_run" == true ]]; then
-  exit 0
-fi
-
-if [[ "$review_kind" == branch ]]; then
-  git fetch origin --quiet || {
-    echo "warning: git fetch origin failed; reviewing with existing refs" >&2
-  }
-fi
-
-run_review() {
-  if [[ -n "$output" ]]; then
-    mkdir -p "$(dirname "$output")"
-    "${review_cmd[@]}" 2>&1 | tee "$output"
-  else
-    "${review_cmd[@]}"
-  fi
-}
-
-if [[ -z "$parallel_tests" ]]; then
-  run_review
-  exit $?
-fi
-
-review_status_file=$(mktemp)
-tests_status_file=$(mktemp)
-
-(
-  set +e
-  run_review
-  status=$?
-  printf '%s\n' "$status" > "$review_status_file"
-) &
-review_pid=$!
-
-(
-  set +e
-  bash -lc "$parallel_tests"
-  status=$?
-  printf '%s\n' "$status" > "$tests_status_file"
-) &
-tests_pid=$!
-
-wait "$review_pid" || true
-wait "$tests_pid" || true
-
-review_status=$(cat "$review_status_file")
-tests_status=$(cat "$tests_status_file")
-rm -f "$review_status_file" "$tests_status_file"
-
-printf 'codex-review exit: %s\n' "$review_status"
-printf 'tests exit: %s\n' "$tests_status"
-
-if [[ "$review_status" != 0 || "$tests_status" != 0 ]]; then
-  exit 1
-fi

.agents/skills/crabbox/SKILL.md

@@ -1,23 +1,32 @@
 ---
 name: crabbox
-description: Use Crabbox for OpenClaw remote validation across Linux, macOS, Windows, and WSL2. Default to the repo Crabbox config, use brokered AWS for normal broad proof, and keep Blacksmith Testbox as an explicit opt-in or outage diagnostic path.
+description: Use the Crabbox wrapper for OpenClaw remote validation across Linux, macOS, Windows, and WSL2, including delegated Blacksmith Testbox proof. Report the actual provider and id.
 ---
 
 # Crabbox
 
-Use Crabbox when OpenClaw needs remote Linux proof for broad tests, CI-parity
-checks, secrets, hosted services, Docker/E2E/package lanes, warmed reusable
-boxes, sync timing, logs/results, cache inspection, or lease cleanup.
+Use the Crabbox wrapper when OpenClaw needs remote Linux proof for broad tests,
+CI-parity checks, secrets, hosted services, Docker/E2E/package lanes, warmed
+reusable boxes, sync timing, logs/results, cache inspection, or lease cleanup.
 
-Default backend: the repo `.crabbox.yaml`, currently brokered AWS. Do not
-override it to Blacksmith unless the user explicitly asks for Blacksmith proof,
-the task is specifically about Testbox behavior, or AWS/brokered Crabbox is the
-broken layer.
+Crabbox is the transport/orchestration surface. The actual backend can be:
 
-Blacksmith Testbox is a delegated fallback, not the default router. If a
-Blacksmith run queues, fails capacity, fails auth, or cannot allocate, stop
-after one real attempt and switch to the repo default or report the blocker.
-Do not retry Blacksmith in a loop.
+- brokered AWS Crabbox: direct provider, `provider=aws`, lease ids like
+  `cbx_...`, `syncDelegated=false`
+- Blacksmith Testbox through Crabbox: delegated provider,
+  `provider=blacksmith-testbox`, ids like `tbx_...`, `syncDelegated=true`
+
+For OpenClaw maintainer broad `pnpm` gates, Blacksmith Testbox through the
+Crabbox wrapper is acceptable and often preferred when the standing Testbox
+rules apply. Do not describe those runs as "AWS Crabbox"; report them as
+Testbox-through-Crabbox with the `tbx_...` id and Actions run.
+
+Use the repo `.crabbox.yaml` brokered AWS path when the task specifically needs
+direct AWS Crabbox behavior, persistent direct-provider leases, `--fresh-pr`,
+`--full-resync`, environment forwarding, capture/download support, or provider
+comparison. Use `--provider blacksmith-testbox` when the task needs OpenClaw
+maintainer Testbox proof, prepared CI environment, broad/heavy pnpm gates, or
+the user asks for Testbox/Blacksmith.
 
 ## First Checks
 
@@ -34,10 +43,15 @@ pnpm crabbox:run -- --help | sed -n '1,120p'
 
 - OpenClaw scripts prefer `../crabbox/bin/crabbox` when present. The user PATH
   shim can be stale.
-- Check `.crabbox.yaml` for repo defaults and honor them. For normal Linux
-  validation, omit `--provider` so the wrapper uses brokered AWS.
-- Pass `--provider blacksmith-testbox` only for explicit Blacksmith/Testbox
-  work or a deliberate comparison.
+- Check `.crabbox.yaml` for direct-provider defaults. Omitting `--provider`
+  means brokered AWS today.
+- For broad OpenClaw maintainer `pnpm` gates, prefer the repo wrapper with
+  `--provider blacksmith-testbox` or the repo Testbox helpers when the standing
+  Testbox policy applies.
+- Always report the actual provider and id. `cbx_...` means AWS Crabbox;
+  `tbx_...` means Blacksmith Testbox through Crabbox. If the output only says
+  `blacksmith testbox list`, use `blacksmith testbox list --all` before
+  concluding no box exists.
 - If a warm direct-provider lease smells stale, retry with `--full-resync`
   (alias `--fresh-sync`) before replacing the lease. This resets the remote
   workdir, skips the fingerprint fast path, reseeds Git when possible, and
@@ -64,6 +78,22 @@ Use these only when the task needs an existing non-Linux host. OpenClaw broad
 Linux validation uses the repo Crabbox config unless a provider is explicitly
 requested.
 
+When the user explicitly asks for brokered macOS runners, use Crabbox AWS
+macOS only after confirming the deployed coordinator supports EC2 Mac host
+lifecycle/image routes and the operator has AWS EC2 Mac Dedicated Host quota
+and IAM. Prefer `CRABBOX_HOST_ID` for a known Crabbox-managed Dedicated Host,
+or run the no-spend preflight first:
+
+```sh
+crabbox admin hosts quota --provider aws --target macos --region eu-west-1 --type mac2.metal --json
+crabbox admin hosts allocate --provider aws --target macos --region eu-west-1 --type mac2.metal --dry-run --json
+CRABBOX_MACOS_TYPES=all scripts/macos-host-region-preflight.sh
+```
+
+Do not silently substitute AWS macOS for normal OpenClaw Linux proof. Report
+paid-host blockers as quota, IAM, coordinator deployment, or host availability
+instead of falling back to local macOS.
+
 Crabbox supports static SSH targets:
 
 ```sh
@@ -83,11 +113,10 @@ Crabbox supports static SSH targets:
   with `../crabbox/bin/crabbox run --help`, config/flag tests, and the Crabbox
   Go test suite.
 
-## Default Brokered AWS Backend
+## Direct Brokered AWS Backend
 
-Use this for `pnpm check`, `pnpm check:changed`, `pnpm test`,
-`pnpm test:changed`, Docker/E2E/live/package gates, or anything likely to fan
-out across many Vitest projects.
+Use this when the task needs direct AWS Crabbox semantics rather than the
+prepared Blacksmith Testbox CI environment.
 
 Changed gate:
 
@@ -124,9 +153,9 @@ pnpm crabbox:run -- \
 
 Read the JSON summary. Useful fields:
 
-- `provider`: should normally be `aws`
+- `provider`: `aws`
 - `leaseId`: `cbx_...`
-- `syncDelegated`: should normally be `false`
+- `syncDelegated`: `false`
 - `commandPhases`: populated when the command prints `CRABBOX_PHASE:<name>`
 - `commandMs` / `totalMs`
 - `exitCode`
@@ -138,6 +167,41 @@ cleanup when a run fails, is interrupted, or the command output is unclear:
 ../crabbox/bin/crabbox list --provider aws
 ```
 
+## Blacksmith Testbox Through Crabbox
+
+Use this for OpenClaw maintainer broad/heavy `pnpm` gates when the prepared CI
+environment is the right proof surface:
+
+```sh
+node scripts/crabbox-wrapper.mjs run \
+  --provider blacksmith-testbox \
+  --blacksmith-org openclaw \
+  --blacksmith-workflow .github/workflows/ci-check-testbox.yml \
+  --blacksmith-job check \
+  --blacksmith-ref main \
+  --idle-timeout 90m \
+  --ttl 240m \
+  --timing-json \
+  -- \
+  CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 OPENCLAW_TESTBOX=1 OPENCLAW_TESTBOX_REMOTE_RUN=1 pnpm check:changed
+```
+
+Read the JSON summary and the Testbox line. Useful fields:
+
+- `provider`: `blacksmith-testbox`
+- `leaseId`: `tbx_...`
+- `syncDelegated`: `true`
+- `syncPhases`: delegated/skipped because Blacksmith owns checkout/sync
+- Actions run URL/id from the Testbox output
+- `exitCode`
+
+`blacksmith testbox list` may hide hydrating or ready boxes. Use:
+
+```sh
+blacksmith testbox list --all
+blacksmith testbox status <tbx_id>
+```
+
 ## Observability Flags
 
 Use these on debugging runs before inventing ad hoc logging:
@@ -223,6 +287,13 @@ Use the smallest Crabbox lane that proves the reported user path, not just the
 touched code. Aim for one after-fix E2E proof before commenting, closing, or
 opening a PR for a user-visible bug.
 
+When the user says "test in Crabbox", do not simply copy tests to the remote
+box and run them there. Crabbox is for remote real-scenario proof: copy or
+install OpenClaw as the user would, run the same setup/update/CLI/Gateway/API
+call that failed, and capture behavior from that entrypoint. For regressions or
+bug reports, prove the broken state first when feasible, then run the same
+scenario after the fix.
+
 Pick the lane by symptom:
 
 - Docker/setup/install bug: build a package tarball and run the matching
@@ -244,8 +315,9 @@ Pick the lane by symptom:
 
 Efficient flow:
 
-1. Reproduce or prove the pre-fix symptom when feasible. If the issue cannot be
-   reproduced, capture the exact command and observed behavior instead.
+1. Reproduce or prove the pre-fix symptom from the real user-facing entrypoint
+   when feasible. If the issue cannot be reproduced, capture the exact command
+   and observed behavior instead.
 2. Patch locally and run narrow local tests for edit speed.
 3. Run one Crabbox E2E command that starts from the user-facing entrypoint:
    package install, Docker setup, onboarding, channel add, gateway start, or
@@ -353,18 +425,18 @@ Common desktop flow:
 
 ```sh
 ../crabbox/bin/crabbox warmup --provider hetzner --desktop --browser --class standard --idle-timeout 60m --ttl 240m
-../crabbox/bin/crabbox desktop launch --provider hetzner --id <cbx_id-or-slug> --browser --url https://example.com --webvnc --open
+../crabbox/bin/crabbox desktop launch --provider hetzner --id <cbx_id-or-slug> --browser --url https://example.com --webvnc --open --take-control
 ```
 
 Useful WebVNC commands:
 
 ```sh
-../crabbox/bin/crabbox webvnc --provider hetzner --id <cbx_id-or-slug> --open
-../crabbox/bin/crabbox webvnc daemon start --provider hetzner --id <cbx_id-or-slug> --open
+../crabbox/bin/crabbox webvnc --provider hetzner --id <cbx_id-or-slug> --open --take-control
+../crabbox/bin/crabbox webvnc daemon start --provider hetzner --id <cbx_id-or-slug> --open --take-control
 ../crabbox/bin/crabbox webvnc daemon status --provider hetzner --id <cbx_id-or-slug>
 ../crabbox/bin/crabbox webvnc daemon stop --provider hetzner --id <cbx_id-or-slug>
 ../crabbox/bin/crabbox webvnc status --provider hetzner --id <cbx_id-or-slug>
-../crabbox/bin/crabbox webvnc reset --provider hetzner --id <cbx_id-or-slug> --open
+../crabbox/bin/crabbox webvnc reset --provider hetzner --id <cbx_id-or-slug> --open --take-control
 ../crabbox/bin/crabbox desktop doctor --provider hetzner --id <cbx_id-or-slug>
 ../crabbox/bin/crabbox desktop click --provider hetzner --id <cbx_id-or-slug> --x 640 --y 420
 ../crabbox/bin/crabbox desktop paste --provider hetzner --id <cbx_id-or-slug> --text "user@example.com"
@@ -377,6 +449,32 @@ Useful WebVNC commands:
 browser/app inside the visible session, bridges the lease into the authenticated
 WebVNC portal, and opens the portal. Keep browsers windowed for human QA; use
 `--fullscreen` only for capture/video workflows.
+For human handoff, include `--take-control` so the opened portal viewer gets
+keyboard/mouse control automatically instead of landing as an observer.
+
+Human handoff preflight:
+
+- Do not assume a visible desktop or launched browser means the repo CLI/app is
+  installed, built, or on the interactive terminal's `PATH`.
+- Before handing WebVNC to a human tester, prove the expected command from the
+  same kept lease and from a neutral directory such as `~`.
+- If the handoff needs repo-local code, sync/build/link it explicitly on that
+  lease. Source-tree CLIs often need build output before a symlink works.
+- Prefer a real `command -v <expected-command> && <expected-command> --version`
+  check over a repo-root-only `pnpm ...` command.
+
+Generic handoff repair pattern:
+
+```sh
+../crabbox/bin/crabbox run --id <cbx_id-or-slug> --full-resync --shell -- \
+  "set -euo pipefail
+   pnpm install --frozen-lockfile
+   pnpm build
+   sudo ln -sf \"\$PWD/<cli-entry>\" /usr/local/bin/<expected-command>
+   cd ~
+   command -v <expected-command>
+   <expected-command> --version"
+```
 
 ## If Crabbox Fails
 

.agents/skills/discrawl/SKILL.md

@@ -0,0 +1,44 @@
+---
+name: discrawl
+description: "Discord archive: search, sync freshness, DMs, channel slices, SQL counts, and Discrawl repo work."
+metadata:
+  openclaw:
+    homepage: https://github.com/openclaw/discrawl
+    requires:
+      bins:
+        - discrawl
+    install:
+      - kind: go
+        module: github.com/openclaw/discrawl/cmd/discrawl@latest
+        bins:
+          - discrawl
+---
+
+# Discrawl
+
+Use local Discord archive data before live Discord APIs. Check freshness for recent/current questions:
+
+```bash
+discrawl status --json
+discrawl doctor
+```
+
+Refresh only when stale or asked:
+
+```bash
+discrawl sync --source wiretap
+discrawl sync
+```
+
+Query with bounded slices:
+
+```bash
+DISCRAWL_NO_AUTO_UPDATE=1 discrawl search --limit 20 "query"
+discrawl messages --channel '#maintainers' --days 7 --all
+discrawl dms --last 20
+DISCRAWL_NO_AUTO_UPDATE=1 discrawl --json sql "select count(*) from messages;"
+```
+
+Report absolute date spans, channel/DM names, counts, and known gaps. Use read-only SQL for exact counts/rankings. Never use `--unsafe --confirm` unless the user explicitly requests a reviewed DB mutation.
+
+Boundaries: bot sync needs configured Discord bot credentials. Wiretap reads local Discord Desktop artifacts only; do not extract user tokens, call Discord as the user, or write to Discord storage. Git-share snapshots must not include secrets or `@me` DM rows.

.agents/skills/discrawl/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Discrawl"
+  short_description: "Search local Discord archives and freshness"
+  default_prompt: "Use $discrawl to search local Discord archives, check freshness, inspect DMs or channel slices, and report exact date spans and source gaps."

.agents/skills/gitcrawl/SKILL.md

@@ -1,68 +1,50 @@
 ---
 name: gitcrawl
-description: Use gitcrawl for OpenClaw issue and PR archive search, duplicate discovery, related-thread clustering, and local GitHub mirror freshness checks.
+description: "GitHub archive: issue/PR search, sync freshness, duplicate clusters, gh-shim PR status, and Gitcrawl repo work."
 metadata:
   openclaw:
+    homepage: https://github.com/openclaw/gitcrawl
     requires:
       bins:
         - gitcrawl
+    install:
+      - kind: go
+        module: github.com/openclaw/gitcrawl/cmd/gitcrawl@latest
+        bins:
+          - gitcrawl
 ---
 
 # Gitcrawl
 
-Use this skill before live GitHub search when triaging OpenClaw issues or PRs.
-
-`gitcrawl` is the local candidate-discovery layer. It is fast, includes open and closed threads, and can surface duplicate attempts, related issues, and already-landed fixes. It is not the final source of truth for comments, labels, merges, closes, or current CI.
-
-## Default Flow
-
-1. Check local state:
+Use local GitHub issue/PR archives before live GitHub search. Check freshness first:
 
 ```bash
 gitcrawl doctor --json
 ```
 
-2. Read the target from the local archive:
+Find candidates:
 
 ```bash
 gitcrawl threads openclaw/openclaw --numbers <issue-or-pr-number> --include-closed --json
-```
-
-3. Find related candidates:
-
-```bash
 gitcrawl neighbors openclaw/openclaw --number <issue-or-pr-number> --limit 12 --json
-gitcrawl search openclaw/openclaw --query "<scope or title keywords>" --mode hybrid --limit 20 --json
+gitcrawl search issues "query" -R openclaw/openclaw --state open --json number,title,url
+gitcrawl clusters openclaw/openclaw --sort size --min-size 5
+gitcrawl cluster-detail openclaw/openclaw --id <cluster-id>
 ```
 
-4. Inspect relevant clusters:
+For PR triage, start cached and go live only before mutation/merge decisions:
 
 ```bash
-gitcrawl cluster-detail openclaw/openclaw --id <cluster-id> --member-limit 20 --body-chars 280 --json
+gitcrawl gh pr status <number-or-url> -R openclaw/openclaw --compact
+gitcrawl gh pr view <number-or-url> -R openclaw/openclaw --json number,title,state,url,isDraft,headRef,headSha
+gitcrawl gh --live pr status <number-or-url> -R openclaw/openclaw --compact
 ```
 
-5. Verify anything actionable with live GitHub and the checkout:
+Use live `gh` plus checkout proof before commenting, labeling, closing, reopening, merging, or filing a PR review:
 
 ```bash
 gh pr view <number> --json number,title,state,mergedAt,body,files,comments,reviews,statusCheckRollup
 gh issue view <number> --json number,title,state,body,comments,closedAt
 ```
 
-## Freshness Rules
-
-- Treat `gitcrawl` as stale if `doctor` shows no target thread, an old `last_sync_at`, missing embeddings for neighbor/search commands, or a clearly wrong open/closed state.
-- If stale data blocks the decision, refresh the portable store first:
-
-```bash
-gitcrawl init --portable-store git@github.com:openclaw/gitcrawl-store.git --json
-```
-
-- Run expensive update commands such as `gitcrawl sync --include-comments` only when the user asked to update the local store or stale data is blocking the decision.
-- The sync default is all GitHub thread states; pass `--state open`, `--state closed`, or `--state all` only when a task requires a narrower or explicit scope.
-
-## Boundaries
-
-- Use `gitcrawl` for candidates, clusters, and historical context.
-- Use `gh`, `gh api`, and the current checkout for live state before commenting, labeling, closing, reopening, merging, or filing a PR review.
-- Do not close or label based only on `gitcrawl` similarity. Require matching problem intent plus live verification.
-- If `gitcrawl` is unavailable, say so and fall back to targeted `gh search` rather than blocking normal maintainer work.
+Report absolute dates, repo names, issue/PR numbers, cluster ids, and source gaps. Do not close/label from similarity alone; require matching intent plus live verification.

.agents/skills/graincrawl/SKILL.md

@@ -0,0 +1,44 @@
+---
+name: graincrawl
+description: "Granola archive: search, sync freshness, notes, transcripts, panels, SQL counts, and Graincrawl repo work."
+metadata:
+  openclaw:
+    homepage: https://github.com/openclaw/graincrawl
+    requires:
+      bins:
+        - graincrawl
+    install:
+      - kind: go
+        module: github.com/vincentkoc/graincrawl/cmd/graincrawl@latest
+        bins:
+          - graincrawl
+---
+
+# Graincrawl
+
+Use local Granola archive data first. Check freshness for recent/current questions:
+
+```bash
+graincrawl doctor --json
+graincrawl status --json
+```
+
+Refresh only when stale or asked:
+
+```bash
+graincrawl sync --source private-api
+graincrawl sync --source desktop-cache
+```
+
+Query with bounded reads:
+
+```bash
+graincrawl search "query"
+graincrawl notes --json
+graincrawl note get <id>
+graincrawl transcripts get <id>
+graincrawl panels get <id>
+graincrawl --json sql "select count(*) as notes from notes;"
+```
+
+Report absolute date spans, note titles, source gaps, and transcript/panel availability. Use read-only SQL for exact counts/rankings. Before encrypted source debugging, run explicit unlock/secrets checks; do not surprise-prompt Keychain.

.agents/skills/graincrawl/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Graincrawl"
+  short_description: "Search local Granola notes and transcripts"
+  default_prompt: "Use $graincrawl to search local Granola notes, transcripts, and panels, check freshness, and report exact date spans and source gaps."

.agents/skills/notcrawl/SKILL.md

@@ -0,0 +1,42 @@
+---
+name: notcrawl
+description: "Notion archive: search, sync freshness, pages/databases, Markdown exports, SQL counts, and Notcrawl repo work."
+metadata:
+  openclaw:
+    homepage: https://github.com/openclaw/notcrawl
+    requires:
+      bins:
+        - notcrawl
+    install:
+      - kind: go
+        module: github.com/vincentkoc/notcrawl/cmd/notcrawl@latest
+        bins:
+          - notcrawl
+---
+
+# Notcrawl
+
+Use local Notion archive data before browsing or live Notion API calls. Check freshness for recent/current questions:
+
+```bash
+notcrawl doctor
+notcrawl status --json
+```
+
+Refresh only when stale or asked:
+
+```bash
+notcrawl sync --source desktop
+notcrawl sync --source api
+```
+
+Query with bounded reads:
+
+```bash
+notcrawl search "query"
+notcrawl databases
+notcrawl report
+notcrawl sql "select count(*) from pages;"
+```
+
+Report workspace/teamspace, page/database titles, absolute date spans, counts, and known gaps. Use read-only SQL only; never mutate the archive. API mode requires `NOTION_TOKEN`; do not assume token availability.

.agents/skills/notcrawl/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Notcrawl"
+  short_description: "Search local Notion archives and freshness"
+  default_prompt: "Use $notcrawl to search local Notion pages and databases, check freshness, inspect exports, and report exact date spans and source gaps."

.agents/skills/openclaw-docker-e2e-authoring/SKILL.md

@@ -0,0 +1,64 @@
+---
+name: openclaw-docker-e2e-authoring
+description: "Author OpenClaw Docker E2E and live provider Docker lanes."
+---
+
+# OpenClaw Docker E2E Authoring
+
+Use this when adding or changing Docker E2E lanes, release-path Docker tests,
+or live-provider Docker proof.
+
+## Lane Choice
+
+- Deterministic Docker: fake the dependency/server and assert the exact runtime
+  contract crossing the boundary.
+- Live Docker: use real provider credentials/model only when user-visible
+  behavior needs the real service.
+- Prefer both when they prove different risks: deterministic for byte/payload
+  routing, live for actual provider behavior.
+
+## Authoring Rules
+
+- Test-only helpers live in `test/helpers` or `scripts/e2e/lib/<lane>/`, not
+  `src/**`, unless production imports them.
+- Package-installed app runs from `/app`; mount only explicit harness/helper
+  paths read-only.
+- Fake servers should log boundary requests as JSONL and clients should assert
+  the real dependency payload, not just process success.
+- Add the package script and `scripts/lib/docker-e2e-scenarios.mjs` lane in the
+  same change.
+- If a lane installs a plugin from npm, default the spec via env so published
+  and local override paths are both testable.
+
+## Media And Vision
+
+- Expected answer must exist only in pixels or provider output being tested.
+- Use neutral filenames, neutral prompts, and no metadata leaks.
+- Random bitmap/OCR tokens reuse the repo OCR-safe alphabet `24567ACEF` unless
+  the test owns a stronger glyph set.
+- Make the expected answer unique per run when proving real image
+  understanding.
+
+## `chat.send` E2E
+
+- Require `chat.send` to return `status: "started"` and a string `runId`.
+- Wait for completion with `agent.wait`.
+- Assert final user-visible text via `chat.history` when event ordering is not
+  the behavior under test.
+- Keep originating channel/account metadata only when the bug path needs queued
+  inbound/channel context.
+
+## Verification
+
+Run the smallest proof that covers the touched lane:
+
+```bash
+pnpm exec oxfmt --write <changed files>
+node --check <new .mjs files>
+bash -n <new .sh files>
+node scripts/run-vitest.mjs test/scripts/docker-e2e-plan.test.ts
+OPENCLAW_SKIP_DOCKER_BUILD=1 pnpm test:docker:<lane>
+```
+
+For real-provider lanes, run the matching live Docker script after deterministic
+Docker is green. Finish with `$autoreview` before commit/PR.

.agents/skills/openclaw-mac-release/SKILL.md

@@ -0,0 +1,95 @@
+---
+name: openclaw-mac-release
+description: "Run or recover OpenClaw macOS release signing, notarization, appcast, and asset promotion."
+---
+
+# OpenClaw Mac Release
+
+Use with `$openclaw-release-maintainer`, `$openclaw-release-ci`, and `$one-password` when stable macOS assets, private mac preflight, notarization, appcast promotion, or mac release recovery is involved.
+
+## Credentials
+
+- Canonical ASC item: vault `Molty`, title `API Key - App Store Connect - Personal - Release`.
+- Fields: `private_key_p8`, `key_id`, `issuer_id`.
+- Current known good key id: `AKVLXW849T`.
+- Legacy mirror: vault `Private`, title `API Key - App Store Connect - Personal`; keep it synced for older refs.
+- Stale/revoked key symptom: `xcrun notarytool submit` fails with `HTTP status code: 401. Unauthenticated`.
+- Validate candidate ASC credentials with `xcrun notarytool history` before setting GitHub secrets.
+
+## 1Password
+
+- Use `$one-password`: all `op` work inside one persistent tmux session, no secret output.
+- Prefer `OP_SERVICE_ACCOUNT_TOKEN` from `~/.profile` for Molty reads.
+- Do not assume `MOLTY_OP_SERVICE_ACCOUNT_TOKEN` is alive; it has previously pointed at a deleted service account.
+- If a service token fails, run status-only checks: token present/length and `op whoami`; never print token values.
+- If desktop app auth is needed but Touch ID is unavailable, set `OP_BIOMETRIC_UNLOCK_ENABLED=false` for the manual `op account add --signin` path.
+
+## GitHub Secrets
+
+Target private repo environment: `openclaw/releases-private`, env `mac-release`.
+
+Set only after local notary auth validation:
+
+- `APP_STORE_CONNECT_API_KEY_P8`
+- `APP_STORE_CONNECT_KEY_ID`
+- `APP_STORE_CONNECT_ISSUER_ID`
+
+Do not update these from mixed sources. All three ASC fields must come from the same 1Password item.
+
+## Workflow Shape
+
+- Public release branch may carry mac-only packaging fixes after the stable tag/npm are already live.
+- Use `source_ref=release/YYYY.M.D` for private mac preflight/validation when building that branch variation.
+- Keep `tag=vYYYY.M.D` pointing at the original stable release commit.
+- Real mac publish must reuse:
+  - a successful private mac preflight run for the same tag/source SHA
+  - a successful private mac validation run for the same tag/source SHA
+- If preflight source SHA differs from tag SHA, validation must also use the same `source_ref`; promotion rejects mismatched proof.
+
+## Notarization
+
+- OpenClaw uses `scripts/notarize-mac-artifact.sh`.
+- `xcrun notarytool submit` should use `--no-s3-acceleration`; accelerated upload can surface misleading 401s even when `notarytool history` succeeds.
+- If signing succeeds but notarization fails immediately with 401, check ASC key freshness first.
+- If notarization stays in progress for several minutes after key-file write, that is normal Apple wait time; do not edit blindly.
+
+## Dispatch
+
+Private preflight:
+
+```bash
+gh workflow run openclaw-macos-publish.yml --repo openclaw/releases-private --ref main \
+  -f tag=vYYYY.M.D \
+  -f source_ref=release/YYYY.M.D \
+  -f preflight_only=true \
+  -f smoke_test_only=false \
+  -f allow_late_calver_recovery=false \
+  -f public_release_branch=release/YYYY.M.D
+```
+
+Private validation for a branch-variation preflight:
+
+```bash
+gh workflow run openclaw-macos-validate.yml --repo openclaw/releases-private --ref main \
+  -f tag=vYYYY.M.D \
+  -f source_ref=release/YYYY.M.D
+```
+
+Real publish:
+
+```bash
+gh workflow run openclaw-macos-publish.yml --repo openclaw/releases-private --ref main \
+  -f tag=vYYYY.M.D \
+  -f preflight_only=false \
+  -f smoke_test_only=false \
+  -f preflight_run_id=<successful-preflight-run> \
+  -f validate_run_id=<successful-validation-run> \
+  -f allow_late_calver_recovery=false \
+  -f public_release_branch=release/YYYY.M.D
+```
+
+## Verify
+
+- `gh release view vYYYY.M.D --repo openclaw/openclaw` shows zip, dmg, dSYM zip, not draft, not prerelease.
+- Public `main` `appcast.xml` points at `OpenClaw-YYYY.M.D.zip`.
+- Appcast entry has `sparkle:version`, `sparkle:shortVersionString`, length, and `sparkle:edSignature`.

.agents/skills/openclaw-pr-maintainer/SKILL.md

@@ -24,6 +24,36 @@ gitcrawl search openclaw/openclaw --query "<scope or title keywords>" --mode hyb
 gitcrawl cluster-detail openclaw/openclaw --id <cluster-id> --member-limit 20 --body-chars 280 --json
 ```
 
+## Claim specific review targets
+
+When a maintainer asks Codex to review, triage, fix, or land a specific OpenClaw issue/PR, check assignment before deep work.
+
+- Identify the requesting maintainer's GitHub login. In this environment, default Peter to `steipete`; if another maintainer is clearly the requester, use that maintainer's bare login.
+- Read current assignees with live `gh issue view` / `gh pr view`; `gitcrawl` is not enough for assignment state.
+- If unassigned, assign the requester before deep review. This is allowed for specific requested targets; do not auto-assign broad discovery candidates or shortlists.
+- If assigned to someone else, say so clearly before analysis and include assignment age:
+  - fresh: assigned within 6h; treat as actively owned unless user explicitly asks to continue or reassign
+  - stale: assigned 6h+ ago; treat as ownership hint, not a hard block; continue only with that caveat
+- If assigned to requester plus others, mention co-assignees and continue.
+- If assignment event time is unavailable, say `assigned, time unknown`; treat as assigned, not stale.
+- Never remove or replace assignees unless explicitly asked.
+
+Assignment time proof:
+
+```bash
+gh api "repos/openclaw/openclaw/issues/<number>/timeline" --paginate \
+  -H "Accept: application/vnd.github+json" \
+  --jq '[.[] | select(.event=="assigned") | {assignee:.assignee.login, assigner:.assigner.login, actor:.actor.login, created_at}]'
+```
+
+Use the newest `assigned` event for each current assignee. Issue timeline events expose `created_at`; GitHub GraphQL `AssignedEvent.createdAt` is also valid when REST pagination is awkward.
+
+Claim command for issues or PRs:
+
+```bash
+gh api -X POST "repos/openclaw/openclaw/issues/<number>/assignees" -f 'assignees[]=<login>' >/dev/null
+```
+
 ## Surface opener identity
 
 - For every reviewed, triaged, closed, or landed issue/PR, show the opener's human name when available, GitHub login, and account age.
@@ -217,6 +247,7 @@ gh search issues --repo openclaw/openclaw --match title,body --limit 50 \
   not correctness findings.
 - If bot review conversations exist on your PR, address them and resolve them yourself once fixed.
 - Leave a review conversation unresolved only when reviewer or maintainer judgment is still needed.
+- Before landing any PR with non-trivial code changes, run `$autoreview` until no accepted/actionable findings remain, unless equivalent manual review already covered it, the change is trivial/docs-only, or the user opts out.
 - When landing or merging any PR, follow the global `/landpr` process.
 - Use `scripts/committer "<msg>" <file...>` for scoped commits instead of manual `git add` and `git commit`.
 - Keep commit messages concise and action-oriented.

.agents/skills/openclaw-secret-scanning-maintainer/SKILL.md

@@ -34,10 +34,10 @@ Supports single or multiple alerts. For multiple alerts, process in ascending or
 For each alert:
 
 1. **Identify** — `fetch-alert` + `fetch-content` to get metadata and body
-2. **Decide** — Agent reads the body file, identifies all secrets, produces redacted version
-3. **Redact** — `redact-body` for issue/PR body; skip for comments (delete directly)
+2. **Decide** — Agent reads the body file, identifies whether plaintext secrets remain, and produces a redacted version only when needed
+3. **Redact** — `redact-body-if-needed` for issue/PR body; skip for comments (delete directly)
 4. **Purge** — `delete-comment` + `recreate-comment` for comments; cannot purge body history
-5. **Notify** — `notify` posts the right template per location type
+5. **Notify** — `notify` posts the right template per location type, unless the current issue/PR body is already redacted
 6. **Resolve** — `resolve` closes the alert
 7. **Summary** — `summary` prints formatted results
 
@@ -81,11 +81,20 @@ The `fetch-content` output includes:
 The agent reads the body file from `fetch-content` output and:
 
 1. Identifies ALL secrets in the content (there may be more than the alert flagged)
-2. Replaces each secret with `[REDACTED <secret_type>]` — **no partial values, no prefix/suffix**
-3. Saves the redacted content to a new temp file
+2. Determines whether any plaintext credential remains in the current body
+3. Replaces each remaining secret with `[REDACTED <secret_type>]` — **no partial values, no prefix/suffix**
+4. Saves the redacted content to a new temp file
 
 This is the only step that requires semantic understanding. Everything else is mechanical.
 
+For `issue_body` and `pull_request_body`: if the current body has already been redacted by the author and no plaintext credential remains, **do not post a public notification comment**. Resolve the alert with a maintainer-only resolution comment such as:
+
+```bash
+node secret-scanning.mjs resolve <ALERT_NUMBER> revoked "Current issue/PR body is already redacted; no public notification posted."
+```
+
+This avoids creating a fresh public pointer to historical sensitive content.
+
 ## Step 3: Redact
 
 ### For comments (issue_comment / PR comments)
@@ -95,9 +104,11 @@ This is the only step that requires semantic understanding. Everything else is m
 ### For issue_body / pull_request_body
 
 ```bash
-node secret-scanning.mjs redact-body <issue|pr> <NUMBER> <redacted-body-file>
+node secret-scanning.mjs redact-body-if-needed <issue|pr> <NUMBER> <current-body-file> <redacted-body-file> <result-file>
 ```
 
+Use the `body_file` from `fetch-content` as `<current-body-file>`. The command writes `notify_required` to `<result-file>` and only PATCHes the body when the redacted file differs from the current body.
+
 ## Step 4: Purge Edit History
 
 ### Comments — Delete and Recreate
@@ -134,10 +145,12 @@ The recreated comment should follow this format:
 <redacted original content>
 ```
 
-### issue_body / pull_request_body — Cannot Purge
+### issue_body / pull_request_body — Cannot Purge Edit History
 
 Editing creates an edit history revision with the pre-edit plaintext. This cannot be cleared via API.
 
+Do not advise authors publicly to delete/recreate issues or close/reopen PRs. That can draw attention to historical content. Keep purge guidance maintainer-only.
+
 **Output to maintainer terminal only (never in public comments):**
 
 ```
@@ -155,12 +168,13 @@ Cannot clean. Notify author to delete branch or force-push (for unmerged PRs).
 ## Step 5: Notify
 
 ```bash
-node secret-scanning.mjs notify <TARGET> <AUTHOR> <LOCATION_TYPE> <SECRET_TYPES> [REPLY_TO_NODE_ID]
+node secret-scanning.mjs notify <TARGET> <AUTHOR> <LOCATION_TYPE> <SECRET_TYPES> [REPLY_TO_NODE_ID|BODY_REDACTION_RESULT_FILE]
 ```
 
 - For non-discussion types, `<TARGET>` is the issue/PR number.
 - For `discussion_comment`, `<TARGET>` is the `discussion_node_id` returned by `fetch-content`.
 - For reply-style `discussion_comment` locations, pass the optional `reply_to_node_id` from `fetch-content` so the notification stays in the same thread.
+- For `issue_body` and `pull_request_body`, pass the `<result-file>` from `redact-body-if-needed`. The script skips notification when `notify_required` is `false` and refuses body notifications without this file.
 
 Secret types are comma-separated: `"Discord Bot Token,Feishu App Secret"`
 
@@ -170,6 +184,8 @@ The script picks the right template:
 - **body types**: "your issue/PR description … redacted in place"
 - **commit**: "code you committed"
 
+For `issue_body` and `pull_request_body`, only notify when the current body still contained plaintext and maintainers redacted it. If the user already redacted the current body, skip this step and resolve silently.
+
 ## Step 6: Resolve
 
 ```bash
@@ -178,7 +194,7 @@ node secret-scanning.mjs resolve <ALERT_NUMBER>
 node secret-scanning.mjs resolve <ALERT_NUMBER> revoked "Custom comment"
 ```
 
-Resolution is `revoked` by default. As maintainers we cannot control whether users rotate — our responsibility is to redact + notify. The `revoked` means "this secret should be considered leaked", not "I confirmed it was revoked".
+Resolution is `revoked` by default. As maintainers we cannot control whether users rotate — our responsibility is to remove current plaintext exposure and notify only when public notification is useful. The `revoked` means "this secret should be considered leaked", not "I confirmed it was revoked".
 
 ## Step 7: Summary
 

.agents/skills/openclaw-secret-scanning-maintainer/scripts/secret-scanning.mjs

@@ -7,6 +7,7 @@ import crypto from "node:crypto";
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
+import { pathToFileURL } from "node:url";
 
 const REPO = "openclaw/openclaw";
 const REPO_URL = `https://github.com/${REPO}`;
@@ -50,6 +51,34 @@ function ghGraphQL(query, options = {}) {
   return gh(["api", "graphql", "-f", `query=${query}`], options);
 }
 
+function isBodyLocationType(locationType) {
+  return locationType === "issue_body" || locationType === "pull_request_body";
+}
+
+export function decideBodyRedaction(currentBody, redactedBody) {
+  const bodyChanged = String(currentBody) !== String(redactedBody);
+  return {
+    body_changed: bodyChanged,
+    notify_required: bodyChanged,
+  };
+}
+
+export function loadBodyRedactionResult(locationType, resultFile) {
+  if (!isBodyLocationType(locationType)) {
+    return { notify_required: true };
+  }
+  if (!resultFile) {
+    fail("Body notifications require a redaction result file from redact-body-if-needed");
+  }
+  if (!fs.existsSync(resultFile)) fail(`File not found: ${resultFile}`);
+
+  const result = JSON.parse(fs.readFileSync(resultFile, "utf8"));
+  if (typeof result.notify_required !== "boolean") {
+    fail(`Invalid redaction result file: missing boolean notify_required in ${resultFile}`);
+  }
+  return result;
+}
+
 function failOnGraphQLFailure(result, message) {
   if (result?.gh_failed) {
     const details = (
@@ -470,6 +499,43 @@ function cmdRedactBody(kind, number, bodyFile) {
   console.log(JSON.stringify({ ok: true, kind, number: Number(number) }));
 }
 
+/**
+ * redact-body-if-needed <issue|pr> <number> <current-body-file> <redacted-body-file> <result-file>
+ * PATCH only when the agent-produced redacted body differs from the current body.
+ */
+function cmdRedactBodyIfNeeded(kind, number, currentBodyFile, redactedBodyFile, resultFile) {
+  if (!kind || !number || !currentBodyFile || !redactedBodyFile || !resultFile) {
+    fail(
+      "Usage: redact-body-if-needed <issue|pr> <number> <current-body-file> <redacted-body-file> <result-file>",
+    );
+  }
+  if (!fs.existsSync(currentBodyFile)) fail(`File not found: ${currentBodyFile}`);
+  if (!fs.existsSync(redactedBodyFile)) fail(`File not found: ${redactedBodyFile}`);
+
+  const currentBody = fs.readFileSync(currentBodyFile, "utf8");
+  const redactedBody = fs.readFileSync(redactedBodyFile, "utf8");
+  const decision = decideBodyRedaction(currentBody, redactedBody);
+  const result = {
+    ok: true,
+    kind,
+    number: Number(number),
+    ...decision,
+  };
+
+  if (decision.body_changed) {
+    const endpoint =
+      kind === "pr" ? `repos/${REPO}/pulls/${number}` : `repos/${REPO}/issues/${number}`;
+    gh(["api", endpoint, "-X", "PATCH", "-F", `body=@${redactedBodyFile}`]);
+    result.redacted = true;
+  } else {
+    result.redacted = false;
+    result.reason = "current_body_already_redacted";
+  }
+
+  fs.writeFileSync(resultFile, `${JSON.stringify(result, null, 2)}\n`, { mode: 0o600 });
+  console.log(JSON.stringify(result));
+}
+
 /**
  * delete-comment <comment-id>
  * Delete a comment (and all its edit history).
@@ -555,6 +621,17 @@ function cmdNotify(target, author, locationType, secretTypes, replyToNodeId) {
 
   const types = secretTypes.split(",").map((s) => s.trim());
   const typeList = types.map((t, i) => `${i + 1}. **${t}**`).join("\n");
+  const redactionResult = loadBodyRedactionResult(locationType, replyToNodeId);
+  if (isBodyLocationType(locationType) && !redactionResult.notify_required) {
+    console.log(
+      JSON.stringify({
+        ok: true,
+        skipped: true,
+        reason: "current_body_already_redacted",
+      }),
+    );
+    return;
+  }
 
   let locationDesc;
   let actionDesc;
@@ -758,12 +835,13 @@ function cmdSummary(jsonFile) {
 
 // ─── Dispatch ───────────────────────────────────────────────────────────────
 
-const [command, ...args] = process.argv.slice(2);
+const args = [];
 
-const commands = {
+export const commands = {
   "fetch-alert": () => cmdFetchAlert(args[0]),
   "fetch-content": () => cmdFetchContent(args[0]),
   "redact-body": () => cmdRedactBody(args[0], args[1], args[2]),
+  "redact-body-if-needed": () => cmdRedactBodyIfNeeded(args[0], args[1], args[2], args[3], args[4]),
   "delete-comment": () => cmdDeleteComment(args[0]),
   "delete-discussion-comment": () => cmdDeleteDiscussionComment(args[0]),
   "recreate-comment": () => cmdRecreateComment(args[0], args[1]),
@@ -774,26 +852,37 @@ const commands = {
   summary: () => cmdSummary(args[0]),
 };
 
-if (!command || !commands[command]) {
-  console.error(
-    [
-      "Usage: node secret-scanning.mjs <command> [args]",
-      "",
-      "Commands:",
-      "  fetch-alert <number>             Fetch alert metadata + locations",
-      "  fetch-content '<location-json>'   Fetch content for a location",
-      "  redact-body <issue|pr> <n> <file> PATCH body with redacted file",
-      "  delete-comment <comment-id>       Delete a comment",
-      "  delete-discussion-comment <node-id> Delete a discussion comment (GraphQL)",
-      "  recreate-comment <issue-n> <file> Create replacement comment",
-      "  recreate-discussion-comment <disc-node-id> <file> [reply-to-node-id] Create discussion comment (GraphQL)",
-      "  notify <target> <author> <type> <types> [reply-to-node-id] Post notification",
-      "  resolve <n> [resolution] [comment] Close alert",
-      "  list-open                          List open alerts",
-      "  summary <json-file>               Print formatted summary",
-    ].join("\n"),
-  );
-  process.exit(1);
+function main(argv = process.argv.slice(2)) {
+  const [command, ...commandArgs] = argv;
+  args.length = 0;
+  args.push(...commandArgs);
+
+  if (!command || !commands[command]) {
+    console.error(
+      [
+        "Usage: node secret-scanning.mjs <command> [args]",
+        "",
+        "Commands:",
+        "  fetch-alert <number>             Fetch alert metadata + locations",
+        "  fetch-content '<location-json>'   Fetch content for a location",
+        "  redact-body <issue|pr> <n> <file> PATCH body with redacted file",
+        "  redact-body-if-needed <issue|pr> <n> <current-file> <redacted-file> <result-file> PATCH body only if redaction changed it",
+        "  delete-comment <comment-id>       Delete a comment",
+        "  delete-discussion-comment <node-id> Delete a discussion comment (GraphQL)",
+        "  recreate-comment <issue-n> <file> Create replacement comment",
+        "  recreate-discussion-comment <disc-node-id> <file> [reply-to-node-id] Create discussion comment (GraphQL)",
+        "  notify <target> <author> <type> <types> [reply-to-node-id|body-result-file] Post notification",
+        "  resolve <n> [resolution] [comment] Close alert",
+        "  list-open                          List open alerts",
+        "  summary <json-file>               Print formatted summary",
+      ].join("\n"),
+    );
+    process.exit(1);
+  }
+
+  commands[command]();
 }
 
-commands[command]();
+if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
+  main();
+}

.agents/skills/openclaw-testing/SKILL.md

@@ -24,8 +24,11 @@ Prove the touched surface first. Do not reflexively run the whole suite.
    - normal source checkout, one failing file: `pnpm test <path-or-filter> -- --reporter=verbose`
    - Codex worktree or linked/sparse checkout, one/few explicit files: `node scripts/run-vitest.mjs <path-or-filter>`
    - Codex worktree or linked/sparse checkout, changed gates or anything broad:
-     `node scripts/crabbox-wrapper.mjs run ... --shell -- "pnpm check:changed"`
-     and let `.crabbox.yaml` choose the provider
+     use the Crabbox wrapper with the provider that matches the proof surface.
+     For maintainer heavy `pnpm` gates, that is usually delegated Blacksmith
+     Testbox through Crabbox, e.g. `node scripts/crabbox-wrapper.mjs run
+--provider blacksmith-testbox ... -- pnpm check:changed`. For direct AWS
+     Crabbox proof, omit `--provider` and let `.crabbox.yaml` choose AWS.
    - workflow-only: `git diff --check`, workflow syntax/lint (`actionlint` when available)
    - docs-only: `pnpm docs:list`, docs formatter/lint only if docs tooling changed or requested
 2. Reproduce narrowly before fixing.
@@ -46,13 +49,18 @@ Prove the touched surface first. Do not reflexively run the whole suite.
   `node scripts/run-vitest.mjs` for tiny local proof, `node
 scripts/crabbox-wrapper.mjs` for Testbox, and `git commit --no-verify` only
   after the relevant remote or node-wrapper proof is already clean.
-- For remote proof, use Crabbox first and omit `--provider` unless a specific
-  provider is being tested. The repo Crabbox config routes normal broad proof to
-  brokered AWS. Blacksmith Testbox is explicit opt-in; if it queues, fails
-  capacity, or cannot allocate, retry once through the default Crabbox route or
-  report the Testbox blocker. Reuse only an id/slug created in this operator
-  session; `blacksmith testbox list` is diagnostics only, not a shared work
-  queue.
+- For remote proof, use the Crabbox wrapper first, but name the actual backend.
+  Direct AWS Crabbox uses `provider=aws` and `cbx_...` ids. Delegated
+  Blacksmith Testbox through Crabbox uses `provider=blacksmith-testbox`,
+  `syncDelegated=true`, and `tbx_...` ids. Both satisfy "remote proof" when the
+  requested proof surface allows either.
+- Do not infer "no Testbox is running" from plain `blacksmith testbox list`.
+  Use `blacksmith testbox list --all` or `blacksmith testbox status <tbx_id>`
+  before reporting cloud state.
+- Reuse only an id/slug created in this operator session unless explicitly
+  coordinating with another lane. If Testbox queues, fails capacity, or cannot
+  allocate, report the blocker or switch to direct AWS Crabbox only when that
+  still proves the requested surface.
 
 ## Local Test Shortcuts
 
@@ -123,6 +131,8 @@ gh run view <run-id> --job <job-id> --log
 - Check exact SHA. Ignore newer unrelated `main` unless asked.
 - For cancelled same-branch runs, confirm whether a newer run superseded it.
 - Fetch full logs only for failed or relevant jobs.
+- Prefer `gh run view <run-id> --json jobs` over PR rollup while debugging; rollup can be stale/noisy.
+- For `prompt:snapshots:check` failures, treat Linux Node 24 as CI truth. If macOS passes but CI drifts, reproduce in a Linux Node 24 container or Testbox, commit that generated output, then rerun.
 
 ## GitHub Release Workflows
 

.agents/skills/slacrawl/SKILL.md

@@ -0,0 +1,41 @@
+---
+name: slacrawl
+description: "Slack archive: search, sync freshness, threads/DMs, SQL counts, and Slacrawl repo work."
+metadata:
+  openclaw:
+    homepage: https://github.com/openclaw/slacrawl
+    requires:
+      bins:
+        - slacrawl
+    install:
+      - kind: go
+        module: github.com/vincentkoc/slacrawl/cmd/slacrawl@latest
+        bins:
+          - slacrawl
+---
+
+# Slacrawl
+
+Use local Slack archive data first. Check freshness for recent/current questions:
+
+```bash
+slacrawl doctor
+slacrawl status --json
+```
+
+Refresh only when stale or asked:
+
+```bash
+slacrawl sync --source desktop
+slacrawl sync --source api --latest-only
+```
+
+Query with bounded slices:
+
+```bash
+slacrawl search --limit 20 "query"
+slacrawl messages --since 7d --limit 50
+slacrawl sql "select count(*) from messages;"
+```
+
+Report workspace/channel names, absolute date spans, counts, and token/source limits. Use read-only SQL for exact counts/rankings. API sync and full thread/DM hydration require Slack tokens; do not assume they exist.

.agents/skills/slacrawl/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Slacrawl"
+  short_description: "Search local Slack archives and freshness"
+  default_prompt: "Use $slacrawl to search local Slack archives, check freshness, inspect channel or DM slices, and report exact date spans and token/source limits."

.agents/skills/telegram-crabbox-e2e-proof/SKILL.md

@@ -17,7 +17,8 @@ artifact bundle. The runner leases the shared burner account from Convex.
 Run from the OpenClaw repo and branch under test:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- start \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" start \
   --tdlib-url http://artifacts.openclaw.ai/tdlib-v1.8.0-linux-x64.tgz \
   --output-dir .artifacts/qa-e2e/telegram-user-crabbox/pr-review
 ```
@@ -39,7 +40,8 @@ For deterministic visual repros, put the exact mock-model reply in a file and
 pass it to `start`:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- start \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" start \
   --tdlib-url http://artifacts.openclaw.ai/tdlib-v1.8.0-linux-x64.tgz \
   --mock-response-file .artifacts/qa-e2e/telegram-user-crabbox/reply.txt \
   --output-dir .artifacts/qa-e2e/telegram-user-crabbox/pr-review
@@ -55,15 +57,16 @@ For visual proof, first send or identify a bottom marker message, then open the
 group/topic directly by message id:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- view \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" view \
   --session .artifacts/qa-e2e/telegram-user-crabbox/pr-review/session.json \
   --message-id <message-id>
 ```
 
 This uses Telegram Desktop directly with `tg://privatepost`, not `xdg-open`.
 It also resizes Telegram to `650x1000` at the tested desktop position so
-Telegram switches to single-chat mode with no left chat list or right info
-pane. Do not press Escape after this; Escape can close the selected chat.
+the crop can isolate the chat pane even if Telegram keeps a split/sidebar
+layout. Do not press Escape after this; Escape can close the selected chat.
 
 Bottom behavior matters:
 
@@ -71,13 +74,14 @@ Bottom behavior matters:
   later messages appear live in the recording
 - deep-linking to an older message does not auto-scroll to new arrivals; link
   again to the newest/final marker instead of clicking the down-arrow
-- `650px` is the largest tested clean width; `660px` switches Telegram back to
-  split/sidebar layout
+- the cropped GIF intentionally uses the chat pane, not the whole desktop or
+  whole Telegram window
 
 Send as the real Telegram user:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- send \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" send \
   --session .artifacts/qa-e2e/telegram-user-crabbox/pr-review/session.json \
   --text /status
 ```
@@ -87,7 +91,8 @@ For slash commands, omit the bot username; the runner targets the SUT bot.
 Run arbitrary commands on the Crabbox:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- run \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" run \
   --session .artifacts/qa-e2e/telegram-user-crabbox/pr-review/session.json \
   -- bash -lc 'source /tmp/openclaw-telegram-user-crabbox/env.sh && python3 /tmp/openclaw-telegram-user-crabbox/user-driver.py transcript --limit 20 --json'
 ```
@@ -106,14 +111,16 @@ python3 /tmp/openclaw-telegram-user-crabbox/user-driver.py probe --text '@{sut}
 Capture the current desktop without ending the session:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- screenshot \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" screenshot \
   --session .artifacts/qa-e2e/telegram-user-crabbox/pr-review/session.json
 ```
 
 Check lease state and get the WebVNC command:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- status \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" status \
   --session .artifacts/qa-e2e/telegram-user-crabbox/pr-review/session.json
 ```
 
@@ -122,7 +129,8 @@ pnpm qa:telegram-user:crabbox -- status \
 Always finish or explicitly keep the box:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- finish \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" finish \
   --session .artifacts/qa-e2e/telegram-user-crabbox/pr-review/session.json \
   --preview-crop telegram-window
 ```
@@ -150,7 +158,8 @@ Attach only the useful visual artifact to the PR unless logs are needed. The
 runner is GIF-only by default:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- publish \
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" publish \
   --session .artifacts/qa-e2e/telegram-user-crabbox/pr-review/session.json \
   --pr <pr-number> \
   --summary 'Telegram real-user Crabbox session motion GIF'
@@ -189,7 +198,8 @@ experiments unless those artifacts are explicitly needed.
 For a fast one-shot check, use:
 
 ```bash
-pnpm qa:telegram-user:crabbox -- --text /status
+proof_cmd="${OPENCLAW_TELEGRAM_USER_PROOF_CMD:-openclaw-telegram-user-crabbox-proof}"
+"$proof_cmd" --text /status
 ```
 
 This is a start/send/finish shortcut. Prefer the held session for PR review,

.github/codex/prompts/mantis-telegram-desktop-proof.md

@@ -16,8 +16,15 @@ Hard limits:
 - Do not finish with tiny, cropped-wrong, off-bottom, or sidebar-heavy GIFs.
 - Do not invent a generic proof. The proof must match the PR behavior.
 - Do not force GIFs for internal-only, workflow-only, test-only, docs-only, or
-  otherwise non-visual PRs. A no-visual-proof manifest is a successful outcome
-  when GIFs would be misleading.
+  otherwise non-visual PRs. A no-visual-proof manifest is a successful workflow
+  outcome when GIFs would be misleading, but it is not proof that the PR passed.
+- Do not skip Telegram-visible PRs just because the proof needs a specific
+  message, mock response, media attachment, command, button, reaction, stop
+  timing, approval prompt, or progress/final delivery sequence. First write a
+  concrete proof plan and try the standard harness path.
+- Keep public-facing manifest summaries short and user-domain. Do not mention
+  harness internals, mock-provider limits, secret/trust boundaries, local paths,
+  transcript seeding, or workflow implementation details in the summary.
 
 Inputs are provided as environment variables:
 
@@ -39,12 +46,21 @@ Required workflow:
 2. Inspect the PR with `gh pr view "$MANTIS_PR_NUMBER"` and
    `gh pr diff "$MANTIS_PR_NUMBER"`.
 3. Decide whether the PR has a visibly reproducible Telegram Desktop
-   before/after. If it does not, write
+   before/after. Treat these as visible until proven otherwise: message text
+   formatting/content, progress drafts, native drafts, final delivery, media or
+   document delivery, inline buttons, approval prompts, stop/abort behavior,
+   reactions/status indicators, guest/inline responses, TTS/voice/audio
+   delivery, and routing changes whose result is visible in the chat. For those
+   PRs, define the exact Telegram stimulus and expected main/PR visual delta
+   before deciding to skip.
+
+   If the PR does not have a Telegram-visible before/after, write
    `${MANTIS_OUTPUT_DIR}/mantis-evidence.json` with `comparison.pass: true`, no
    artifacts, and a summary that starts with
-   `Mantis did not generate before/after GIFs because`. Include the concrete
-   reason in the summary. Use this manifest shape and do not create worktrees
-   or start Crabbox for this case:
+   `Mantis did not generate before/after GIFs because`. Include a short
+   public reason, such as `the PR changes internal session bookkeeping rather
+than Telegram-visible behavior`. Use this manifest shape and do not create
+   worktrees or start Crabbox for this case:
 
    ```json
    {
@@ -73,6 +89,15 @@ Required workflow:
    }
    ```
 
+   If the PR appears visual but proof is blocked by Telegram Desktop session
+   state, authorization, credentials, Crabbox, missing Telegram client support,
+   unavailable media/provider setup, or another capture-infrastructure issue,
+   do not describe it as a no-visual PR. Write a manifest with
+   `comparison.pass: false`, skipped lanes, no artifacts, and a summary that
+   starts with `Mantis could not capture Telegram Desktop proof because`. The
+   publisher will keep that out of PR comments so the failure stays in the
+   workflow logs and artifacts.
+
 4. Decide what Telegram message, mock model response, command, callback, button,
    media, or sequence best proves the PR. Use `MANTIS_INSTRUCTIONS` as extra
    maintainer guidance, not as a replacement for reading the PR.
@@ -134,4 +159,6 @@ Expected final state:
   `Main` and `This PR`.
 - No-visual-proof manifests contain no artifacts and have `comparison.pass:
 true`.
+- Capture-infrastructure failure manifests contain no artifacts and have
+  `comparison.pass: false`.
 - The worktree can be dirty only under `.artifacts/`.

.github/labeler.yml

@@ -101,7 +101,9 @@
   - changed-files:
       - any-glob-to-any-file:
           - "extensions/qa-lab/**"
+          - "qa/scenarios/**"
           - "docs/concepts/qa-e2e-automation.md"
+          - "docs/concepts/personal-agent-benchmark-pack.md"
           - "docs/channels/qa-channel.md"
 "channel: signal":
   - changed-files:

.github/pull_request_template.md

@@ -5,7 +5,7 @@ Describe the problem and fix in 2–5 bullets:
 If this PR fixes a plugin beta-release blocker, title it `fix(<plugin-id>): beta blocker - <summary>` and link the matching `Beta blocker: <plugin-name> - <summary>` issue labeled `beta-blocker`. Contributors cannot label PRs, so the title is the PR-side signal for maintainers and automation.
 
 - Problem:
-- Why it matters:
+- Solution:
 - What changed:
 - What did NOT change (scope boundary):
 
@@ -35,6 +35,12 @@ If this PR fixes a plugin beta-release blocker, title it `fix(<plugin-id>): beta
 - Related #
 - [ ] This PR fixes a bug or regression
 
+## Motivation
+
+Explain why this change should exist now. Link it to the user pain, failure mode, maintainer need, or product goal. If this is purely mechanical, write `N/A`.
+
+-
+
 ## Real behavior proof (required for external PRs)
 
 External contributors must show after-fix evidence from a real OpenClaw setup. Unit tests, mocks, lint, typechecks, snapshots, and CI are supplemental only. Screenshots are encouraged even for CLI, console, text, or log changes; terminal screenshots and copied live output count. Be mindful of private information like IP addresses, API keys, phone numbers, non-public endpoints, or other private details when providing evidence.

.github/workflows/ci.yml

@@ -20,6 +20,8 @@ on:
       - "docs/**"
   pull_request:
     types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
+    paths-ignore:
+      - "CHANGELOG.md"
 
 permissions:
   contents: read
@@ -38,7 +40,7 @@ jobs:
     permissions:
       contents: read
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
-    runs-on: ubuntu-24.04
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 20
     outputs:
       checkout_revision: ${{ steps.checkout_ref.outputs.sha }}
@@ -58,14 +60,11 @@ jobs:
       plugin_contracts_matrix: ${{ steps.manifest.outputs.plugin_contracts_matrix }}
       channel_contracts_matrix: ${{ steps.manifest.outputs.channel_contracts_matrix }}
       run_checks: ${{ steps.manifest.outputs.run_checks }}
-      checks_matrix: ${{ steps.manifest.outputs.checks_matrix }}
       run_checks_node_core_nondist: ${{ steps.manifest.outputs.run_checks_node_core_nondist }}
       checks_node_core_nondist_matrix: ${{ steps.manifest.outputs.checks_node_core_nondist_matrix }}
       run_checks_node_core_dist: ${{ steps.manifest.outputs.run_checks_node_core_dist }}
-      checks_node_core_dist_matrix: ${{ steps.manifest.outputs.checks_node_core_dist_matrix }}
       run_check: ${{ steps.manifest.outputs.run_check }}
       run_check_additional: ${{ steps.manifest.outputs.run_check_additional }}
-      run_build_smoke: ${{ steps.manifest.outputs.run_build_smoke }}
       run_check_docs: ${{ steps.manifest.outputs.run_check_docs }}
       run_control_ui_i18n: ${{ steps.manifest.outputs.run_control_ui_i18n }}
       run_checks_windows: ${{ steps.manifest.outputs.run_checks_windows }}
@@ -132,6 +131,7 @@ jobs:
           OPENCLAW_CI_RUN_CONTROL_UI_I18N: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_control_ui_i18n || 'false' }}
           OPENCLAW_CI_CHECKOUT_REVISION: ${{ steps.checkout_ref.outputs.sha }}
           OPENCLAW_CI_REPOSITORY: ${{ github.repository }}
+          OPENCLAW_CI_EVENT_NAME: ${{ github.event_name }}
         run: |
           node --input-type=module <<'EOF'
           import { appendFileSync } from "node:fs";
@@ -173,6 +173,7 @@ jobs:
           const isCanonicalRepository = process.env.OPENCLAW_CI_REPOSITORY === "openclaw/openclaw";
           const docsOnly = parseBoolean(process.env.OPENCLAW_CI_DOCS_ONLY);
           const docsChanged = parseBoolean(process.env.OPENCLAW_CI_DOCS_CHANGED);
+          const eventName = process.env.OPENCLAW_CI_EVENT_NAME ?? "";
           const runNode = parseBoolean(process.env.OPENCLAW_CI_RUN_NODE) && !docsOnly;
           const runNodeFastOnly =
             runNode && parseBoolean(process.env.OPENCLAW_CI_RUN_NODE_FAST_ONLY);
@@ -197,7 +198,7 @@ jobs:
           const checksFastCoreTasks = [];
           if (runNodeFull) {
             checksFastCoreTasks.push(
-              { check_name: "checks-fast-bundled", runtime: "node", task: "bundled" },
+              { check_name: "checks-fast-bundled-protocol", runtime: "node", task: "bundled-protocol" },
             );
           } else {
             if (runNodeFastCiRouting) {
@@ -246,21 +247,12 @@ jobs:
               runNodeFull ? createChannelContractTestShards() : [],
             ),
             run_checks: runNodeFull,
-            checks_matrix: createMatrix(
-              runNodeFull
-                ? [
-                    { check_name: "checks-node-channels", runtime: "node", task: "channels" },
-                  ]
-                : [],
-            ),
             run_checks_node_core_nondist: nodeTestNonDistShards.length > 0,
             checks_node_core_nondist_matrix: createMatrix(nodeTestNonDistShards),
             run_checks_node_core_dist: nodeTestDistShards.length > 0,
-            checks_node_core_dist_matrix: createMatrix(nodeTestDistShards),
             run_check: runNodeFull,
             run_check_additional: runNodeFull,
-            run_build_smoke: runNodeFull,
-            run_check_docs: docsChanged,
+            run_check_docs: docsChanged && eventName !== "push",
             run_control_ui_i18n: runControlUiI18n,
             run_skills_python_job: runSkillsPython,
             run_checks_windows: runWindows,
@@ -295,13 +287,13 @@ jobs:
           }
           EOF
 
-  # Run the fast security/SCM checks in parallel with scope detection so the
+  # Run dependency-free security checks in parallel with scope detection so the
   # main Node jobs do not have to wait for Python/pre-commit setup.
-  security-scm-fast:
+  security-fast:
     permissions:
       contents: read
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
-    runs-on: ubuntu-24.04
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 20
     env:
       PRE_COMMIT_HOME: .cache/pre-commit-security-fast
@@ -390,22 +382,6 @@ jobs:
           printf 'Auditing workflow files:\n%s\n' "${workflow_files[@]}"
           pre-commit run --config "${PRE_COMMIT_CONFIG_PATH:-.pre-commit-config.yaml}" zizmor --files "${workflow_files[@]}"
 
-  security-dependency-audit:
-    permissions:
-      contents: read
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
-    runs-on: ubuntu-24.04
-    timeout-minutes: 10
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ inputs.target_ref || github.sha }}
-          fetch-depth: 1
-          fetch-tags: false
-          persist-credentials: false
-          submodules: false
-
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
@@ -415,35 +391,6 @@ jobs:
       - name: Audit production dependencies
         run: node scripts/pre-commit/pnpm-audit-prod.mjs --audit-level=high
 
-  security-fast:
-    permissions: {}
-    needs: [security-scm-fast, security-dependency-audit]
-    if: ${{ !cancelled() && always() && (github.event_name != 'pull_request' || !github.event.pull_request.draft) }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify fast security jobs
-        env:
-          DEPENDENCY_AUDIT_RESULT: ${{ needs.security-dependency-audit.result }}
-          SCM_RESULT: ${{ needs.security-scm-fast.result }}
-        run: |
-          set -euo pipefail
-          failed=0
-
-          for result in \
-            "security-scm-fast=${SCM_RESULT}" \
-            "security-dependency-audit=${DEPENDENCY_AUDIT_RESULT}"
-          do
-            job="${result%%=*}"
-            status="${result#*=}"
-            if [ "$status" != "success" ]; then
-              echo "::error::${job} ended with ${status}"
-              failed=1
-            fi
-          done
-
-          exit "$failed"
-
   # Build dist once for Node-relevant changes and share it with downstream jobs.
   # Keep this overlapping with the fast correctness lanes so green PRs get heavy
   # test/build feedback sooner instead of waiting behind a full `check` pass.
@@ -641,6 +588,15 @@ jobs:
             echo "${name}-result=${results[$name]}" >> "$GITHUB_OUTPUT"
           done
 
+          failures=0
+          for name in channels core-support-boundary gateway-watch; do
+            if [ "${results[$name]}" = "failure" ]; then
+              echo "::error title=${name} failed::${name} failed"
+              failures=1
+            fi
+          done
+          exit "$failures"
+
       - name: Upload gateway watch regression artifacts
         if: always() && needs.preflight.outputs.run_check_additional == 'true'
         uses: actions/upload-artifact@v7
@@ -722,14 +678,9 @@ jobs:
         run: |
           set -euo pipefail
           case "$TASK" in
-            bundled)
+            bundled-protocol)
               pnpm test:bundled
-              ;;
-            contracts-channels)
-              pnpm test:contracts:channels
-              ;;
-            contracts-plugins)
-              pnpm test:contracts:plugins
+              pnpm protocol:check
               ;;
             contracts-plugins-ci-routing)
               pnpm test:contracts:plugins
@@ -828,28 +779,6 @@ jobs:
           EOF
           OPENCLAW_VITEST_INCLUDE_FILE="$include_file" pnpm test:contracts:plugins
 
-  checks-fast-plugin-contracts:
-    permissions:
-      contents: read
-    name: checks-fast-contracts-plugins
-    needs: [preflight, checks-fast-plugin-contracts-shard]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_plugin_contracts_shards == 'true' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify plugin contract shards
-        env:
-          SHARD_RESULT: ${{ needs.checks-fast-plugin-contracts-shard.result }}
-        run: |
-          if [ "$SHARD_RESULT" = "cancelled" ]; then
-            echo "Plugin contract shards were cancelled, usually because a newer commit superseded this run." >&2
-            exit 1
-          fi
-          if [ "$SHARD_RESULT" != "success" ]; then
-            echo "Plugin contract shards failed: $SHARD_RESULT" >&2
-            exit 1
-          fi
-
   checks-fast-channel-contracts-shard:
     permissions:
       contents: read
@@ -934,125 +863,6 @@ jobs:
           EOF
           OPENCLAW_VITEST_INCLUDE_FILE="$include_file" pnpm test:contracts:channels
 
-  checks-fast-channel-contracts:
-    permissions:
-      contents: read
-    name: checks-fast-contracts-channels
-    needs: [preflight, checks-fast-channel-contracts-shard]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_checks_fast == 'true' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify channel contract shards
-        env:
-          SHARD_RESULT: ${{ needs.checks-fast-channel-contracts-shard.result }}
-        run: |
-          if [ "$SHARD_RESULT" = "cancelled" ]; then
-            echo "Channel contract shards were cancelled, usually because a newer commit superseded this run." >&2
-            exit 1
-          fi
-          if [ "$SHARD_RESULT" != "success" ]; then
-            echo "Channel contract shards failed: $SHARD_RESULT" >&2
-            exit 1
-          fi
-
-  checks-fast-protocol:
-    permissions:
-      contents: read
-    name: "checks-fast-protocol"
-    needs: [preflight]
-    if: needs.preflight.outputs.run_checks_fast == 'true'
-    runs-on: ubuntu-24.04
-    timeout-minutes: 30
-    steps:
-      - name: Checkout
-        shell: bash
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
-          CHECKOUT_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-
-          workdir="$GITHUB_WORKSPACE"
-          auth_header="$(printf 'x-access-token:%s' "$CHECKOUT_TOKEN" | base64 | tr -d '\n')"
-
-          reset_checkout_dir() {
-            mkdir -p "$workdir"
-            find "$workdir" -mindepth 1 -maxdepth 1 -exec rm -rf {} +
-          }
-
-          checkout_attempt() {
-            local attempt="$1"
-
-            reset_checkout_dir
-            git init "$workdir" >/dev/null
-            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}"
-            git -C "$workdir" config gc.auto 0
-
-            timeout --signal=TERM 30s git -C "$workdir" \
-              -c protocol.version=2 \
-              -c "http.https://github.com/.extraheader=AUTHORIZATION: basic ${auth_header}" \
-              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
-              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
-
-            git -C "$workdir" checkout --force --detach "$CHECKOUT_SHA" || return 1
-            test -f "$workdir/.github/actions/setup-node-env/action.yml" || return 1
-            echo "checkout attempt ${attempt}/5 succeeded"
-          }
-
-          for attempt in 1 2 3 4 5; do
-            if checkout_attempt "$attempt"; then
-              exit 0
-            fi
-            echo "checkout attempt ${attempt}/5 failed"
-            sleep $((attempt * 5))
-          done
-
-          echo "checkout failed after 5 attempts" >&2
-          exit 1
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          install-bun: "false"
-
-      - name: Run protocol check
-        run: pnpm protocol:check
-
-  checks:
-    permissions:
-      contents: read
-    name: ${{ matrix.check_name }}
-    needs: [preflight, build-artifacts]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_checks == 'true' && needs.build-artifacts.result == 'success' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.preflight.outputs.checks_matrix) }}
-    steps:
-      - name: Verify ${{ matrix.task }} (${{ matrix.runtime }})
-        env:
-          TASK: ${{ matrix.task }}
-          CHANNELS_RESULT: ${{ needs.build-artifacts.outputs['channels-result'] }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          case "$TASK" in
-            channels)
-              if [ "$CHANNELS_RESULT" != "success" ]; then
-                echo "Channel tests failed in build-artifacts: $CHANNELS_RESULT" >&2
-                exit 1
-              fi
-              ;;
-            *)
-              echo "Unsupported checks task: $TASK" >&2
-              exit 1
-              ;;
-          esac
-
   checks-node-compat:
     permissions:
       contents: read
@@ -1113,7 +923,7 @@ jobs:
       - name: Setup Node environment
         uses: ./.github/actions/setup-node-env
         with:
-          node-version: "22.18.0"
+          node-version: "22.19.0"
           cache-key-suffix: "node22-pnpm11"
           install-bun: "false"
 
@@ -1240,63 +1050,6 @@ jobs:
           }
           EOF
 
-  checks-node-core-test-dist-shard:
-    permissions:
-      contents: read
-    name: ${{ matrix.check_name }}
-    needs: [preflight, build-artifacts]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_checks_node_core_dist == 'true' && needs.build-artifacts.result == 'success' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.preflight.outputs.checks_node_core_dist_matrix) }}
-    steps:
-      - name: Verify Node test shard
-        env:
-          CORE_SUPPORT_BOUNDARY_RESULT: ${{ needs.build-artifacts.outputs['core-support-boundary-result'] }}
-          SHARD_NAME: ${{ matrix.shard_name }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          case "$SHARD_NAME" in
-            core-support-boundary)
-              if [ "$CORE_SUPPORT_BOUNDARY_RESULT" != "success" ]; then
-                echo "Core support boundary shard failed in build-artifacts: $CORE_SUPPORT_BOUNDARY_RESULT" >&2
-                exit 1
-              fi
-              ;;
-            *)
-              echo "Unsupported built-artifact shard: $SHARD_NAME" >&2
-              exit 1
-              ;;
-          esac
-
-  checks-node-core-test:
-    permissions:
-      contents: read
-    name: checks-node-core
-    needs: [preflight, checks-node-core-test-nondist-shard, checks-node-core-test-dist-shard]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_checks == 'true' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify node test shards
-        env:
-          DIST_SHARD_RESULT: ${{ needs.checks-node-core-test-dist-shard.result }}
-          NONDIST_SHARD_RESULT: ${{ needs.checks-node-core-test-nondist-shard.result }}
-          RUN_DIST_SHARDS: ${{ needs.preflight.outputs.run_checks_node_core_dist }}
-          RUN_NONDIST_SHARDS: ${{ needs.preflight.outputs.run_checks_node_core_nondist }}
-        run: |
-          if [ "$RUN_NONDIST_SHARDS" = "true" ] && [ "$NONDIST_SHARD_RESULT" != "success" ]; then
-            echo "Node non-dist test shards failed: $NONDIST_SHARD_RESULT" >&2
-            exit 1
-          fi
-          if [ "$RUN_DIST_SHARDS" = "true" ] && [ "$DIST_SHARD_RESULT" != "success" ]; then
-            echo "Node dist test shards failed: $DIST_SHARD_RESULT" >&2
-            exit 1
-          fi
-
   # Types, lint, and format check shards.
   check-shard:
     permissions:
@@ -1310,9 +1063,9 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - check_name: check-preflight-guards
-            task: preflight-guards
-            runner: ubuntu-24.04
+          - check_name: check-guards
+            task: guards
+            runner: blacksmith-4vcpu-ubuntu-2404
           - check_name: check-prod-types
             task: prod-types
             runner: blacksmith-4vcpu-ubuntu-2404
@@ -1321,16 +1074,10 @@ jobs:
             runner: blacksmith-16vcpu-ubuntu-2404
           - check_name: check-dependencies
             task: dependencies
-            runner: ubuntu-24.04
-          - check_name: check-policy-guards
-            task: policy-guards
-            runner: ubuntu-24.04
+            runner: blacksmith-8vcpu-ubuntu-2404
           - check_name: check-test-types
             task: test-types
             runner: blacksmith-4vcpu-ubuntu-2404
-          - check_name: check-strict-smoke
-            task: strict-smoke
-            runner: ubuntu-24.04
     steps:
       - name: Checkout
         shell: bash
@@ -1393,12 +1140,18 @@ jobs:
         run: |
           set -euo pipefail
           case "$TASK" in
-            preflight-guards)
+            guards)
               pnpm check:no-conflict-markers
               pnpm tool-display:check
               pnpm check:host-env-policy:swift
               pnpm dup:check:coverage
               pnpm deps:patches:check
+              pnpm lint:webhook:no-low-level-body-read
+              pnpm lint:auth:no-pairing-store-group
+              pnpm lint:auth:pairing-account-scope
+              pnpm check:import-cycles
+              # build-artifacts already runs the tsdown/runtime build for the same Node-relevant changes.
+              pnpm build:plugin-sdk:strict-smoke
               ;;
             prod-types)
               pnpm tsgo:prod
@@ -1415,19 +1168,9 @@ jobs:
                 pnpm deadcode:ci
               fi
               ;;
-            policy-guards)
-              pnpm lint:webhook:no-low-level-body-read
-              pnpm lint:auth:no-pairing-store-group
-              pnpm lint:auth:pairing-account-scope
-              pnpm check:import-cycles
-              ;;
             test-types)
               pnpm check:test-types
               ;;
-            strict-smoke)
-              # build-artifacts already runs the tsdown/runtime build for the same Node-relevant changes.
-              pnpm build:plugin-sdk:strict-smoke
-              ;;
             *)
               echo "Unsupported check task: $TASK" >&2
               exit 1
@@ -1442,24 +1185,6 @@ jobs:
           path: .artifacts/deadcode
           if-no-files-found: ignore
 
-  check:
-    permissions:
-      contents: read
-    name: "check"
-    needs: [preflight, check-shard]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check == 'true' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify check shards
-        env:
-          SHARD_RESULT: ${{ needs.check-shard.result }}
-        run: |
-          if [ "$SHARD_RESULT" != "success" ]; then
-            echo "Check shards failed: $SHARD_RESULT" >&2
-            exit 1
-          fi
-
   check-additional-shard:
     permissions:
       contents: read
@@ -1475,15 +1200,9 @@ jobs:
           - check_name: check-additional-boundaries-a
             group: boundaries
             boundary_shard: 1/4
-          - check_name: check-additional-boundaries-b
+          - check_name: check-additional-boundaries-bcd
             group: boundaries
-            boundary_shard: 2/4
-          - check_name: check-additional-boundaries-c
-            group: boundaries
-            boundary_shard: 3/4
-          - check_name: check-additional-boundaries-d
-            group: boundaries
-            boundary_shard: 4/4
+            boundary_shard: 2/4,3/4,4/4
           - check_name: check-additional-extension-channels
             group: extension-channels
           - check_name: check-additional-extension-bundled
@@ -1637,59 +1356,13 @@ jobs:
 
           exit "$failures"
 
-  check-additional:
-    permissions:
-      contents: read
-    name: "check-additional"
-    needs: [preflight, check-additional-shard, build-artifacts]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check_additional == 'true' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify additional check shards
-        env:
-          SHARD_RESULT: ${{ needs.check-additional-shard.result }}
-          BUILD_ARTIFACTS_RESULT: ${{ needs.build-artifacts.result }}
-          GATEWAY_RESULT: ${{ needs.build-artifacts.outputs.gateway-watch-result }}
-        run: |
-          if [ "$SHARD_RESULT" != "success" ]; then
-            echo "Additional check shards failed: $SHARD_RESULT" >&2
-            exit 1
-          fi
-          if [ "$BUILD_ARTIFACTS_RESULT" != "success" ]; then
-            echo "Build artifact job failed: $BUILD_ARTIFACTS_RESULT" >&2
-            exit 1
-          fi
-          if [ "$GATEWAY_RESULT" != "success" ]; then
-            echo "Gateway topology check failed: $GATEWAY_RESULT" >&2
-            exit 1
-          fi
-
-  build-smoke:
-    permissions:
-      contents: read
-    name: "build-smoke"
-    needs: [preflight, build-artifacts]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_build_smoke == 'true' && (github.event_name != 'push' || needs.build-artifacts.result == 'success') }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify build smoke
-        env:
-          BUILD_ARTIFACTS_RESULT: ${{ needs.build-artifacts.result }}
-        run: |
-          if [ "$BUILD_ARTIFACTS_RESULT" != "success" ]; then
-            echo "Build smoke checks failed in build-artifacts: $BUILD_ARTIFACTS_RESULT" >&2
-            exit 1
-          fi
-
   # Validate docs (format, lint, broken links) only when docs files changed.
   check-docs:
     permissions:
       contents: read
     needs: [preflight]
     if: needs.preflight.outputs.run_check_docs == 'true'
-    runs-on: ubuntu-24.04
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 20
     steps:
       - name: Checkout
@@ -1763,7 +1436,7 @@ jobs:
       contents: read
     needs: [preflight]
     if: needs.preflight.outputs.run_skills_python_job == 'true'
-    runs-on: ubuntu-24.04
+    runs-on: ${{ github.event_name == 'workflow_dispatch' && 'ubuntu-24.04' || (github.repository == 'openclaw/openclaw' && 'blacksmith-4vcpu-ubuntu-2404' || 'ubuntu-24.04') }}
     timeout-minutes: 20
     steps:
       - name: Checkout

.github/workflows/control-ui-locale-refresh.yml

@@ -138,7 +138,7 @@ jobs:
           OPENAI_API_KEY: ${{ secrets.OPENCLAW_DOCS_I18N_OPENAI_API_KEY || secrets.OPENAI_API_KEY }}
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           OPENCLAW_CONTROL_UI_I18N_PROVIDER: ${{ secrets.ANTHROPIC_API_KEY != '' && 'anthropic' || 'openai' }}
-          OPENCLAW_CONTROL_UI_I18N_MODEL: ${{ secrets.ANTHROPIC_API_KEY != '' && 'claude-opus-4-6' || vars.OPENCLAW_CI_OPENAI_MODEL_BARE }}
+          OPENCLAW_CONTROL_UI_I18N_MODEL: ${{ secrets.ANTHROPIC_API_KEY != '' && 'claude-opus-4-7' || vars.OPENCLAW_CI_OPENAI_MODEL_BARE }}
           OPENCLAW_CONTROL_UI_I18N_THINKING: low
           OPENCLAW_CONTROL_UI_I18N_AUTH_OPTIONAL: "1"
           LOCALE: ${{ matrix.locale }}

.github/workflows/docs-sync-publish.yml

@@ -43,7 +43,7 @@ jobs:
         if: env.OPENCLAW_DOCS_SYNC_TOKEN != ''
         uses: actions/setup-node@v6
         with:
-          node-version: "22.18.0"
+          node-version: "24.x"
 
       - name: Clone publish repo
         if: env.OPENCLAW_DOCS_SYNC_TOKEN != ''

.github/workflows/docs.yml

@@ -6,6 +6,7 @@ on:
     paths:
       - "**/*.md"
       - "docs/**"
+      - "!CHANGELOG.md"
 
 permissions:
   contents: read
@@ -35,5 +36,15 @@ jobs:
         with:
           install-bun: "false"
 
+      - name: Checkout ClawHub docs source
+        uses: actions/checkout@v6
+        with:
+          repository: openclaw/clawhub
+          path: clawhub-source
+          fetch-depth: 1
+          persist-credentials: false
+
       - name: Check docs
+        env:
+          OPENCLAW_DOCS_SYNC_CLAWHUB_REPO: ${{ github.workspace }}/clawhub-source
         run: pnpm check:docs

.github/workflows/full-release-validation.yml

@@ -638,6 +638,7 @@ jobs:
     name: Run package Telegram E2E
     needs: [resolve_target, prepare_release_package]
     if: ${{ always() && contains(fromJSON('["all","npm-telegram"]'), inputs.rerun_group) && (inputs.npm_telegram_package_spec != '' || inputs.release_package_spec != '' || (inputs.rerun_group == 'all' && inputs.release_profile == 'full')) }}
+    continue-on-error: ${{ startsWith(github.ref, 'refs/heads/tideclaw/alpha/') }}
     runs-on: ubuntu-24.04
     timeout-minutes: ${{ inputs.release_profile == 'full' && 120 || 60 }}
     outputs:
@@ -955,6 +956,8 @@ jobs:
 
           if [[ "$NPM_TELEGRAM_RESULT" == "skipped" && -z "${NPM_TELEGRAM_RUN_ID// }" ]]; then
             check_child "npm_telegram" "" 0 || failed=1
+          elif [[ "$CHILD_WORKFLOW_REF" =~ ^tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            check_child "npm_telegram" "$NPM_TELEGRAM_RUN_ID" 0 || echo "::warning::npm_telegram is advisory for Tideclaw alpha validation."
           else
             check_child "npm_telegram" "$NPM_TELEGRAM_RUN_ID" 1 || failed=1
           fi

.github/workflows/mantis-discord-smoke.yml

@@ -33,8 +33,11 @@ jobs:
   authorize_actor:
     name: Authorize workflow actor
     runs-on: blacksmith-8vcpu-ubuntu-2404
+    outputs:
+      authorized: ${{ steps.permission.outputs.authorized }}
     steps:
       - name: Require maintainer-level repository access
+        id: permission
         uses: actions/github-script@v8
         with:
           script: |
@@ -48,14 +51,18 @@ jobs:
             const permission = data.permission;
             core.info(`Actor ${context.actor} permission: ${permission}`);
             if (!allowed.has(permission)) {
-              core.setFailed(
+              core.notice(
                 `Workflow requires write/maintain/admin access. Actor "${context.actor}" has "${permission}".`,
               );
+              core.setOutput("authorized", "false");
+              return;
             }
+            core.setOutput("authorized", "true");
 
   validate_selected_ref:
     name: Validate selected ref
     needs: authorize_actor
+    if: needs.authorize_actor.outputs.authorized == 'true'
     runs-on: blacksmith-8vcpu-ubuntu-2404
     outputs:
       selected_revision: ${{ steps.validate.outputs.selected_revision }}
@@ -161,7 +168,7 @@ jobs:
 
       - name: Upload Mantis artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: mantis-discord-smoke-${{ github.run_id }}-${{ github.run_attempt }}
           path: .artifacts/qa-e2e/mantis/

.github/workflows/mantis-discord-status-reactions.yml

@@ -46,15 +46,17 @@ jobs:
           github.event_name == 'issue_comment' &&
           github.event.issue.pull_request &&
           (
-            contains(github.event.comment.body, '@Mantis') ||
-            contains(github.event.comment.body, '@mantis') ||
-            contains(github.event.comment.body, '/mantis')
+            contains(github.event.comment.body, '@openclaw-mantis') ||
+            contains(github.event.comment.body, '/openclaw-mantis')
           )
         )
       }}
     runs-on: blacksmith-8vcpu-ubuntu-2404
+    outputs:
+      authorized: ${{ steps.permission.outputs.authorized }}
     steps:
       - name: Require maintainer-level repository access
+        id: permission
         uses: actions/github-script@v8
         with:
           script: |
@@ -68,14 +70,18 @@ jobs:
             const permission = data.permission;
             core.info(`Actor ${context.actor} permission: ${permission}`);
             if (!allowed.has(permission)) {
-              core.setFailed(
+              core.notice(
                 `Workflow requires write/maintain/admin access. Actor "${context.actor}" has "${permission}".`,
               );
+              core.setOutput("authorized", "false");
+              return;
             }
+            core.setOutput("authorized", "true");
 
   resolve_request:
     name: Resolve Mantis request
     needs: authorize_actor
+    if: needs.authorize_actor.outputs.authorized == 'true'
     runs-on: blacksmith-8vcpu-ubuntu-2404
     outputs:
       baseline_ref: ${{ steps.resolve.outputs.baseline_ref }}
@@ -121,7 +127,7 @@ jobs:
 
             const normalized = body.toLowerCase();
             const requested =
-              (normalized.includes("@mantis") || normalized.includes("/mantis")) &&
+              (normalized.includes("@openclaw-mantis") || normalized.includes("/openclaw-mantis")) &&
               normalized.includes("discord") &&
               normalized.includes("status") &&
               normalized.includes("reaction");
@@ -342,8 +348,8 @@ jobs:
               --repo-root "$repo_root" \
               --output-dir "$output_dir" \
               --provider-mode live-frontier \
-              --model openai/gpt-5.4 \
-              --alt-model openai/gpt-5.4 \
+              --model openai/gpt-5.5 \
+              --alt-model openai/gpt-5.5 \
               --fast \
               --credential-source convex \
               --credential-role ci \
@@ -522,7 +528,7 @@ jobs:
       - name: Upload Mantis status reaction artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: mantis-discord-status-reactions-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}
@@ -567,3 +573,44 @@ jobs:
             --artifact-url "$ARTIFACT_URL" \
             --run-url "https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
             --request-source "$REQUEST_SOURCE"
+
+  clear_issue_comment_reaction:
+    name: Clear Mantis command reaction
+    needs: [resolve_request, validate_refs, run_status_reactions]
+    if: ${{ always() && github.event_name == 'issue_comment' && needs.resolve_request.outputs.request_source == 'issue_comment' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      issues: write
+    steps:
+      - name: Remove workflow eyes reaction
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const commentId = context.payload.comment?.id;
+            if (!commentId) {
+              core.info("No issue comment id found; skipping reaction cleanup.");
+              return;
+            }
+
+            const reactions = await github.paginate(github.rest.reactions.listForIssueComment, {
+              owner,
+              repo,
+              comment_id: commentId,
+              per_page: 100,
+            });
+            const eyes = reactions.filter(
+              (reaction) => reaction.content === "eyes" && reaction.user?.login === "github-actions[bot]",
+            );
+            for (const reaction of eyes) {
+              await github.rest.reactions.deleteForIssueComment({
+                owner,
+                repo,
+                comment_id: commentId,
+                reaction_id: reaction.id,
+              });
+              core.info(`Removed eyes reaction ${reaction.id} from comment ${commentId}.`);
+            }
+            if (eyes.length === 0) {
+              core.info(`No workflow eyes reaction found on comment ${commentId}.`);
+            }

.github/workflows/mantis-discord-thread-attachment.yml

@@ -46,15 +46,17 @@ jobs:
           github.event_name == 'issue_comment' &&
           github.event.issue.pull_request &&
           (
-            contains(github.event.comment.body, '@Mantis') ||
-            contains(github.event.comment.body, '@mantis') ||
-            contains(github.event.comment.body, '/mantis')
+            contains(github.event.comment.body, '@openclaw-mantis') ||
+            contains(github.event.comment.body, '/openclaw-mantis')
           )
         )
       }}
     runs-on: blacksmith-8vcpu-ubuntu-2404
+    outputs:
+      authorized: ${{ steps.permission.outputs.authorized }}
     steps:
       - name: Require maintainer-level repository access
+        id: permission
         uses: actions/github-script@v8
         with:
           script: |
@@ -68,14 +70,18 @@ jobs:
             const permission = data.permission;
             core.info(`Actor ${context.actor} permission: ${permission}`);
             if (!allowed.has(permission)) {
-              core.setFailed(
+              core.notice(
                 `Workflow requires write/maintain/admin access. Actor "${context.actor}" has "${permission}".`,
               );
+              core.setOutput("authorized", "false");
+              return;
             }
+            core.setOutput("authorized", "true");
 
   resolve_request:
     name: Resolve Mantis request
     needs: authorize_actor
+    if: needs.authorize_actor.outputs.authorized == 'true'
     runs-on: blacksmith-8vcpu-ubuntu-2404
     outputs:
       baseline_ref: ${{ steps.resolve.outputs.baseline_ref }}
@@ -121,7 +127,7 @@ jobs:
 
             const normalized = body.toLowerCase();
             const requested =
-              (normalized.includes("@mantis") || normalized.includes("/mantis")) &&
+              (normalized.includes("@openclaw-mantis") || normalized.includes("/openclaw-mantis")) &&
               normalized.includes("discord") &&
               normalized.includes("thread") &&
               (normalized.includes("attachment") ||
@@ -530,7 +536,7 @@ jobs:
       - name: Upload Mantis thread attachment artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: mantis-discord-thread-attachment-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}
@@ -589,3 +595,44 @@ jobs:
         run: |
           echo "Mantis comparison failed." >&2
           exit 1
+
+  clear_issue_comment_reaction:
+    name: Clear Mantis command reaction
+    needs: [resolve_request, validate_candidate, run_thread_attachment]
+    if: ${{ always() && github.event_name == 'issue_comment' && needs.resolve_request.outputs.request_source == 'issue_comment' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      issues: write
+    steps:
+      - name: Remove workflow eyes reaction
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const commentId = context.payload.comment?.id;
+            if (!commentId) {
+              core.info("No issue comment id found; skipping reaction cleanup.");
+              return;
+            }
+
+            const reactions = await github.paginate(github.rest.reactions.listForIssueComment, {
+              owner,
+              repo,
+              comment_id: commentId,
+              per_page: 100,
+            });
+            const eyes = reactions.filter(
+              (reaction) => reaction.content === "eyes" && reaction.user?.login === "github-actions[bot]",
+            );
+            for (const reaction of eyes) {
+              await github.rest.reactions.deleteForIssueComment({
+                owner,
+                repo,
+                comment_id: commentId,
+                reaction_id: reaction.id,
+              });
+              core.info(`Removed eyes reaction ${reaction.id} from comment ${commentId}.`);
+            }
+            if (eyes.length === 0) {
+              core.info(`No workflow eyes reaction found on comment ${commentId}.`);
+            }

.github/workflows/mantis-slack-desktop-smoke.yml

@@ -64,8 +64,11 @@ jobs:
   authorize_actor:
     name: Authorize workflow actor
     runs-on: ubuntu-24.04
+    outputs:
+      authorized: ${{ steps.permission.outputs.authorized }}
     steps:
       - name: Require maintainer-level repository access
+        id: permission
         uses: actions/github-script@v8
         with:
           script: |
@@ -79,14 +82,18 @@ jobs:
             const permission = data.permission;
             core.info(`Actor ${context.actor} permission: ${permission}`);
             if (!allowed.has(permission)) {
-              core.setFailed(
+              core.notice(
                 `Workflow requires write/maintain/admin access. Actor "${context.actor}" has "${permission}".`,
               );
+              core.setOutput("authorized", "false");
+              return;
             }
+            core.setOutput("authorized", "true");
 
   validate_ref:
     name: Validate candidate ref
     needs: authorize_actor
+    if: needs.authorize_actor.outputs.authorized == 'true'
     runs-on: ubuntu-24.04
     outputs:
       candidate_revision: ${{ steps.validate.outputs.candidate_revision }}
@@ -274,8 +281,8 @@ jobs:
             --credential-role ci \
             --provider-mode live-frontier \
             --hydrate-mode "$HYDRATE_MODE" \
-            --model openai/gpt-5.4 \
-            --alt-model openai/gpt-5.4 \
+            --model openai/gpt-5.5 \
+            --alt-model openai/gpt-5.5 \
             --fast \
             --scenario "$SCENARIO_ID" \
             "${keep_args[@]}" \
@@ -352,7 +359,7 @@ jobs:
       - name: Upload Mantis Slack desktop artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: mantis-slack-desktop-smoke-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}

.github/workflows/mantis-telegram-desktop-proof.yml

@@ -3,6 +3,8 @@ name: Mantis Telegram Desktop Proof
 on:
   issue_comment:
     types: [created]
+  pull_request_target: # zizmor: ignore[dangerous-triggers] maintainer-owned Mantis label trigger; trusted base workflow validates refs before checkout/use
+    types: [labeled]
   workflow_dispatch:
     inputs:
       pr_number:
@@ -25,6 +27,14 @@ on:
         description: Optional existing Crabbox desktop lease id or slug to reuse
         required: false
         type: string
+      publish_artifact_name:
+        description: Optional existing proof artifact name to publish without recapturing
+        required: false
+        type: string
+      publish_run_id:
+        description: Workflow run id that owns publish_artifact_name; required with publish_artifact_name
+        required: false
+        type: string
 
 permissions:
   actions: read
@@ -47,6 +57,11 @@ jobs:
     if: >-
       ${{
         github.event_name == 'workflow_dispatch' ||
+        (
+          github.event_name == 'pull_request_target' &&
+          github.event.action == 'labeled' &&
+          github.event.label.name == 'mantis: telegram-visible-proof'
+        ) ||
         (
           github.event_name == 'issue_comment' &&
           github.event.issue.pull_request &&
@@ -58,11 +73,20 @@ jobs:
         )
       }}
     runs-on: ubuntu-24.04
+    outputs:
+      authorized: ${{ steps.permission.outputs.authorized }}
     steps:
       - name: Require maintainer-level repository access
+        id: permission
         uses: actions/github-script@v8
         with:
           script: |
+            if (context.eventName === "pull_request_target") {
+              core.info(`Accepted Mantis label trigger from ${context.actor}.`);
+              core.setOutput("authorized", "true");
+              return;
+            }
+
             const allowed = new Set(["admin", "maintain", "write"]);
             const { owner, repo } = context.repo;
             const { data } = await github.rest.repos.getCollaboratorPermissionLevel({
@@ -73,14 +97,18 @@ jobs:
             const permission = data.permission;
             core.info(`Actor ${context.actor} permission: ${permission}`);
             if (!allowed.has(permission)) {
-              core.setFailed(
+              core.notice(
                 `Workflow requires write/maintain/admin access. Actor "${context.actor}" has "${permission}".`,
               );
+              core.setOutput("authorized", "false");
+              return;
             }
+            core.setOutput("authorized", "true");
 
   resolve_request:
     name: Resolve Mantis request
     needs: authorize_actor
+    if: needs.authorize_actor.outputs.authorized == 'true'
     runs-on: ubuntu-24.04
     outputs:
       baseline_ref: ${{ steps.resolve.outputs.baseline_ref }}
@@ -88,8 +116,11 @@ jobs:
       crabbox_provider: ${{ steps.resolve.outputs.crabbox_provider }}
       instructions: ${{ steps.resolve.outputs.instructions }}
       lease_id: ${{ steps.resolve.outputs.lease_id }}
+      publish_artifact_name: ${{ steps.resolve.outputs.publish_artifact_name }}
+      publish_run_id: ${{ steps.resolve.outputs.publish_run_id }}
       pr_number: ${{ steps.resolve.outputs.pr_number }}
       request_source: ${{ steps.resolve.outputs.request_source }}
+      should_run: ${{ steps.resolve.outputs.should_run }}
     steps:
       - name: Resolve refs and target PR
         id: resolve
@@ -105,31 +136,70 @@ jobs:
 
             const inputs = context.payload.inputs ?? {};
             const prNumber =
-              eventName === "workflow_dispatch" ? inputs.pr_number : String(context.payload.issue?.number ?? "");
+              eventName === "workflow_dispatch"
+                ? inputs.pr_number
+                : eventName === "pull_request_target"
+                  ? String(context.payload.pull_request?.number ?? "")
+                  : String(context.payload.issue?.number ?? "");
             if (!prNumber) {
               core.setFailed("Mantis Telegram desktop proof requires a pull request.");
               return;
             }
 
+            const body =
+              eventName === "workflow_dispatch"
+                ? inputs.instructions || ""
+                : eventName === "issue_comment"
+                  ? context.payload.comment?.body || ""
+                  : "";
+            if (eventName === "issue_comment") {
+              const normalized = body.toLowerCase();
+              const requestedDesktopProof =
+                (normalized.includes("@openclaw-mantis") || normalized.includes("/openclaw-mantis")) &&
+                (normalized.includes("desktop proof") ||
+                  normalized.includes("desktop-proof") ||
+                  normalized.includes("telegram desktop") ||
+                  normalized.includes("native telegram") ||
+                  normalized.includes("visible proof") ||
+                  normalized.includes("visible-proof") ||
+                  normalized.includes("telegram-visible-proof"));
+              if (!requestedDesktopProof) {
+                core.notice("Comment mentioned Mantis but did not request Telegram desktop proof.");
+                setOutput("should_run", "false");
+                setOutput("baseline_ref", "");
+                setOutput("candidate_ref", "");
+                setOutput("pr_number", "");
+                setOutput("instructions", "");
+                setOutput("crabbox_provider", "");
+                setOutput("lease_id", "");
+                setOutput("publish_artifact_name", "");
+                setOutput("publish_run_id", "");
+                setOutput("request_source", "unsupported_issue_comment");
+                return;
+              }
+            }
+
             const { owner, repo } = context.repo;
             const { data: pr } = await github.rest.pulls.get({
               owner,
               repo,
               pull_number: Number(prNumber),
             });
-            const body = eventName === "workflow_dispatch" ? inputs.instructions || "" : context.payload.comment?.body || "";
             const provider = inputs.crabbox_provider || "aws";
             if (!["aws", "hetzner"].includes(provider)) {
               core.setFailed(`Unsupported Crabbox provider for Mantis Telegram desktop proof: ${provider}`);
               return;
             }
 
+            setOutput("should_run", "true");
             setOutput("baseline_ref", pr.base.sha);
             setOutput("candidate_ref", pr.head.sha);
             setOutput("pr_number", String(pr.number));
             setOutput("instructions", body);
             setOutput("crabbox_provider", provider);
             setOutput("lease_id", inputs.crabbox_lease_id || "");
+            setOutput("publish_artifact_name", inputs.publish_artifact_name || "");
+            setOutput("publish_run_id", inputs.publish_run_id || "");
             setOutput("request_source", eventName);
 
             if (eventName === "issue_comment") {
@@ -144,6 +214,7 @@ jobs:
   validate_refs:
     name: Validate selected refs
     needs: resolve_request
+    if: needs.resolve_request.outputs.should_run == 'true' && needs.resolve_request.outputs.publish_artifact_name == ''
     runs-on: ubuntu-24.04
     outputs:
       baseline_revision: ${{ steps.validate.outputs.baseline_revision }}
@@ -222,6 +293,7 @@ jobs:
   run_telegram_desktop_proof:
     name: Run agentic native Telegram proof
     needs: [resolve_request, validate_refs]
+    if: needs.resolve_request.outputs.should_run == 'true' && needs.resolve_request.outputs.publish_artifact_name == ''
     runs-on: blacksmith-16vcpu-ubuntu-2404
     timeout-minutes: 360
     environment: qa-live-shared
@@ -239,11 +311,13 @@ jobs:
           while true; do
             blockers="$(
               for workflow in mantis-telegram-desktop-proof.yml mantis-telegram-live.yml; do
-                gh run list --repo "$GITHUB_REPOSITORY" --workflow "$workflow" --limit 100 --json databaseId,status,createdAt,url \
-                  | jq -r \
-                    --argjson current_id "$GITHUB_RUN_ID" \
-                    --arg current_created "$current_created" \
-                    '.[] | select(.databaseId != $current_id) | select(.createdAt < $current_created or (.createdAt == $current_created and .databaseId < $current_id)) | select(.status == "queued" or .status == "in_progress" or .status == "waiting" or .status == "pending" or .status == "requested") | "\(.createdAt)\t#\(.databaseId)\t\(.status)\t\(.url)"'
+                for status in queued in_progress waiting pending requested; do
+                  gh run list --repo "$GITHUB_REPOSITORY" --workflow "$workflow" --status "$status" --limit 100 --json databaseId,status,createdAt,url \
+                    | jq -r \
+                      --argjson current_id "$GITHUB_RUN_ID" \
+                      --arg current_created "$current_created" \
+                      '.[] | select(.databaseId != $current_id) | select(.createdAt < $current_created or (.createdAt == $current_created and .databaseId < $current_id)) | "\(.createdAt)\t#\(.databaseId)\t\(.status)\t\(.url)"'
+                done
               done | sort -u
             )"
             if [[ -z "$blockers" ]]; then
@@ -386,6 +460,7 @@ jobs:
           codex-home: /tmp/mantis-codex-home-${{ github.run_id }}
           safety-strategy: unprivileged-user
           codex-user: codex
+          allow-bot-users: clawsweeper[bot]
 
       - name: Inspect Mantis evidence manifest
         id: inspect
@@ -406,7 +481,7 @@ jobs:
       - name: Upload Mantis Telegram desktop artifacts
         id: upload_artifact
         if: ${{ always() && steps.inspect.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: mantis-telegram-desktop-proof-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.inspect.outputs.output_dir }}
@@ -466,3 +541,133 @@ jobs:
         run: |
           echo "Mantis Telegram desktop proof failed: comparison=${COMPARISON_STATUS:-unset}." >&2
           exit 1
+
+  publish_existing_telegram_desktop_proof:
+    name: Publish existing native Telegram proof
+    needs: resolve_request
+    if: needs.resolve_request.outputs.should_run == 'true' && needs.resolve_request.outputs.publish_artifact_name != ''
+    runs-on: ubuntu-24.04
+    environment: qa-live-shared
+    steps:
+      - name: Checkout harness ref
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          pnpm-version: ${{ env.PNPM_VERSION }}
+          install-bun: "true"
+
+      - name: Download existing proof artifact
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PUBLISH_ARTIFACT_NAME: ${{ needs.resolve_request.outputs.publish_artifact_name }}
+          PUBLISH_RUN_ID: ${{ needs.resolve_request.outputs.publish_run_id }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          if [[ -z "${PUBLISH_RUN_ID:-}" ]]; then
+            echo "publish_run_id is required when publish_artifact_name is set." >&2
+            exit 1
+          fi
+          run_id="$PUBLISH_RUN_ID"
+          gh run download "$run_id" \
+            --repo "$GITHUB_REPOSITORY" \
+            --name "$PUBLISH_ARTIFACT_NAME" \
+            --dir "$MANTIS_OUTPUT_DIR"
+
+          artifacts_json="$(
+            gh api \
+              -H "Accept: application/vnd.github+json" \
+              "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/artifacts"
+          )"
+          artifact_id="$(jq -r --arg name "$PUBLISH_ARTIFACT_NAME" '.artifacts[] | select(.name == $name) | .id' <<<"$artifacts_json" | head -n 1)"
+          if [[ -z "$artifact_id" || "$artifact_id" == "null" ]]; then
+            echo "Could not resolve artifact id for '${PUBLISH_ARTIFACT_NAME}' in run ${run_id}." >&2
+            exit 1
+          fi
+          echo "PUBLISH_RUN_ID=${run_id}" >> "$GITHUB_ENV"
+          echo "PUBLISH_ARTIFACT_URL=https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}/artifacts/${artifact_id}" >> "$GITHUB_ENV"
+
+      - name: Create Mantis GitHub App token
+        id: mantis_app_token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}
+          private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: ${{ github.event.repository.name }}
+          permission-issues: write
+          permission-pull-requests: write
+
+      - name: Comment PR with inline QA evidence
+        env:
+          GH_TOKEN: ${{ steps.mantis_app_token.outputs.token }}
+          MANTIS_ARTIFACT_R2_ACCESS_KEY_ID: ${{ secrets.MANTIS_ARTIFACT_R2_ACCESS_KEY_ID }}
+          MANTIS_ARTIFACT_R2_BUCKET: openclaw-crabbox-artifacts
+          MANTIS_ARTIFACT_R2_ENDPOINT: ${{ vars.MANTIS_ARTIFACT_R2_ENDPOINT }}
+          MANTIS_ARTIFACT_R2_PUBLIC_BASE_URL: https://artifacts.openclaw.ai
+          MANTIS_ARTIFACT_R2_REGION: auto
+          MANTIS_ARTIFACT_R2_SECRET_ACCESS_KEY: ${{ secrets.MANTIS_ARTIFACT_R2_SECRET_ACCESS_KEY }}
+          REQUEST_SOURCE: ${{ needs.resolve_request.outputs.request_source }}
+          TARGET_PR: ${{ needs.resolve_request.outputs.pr_number }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          root="$MANTIS_OUTPUT_DIR"
+          if [[ ! -f "$root/mantis-evidence.json" ]]; then
+            echo "Downloaded artifact does not contain ${root}/mantis-evidence.json." >&2
+            exit 1
+          fi
+          node scripts/mantis/publish-pr-evidence.mjs \
+            --manifest "$root/mantis-evidence.json" \
+            --target-pr "$TARGET_PR" \
+            --artifact-root "mantis/telegram-desktop/pr-${TARGET_PR}/published-${PUBLISH_RUN_ID}-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}" \
+            --marker "<!-- mantis-telegram-desktop-proof -->" \
+            --artifact-url "$PUBLISH_ARTIFACT_URL" \
+            --run-url "https://github.com/${GITHUB_REPOSITORY}/actions/runs/${PUBLISH_RUN_ID}" \
+            --request-source "$REQUEST_SOURCE"
+
+  clear_issue_comment_reaction:
+    name: Clear Mantis command reaction
+    needs: [resolve_request, validate_refs, run_telegram_desktop_proof]
+    if: ${{ always() && github.event_name == 'issue_comment' && needs.resolve_request.outputs.request_source == 'issue_comment' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      issues: write
+    steps:
+      - name: Remove workflow eyes reaction
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const commentId = context.payload.comment?.id;
+            if (!commentId) {
+              core.info("No issue comment id found; skipping reaction cleanup.");
+              return;
+            }
+
+            const reactions = await github.paginate(github.rest.reactions.listForIssueComment, {
+              owner,
+              repo,
+              comment_id: commentId,
+              per_page: 100,
+            });
+            const eyes = reactions.filter(
+              (reaction) => reaction.content === "eyes" && reaction.user?.login === "github-actions[bot]",
+            );
+            for (const reaction of eyes) {
+              await github.rest.reactions.deleteForIssueComment({
+                owner,
+                repo,
+                comment_id: commentId,
+                reaction_id: reaction.id,
+              });
+              core.info(`Removed eyes reaction ${reaction.id} from comment ${commentId}.`);
+            }
+            if (eyes.length === 0) {
+              core.info(`No workflow eyes reaction found on comment ${commentId}.`);
+            }

.github/workflows/mantis-telegram-live.yml

@@ -56,15 +56,17 @@ jobs:
           github.event_name == 'issue_comment' &&
           github.event.issue.pull_request &&
           (
-            contains(github.event.comment.body, '@Mantis') ||
-            contains(github.event.comment.body, '@mantis') ||
-            contains(github.event.comment.body, '/mantis')
+            contains(github.event.comment.body, '@openclaw-mantis') ||
+            contains(github.event.comment.body, '/openclaw-mantis')
           )
         )
       }}
     runs-on: ubuntu-24.04
+    outputs:
+      authorized: ${{ steps.permission.outputs.authorized }}
     steps:
       - name: Require maintainer-level repository access
+        id: permission
         uses: actions/github-script@v8
         with:
           script: |
@@ -78,14 +80,18 @@ jobs:
             const permission = data.permission;
             core.info(`Actor ${context.actor} permission: ${permission}`);
             if (!allowed.has(permission)) {
-              core.setFailed(
+              core.notice(
                 `Workflow requires write/maintain/admin access. Actor "${context.actor}" has "${permission}".`,
               );
+              core.setOutput("authorized", "false");
+              return;
             }
+            core.setOutput("authorized", "true");
 
   resolve_request:
     name: Resolve Mantis request
     needs: authorize_actor
+    if: needs.authorize_actor.outputs.authorized == 'true'
     runs-on: ubuntu-24.04
     outputs:
       candidate_ref: ${{ steps.resolve.outputs.candidate_ref }}
@@ -133,9 +139,18 @@ jobs:
             }
 
             const normalized = body.toLowerCase();
+            const requestedDesktopProof =
+              normalized.includes("desktop proof") ||
+              normalized.includes("desktop-proof") ||
+              normalized.includes("telegram desktop") ||
+              normalized.includes("native telegram") ||
+              normalized.includes("visible proof") ||
+              normalized.includes("visible-proof") ||
+              normalized.includes("telegram-visible-proof");
             const requested =
-              (normalized.includes("@mantis") || normalized.includes("/mantis")) &&
-              normalized.includes("telegram");
+              (normalized.includes("@openclaw-mantis") || normalized.includes("/openclaw-mantis")) &&
+              normalized.includes("telegram") &&
+              !requestedDesktopProof;
             if (!requested) {
               core.notice("Comment mentioned Mantis but did not request Telegram live QA.");
               setOutput("should_run", "false");
@@ -260,11 +275,13 @@ jobs:
           while true; do
             blockers="$(
               for workflow in mantis-telegram-desktop-proof.yml mantis-telegram-live.yml; do
-                gh run list --repo "$GITHUB_REPOSITORY" --workflow "$workflow" --limit 100 --json databaseId,status,createdAt,url \
-                  | jq -r \
-                    --argjson current_id "$GITHUB_RUN_ID" \
-                    --arg current_created "$current_created" \
-                    '.[] | select(.databaseId != $current_id) | select(.createdAt < $current_created or (.createdAt == $current_created and .databaseId < $current_id)) | select(.status == "queued" or .status == "in_progress" or .status == "waiting" or .status == "pending" or .status == "requested") | "\(.createdAt)\t#\(.databaseId)\t\(.status)\t\(.url)"'
+                for status in queued in_progress waiting pending requested; do
+                  gh run list --repo "$GITHUB_REPOSITORY" --workflow "$workflow" --status "$status" --limit 100 --json databaseId,status,createdAt,url \
+                    | jq -r \
+                      --argjson current_id "$GITHUB_RUN_ID" \
+                      --arg current_created "$current_created" \
+                      '.[] | select(.databaseId != $current_id) | select(.createdAt < $current_created or (.createdAt == $current_created and .databaseId < $current_id)) | "\(.createdAt)\t#\(.databaseId)\t\(.status)\t\(.url)"'
+                done
               done | sort -u
             )"
             if [[ -z "$blockers" ]]; then
@@ -379,7 +396,7 @@ jobs:
           output_rel=".artifacts/qa-e2e/mantis/telegram-live"
           root="$candidate_repo/$output_rel"
           echo "output_dir=${root}" >> "$GITHUB_OUTPUT"
-          model="${OPENCLAW_CI_OPENAI_MODEL:-openai/gpt-5.4}"
+          model="${OPENCLAW_CI_OPENAI_MODEL:-openai/gpt-5.5}"
 
           scenario_args=()
           if [[ -n "${SCENARIO_INPUT// }" ]]; then
@@ -464,7 +481,7 @@ jobs:
       - name: Upload Mantis Telegram artifacts
         id: upload_artifact
         if: ${{ always() && steps.run_mantis.outputs.output_dir != '' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: mantis-telegram-live-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_mantis.outputs.output_dir }}
@@ -525,3 +542,44 @@ jobs:
         run: |
           echo "Mantis Telegram live failed: comparison=${COMPARISON_STATUS:-unset} telegram_exit=${TELEGRAM_EXIT:-unset}." >&2
           exit 1
+
+  clear_issue_comment_reaction:
+    name: Clear Mantis command reaction
+    needs: [resolve_request, validate_ref, run_telegram_live]
+    if: ${{ always() && github.event_name == 'issue_comment' && needs.resolve_request.outputs.request_source == 'issue_comment' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      issues: write
+    steps:
+      - name: Remove workflow eyes reaction
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const commentId = context.payload.comment?.id;
+            if (!commentId) {
+              core.info("No issue comment id found; skipping reaction cleanup.");
+              return;
+            }
+
+            const reactions = await github.paginate(github.rest.reactions.listForIssueComment, {
+              owner,
+              repo,
+              comment_id: commentId,
+              per_page: 100,
+            });
+            const eyes = reactions.filter(
+              (reaction) => reaction.content === "eyes" && reaction.user?.login === "github-actions[bot]",
+            );
+            for (const reaction of eyes) {
+              await github.rest.reactions.deleteForIssueComment({
+                owner,
+                repo,
+                comment_id: commentId,
+                reaction_id: reaction.id,
+              });
+              core.info(`Removed eyes reaction ${reaction.id} from comment ${commentId}.`);
+            }
+            if (eyes.length === 0) {
+              core.info(`No workflow eyes reaction found on comment ${commentId}.`);
+            }

.github/workflows/npm-telegram-beta-e2e.yml

@@ -40,8 +40,18 @@ on:
         description: Optional comma-separated Telegram scenario ids
         required: false
         type: string
+      advisory:
+        description: Treat package Telegram failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
   workflow_call:
     inputs:
+      advisory:
+        description: Treat package Telegram failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
       package_spec:
         description: Published OpenClaw package spec to test when no artifact is supplied
         required: true
@@ -100,6 +110,7 @@ jobs:
   run_package_telegram_e2e:
     name: Run package Telegram E2E
     runs-on: blacksmith-32vcpu-ubuntu-2404
+    continue-on-error: ${{ inputs.advisory }}
     timeout-minutes: 60
     environment: qa-live-shared
     permissions:
@@ -259,7 +270,7 @@ jobs:
 
       - name: Upload npm Telegram E2E artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: npm-telegram-beta-e2e-${{ github.run_id }}-${{ github.run_attempt }}
           path: .artifacts/qa-e2e/

.github/workflows/openclaw-cross-os-release-checks-reusable.yml

@@ -86,8 +86,18 @@ on:
         required: false
         default: ""
         type: string
+      advisory:
+        description: Treat failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
   workflow_call:
     inputs:
+      advisory:
+        description: Treat failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
       ref:
         description: Public OpenClaw ref to validate (tag, branch, or full commit SHA)
         required: true
@@ -186,11 +196,12 @@ env:
   PNPM_VERSION: "11.0.8"
   OPENCLAW_REPOSITORY: openclaw/openclaw
   TSX_VERSION: "4.21.0"
-  OPENCLAW_CROSS_OS_OPENAI_MODEL: ${{ inputs.openai_model || vars.OPENCLAW_CROSS_OS_OPENAI_MODEL || 'openai/gpt-5.4' }}
+  OPENCLAW_CROSS_OS_OPENAI_MODEL: ${{ inputs.openai_model || vars.OPENCLAW_CROSS_OS_OPENAI_MODEL || 'openai/gpt-5.5' }}
 
 jobs:
   prepare:
     runs-on: ubuntu-24.04
+    continue-on-error: ${{ inputs.advisory }}
     outputs:
       baseline_file_name: ${{ steps.baseline_metadata.outputs.file_name }}
       baseline_spec: ${{ steps.baseline.outputs.value }}
@@ -513,6 +524,7 @@ jobs:
   cross_os_release_checks:
     name: "${{ matrix.display_name }} / ${{ matrix.suite_label }}"
     needs: prepare
+    continue-on-error: ${{ inputs.advisory }}
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.prepare.outputs.matrix) }}

.github/workflows/openclaw-live-and-e2e-checks-reusable.yml

@@ -97,8 +97,18 @@ on:
           - beta
           - stable
           - full
+      advisory:
+        description: Treat failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
   workflow_call:
     inputs:
+      advisory:
+        description: Treat failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
       ref:
         description: Ref, tag, or SHA to validate
         required: true
@@ -311,9 +321,6 @@ jobs:
           set -euo pipefail
           trusted_reason=""
 
-          git fetch --no-tags origin '+refs/heads/*:refs/remotes/origin/*'
-          git fetch --tags origin '+refs/tags/*:refs/tags/*'
-
           # Resolve here instead of in actions/checkout so short SHAs work too.
           if ! selected_sha="$(git rev-parse --verify "${INPUT_REF}^{commit}")"; then
             echo "Ref '${INPUT_REF}' could not be resolved to a commit." >&2
@@ -455,6 +462,7 @@ jobs:
   validate_release_live_cache:
     needs: validate_selected_ref
     if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'live-cache')
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
     timeout-minutes: 20
     env:
@@ -505,6 +513,7 @@ jobs:
   validate_repo_e2e:
     needs: validate_selected_ref
     if: inputs.include_repo_e2e && inputs.live_suite_filter == ''
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
     timeout-minutes: ${{ inputs.release_test_profile == 'full' && 90 || 60 }}
     env:
@@ -534,6 +543,7 @@ jobs:
   validate_special_e2e:
     needs: validate_selected_ref
     if: inputs.include_repo_e2e && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'openshell-e2e')
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
     timeout-minutes: ${{ matrix.timeout_minutes }}
     strategy:
@@ -608,6 +618,7 @@ jobs:
     needs: [validate_selected_ref, prepare_docker_e2e_image]
     if: inputs.include_release_path_suites && inputs.docker_lanes == ''
     name: Docker E2E (${{ matrix.label }})
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: ${{ matrix.timeout_minutes }}
     strategy:
@@ -876,6 +887,7 @@ jobs:
   plan_docker_lane_groups:
     needs: validate_selected_ref
     if: inputs.docker_lanes != ''
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-4vcpu-ubuntu-2404' }}
     timeout-minutes: 5
     outputs:
@@ -903,6 +915,7 @@ jobs:
     needs: [validate_selected_ref, prepare_docker_e2e_image, plan_docker_lane_groups]
     if: inputs.docker_lanes != ''
     name: Docker E2E targeted lanes (${{ matrix.group.label }})
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: 60
     strategy:
@@ -1112,6 +1125,7 @@ jobs:
     needs: [validate_selected_ref, prepare_docker_e2e_image]
     if: inputs.include_openwebui && !inputs.include_release_path_suites && inputs.docker_lanes == ''
     name: Docker E2E (openwebui)
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: 60
     env:
@@ -1239,6 +1253,7 @@ jobs:
   prepare_docker_e2e_image:
     needs: validate_selected_ref
     if: inputs.include_release_path_suites || inputs.include_openwebui || inputs.docker_lanes != ''
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: ${{ inputs.release_test_profile == 'full' && 90 || 60 }}
     permissions:
@@ -1483,6 +1498,7 @@ jobs:
   prepare_live_test_image:
     needs: validate_selected_ref
     if: inputs.include_live_suites && (inputs.live_suite_filter == '' || startsWith(inputs.live_suite_filter, 'live-') || startsWith(inputs.live_suite_filter, 'docker-live-models'))
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: 60
     permissions:
@@ -1556,6 +1572,7 @@ jobs:
     name: Docker live models (${{ matrix.provider_label }})
     needs: [validate_selected_ref, prepare_live_test_image]
     if: inputs.include_live_suites && inputs.live_model_providers == '' && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'docker-live-models')
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: 45
     strategy:
@@ -1708,6 +1725,7 @@ jobs:
     name: Docker live models (selected providers)
     needs: [validate_selected_ref, prepare_live_test_image]
     if: inputs.include_live_suites && inputs.live_model_providers != '' && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'docker-live-models')
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: 45
     env:
@@ -1883,6 +1901,7 @@ jobs:
   validate_live_provider_suites:
     needs: validate_selected_ref
     if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || (startsWith(inputs.live_suite_filter, 'native-live-') && !startsWith(inputs.live_suite_filter, 'native-live-extensions-media') && inputs.live_suite_filter != 'native-live-extensions-a-k'))
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
     timeout-minutes: ${{ matrix.timeout_minutes }}
     strategy:
@@ -1911,7 +1930,7 @@ jobs:
           - suite_id: native-live-src-gateway-profiles-anthropic-opus
             suite_group: native-live-src-gateway-profiles-anthropic
             label: Native live gateway profiles Anthropic Opus
-            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=anthropic OPENCLAW_LIVE_GATEWAY_MODELS=anthropic/claude-opus-4-7,anthropic/claude-opus-4-6 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
+            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=anthropic OPENCLAW_LIVE_GATEWAY_MODELS=anthropic/claude-opus-4-7 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
             timeout_minutes: 30
             profile_env_only: false
             advisory: true
@@ -2204,6 +2223,7 @@ jobs:
     name: Docker live suites (${{ matrix.label }})
     needs: [validate_selected_ref, prepare_live_test_image]
     if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || startsWith(inputs.live_suite_filter, 'live-'))
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
     timeout-minutes: ${{ matrix.timeout_minutes }}
     strategy:
@@ -2423,6 +2443,7 @@ jobs:
     name: Live media suites (${{ matrix.label }})
     needs: validate_selected_ref
     if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || startsWith(inputs.live_suite_filter, 'native-live-extensions-media') || inputs.live_suite_filter == 'native-live-extensions-a-k')
+    continue-on-error: ${{ inputs.advisory }}
     runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
     container:
       image: ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04

.github/workflows/openclaw-npm-release.yml

@@ -88,6 +88,28 @@ jobs:
           ref: ${{ inputs.tag }}
           fetch-depth: 0
 
+      - name: Validate Tideclaw alpha preflight target
+        if: startsWith(github.ref, 'refs/heads/tideclaw/alpha/')
+        env:
+          RELEASE_REF: ${{ inputs.tag }}
+          WORKFLOW_REF: ${{ github.ref }}
+        run: |
+          set -euo pipefail
+          if [[ ! "${RELEASE_REF}" == *"-alpha."* && ! "${RELEASE_REF}" =~ ^[0-9a-fA-F]{40}$ ]]; then
+            echo "Tideclaw alpha preflight runs must target an alpha prerelease tag or SHA." >&2
+            exit 1
+          fi
+          if [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            echo "Tideclaw alpha preflight runs must run from tideclaw/alpha/YYYY-MM-DD-HHMMZ." >&2
+            exit 1
+          fi
+          alpha_branch="${WORKFLOW_REF#refs/heads/}"
+          git fetch --no-tags origin "+refs/heads/${alpha_branch}:refs/remotes/origin/${alpha_branch}"
+          if ! git merge-base --is-ancestor HEAD "refs/remotes/origin/${alpha_branch}"; then
+            echo "Alpha preflight target must be reachable from ${alpha_branch}." >&2
+            exit 1
+          fi
+
       - name: Setup Node environment
         uses: ./.github/actions/setup-node-env
         with:
@@ -191,7 +213,7 @@ jobs:
         id: packed_tarball
         env:
           OPENCLAW_PREPACK_PREPARED: "1"
-          RELEASE_TAG: ${{ inputs.tag }}
+          RELEASE_REF: ${{ inputs.tag }}
           RELEASE_NPM_DIST_TAG: ${{ inputs.npm_dist_tag }}
           DEPENDENCY_EVIDENCE_DIR: ${{ steps.dependency_evidence.outputs.dir }}
         run: |
@@ -259,6 +281,11 @@ jobs:
           fi
           RELEASE_SHA="$(git rev-parse HEAD)"
           PACKAGE_VERSION="$(node -p "require('./package.json').version")"
+          if [[ "${RELEASE_REF}" =~ ^[0-9a-fA-F]{40}$ ]]; then
+            RELEASE_TAG="v${PACKAGE_VERSION}"
+          else
+            RELEASE_TAG="${RELEASE_REF}"
+          fi
           TARBALL_NAME="$(basename "$PACK_PATH")"
           TARBALL_SHA256="$(sha256sum "$PACK_PATH" | awk '{print $1}')"
           ARTIFACT_DIR="$RUNNER_TEMP/openclaw-npm-preflight"
@@ -290,6 +317,7 @@ jobs:
           );
           NODE
           echo "dir=$ARTIFACT_DIR" >> "$GITHUB_OUTPUT"
+          echo "release_tag=$RELEASE_TAG" >> "$GITHUB_OUTPUT"
 
       - name: Verify prepared npm tarball install
         env:
@@ -312,6 +340,14 @@ jobs:
           path: ${{ steps.dependency_evidence.outputs.dir }}
           if-no-files-found: error
 
+      - name: Upload dependency release evidence tag alias
+        if: ${{ steps.packed_tarball.outputs.release_tag != inputs.tag }}
+        uses: actions/upload-artifact@v7
+        with:
+          name: openclaw-release-dependency-evidence-${{ steps.packed_tarball.outputs.release_tag }}
+          path: ${{ steps.dependency_evidence.outputs.dir }}
+          if-no-files-found: error
+
       - name: Upload prepared npm publish bundle
         uses: actions/upload-artifact@v7
         with:
@@ -319,19 +355,33 @@ jobs:
           path: ${{ steps.packed_tarball.outputs.dir }}
           if-no-files-found: error
 
+      - name: Upload prepared npm publish bundle tag alias
+        if: ${{ steps.packed_tarball.outputs.release_tag != inputs.tag }}
+        uses: actions/upload-artifact@v7
+        with:
+          name: openclaw-npm-preflight-${{ steps.packed_tarball.outputs.release_tag }}
+          path: ${{ steps.packed_tarball.outputs.dir }}
+          if-no-files-found: error
+
   validate_publish_request:
     if: ${{ !inputs.preflight_only }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
-      - name: Require main or release workflow ref for publish
+      - name: Require trusted workflow ref for publish
         env:
+          RELEASE_TAG: ${{ inputs.tag }}
+          RELEASE_NPM_DIST_TAG: ${{ inputs.npm_dist_tag }}
           WORKFLOW_REF: ${{ github.ref }}
         run: |
           set -euo pipefail
-          if [[ "${WORKFLOW_REF}" != "refs/heads/main" ]] && [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/release/[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*$ ]]; then
-            echo "Real publish runs must be dispatched from main or release/YYYY.M.D. Use preflight_only=true for other branch validation."
+          tideclaw_alpha_publish=false
+          if [[ "${RELEASE_TAG}" == *"-alpha."* && "${RELEASE_NPM_DIST_TAG}" == "alpha" && "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            tideclaw_alpha_publish=true
+          fi
+          if [[ "${WORKFLOW_REF}" != "refs/heads/main" ]] && [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/release/[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*$ ]] && [[ "${tideclaw_alpha_publish}" != "true" ]]; then
+            echo "Real publish runs must be dispatched from main, release/YYYY.M.D, or a Tideclaw alpha branch for alpha prereleases. Use preflight_only=true for other branch validation."
             exit 1
           fi
 
@@ -387,6 +437,28 @@ jobs:
           ref: refs/tags/${{ inputs.tag }}
           fetch-depth: 0
 
+      - name: Validate Tideclaw alpha publish target
+        if: startsWith(github.ref, 'refs/heads/tideclaw/alpha/')
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+          WORKFLOW_REF: ${{ github.ref }}
+        run: |
+          set -euo pipefail
+          if [[ ! "${RELEASE_TAG}" == *"-alpha."* ]]; then
+            echo "Tideclaw alpha publish runs must target an alpha prerelease tag." >&2
+            exit 1
+          fi
+          if [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            echo "Tideclaw alpha publish runs must run from tideclaw/alpha/YYYY-MM-DD-HHMMZ." >&2
+            exit 1
+          fi
+          alpha_branch="${WORKFLOW_REF#refs/heads/}"
+          git fetch --no-tags origin "+refs/heads/${alpha_branch}:refs/remotes/origin/${alpha_branch}"
+          if ! git merge-base --is-ancestor HEAD "refs/remotes/origin/${alpha_branch}"; then
+            echo "Alpha publish tag must be reachable from ${alpha_branch}." >&2
+            exit 1
+          fi
+
       - name: Setup Node environment
         uses: ./.github/actions/setup-node-env
         with:
@@ -427,13 +499,45 @@ jobs:
           printf '%s' "$RUN_JSON" | node -e 'const fs = require("node:fs"); const run = JSON.parse(fs.readFileSync(0, "utf8")); const checks = [["workflowName", "Full Release Validation"], ["headBranch", process.env.EXPECTED_WORKFLOW_BRANCH], ["event", "workflow_dispatch"], ["status", "completed"], ["conclusion", "success"]]; for (const [key, expected] of checks) { if (run[key] !== expected) { console.error(`Referenced full release validation run ${process.env.FULL_RELEASE_VALIDATION_RUN_ID} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`); process.exit(1); } } console.log(`Using full release validation run ${process.env.FULL_RELEASE_VALIDATION_RUN_ID}: ${run.url}`);'
 
       - name: Download prepared npm tarball
-        uses: actions/download-artifact@v8
-        with:
-          name: openclaw-npm-preflight-${{ inputs.tag }}
-          path: preflight-tarball
-          repository: ${{ github.repository }}
-          run-id: ${{ inputs.preflight_run_id }}
-          github-token: ${{ github.token }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PREFLIGHT_RUN_ID: ${{ inputs.preflight_run_id }}
+          RELEASE_TAG: ${{ inputs.tag }}
+        run: |
+          set -euo pipefail
+
+          download_preflight_artifact() {
+            local preferred_name fallback_name
+            preferred_name="openclaw-npm-preflight-${RELEASE_TAG}"
+            rm -rf preflight-tarball
+            mkdir -p preflight-tarball
+            if gh run download "${PREFLIGHT_RUN_ID}" \
+              --repo "${GITHUB_REPOSITORY}" \
+              --name "${preferred_name}" \
+              --dir preflight-tarball; then
+              echo "Downloaded ${preferred_name}."
+              return 0
+            fi
+
+            echo "::warning::${preferred_name} not found; checking run artifacts for a single compatible preflight artifact."
+            mapfile -t matches < <(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/runs/${PREFLIGHT_RUN_ID}/artifacts" \
+              --jq '.artifacts[] | select(.expired != true) | .name' |
+              grep '^openclaw-npm-preflight-' || true)
+            if [[ "${#matches[@]}" != "1" ]]; then
+              echo "Expected ${preferred_name}, or exactly one openclaw-npm-preflight-* fallback artifact in run ${PREFLIGHT_RUN_ID}." >&2
+              printf 'Available preflight candidates:\n' >&2
+              printf -- '- %s\n' "${matches[@]:-<none>}" >&2
+              exit 1
+            fi
+            fallback_name="${matches[0]}"
+            gh run download "${PREFLIGHT_RUN_ID}" \
+              --repo "${GITHUB_REPOSITORY}" \
+              --name "${fallback_name}" \
+              --dir preflight-tarball
+            echo "Downloaded fallback preflight artifact ${fallback_name}."
+          }
+
+          download_preflight_artifact
 
       - name: Download full release validation manifest
         uses: actions/download-artifact@v8

.github/workflows/openclaw-performance.yml

@@ -30,8 +30,8 @@ on:
         required: false
         default: false
         type: boolean
-      live_gpt54:
-        description: Run the live OpenAI GPT 5.4 agent-turn lane
+      live_openai_candidate:
+        description: Run the live OpenAI GPT 5.5 agent-turn lane
         required: false
         default: false
         type: boolean
@@ -57,7 +57,7 @@ env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
   OCM_VERSION: v0.2.15
   KOVA_REPOSITORY: openclaw/Kova
-  PERFORMANCE_MODEL_ID: gpt-5.4
+  PERFORMANCE_MODEL_ID: gpt-5.5
 
 jobs:
   kova:
@@ -82,8 +82,8 @@ jobs:
             deep_profile: "true"
             live: "false"
             include_filters: "scenario:fresh-install scenario:gateway-performance scenario:agent-cold-warm-message"
-          - lane: live-gpt54
-            title: Kova live OpenAI GPT 5.4 agent turn
+          - lane: live-openai-candidate
+            title: Kova live OpenAI GPT 5.5 agent turn
             auth: live
             repeat: "1"
             deep_profile: "false"
@@ -119,9 +119,9 @@ jobs:
             run_lane=false
             reason="deep_profile input is false"
           fi
-          if [[ "$LANE_ID" == "live-gpt54" && "${{ github.event_name }}" != "schedule" && "${{ inputs.live_gpt54 || 'false' }}" != "true" ]]; then
+          if [[ "$LANE_ID" == "live-openai-candidate" && "${{ github.event_name }}" != "schedule" && "${{ inputs.live_openai_candidate || 'false' }}" != "true" ]]; then
             run_lane=false
-            reason="live_gpt54 input is false"
+            reason="live_openai_candidate input is false"
           fi
           echo "run=$run_lane" >> "$GITHUB_OUTPUT"
           if [[ "$run_lane" != "true" ]]; then
@@ -200,7 +200,7 @@ jobs:
           chmod 0755 "$HOME/.local/bin/kova"
           echo "$HOME/.local/bin" >> "$GITHUB_PATH"
 
-      - name: Pin Kova OpenAI model to GPT 5.4
+      - name: Pin Kova OpenAI model to GPT 5.5
         if: steps.lane.outputs.run == 'true'
         shell: bash
         run: |
@@ -244,7 +244,7 @@ jobs:
         run: |
           set -euo pipefail
           if [[ -z "${OPENAI_API_KEY:-}" ]]; then
-            echo "OPENAI_API_KEY is not configured; live GPT 5.4 lane will be skipped." >> "$GITHUB_STEP_SUMMARY"
+            echo "OPENAI_API_KEY is not configured; live GPT 5.5 lane will be skipped." >> "$GITHUB_STEP_SUMMARY"
             exit 0
           fi
           kova setup --ci --json
@@ -468,7 +468,7 @@ jobs:
 
       - name: Upload Kova artifacts
         if: ${{ always() && steps.lane.outputs.run == 'true' }}
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v7
         with:
           name: openclaw-performance-${{ matrix.lane }}-${{ github.run_id }}-${{ github.run_attempt }}
           path: |
@@ -561,7 +561,14 @@ jobs:
               exit 0
             fi
             if [[ "$attempt" == "5" ]]; then
-              exit 1
+              {
+                echo "### Clawgrit report publish skipped"
+                echo
+                echo "Kova artifacts were uploaded, but publishing the optional clawgrit report failed after ${attempt} attempts."
+                echo "Check the \`CLAWGRIT_REPORTS_TOKEN\` secret or the reports repository permissions."
+              } >> "$GITHUB_STEP_SUMMARY"
+              echo "::warning::Kova artifacts uploaded, but optional clawgrit report publish failed after ${attempt} attempts."
+              exit 0
             fi
             sleep $((attempt * 2))
             git -C "$reports_root" fetch --depth=1 origin main

.github/workflows/openclaw-release-checks.yml

@@ -113,13 +113,21 @@ jobs:
       release_package_spec: ${{ steps.inputs.outputs.release_package_spec }}
       package_acceptance_package_spec: ${{ steps.inputs.outputs.package_acceptance_package_spec }}
     steps:
-      - name: Require main or release workflow ref for release checks
+      - name: Require trusted workflow ref for release checks
         env:
+          RELEASE_REF: ${{ inputs.ref }}
           WORKFLOW_REF: ${{ github.ref }}
         run: |
           set -euo pipefail
-          if [[ "${WORKFLOW_REF}" != "refs/heads/main" ]] && [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/release/[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*$ ]] && [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/release-ci/[0-9a-f]{12}-[0-9]+$ ]]; then
-            echo "Release checks must be dispatched from main, release/YYYY.M.D, or a Full Release Validation release-ci/<sha>-<timestamp> ref so workflow logic and secrets stay controlled." >&2
+          tideclaw_alpha_check=false
+          if [[ "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            workflow_branch="${WORKFLOW_REF#refs/heads/}"
+            if [[ "${RELEASE_REF}" == *"-alpha."* || "${RELEASE_REF}" =~ ^[0-9a-fA-F]{40}$ || "${RELEASE_REF}" == "${workflow_branch}" || "${RELEASE_REF}" == "refs/heads/${workflow_branch}" ]]; then
+              tideclaw_alpha_check=true
+            fi
+          fi
+          if [[ "${WORKFLOW_REF}" != "refs/heads/main" ]] && [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/release/[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*$ ]] && [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/release-ci/[0-9a-f]{12}-[0-9]+$ ]] && [[ "${tideclaw_alpha_check}" != "true" ]]; then
+            echo "Release checks must be dispatched from main, release/YYYY.M.D, a Full Release Validation release-ci/<sha>-<timestamp> ref, or a Tideclaw alpha branch for alpha prereleases." >&2
             exit 1
           fi
 
@@ -219,6 +227,25 @@ jobs:
           fi
           echo "sha=${selected_sha,,}" >> "$GITHUB_OUTPUT"
 
+      - name: Validate Tideclaw alpha target matches workflow branch
+        if: startsWith(github.ref, 'refs/heads/tideclaw/alpha/')
+        working-directory: workflow
+        env:
+          SELECTED_SHA: ${{ steps.ref.outputs.sha }}
+          WORKFLOW_REF: ${{ github.ref }}
+        run: |
+          set -euo pipefail
+          if [[ ! "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            echo "Tideclaw alpha release checks must run from tideclaw/alpha/YYYY-MM-DD-HHMMZ." >&2
+            exit 1
+          fi
+          alpha_branch="${WORKFLOW_REF#refs/heads/}"
+          git fetch --no-tags origin "+refs/heads/${alpha_branch}:refs/remotes/origin/${alpha_branch}"
+          if ! git merge-base --is-ancestor "${SELECTED_SHA}" "refs/remotes/origin/${alpha_branch}"; then
+            echo "Alpha release target ${SELECTED_SHA} must be reachable from ${alpha_branch}." >&2
+            exit 1
+          fi
+
       - name: Capture selected inputs
         id: inputs
         env:
@@ -507,6 +534,7 @@ jobs:
     permissions: read-all
     uses: ./.github/workflows/openclaw-cross-os-release-checks-reusable.yml
     with:
+      advisory: ${{ startsWith(github.ref, 'refs/heads/tideclaw/alpha/') }}
       ref: ${{ needs.resolve_target.outputs.revision }}
       provider: ${{ needs.resolve_target.outputs.provider }}
       mode: ${{ needs.resolve_target.outputs.mode }}
@@ -515,7 +543,7 @@ jobs:
       candidate_file_name: openclaw-current.tgz
       candidate_version: ${{ needs.prepare_release_package.outputs.package_version }}
       candidate_source_sha: ${{ needs.prepare_release_package.outputs.source_sha }}
-      openai_model: openai/gpt-5.4
+      openai_model: openai/gpt-5.5
       ubuntu_runner: ubuntu-24.04
       windows_runner: windows-2025
       macos_runner: macos-26
@@ -538,6 +566,7 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
     with:
+      advisory: ${{ startsWith(github.ref, 'refs/heads/tideclaw/alpha/') }}
       ref: ${{ needs.resolve_target.outputs.revision }}
       include_repo_e2e: true
       include_release_path_suites: false
@@ -603,6 +632,7 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
     with:
+      advisory: ${{ startsWith(github.ref, 'refs/heads/tideclaw/alpha/') }}
       ref: ${{ needs.resolve_target.outputs.revision }}
       include_repo_e2e: false
       include_release_path_suites: true
@@ -623,6 +653,7 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/package-acceptance.yml
     with:
+      advisory: ${{ startsWith(github.ref, 'refs/heads/tideclaw/alpha/') }}
       workflow_ref: ${{ github.ref_name }}
       source: ${{ (needs.resolve_target.outputs.package_acceptance_package_spec != '' || needs.resolve_target.outputs.release_package_spec != '') && 'npm' || 'artifact' }}
       package_spec: ${{ needs.resolve_target.outputs.package_acceptance_package_spec || needs.resolve_target.outputs.release_package_spec || 'openclaw@beta' }}
@@ -633,7 +664,7 @@ jobs:
       published_upgrade_survivor_baselines: ${{ needs.resolve_target.outputs.run_release_soak == 'true' && 'last-stable-4 2026.4.23 2026.5.2 2026.4.15' || '' }}
       published_upgrade_survivor_scenarios: ${{ needs.resolve_target.outputs.run_release_soak == 'true' && 'reported-issues' || '' }}
       telegram_mode: mock-openai
-      telegram_scenarios: telegram-help-command,telegram-commands-command,telegram-tools-compact-command,telegram-whoami-command,telegram-status-command,telegram-other-bot-command-gating,telegram-context-command,telegram-mentioned-message-reply,telegram-reply-chain-exact-marker,telegram-stream-final-single-message,telegram-long-final-reuses-preview,telegram-mention-gating
+      telegram_scenarios: telegram-help-command,telegram-commands-command,telegram-tools-compact-command,telegram-whoami-command,telegram-status-command,telegram-other-bot-command-gating,telegram-context-command,telegram-mentioned-message-reply,telegram-long-final-reuses-preview,telegram-mention-gating
     secrets:
       OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
       OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
@@ -697,9 +728,9 @@ jobs:
       matrix:
         include:
           - lane: candidate
-            output_dir: gpt54
+            output_dir: openai-candidate
           - lane: baseline
-            output_dir: opus46
+            output_dir: anthropic-baseline
     env:
       QA_PARITY_CONCURRENCY: "1"
       OPENCLAW_QA_TRANSPORT_READY_TIMEOUT_MS: "180000"
@@ -745,7 +776,7 @@ jobs:
               ;;
             baseline)
               model="anthropic/claude-opus-4-7"
-              alt_model="anthropic/claude-sonnet-4-7"
+              alt_model="anthropic/claude-sonnet-4-6"
               ;;
             *)
               echo "Unknown QA parity lane: ${QA_PARITY_LANE}" >&2
@@ -763,7 +794,7 @@ jobs:
 
       - name: Upload parity lane artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: release-qa-parity-${{ matrix.lane }}-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
@@ -799,7 +830,7 @@ jobs:
           install-bun: "true"
 
       - name: Download parity lane artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           pattern: release-qa-parity-*-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
@@ -814,21 +845,167 @@ jobs:
         run: |
           pnpm openclaw qa parity-report \
             --repo-root . \
-            --candidate-summary .artifacts/qa-e2e/gpt54/qa-suite-summary.json \
-            --baseline-summary .artifacts/qa-e2e/opus46/qa-suite-summary.json \
+            --candidate-summary .artifacts/qa-e2e/openai-candidate/qa-suite-summary.json \
+            --baseline-summary .artifacts/qa-e2e/anthropic-baseline/qa-suite-summary.json \
             --candidate-label "${OPENCLAW_CI_OPENAI_MODEL}" \
             --baseline-label anthropic/claude-opus-4-7 \
             --output-dir .artifacts/qa-e2e/parity
 
       - name: Upload parity artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: release-qa-parity-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
           retention-days: 14
           if-no-files-found: warn
 
+  qa_lab_runtime_parity_release_checks:
+    name: Run QA Lab runtime parity lane
+    needs: [resolve_target]
+    if: contains(fromJSON('["all","qa","qa-parity"]'), needs.resolve_target.outputs.rerun_group)
+    continue-on-error: true
+    runs-on: blacksmith-8vcpu-ubuntu-2404
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    env:
+      QA_PARITY_CONCURRENCY: "1"
+      OPENCLAW_QA_TRANSPORT_READY_TIMEOUT_MS: "180000"
+      OPENAI_API_KEY: ""
+      ANTHROPIC_API_KEY: ""
+      OPENCLAW_LIVE_OPENAI_KEY: ""
+      OPENCLAW_LIVE_ANTHROPIC_KEY: ""
+      OPENCLAW_LIVE_GEMINI_KEY: ""
+      OPENCLAW_LIVE_SETUP_TOKEN_VALUE: ""
+      OPENCLAW_BUILD_PRIVATE_QA: "1"
+      OPENCLAW_ENABLE_PRIVATE_QA_CLI: "1"
+    steps:
+      - name: Checkout selected ref
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          ref: ${{ needs.resolve_target.outputs.revision }}
+          fetch-depth: 1
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          pnpm-version: ${{ env.PNPM_VERSION }}
+          install-bun: "true"
+
+      - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
+        run: pnpm build
+
+      - name: Run runtime parity lane
+        id: runtime_parity_lane
+        run: |
+          set -euo pipefail
+          pnpm openclaw qa suite \
+            --provider-mode mock-openai \
+            --parity-pack agentic \
+            --concurrency "${QA_PARITY_CONCURRENCY}" \
+            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "openai/gpt-5.5-alt" \
+            --runtime-pair pi,codex \
+            --output-dir ".artifacts/qa-e2e/runtime-parity"
+
+      - name: Run standard runtime parity tier
+        if: ${{ always() && steps.runtime_parity_lane.outcome != 'skipped' && steps.runtime_parity_lane.outcome != 'cancelled' }}
+        run: |
+          set -euo pipefail
+          pnpm openclaw qa suite \
+            --provider-mode mock-openai \
+            --runtime-parity-tier standard \
+            --concurrency "${QA_PARITY_CONCURRENCY}" \
+            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "openai/gpt-5.5-alt" \
+            --runtime-pair pi,codex \
+            --output-dir ".artifacts/qa-e2e/runtime-parity-standard"
+
+      - name: Generate runtime parity report
+        if: always()
+        run: |
+          set -euo pipefail
+          pnpm openclaw qa parity-report \
+            --repo-root . \
+            --runtime-axis \
+            --summary .artifacts/qa-e2e/runtime-parity/qa-suite-summary.json \
+            --output-dir .artifacts/qa-e2e/runtime-parity-report
+
+      - name: Generate standard runtime parity report
+        if: always()
+        run: |
+          set -euo pipefail
+          pnpm openclaw qa parity-report \
+            --repo-root . \
+            --runtime-axis \
+            --summary .artifacts/qa-e2e/runtime-parity-standard/qa-suite-summary.json \
+            --output-dir .artifacts/qa-e2e/runtime-parity-standard-report
+
+      - name: Upload runtime parity artifacts
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: release-qa-runtime-parity-${{ needs.resolve_target.outputs.revision }}
+          path: .artifacts/qa-e2e/
+          retention-days: 14
+          if-no-files-found: warn
+
+  runtime_tool_coverage_release_checks:
+    name: Enforce QA Lab runtime tool coverage
+    needs: [resolve_target, qa_lab_runtime_parity_release_checks]
+    if: always() && contains(fromJSON('["all","qa","qa-parity"]'), needs.resolve_target.outputs.rerun_group)
+    runs-on: ubuntu-24.04
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      actions: read
+    env:
+      OPENCLAW_BUILD_PRIVATE_QA: "1"
+      OPENCLAW_ENABLE_PRIVATE_QA_CLI: "1"
+    steps:
+      - name: Checkout selected ref
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          ref: ${{ needs.resolve_target.outputs.revision }}
+          fetch-depth: 1
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          pnpm-version: ${{ env.PNPM_VERSION }}
+          install-bun: "true"
+
+      - name: Download runtime parity artifacts
+        uses: actions/download-artifact@v8
+        with:
+          name: release-qa-runtime-parity-${{ needs.resolve_target.outputs.revision }}
+          path: .artifacts/qa-e2e/
+
+      - name: Enforce standard runtime tool coverage
+        run: |
+          set -euo pipefail
+          pnpm openclaw qa coverage \
+            --repo-root . \
+            --tools \
+            --summary .artifacts/qa-e2e/runtime-parity-standard/qa-suite-summary.json \
+            --output .artifacts/qa-e2e/runtime-parity-standard-report/qa-runtime-tool-coverage-report.md
+
+      - name: Upload runtime tool coverage artifacts
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: release-qa-runtime-tool-coverage-${{ needs.resolve_target.outputs.revision }}
+          path: .artifacts/qa-e2e/runtime-parity-standard-report/
+          retention-days: 14
+          if-no-files-found: warn
+
   qa_live_matrix_release_checks:
     name: Run QA Lab live Matrix lane
     needs: [resolve_target]
@@ -902,7 +1079,7 @@ jobs:
 
       - name: Upload Matrix QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: release-qa-live-matrix-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
@@ -998,7 +1175,7 @@ jobs:
 
       - name: Upload Telegram QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: release-qa-live-telegram-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
@@ -1094,7 +1271,7 @@ jobs:
 
       - name: Upload Discord QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: release-qa-live-discord-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
@@ -1108,6 +1285,9 @@ jobs:
     continue-on-error: true
     runs-on: ubuntu-24.04
     timeout-minutes: 60
+    concurrency:
+      group: qa-live-whatsapp-shared
+      cancel-in-progress: false
     permissions:
       contents: read
       pull-requests: read
@@ -1190,7 +1370,7 @@ jobs:
 
       - name: Upload WhatsApp QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: release-qa-live-whatsapp-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
@@ -1286,7 +1466,7 @@ jobs:
 
       - name: Upload Slack QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: release-qa-live-slack-${{ needs.resolve_target.outputs.revision }}
           path: .artifacts/qa-e2e/
@@ -1304,6 +1484,8 @@ jobs:
       - package_acceptance_release_checks
       - qa_lab_parity_lane_release_checks
       - qa_lab_parity_report_release_checks
+      - qa_lab_runtime_parity_release_checks
+      - runtime_tool_coverage_release_checks
       - qa_live_matrix_release_checks
       - qa_live_telegram_release_checks
       - qa_live_discord_release_checks
@@ -1316,9 +1498,15 @@ jobs:
     steps:
       - name: Verify release check results
         shell: bash
+        env:
+          WORKFLOW_REF: ${{ github.ref }}
         run: |
           set -euo pipefail
           failed=0
+          tideclaw_alpha=false
+          if [[ "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            tideclaw_alpha=true
+          fi
           for item in \
             "prepare_release_package=${{ needs.prepare_release_package.result }}" \
             "install_smoke_release_checks=${{ needs.install_smoke_release_checks.result }}" \
@@ -1328,6 +1516,8 @@ jobs:
             "package_acceptance_release_checks=${{ needs.package_acceptance_release_checks.result }}" \
             "qa_lab_parity_lane_release_checks=${{ needs.qa_lab_parity_lane_release_checks.result }}" \
             "qa_lab_parity_report_release_checks=${{ needs.qa_lab_parity_report_release_checks.result }}" \
+            "qa_lab_runtime_parity_release_checks=${{ needs.qa_lab_runtime_parity_release_checks.result }}" \
+            "runtime_tool_coverage_release_checks=${{ needs.runtime_tool_coverage_release_checks.result }}" \
             "qa_live_matrix_release_checks=${{ needs.qa_live_matrix_release_checks.result }}" \
             "qa_live_telegram_release_checks=${{ needs.qa_live_telegram_release_checks.result }}" \
             "qa_live_discord_release_checks=${{ needs.qa_live_discord_release_checks.result }}" \
@@ -1337,6 +1527,15 @@ jobs:
             name="${item%%=*}"
             result="${item#*=}"
             if [[ "$result" != "success" && "$result" != "skipped" ]]; then
+              if [[ "$tideclaw_alpha" == "true" ]]; then
+                case "$name" in
+                  prepare_release_package|install_smoke_release_checks) ;;
+                  *)
+                    echo "::warning::${name} ended with ${result}; Tideclaw alpha treats non-package-safety release-check lanes as advisory."
+                    continue
+                    ;;
+                esac
+              fi
               if [[ "$name" == qa_* ]]; then
                 echo "::warning::${name} ended with ${result}; QA release-check lanes are advisory and do not block release validation."
                 continue

.github/workflows/openclaw-release-publish.yml

@@ -15,6 +15,10 @@ on:
         description: Successful Full Release Validation run id for this tag/SHA, required when publish_openclaw_npm=true
         required: false
         type: string
+      npm_telegram_run_id:
+        description: Optional successful NPM Telegram Beta E2E run id to include in final release evidence
+        required: false
+        type: string
       npm_dist_tag:
         description: npm dist-tag for the OpenClaw package
         required: true
@@ -76,6 +80,7 @@ jobs:
     timeout-minutes: 20
     outputs:
       sha: ${{ steps.manifest.outputs.sha || steps.ref.outputs.sha }}
+      preflight_artifact_name: ${{ steps.preflight_artifact.outputs.name }}
     steps:
       - name: Validate inputs
         env:
@@ -110,8 +115,12 @@ jobs:
             echo "publish_openclaw_npm=true requires full_release_validation_run_id." >&2
             exit 1
           fi
-          if [[ "${PUBLISH_OPENCLAW_NPM}" == "true" && "${WORKFLOW_REF}" != "refs/heads/main" && ! "${WORKFLOW_REF}" =~ ^refs/heads/release/[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*$ ]]; then
-            echo "publish_openclaw_npm=true requires dispatching this workflow from main or release/YYYY.M.D." >&2
+          tideclaw_alpha_publish=false
+          if [[ "${RELEASE_TAG}" == *"-alpha."* && "${RELEASE_NPM_DIST_TAG}" == "alpha" && "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            tideclaw_alpha_publish=true
+          fi
+          if [[ "${PUBLISH_OPENCLAW_NPM}" == "true" && "${WORKFLOW_REF}" != "refs/heads/main" && ! "${WORKFLOW_REF}" =~ ^refs/heads/release/[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*$ && "${tideclaw_alpha_publish}" != "true" ]]; then
+            echo "publish_openclaw_npm=true requires dispatching this workflow from main, release/YYYY.M.D, or a Tideclaw alpha branch for alpha prereleases." >&2
             exit 1
           fi
           if [[ "${PLUGIN_PUBLISH_SCOPE}" == "selected" && -z "${PLUGINS}" ]]; then
@@ -131,14 +140,43 @@ jobs:
           esac
 
       - name: Download OpenClaw npm preflight manifest
+        id: preflight_artifact
         if: ${{ inputs.publish_openclaw_npm }}
-        uses: actions/download-artifact@v8
-        with:
-          name: openclaw-npm-preflight-${{ inputs.tag }}
-          path: ${{ runner.temp }}/openclaw-npm-preflight-manifest
-          repository: ${{ github.repository }}
-          run-id: ${{ inputs.preflight_run_id }}
-          github-token: ${{ github.token }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PREFLIGHT_RUN_ID: ${{ inputs.preflight_run_id }}
+          RELEASE_TAG: ${{ inputs.tag }}
+        run: |
+          set -euo pipefail
+
+          preferred_name="openclaw-npm-preflight-${RELEASE_TAG}"
+          preflight_dir="${RUNNER_TEMP}/openclaw-npm-preflight-manifest"
+          rm -rf "${preflight_dir}"
+          mkdir -p "${preflight_dir}"
+          if gh run download "${PREFLIGHT_RUN_ID}" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --name "${preferred_name}" \
+            --dir "${preflight_dir}"; then
+            echo "name=${preferred_name}" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          echo "::warning::${preferred_name} not found; checking run artifacts for a single compatible preflight artifact."
+          mapfile -t matches < <(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/runs/${PREFLIGHT_RUN_ID}/artifacts" \
+            --jq '.artifacts[] | select(.expired != true) | .name' |
+            grep '^openclaw-npm-preflight-' || true)
+          if [[ "${#matches[@]}" != "1" ]]; then
+            echo "Expected ${preferred_name}, or exactly one openclaw-npm-preflight-* fallback artifact in run ${PREFLIGHT_RUN_ID}." >&2
+            printf 'Available preflight candidates:\n' >&2
+            printf -- '- %s\n' "${matches[@]:-<none>}" >&2
+            exit 1
+          fi
+          fallback_name="${matches[0]}"
+          gh run download "${PREFLIGHT_RUN_ID}" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --name "${fallback_name}" \
+            --dir "${preflight_dir}"
+          echo "name=${fallback_name}" >> "$GITHUB_OUTPUT"
 
       - name: Download full release validation manifest
         if: ${{ inputs.publish_openclaw_npm }}
@@ -245,7 +283,10 @@ jobs:
             exit 1
           fi
 
-      - name: Validate release tag is reachable from main or release branch
+      - name: Validate release tag is reachable from a trusted release branch
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+          WORKFLOW_REF_NAME: ${{ github.ref_name }}
         run: |
           set -euo pipefail
           git fetch --no-tags origin \
@@ -259,7 +300,17 @@ jobs:
               exit 0
             fi
           done < <(git for-each-ref --format='%(refname)' refs/remotes/origin/release)
-          echo "Release tag must point to a commit reachable from main or release/*." >&2
+          if [[ "${RELEASE_TAG}" == *"-alpha."* ]]; then
+            if [[ ! "${WORKFLOW_REF_NAME}" =~ ^tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+              echo "Alpha publish tags must be dispatched from tideclaw/alpha/YYYY-MM-DD-HHMMZ." >&2
+              exit 1
+            fi
+            git fetch --no-tags origin "+refs/heads/${WORKFLOW_REF_NAME}:refs/remotes/origin/${WORKFLOW_REF_NAME}"
+            if git merge-base --is-ancestor HEAD "refs/remotes/origin/${WORKFLOW_REF_NAME}"; then
+              exit 0
+            fi
+          fi
+          echo "Release tag must point to a commit reachable from main, release/*, or the matching Tideclaw alpha branch for alpha prereleases." >&2
           exit 1
 
       - name: Summarize release target
@@ -293,6 +344,12 @@ jobs:
           fetch-depth: 1
           persist-credentials: false
 
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          install-bun: "false"
+          cache-key-suffix: release-publish
+
       - name: Dispatch publish workflows
         env:
           GH_TOKEN: ${{ github.token }}
@@ -306,6 +363,9 @@ jobs:
           PLUGINS: ${{ inputs.plugins }}
           PUBLISH_OPENCLAW_NPM: ${{ inputs.publish_openclaw_npm && 'true' || 'false' }}
           WAIT_FOR_CLAWHUB: ${{ inputs.wait_for_clawhub && 'true' || 'false' }}
+          PREFLIGHT_ARTIFACT_NAME: ${{ needs.resolve_release_target.outputs.preflight_artifact_name }}
+          NPM_TELEGRAM_RUN_ID: ${{ inputs.npm_telegram_run_id }}
+          POSTPUBLISH_EVIDENCE_DIR: ${{ runner.temp }}/openclaw-release-postpublish-evidence
         run: |
           set -euo pipefail
 
@@ -314,7 +374,10 @@ jobs:
             shift
 
             local before_json dispatch_output run_id
-            before_json="$(gh run list --repo "$GITHUB_REPOSITORY" --workflow "$workflow" --event workflow_dispatch --limit 100 --json databaseId --jq '[.[].databaseId]')"
+            before_json="$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/workflows/${workflow}/runs" \
+              -F event=workflow_dispatch \
+              -F per_page=100 \
+              --jq '[.workflow_runs[].id]')"
 
             dispatch_output="$(gh workflow run --repo "$GITHUB_REPOSITORY" "$workflow" --ref "$CHILD_WORKFLOW_REF" "$@" 2>&1)"
             printf '%s\n' "$dispatch_output" >&2
@@ -327,8 +390,10 @@ jobs:
             if [[ -z "$run_id" ]]; then
               for _ in $(seq 1 60); do
                 run_id="$(
-                  BEFORE_IDS="$before_json" gh run list --repo "$GITHUB_REPOSITORY" --workflow "$workflow" --event workflow_dispatch --limit 50 --json databaseId,createdAt \
-                    --jq 'map(select(.databaseId as $id | (env.BEFORE_IDS | fromjson | index($id) | not))) | sort_by(.createdAt) | reverse | .[0].databaseId // empty'
+                  BEFORE_IDS="$before_json" gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/workflows/${workflow}/runs" \
+                    -F event=workflow_dispatch \
+                    -F per_page=50 \
+                    --jq '.workflow_runs | map({databaseId:.id, createdAt:.created_at}) | map(select(.databaseId as $id | (env.BEFORE_IDS | fromjson | index($id) | not))) | sort_by(.createdAt) | reverse | .[0].databaseId // empty'
                 )"
                 if [[ -n "$run_id" ]]; then
                   break
@@ -349,6 +414,73 @@ jobs:
             printf '%s\n' "${run_id}"
           }
 
+          print_pending_deployments() {
+            local workflow="$1"
+            local run_id="$2"
+            local pending_json
+
+            pending_json="$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/pending_deployments" 2>/dev/null || true)"
+            if [[ -z "${pending_json}" ]] || ! printf '%s' "${pending_json}" | jq -e 'length > 0' >/dev/null 2>&1; then
+              return 0
+            fi
+
+            echo "${workflow} pending environment approval:"
+            while IFS=$'\t' read -r env_id env_name can_approve; do
+              echo "- env=${env_name} canApprove=${can_approve}"
+              echo "  approve: gh api -X POST repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/pending_deployments -F 'environment_ids[]=${env_id}' -f state=approved -f comment='Approve release gate'"
+            done < <(printf '%s' "${pending_json}" | jq -r '.[] | [.environment.id, .environment.name, .current_user_can_approve] | @tsv')
+          }
+
+          approve_pending_deployments() {
+            local workflow="$1"
+            local run_id="$2"
+            local pending_json approved
+
+            pending_json="$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/pending_deployments" 2>/dev/null || true)"
+            if [[ -z "${pending_json}" ]] || ! printf '%s' "${pending_json}" | jq -e 'length > 0' >/dev/null 2>&1; then
+              return 0
+            fi
+
+            approved=0
+            while IFS=$'\t' read -r env_id env_name; do
+              if [[ -z "${env_id}" ]]; then
+                continue
+              fi
+              echo "${workflow}: approving pending environment ${env_name} (${env_id})"
+              gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/pending_deployments" \
+                -F "environment_ids[]=${env_id}" \
+                -f state=approved \
+                -f comment="Approve release gate from OpenClaw Release Publish wrapper" >/dev/null
+              approved=1
+            done < <(printf '%s' "${pending_json}" | jq -r '.[] | select(.current_user_can_approve == true) | [.environment.id, .environment.name] | @tsv')
+
+            if [[ "${approved}" == "1" ]]; then
+              echo "${workflow}: approved available pending environment gates"
+            fi
+          }
+
+          print_failed_run_summary() {
+            local run_id="$1"
+            local failed_json
+
+            failed_json="$(gh run view --repo "$GITHUB_REPOSITORY" "$run_id" --json jobs \
+              --jq '.jobs[] | select(.conclusion != "success" and .conclusion != "skipped") | {databaseId, name, conclusion, url}' || true)"
+            if [[ -z "${failed_json}" ]]; then
+              return 0
+            fi
+
+            echo "Failed child job summary:"
+            printf '%s\n' "${failed_json}"
+            while IFS=$'\t' read -r job_id job_name; do
+              if [[ -z "${job_id}" ]]; then
+                continue
+              fi
+              echo "--- ${job_name} (${job_id}) log tail ---"
+              gh run view --repo "$GITHUB_REPOSITORY" "$run_id" --job "${job_id}" --log 2>/dev/null |
+                tail -200 || true
+            done < <(printf '%s\n' "${failed_json}" | jq -r '[.databaseId, .name] | @tsv' 2>/dev/null || true)
+          }
+
           wait_for_run() {
             local workflow="$1"
             local run_id="$2"
@@ -366,6 +498,8 @@ jobs:
               state="${status}:${updated_at}"
               if [[ "$state" != "$last_state" ]]; then
                 echo "${workflow} still ${status} (updated ${updated_at}): ${url}"
+                print_pending_deployments "${workflow}" "${run_id}"
+                approve_pending_deployments "${workflow}" "${run_id}"
                 last_state="$state"
               fi
               sleep 30
@@ -393,7 +527,7 @@ jobs:
               echo "- ${workflow}: ${conclusion} in ${duration_label} (${url})"
             } >> "$GITHUB_STEP_SUMMARY"
             if [[ "$conclusion" != "success" ]]; then
-              gh run view --repo "$GITHUB_REPOSITORY" "$run_id" --json jobs --jq '.jobs[] | select(.conclusion != "success" and .conclusion != "skipped") | {name, conclusion, url}' || true
+              print_failed_run_summary "${run_id}"
               return 1
             fi
           }
@@ -466,17 +600,18 @@ jobs:
           }
 
           upload_dependency_evidence_release_asset() {
-            local release_version download_dir asset_path asset_name
+            local release_version download_dir asset_path asset_name artifact_name
             release_version="${RELEASE_TAG#v}"
             download_dir="${RUNNER_TEMP}/openclaw-release-dependency-evidence-asset"
             asset_name="openclaw-${release_version}-dependency-evidence.zip"
             asset_path="${RUNNER_TEMP}/${asset_name}"
+            artifact_name="${PREFLIGHT_ARTIFACT_NAME:-openclaw-npm-preflight-${RELEASE_TAG}}"
 
             rm -rf "${download_dir}" "${asset_path}"
             mkdir -p "${download_dir}"
             gh run download "${PREFLIGHT_RUN_ID}" \
               --repo "${GITHUB_REPOSITORY}" \
-              --name "openclaw-npm-preflight-${RELEASE_TAG}" \
+              --name "${artifact_name}" \
               --dir "${download_dir}"
 
             if [[ ! -d "${download_dir}/dependency-evidence" ]]; then
@@ -492,6 +627,42 @@ jobs:
             echo "- Dependency evidence asset: \`${asset_name}\`" >> "$GITHUB_STEP_SUMMARY"
           }
 
+          verify_published_release() {
+            local release_version evidence_path
+            local -a verify_args
+
+            release_version="${RELEASE_TAG#v}"
+            evidence_path="${POSTPUBLISH_EVIDENCE_DIR}/release-postpublish-evidence.json"
+            mkdir -p "${POSTPUBLISH_EVIDENCE_DIR}"
+
+            verify_args=(
+              release:verify-beta
+              --
+              "${release_version}"
+              --tag "${RELEASE_TAG}"
+              --dist-tag "${RELEASE_NPM_DIST_TAG}"
+              --repo "${GITHUB_REPOSITORY}"
+              --workflow-ref "${CHILD_WORKFLOW_REF}"
+              --full-release-validation-run "${FULL_RELEASE_VALIDATION_RUN_ID}"
+              --plugin-npm-run "${plugin_npm_run_id}"
+              --plugin-clawhub-run "${plugin_clawhub_run_id}"
+              --openclaw-npm-run "${openclaw_npm_run_id}"
+              --evidence-out "${evidence_path}"
+            )
+            if [[ -n "${PLUGINS// }" ]]; then
+              verify_args+=(--plugins "${PLUGINS}")
+            fi
+            if [[ -n "${NPM_TELEGRAM_RUN_ID// }" ]]; then
+              verify_args+=(--npm-telegram-run "${NPM_TELEGRAM_RUN_ID}")
+            fi
+
+            pnpm "${verify_args[@]}"
+            {
+              echo "- Postpublish verification: passed"
+              echo "- Postpublish evidence: \`${evidence_path}\`"
+            } >> "$GITHUB_STEP_SUMMARY"
+          }
+
           {
             echo "### Publish sequence"
             echo
@@ -500,11 +671,11 @@ jobs:
             echo "- Release SHA: \`${TARGET_SHA}\`"
             echo "- Plugin npm and ClawHub publish: dispatched in parallel"
             if [[ "${PUBLISH_OPENCLAW_NPM}" == "true" ]]; then
-              echo "- OpenClaw npm publish: starts after plugin npm succeeds; ClawHub may still be running"
+              echo "- OpenClaw npm publish: starts after plugin npm succeeds; final verification waits for ClawHub"
             else
               echo "- OpenClaw npm publish: skipped by input"
             fi
-            if [[ "${WAIT_FOR_CLAWHUB}" == "true" ]]; then
+            if [[ "${WAIT_FOR_CLAWHUB}" == "true" || "${PUBLISH_OPENCLAW_NPM}" == "true" ]]; then
               echo "- Workflow completion waits for ClawHub"
             else
               echo "- Workflow completion does not wait for ClawHub; monitor the dispatched ClawHub run separately"
@@ -546,7 +717,7 @@ jobs:
 
           clawhub_result=""
           clawhub_pid=""
-          if [[ "${WAIT_FOR_CLAWHUB}" == "true" ]]; then
+          if [[ "${WAIT_FOR_CLAWHUB}" == "true" || "${PUBLISH_OPENCLAW_NPM}" == "true" ]]; then
             clawhub_result="$RUNNER_TEMP/clawhub-result.txt"
             wait_run_pid=""
             wait_for_run_background plugin-clawhub-release.yml "${plugin_clawhub_run_id}" "${clawhub_result}"
@@ -565,23 +736,39 @@ jobs:
           fi
 
           failed=0
-          if [[ -n "${clawhub_pid}" ]] && ! wait "${clawhub_pid}"; then
-            failed=1
-          fi
+          openclaw_failed=0
           if [[ -n "${openclaw_pid}" ]] && ! wait "${openclaw_pid}"; then
             failed=1
+            openclaw_failed=1
+          fi
+          if [[ -n "${openclaw_result}" && -f "${openclaw_result}" && "$(cat "${openclaw_result}")" != "success" ]]; then
+            failed=1
+            openclaw_failed=1
+          fi
+
+          if [[ -n "${openclaw_npm_run_id}" && "${openclaw_failed}" == "0" ]]; then
+            create_or_update_github_release
+            upload_dependency_evidence_release_asset
+          fi
+
+          if [[ -n "${clawhub_pid}" ]] && ! wait "${clawhub_pid}"; then
+            failed=1
           fi
           if [[ -f "${clawhub_result}" && "$(cat "${clawhub_result}")" != "success" ]]; then
             failed=1
           fi
-          if [[ -n "${openclaw_result}" && -f "${openclaw_result}" && "$(cat "${openclaw_result}")" != "success" ]]; then
-            failed=1
+
+          if [[ "${failed}" == "0" && -n "${openclaw_npm_run_id}" ]]; then
+            verify_published_release
           fi
           if [[ "${failed}" != "0" ]]; then
             exit 1
           fi
 
-          if [[ -n "${openclaw_npm_run_id}" ]]; then
-            create_or_update_github_release
-            upload_dependency_evidence_release_asset
-          fi
+      - name: Upload postpublish evidence
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v7
+        with:
+          name: openclaw-release-postpublish-evidence-${{ inputs.tag }}
+          path: ${{ runner.temp }}/openclaw-release-postpublish-evidence
+          if-no-files-found: ignore

.github/workflows/opengrep-precise-full.yml

@@ -62,7 +62,7 @@ jobs:
 
       - name: Upload SARIF as workflow artifact
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: opengrep-full-sarif
           path: .opengrep-out/precise.sarif

.github/workflows/opengrep-precise.yml

@@ -92,7 +92,7 @@ jobs:
 
       - name: Upload SARIF as workflow artifact
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: opengrep-pr-diff-sarif
           path: .opengrep-out/precise.sarif

.github/workflows/package-acceptance.yml

@@ -93,8 +93,18 @@ on:
         required: false
         default: ""
         type: string
+      advisory:
+        description: Treat acceptance failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
   workflow_call:
     inputs:
+      advisory:
+        description: Treat acceptance failures as advisory for the caller
+        required: false
+        default: false
+        type: boolean
       workflow_ref:
         description: Trusted repo ref for workflow scripts and Docker E2E harness
         required: false
@@ -509,6 +519,7 @@ jobs:
     needs: resolve_package
     uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
     with:
+      advisory: ${{ inputs.advisory }}
       ref: ${{ needs.resolve_package.outputs.package_source_sha || inputs.workflow_ref }}
       include_repo_e2e: false
       include_release_path_suites: ${{ needs.resolve_package.outputs.include_release_path_suites == 'true' }}
@@ -573,6 +584,7 @@ jobs:
     if: needs.resolve_package.outputs.telegram_enabled == 'true'
     uses: ./.github/workflows/npm-telegram-beta-e2e.yml
     with:
+      advisory: ${{ inputs.advisory }}
       package_spec: ${{ inputs.package_spec }}
       package_artifact_name: ${{ needs.resolve_package.outputs.package_artifact_name }}
       package_label: openclaw@${{ needs.resolve_package.outputs.package_version }}
@@ -599,6 +611,7 @@ jobs:
         shell: bash
         run: |
           set -euo pipefail
+          advisory="${{ inputs.advisory }}"
           failed=0
           for item in \
             "resolve_package=${RESOLVE_RESULT}" \
@@ -608,6 +621,10 @@ jobs:
             name="${item%%=*}"
             result="${item#*=}"
             if [[ "$result" != "success" && "$result" != "skipped" ]]; then
+              if [[ "$advisory" == "true" && "$name" != "resolve_package" ]]; then
+                echo "::warning::${name} ended with ${result}; package acceptance is advisory for this caller."
+                continue
+              fi
               echo "::error::${name} ended with ${result}"
               failed=1
             fi

.github/workflows/plugin-clawhub-release.yml

@@ -16,7 +16,7 @@ on:
         required: false
         type: string
       ref:
-        description: Commit SHA on main or a release branch to publish from; defaults to the workflow ref
+        description: Commit SHA on main, a release branch, or the matching Tideclaw alpha branch to publish from; defaults to the workflow ref
         required: false
         default: ""
         type: string
@@ -82,7 +82,9 @@ jobs:
           fi
           echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
 
-      - name: Validate ref is on main or a release branch
+      - name: Validate ref is on a trusted publish branch
+        env:
+          WORKFLOW_REF: ${{ github.ref }}
         run: |
           set -euo pipefail
           if git merge-base --is-ancestor HEAD origin/main; then
@@ -93,7 +95,14 @@ jobs:
               exit 0
             fi
           done < <(git for-each-ref --format='%(refname)' refs/remotes/origin/release)
-          echo "Plugin ClawHub publishes must target a commit reachable from main or release/*." >&2
+          if [[ "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            alpha_branch="${WORKFLOW_REF#refs/heads/}"
+            git fetch --no-tags origin "+refs/heads/${alpha_branch}:refs/remotes/origin/${alpha_branch}"
+            if git merge-base --is-ancestor HEAD "refs/remotes/origin/${alpha_branch}"; then
+              exit 0
+            fi
+          fi
+          echo "Plugin ClawHub publishes must target a commit reachable from main, release/*, or the matching Tideclaw alpha branch." >&2
           exit 1
 
       - name: Validate publishable plugin metadata
@@ -168,6 +177,19 @@ jobs:
           echo "::error::One or more selected plugin versions already exist on ClawHub. Bump the version before running a real publish."
           exit 1
 
+      - name: Validate Tideclaw alpha plugin channels
+        if: startsWith(github.ref, 'refs/heads/tideclaw/alpha/')
+        run: |
+          set -euo pipefail
+          invalid="$(
+            jq -r '.candidates[]? | select(.publishTag != "alpha" or .channel != "alpha") | "- \(.packageName)@\(.version) [\(.publishTag)]"' .local/plugin-clawhub-release-plan.json
+          )"
+          if [[ -n "${invalid}" ]]; then
+            echo "Tideclaw alpha ClawHub publishes may only publish alpha plugin versions." >&2
+            printf '%s\n' "${invalid}" >&2
+            exit 1
+          fi
+
       - name: Verify OpenClaw ClawHub package ownership
         if: steps.plan.outputs.has_candidates == 'true'
         env:

.github/workflows/plugin-npm-release.yml

@@ -25,7 +25,7 @@ on:
           - selected
           - all-publishable
       ref:
-        description: Commit SHA on main or a release branch to publish from (copy from the preview run)
+        description: Commit SHA on main, a release branch, or the matching Tideclaw alpha branch to publish from
         required: true
         type: string
       plugins:
@@ -71,7 +71,9 @@ jobs:
         id: ref
         run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
 
-      - name: Validate ref is on main or a release branch
+      - name: Validate ref is on a trusted publish branch
+        env:
+          WORKFLOW_REF: ${{ github.ref }}
         run: |
           set -euo pipefail
           git fetch --no-tags origin \
@@ -85,7 +87,14 @@ jobs:
               exit 0
             fi
           done < <(git for-each-ref --format='%(refname)' refs/remotes/origin/release)
-          echo "Plugin npm publishes must target a commit reachable from main or release/*." >&2
+          if [[ "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            alpha_branch="${WORKFLOW_REF#refs/heads/}"
+            git fetch --no-tags origin "+refs/heads/${alpha_branch}:refs/remotes/origin/${alpha_branch}"
+            if git merge-base --is-ancestor HEAD "refs/remotes/origin/${alpha_branch}"; then
+              exit 0
+            fi
+          fi
+          echo "Plugin npm publishes must target a commit reachable from main, release/*, or the matching Tideclaw alpha branch." >&2
           exit 1
 
       - name: Validate publishable plugin metadata
@@ -151,6 +160,19 @@ jobs:
           echo "Already published / skipped:"
           jq -r '.skippedPublished[]? | "- \(.packageName)@\(.version)"' .local/plugin-npm-release-plan.json
 
+      - name: Validate Tideclaw alpha plugin channels
+        if: startsWith(github.ref, 'refs/heads/tideclaw/alpha/')
+        run: |
+          set -euo pipefail
+          invalid="$(
+            jq -r '.candidates[]? | select(.publishTag != "alpha" or .channel != "alpha") | "- \(.packageName)@\(.version) [\(.publishTag)]"' .local/plugin-npm-release-plan.json
+          )"
+          if [[ -n "${invalid}" ]]; then
+            echo "Tideclaw alpha plugin npm publishes may only publish alpha plugin versions." >&2
+            printf '%s\n' "${invalid}" >&2
+            exit 1
+          fi
+
   preview_plugin_pack:
     needs: preview_plugins_npm
     if: needs.preview_plugins_npm.outputs.has_candidates == 'true'

.github/workflows/qa-live-transports-convex.yml

@@ -60,13 +60,17 @@ jobs:
   authorize_actor:
     name: Authorize workflow actor
     runs-on: blacksmith-8vcpu-ubuntu-2404
+    outputs:
+      authorized: ${{ steps.permission.outputs.authorized }}
     steps:
       - name: Require maintainer-level repository access
+        id: permission
         uses: actions/github-script@v8
         with:
           script: |
             if (context.eventName === "schedule") {
               core.info("Scheduled default-branch QA run; actor permission check is only required for manual dispatch.");
+              core.setOutput("authorized", "true");
               return;
             }
             const allowed = new Set(["admin", "maintain", "write"]);
@@ -79,14 +83,18 @@ jobs:
             const permission = data.permission;
             core.info(`Actor ${context.actor} permission: ${permission}`);
             if (!allowed.has(permission)) {
-              core.setFailed(
+              core.notice(
                 `Workflow requires write/maintain/admin access. Actor "${context.actor}" has "${permission}".`,
               );
+              core.setOutput("authorized", "false");
+              return;
             }
+            core.setOutput("authorized", "true");
 
   validate_selected_ref:
     name: Validate selected ref
     needs: authorize_actor
+    if: needs.authorize_actor.outputs.authorized == 'true'
     runs-on: blacksmith-8vcpu-ubuntu-2404
     outputs:
       selected_revision: ${{ steps.validate.outputs.selected_revision }}
@@ -178,6 +186,8 @@ jobs:
           install-bun: "true"
 
       - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
         run: pnpm build
 
       - name: Run OpenAI candidate lane
@@ -188,7 +198,7 @@ jobs:
             --concurrency "${QA_PARITY_CONCURRENCY}" \
             --model "${OPENCLAW_CI_OPENAI_MODEL}" \
             --alt-model openai/gpt-5.5-alt \
-            --output-dir .artifacts/qa-e2e/gpt54
+            --output-dir .artifacts/qa-e2e/openai-candidate
 
       - name: Run Opus 4.7 lane
         run: |
@@ -197,28 +207,118 @@ jobs:
             --parity-pack agentic \
             --concurrency "${QA_PARITY_CONCURRENCY}" \
             --model anthropic/claude-opus-4-7 \
-            --alt-model anthropic/claude-sonnet-4-7 \
-            --output-dir .artifacts/qa-e2e/opus46
+            --alt-model anthropic/claude-sonnet-4-6 \
+            --output-dir .artifacts/qa-e2e/anthropic-baseline
 
       - name: Generate parity report
         run: |
           pnpm openclaw qa parity-report \
             --repo-root . \
-            --candidate-summary .artifacts/qa-e2e/gpt54/qa-suite-summary.json \
-            --baseline-summary .artifacts/qa-e2e/opus46/qa-suite-summary.json \
+            --candidate-summary .artifacts/qa-e2e/openai-candidate/qa-suite-summary.json \
+            --baseline-summary .artifacts/qa-e2e/anthropic-baseline/qa-suite-summary.json \
             --candidate-label "${OPENCLAW_CI_OPENAI_MODEL}" \
             --baseline-label anthropic/claude-opus-4-7 \
             --output-dir .artifacts/qa-e2e/parity
 
       - name: Upload parity artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: qa-parity-${{ github.run_id }}-${{ github.run_attempt }}
           path: .artifacts/qa-e2e/
           retention-days: 14
           if-no-files-found: warn
 
+  run_live_runtime_token_efficiency:
+    name: Run live runtime token-efficiency lane
+    needs: [authorize_actor, validate_selected_ref]
+    if: github.event_name == 'schedule'
+    runs-on: blacksmith-8vcpu-ubuntu-2404
+    timeout-minutes: 45
+    environment: qa-live-shared
+    env:
+      QA_PARITY_CONCURRENCY: "1"
+      OPENCLAW_QA_TRANSPORT_READY_TIMEOUT_MS: "180000"
+      OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
+    steps:
+      - name: Checkout selected ref
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          fetch-depth: 1
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          pnpm-version: ${{ env.PNPM_VERSION }}
+          install-bun: "true"
+
+      - name: Validate required QA credential env
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          if [[ -z "${OPENAI_API_KEY:-}" ]]; then
+            echo "Missing required OPENAI_API_KEY." >&2
+            exit 1
+          fi
+
+      - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
+        run: pnpm build
+
+      - name: Run live runtime parity lane
+        id: run_lane
+        shell: bash
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          OPENCLAW_LIVE_OPENAI_KEY: ${{ secrets.OPENAI_API_KEY }}
+        run: |
+          set -euo pipefail
+
+          output_dir=".artifacts/qa-e2e/runtime-token-efficiency-live-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
+          echo "output_dir=${output_dir}" >> "$GITHUB_OUTPUT"
+
+          pnpm openclaw qa suite \
+            --repo-root . \
+            --provider-mode live-frontier \
+            --runtime-parity-tier standard \
+            --runtime-parity-tier live-only \
+            --concurrency "${QA_PARITY_CONCURRENCY}" \
+            --model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --runtime-pair pi,codex \
+            --fast \
+            --allow-failures \
+            --output-dir "${output_dir}/runtime-suite"
+
+      - name: Generate live runtime token-efficiency report
+        if: always() && steps.run_lane.outcome != 'skipped' && steps.run_lane.outcome != 'cancelled'
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          pnpm openclaw qa parity-report \
+            --repo-root . \
+            --runtime-axis \
+            --token-efficiency \
+            --summary "${{ steps.run_lane.outputs.output_dir }}/runtime-suite/qa-suite-summary.json" \
+            --output-dir "${{ steps.run_lane.outputs.output_dir }}/runtime-report"
+
+      - name: Upload live runtime token-efficiency artifacts
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: qa-live-runtime-token-efficiency-${{ github.run_id }}-${{ github.run_attempt }}
+          path: ${{ steps.run_lane.outputs.output_dir }}
+          retention-days: 14
+          if-no-files-found: warn
+
   run_live_matrix:
     name: Run Matrix live QA lane
     needs: [authorize_actor, validate_selected_ref]
@@ -254,6 +354,8 @@ jobs:
           fi
 
       - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
         run: pnpm build
 
       - name: Run Matrix live lane
@@ -287,7 +389,7 @@ jobs:
 
       - name: Upload Matrix QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: qa-live-matrix-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_lane.outputs.output_dir }}
@@ -338,6 +440,8 @@ jobs:
           fi
 
       - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
         run: pnpm build
 
       - name: Run Matrix live lane shard
@@ -370,7 +474,7 @@ jobs:
 
       - name: Upload Matrix QA shard artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: qa-live-matrix-${{ matrix.profile }}-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_lane.outputs.output_dir }}
@@ -420,6 +524,8 @@ jobs:
           require_var OPENCLAW_QA_CONVEX_SECRET_CI
 
       - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
         run: pnpm build
 
       - name: Run Telegram live lane
@@ -463,7 +569,7 @@ jobs:
 
       - name: Upload Telegram QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: qa-live-telegram-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_lane.outputs.output_dir }}
@@ -513,6 +619,8 @@ jobs:
           require_var OPENCLAW_QA_CONVEX_SECRET_CI
 
       - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
         run: pnpm build
 
       - name: Run Discord live lane
@@ -547,8 +655,8 @@ jobs:
             --repo-root . \
             --output-dir "${output_dir}" \
             --provider-mode live-frontier \
-            --model openai/gpt-5.4 \
-            --alt-model openai/gpt-5.4 \
+            --model openai/gpt-5.5 \
+            --alt-model openai/gpt-5.5 \
             --fast \
             --credential-source convex \
             --credential-role ci \
@@ -556,7 +664,7 @@ jobs:
 
       - name: Upload Discord QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: qa-live-discord-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_lane.outputs.output_dir }}
@@ -568,6 +676,9 @@ jobs:
     needs: [authorize_actor, validate_selected_ref]
     runs-on: blacksmith-8vcpu-ubuntu-2404
     timeout-minutes: 60
+    concurrency:
+      group: qa-live-whatsapp-shared
+      cancel-in-progress: false
     environment: qa-live-shared
     steps:
       - name: Checkout selected ref
@@ -606,6 +717,8 @@ jobs:
           require_var OPENCLAW_QA_CONVEX_SECRET_CI
 
       - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
         run: pnpm build
 
       - name: Run WhatsApp live lane
@@ -649,7 +762,7 @@ jobs:
 
       - name: Upload WhatsApp QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: qa-live-whatsapp-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_lane.outputs.output_dir }}
@@ -699,6 +812,8 @@ jobs:
           require_var OPENCLAW_QA_CONVEX_SECRET_CI
 
       - name: Build private QA runtime
+        env:
+          NODE_OPTIONS: --max-old-space-size=8192
         run: pnpm build
 
       - name: Run Slack live lane
@@ -742,7 +857,7 @@ jobs:
 
       - name: Upload Slack QA artifacts
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: qa-live-slack-${{ github.run_id }}-${{ github.run_attempt }}
           path: ${{ steps.run_lane.outputs.output_dir }}

.github/workflows/real-behavior-proof.yml

@@ -18,6 +18,7 @@ jobs:
     name: Real behavior proof
     permissions:
       contents: read
+      issues: read
       pull-requests: read
     runs-on: ubuntu-24.04
     steps:
@@ -25,5 +26,25 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.base.sha }}
           persist-credentials: false
+      - uses: actions/create-github-app-token@v3
+        id: app-token
+        continue-on-error: true
+        with:
+          app-id: "2729701"
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          permission-issues: read
+          permission-members: read
+      - uses: actions/create-github-app-token@v3
+        id: app-token-fallback
+        if: steps.app-token.outcome == 'failure'
+        continue-on-error: true
+        with:
+          app-id: "2971289"
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY_FALLBACK }}
+          permission-issues: read
+          permission-members: read
       - name: Check real behavior proof
+        env:
+          GH_APP_TOKEN: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
+          GITHUB_TOKEN: ${{ github.token }}
         run: node scripts/github/real-behavior-proof-check.mjs

.github/workflows/workflow-sanity.yml

@@ -2,8 +2,12 @@ name: Workflow Sanity
 
 on:
   pull_request:
+    paths-ignore:
+      - "CHANGELOG.md"
   push:
     branches: [main]
+    paths-ignore:
+      - "CHANGELOG.md"
   workflow_dispatch:
 
 permissions:

.oxlintrc.json

@@ -8,6 +8,7 @@
   },
   "rules": {
     "curly": "error",
+    "eslint/no-underscore-dangle": "error",
     "eslint-plugin-unicorn/prefer-array-find": "error",
     "eslint/no-array-constructor": "error",
     "eslint/no-await-in-loop": "off",

AGENTS.md

@@ -35,18 +35,24 @@ Skills own workflows; root owns hard policy and routing.
 - External official plugins own package/deps and are excluded from core dist; core uses registry-aware `facade-runtime` or generic contracts.
 - Externalizing a bundled plugin: update package excludes, official catalogs, docs, tests, and prove core runtime paths resolve installed plugin roots before root-dep removal.
 - Legacy config repair belongs in `openclaw doctor --fix`, not startup/load-time core migrations. Runtime paths use canonical contracts.
-- New seams: backward-compatible, documented, versioned. Third-party plugins exist.
+- Fix shape: default to clean bounded refactor, not smallest patch. Move ownership to right boundary; delete stale abstractions, duplicate policy, dead branches, wrappers, fallback stacks.
+- Lean code is a goal. No internal shims, aliases, legacy names, broad fallbacks, or defensive branches just to reduce diff or handle unrealistic edge cases.
+- Handle real production states, shipped upgrade paths, security boundaries, and dependency contracts. Public/hostile/observed malformed input gets care; hypothetical malformed input does not.
+- Public plugin SDK/API is the compat exception. New API first, old path only via named compat/deprecation metadata, docs, warnings when useful, tests for old+new, planned removal.
+- Migrate internal/bundled callers to modern API in the same change. Do not let internal compat become permanent architecture.
 - Channels are implementation under `src/channels/**`; plugin authors get SDK seams. Providers own auth/catalog/runtime hooks; core owns generic loop.
 - Hot paths should carry prepared facts forward: provider id, model ref, channel id, target, capability family, attachment class. Do not rediscover with broad plugin/provider/channel/capability loaders.
 - Do not fix repeated request-time discovery with scattered caches. Move the canonical fact earlier; reuse prepared runtime objects; delete duplicate lookup branches.
 - Inline code comments: brief notes for tricky, bug-prone, or previously buggy logic.
 - Gateway protocol changes: additive first; incompatible needs versioning/docs/client follow-through.
+- Protocol version bumps: explicit owner confirmation only; never automatic/generated.
 - Config contract: exported types, schema/help, metadata, baselines, docs aligned. Retired public keys stay retired; compat in raw migration/doctor only.
 - Prompt cache: deterministic ordering for maps/sets/registries/plugin lists/files/network results before model/tool payloads. Preserve old transcript bytes when possible.
+- Agent tool schema cleanup: remove stale args cleanly; no hidden compat for model-facing params just to avoid churn.
 
 ## Commands
 
-- Runtime: Node 22+. Keep Node + Bun paths working.
+- Runtime: Node 22.19+; Node 24 recommended. Keep Node + Bun paths working.
 - Package manager/runtime: repo defaults only. No swaps without approval.
 - Install: `pnpm install` (keep Bun lock/patches aligned if touched).
 - Sharp/Homebrew libvips source-build fail: `SHARP_IGNORE_GLOBAL_LIBVIPS=1 pnpm install`.
@@ -63,15 +69,17 @@ Skills own workflows; root owns hard policy and routing.
 ## Validation
 
 - Use `$openclaw-testing` for test/CI choice and `$crabbox` for remote/full/E2E proof.
+- Crabbox request means real scenario proof: install/update/call/repro user path; not just copy tests and run them remotely.
 - Small/narrow tests, lints, format checks, and type probes are fine locally only in a healthy normal checkout.
 - In Codex worktrees, direct local `pnpm test*`, `pnpm check*`, `pnpm crabbox:run`, and `scripts/committer` can trigger pnpm dependency reconciliation or install prompts. Prefer `node` wrappers locally and Crabbox/Testbox for pnpm-gated proof.
 - Full suites, broad changed gates, Docker/package/E2E/live/cross-OS proof, or anything that bogs down the Mac: Crabbox/Testbox.
 - One/few files local. If a local command fans out, stop and move broad proof to Crabbox/Testbox.
 - Before handoff/push: prove touched surface. Before landing to `main`: issue proof plus appropriate full/broad proof unless scope is clearly narrow.
-- Pre-land/pre-commit code changes: use `$codex-review` until no accepted/actionable findings remain, unless equivalent manual review already done, trivial/docs-only, or user opts out.
+- Pre-land/pre-commit code changes: use `$autoreview` until no accepted/actionable findings remain, unless equivalent manual review already done, trivial/docs-only, or user opts out.
 - If proof is blocked, say exactly what is missing and why.
 - Do not land related failing format/lint/type/build/tests. If unrelated on latest `origin/main`, say so with scoped proof.
 - Docs/changelog-only and CI/workflow metadata-only: `git diff --check` plus relevant docs/workflow sanity; escalate only if scripts/config/generated/package/runtime behavior changed.
+- Prompt snapshots: CI truth is Linux Node 24. If macOS local passes but CI drifts, reproduce/generate in Linux before rerun.
 
 ## GitHub / PRs
 
@@ -103,6 +111,10 @@ Skills own workflows; root owns hard policy and routing.
 - No `@ts-nocheck`. Lint suppressions only intentional + explained.
 - External boundaries: prefer `zod` or existing schema helpers.
 - Runtime branching: discriminated unions/closed codes over freeform strings. Avoid semantic sentinels (`?? 0`, empty object/string).
+- Formatter-friendly shape: when oxfmt explodes an expression vertically, extract named booleans, payloads, or small helpers. Do not change width or use format-ignore for local compactness.
+- Calls should be boring: complex decisions happen above; call args/object fields are names, literals, or simple property reads.
+- Prefer early returns over nested condition pyramids. Split code into gather -> normalize -> decide -> act.
+- Use named intermediates only for domain meaning or readability; avoid temp-variable soup.
 - Dynamic import: no static+dynamic import for same prod module. Use `*.runtime.ts` lazy boundary. After edits: `pnpm build`; check `[INEFFECTIVE_DYNAMIC_IMPORT]`.
 - Cycles: keep `pnpm check:import-cycles` + architecture/madge green.
 - Classes: no prototype mixins/mutations. Prefer inheritance/composition. Tests prefer per-instance stubs.

Dockerfile

@@ -198,13 +198,29 @@ RUN install -d -m 0755 "$COREPACK_HOME" && \
     chmod -R a+rX "$COREPACK_HOME"
 
 # Install additional system packages needed by your skills or extensions.
-# Example: docker build --build-arg OPENCLAW_DOCKER_APT_PACKAGES="python3 wget" .
+# Example: docker build --build-arg OPENCLAW_IMAGE_APT_PACKAGES="python3 wget" .
+# Legacy alias: OPENCLAW_DOCKER_APT_PACKAGES is still accepted as a fallback.
+ARG OPENCLAW_IMAGE_APT_PACKAGES
 ARG OPENCLAW_DOCKER_APT_PACKAGES=""
 RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,id=openclaw-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
-    if [ -n "$OPENCLAW_DOCKER_APT_PACKAGES" ]; then \
+    packages="${OPENCLAW_IMAGE_APT_PACKAGES-$OPENCLAW_DOCKER_APT_PACKAGES}"; \
+    if [ -n "$packages" ]; then \
       apt-get update && \
-      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $OPENCLAW_DOCKER_APT_PACKAGES; \
+      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $packages; \
+    fi
+
+# Install additional Python packages needed by your plugins or skills.
+# Example: docker build --build-arg OPENCLAW_IMAGE_PIP_PACKAGES="requests humanize" .
+ARG OPENCLAW_IMAGE_PIP_PACKAGES=""
+RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,id=openclaw-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
+    if [ -n "$OPENCLAW_IMAGE_PIP_PACKAGES" ]; then \
+      if ! python3 -m pip --version >/dev/null 2>&1; then \
+        apt-get update && \
+        DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends python3-pip; \
+      fi && \
+      python3 -m pip install --no-cache-dir --break-system-packages $OPENCLAW_IMAGE_PIP_PACKAGES; \
     fi
 
 # Optionally install Chromium and Xvfb for browser automation.
@@ -293,4 +309,4 @@ USER node
 HEALTHCHECK --interval=3m --timeout=10s --start-period=15s --retries=3 \
   CMD node -e "fetch('http://127.0.0.1:18789/healthz').then((r)=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
 ENTRYPOINT ["tini", "-s", "--"]
-CMD ["node", "openclaw.mjs", "gateway", "--allow-unconfigured"]
+CMD ["node", "openclaw.mjs", "gateway"]

README.md

@@ -96,7 +96,7 @@ Model note: while many providers and models are supported, prefer a current flag
 
 ## Install (recommended)
 
-Runtime: **Node 24 (recommended) or Node 22.16+**.
+Runtime: **Node 24 (recommended) or Node 22.19+**.
 
 ```bash
 npm install -g openclaw@latest
@@ -109,7 +109,7 @@ OpenClaw Onboard installs the Gateway daemon (launchd/systemd user service) so i
 
 ## Quick start (TL;DR)
 
-Runtime: **Node 24 (recommended) or Node 22.16+**.
+Runtime: **Node 24 (recommended) or Node 22.19+**.
 
 Full beginner guide (auth, pairing, channels): [Getting started](https://docs.openclaw.ai/start/getting-started)
 

SECURITY.md

@@ -312,7 +312,7 @@ OpenClaw's web interface (Gateway Control UI + HTTP endpoints) is intended for *
 
 ### Node.js Version
 
-OpenClaw requires **Node.js 22.16.0 or later** (LTS). This version includes important security patches:
+OpenClaw requires **Node.js 22.19.0 or later** (LTS). Node 24 is the recommended default runtime for new installs. The minimum version includes important security patches:
 
 - CVE-2025-59466: async_hooks DoS vulnerability
 - CVE-2026-21636: Permission model bypass vulnerability
@@ -320,7 +320,7 @@ OpenClaw requires **Node.js 22.16.0 or later** (LTS). This version includes impo
 Verify your Node.js version:
 
 ```bash
-node --version  # Should be v22.16.0 or later
+node --version  # Should be v22.19.0 or later
 ```
 
 ### Docker Security

appcast.xml

@@ -2,6 +2,222 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>OpenClaw</title>
+        <item>
+            <title>2026.5.18</title>
+            <pubDate>Mon, 18 May 2026 22:41:13 +0000</pubDate>
+            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
+            <sparkle:version>2026051890</sparkle:version>
+            <sparkle:shortVersionString>2026.5.18</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>OpenClaw 2026.5.18</h2>
+<h3>Changes</h3>
+<ul>
+<li>Agents: clarify that fixes should default to clean bounded refactors, lean internals, and explicit plugin SDK/API deprecation paths.</li>
+<li>Dependencies: update <code>@openclaw/proxyline</code> to 0.3.3.</li>
+<li>Dependencies: update Pi packages to 0.75.1 and raise the minimum supported Node.js 22 line to 22.19.</li>
+<li>Docker/Podman: add <code>OPENCLAW_IMAGE_APT_PACKAGES</code> as the runtime-neutral image build arg for extra apt packages while keeping <code>OPENCLAW_DOCKER_APT_PACKAGES</code> as a legacy fallback. (#62431) Thanks @urtabajev.</li>
+<li>Gateway/ACPX: attribute startup probe, config, runtime, and resource-count costs in restart traces without changing readiness behavior. (#83300) Thanks @samzong.</li>
+<li>Gateway: overlap startup logging and plugin-service startup with channel sidecars to reduce restart ready latency while preserving <code>/readyz</code> sidecar gating. (#83301) Thanks @samzong.</li>
+<li>Plugins/admin-http-rpc: allow trusted admin HTTP RPC clients to start and wait for web QR login flows. (#83259) Thanks @liorb-mountapps.</li>
+<li>Mac app: redesign Settings pages with consistent card layouts, cached navigation, cleaner permissions/voice/skills/cron/exec/debug panes, and steadier spacing around the native sidebar.</li>
+<li>Skills: rename the repo-local Codex closeout review skill and helper to <code>autoreview</code> while preserving the Codex-first fallback behavior.</li>
+<li>Skills: add a meme-maker skill for curated template search, local SVG/PNG rendering, Imgflip hosted rendering, and Know Your Meme provenance links.</li>
+<li>Browser: surface pending and recently handled modal dialogs in snapshots, return <code>blockedByDialog</code> when an action opens a modal, and allow <code>browser dialog --dialog-id</code> to answer pending dialogs.</li>
+<li>Agents/tools: shorten built-in tool descriptions and schema hints across media, messaging, sessions, cron, Gateway, web, image/PDF, TTS, nodes, and plan tools while preserving routing guardrails.</li>
+<li>Skills: add node inspector debugging, fused diagram generation, and throwaway spike workflow skills.</li>
+<li>CLI/plugins: add <code>defineToolPlugin</code> plus <code>openclaw plugins build</code>, <code>validate</code>, and <code>init</code> for typed simple tool plugins with generated manifest metadata, optional tool declarations, and context factories.</li>
+<li>Agents/skills: tighten bundled skill prompts and metadata, quote skill descriptions, refresh current CLI/API guidance, and update embedded sherpa-onnx runtime downloads.</li>
+<li>Skills: update the Obsidian skill to target the official <code>obsidian</code> CLI and require its registered binary instead of the third-party <code>obsidian-cli</code>.</li>
+<li>Skills: add a Python debugging skill for pdb, breakpoint(), post-mortem inspection, and debugpy remote attach.</li>
+<li>Plugins/messages: add presentation capability limits for channel renderers, adapt rich message controls before native rendering, and mark legacy <code>interactive</code>/Slack directive producer APIs as deprecated.</li>
+<li>Proxy: support HTTPS managed forward-proxy endpoints and scoped <code>proxy.tls.caFile</code> CA trust for proxy endpoint TLS. (#79171) Thanks @jesse-merhi.</li>
+<li>QA-Lab: add first-hour 20-turn and optional 100-turn runtime parity scenarios, with tier metadata for standard and soak QA gates. Fixes #80338; refs #80337. Thanks @100yenadmin.</li>
+<li>QA-Lab: add <code>openclaw qa suite --runtime-parity-tier</code> and wire the standard Codex-vs-Pi tier into release checks separately from optional/live-only/soak lanes. Fixes #80337. Thanks @100yenadmin.</li>
+<li>QA-Lab: add a live-only Codex Pi-shaped Read vocabulary canary so runtime parity catches native workspace-read prompt compatibility drift. (#80323) Thanks @100yenadmin.</li>
+<li>QA-Lab: add live-only harness self-health scenarios for plugin hook crashes, manifest contract errors, and WebChat direct-reply self-message routing. (#80323) Thanks @100yenadmin.</li>
+<li>QA-Lab: add runtime tool fixture scenarios and coverage reporting for Codex-native workspace tools, OpenClaw dynamic tools, and optional plugin-backed tools. Fixes #80173. Thanks @100yenadmin.</li>
+<li>QA-Lab: expose runtime tool fixture coverage through <code>openclaw qa coverage --tools</code>, with optional suite-summary evaluation for parity gate artifacts. Thanks @100yenadmin.</li>
+<li>QA-Lab: schedule a live-frontier Codex-vs-Pi runtime token-efficiency artifact lane in the all-lanes QA workflow. Fixes #80175. Thanks @100yenadmin.</li>
+<li>QA-Lab: hard-gate required OpenClaw dynamic runtime-tool drift in the standard Codex-vs-Pi tier with a blocking release-check verifier and publish the tool coverage report artifact. Fixes #80339; refs #80319. Thanks @100yenadmin.</li>
+<li>QA-Lab: add the personal-agent approval-denial scenario so the benchmark pack verifies denied local reads stop cleanly without tool progress or fixture leaks. (#83150) Thanks @iFiras-Max1.</li>
+<li>QA-Lab: extend the personal-agent benchmark pack with a local task followthrough scenario for proof-backed pending, blocked, and done status reporting. Thanks @iFiras-Max1.</li>
+<li>Gateway/performance: add <code>pnpm test:restart:gateway</code> benchmark tooling for repeated restart readiness, downtime, trace, and resource-slope evidence. (#83299) Thanks @samzong.</li>
+<li>Android: switch Talk Mode to realtime Gateway relay voice sessions with streaming mic input, realtime audio playback, tool-result bridging, and on-screen transcripts. (#83130) Thanks @sliekens.</li>
+</ul>
+<h3>Fixes</h3>
+<ul>
+<li>Discord/OpenAI: keep realtime Discord voice sessions hearing follow-up turns with OpenAI realtime and prebuffer assistant playback to avoid choppy starts. (#80505) Thanks @Solvely-Colin.</li>
+<li>Media: prevent image metadata probing from invoking external decoder delegates on unrecognized image bytes, and stop fallback chaining after real processing errors.</li>
+<li>Media: install Sharp with the root package and fall back to sips, Windows native imaging, ImageMagick, GraphicsMagick, or ffmpeg for image resizing/conversion when Sharp is unavailable. Fixes #83401. Thanks @scotthuang.</li>
+<li>Telegram: deliver generated media completions back into forum topics by preserving topic IDs across requester-agent handoff. (#83556) Thanks @fuller-stack-dev.</li>
+<li>Gateway: defer update-check startup until after readiness so package update checks no longer block sidecar-ready startup, while preserving update broadcasts and shutdown cleanup. (#83520) Thanks @samzong.</li>
+<li>Telegram: keep <code>/btw</code> and read-only status commands from aborting active runs, and avoid retaining raw update payloads in timed-out spool tombstones. Refs #83272.</li>
+<li>Agents/video: hide <code>video_generate</code> reference-audio parameters unless a registered video provider supports audio inputs.</li>
+<li>Plugins/xAI: echo PKCE challenge fields during OAuth authorization-code token exchange for xAI token-endpoint compatibility. (#83499) Thanks @fuller-stack-dev.</li>
+<li>Codex app-server: hydrate current inbound image attachments before queued runs so Responses-backed agents receive Discord and other channel images as native vision input. Fixes #83466. Thanks @iannwu.</li>
+<li>Codex app-server: keep native code mode available without forcing code-mode-only so OpenClaw dynamic tool turns complete through the app-server tool bridge. Fixes #83109. Thanks @daswass.</li>
+<li>Release stability: recover stale session diagnostics and Codex OAuth fallback state so stuck runs and reused refresh tokens clear without blocking follow-up work. (#83503) Thanks @100yenadmin.</li>
+<li>Messages/TTS: apply TTS directives before message-tool sends reach core, gateway, or plugin delivery so opt-in message-tool rooms and proactive sends attach voice notes instead of leaking raw tags. Fixes #81598. Thanks @CG-Intelligence-Agent-Jack and @CoronovirusG10.</li>
+<li>Codex app-server: preserve network access for sandboxed Codex code-mode turns when the OpenClaw sandbox allows outbound egress. Fixes #83347. Thanks @YusukeIt0.</li>
+<li>QA-Lab: keep the OTLP smoke decoder independent of removed OpenTelemetry generated-root internals.</li>
+<li>Messages: default group/channel visible replies to automatic final delivery again, keeping <code>message_tool</code> opt-in for ambient/shared rooms and tool-reliable models.</li>
+<li>CLI/TUI: force standalone <code>/exit</code> runs to terminate after <code>runTui</code> returns so onboarding-launched TUI children do not stay alive invisibly. (#83501) Thanks @fuller-stack-dev.</li>
+<li>Agents/code mode: honor per-agent code-mode config in schema, runtime catalog activation, and model payload filtering. Fixes #83388. Thanks @Kaspre.</li>
+<li>Agents/code mode: preserve agent, session, run, and channel context in <code>before_tool_call</code> hooks for top-level <code>exec</code>/<code>wait</code> dispatches. Fixes #83387.</li>
+<li>QQBot: shorten C2C typing indicators to a 10-second window renewed every 5 seconds, capped to keep a final passive-reply slot available. (#83469)</li>
+<li>Replies: keep final payload delivery after live preview updates so channels can finalize or send the completed answer instead of losing preview-only drafts. (#83468)</li>
+<li>Discord: deliver final replies in progress-mode preview streams instead of deduplicating the final visible message. (#83443) Thanks @compoodment.</li>
+<li>Providers/Xiaomi: replay MiMo Anthropic-compatible <code>reasoning_content</code> as provider-required thinking blocks even when OpenClaw thinking is disabled, fixing follow-up tool turns for <code>mimo-v2-flash</code>. Fixes #83407. Thanks @Xgenious7.</li>
+<li>Agents/exec approvals: forward approval-runtime credentials on agent-owned Gateway approval calls so approved async commands complete through the existing runtime path instead of stalling on unauthenticated follow-up calls. Thanks @IWhatsskill, @Patrick-Erichsen, and @jesse-merhi.</li>
+<li>Gateway/skills: preflight remote macOS skill-bin refreshes with a WebSocket connectivity check so stale node sessions skip quickly instead of logging slow <code>system.which</code> timeout warnings.</li>
+<li>CLI/config: keep broken discovered plugins that are not referenced by active config from failing <code>openclaw config validate</code>, while preserving fatal errors for explicitly configured plugin entries.</li>
+<li>GitHub Copilot: drop unsafe native Responses reasoning replay items with non-replayable IDs before dispatch, preventing affected Copilot sessions from failing with <code>invalid_request_body</code>. Fixes #83220. Thanks @galiniliev.</li>
+<li>Agents/Codex: fail closed when an explicitly requested Codex harness is not registered instead of silently trying configured model fallbacks. Fixes #83349. Thanks @r2-vibes.</li>
+<li>QA-Lab: make runtime tool coverage fail on missing required tool exercise instead of treating pass/pass parity envelope drift as missing coverage.</li>
+<li>Core/plugins: harden clawpatch-reported edge cases across gateway auth cleanup, Claude session id paths, plugin activation policy, apply-patch hunk handling, diagnostic redaction, and plugin metadata validation.</li>
+<li>UI: show reasoning choices as plain labels instead of leaking internal override wording in session and chat pickers.</li>
+<li>Mac app: avoid repeating the Configuration heading inside channel quick settings.</li>
+<li>Mac app: keep the Settings sidebar always visible and remove the redundant titlebar hide/show control.</li>
+<li>Mac app: prefer explicit private/Tailscale/LAN Gateway endpoints over SSH tunnels, preserve legacy loopback tunnel configs, persist transport choices, and show captured SSH stderr when tunneling really fails.</li>
+<li>Gateway/sessions: keep ACP/acpx and runtime child sessions visible in configured-only session lists when their owner or parent session belongs to a configured agent.</li>
+<li>Mac app: keep app-level menu commands and Dashboard failure states reachable when the remote Gateway is disconnected.</li>
+<li>Mac app: allow longer Gateway and Context errors to wrap in the menu instead of truncating the useful failure detail.</li>
+<li>Mac app: tighten remote Gateway fields in Settings so the Connection pane keeps readable labels and full action button text.</li>
+<li>Mac app: keep custom Settings card rows left-aligned and full-width so Discovery and status sections no longer appear centered or detached.</li>
+<li>Mac app: align Location permission controls to the same trailing column as the rest of Settings.</li>
+<li>Mac app: add Dashboard, Chat, Canvas, and Settings shortcuts to the Dock icon menu.</li>
+<li>Mac app: replace the Settings window's native split-view sidebar with an explicit layout so page content keeps its leading gutter when the sidebar is shown or hidden.</li>
+<li>Mac app: render channel quick config as aligned Settings rows and hide schema-only variants that cannot be edited safely from the quick pane.</li>
+<li>Gateway/webchat: hide internal runtime-context and other <code>display: false</code> transcript messages from Chat history and live message events. Fixes #83216. Thanks @EmpireCreator.</li>
+<li>CLI/help: keep <code>gateway</code>, <code>doctor</code>, <code>status</code>, and <code>health</code> help registration out of action/runtime imports so subcommand <code>--help</code> stays lightweight in constrained terminals. Fixes #83228. Thanks @dfguerrerom.</li>
+<li>Cron/Discord: keep explicit announce runs in message-tool-only source-reply mode so scheduled agent turns post once instead of also echoing through automatic visible replies. Fixes #83261. Thanks @Theralley.</li>
+<li>Telegram: preserve forum-topic origin targets in inbound, audio-preflight, and skipped-message hook contexts so follow-up delivery stays bound to the originating topic. Fixes #83302. Thanks @M00zyx.</li>
+<li>Telegram: retry HTTP 421 Misdirected Request send failures on a fresh fallback transport so transient edge-node routing errors no longer drop outbound replies. Fixes #48892. (#48908) Thanks @MarsDoge.</li>
+<li>Telegram: fail topic sends closed when Telegram reports <code>message thread not found</code> instead of retrying without <code>message_thread_id</code> into the base chat. Refs #83302.</li>
+<li>Config/subagents: remove ignored agent-model <code>timeoutMs</code> keys, keep subagent model config to primary/fallback selection, and clean shipped stale config through doctor. Fixes #83291. Thanks @giodl73-repo.</li>
+<li>Mac app: align the Sessions settings pane with the standard Settings page gutter and row spacing.</li>
+<li>OpenAI/Codex: stop rejecting available <code>openai-codex</code> GPT-5.1, GPT-5.2, and GPT-5.3 model refs during config validation, while keeping removed Spark aliases suppressed. Fixes #83303.</li>
+<li>Plugins/xAI: complete OAuth-backed xAI login and sidecar auth fixes, including guarded loopback callback CORS handling, video generation polling/defaults, and native-host User-Agent attribution. (#83322) Thanks @Jaaneek.</li>
+<li>Codex app-server: preserve streamed native command output in mirrored transcripts and trajectory exports when final snapshots omit aggregated output. (#83200) Thanks @rozmiarD.</li>
+<li>Codex app-server: fail closed when chat or sender policy denies tools, disabling native code, app, environment, and user MCP surfaces for restricted turns. (#82374) Thanks @VACInc.</li>
+<li>Codex app-server: keep recent context-engine messages when oversized projected history is truncated, so short follow-ups in long channel sessions do not fall back to stale earlier turns. (#83127) Thanks @VACInc.</li>
+<li>Codex app-server: keep OpenClaw session spawning searchable while steering Codex-native delegation through native subagents, avoiding duplicate direct subagent surfaces. (#83329) Thanks @fuller-stack-dev.</li>
+<li>Codex app-server: recover stale childless Codex-native subagent task mirrors during maintenance and allow their registry rows to be cancelled without an OpenClaw child session. (#82836) Thanks @yshimadahrs-ship-it and @joshavant.</li>
+<li>Feishu: return bound subagent delivery origins from session thread setup so Feishu subagent completions route back to the same DM or topic. (#83190) Thanks @100menotu001.</li>
+<li>CLI/update: tailor post-update Gateway recovery hints by platform, showing systemd, LaunchAgent, Scheduled Task, or generic service-manager guidance instead of macOS-only recovery text. (#83096) Thanks @rubencu.</li>
+<li>Plugins: apply a default 15-second timeout to legacy <code>before_agent_start</code> hooks so hung plugin handlers no longer block agent startup. Fixes #48534. (#83136) Thanks @therahul-yo.</li>
+<li>Feishu: refresh inbound session delivery context for DM, group, and broadcast turns so later replies do not inherit stale WebChat routing. Fixes #78274.</li>
+<li>Agents/subagents: require the initial subagent registry save before reporting spawn accepted, returning a spawn error instead of losing an untracked run when the registry write fails. (#83146) Thanks @yetval.</li>
+<li>QA-Lab/qa-channel: attach redacted agent tool-start traces to outbound <code>QaBusMessage</code> records so scenarios can assert actual tool use instead of relying only on reply text. Fixes #67637. Thanks @100yenadmin.</li>
+<li>QA-Lab: fail live runtime parity reports when assistant-message usage is missing, preventing <code>0 vs 0</code> live token rows from being reported as passing proof. Fixes #80411. Thanks @100yenadmin.</li>
+<li>QA-Lab: add a runtime token-efficiency sidecar report that classifies Codex savings separately from regressions and fails only positive Codex-over-Pi live token deltas above threshold. Fixes #81093. Thanks @100yenadmin.</li>
+<li>QA-Lab: fail Codex-backed OpenAI live runtime-pair runs before launching isolated workers when no portable Codex auth is available, while staging API-key fallbacks and configured Codex keys for isolated QA agents. Fixes #80412. Thanks @100yenadmin.</li>
+<li>QA-Lab: refresh parity gates, mock frontier fixtures, model scenarios, and workflow artifact lanes to compare GPT-5.5 against Claude Opus 4.7. Fixes #74262. Thanks @100yenadmin.</li>
+<li>QA-Lab: make mock parity dispatch provider-aware for source discovery and subagent scenarios so OpenAI and Anthropic lanes no longer share identical canned plans. Fixes #64879. Thanks @100yenadmin.</li>
+<li>QA-Lab: stop returning Control UI bearer tokens from unauthenticated bootstrap payloads and bind Docker harness ports to loopback-only host addresses. (#66355) Thanks @pgondhi987.</li>
+<li>Mac app: avoid a SwiftUI metadata crash when rendering the Cron Jobs settings pane.</li>
+<li>Agents/subagents: preserve run-mode keep subagent registry entries past the session sweep TTL, so kept subagent runs remain visible after cleanup completes. Fixes #83132. (#83168) Thanks @yetval.</li>
+<li>Agents/OpenAI streams: yield via <code>setTimeout(0)</code> instead of <code>setImmediate</code> between bursty Responses chunks so abort timers can fire during the yield, keeping cancel-on-timeout responsive on hot streams. Refs #82462.</li>
+<li>Agents/Codex: keep legacy <code>oauthRef</code>-backed OAuth profiles usable while <code>openclaw doctor --fix</code> migrates them back to inline credentials, without creating new sidecar credentials. (#83312) Thanks @joshavant.</li>
+<li>Agents/Codex: load the selected provider owner alongside the Codex harness runtime so <code>openai-codex</code> models resolve when plugin allowlists scope runtime loading. Fixes #83380. (#83519) Thanks @joshavant.</li>
+<li>Telegram: fail stalled isolated-ingress handlers into tombstones and abort same-lane reply work before restarting, so later same-chat updates drain after a hung turn. Fixes #83272. (#83505) Thanks @joshavant.</li>
+<li>CLI/config: send SecretRef diagnostics to stderr so JSON command stdout remains parseable.</li>
+<li>CLI/doctor: seed Control UI allowed origins when migrating legacy non-loopback gateway bind host aliases like <code>0.0.0.0</code>. Fixes #83286. Thanks @giodl73-repo.</li>
+<li>CLI/plugins: ship the bundled memory CLI as a package entry so package-installed <code>openclaw memory</code> commands register correctly.</li>
+<li>CLI/update: defer doctor-time plugin package installs during package swaps and seed post-core repair from the updated install registry, preventing duplicate reinstall failures.</li>
+<li>CLI/update: preserve old-parent-readable config metadata during legacy package handoffs, fall back only to official <code>@openclaw/*</code> npm plugin packages when ClawHub plugin artifacts are unavailable, and keep managed service package roots authoritative during updates.</li>
+<li>Feishu: detect SecretRef top-level credentials as a configured default account instead of treating object-backed app secrets as missing.</li>
+<li>Gateway/restart: keep ordinary unmanaged SIGUSR1/config restarts in-process instead of detach-spawning an orphaned child, preserving custom supervisor PID tracking while leaving update restarts on the fresh-process path. Fixes #65668.</li>
+<li>CLI/completion: resolve concrete PowerShell profile paths and reload commands during setup and doctor completion installation. Fixes #44296. (#83059) Thanks @yu-xin-c.</li>
+<li>Telegram: keep isolated long polling below the hard <code>getUpdates</code> request guard so idle bot accounts with high <code>timeoutSeconds</code> do not false-disconnect and restart-loop. Fixes #83264. Thanks @riccodecarvalho.</li>
+<li>Providers/Google: preserve and recover Gemini 3 tool-call thought signatures during native replay so function-calling turns no longer fail with missing <code>thought_signature</code> 400s. Fixes #72879. (#80358) Thanks @abnershang.</li>
+<li>Telegram: skip transcript-only delivery mirrors and gateway-injected rows when resolving latest assistant text, preventing retained previews from replacing final replies with stale fragments. Fixes #83159. (#83362) Thanks @joshavant.</li>
+<li>Memory/QMD: keep lexical search on raw hyphenated queries while normalizing semantic QMD sub-searches, avoiding fallback to the builtin index for dashed identifiers and dates. Fixes #81328.</li>
+<li>Memory-core: distinguish sqlite-vec load failures from missing semantic vector embeddings in degraded <code>memory index</code> warnings, so vector recall diagnostics point at unresolved dimensions instead of blaming sqlite-vec when the store is ready. Fixes #75624. (#83056) Thanks @xuruiray and @Noah3521.</li>
+<li>Agents/subagents: preserve sandbox-peer controller ownership while routing completion announcements back to the originating run session, keeping subagent control and completion delivery scoped correctly. Fixes #80201. (#80242) Thanks @Jerry-Xin.</li>
+<li>Gateway: continue restarting remaining channels when one hot-reload channel restart fails, while still reporting aggregate reload failure and rolling back plugin pre-replace stops. Fixes #83054. Thanks @zqchris.</li>
+<li>Telegram: keep hot-reload restarts from marking polling accounts manually stopped and restart isolated ingress cleanly after worker shutdown, preserving Telegram replies across config reloads. Fixes #83008. (#83410) Thanks @joshavant.</li>
+<li>Telegram/Ollama: pass current Telegram image attachments into native PI/Ollama vision turns so live photo prompts reach Ollama as native images. Fixes #83023. (#83516) Thanks @joshavant.</li>
+<li>Gateway/secrets: split the lightweight secrets runtime state and auth-store cache from the full secrets runtime and take a startup fast path when the gateway startup config has no SecretRef values, speeding up secrets startup while preserving cleanup and refresh semantics.</li>
+<li>Codex app-server: rotate oversized native Codex threads before resume and cap dynamic tool-result text entering native Codex sessions, preventing stale oversized context from surviving OpenClaw compaction. (#82981) Thanks @hansolo949.</li>
+<li>Gateway/restart: drain pending replies and active chat runs during restart shutdown before sockets and channels close, aborting timed-out chat runs through the normal cleanup path. (#69121) Thanks @alexlomt.</li>
+<li>Agents/Codex: use the Codex runtime context window for OpenAI-model preflight compaction and memory flush checks, so GPT-5.5 Codex sessions compact before hitting the smaller native context limit. Fixes #82982. Thanks @vliuyt.</li>
+<li>QA-Lab: clean orphaned gateway temp roots when a suite parent exits and wait on gateway plus transport readiness after config restarts, reducing stale <code>qa-channel</code> noise from interrupted runs. Fixes #65506. Thanks @100yenadmin.</li>
+<li>QA-Lab: wake qa-bus long polls that arrive with stale future cursors after a bus restart, preserving reconnect readiness for harness clients. (#67142) Thanks @hxy91819.</li>
+<li>QA-Lab: stage Multipass transfer scripts under OpenClaw's preferred temp root instead of raw OS temp paths, keeping the VM runner inside temp-path guardrails. (#64098) Thanks @ImLukeF.</li>
+<li>Agents/replies: keep surviving reply media and append a warning when other media references fail, so partial media normalization no longer drops failures silently. Thanks @Jerry-Xin.</li>
+<li>Config/models: accept <code>thinkingFormat: "together"</code> in model compat config so Together routes can opt into the Together-specific thinking response shape.</li>
+<li>Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.7.1, bringing Codex hook approval compatibility, pre-tool command wrapping fixes, and Rolldown/Vitest output compaction improvements into the OpenClaw plugin.</li>
+<li>Agents/OpenAI: stop post-processing GPT-5 final replies with hardcoded brevity caps, preserving full channel responses instead of appending synthetic ellipses, and log when strict-agentic GPT-5 execution activates. Fixes #82910.</li>
+<li>Mac app: refine the Settings General and Connection panes with cleaner status panels, card rows, and a single native titlebar sidebar toggle.</li>
+<li>Agents/media: deliver failed async image, music, and video generation completions directly when requester-session completion handoff fails, so channel users see provider errors instead of silent fallback stalls.</li>
+<li>Browser/CDP: keep loopback proxy bypass active across both <code>NO_PROXY</code> casings and redact home-relative Chrome MCP profile paths in attach-failure diagnostics.</li>
+<li>Agents/music: steer song, jingle, beat, anthem, and instrumental requests toward <code>music_generate</code> audio creation instead of lyric-only replies, and reserve <code>lyrics</code> for exact sung words.</li>
+<li>Codex app-server: record native Codex tool calls and results into trajectory artifacts so debug/trajectory exports capture the full Codex-native tool history, not just OpenClaw-bridged turns. Thanks @vyctorbrzezowski.</li>
+<li>Codex/app-server: keep bound conversation sessions on the owning agent runtime so native Codex control and follow-up turns do not fall back to the default agent client. Fixes #82954. (#82993)</li>
+<li>CLI/infer: run gateway model probes in fresh explicit sessions so one-shot provider checks do not inherit default agent transcript state. (#82861) Thanks @Kaspre.</li>
+<li>Providers/Together: send video-generation requests to Together's v2 video API even when shared text-model config still points at the v1 base URL. (#82992)</li>
+<li>Browser CLI: preserve browser-level options on nested commands, skip option values during lazy command registration, and keep long-running wait/download/dialog hooks open for their advertised wait window.</li>
+<li>CLI/sessions: accept <code>openclaw sessions list</code> as an alias for <code>openclaw sessions</code>, matching other list-style commands. Fixes #81139. (#81163) Thanks @YB0y.</li>
+<li>Channels/stream previews: widen compact progress draft lines and cut prose at word boundaries while preserving command/path suffixes, with <code>streaming.progress.maxLineChars</code> for channel-specific tuning.</li>
+<li>CLI/plugins: have <code>openclaw plugins doctor</code> warn when a configured runtime needs a missing owner plugin, sharing the same install mapping as <code>openclaw doctor --fix</code>. Fixes #81326. (#81674) Thanks @Zavianx.</li>
+<li>Agents/Codex: route OpenAI runs that resolve to <code>openai-codex</code> through the Codex provider and bootstrap OpenClaw's stored OAuth profile into the Codex harness when the harness owns transport, so <code>openai/*</code> model refs no longer fail with <code>No API key found for openai-codex</code> despite an existing Codex OAuth profile. (#82864) Thanks @ragesaq.</li>
+<li>Agents/ACP: distinguish prompt-submitted and runtime-active child stalls from true interactive waits, including redacted proxy-env diagnostics for Codex ACP no-output runs. Fixes #44810.</li>
+<li>Agents/memory: explain that memory-triggered compaction exposes only <code>read</code> and append-only <code>write</code> when configured core tools are unavailable in <code>tools.allow</code> warnings. Fixes #82941. Thanks @galiniliev.</li>
+<li>Agents/OpenAI: preserve deterministic tool payload ordering for prompt-cache reuse across OpenAI Responses and chat completions calls. (#82940) Thanks @galiniliev.</li>
+<li>ACP/Codex: honor terminal ACP turn results so failed Codex/acpx runs are not recorded as successful after only progress text. Fixes #79522. Thanks @dudaefj.</li>
+<li>Telegram: warn when a media group drops photos that fail to download, including albums where every photo is skipped. Fixes #55216. (#82987) Thanks @eldar702.</li>
+<li>Agents/skills: apply the full effective tool policy pipeline to inline <code>command-dispatch: tool</code> skill dispatch before owner-only filtering, preserving configured allow, deny, sandbox, sender, group, and subagent restrictions. (#78525)</li>
+<li>Codex: avoid spawning native hook relay subprocesses for post-tool/finalize events with no registered hook handlers while preserving pre-tool safety and approval relays. Fixes #76552. (#78004) Thanks @evgyur.</li>
+<li>Channel accounts: keep top-level default channel accounts visible when named accounts are added alongside default credential material, so mixed legacy/new account configs keep resolving <code>default</code> instead of silently dropping it.</li>
+<li>Agents/CLI: reject empty successful CLI subprocess replies as <code>empty_response</code> and keep them out of shared auth-profile health, so blank Claude CLI results no longer become green no-payload turns. Fixes #83231. (#83421) Thanks @joshavant.</li>
+<li>Codex/Telegram: synthesize native Codex tool progress from final turn snapshots so Telegram <code>/verbose</code> stays visible when command events arrive only at completion.</li>
+<li>Codex/Telegram: deliver Codex verbose tool summaries in direct message-tool-only turns while suppressing message-send and activity-log noise. (#83186) Thanks @kurplunkin.</li>
+<li>Mac app: make Channels settings open faster by deferring config-schema work, avoiding startup channel probes, caching decoded channel status rows, and showing only compact quick settings instead of the full generated channel schema.</li>
+<li>Control UI: include the Control UI and Gateway protocol versions in protocol-mismatch errors so stale app/dashboard pairings identify which side needs rebuilding or restarting.</li>
+<li>Gateway/protocol: restore Gateway WS protocol v4 and keep <code>message.action</code> room-event metadata on the existing <code>inboundTurnKind</code> wire field while preserving internal inbound-event classification.</li>
+<li>Agents/tools: prefer non-webchat session-key routes when the message tool has stale webchat context, so message-tool-only replies keep delivering to the originating channel. Fixes #82911. (#83004) Thanks @joshavant.</li>
+<li>Channels: keep direct-message last-route writes on isolated <code>per-channel-peer</code> sessions instead of contaminating the agent main session with channel delivery context. Fixes #36614. Thanks @aspenas.</li>
+<li>Mac app: move the Settings sidebar toggle into the native titlebar and tighten the General pane width.</li>
+<li>Mac app: keep visited Settings panes mounted so switching tabs no longer blanks and reloads their content.</li>
+<li>Mac app: make Config settings open from shallow schema lookups and load selected paths on demand instead of fetching and rendering the full generated config schema up front.</li>
+<li>Codex: sanitize inline image payloads before Codex app-server and OpenAI Responses replay, and clear poisoned Codex thread bindings after invalid image errors. Fixes #82878.</li>
+<li>Providers/GitHub Copilot: request identity-encoded Copilot API responses across token exchange, catalog, model calls, usage, and embeddings so compressed Business-account error payloads no longer reach JSON parsers as gzip bytes. Fixes #82871. Thanks @tonyfe01.</li>
+<li>Telegram: redact nested raw-update identifiers and user metadata before verbose raw update logging, preserving useful update/message ids without exposing chat, user, command, or profile details. (#82945) Thanks @galiniliev and @joshavant.</li>
+<li>Telegram: preserve replied-to bot messages, captions, and media metadata in group reply chains so follow-up replies understand what the user is reacting to. (#82863)</li>
+<li>Providers/Together: update PI runtime packages to 0.74.1 and emit Together-style <code>reasoning.enabled</code>/<code>max_tokens</code> controls for reasoning-capable OpenAI-completions models.</li>
+<li>Agents/diagnostics: split slow embedded-run <code>attempt-dispatch</code> startup summaries into workspace, prompt, runtime-plan, and final dispatch subspans so traces identify the delayed setup phase. Fixes #82782. (#82783) Thanks @galiniliev.</li>
+<li>Agents/Codex: flatten nested tool-result middleware blocks into bounded text so successful message sends are no longer replaced with <code>Tool output unavailable due to post-processing error</code>. Fixes #82912. Thanks @joeykrug.</li>
+<li>CLI/media: accept HTTP(S) URLs in <code>openclaw infer image describe --file</code>, fetching remote images through the guarded media path instead of treating URLs as local files. Fixes #82837. (#82854) Thanks @neeravmakwana.</li>
+<li>Agents/subagents: keep session-backed parent runs active when the child wait call times out before the child session has actually settled, so late subagent completions are reconciled instead of being lost. Fixes #82787. Thanks @ramitrkar-hash.</li>
+<li>Control UI: advertise shared Gateway protocol constants in browser connect frames, fixing protocol mismatch handshakes after protocol constant drift. Fixes #82882. Thanks @galiniliev.</li>
+<li>Gateway: add rollback protocol-mismatch diagnostics, including client protocol ranges in Gateway logs and deep status/doctor hints for stale client processes. Fixes #82841. (#82908)</li>
+<li>Agents/subagents: keep successful keep-mode completion payloads pending after final-delivery retry exhaustion, so requester recovery no longer loses final subagent results. Fixes #82583. (#82999) Thanks @joshavant.</li>
+<li>Gateway/auth: allow same-host trusted-proxy callers to use the documented local direct <code>gateway.auth.password</code> fallback after revisiting the #78684 fail-closed policy, while keeping token fallback rejected and forwarded-header requests on the trusted-proxy path. Fixes #82607. (#82953) Thanks @joshavant.</li>
+<li>Agents/subagents: wait for queued completion handoffs to reach the parent transcript before marking them announced, preventing busy parent runs from cleaning up before observing child results. Fixes #82913. (#83039) Thanks @joshavant.</li>
+<li>Agents/subagents: route group/channel subagent completions through message-tool-only handoffs when required and keep active-requester wake failures from dropping completion delivery. Fixes #82803. Thanks @galiniliev, @yozakura-ava, and @moeedahmed.</li>
+<li>Memory-core: scan persisted memory source sessions on startup, comparing on-disk transcripts against the index and marking only missing/newer/resized files dirty for incremental sync. Fixes #82341. (#82341) Thanks @giodl73-repo.</li>
+<li>Telegram: keep the top-level default account in the account list when named accounts or bindings are added alongside top-level credentials, preserving default polling while still letting named-only configs resolve to a single account. Fixes #82794. (#82794) Thanks @giodl73-repo.</li>
+<li>CLI/models: reuse command-scoped plugin metadata across model listing, provider catalog, auth, and synthetic-auth checks, restoring fast <code>openclaw models</code> runs for plugin-heavy installs. Fixes #82881. (#83033) Thanks @joshavant.</li>
+<li>CLI/channels: show configured official external channels such as Discord in <code>openclaw channels list</code> when their plugin package is missing, including the install and doctor repair command instead of reporting no configured channels. Fixes #82813.</li>
+<li>Signal: preserve mixed-case group IDs through routing and session persistence so group auto-replies keep delivering after updates. Fixes #82827.</li>
+<li>Agents/tools: keep the <code>message</code> tool available in embedded runs when it is explicitly allowed through <code>tools.alsoAllow</code> or runtime tool allowlists, so channel plugins with custom reply delivery can still use configured message sends. Fixes #82833. Thanks @cn1313113.</li>
+<li>WhatsApp: honor forced document delivery for outbound image, GIF, and video media so <code>forceDocument</code>/<code>asDocument</code> sends preserve original media bytes instead of using compressed media payloads. (#79272) Thanks @itsuzef.</li>
+<li>WhatsApp: name outbound document attachments from their MIME type when no filename is provided, so PDF and CSV sends arrive as <code>file.pdf</code> and <code>file.csv</code> instead of an extensionless <code>file</code>. Thanks @mcaxtr.</li>
+<li>Process/diagnostics: report active lane blockers in lane wait warnings so <code>queueAhead=0</code> no longer hides commands waiting behind active work. Fixes #82791. (#82792) Thanks @galiniliev.</li>
+<li>Process/diagnostics: stop counting the active processing turn as queued backlog in liveness warnings so transient max-only event-loop spikes do not surface as gateway warnings.</li>
+<li>Agents/replies: classify provider conversation-state rejections and return a clear message-channel error instead of auto-resetting or falling back to a generic runner failure. (#82616) Thanks @dutifulbob.</li>
+<li>Browser plugin: trust managed Chrome CDP diagnostics when launch HTTP probes race cold-start readiness, avoiding false startup failures. Fixes #82904. (#82986) Thanks @kmanan and @hclsys.</li>
+<li>Android: prompt before replacing a changed Gateway TLS thumbprint, showing the old and new SHA-256 fingerprints so users can accept expected certificate rotations instead of hard failing on pin mismatch. (#83077) Thanks @sliekens.</li>
+<li>CLI/status: render extra gateway-like service diagnostics as warning/info output instead of error output. Fixes #46930. (#82922) thanks @giodl73-repo.</li>
+<li>Agents/failover: classify Moonshot/Kimi exhausted-balance HTTP 429 payloads as billing instead of generic rate limits, preserving billing guidance and fallback behavior. Fixes #43447. (#83079) Thanks @leno23.</li>
+<li>Plugin SDK: bundle <code>openclaw/plugin-sdk/zod</code> into the published package artifact and verify the packed zod subpath stays self-contained, so pnpm global installs can register plugins without a package-local <code>zod</code> symlink. Fixes #78398. (#78515) Thanks @ggzeng.</li>
+<li>Providers/Google: drop compaction-truncated Gemini thought signatures before replay so malformed Base64 no longer aborts the next assistant turn. (#82995) Thanks @wAngByg.</li>
+</ul>
+<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.5.18/OpenClaw-2026.5.18.zip" length="53924201" type="application/octet-stream" sparkle:edSignature="cU0TfUmBZbVOpgwou+GS7RQiDhEGVUxjK+bwsl1RXiqvJi9ErsYebZIxVayH8++v5PeycoK5+LQF5gLiXQa2AA=="/>
+        </item>
         <item>
             <title>2026.5.12</title>
             <pubDate>Fri, 15 May 2026 13:25:16 +0000</pubDate>
@@ -523,405 +739,5 @@
 ]]></description>
             <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.5.7/OpenClaw-2026.5.7.zip" length="51130645" type="application/octet-stream" sparkle:edSignature="Zu+EzBGMRE1k7N4//L8HUxtUCPdO0ImrfDbgr2GrPMBrj7VGI1tOOl74gxNJoi/wfWvXz3fYVcBz2W/84ojuCw=="/>
         </item>
-        <item>
-            <title>2026.5.2</title>
-            <pubDate>Sun, 03 May 2026 01:11:51 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
-            <sparkle:version>2026050290</sparkle:version>
-            <sparkle:shortVersionString>2026.5.2</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>OpenClaw 2026.5.2</h2>
-<h3>Highlights</h3>
-<ul>
-<li>External plugin installation, update, doctor repair, dependency reporting, and artifact metadata now cover the npm-first cutover, stale configured installs, missing package payloads, and beta-channel plugin fallback. Thanks @vincentkoc.</li>
-<li>Gateway and agent hot paths are leaner across startup, session listing, task maintenance, prompt prep, plugin loading, tool descriptor planning, filesystem guards, and large runtime configs.</li>
-<li>Control UI and WebChat are more resilient across Sessions, Cron, long-running Gateway WebSockets, grouped-message width, slash-command feedback, iOS PWA bounds, selection contrast, and Talk diagnostics.</li>
-<li>Messaging fixes cover WhatsApp Channel/Newsletter targets, Telegram topic commands and networking, Discord delivery/startup edge cases, Slack threads, Signal groups/media, and visible reply routing.</li>
-<li>Provider and media fixes cover OpenAI-compatible TTS/Realtime, OpenRouter/DeepSeek replay, Anthropic-compatible streaming, LM Studio reasoning metadata, Brave/SearXNG/Firecrawl web search, media paths, music, and voice-call routing.</li>
-</ul>
-<h3>Changes</h3>
-<ul>
-<li>Gateway/startup and restart: skip plugin-backed auth-profile overlays during startup secrets preflight, reducing gateway readiness latency while keeping reload and OAuth recovery paths overlay-capable; add <code>openclaw gateway restart --force</code> and <code>--wait <duration></code>, log active task run IDs before restart deferral timers, and report timeout restarts as explicit forced restarts. (#68327) Thanks @JIRBOY.</li>
-<li>Plugins/ClawHub: make diagnostics, onboarding, doctor repair, and channel setup carry ClawPack metadata through install records while keeping explicit <code>clawhub:</code> installs on ClawHub and bare package installs on npm for the launch cutover. Thanks @vincentkoc.</li>
-<li>Plugins/CLI: include package dependency install state in <code>openclaw plugins list --json</code> so scripts can spot missing plugin dependencies without runtime-loading plugins.</li>
-<li>Plugins/update: on the beta OpenClaw update channel, default-line npm and ClawHub plugin updates try <code>@beta</code> first and fall back to default/latest when no plugin beta release exists.</li>
-<li>Plugins/runtime: scope broad runtime preloads to the effective plugin ids derived from config, startup planning, configured channels, slots, and auto-enable rules instead of importing every discoverable plugin.</li>
-<li>Agents/runtime: reuse the startup-loaded plugin registry for request-time providers, tools, channel actions, web/capability/memory/migration helpers, and memoized provider extra-params, and memoize transcript replay-policy resolution for stable config and process-env runs while preserving model-specific transport hook patches and custom-env provider behavior. Thanks @DmitryPogodaev.</li>
-<li>Infra/path-guards: add a fast path for canonical absolute POSIX containment checks, avoiding repeated <code>path.resolve</code> and <code>path.relative</code> work in hot filesystem walkers. Refs #75895, #75575, and #68782. Thanks @Enderfga.</li>
-<li>Tools/plugins: add a platform-level tool descriptor planner for descriptor-first visibility, generic availability checks, and executor references, and cache plugin tool descriptors captured from <code>api.registerTool(...)</code> so repeated prompt-time planning can skip plugin runtime loading while execution still loads the live plugin tool. (#76079) Thanks @shakkernerd.</li>
-<li>Docs/Codex: clarify that ChatGPT/Codex subscription setups should use <code>openai/gpt-*</code> with <code>agentRuntime.id: "codex"</code> for native Codex runtime, while <code>openai-codex/*</code> remains the PI OAuth route. Thanks @pashpashpash.</li>
-<li>Plugins/source checkout: load bundled plugins from the <code>extensions/*</code> pnpm workspace tree in source checkouts, so plugin-local dependencies and edits are used directly while packaged installs keep using the built runtime tree. Thanks @vincentkoc.</li>
-<li>Plugins/beta: externalize ACPX behind <code>@openclaw/acpx</code> and diagnostics OpenTelemetry behind <code>@openclaw/diagnostics-otel</code>, keeping their heavier runtime stacks out of the core package until installed; prepare Google Chat, LINE, Matrix, Mattermost, BlueBubbles, diagnostics Prometheus, Google Meet, Nextcloud Talk, Nostr, Zalo, Zalo Personal, diagnostics OpenTelemetry, Discord, Diffs, Lobster, Memory LanceDB, Microsoft Teams, QQ Bot, Voice Call, WhatsApp, Brave, Codex, Feishu, Synology Chat, Tlon, and Twitch for <code>2026.5.1-beta.1</code>/<code>2026.5.1-beta.2</code> npm and ClawHub publishing, and keep publishable plugin dist trees out of the core npm package. Thanks @vincentkoc.</li>
-<li>Providers/xAI: add Grok 4.3 to the bundled catalog and make it the default xAI chat model.</li>
-<li>Google Meet: let API-created rooms set <code>accessType</code> and <code>entryPointAccess</code>, add <code>googlemeet end-active-conference</code> for closing managed spaces after a call, and add <code>googlemeet test-listen</code> plus the matching <code>google_meet</code> <code>test_listen</code> action so transcribe-mode joins wait for real caption or transcript movement before reporting listen-first health. (#74824; refs #72478) Thanks @BsnizND and @DougButdorf.</li>
-<li>Plugins/ClawHub/onboarding: prefer versioned ClawPack artifacts when ClawHub publishes digest metadata, verify ClawPack response headers and downloaded bytes, persist ClawPack digest/artifact metadata on install/update records and install-on-demand provider setup entries, and allow official bundled-plugin cutovers to record ClawHub artifact metadata while preserving npm as the launch default for bare package specs and retaining npm/local fallback paths. Thanks @vincentkoc.</li>
-<li>Plugins/Crestodian: add ClawHub plugin search plus Crestodian plugin list/search/install/uninstall operations, with approval and audit coverage for install and uninstall.</li>
-<li>Channels/thread bindings: replace split subagent/ACP thread-spawn toggles with <code>threadBindings.spawnSessions</code>, default thread-bound spawns on, and let <code>openclaw doctor --fix</code> migrate the legacy keys. (#75943)</li>
-<li>Providers/OpenAI: add <code>extraBody</code>/<code>extra_body</code> passthrough for OpenAI-compatible TTS endpoints, so custom speech servers can receive fields such as <code>lang</code> in <code>/audio/speech</code> requests. Fixes #39900. Thanks @R3NK0R.</li>
-<li>Channels/WhatsApp: support explicit WhatsApp Channel/Newsletter <code>@newsletter</code> outbound message targets with channel session metadata instead of DM routing. Fixes #13417; carries forward the narrow outbound target idea from #13424. Thanks @vincentkoc and @agentz-manfred.</li>
-<li>Dependencies: refresh workspace, bundled runtime, and plugin dependency pins, including TypeBox 1.1.37, AWS SDK 3.1041.0, Microsoft Teams 2.0.9, Marked 18.0.3, Pi 0.71.1, OpenAI 6.35.0, Codex 0.128.0, Zod 4.4.1, and Matrix 41.4.0. Thanks @mariozechner, @aws, and @microsoft.</li>
-<li>Discord/channels: add reusable message-channel access groups plus Discord channel-audience DM authorization, so allowlists can reference <code>accessGroup:<name></code> across channel auth paths. (#75813)</li>
-<li>Crabbox/scripts: print the selected Crabbox binary, version, and supported providers before <code>pnpm crabbox:*</code> commands, and reject stale binaries that lack <code>blacksmith-testbox</code> provider support.</li>
-<li>Agents/Codex: add committed happy-path prompt snapshots for Codex/message-tool Telegram direct, Discord group, and heartbeat turns so prompt drift can be reviewed. Thanks @pashpashpash.</li>
-<li>Agents/workspace: add <code>agents.defaults.skipOptionalBootstrapFiles</code> for skipping selected optional workspace files during bootstrap without disabling required workspace setup. (#62110) Thanks @mainstay22.</li>
-<li>Plugins/CLI: add first-class <code>git:</code> plugin installs with ref checkout, commit metadata, normal scanner/staging, and <code>plugins update</code> support for recorded git sources. Thanks @badlogic.</li>
-<li>Google Meet: add live caption health for Chrome transcribe mode, including caption observer state, transcript counters, last caption text, and recent transcript lines in status and doctor output. Refs #72478. Thanks @DougButdorf.</li>
-<li>Voice Call/Google Meet: add Twilio Meet join phase logs around pre-connect DTMF, realtime stream setup, and initial greeting handoff for easier live-call debugging. Thanks @donkeykong91 and @PfanP.</li>
-<li>macOS app: move recent session context rows into a Context submenu while keeping usage and cost details root-level, so the menu bar companion stays compact with many active sessions. Thanks @guti.</li>
-<li>Gateway/SDK: add SDK-facing tools.invoke RPC with shared HTTP policy, typed approval/refusal results, and SDK helper support. Refs #74705. Thanks @BunsDev and @ai-hpc.</li>
-<li>Discord: keep active buttons, selects, and forms working across Gateway restarts until they expire, so multi-step Discord interactions are less likely to break during upgrades or restarts. Thanks @amknight.</li>
-<li>Messages/docs: clarify that <code>BodyForAgent</code> is the primary inbound model text while <code>Body</code> is the legacy envelope fallback, and add Signal coverage so channel hardening patches target the real prompt path. Refs #66198. Thanks @defonota3box.</li>
-<li>Slack: publish a safe default App Home tab view on <code>app_home_opened</code>, include the Home tab event in setup manifests, and keep track of bot-participated threads across restarts so ongoing threaded conversations can continue auto-replying after the Gateway restarts. Fixes #11655; refs #52020. Thanks @TinyTb and @amknight.</li>
-<li>Control UI/Usage: add UTC quarter-hour token buckets for the Usage Mosaic and reuse them for hour filtering, keeping the legacy session-span fallback for older summaries. (#74337) Thanks @konanok.</li>
-<li>BlueBubbles: add opt-in <code>channels.bluebubbles.replyContextApiFallback</code> that fetches the original message from the BlueBubbles HTTP API when the in-memory reply-context cache misses (multi-instance deployments sharing one BB account, post-restart, after long-lived TTL/LRU eviction). Off by default; channel-level setting propagates to accounts that omit the flag through <code>mergeAccountConfig</code>; routed through the typed <code>BlueBubblesClient</code> so every fetch is SSRF-guarded by the same three-mode policy as every other BB client request; reply-id shape is validated and part-index prefixes (<code>p:0/<guid></code>) are stripped before the request; concurrent webhooks for the same <code>replyToId</code> coalesce into one fetch and successful responses populate the reply cache for subsequent hits. Also promotes BlueBubbles attachment download failures from verbose to runtime error so silently-dropped inbound images are visible at default log level, and extends <code>sanitizeForLog</code> to redact <code>?password=…</code>/<code>?token=…</code> query params and <code>Authorization:</code> headers before they reach the log sink (CWE-532). (#71820) Thanks @coletebou and @zqchris.</li>
-<li>CLI/proxy: add <code>openclaw proxy validate</code> so operators can verify effective proxy configuration, proxy reachability, and expected allow/deny destination behavior before deploying proxy-routed OpenClaw commands. (#73438) Thanks @jesse-merhi.</li>
-<li>Agents/Codex: default Codex app-server dynamic tools to native-first, keeping OpenClaw integration tools while leaving file, patch, exec, and process ownership to the Codex harness; default Codex-harness direct source replies to the OpenClaw <code>message</code> tool when visible reply delivery is not explicitly configured, keeping channel-visible output as a deliberate tool call. (#75308, #75765) Thanks @pashpashpash.</li>
-<li>Heartbeats/agents: add a structured <code>heartbeat_respond</code> tool for tool-capable heartbeat runs so agents can record quiet outcomes or explicit notification text without relying only on <code>HEARTBEAT_OK</code> parsing. (#75765) Thanks @pashpashpash.</li>
-<li>Gateway/config: allow <code>$include</code> directives to read files from operator-approved <code>OPENCLAW_INCLUDE_ROOTS</code> directories while preserving default config-directory confinement. Thanks @ificator.</li>
-</ul>
-<h3>Fixes</h3>
-<ul>
-<li>Agents/OpenAI: default GPT-5 API-key sessions to the SSE Responses transport unless WebSocket is explicitly selected, restoring replies in fresh Control UI and WebChat beta installs where the auto WebSocket path connected but produced no model events.</li>
-<li>Agents/sessions: preserve terminal lifecycle state when final run metadata persists from a stale in-memory snapshot, preventing sessions from staying stuck as running after completed or timed-out turns.</li>
-<li>Gateway/CLI/status: make <code>openclaw gateway start</code> repair stale managed service definitions that point at old OpenClaw versions, missing binaries, or temporary installer paths before starting; add concrete service, config, listener-owner, and log collection next steps when gateway probes fail and Bonjour finds no local gateway; avoid repeated plugin tool descriptor config hashing so large runtime configs do not block reply startup and trigger reconnect/timeouts. Refs #49012. (#75944) Thanks @vincentkoc and @joshavant.</li>
-<li>Plugins/update/config: stop treating the non-plugin <code>auth</code> command root as a bundled plugin id, keep packaged upgrades and beta external plugin installs on stable runtime aliases and matching prerelease npm specs, detect tracked plugin install records whose package directories disappeared during <code>openclaw update</code>, reinstall them before normal plugin updates, fail the update if install records still point at missing disk payloads, and validate configured web-search providers plus statically suppressed model/provider pairs against the active plugin set at config load. Thanks @vincentkoc.</li>
-<li>Codex/app-server: resolve managed binaries from bundled <code>dist</code> chunks and from the <code>@openai/codex</code> package bin when installs do not provide a nearby <code>.bin/codex</code> shim, avoiding false missing-binary startup failures.</li>
-<li>Status: show the <code>openai-codex</code> OAuth profile for <code>openai/gpt-*</code> sessions running through the native Codex runtime instead of reporting auth as unknown. (#76197) Thanks @mbelinky.</li>
-<li>Status/update: resolve beta update-channel checks from the installed version when config still says <code>stable</code>, show configured channels in <code>openclaw status</code> and config-only <code>openclaw channels status</code> output even when the Gateway is unreachable, and let <code>status --deep</code> reuse live gateway channel credential state instead of warning on command-path-only token misses. Thanks @vincentkoc.</li>
-<li>Plugins/externalization: add official npm-first catalogs for externalized channel, provider, and generic plugins; install official external web-search plugins before saving provider config; repair missing configured, selected-search, and env-selected plugin installs from npm by default; keep official install docs, update examples, live Codex checks, diagnostics ClawHub packages, and persisted bundled-plugin relocation on default npm tags; keep Matrix and Mattermost bundled until their npm packages cut over; and keep ACPX, Google Chat, and LINE publishable plugin dist trees out of the core package while ClawHub pack files roll out. Thanks @vincentkoc.</li>
-<li>Plugins/ClawHub/source/registry: use the ClawHub artifact resolver response as the install decision before downloading, keep bare plugin package specs on npm for the launch cutover and reserve ClawHub resolution for explicit <code>clawhub:</code> specs until ClawHub pack readiness is deployed, discover source-only plugins such as Codex from <code>extensions/*</code>, install ClawPack artifacts from the explicit npm-pack <code>.tgz</code> resolver path, persist artifact kind, npm integrity, shasum, and tarball metadata for update/diagnostics flows, fall back to version metadata when the artifact resolver route is missing, keep the Docker ClawHub fixture aligned with npm-pack artifact resolution, explain unavailable explicit ClawHub ClawPack artifact downloads with a temporary npm install hint, and hash manifest/package metadata when validating persisted plugin registries so fast same-size rewrites cannot leave stale plugin metadata trusted. Thanks @vincentkoc.</li>
-<li>Control UI: add validated <code>gateway.controlUi.chatMessageMaxWidth</code> instead of patched bundled CSS, ignore malformed persisted cron rows before they enter UI state, guard stale cron render paths, and bound the default Sessions tab query to recent activity and fewer rows while keeping filters editable. Fixes #67935, #55047, #54439, and #76050; supersedes #54550 and #54552. (#76051) Thanks @xiew4589-lang and @Neomail2.</li>
-<li>Gateway/channels: cap startup fanout at four channel/account handoffs and recover from Bonjour ciao self-probe races, reducing Windows startup stalls with many Telegram accounts. Fixes #75687.</li>
-<li>Gateway/sessions: keep <code>sessions.list</code> polling responsive on large session stores by reusing list-safe session cache/indexes and returning a lightweight compaction checkpoint preview instead of heavyweight summaries. Thanks @rolandrscheel.</li>
-<li>Control UI/Gateway: keep long-running dashboard WebSocket sessions alive with protocol pings, keep Stop available after reconnect or reload by recovering session-scoped active-run abort state, contain standalone iOS PWA viewports with safe-area-aware document locking, use high-contrast text selection colors, and show inline feedback when local slash-command dispatch is unavailable or fails unexpectedly. Fixes #70991, #60850, and #52105; supersedes #60854. Thanks @alexandre-leng, @kvncrw, @Badschaff, @efe-arv, and @MooreQiao.</li>
-<li>CLI/update: treat inherited Gateway service markers as origin hints and only block package replacement when the managed Gateway is still live, so self-updates can stop the service and continue safely. (#75729) Thanks @hxy91819.</li>
-<li>Agents/failover: exempt run-level timeouts that fire during tool execution from model fallback, timeout-triggered compaction, and generic timeout payload synthesis, avoiding misleading "LLM request timed out" errors after the primary model has already responded. Fixes #52147. (#75873) Thanks @simonusa.</li>
-<li>Docker: copy Bun 1.3.13 from a digest-pinned image and keep CI on the same version. Fixes #74356. Thanks @fede-kamel and @sallyom.</li>
-<li>Agents/compaction: keep prior context on consecutive turns against z.ai-style providers (z.ai direct, openrouter z-ai/\*, in-house GLM gateways), avoiding accidental Pi state reset after successful turns. (#76056) Thanks @openperf.</li>
-<li>Doctor/plugins: run a one-time 2026.5.2 configured-plugin install repair based on <code>meta.lastTouchedVersion</code>, update stale configured plugin manifests that still declare channels without <code>channelConfigs</code>, install actively used downloadable OpenClaw plugins through the configured external source, preserve unmanaged third-party plugin <code>node_modules</code>, and then mark the config touched for the release.</li>
-<li>Sessions/transcripts: use one <code>session.writeLock.acquireTimeoutMs</code> policy for session transcript lock acquisitions and raise the default wait to 60 seconds, avoiding user-visible lock timeouts during legitimate slow prep, cleanup, compaction, and mirror work. Fixes #75894. Thanks @shandutta.</li>
-<li>Agents/restart recovery: match cleaned transcript locks by exact transcript lock paths plus the canonical session fallback, so interrupted main sessions using topic-suffixed transcripts resume after gateway restart. Refs #76052. Thanks @anyech.</li>
-<li>Agents/runtime: cache the stable system-prompt prefix and reuse prompt-report tool schema stats during dispatch prep, reducing repeated CPU work before streaming starts. Fixes #75999; supersedes #76061. Thanks @zackchiutw and @STLI69.</li>
-<li>Telegram/native commands: pass persisted session files into plugin commands for topic-bound sessions, so <code>/codex bind</code> works from Telegram forum topics. Refs #75845 and #76049. Thanks @MatthewSchleder.</li>
-<li>Security audit/plugins: ignore plugin install backup, disabled, and dependency debris directories when enumerating installed plugin roots, avoiding false-positive findings for <code>.openclaw-install-backups</code> after plugin updates. Fixes #75456.</li>
-<li>Telegram: honor runtime conversation bindings for native slash commands in bound top-level groups, so commands like <code>/status@bot</code> route to the active non-<code>main</code> session instead of falling back to the default route. Fixes #75405; supersedes #75558. Thanks @ziptbm and @yfge.</li>
-<li>Gateway/tasks: make task registry maintenance use pass-local backing-session lookups and fresh active child-session indexes, avoiding repeated full task snapshots and session-store clones on large stale registries. Fixes #73517 and #75708; supersedes #74406 and #75709. Thanks @Lightningxxl, @glfruit, and @jared-rebel.</li>
-<li>Auth/sessions: JSON-clone auth-profile cache/runtime snapshots and remaining session cleanup previews instead of using <code>structuredClone</code>, preserving mutation isolation while avoiding native-memory growth on large stores. Fixes #45438. Thanks @markus-lassfolk.</li>
-<li>Models CLI: restore <code>openclaw models list --provider <id></code> catalog and registry fallback rows for unconfigured providers, so provider-specific verification commands no longer report "No models found." Fixes #75517; supersedes #75615. Thanks @lotsoftick and @koshaji.</li>
-<li>Gateway/macOS: write LaunchAgent services with a canonical system PATH and stop preserving old plist PATH entries, so Volta, asdf, fnm, and pnpm shell paths no longer affect gateway child-process Node resolution. Fixes #75233; supersedes #75246. Thanks @nphyde2.</li>
-<li>Slack/hooks: preserve bot alert attachment text in message-received hook content when command text is blank. Fixes #76035; refs #76036. Thanks @amsminn.</li>
-<li>Sessions/agents: route Gateway session-store writes, CLI cleanup maintenance, and agent-delete session purges through a dedicated in-process writer and borrow the validated mutable cache during the writer slot, avoiding runtime file locks plus repeated <code>sessions.json</code> rereads and JSON clones on hot metadata updates. Refs #68554. Thanks @henkterharmsel.</li>
-<li>Memory/markdown: replace CRLF managed blocks in place and collapse duplicate marker blocks without rewriting unmanaged markdown, so Dreaming and Memory Wiki files self-heal from repeated generated sections. Fixes #75491; supersedes #75495, #75810, and #76008. Thanks @asaenokkostya-coder, @ottodeng, @everettjf, and @lrg913427-dot.</li>
-<li>Agents/tools: return critical tool-loop circuit-breaker stops as blocked tool results instead of thrown tool failures, so models see the guardrail and stop retrying the same call. Thanks @rayraiser.</li>
-<li>Agents/sessions: preserve pre-existing runtime model and context window after heartbeat turns so a per-run heartbeat model override does not bleed into shared-session status. Fixes #75452. Thanks @zhangguiping-xydt.</li>
-<li>Model commands: clarify direct and inline <code>/model</code> acknowledgements for non-default selections as session-scoped. Thanks @addu2612.</li>
-<li>Doctor/gateway: stop warning that non-existent, unconfigured user-bin directories are required in the Gateway service PATH. Fixes #76017. Thanks @xiphis.</li>
-<li>TUI/setup: skip full provider model normalization during context-window warmup and bound Terminal hatch bootstrap provider requests, avoiding cold-start stalls with large model registries and first-run hatching stuck behind the watchdog. (#76241) Thanks @547895019 and @joshavant.</li>
-<li>Agents: enable malformed tool-call argument repair for Codex and Azure OpenAI Responses transports while keeping generic OpenAI Responses paths out of the repair gate. Fixes #75154. Thanks @Nimraakram22.</li>
-<li>Memory Wiki: accept relative Markdown links that include the <code>.md</code> suffix during broken-wikilink validation, avoiding false positives for native render-mode links. Thanks @Kenneth8128.</li>
-<li>OpenAI Codex: show the device-pairing code in the interactive SSH/headless prompt while keeping the short-lived code out of persistent runtime logs. Fixes #74212. Thanks @da22le123.</li>
-<li>QA Lab: stop gateway children when the suite parent disappears, so interrupted local QA runs cannot leave hot orphaned gateways behind.</li>
-<li>Codex/app-server/plugins: tolerate second connection closes during startup recovery, include retry counts plus stringified restart errors, and allow the official npm Codex plugin to install without the unsafe-install override while keeping <code>/codex</code> command ownership and covering the real npm Docker live path through managed <code>.openclaw/npm</code> dependencies plus uninstall failure proof.</li>
-<li>Plugins/CLI: cache plugin CLI registration entries per command program so completion state generation does not repeat the full plugin sweep in one invocation. Thanks @ScientificProgrammer.</li>
-<li>Plugins: reuse gateway-bindable plugin loader cache entries for later default-mode loads without serving default-built registries to gateway-bound requests, reducing repeated plugin registration during dispatch. Refs #61756. Thanks @DmitryPogodaev.</li>
-<li>Gateway/secrets: include the caught error message in <code>secrets.reload</code> and <code>secrets.resolve</code> warning logs while keeping RPC errors generic, so operators can diagnose reload and permission failures. Thanks @davidangularme.</li>
-<li>Providers/OpenRouter/LM Studio/Anthropic: fill DeepSeek V4 <code>reasoning_content</code> replay placeholders for <code>openrouter/deepseek/deepseek-v4-flash</code> and <code>openrouter/deepseek/deepseek-v4-pro</code>, normalize binary LM Studio reasoning metadata from Gemma 4 and other local models, and recover Anthropic-compatible stream text deltas that arrive before their matching content block. Fixes #76018 and #76007. Thanks @cloph-dsp and @vliuyt.</li>
-<li>fix(infra): block workspace state-directory env override [AI]. (#75940) Thanks @pgondhi987.</li>
-<li>MCP/OpenAI and media: normalize parameter-free MCP tool schemas before OpenAI tool submission, honor explicit short <code>[[tts:text]]...[[/tts:text]]</code> blocks while keeping untagged short auto-TTS suppressed, and accept home-relative <code>MEDIA:~/...</code> attachment paths under the existing file-read policy. Fixes #75362, #73758, and #73796. Thanks @tolkonepiu, @SymbolStar, @yfge, and @fabkury.</li>
-<li>Hooks/doctor: warn when <code>hooks.transformsDir</code> points outside the canonical hooks transform directory, so invalid workspace skill paths get a direct recovery hint before the Gateway crash-loops. Fixes #75853. Thanks @midobk.</li>
-<li>Proxy/audio: convert standard <code>FormData</code> bodies before proxy-backed undici fetches, so audio transcription and multipart uploads no longer send <code>[object FormData]</code> when <code>HTTP_PROXY</code> or <code>HTTPS_PROXY</code> is configured. Fixes #48554. Thanks @dco5.</li>
-<li>Discord/setup/startup/native commands: write resolved guild/channel allowlist selections to the selected guild and channel, persist slash-command deploy hashes across process restarts, treat abort-time Carbon reconnect-exhausted events as expected shutdown during stale-socket restarts, allow explicit ack reactions in tool-only guild channels, and warn when slash dispatch or direct plugin execution produces no visible reply. Fixes #74922 and #58986; carries forward #58216; supersedes #47788, #73949, and #62057. Thanks @samvilian, @BlueBirdBack, @Eldersonar, @Perttulands, and @jb510.</li>
-<li>Discord/delivery/media: use session-backed A2A announce target lookup for multi-account <code>sessions_send</code>, keep typing indicators alive during long tool runs and auto-compaction, preserve multipart Content-Type headers for uploads, preserve attachment and sticker filenames, and keep non-ASCII channel names in session labels while preserving ASCII-slug allowlists. Fixes #42652 and #59744; refs #51626 and #44773; supersedes #73975. Thanks @irchelper, @dpalfox, @Lanfei, @Squirbie, @FunJim, @xela92, @rockcent, and @swjeong9.</li>
-<li>Discord/threads/PluralKit: canonicalize proxied webhook turns to the original message id for dedupe, inject thread starter context only on the first effective thread turn, and resolve thread <code>ownerId</code>/<code>parentId</code> from Discord API-style snake_case payload fields so bot-owned autoThreads do not require unnecessary mentions. Fixes #41355; supersedes #44447 and #44449. Thanks @acgh213, @p3nchan, and @mgh3326.</li>
-<li>Gateway/diagnostics: include a bounded redacted startup error message in stability bundles, so crash-loop reports identify the failing plugin or contract without exposing secrets. Refs #75797. Thanks @ymebosma.</li>
-<li>Gateway/pricing: defer optional model pricing catalog refresh until after sidecars and channels reach the ready path, so slow OpenRouter or LiteLLM pricing fetches cannot block Gateway readiness. Fixes #74128; supersedes #73486. Thanks @ctbritt and @alprclbi.</li>
-<li>Gateway/pricing: abort in-flight model pricing catalog fetches when Gateway shutdown stops the refresh loop, and avoid post-stop cache writes or refresh timers. Fixes #72208. Thanks @rzcq.</li>
-<li>Codex/app-server: make startup retry cleanup ownership-aware so concurrent Codex lanes cannot close another lane's freshly restarted shared app-server client. Thanks @vincentkoc.</li>
-<li>Google Meet/Twilio/Voice Call: report missing dial-in details during setup, explain that Twilio needs a phone dial plan for Meet URLs, start the phone leg before Meet PIN DTMF, delay intro speech until after post-connect dialing, log each stage, and accept provider call IDs for gateway speak/continue while reporting ended-call state from history.</li>
-<li>Control UI/Talk: allow the OpenAI Realtime WebRTC offer endpoint through the Control UI CSP, configure browser sessions with explicit VAD/transcription input settings, and surface OpenAI realtime error/lifecycle events instead of leaving Talk stuck as live with no diagnostic. Fixes #73427.</li>
-<li>Plugins: clarify config-selected duplicate plugin override diagnostics and document manifest schema updates for bundled-plugin forks. Fixes #8582. Thanks @sachah.</li>
-<li>CLI backends/Claude: make live-session JSONL turn caps bounded and configurable via <code>reliability.outputLimits</code>, raising the default guard for tool-heavy Claude CLI turns while preserving memory limits. Fixes #75838. Thanks @hcordoba840.</li>
-<li>Telegram/DMs/network/commands: keep incidental <code>message_thread_id</code> reply-with-quote metadata on flat DM sessions unless topic isolation is configured, raise outbound text and typing Bot API guards to 60 seconds with safe timeout overrides and typing fallback retries, and register/clear command menus in default and group-chat scopes so <code>/status</code> and plugin commands stay available in forum topics. Fixes #75975, #76013, and #74032; updates #6457. Thanks @ProjectEvolutionEVE, @iaki1206, @dae-sun, and @WouldenShyp.</li>
-<li>Providers/OpenAI: resolve <code>keychain:<service>:<account></code> <code>OPENAI_API_KEY</code> refs before creating OpenAI Realtime browser sessions or voice bridges, with a bounded cached Keychain lookup. Fixes #72120. Thanks @ctbritt.</li>
-<li>Discord/gateway: reconnect when the gateway socket closes while waiting for the shared IDENTIFY concurrency window, instead of silently skipping IDENTIFY and leaving the bot online but unresponsive. Fixes #74617. Thanks @zeeskdr-ai.</li>
-<li>Voice Call: add <code>sessionScope: "per-call"</code> for fresh per-call agent memory while preserving the default per-phone caller history. Fixes #45280. Thanks @pondcountry.</li>
-<li>Music generation: raise too-small tool timeouts to the provider-safe 10-second floor and collapse cascading abort fallback errors into a clearer root-cause summary. Thanks @shakkernerd.</li>
-<li>Memory-core/dreaming: include the primary runtime workspace in multi-agent dreaming sweeps without mixing main-agent session transcripts into configured subagent workspaces. Fixes #70014. Thanks @ttomiczek.</li>
-<li>Control UI: add tab/RPC timing attribution and decouple slow Overview/Cron secondary refreshes so Sessions navigation gets immediate visible feedback. Refs #64004. Thanks @WaMaSeDu.</li>
-<li>Memory: retry transient SQLite index file swaps during atomic reindex on Windows, so brief <code>EBUSY</code>, <code>EPERM</code>, or <code>EACCES</code> locks do not fail memory rebuilds. Fixes #64187. Thanks @kunpeng-ai-lab.</li>
-<li>Telegram/startup/models: use the existing <code>getMe</code> request guard and higher <code>timeoutSeconds</code> configs for slow Bot API paths, and make model picker confirmations say selections are session-scoped. Fixes #75783 and #75965. Thanks @tankotan and @sd1114820.</li>
-<li>Control UI/slash commands: keep fallback command metadata on a browser-safe registry path, so provider thinking runtime imports cannot blank the Web UI with <code>process is not defined</code>. Fixes #75987. Thanks @novkien.</li>
-<li>Heartbeat/Discord: keep async exec completion events out of the generic <code>System (untrusted)</code> prompt block and let the dedicated exec heartbeat prompt handle them, so Discord no longer receives raw exec failure tails as separate system-style messages. Fixes #66366. Thanks @Promee-ThaBossHoss.</li>
-<li>Heartbeat/scheduler: make heartbeat phase scheduling active-hours-aware so the scheduler seeks forward to the first in-window phase slot instead of arming timers for quiet-hours slots and relying solely on the runtime guard. Non-UTC <code>activeHours.timezone</code> values (e.g. <code>Asia/Shanghai</code>) now correctly influence when the next heartbeat timer fires, avoiding wasted quiet-hours ticks and long dormant gaps after gateway restarts. Fixes #75487. Thanks @amknight.</li>
-<li>Channels: strip plain-text MiniMax and XML tool-call scaffolding from shared user-facing reply sanitization, so messaging channels do not deliver raw model tool syntax when a provider emits it as text instead of structured tool calls. Fixes #62820. Thanks @canh0chua.</li>
-<li>Infer/media: report missing image-understanding and audio-transcription provider configuration for <code>image describe</code>, <code>image describe-many</code>, and <code>audio transcribe</code> instead of blaming the input path when no provider is available. Fixes #73569 and supersedes #73593, #74288, and #74495. Thanks @bittoby, @tmimmanuel, @Linux2010, and @vyctorbrzezowski.</li>
-<li>CLI/infer: reject local <code>codex/*</code> one-shot model probes before simple-completion dispatch and point operators at the Codex app-server runtime path instead of ending with an empty-output error.</li>
-<li>Docs/health: clarify that session listing surfaces stored conversation rows rather than Discord/channel socket liveness, and point connectivity checks at channel status and health probes. Fixes #70420. Thanks @ashersoutherncities-art and @martingarramon.</li>
-<li>WhatsApp/Cron: keep DM pairing-store approvals out of implicit cron and heartbeat recipient fallback, so scheduled automation only uses explicit targets, active configured recipients, or configured <code>allowFrom</code> entries. Fixes #62339. Thanks @kelvinisly-collab.</li>
-<li>Google Meet: keep the agent-facing <code>google_meet</code> tool visible on non-macOS hosts but block local Chrome realtime actions with guidance, so Linux agents can still use transcribe, Twilio, chrome-node, and artifact flows without choosing the macOS-only BlackHole path. Refs #75950. Thanks @actual-software-inc.</li>
-<li>macOS/settings: keep opening General from rewriting <code>openclaw.json</code> during Tailscale settings hydration, preserving <code>gateway</code>, <code>auth</code>, <code>meta</code>, and <code>wizard</code> until the user changes a setting. Fixes #59545. Thanks @Tengdw.</li>
-<li>Discord: prioritize interaction callbacks ahead of stale background REST work without polling active REST buckets, validate oversized gateway payloads and member-intent requests before send, and forward explicit component payloads from message actions. (#75363)</li>
-<li>Active Memory: use the configured recall timeout as the blocking prompt-build hook budget by default and move cold-start setup grace behind explicit <code>setupGraceTimeoutMs</code> config, so the plugin no longer silently extends 15000 ms configs to 45000 ms on the main lane. Fixes #75843. Thanks @vishutdhar.</li>
-<li>Plugins/web-provider: reuse the active gateway plugin registry for runtime web provider resolution after deriving the same candidate plugin ids as the loader path, avoiding a redundant <code>loadOpenClawPlugins</code> call on every request while preserving origin and scope filters. Fixes #75513. Thanks @jochen.</li>
-<li>Crestodian/CLI: exit non-zero when interactive Crestodian is invoked without a TTY, so scripts and CI no longer treat the setup error as success. Fixes #73646 and supersedes #73928 and #74059. Thanks @bittoby, @luyao618, and @Linux2010.</li>
-<li>Cron: keep implicit/default isolated cron announce deliveries out of the main session awareness queue, so isolated jobs do not accumulate in the main conversation. Fixes #61426. Thanks @Lihannon.</li>
-<li>Subagents: avoid duplicate parent-visible replies when a parent uses <code>sessions_send</code> on its own persistent native subagent session, while preserving announce delivery for async sends. Fixes #73550. Thanks @sylviazhang2006-design.</li>
-<li>Web search/Brave: add opt-in <code>brave.http</code> diagnostics for Brave request URLs/query params, response status/timing, and cache hit/miss/write events without logging API keys or response bodies. Fixes #55196. Thanks @mecampbellsoup.</li>
-<li>Web search/Brave: add <code>plugins.entries.brave.config.webSearch.baseUrl</code> for Brave-compatible proxies, including endpoint-aware cache keys for both web and LLM Context modes. Fixes #19075. Thanks @jkoprax and @vishnukool.</li>
-<li>Web search/config: validate explicit <code>tools.web.search.provider</code> values against bundled and installed plugin manifests, while warning for stale third-party plugin config. Fixes #53092. Thanks @TinyTb.</li>
-<li>Web search/SearXNG: retry empty non-general category searches once with the general category, so unsupported category engines do not return empty results when general search has matches. Fixes #73552. Thanks @Loukky.</li>
-<li>CLI/message: skip gateway-stop hooks for read-only <code>message read</code> and bound stop-hook shutdown for other message actions, so one-shot Discord reads cannot hang behind plugin lifecycle cleanup.</li>
-<li>Plugins/web-provider: cache repeated bundled web search and web fetch provider registry loads by default while preserving explicit cache opt-outs. Supersedes #75992. Thanks @DmitryPogodaev.</li>
-<li>Agents/sandbox: preserve existing workspace file modes when sandbox edits atomically replace files, so 0644 files do not collapse to 0600 after Write/Edit/apply_patch. Fixes #44077. Thanks @patosullivan.</li>
-<li>Control UI/WebChat: route typed <code>/new</code> through the New Chat dashboard-session creation flow instead of <code>chat.send</code>, while keeping <code>/reset</code> as the explicit current-session reset. Fixes #69599. Thanks @WolvenRA.</li>
-<li>Agents/models: keep legacy CLI runtime model refs such as <code>claude-cli/*</code> in the configured allowlist after canonical runtime migration, so cron <code>payload.model</code> overrides keep working. Fixes #75753. Thanks @RyanSandoval.</li>
-<li>Codex/app-server: restart the shared Codex app-server client once when it closes during startup thread resume, preserving the existing thread binding instead of retrying <code>thread/start</code> on a closed client. Thanks @vincentkoc.</li>
-<li>Gateway/watch: keep colored subsystem log prefixes in the managed tmux pane even when the parent shell exports <code>NO_COLOR</code>, while preserving explicit <code>FORCE_COLOR=0</code> opt-out. Thanks @vincentkoc.</li>
-<li>Agents/compaction: submit a non-empty runtime-event marker for pre-compaction memory flush turns, so strict Anthropic providers no longer reject the silent flush as an empty user message. Fixes #75305. Thanks @sableassistant3777-source.</li>
-<li>Plugin SDK: re-export <code>isPrivateIpAddress</code> from <code>plugin-sdk/ssrf-runtime</code>, restoring source-checkout builds for SearXNG and Firecrawl private-network guards. Thanks @vincentkoc.</li>
-<li>Discord/message actions: advertise <code>upload-file</code> and route it through Discord's send runtime with agent-scoped media reads, so agents can discover and send file attachments. Fixes #60652 and supersedes #60808, #61087, and #61100. Thanks @claw-io, @efe-arv, @joelnishanth, and @sjhddh.</li>
-<li>Sessions: suppress exact inter-session control replies such as <code>NO_REPLY</code> and keep agent-to-agent announce bookkeeping out of visible transcripts. Fixes #53145. Thanks @TarahAssistant.</li>
-<li>CLI/directory: report unsupported directory operations for installed channel plugins instead of prompting to reinstall the plugin when it lacks a directory adapter. Fixes #75770. Thanks @lawong888.</li>
-<li>Web search/SearXNG/Firecrawl/Kimi: show the SearXNG JSON API <code>search.formats</code> prerequisite, pass through <code>img_src</code> image URLs, fail explicitly when Kimi returns ungrounded answers, keep public provider requests on strict SSRF guards, reject private/loopback/metadata/non-HTTP(S) hosted Firecrawl scrape targets, and allow explicit self-hosted private Firecrawl endpoints. Fixes #52573, #74357, and #63877; supersedes #65592, #61416, #74360, #48133, #59666, #63941, and #74013. Thanks @evanpaul14, @sghael, @wangwllu, @fede-kamel, @kn1ghtc, @jhthompson12, @jzakirov, @Mlightsnow, and @shad0wca7.</li>
-<li>CLI/models: report gateway model fallback attempts in <code>infer model run --json</code> and avoid double-prefixing provider-qualified defaults such as <code>openrouter/auto</code> in <code>models status</code>. Partially fixes #69527. Thanks @alexifra.</li>
-<li>Providers/OpenRouter: strip trailing assistant prefill turns from verified OpenRouter Anthropic model requests when reasoning is enabled, so Claude 4.6 routes no longer fail with Anthropic's prefill rejection through the OpenAI-compatible adapter. Fixes #75395. Thanks @sbmilburn.</li>
-<li>Voice Call: add per-number inbound routing for dialed-number greetings, response agents/models/prompts, and TTS voice overrides. Fixes #56604. Thanks @healthstatus.</li>
-<li>Feishu: preserve Feishu/Lark HTTP error bodies for message sends, media sends, and chat member lookups, so HTTP 400 failures include vendor code, message, log id, and troubleshooter details. Fixes #73860. Thanks @desksk.</li>
-<li>Agents/transcripts: avoid reopening large Pi transcript files through the synchronous session manager for maintenance rewrites, persisted tool-result truncation, manual compaction boundary hardening, and queued compaction rotation. Thanks @mariozechner.</li>
-<li>Web search/Exa/MiniMax: accept Exa <code>webSearch.baseUrl</code> overrides with endpoint-partitioned caches, include MiniMax Search in setup, and let <code>MINIMAX_API_KEY</code> participate in MiniMax Search auto-detection. Fixes #54928; supersedes #54939 and #65828. Thanks @mrpl327, @lyfuci, and @Jah-yee.</li>
-<li>Plugins/ClawHub: preserve official source-linked trust through archive installs, so OpenClaw can install trusted ClawHub plugin packages that trigger the built-in dangerous-pattern scanner. Thanks @vincentkoc.</li>
-<li>Plugins/ClawHub: install package runtime dependencies for archive-backed plugin installs, so ClawHub packages such as WhatsApp load declared dependencies after download. Thanks @vincentkoc.</li>
-<li>Plugins/tools: cache repeated plugin tool factory results only for matching request context, reducing per-turn tool prep without leaking sandbox, session, browser, delivery, or runtime config state. Fixes #75956. Thanks @Linux2010.</li>
-<li>Providers/LM Studio: allow <code>models.providers.lmstudio.params.preload: false</code> to skip OpenClaw's native model-load call so LM Studio JIT loading, idle TTL, and auto-evict can own model lifecycle. Fixes #75921. Thanks @garyd9.</li>
-<li>Agents/transcripts: keep chat history, restart recovery, fork token checks, and stale-token compaction checks on bounded async transcript reads or cached async indexes instead of reparsing large session files. Thanks @mariozechner.</li>
-<li>Telegram: inherit the process DNS result order for Bot API transport and downgrade recovered sticky IPv4 fallback promotions to debug logs, while keeping pinned-IP escalation warnings visible. Fixes #75904. Thanks @highfly-hi and @neeravmakwana.</li>
-<li>Sessions: keep durable external conversation pointers, including group and thread-scoped chat sessions, out of age, count, and disk-budget maintenance eviction while still allowing synthetic runtime entries to age out. Fixes #58088. Thanks @drinkflav.</li>
-<li>Web search/Providers MiniMax: allow <code>MINIMAX_OAUTH_TOKEN</code> to satisfy MiniMax Search credentials and derive Coding Plan usage polling from the configured MiniMax base URL, so OAuth-authorized and global setups use the right endpoint. Fixes #65768 and #65054. Thanks @kikibrian, @zhouhe-xydt, @sixone74, and @Yanhu007.</li>
-<li>Control UI/WebChat: skip assistant-media transcript supplements when stale media refs resolve to no playable media, so text-only final replies are not stored a second time as gateway-injected assistant messages. Fixes #73956. Thanks @HemantSudarshan.</li>
-<li>Sessions: reject <code>sessions_send</code> targets that resolve to thread-scoped chat sessions, so inter-agent coordination cannot be injected into active human-facing Slack or Discord threads. Fixes #52496. Thanks @barry-p5cc.</li>
-<li>Subagents: honor <code>sessions_spawn</code> with <code>expectsCompletionMessage: false</code> by skipping parent completion handoff delivery while still running child cleanup. Fixes #75848. Thanks @alfredjbclaw.</li>
-<li>Media/completions: treat media-only message-tool sends as delivered async completion output, avoiding duplicate raw <code>MEDIA:</code> fallback posts after video or music generation finishes.</li>
-<li>Gateway/logging: keep deferred channel startup logs on the subsystem logger, so Slack, Discord, Telegram, and voice-call startup messages keep timestamped prefixes. Thanks @vincentkoc.</li>
-<li>Codex/app-server: recover JSON-RPC frames split by raw command-output newlines and include a redacted preview when malformed app-server messages still reach the console. Thanks @vincentkoc.</li>
-<li>Replies/typing: keep typing alive for queued follow-up messages that are genuinely waiting behind an active run, instead of making chat surfaces look idle while work is queued. Fixes #65685. Thanks @papag00se.</li>
-<li>ACP/Discord: suppress completion announce delivery for inline thread-bound ACP session runs, so Discord thread-bound ACP replies are not delivered twice. Fixes #60780. Thanks @solavrc.</li>
-<li>Discord/threads: ignore webhook-authored copies in already-bound Discord session threads even when the webhook id differs, preventing PluralKit proxy copies from creating duplicate turn pressure. Fixes #52005. Thanks @acgh213.</li>
-<li>Discord/threads: return the created thread as partial success when the follow-up initial message fails, so agents do not retry thread creation and create empty duplicate threads. Fixes #48450. Thanks @dahifi.</li>
-<li>Discord/components: consume every button or select in a non-reusable component message after the first authorized click, so single-use panels cannot fire sibling callbacks. Fixes #54227. Thanks @fujiwarakasei.</li>
-<li>macOS/config: preserve existing <code>gateway.auth</code> and unrelated config keys during app fallback writes, so dashboard or Talk settings changes cannot strand Control UI clients by dropping persisted auth. Fixes #75631. Thanks @Fuma2013.</li>
-<li>Control UI/TUI: keep reconnecting chat sends bound to the same backing session id and let TUI relaunches resume the last selected session, avoiding silent fresh sessions after refresh, reconnect, or terminal restart. Fixes #63195, #68162, and #73546. Thanks @bond260312-cmyk, @zhong18804784882, and @mtuwei.</li>
-<li>Plugins/tools: let plugin manifests declare static tool availability so reply startup skips unavailable plugin tool runtimes instead of importing factories that only return <code>null</code>. Thanks @shakkernerd.</li>
-<li>Discord/reactions: skip reaction listener registration when DMs and group DMs are disabled and every configured guild has <code>reactionNotifications: "off"</code>, avoiding needless reaction-event queue work. Fixes #47516. Thanks @x4v13r1120.</li>
-<li>CLI sessions: preserve explicit manual-attach reuse bindings so trusted CLI sessions are not invalidated on the first turn when auth, prompt, or MCP fingerprints drift. Fixes #75849. Thanks @alfredjbclaw.</li>
-<li>Telegram/streaming: keep partial preview streaming enabled for plain reply-to replies, disabling drafts only for real native quote excerpts that require Telegram quote parameters. Fixes #73505. Thanks @choury.</li>
-<li>Config: log the "newer OpenClaw" version warning once per process instead of once per config snapshot read. (#75927) Thanks @romneyda.</li>
-<li>Telegram/message actions: treat benign delete-message 400s as no-op warnings instead of runtime errors, so stale or already-removed messages do not create noisy delete failures. Fixes #73726. Thanks @Avicennasis.</li>
-<li>Telegram: split long default markdown sends and media follow-up text into safe HTML chunks, so outbound messages over Telegram's limit no longer fail as one oversized Bot API request. Fixes #75868. Thanks @zhengsx.</li>
-<li>Gateway/chat history: merge Claude CLI transcript imports for Anthropic-routed sessions that still have a Claude CLI binding, so local chat history does not hide CLI JSONL turns. Fixes #75850. Thanks @alfredjbclaw.</li>
-<li>Media: trim serialized JSON suffixes after local <code>MEDIA:</code> directive file extensions, so generated-image metadata cannot pollute the parsed media path and cause false <code>ENOENT</code> delivery failures. Fixes #75182. Thanks @TnzGit and @hclsys.</li>
-<li>Plugins/runtime: hot-reload Gateway plugin runtime surfaces after plugin enable/disable changes while keeping source-changing plugin install, update, and uninstall operations restart-backed so loaded module code is not reused. Fixes #72097.</li>
-<li>Cron: make scheduler reload schedule comparison tolerate malformed persisted jobs, so one bad cron entry no longer aborts the whole tick. Fixes #75886. Thanks @samfox-ai.</li>
-<li>Doctor/channels: warn after migrations when default Telegram or Discord accounts have no configured token and their env fallback (<code>TELEGRAM_BOT_TOKEN</code> or <code>DISCORD_BOT_TOKEN</code>) is unavailable, with secret-safe migration docs for checking state-dir <code>.env</code>. Fixes #74298. Thanks @lolaopenclaw.</li>
-<li>Gateway/diagnostics: keep idle liveness samples in telemetry instead of visible warning logs unless diagnostic work is active, waiting, or queued. Thanks @vincentkoc.</li>
-<li>Channels/cron: reject provider-prefixed targets for the wrong channel and let prefixed announce targets such as <code>telegram:123</code> select their channel when delivery falls back to <code>last</code>, so Telegram IDs cannot be coerced into WhatsApp phone numbers. Fixes #56839. Thanks @bencoremans.</li>
-<li>Control UI/chat: keep live replies visible when a raw session alias such as <code>main</code> sends the chat turn but Gateway emits events under the canonical session key for the same run. Fixes #73716. Thanks @teebes.</li>
-<li>CLI/models: reject <code>--agent</code> on <code>openclaw models set</code> and <code>set-image</code> instead of silently writing agent-scoped requests to global model defaults. Fixes #68391. Thanks @derrickabellard.</li>
-<li>CLI: stop treating the legacy singular <code>openclaw tool ...</code> token as a plugin id under restrictive <code>plugins.allow</code>, so it falls through as a normal unknown/reserved command instead of suggesting a stale allowlist entry. Fixes #64732. Thanks @efe-arv, @SweetSophia, and @hashtag1974.</li>
-<li>Media: write inbound media buffers through same-directory temp files before rename, so failed disk writes do not leave zero-byte artifacts for later voice transcription. Fixes #55966. Thanks @OpenCodeEngineer.</li>
-<li>TTS/Telegram: keep trusted local audio generated by the TTS tool queued for voice-note delivery even when the run-level built-in tool list omits the raw <code>tts</code> name. Fixes #74752. Thanks @Loveworld3033 and @andyliu.</li>
-<li>TTS: require explicit user or config audio intent for the agent speech tool so dashboard chats stay text unless audio is requested. Fixes #69777. Thanks @alexandre-leng.</li>
-<li>Plugins/config: keep bundled source-checkout plugins from being runtime-gated by install-only <code>minHostVersion</code> metadata, accept prerelease host floors, trim plugin-service startup failures to one log line, and avoid broad channel-runtime loading during base config parsing. Thanks @vincentkoc.</li>
-<li>Heartbeat: strip legacy <code>[TOOL_CALL]...[/TOOL_CALL]</code> and <code>[TOOL_RESULT]...[/TOOL_RESULT]</code> pseudo-call blocks from heartbeat replies before channel delivery. Fixes #54138. Thanks @Deniable9570.</li>
-<li>macOS/Voice Wake: send wake-word and Push-to-Talk transcripts through the selected macOS session target instead of always falling back to main WebChat. Fixes #51040. Thanks @carl-jeffrolc.</li>
-<li>Providers/xAI: give Grok <code>web_search</code> a 60s default timeout, harden malformed xAI Responses parsing, and return structured timeout errors instead of aborting the tool call. Fixes #58063 and #58733. Thanks @dnishimura, @marvcasasola-svg, and @Nanako0129.</li>
-<li>Providers/configure: preserve the existing default model when adding or reauthing a provider whose plugin returns a default-model config patch. Fixes #50268. Thanks @rixcorp-oc.</li>
-<li>Slack/DMs/routing: honor <code>dmHistoryLimit</code> for fresh 1:1 DMs, keep top-level DMs on stable DM sessions even when <code>replyToMode</code> targets thread replies, send text/block-only proactive DMs directly with <code>chat.postMessage(channel=<user id>)</code>, match Slack target route syntax such as <code>channel:C...</code>, <code>user:U...</code>, or <code><@U...></code>, and match public-channel allowlists against bare runtime channel IDs. Fixes #64427, #58832, #62042, #41608, and #41264; supersedes #56530. Thanks @brantley-creator, @daye-jjeong, @MarkMolina, @Winnsolutionsadmin, @babutree, and @Realworld404.</li>
-<li>Slack/delivery/capabilities: preserve missing-scope details in outbound errors, read granted scopes from <code>auth.test</code> metadata before legacy APIs, retry Slack writes only for wrapped DNS request failures such as <code>EAI_AGAIN</code>, and prefer the account bound to the outbound target peer in multi-workspace sends. Fixes #62391, #44625, and #68789; supersedes #66807. Thanks @alexey-pelykh, @Qquanwei, @martingarramon, @sonnyb9, and @rijhsinghani.</li>
-<li>Slack/message actions/tools: send media before follow-up Block Kit messages for file sends, forward agent-scoped media roots through the bundled upload-file path, resolve <code><!subteam^...></code> user-group mentions before waking mention-gated channels, and let <code>read</code> fetch an exact Slack message timestamp or thread reply. Fixes #51458, #64625, #73827, and #53943. Thanks @HirokiKobayashi-R, @benpchandler, @CG-Intelligence-Agent-Jack, and @zomars.</li>
-<li>PDF/Gemini: send native PDF analysis API keys in the <code>x-goog-api-key</code> header instead of the request URL, keeping secrets out of proxy and access logs. Supersedes #60600. Thanks @garagon.</li>
-<li>Web search/Gemini/DuckDuckGo/Brave/fetch: route abort signals into Gemini provider fetches, late-bind managed agent <code>web_search</code> calls to the current runtime config snapshot, reuse Google provider API key/base URL as lower-priority Gemini search fallbacks, pass Gemini freshness/date filters through grounding, include DuckDuckGo in setup, honor Gemini/Grok/x_search <code>baseUrl</code> overrides, point Brave metadata at canonical docs, support Brave LLM Context freshness/date ranges, resolve external <code>webFetchProviders</code> for non-sandboxed fetches, and point missing-key errors to <code>web_fetch</code> or browser where appropriate. Fixes #72995, #75420, #66498, #65862, #65870, and #74915; supersedes #57496, #65940, #61972, #65892, and #51005. Thanks @RoseKongPS, @richardmqq, @Aoiujz, @ismael-81, @Jah-yee, @Lanfei, @Magicray1217, @remusao, @ultrahighsuper, @mingmingtsao, and @zhaoyang97.</li>
-<li>Slack/directory: make <code>openclaw directory peers/groups list --channel slack</code> prefer token-backed live readers and return the connected Slack account from <code>directory self</code>, so valid Slack tokens no longer produce empty directory CLI results. Fixes #50776. Thanks @pjaillon.</li>
-<li>Slack: keep assistant typing status, temporary typing reactions, and status reactions active for group/channel turns that use message-tool-only visible replies, while still suppressing automatic source replies. Fixes #75877. Thanks @teosborne.</li>
-<li>Slack: recover full inbound DM text from top-level rich-text blocks when Slack sends a shortened message preview, so long direct messages still reach the agent intact. Fixes #55358. Thanks @tonyjwinter.</li>
-<li>Replies: strip legacy <code>[TOOL_CALL]{tool => ..., args => ...}[/TOOL_CALL]</code> pseudo-call text from user-facing replies and flag it in tool-call diagnostics instead of showing raw tool syntax in channels. Fixes #63610. Thanks @canh0chua.</li>
-<li>WhatsApp: close long-lived web sockets through Baileys <code>end(error)</code> before falling back to raw websocket close, so listener teardown runs Baileys cleanup instead of leaving zombie sockets. Fixes #52442. Thanks @essendigitalgroup-cyber.</li>
-<li>Twitch/plugins: emit a flat JSON Schema for Twitch channel config so single-account and multi-account configs validate before runtime load, and add source-checkout diagnostics for missing pnpm workspace dependencies. Thanks @vincentkoc.</li>
-<li>Gateway/sessions: move hot transcript reads and mirror appends onto async bounded IO with serialized parent-linked writes, keeping large session histories from stalling Gateway requests and channel replies. Fixes #75656. Thanks @DerFlash.</li>
-<li>macOS/Talk Mode: downmix multi-channel microphone buffers before handing them to Apple Speech across Push-to-Talk, Talk Mode, Voice Wake, and the wake-word tester, so pro audio interfaces no longer produce empty transcripts. Fixes #42533. Thanks @jbuecker.</li>
-<li>macOS/Talk Mode: subscribe native WebChat to active-session transcript updates and render external spoken user turns in the chat thread instead of only showing assistant replies. Fixes #75155. Thanks @SledderBling.</li>
-<li>macOS/Voice Wake: accept trigger-only phrases in the built-in Voice Wake test, matching the settings UI and runtime trigger-only path instead of requiring extra command text after the wake word. Fixes #64986. Thanks @zoiks65.</li>
-<li>Cron/TTS: run cron announce payloads through the normal TTS directive transform before outbound delivery, so scheduled <code>[[tts]]</code> replies generate voice payloads instead of leaking raw tags. Fixes #52125. Thanks @kenchen3000.</li>
-<li>WhatsApp: save downloadable quoted image media from reply context as inbound media, so agents can inspect an image that a user replied to instead of only seeing <code><media:image></code>. Fixes #59174. Thanks @gaffner.</li>
-<li>Sessions/store: stop persisting the runtime-only <code>skillsSnapshot.resolvedSkills</code> array inside each session entry, so <code>sessions.json</code> no longer carries a copy of every parsed <code>SKILL.md</code> body for every active session; <code>ensureSkillSnapshot</code> rehydrates the array from disk on cold resume so the embedded runner, the Claude CLI skills plugin, and the Claude live-session fingerprint all see populated skills, and legacy stores self-heal on the next save. Refs #11950, #6650, #15000. Thanks @amoghasgekar.</li>
-<li>Doctor/WhatsApp: warn when Linux crontabs still run the legacy <code>ensure-whatsapp.sh</code> health check, which can misreport <code>Gateway inactive</code> when cron lacks the systemd user-bus environment. Fixes #60204. Thanks @mySebbe.</li>
-<li>Slack/setup: print the generated app manifest as plain JSON instead of embedding it inside the framed setup note, so it can be copied into Slack without deleting border characters. Fixes #65751. Thanks @theDanielJLewis.</li>
-<li>Channels/WhatsApp: route CLI logout through the live Gateway and stop runtime-backed listeners before channel removal, so removing a WhatsApp account does not leave the old socket replying until restart. Fixes #67746. Thanks @123Mismail.</li>
-<li>Voice Call/Twilio: honor TTS directive text and provider voice/model overrides during telephony synthesis, so <code>[[tts:...]]</code> tags are not spoken literally and voiceId overrides reach OpenAI/ElevenLabs calls. Fixes #58114. Thanks @legonhilltech-jpg.</li>
-<li>Agents/session-locks: reclaim untracked current-process session locks with matching starttime during acquisition and startup cleanup, so Gateway restarts recover from self-owned orphan <code>.jsonl.lock</code> files. Fixes #75805; refs #49603. Thanks @cdznho.</li>
-<li>Agents/subagents: initialize built-in context engines before native <code>sessions_spawn</code> resolves spawn preparation, so cliBackend-only cold starts no longer fail with an unregistered <code>legacy</code> context engine. Fixes #73095. (#73904) Thanks @brokemac79.</li>
-<li>Plugins/Bonjour: ship the ciao runtime dependency with packaged OpenClaw so fresh OCM envs can start default mDNS discovery without a missing-module failure. Thanks @shakkernerd.</li>
-<li>Agents/tools: scope reply plugin-tool discovery to manifest-declared tool owners and already-active matching tool entries, avoiding broad plugin runtime loading for narrow or core-only tool allowlists. Thanks @shakkernerd.</li>
-<li>Agents/replies: defer implicit image model discovery and keep OAuth auth-store adoption on persisted profiles during reply startup, cutting OCM MarCodex warm prep to sub-second in live checks. Thanks @shakkernerd.</li>
-<li>Plugins/tools: enforce <code>contracts.tools</code> as the manifest ownership contract for plugin tool registration, rejecting undeclared runtime tool names and adding bundled plugin drift coverage. Thanks @shakkernerd.</li>
-<li>Agents/Codex: stop prompting message-tool-only source turns to finish with <code>NO_REPLY</code>, so quiet turns are represented by not calling the visible message tool instead of conflicting final-text instructions. Thanks @pashpashpash.</li>
-<li>Gateway/config: report failed backup restores as failed in logs and config observe audit records instead of marking them valid. (#70515) Thanks @davidangularme.</li>
-<li>Compaction: use the active session model fallback chain for implicit summarization failures without persisting fallback model selection, so Azure content-filter 400s can recover. Fixes #64960. (#74470) Thanks @jalehman and @OpenCodeEngineer.</li>
-<li>Gateway/config: allow <code>gateway config.patch</code> to update documented subagent thinking defaults. Fixes #75764. (#75802) Thanks @kAIborg24.</li>
-<li>Plugins/CLI: keep git plugin install paths credential-free, preserve existing git checkouts until replacement succeeds, honor duplicate npm install mode, and remove managed git repos on uninstall. Thanks @vincentkoc.</li>
-<li>Plugins/CLI: redact authenticated git URLs from git install command failure details, so failed clone or checkout output cannot leak credentials during plugin installs. Thanks @vincentkoc.</li>
-<li>Channels/status reactions: remove stale non-terminal lifecycle reactions when a run reaches done or error, so Discord does not leave a permanent thinking emoji after completion. Fixes #75458. Thanks @davelutztx.</li>
-<li>Discord/doctor: migrate unsupported per-channel <code>agentId</code> entries under guild channel config into top-level <code>bindings[]</code> routes, so <code>openclaw doctor --fix</code> preserves the intended agent route instead of stripping it as an unknown key. Fixes #62455. Thanks @lobster-biscuit.</li>
-<li>Discord/DMs: set inbound direct-message <code>ctx.To</code> to the semantic <code>user:<id></code> target while keeping delivery routed through the DM channel, so mirror and recovery paths do not treat DMs as channel conversations. Fixes #68126. Thanks @illuminate0623.</li>
-<li>Discord/DMs: keep no-guild inbound messages on direct-message routing when Discord channel lookup is temporarily unavailable, preventing degraded DMs from forking into channel sessions. Fixes #59817. Thanks @DooPeePey.</li>
-<li>Discord: retry outbound API calls on HTTP 5xx, request-timeout, and transient transport failures instead of only Discord rate limits, reducing dropped cron and agent replies during short Discord or network outages. Fixes #52396. Thanks @sunshineo.</li>
-<li>Discord: include Components v2 Text Display content from referenced replies and forwarded snapshots, so component-only messages still appear in reply context. Fixes #56228. Thanks @HollandDrive.</li>
-<li>Discord: add configurable gateway READY timeouts for startup and runtime reconnects, so staggered multi-account setups can avoid false restart loops. Fixes #72273. Thanks @sergionsantos.</li>
-<li>Discord: preserve native slash-command description localizations through command reconcile, so localized Discord descriptions no longer get overwritten by English defaults. Fixes #56580. Thanks @mhseo93.</li>
-<li>Discord: add configured outbound mention aliases so known <code>@Name</code> references can be rewritten to real Discord user mentions instead of relying only on the transient directory cache. Fixes #67587. Thanks @McoreD.</li>
-<li>Discord: avoid startup REST amplification by skipping native command deploy retries after Discord rate limits and deriving the bot id from parseable bot tokens instead of requiring a <code>/users/@me</code> lookup. Fixes #75341. Thanks @PrinceOfEgypt.</li>
-<li>Plugins/hooks: derive hook <code>ctx.channelId</code> from the conversation target instead of the provider name, so Discord and other channel plugins can keep per-channel state isolated. Fixes #59881. Thanks @bradfreels.</li>
-<li>Gateway/config: log config health-state write failures instead of silently hiding config observe-recovery write errors. Thanks @sallyom.</li>
-<li>Diagnostics: reset stuck-session timers on reply, tool, status, block, and ACP progress events, and back off repeated <code>session.stuck</code> diagnostics while a session remains unchanged. Supersedes #72010. Thanks @rubencu.</li>
-<li>Gateway/agents: avoid rebuilding core tools for plugin-only allowlists and keep the full plugin registry cache warm across scoped plugin loads, reducing per-turn latency spikes. Fixes #75882, #75907, #75906, #75887, and #75851. (#75922) Thanks @obviyus.</li>
-<li>Agents/failover: classify bare <code>status: internal server error</code> provider messages as retryable server errors so model fallback can rotate instead of stopping. (#73844) Thanks @thesomewhatyou.</li>
-<li>Gateway/startup: return the shared retryable startup-sidecars error for startup-gated control-plane RPCs such as sessions.create, sessions.send, sessions.abort, agent.wait, and tools.effective, so clients can retry early sidecar races. (#76012) Thanks @scoootscooob.</li>
-<li>Providers/Google: fix Gemini 2.5 Flash-Lite <code>reasoning: "minimal"</code> rejections by raising its thinking-budget floor to 512 while preserving the existing Gemini 2.5 Pro and Flash minimal presets. (#70629) Thanks @ericberic.</li>
-<li>Agents/status: resolve <code>session_status(sessionKey="current")</code> for sparse channel-plugin sessions after literal current lookups miss, so Scope, Slack, Discord, and other plugin-driven agents avoid retrying through <code>Unknown sessionKey: current</code>. Fixes #74141. (#72306) Thanks @bittoby.</li>
-<li>Cron: retry recurring wake-now main-session jobs through temporary heartbeat busy skips before recording success, so queued cron events no longer appear as ok ghost runs while the main lane is still busy. Fixes #75964. (#76083) Thanks @kshetrajna12 and @xuruiray.</li>
-<li>Providers/Google: keep Gemini thinking-signature-only stream chunks active during reasoning, so Gemini 3.1 Pro Preview replies no longer hit idle timeouts before visible text. Fixes #76071. (#76080) Thanks @marcoschierhorn and @zhangguiping-xydt.</li>
-<li>CLI/skills: show per-agent model and command visibility in <code>openclaw skills check --agent</code>, and let doctor report or disable unavailable skills allowed for the default agent. (#75983) Thanks @mbelinky.</li>
-<li>Agents/runtime/tools: keep reply startup on Gateway metadata, manifest catalog rows, auth-store state, and plugin loader cache-key compatibility checks so scoped runtime registries, model allowlists, thinking metadata, media/PDF/generation tools, Comfy workflows, OpenAI Codex OAuth image generation, and image/video/music tool registration avoid broad provider/runtime loads while preserving explicit config and auth-backed providers. Thanks @shakkernerd.</li>
-<li>Discord: document canonical mention formatting in agent prompt hints and channel docs so outbound replies use <code><@USER_ID></code>, <code><#CHANNEL_ID></code>, and <code><@&ROLE_ID></code> instead of legacy nickname mentions. (#75173)</li>
-<li>Heartbeat scheduler: gate exec-event/notification/spawn/retry wakes through a centralized cooldown so backgrounded <code>process.start</code> exit notifications can no longer self-feed runaway heartbeat runs (configured <code>every: "30m"</code> was firing every ~10s in production, pegging the gateway event loop with <code>eventLoopDelayMaxMs >6s</code> spikes that stalled control-UI asset serving and TUI handshakes). Documented wake-now paths (<code>manual</code>, <code>wake</code>, task completion, blocked-task follow-up, <code>/hooks/wake mode=now</code>, and cron <code>--wake now</code>) remain immediate; retryable busy skips no longer poison the cooldown for the next retry; per-agent flood guard caps any unexpected feedback loop at 5 runs/60s. (#64016, refs #17797 and #75436) Thanks @hexsprite.</li>
-<li>fix: block workspace CLOUDSDK_PYTHON override and always set trusted interpreter for gcloud. (#74492) Thanks @pgondhi987.</li>
-<li>Providers/Z.AI: move the bundled GLM catalog and auth env metadata into the plugin manifest, so <code>models list --all --provider zai</code> shows the full known catalog without duplicated runtime seed data. Thanks @shakkernerd.</li>
-<li>Providers/Qianfan and Providers/Stepfun: declare setup auth metadata (<code>api-key</code> method, <code>QIANFAN_API_KEY</code>, <code>STEPFUN_API_KEY</code>) in the plugin manifest so onboarding and <code>models setup</code> surface the expected env var without falling back to legacy <code>providerAuthEnvVars</code> runtime seed data. Thanks @shakkernerd.</li>
-<li>fix(infra): block ambient Homebrew env vars from brew resolution. (#74463) Thanks @pgondhi987.</li>
-<li>Onboarding/configure: avoid staging every default plugin runtime dependency after config writes, so skipped setup flows only prepare config-selected plugin deps instead of pulling broad feature-plugin packages. Thanks @vincentkoc.</li>
-<li>Thinking/providers: resolve bundled provider thinking profiles through lightweight provider policy artifacts when startup-lazy providers are not active, so OpenAI Codex GPT-5.x keeps xhigh available in Gateway session validation. Fixes #74796. Thanks @maxschachere.</li>
-<li>Security/Windows: ignore workspace <code>.env</code> system-path variables and resolve stale-process <code>taskkill.exe</code> from the validated Windows install root, preventing repository-local env files from redirecting cleanup helpers. Thanks @pgondhi987.</li>
-<li>CLI/plugins: refresh persisted plugin registry policy in place for <code>plugins enable</code> and <code>plugins disable</code>, so routine toggles no longer rebuild and hash every plugin source when the target is already indexed. Thanks @vincentkoc.</li>
-<li>Windows/install: run npm from a writable installer temp directory and pin the Bedrock runtime dependency below a Windows ARM Node 24 npm resolver failure, so global OpenClaw installs no longer fail before onboarding. Thanks @mariozechner.</li>
-<li>CLI/plugins: scope install and enable slot selection to the selected plugin manifest/runtime fallback, so plugin installs no longer load every plugin runtime or broad status snapshot just to update memory/context slots. Thanks @vincentkoc.</li>
-<li>Plugins/TTS: keep bundled speech-provider discovery available on cold package Gateway paths and add bundled plugin matrix runtime probes for health, readiness, RPC, TTS discovery, and post-ready runtime-deps watchdog coverage. Refs #75283. Thanks @vincentkoc.</li>
-<li>Google Meet/Twilio: show delegated voice call ID, DTMF, and intro-greeting state in <code>googlemeet doctor</code>, and avoid claiming DTMF was sent when no Meet PIN sequence was configured. Refs #72478. Thanks @DougButdorf.</li>
-<li>Plugins/tools: prefer built bundled plugin code during tool discovery and skip channel runtime hydration while preserving companion provider registrations, reducing per-run plugin-tool prep cost without dropping executable plugin tools. Fixes #75290. Thanks @thanos-openclaw.</li>
-<li>Plugins/loader: scope plugin-tool registry reuse to the enabled plugin plan and stored Gateway method keys, so embedded runner tool lookup can reuse compatible startup registries without hiding enabled non-startup plugin tools. Fixes #75520. Thanks @whtoo.</li>
-<li>Voice Call/Twilio: send notify-mode initial TwiML directly in the outbound create-call request while keeping conversation and pre-connect DTMF calls webhook-driven, so one-shot notify calls do not depend on a first-answer webhook fetch. Supersedes #72758. Thanks @tyshepps.</li>
-<li>Discord/Slack: defer status-reaction cleanup until run finalization so queued, thinking, tool, and terminal reactions no longer flicker during normal progress updates. (#75582)</li>
-<li>Discord/voice: leave voice off for text-only configs unless explicitly configured, rerun configured voice auto-join after gateway RESUMED events, ignore already-destroyed stale voice connections during reconnect cleanup, lengthen the default voice join Ready wait with configurable timeouts, merge configured media-understanding providers such as Deepgram into partial active registries, apply per-channel <code>systemPrompt</code> overrides to voice transcript turns, and run voice-channel turns under a voice-output policy that hides the agent <code>tts</code> tool. Fixes #73753, #40665, #63098, #65687, #47095, and #61536; refs #74044, #39825, and #65039. Thanks @sanchezm86, @SecureCloudProjO, @liz709, @darealgege, @kzicherman, @ayochim, @OneMintJulep, @qearlyao, and @aounakram.</li>
-<li>Plugins/CLI: reuse the cold manifest registry while building plugin status and inspect reports, so large configured plugin sets no longer rediscover the bundled/plugin registry once per inspect row. Thanks @vincentkoc.</li>
-<li>Gateway/health: refresh cached health RPC snapshots when channel runtime state diverges, so Discord and other channel status reads no longer report stale running or connected values until the cache TTL expires. (#75423)</li>
-<li>Gateway/sessions: keep session-store reads from running stale prune and entry-count cap maintenance during startup, so oversized stores no longer block chat history readiness after updates while writes and <code>sessions cleanup --enforce</code> still preserve the cleanup safeguards. Fixes #70050. Thanks @tangda18.</li>
-<li>Security/audit: keep plain <code>security audit</code> on the cold config/filesystem path and reserve plugin runtime security collectors for <code>--deep</code>, so large plugin installs cannot execute every plugin runtime during routine audits. Thanks @vincentkoc.</li>
-<li>WhatsApp: stage <code>qrcode</code> through root mirrored runtime dependencies so packaged QR pairing can render from staged plugin-runtime-deps installs. Fixes #75394. Thanks @FelipeX2001.</li>
-<li>Interactive channel payloads: send Discord component-only interaction replies, Slack block-only slash replies, Telegram button/select fallback labels, and LINE quick-reply fallback option text instead of accepting empty renderable payloads. Thanks @vincentkoc.</li>
-<li>Auto-reply/docking: require <code>/dock-*</code> route switches to start from direct chats, so group or channel participants cannot reroute a shared session's future replies into a linked DM. Thanks @vincentkoc.</li>
-<li>Discord: keep text-DM main-session route updates pinned to the configured DM owner, matching component interactions so another direct-message sender cannot redirect future main-session replies. Thanks @vincentkoc.</li>
-<li>Mattermost/Matrix: keep direct-message main-session route updates pinned to the configured DM owner so paired or temporarily allowed senders cannot redirect future shared-session replies. Thanks @vincentkoc.</li>
-<li>Discord: keep SecretRef-backed bot tokens discoverable for message actions without resolving the token during schema generation, and resolve scoped channel SecretRefs before outbound agent message sends even when the tool is built from a config snapshot. Fixes #75324. Thanks @slideshow-dingo and @Conan-Scott.</li>
-<li>Updates: run package post-install doctor repair with the managed Gateway service profile and state paths when a daemon is installed, so shell/profile mismatches no longer repair the caller state while the restarted Gateway keeps stale config. Thanks @vincentkoc.</li>
-<li>Models/DeepInfra: declare DeepInfra manifest catalog discovery and derive its runtime fallback catalog from the manifest, restoring provider-filtered <code>models list --all --provider deepinfra</code> rows without duplicated static model data. Thanks @shakkernerd.</li>
-<li>CLI/update: verify managed gateway restarts against the installed service port instead of the caller shell port, so package updates do not report a healthy daemon as failed when profiles use different gateway ports. Thanks @vincentkoc.</li>
-<li>Gateway/agent: reject strict <code>openclaw agent --deliver</code> requests with missing delivery targets before starting the agent run, so users do not wait for a completed turn that cannot send anywhere. Thanks @vincentkoc.</li>
-<li>Setup/import: honor non-interactive <code>--import-from</code> onboarding flags by running the migration import path instead of silently completing normal setup without importing anything. Thanks @vincentkoc.</li>
-<li>Doctor/plugins: keep plain <code>doctor --non-interactive</code> from installing bundled plugin runtime dependencies, so headless health checks report missing deps while <code>doctor --fix</code> remains the explicit repair path. Thanks @vincentkoc.</li>
-<li>Doctor/gateway: require an interactive confirmation before installing or rewriting the Gateway service, so <code>doctor --fix --non-interactive</code> can repair plugin/config drift without replacing the operator's launchd/systemd service from a temporary environment. Thanks @vincentkoc.</li>
-<li>Plugins/runtime-deps: include packaged OpenClaw identity in bundled plugin loader cache keys, so same-path package upgrades stop reusing stale versioned runtime-deps mirrors. Fixes #75045. Thanks @sahilsatralkar.</li>
-<li>Plugin SDK: restore reply-prefix and reply-pipeline helpers on the deprecated root/compat SDK surface so external plugins still using <code>openclaw/plugin-sdk</code> do not fail message dispatch after update. Fixes #75171. Thanks @zhangxiliang.</li>
-<li>Plugins/runtime-deps: prune inactive same-package versioned runtime-deps roots after bundled dependency repair, so upgrades do not leave old <code>openclaw-<version>-<hash></code> package caches behind after doctor runs. Thanks @vincentkoc.</li>
-<li>Plugins/runtime-deps: prune legacy version-scoped plugin runtime-deps roots during bundled dependency repair and cover the path in Package Acceptance's upgrade-survivor matrix, so upgrades from 2026.4.x no longer leave stale per-plugin runtime trees after doctor runs. Thanks @vincentkoc.</li>
-<li>Plugins/runtime-deps: keep Gateway startup plugin imports and runtime plugin fallback loads verify-only after startup/config repair planning, so packaged installs no longer spawn package-manager repair from hot paths after readiness. Refs #75283 and #75069. Thanks @brokemac79 and @xiaohuaxi.</li>
-<li>Plugins/runtime-deps: treat package.json runtime-deps manifests as supersets when generated materialization metadata is absent, so bundled plugin activation stops restaging already-installed dependency subsets on every activation. Fixes #75429. (#75431) Thanks @loyur.</li>
-<li>iMessage: add stdin write callback and error listener to IMessageRpcClient so async EPIPE from a closed child process rejects the pending request instead of crashing the gateway with uncaughtException. Fixes #75438.</li>
-<li>MCP/stdio: settle MCP stdio transport send() from the write callback instead of resolving immediately on buffer acceptance, so async write errors reject the promise instead of being lost. Refs #75438.</li>
-<li>Process/exec: add stdin error listener in runCommandWithTimeout so EPIPE from a prematurely-exited child is swallowed instead of escaping to uncaughtException. Refs #75438.</li>
-<li>Voice Call/realtime: add default-off fast memory/session context for <code>openclaw_agent_consult</code>, giving live calls a bounded answer-or-miss path before the full agent consult. Fixes #71849. Thanks @amzzzzzzz.</li>
-<li>Google Meet: interrupt Realtime provider output when local barge-in clears playback, so command-pair audio stops model speech instead of only restarting Chrome playback. Fixes #73850. (#73834) Thanks @shhtheonlyperson.</li>
-<li>Gateway/config: cap oversized plugin-owned schemas in the full <code>config.schema</code> response so large installed plugin sets cannot balloon Gateway RSS or crash schema clients. Thanks @vincentkoc.</li>
-<li>Plugins/update: skip ClawHub and marketplace plugin updates when the bundled version is newer than the recorded installed version, so <code>openclaw update</code> no longer overwrites working bundled plugins with older external packages. Fixes #75447. Thanks @amknight.</li>
-<li>Gateway/sessions: use bounded tail reads for sessions-list transcript usage fallbacks and cap bulk title/last-message hydration, keeping large session stores responsive when rows request derived previews. Thanks @vincentkoc.</li>
-<li>Gateway/sessions: yield during bulk transcript title/preview hydration and copy compaction checkpoints asynchronously, keeping the Gateway event loop responsive for large session stores and large transcripts. Refs #75330 and #75414. Thanks @amknight.</li>
-<li>Gateway/sessions: stream bounded transcript reads for session detail, history, artifacts, compaction, and send/subscribe sequence paths so small Gateway requests no longer materialize large transcripts or OOM on oversized session logs. Thanks @vincentkoc.</li>
-<li>Gateway/chat: bound chat-history transcript reads to the requested display window so large session logs no longer OOM the Gateway when clients ask for a small history page. Thanks @vincentkoc.</li>
-<li>BlueBubbles: detect audio attachments by Apple UTIs (<code>public.audio</code>, <code>public.mpeg-4-audio</code>, <code>com.apple.m4a-audio</code>, <code>com.apple.coreaudio-format</code>) in addition to <code>audio/*</code> MIME, so iMessage voice notes whose webhook payload only carries the UTI are now classified as audio in the inbound <code><media:audio></code> placeholder instead of falling through to the generic <code><media:attachment></code> tag. Thanks @omarshahine.</li>
-<li>Voice Call/Twilio: honor stored pre-connect TwiML before realtime webhook shortcuts and reject DTMF sequences outside conversation mode, so Meet PIN entry cannot be skipped or silently dropped. Thanks @donkeykong91 and @PfanP.</li>
-<li>Docs/sandboxing: clarify that sandbox setup scripts (<code>sandbox-setup.sh</code>, <code>sandbox-common-setup.sh</code>, <code>sandbox-browser-setup.sh</code>) are only available from a source checkout, and add inline <code>docker build</code> commands for npm-installed users so sandbox image setup works without cloning the repo. Fixes #75485. Thanks @amknight.</li>
-<li>Google Meet/Voice Call: play Twilio Meet DTMF before opening the realtime media stream and carry the intro as the initial Voice Call message, so the greeting is generated after Meet admits the phone participant instead of racing a live-call TwiML update. Thanks @donkeykong91 and @PfanP.</li>
-<li>Google Meet/Voice Call: make Twilio setup preflight honor explicit <code>--transport twilio</code> and fail local/private Voice Call webhook URLs, including IPv6 loopback and unique-local forms, before joins. Thanks @donkeykong91 and @PfanP.</li>
-<li>Voice Call/Twilio: retry transient 21220 live-call TwiML updates and catch answered-path initial-greeting failures, so a fast answered callback no longer crashes the Gateway or drops the Twilio greeting/listen transition. (#74606) Thanks @Sivan22.</li>
-<li>CLI/startup: preserve <code>OPENCLAW_HIDE_BANNER</code> banner suppression for route-first startup callers that rely on the default process environment while keeping read-only status/channel paths from repairing bundled plugin runtime dependencies. Refs #75183.</li>
-<li>Voice Call/Twilio: register accepted media streams immediately but wait for realtime transcription readiness before speaking the initial greeting, so reconnect grace handling stays live while OpenAI STT startup is no longer starved by TTS. Fixes #75197. (#75257) Thanks @donkeykong91 and @PfanP.</li>
-<li>Voice Call CLI: run gateway-delegated <code>voicecall continue</code> through operation-id polling and protocol-shaped errors, so long conversational turns keep their transcript result without blocking a single Gateway RPC. (#75459) Thanks @serrurco and @DougButdorf.</li>
-<li>Voice Call CLI: delegate operational <code>voicecall</code> commands to the running Gateway runtime and skip webhook startup during CLI-only plugin loading, preventing webhook port conflicts and <code>setup --json</code> hangs. Fixes #72345. Thanks @serrurco and @DougButdorf.</li>
-<li>Agents/pi-embedded-runner: extract the <code>abortable</code> provider-call wrapper from <code>runEmbeddedAttempt</code> to module scope so its promise handlers no longer close over the run lexical context, releasing transcripts, tool buffers, and subscription callbacks when a provider call hangs past abort. (#74182) Thanks @cjboy007.</li>
-<li>Docker: restore <code>python3</code> in the gateway runtime image after the slim-runtime switch. Fixes #75041.</li>
-<li>Agents/session-repair: fix resumed sessions failing with repeated 400 errors on Anthropic and strict OpenAI-compatible providers (Qwen, mlx-vlm) after an interrupted conversation or blank user input. Fixes #75271 and #75313. Thanks @amknight.</li>
-<li>CLI/Voice Call: scope <code>voicecall</code> command activation to the Voice Call plugin so setup and smoke checks no longer broad-load unrelated plugin runtimes or hang after printing JSON. Thanks @vincentkoc.</li>
-<li>Doctor/plugins: warn when restrictive <code>plugins.allow</code> is paired with wildcard or plugin-owned tool allowlists, making the exclusive plugin allowlist behavior visible before users hit empty callable-tool runs. Refs #58009 and #64982. Thanks @KR-Python and @BKF-Gitty.</li>
-<li>Google Meet/Voice Call: keep Twilio Meet joins in conversation mode and reuse the realtime intro prompt when no voice-call-specific intro is configured, so answered phone bridge calls speak instead of joining silently. Refs #72478. Thanks @DougButdorf.</li>
-<li>Auto-reply/group chats: keep the <code>message</code> tool available for message-tool-only visible replies and apply group-scoped tool policy before deciding fallback delivery, so Discord/Slack-style rooms reply visibly in the correct channel after upgrades. Fixes #74842; refs #75207. Thanks @davelutztx and @aa-on-ai.</li>
-<li>Agents/commitments: keep inferred follow-ups internal when heartbeat target is none, strip raw source text from stored commitments, disable tools during due-commitment heartbeat turns, bound hidden extraction queue growth, expire stale commitments, and add QA/Docker safety coverage. Thanks @vignesh07.</li>
-<li>Telegram/agents: keep typing indicators and optional generation tools off the reply critical path, so fresh Telegram replies no longer stall while provider catalogs and media models load. (#75360) Thanks @obviyus.</li>
-<li>Agents/commitments: run hidden follow-up extraction on the configured agent/default model instead of falling back to direct OpenAI, so OpenAI Codex OAuth-only gateways no longer spam background API-key failures. Fixes #75334. Thanks @sene1337.</li>
-<li>Agents/media: keep async music generation completions on the requester-session wake path even when direct-send completion is enabled, so finished audio stays agent-mediated while video can still opt into direct channel delivery. (#75335) Thanks @vincentkoc.</li>
-<li>Security/config-audit: redact CLI argv and execArgv secrets before persisting config audit records, covering write, observe, and recovery paths. Fixes #60826. Thanks @koshaji.</li>
-<li>Gateway/models: keep default and configured model-list views responsive when provider catalog discovery stalls, without hiding real catalog load failures, while <code>--all</code> still waits for the exact full catalog. Fixes #75297; refs #74404. Thanks @lisandromachado and @najef1979-code.</li>
-<li>Plugins/runtime-deps: accept already materialized package-level runtime-deps supersets as converged, so later lazy plugin activation no longer prunes and relaunches <code>pnpm install</code> after gateway startup pre-staging, reducing event-loop pressure from repeated runtime-deps repair on packaged installs. Fixes #75283; refs #75297 and #72338. Thanks @brokemac79, @lisandromachado, and @midhunmonachan.</li>
-<li>Plugins/runtime-deps: remove OpenClaw-owned legacy runtime-deps symlinks before replacing staged bundled plugin dependencies, so updates can recover from older symlinked installs instead of failing the symlink safety guard. Thanks @goldmar.</li>
-<li>Discord: retry queued REST 429s against learned bucket/global cooldowns and reacquire fresh voice upload URLs after CDN upload rate limits, so outbound sends recover without reusing stale single-use upload URLs. Thanks @discord.</li>
-<li>TTS/providers: keep bundled speech-provider compat fallback available when plugins are globally disabled, so cold gateway and CLI startup can still resolve fallback speech providers instead of leaving explicit TTS provider selection with no registered providers. Refs #75265. Thanks @sliekens.</li>
-<li>Discord: collapse repeated native slash-command deploy rate-limit startup logs into one non-fatal warning while keeping per-request REST timing in verbose output. Thanks @discord.</li>
-<li>Discord: report native slash-command deploy aborts as REST timeouts with method, path, timeout budget, and observed duration, so startup logs explain slow Discord API calls instead of showing a generic aborted operation. Thanks @discord.</li>
-<li>Security/logging: redact payment credential field names such as card number, CVC/CVV, shared payment token, and payment credential across default log and tool-payload redaction patterns so wallet-style MCP tools do not expose raw payment credentials in UI events or transcripts. Thanks @stainlu.</li>
-<li>Providers/OpenAI Codex: preserve existing wrapped Codex streams during OpenAI attribution so PI OAuth bearer injection reaches ChatGPT/Codex Responses, and strip native Codex-only unsupported payload fields without touching custom compatible endpoints. (#75111) Thanks @keshavbotagent.</li>
-<li>Plugins/runtime-deps: materialize newly required bundled plugin packages after local <code>openclaw onboard</code> and <code>openclaw configure</code> config writes, while keeping remote setup read-only, so first Gateway startup no longer discovers missing channel/provider deps after setup claimed success. Fixes #75309; refs #75069. Thanks @scottgl9 and @xiaohuaxi.</li>
-<li>Plugins/runtime-deps: expire stale legacy install locks whose live PID cannot be tied to the current process incarnation, so Docker PID reuse no longer leaves bundled dependency repair stuck behind old <code>.openclaw-runtime-deps.lock</code> directories. Fixes #74948; refs #74950 and #74346. Thanks @dchekmarev.</li>
-<li>Plugins/runtime-deps: recover interrupted bundled runtime-dependency installs whose package sentinels exist but generated materialization is incomplete, forcing npm/pnpm repair in Gateway startup, doctor, and lazy plugin loads instead of leaving channels crash-looping on missing packages. Fixes #75309; refs #75310, #75296, and #75304. Thanks @scottgl9.</li>
-<li>Plugins/runtime-deps: treat no-main and export-map package sentinels without reachable entry files as incomplete, so Gateway startup, doctor, and lazy plugin loads repair interrupted bundled dependency installs instead of accepting package.json-only partial installs. Fixes #75309; refs #75183. Thanks @shakkernerd.</li>
-<li>Plugins/runtime-deps: keep runtime inspection and channel maintenance commands from downloading bundled plugin dependencies, route explicit repairs through <code>openclaw plugins deps --repair</code>, and still allow Gateway/DO paths to repair missing deps before import. Refs #75069. Thanks @xiaohuaxi.</li>
-<li>Updates: force non-deferred, no-cooldown update restarts after package-manager updates requested through the live Gateway control plane and fail release validation on post-swap stale chunk import crashes, so Telegram/Discord imports do not stay pointed at removed dist files. Fixes #75206. Thanks @xonaman and @faux123.</li>
-<li>Agents/tool-result guard: use the resolved runtime context token budget for non-context-engine tool-result overflow checks, so long tool-heavy sessions no longer compact early when <code>contextTokens</code> is larger than native <code>contextWindow</code>. Fixes #74917. Thanks @kAIborg24.</li>
-<li>Gateway/systemd: exit with sysexits 78 for supervised lock and <code>EADDRINUSE</code> conflicts so <code>RestartPreventExitStatus=78</code> stops <code>Restart=always</code> restart loops instead of repeatedly reloading plugins against an occupied port. Fixes #75115. Thanks @yhyatt.</li>
-<li>Agents/runtime: skip blank visible user prompts at the embedded-runner boundary before provider submission while still allowing internal runtime-only turns and media-only prompts, so Telegram/group sessions no longer leak raw empty-input provider errors when replay history exists. Fixes #74137. Thanks @yelog, @Gracker, and @nhaener.</li>
-<li>Agents/Codex: isolate local Codex app-server <code>CODEX_HOME</code> and <code>HOME</code> per agent and add a deliberate Codex migration path with selectable skill copies, so personal Codex CLI skills, plugins, config, and hooks no longer leak into OpenClaw agents unless the operator migrates them into the workspace. Thanks @pashpashpash.</li>
-<li>Security/Nextcloud Talk: make webhook signature validation use the padded timing-safe compare path even when the supplied signature length is wrong, keep normalized header lookup behavior, and extend regression coverage for tampered bodies, wrong secrets, array-backed headers, and truncated signatures. Carries forward earlier contributor work from #50516 by teddytennant. (#58097) Thanks @gavyngong.</li>
-<li>Plugins/runtime-deps: replace stale symlinked mirror target roots before writing runtime-mirror temp files and skip rewriting already materialized hardlinks, so cross-version container upgrades no longer crash-loop on read-only image-layer paths while warm mirrors do less churn. Fixes #75108; refs #75069. Thanks @coletebou and @xiaohuaxi.</li>
-<li>Auto-reply/group chats: fall back to automatic source delivery when a channel precomputes message-tool-only replies but the <code>message</code> tool is unavailable, so Discord/Slack-style group turns do not silently complete without a visible reply. Fixes #74868. Thanks @kagura-agent.</li>
-<li>Browser/gateway: share one browser control runtime across the HTTP control server and <code>browser.request</code>, and refresh browser profile config from the source snapshot, so CLI status/start honors configured <code>browser.executablePath</code>, <code>headless</code>, and <code>noSandbox</code> instead of falling back to stale auto-detection. Fixes #75087; repairs #73617. Thanks @civiltox and @martingarramon.</li>
-<li>Agents/subagents: bound automatic orphan recovery with persisted recovery attempts and a wedged-session tombstone, and teach task maintenance/doctor to reconcile those sessions so restart loops no longer require manual <code>sessions.json</code> surgery. Fixes #74864. Thanks @solosage1.</li>
-<li>Plugins/runtime-deps: keep bundled provider policy config loading from staging plugin runtime dependencies, so config reads no longer fail on locked-down <code>/var/lib/openclaw/plugin-runtime-deps</code> directories. Fixes #74971. Thanks @eurojojo.</li>
-<li>Memory/runtime-deps: retain the native <code>node-llama-cpp</code> runtime only when local memory search is configured, so packaged installs can repair local embeddings without relying on unreachable global npm installs. Fixes #74777. Thanks @LLagoon3.</li>
-<li>Gateway/startup: skip pre-bind web-fetch provider discovery for credential-free <code>tools.web.fetch</code> config, so Docker/Kubernetes gateways bind even when optional fetch limits are present. Fixes #74896. Thanks @KoykL.</li>
-<li>Signal: match group allowlists against inbound Signal group ids as well as sender ids, and process explicitly configured Signal groups without requiring mentions unless <code>requireMention</code> is set. Fixes #53308. Thanks @minupla and @juan-flores077.</li>
-<li>Signal: bound <code>signal-cli</code> installer release and archive downloads with explicit timeouts, declared and streamed size checks, and partial-file cleanup. Fixes #54153. Thanks @jinduwang1001-max and @juan-flores077.</li>
-<li>Slack: require bot-authored room messages with <code>allowBots=true</code> to come from an explicitly channel-allowlisted bot or from a room where an explicit Slack owner is present, so broad bot relays cannot run unattended. Fixes #59284. Thanks @andrewhong-translucent.</li>
-<li>Signal: derive <code>getAttachment</code> HTTP response caps from <code>channels.signal.mediaMaxMb</code> with base64 headroom, so inbound photos and videos no longer drop behind the 1 MiB RPC default. Fixes #73564. Thanks @heyhudson.</li>
-<li>Signal: keep the long-lived receive SSE monitor open while idle instead of applying the 10s RPC/check deadline, so <code>signal-cli</code> 0.14.3 event streams no longer reconnect before inbound messages arrive. Fixes #74741. Thanks @fgabelmannjr and @k7n4n5t3w4rt.</li>
-<li>CLI/progress: suppress nested progress spinners and line clears while TUI input owns raw stdin, so Crestodian <code>/status</code> no longer disturbs the active input row. (#75003) Thanks @velvet-shark.</li>
-<li>Models/OpenAI Codex: restore <code>openai-codex/gpt-5.4-mini</code> for ChatGPT/Codex OAuth PI runs after live OAuth proof, and align the manifest, forward-compat metadata, docs, and regression tests so stale cron and heartbeat configs resolve again. Fixes #74451. Thanks @0xCyda, @hclsys, and @Marvae.</li>
-<li>Plugins/runtime-deps: always write a dependency map in generated runtime-deps install manifests, so npm does not crash or prune staged bundled-plugin packages when the plan is empty. Fixes #74949. Thanks @hclsys.</li>
-<li>Telegram: use durable message edits for streaming previews instead of native draft state, so generated replies no longer flicker through draft-to-message transitions that look like duplicates. (#75073) Thanks @obviyus.</li>
-<li>Telegram: echo preflighted DM voice-note transcripts back to the originating chat, including Telegram DM topic thread metadata, instead of only echoing later media-understanding transcripts. Fixes #75084. Thanks @M-Lietz.</li>
-<li>Telegram: clamp low long-polling client timeouts so configured <code>timeoutSeconds</code> values below the <code>getUpdates</code> poll window no longer force a fresh HTTPS connection every few seconds. Fixes #75114. Thanks @hpinho77.</li>
-<li>Web search: describe <code>web_search</code> as using the configured provider instead of hard-coding Brave when DuckDuckGo or another provider is active. Fixes #75088. Thanks @sun-rongyang.</li>
-<li>Infra/tmp: tolerate concurrent temp-dir permission repairs by rechecking directories that another process already tightened, so parallel ACP subprocess startup no longer throws <code>Unsafe fallback OpenClaw temp dir</code>. Fixes #66867. Thanks @Kane808-AI and @jarvisz8.</li>
-<li>Agents/compaction: add an opt-in <code>agents.defaults.compaction.midTurnPrecheck</code> mid-turn precheck that detects tool-loop context pressure and triggers compaction before the next tool call instead of waiting for end-of-turn. (#73499) Thanks @marchpure and @haoxingjun.</li>
-<li>Gateway/approvals: let loopback token/password-backed native approval clients resolve exec approvals without attaching stale paired Gateway identities, while remote and unauthenticated approval clients keep normal device identity behavior. (#74472)</li>
-<li>Gateway/config: include rejected validation paths in foreground and service last-known-good recovery logs plus main-agent notices, so unsupported direct edits explain which key caused restore instead of looking like silent reversion. Fixes #75060. Thanks @amknight.</li>
-<li>Plugins/runtime-deps: hash the OS-canonical <code>packageRoot</code> via <code>fs.realpathSync.native</code> (with <code>path.resolve</code> fallback) when computing the bundled runtime-deps stage key, so loader and channel <code>bundled-root</code> callers no longer derive divergent stage directories under <code>~/.openclaw/plugin-runtime-deps/openclaw-<version>-<hash>/</code> and bundled channels stop failing with <code>ENOENT</code> on shared dist chunks under Windows npm symlinks, junctions, or PM2 multi-instance worker layouts. Fixes #74963. (#75048) Thanks @openperf and @vincentkoc.</li>
-<li>fix(logging): add redaction patterns for Tencent Cloud, Alibaba Cloud, HuggingFace and Replicate API keys (#58162). Thanks @gavyngong</li>
-<li>Pairing: surface unexpected allowlist filesystem stat errors instead of treating the allowlist as missing, so permission and I/O failures are visible during pairing authorization checks. (#63324) Thanks @franciscomaestre.</li>
-<li>macOS app: reserve layout space for exec approval command details so the allow dialog no longer overlaps the command, context, and action buttons. (#75470) Thanks @ngutman.</li>
-<li>Agents/failover: carry <code>sessionId</code>, <code>lane</code>, <code>provider</code>, <code>model</code>, and <code>profileId</code> attribution through <code>FailoverError</code> and <code>describeFailoverError</code>/<code>coerceToFailoverError</code> so structured error logs (e.g. <code>gateway.err.log</code> ingestion) can attribute exhausted-fallback wrapper errors to the originating session and last-attempted provider instead of dropping the metadata after the per-profile errors. Fixes #42713. (#73506) Thanks @wenxu007.</li>
-<li>Context Engine: treat assembled prompt as the default authority for preemptive overflow prechecks so engines that return a windowed, self-contained context no longer trigger false hard-fail compactions on huge raw history. Engines whose assembled view can hide overflow risk can opt back into the legacy behavior with <code>AssembleResult.promptAuthority: "preassembly_may_overflow"</code>. (#74255) Thanks @100yenadmin.</li>
-<li>Mattermost: refresh current native slash command registrations before accepting callbacks so stale tokens from deleted or regenerated commands stop being accepted without a gateway restart while failed validations stay briefly cached and lookup starts are rate-limited per command, gate each callback against the resolved command's own startup token so a token leaked for one slash command cannot poison another command's failure cache, redact slash validation lookup errors, and add a body read timeout to the multi-account routing path so slow callback senders cannot tie up the dispatcher. Thanks @feynman-hou and @eleqtrizit.</li>
-<li>Security/dotenv: block <code>COMSPEC</code> in workspace <code>.env</code> so a malicious repo cannot redirect Windows <code>cmd.exe</code> resolution, and lock in case-insensitive workspace-<code>.env</code> regression coverage for the full Windows shell trust-root family (<code>COMSPEC</code>, <code>PROGRAMFILES</code>, <code>PROGRAMW6432</code>, <code>SYSTEMROOT</code>, <code>WINDIR</code>). (#74460) Thanks @mmaps.</li>
-<li>Gateway/install: drop stale version-manager and package-manager PATH entries preserved from old service files during <code>gateway install --force</code> and doctor repair, so the repair path no longer recreates <code>gateway-path-nonminimal</code> warnings. Fixes #75220. (#75440) Thanks @leonaIee, @renaudcerrato, and @aaajiao.</li>
-</ul>
-<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.5.2/OpenClaw-2026.5.2.zip" length="51078259" type="application/octet-stream" sparkle:edSignature="NwoecacHxJOYpltNmB/y7LV5I8ZIh5pENWSydbOM1vsfgSrcb7pRP+Zm2nih1IAq7hh1tOmQ0XWnsohic7U4DA=="/>
-        </item>
     </channel>
 </rss>

apps/android/app/build.gradle.kts

@@ -65,8 +65,8 @@ android {
     applicationId = "ai.openclaw.app"
     minSdk = 31
     targetSdk = 36
-    versionCode = 2026051600
-    versionName = "2026.5.16"
+    versionCode = 2026051900
+    versionName = "2026.5.19"
     ndk {
       // Support all major ABIs — native libs are tiny (~47 KB per ABI)
       abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")

apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt

@@ -118,6 +118,8 @@ class MainViewModel(
   val talkModeListening: StateFlow<Boolean> = runtimeState(initial = false) { it.talkModeListening }
   val talkModeSpeaking: StateFlow<Boolean> = runtimeState(initial = false) { it.talkModeSpeaking }
   val talkModeStatusText: StateFlow<String> = runtimeState(initial = "Off") { it.talkModeStatusText }
+  val talkModeConversation: StateFlow<List<VoiceConversationEntry>> =
+    runtimeState(initial = emptyList()) { it.talkModeConversation }
 
   val chatSessionKey: StateFlow<String> = runtimeState(initial = "main") { it.chatSessionKey }
   val chatSessionId: StateFlow<String?> = runtimeState(initial = null) { it.chatSessionId }

apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt

@@ -12,6 +12,7 @@ import ai.openclaw.app.gateway.GatewayEndpoint
 import ai.openclaw.app.gateway.GatewaySession
 import ai.openclaw.app.gateway.GatewayTlsProbeFailure
 import ai.openclaw.app.gateway.GatewayTlsProbeResult
+import ai.openclaw.app.gateway.normalizeGatewayTlsFingerprint
 import ai.openclaw.app.gateway.probeGatewayTlsFingerprint
 import ai.openclaw.app.node.A2UIHandler
 import ai.openclaw.app.node.CalendarHandler
@@ -49,6 +50,7 @@ import android.Manifest
 import android.content.Context
 import android.content.pm.PackageManager
 import android.os.SystemClock
+import android.util.Base64
 import android.util.Log
 import androidx.core.content.ContextCompat
 import kotlinx.coroutines.CoroutineScope
@@ -248,6 +250,7 @@ class NodeRuntime(
     val endpoint: GatewayEndpoint,
     val fingerprintSha256: String,
     val auth: GatewayConnectAuth,
+    val previousFingerprintSha256: String? = null,
   )
 
   private val _isConnected = MutableStateFlow(false)
@@ -260,6 +263,7 @@ class NodeRuntime(
 
   private val _pendingGatewayTrust = MutableStateFlow<GatewayTrustPrompt?>(null)
   val pendingGatewayTrust: StateFlow<GatewayTrustPrompt?> = _pendingGatewayTrust.asStateFlow()
+  private val connectAttemptSeq = AtomicLong(0)
 
   private fun resolveNodeMainSessionKey(agentId: String? = gatewayDefaultAgentId): String {
     val deviceId = identityStore.loadOrCreate().deviceId
@@ -422,6 +426,42 @@ class NodeRuntime(
     MicCaptureManager(
       context = appContext,
       scope = scope,
+      createTranscriptionSession = {
+        val params =
+          buildJsonObject {
+            put("mode", JsonPrimitive("transcription"))
+            put("transport", JsonPrimitive("gateway-relay"))
+            put("brain", JsonPrimitive("none"))
+          }
+        val response =
+          operatorSession.request(
+            "talk.session.create",
+            params.toString(),
+            timeoutMs = 15_000,
+          )
+        parseTalkSessionId(response)
+      },
+      appendTranscriptionAudio = { sessionId, audio, onError ->
+        val params =
+          buildJsonObject {
+            put("sessionId", JsonPrimitive(sessionId))
+            put("audioBase64", JsonPrimitive(Base64.encodeToString(audio, Base64.NO_WRAP)))
+            put("timestamp", JsonPrimitive(SystemClock.elapsedRealtime()))
+          }
+        operatorSession.sendRequestFrame(
+          "talk.session.appendAudio",
+          params.toString(),
+          timeoutMs = 8_000,
+        ) { error -> onError(error.message) }
+      },
+      closeTranscriptionSession = { sessionId ->
+        val params = buildJsonObject { put("sessionId", JsonPrimitive(sessionId)) }
+        operatorSession.request(
+          "talk.session.close",
+          params.toString(),
+          timeoutMs = 5_000,
+        )
+      },
       sendToGateway = { message, onRunIdKnown ->
         val idempotencyKey = UUID.randomUUID().toString()
         // Notify MicCaptureManager of the idempotency key *before* the network
@@ -483,6 +523,7 @@ class NodeRuntime(
       isConnected = { operatorConnected },
       onBeforeSpeak = { micCapture.pauseForTts() },
       onAfterSpeak = { micCapture.resumeAfterTts() },
+      onStoppedByRelay = { finishTalkModeAfterRelayClose() },
     )
   }
 
@@ -498,6 +539,9 @@ class NodeRuntime(
   val talkModeStatusText: StateFlow<String>
     get() = talkMode.statusText
 
+  val talkModeConversation: StateFlow<List<VoiceConversationEntry>>
+    get() = talkMode.conversation
+
   private fun syncMainSessionKey(agentId: String?) {
     val resolvedKey = resolveNodeMainSessionKey(agentId)
     // Always push the resolved session key into TalkMode, even when the
@@ -966,6 +1010,14 @@ class NodeRuntime(
     }
   }
 
+  private fun finishTalkModeAfterRelayClose() {
+    if (_voiceCaptureMode.value != VoiceCaptureMode.TalkMode) return
+    _voiceCaptureMode.value = VoiceCaptureMode.Off
+    talkMode.ttsOnAllResponses = false
+    NodeForegroundService.setVoiceCaptureMode(appContext, VoiceCaptureMode.Off)
+    externalAudioCaptureActive.value = false
+  }
+
   val speakerEnabled: StateFlow<Boolean>
     get() = prefs.speakerEnabled
 
@@ -1112,23 +1164,58 @@ class NodeRuntime(
     endpoint: GatewayEndpoint,
     auth: GatewayConnectAuth,
   ) {
+    val connectAttemptId = connectAttemptSeq.incrementAndGet()
+    _pendingGatewayTrust.value = null
     val tls = connectionManager.resolveTlsParams(endpoint)
-    if (tls?.required == true && tls.expectedFingerprint.isNullOrBlank()) {
-      // First-time TLS: capture fingerprint, ask user to verify out-of-band, then store and connect.
+    if (tls?.required == true) {
+      val expectedFingerprint =
+        tls.expectedFingerprint
+          ?.let(::normalizeGatewayTlsFingerprint)
+          ?.takeIf { it.isNotBlank() }
       _statusText.value = "Verify gateway TLS fingerprint…"
       scope.launch {
         val tlsProbe = tlsFingerprintProbe(endpoint.host, endpoint.port)
+        if (!isCurrentConnectAttempt(connectAttemptId)) return@launch
         val fp =
           tlsProbe.fingerprintSha256 ?: run {
-            _statusText.value = gatewayTlsProbeFailureMessage(tlsProbe.failure)
+            if (expectedFingerprint == null) {
+              _statusText.value = gatewayTlsProbeFailureMessage(tlsProbe.failure)
+            } else {
+              connectAfterTlsCheck(endpoint = endpoint, auth = auth, connectAttemptId = connectAttemptId)
+            }
             return@launch
           }
-        _pendingGatewayTrust.value =
-          GatewayTrustPrompt(endpoint = endpoint, fingerprintSha256 = fp, auth = auth)
+        val observedFingerprint =
+          normalizeGatewayTlsFingerprint(fp)
+            .takeIf { it.isNotBlank() }
+            ?: fp
+        val previousFingerprint = expectedFingerprint?.takeUnless { it == observedFingerprint }
+        if (expectedFingerprint == null || previousFingerprint != null) {
+          _pendingGatewayTrust.value =
+            GatewayTrustPrompt(
+              endpoint = endpoint,
+              fingerprintSha256 = observedFingerprint,
+              auth = auth,
+              previousFingerprintSha256 = previousFingerprint,
+            )
+          return@launch
+        }
+        connectAfterTlsCheck(endpoint = endpoint, auth = auth, connectAttemptId = connectAttemptId)
       }
       return
     }
 
+    connectAfterTlsCheck(endpoint = endpoint, auth = auth, connectAttemptId = connectAttemptId)
+  }
+
+  private fun isCurrentConnectAttempt(connectAttemptId: Long): Boolean = connectAttemptSeq.get() == connectAttemptId
+
+  private fun connectAfterTlsCheck(
+    endpoint: GatewayEndpoint,
+    auth: GatewayConnectAuth,
+    connectAttemptId: Long,
+  ) {
+    if (!isCurrentConnectAttempt(connectAttemptId)) return
     connectedEndpoint = endpoint
     operatorStatusText = "Connecting…"
     nodeStatusText = "Connecting…"
@@ -1221,6 +1308,7 @@ class NodeRuntime(
   }
 
   fun disconnect() {
+    connectAttemptSeq.incrementAndGet()
     stopActiveVoiceSession()
     connectedEndpoint = null
     activeGatewayAuth = null
@@ -1371,6 +1459,17 @@ class NodeRuntime(
     }
   }
 
+  private fun parseTalkSessionId(response: String): String {
+    val root = json.parseToJsonElement(response).asObjectOrNull()
+    val sessionId =
+      root?.get("transcriptionSessionId").asStringOrNull()
+        ?: root?.get("sessionId").asStringOrNull()
+    if (sessionId.isNullOrBlank()) {
+      throw IllegalStateException("talk.session.create returned no session id")
+    }
+    return sessionId
+  }
+
   private suspend fun refreshBrandingFromGateway() {
     if (!_isConnected.value) return
     try {
@@ -1612,7 +1711,16 @@ internal fun resolveOperatorSessionConnectAuth(
     )
   }
 
-  return null
+  val explicitBootstrapToken = auth.bootstrapToken?.trim()?.takeIf { it.isNotEmpty() }
+  if (explicitBootstrapToken != null) {
+    return null
+  }
+
+  return NodeRuntime.GatewayConnectAuth(
+    token = null,
+    bootstrapToken = null,
+    password = null,
+  )
 }
 
 internal fun shouldConnectOperatorSession(

apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt

@@ -17,80 +17,148 @@ import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.LifecycleEventObserver
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.TimeoutCancellationException
 import kotlinx.coroutines.suspendCancellableCoroutine
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.withContext
+import kotlinx.coroutines.withTimeout
 import java.util.concurrent.atomic.AtomicBoolean
 import kotlin.coroutines.resume
 
-class PermissionRequester(
+class PermissionRequester internal constructor(
   private val activity: ComponentActivity,
+  launcherFactory: ((Map<String, Boolean>) -> Unit) -> ActivityResultLauncher<Array<String>>,
 ) {
-  private val mutex = Mutex()
-  private var pending: CompletableDeferred<Map<String, Boolean>>? = null
-  private val mainHandler = Handler(Looper.getMainLooper())
+  private data class PendingPermissionRequest(
+    val deferred: CompletableDeferred<Map<String, Boolean>>,
+    var timedOut: Boolean = false,
+  )
 
-  private val launcher: ActivityResultLauncher<Array<String>> =
-    activity.registerForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { result ->
-      val p = pending
-      pending = null
-      p?.complete(result)
-    }
+  private class PermissionRequestSlot(
+    val launcher: ActivityResultLauncher<Array<String>>,
+    var request: PendingPermissionRequest? = null,
+  )
+
+  constructor(activity: ComponentActivity) : this(
+    activity = activity,
+    launcherFactory = { callback ->
+      activity.registerForActivityResult(ActivityResultContracts.RequestMultiplePermissions(), callback)
+    },
+  )
+
+  private val mutex = Mutex()
+  private val requestSlotsLock = Any()
+  private val mainHandler = Handler(Looper.getMainLooper())
+  private val launchers = List(4) { createPermissionRequestSlot(launcherFactory) }
 
   suspend fun requestIfMissing(
     permissions: List<String>,
     timeoutMs: Long = 20_000,
-  ): Map<String, Boolean> =
-    mutex.withLock {
-      val missing =
-        permissions.filter { perm ->
-          ContextCompat.checkSelfPermission(activity, perm) != PackageManager.PERMISSION_GRANTED
+  ): Map<String, Boolean> {
+    return mutex.withLock {
+      while (true) {
+        val missing =
+          permissions.filter { perm ->
+            ContextCompat.checkSelfPermission(activity, perm) != PackageManager.PERMISSION_GRANTED
+          }
+        if (missing.isEmpty()) {
+          return permissions.associateWith { true }
         }
-      if (missing.isEmpty()) {
-        return permissions.associateWith { true }
-      }
 
-      val needsRationale =
-        missing.any { ActivityCompat.shouldShowRequestPermissionRationale(activity, it) }
-      if (needsRationale) {
-        val proceed = showRationaleDialog(missing)
-        if (!proceed) {
-          return permissions.associateWith { perm ->
-            ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
+        val needsRationale =
+          missing.any { ActivityCompat.shouldShowRequestPermissionRationale(activity, it) }
+        if (needsRationale) {
+          val proceed = showRationaleDialog(missing)
+          if (!proceed) {
+            return permissions.associateWith { perm ->
+              ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
+            }
           }
         }
-      }
 
-      val deferred = CompletableDeferred<Map<String, Boolean>>()
-      pending = deferred
-      withContext(Dispatchers.Main) {
-        launcher.launch(missing.toTypedArray())
-      }
-
-      val result =
-        withContext(Dispatchers.Default) {
-          kotlinx.coroutines.withTimeout(timeoutMs) { deferred.await() }
+        val deferred = CompletableDeferred<Map<String, Boolean>>()
+        val request = PendingPermissionRequest(deferred)
+        val slot = reservePermissionRequestSlot(request)
+        try {
+          withContext(Dispatchers.Main) {
+            slot.launcher.launch(missing.toTypedArray())
+          }
+        } catch (err: Throwable) {
+          clearPermissionRequestSlot(slot, request)
+          throw err
         }
 
-      // Merge: if something was already granted, treat it as granted even if launcher omitted it.
-      val merged =
-        permissions.associateWith { perm ->
-          val nowGranted =
-            ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
-          result[perm] == true || nowGranted
+        val result =
+          try {
+            withTimeout(timeoutMs) { deferred.await() }
+          } catch (err: TimeoutCancellationException) {
+            request.timedOut = true
+            throw err
+          }
+
+        val merged =
+          permissions.associateWith { perm ->
+            val nowGranted =
+              ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
+            result[perm] == true || nowGranted
+          }
+
+        val denied =
+          merged.filterValues { !it }.keys.filter {
+            !ActivityCompat.shouldShowRequestPermissionRationale(activity, it)
+          }
+        if (denied.isNotEmpty()) {
+          showSettingsDialog(denied)
         }
 
-      val denied =
-        merged.filterValues { !it }.keys.filter {
-          !ActivityCompat.shouldShowRequestPermissionRationale(activity, it)
-        }
-      if (denied.isNotEmpty()) {
-        showSettingsDialog(denied)
+        return merged
       }
-
-      return merged
+      error("unreachable")
     }
+  }
+
+  private fun createPermissionRequestSlot(
+    launcherFactory: ((Map<String, Boolean>) -> Unit) -> ActivityResultLauncher<Array<String>>,
+  ): PermissionRequestSlot {
+    var slot: PermissionRequestSlot? = null
+    val launcher = launcherFactory { result -> completePermissionRequest(checkNotNull(slot), result) }
+    val created = PermissionRequestSlot(launcher)
+    slot = created
+    return created
+  }
+
+  private fun reservePermissionRequestSlot(request: PendingPermissionRequest): PermissionRequestSlot =
+    synchronized(requestSlotsLock) {
+      val slot = launchers.firstOrNull { it.request == null } ?: error("permission request launcher busy")
+      slot.request = request
+      slot
+    }
+
+  private fun completePermissionRequest(
+    slot: PermissionRequestSlot,
+    result: Map<String, Boolean>,
+  ) {
+    val request =
+      synchronized(requestSlotsLock) {
+        slot.request.also {
+          slot.request = null
+        }
+      } ?: return
+    if (request.timedOut) return
+    request.deferred.complete(result)
+  }
+
+  private fun clearPermissionRequestSlot(
+    slot: PermissionRequestSlot,
+    request: PendingPermissionRequest,
+  ) {
+    synchronized(requestSlotsLock) {
+      if (slot.request === request) {
+        slot.request = null
+      }
+    }
+  }
 
   private suspend fun showRationaleDialog(permissions: List<String>): Boolean =
     withContext(Dispatchers.Main) {

apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt

@@ -149,7 +149,10 @@ class GatewaySession(
     val tls: GatewayTlsParams?,
   )
 
-  private var desired: DesiredConnection? = null
+  private val lifecycleLock = Any()
+
+  @Volatile private var desired: DesiredConnection? = null
+
   private var job: Job? = null
 
   @Volatile private var currentConnection: Connection? = null
@@ -168,26 +171,39 @@ class GatewaySession(
     options: GatewayConnectOptions,
     tls: GatewayTlsParams? = null,
   ) {
-    desired = DesiredConnection(endpoint, token, bootstrapToken, password, options, tls)
-    pendingDeviceTokenRetry = false
-    deviceTokenRetryBudgetUsed = false
-    reconnectPausedForAuthFailure = false
-    if (job == null) {
-      job = scope.launch(Dispatchers.IO) { runLoop() }
+    val connectionToClose: Connection?
+    synchronized(lifecycleLock) {
+      desired = DesiredConnection(endpoint, token, bootstrapToken, password, options, tls)
+      pendingDeviceTokenRetry = false
+      deviceTokenRetryBudgetUsed = false
+      reconnectPausedForAuthFailure = false
+      connectionToClose = currentConnection
+      if (job?.isActive != true) {
+        job = scope.launch(Dispatchers.IO) { runLoop() }
+      }
     }
+    connectionToClose?.closeQuietly()
   }
 
   fun disconnect() {
-    desired = null
-    pendingDeviceTokenRetry = false
-    deviceTokenRetryBudgetUsed = false
-    reconnectPausedForAuthFailure = false
-    currentConnection?.closeQuietly()
-    scope.launch(Dispatchers.IO) {
-      job?.cancelAndJoin()
+    val jobToCancel: Job?
+    val connectionToClose: Connection?
+    synchronized(lifecycleLock) {
+      desired = null
+      pendingDeviceTokenRetry = false
+      deviceTokenRetryBudgetUsed = false
+      reconnectPausedForAuthFailure = false
+      connectionToClose = currentConnection
+      jobToCancel = job
       job = null
-      pluginSurfaceUrls = emptyMap()
-      mainSessionKey = null
+    }
+    connectionToClose?.closeQuietly()
+    scope.launch(Dispatchers.IO) {
+      jobToCancel?.cancelAndJoin()
+      if (desired == null) {
+        pluginSurfaceUrls = emptyMap()
+        mainSessionKey = null
+      }
       onDisconnected("Offline")
     }
   }
@@ -316,6 +332,22 @@ class GatewaySession(
     return RpcResult(ok = res.ok, payloadJson = res.payloadJson, error = res.error)
   }
 
+  suspend fun sendRequestFrame(
+    method: String,
+    paramsJson: String?,
+    timeoutMs: Long = 15_000,
+    onError: (ErrorShape) -> Unit = {},
+  ) {
+    val conn = currentConnection ?: throw IllegalStateException("not connected")
+    val params =
+      if (paramsJson.isNullOrBlank()) {
+        null
+      } else {
+        json.parseToJsonElement(paramsJson)
+      }
+    conn.sendRequestFrame(method = method, params = params, timeoutMs = timeoutMs, onError = onError)
+  }
+
   private data class RpcResponse(
     val id: String,
     val ok: Boolean,
@@ -360,14 +392,12 @@ class GatewaySession(
       val id = UUID.randomUUID().toString()
       val deferred = CompletableDeferred<RpcResponse>()
       pending[id] = deferred
-      val frame =
-        buildJsonObject {
-          put("type", JsonPrimitive("req"))
-          put("id", JsonPrimitive(id))
-          put("method", JsonPrimitive(method))
-          if (params != null) put("params", params)
-        }
-      sendJson(frame)
+      try {
+        sendJson(buildRequestFrame(id = id, method = method, params = params))
+      } catch (err: Throwable) {
+        pending.remove(id)
+        throw err
+      }
       return try {
         withTimeout(timeoutMs) { deferred.await() }
       } catch (err: TimeoutCancellationException) {
@@ -376,13 +406,57 @@ class GatewaySession(
       }
     }
 
+    suspend fun sendRequestFrame(
+      method: String,
+      params: JsonElement?,
+      timeoutMs: Long,
+      onError: (ErrorShape) -> Unit,
+    ) {
+      val id = UUID.randomUUID().toString()
+      val deferred = CompletableDeferred<RpcResponse>()
+      pending[id] = deferred
+      try {
+        sendJson(buildRequestFrame(id = id, method = method, params = params))
+      } catch (err: Throwable) {
+        pending.remove(id)
+        throw err
+      }
+      scope.launch(Dispatchers.IO) {
+        val response =
+          try {
+            withTimeout(timeoutMs) { deferred.await() }
+          } catch (_: TimeoutCancellationException) {
+            pending.remove(id)
+            onError(ErrorShape("UNAVAILABLE", "request timeout"))
+            return@launch
+          }
+        if (!response.ok) {
+          onError(response.error ?: ErrorShape("UNAVAILABLE", "request failed"))
+        }
+      }
+    }
+
     suspend fun sendJson(obj: JsonObject) {
       val jsonString = obj.toString()
       writeLock.withLock {
-        socket?.send(jsonString)
+        if (socket?.send(jsonString) != true) {
+          throw IllegalStateException("gateway send failed")
+        }
       }
     }
 
+    private fun buildRequestFrame(
+      id: String,
+      method: String,
+      params: JsonElement?,
+    ): JsonObject =
+      buildJsonObject {
+        put("type", JsonPrimitive("req"))
+        put("id", JsonPrimitive(id))
+        put("method", JsonPrimitive(method))
+        if (params != null) put("params", params)
+      }
+
     suspend fun awaitClose() = closedDeferred.await()
 
     fun closeQuietly() {
@@ -905,9 +979,11 @@ class GatewaySession(
         conn.connect()
         conn.awaitClose()
       } finally {
-        currentConnection = null
-        pluginSurfaceUrls = emptyMap()
-        mainSessionKey = null
+        if (currentConnection === conn) {
+          currentConnection = null
+          pluginSurfaceUrls = emptyMap()
+          mainSessionKey = null
+        }
       }
     }
 
@@ -1090,8 +1166,10 @@ internal fun shouldPauseGatewayReconnectAfterAuthFailure(
           role?.trim() == "node" &&
           scopes.isEmpty() &&
           error.details.reason == "not-paired" &&
-          (error.details.pauseReconnect == false ||
-            error.details.recommendedNextStep == "wait_then_retry")
+          (
+            error.details.pauseReconnect == false ||
+              error.details.recommendedNextStep == "wait_then_retry"
+          )
       )
     "AUTH_TOKEN_MISMATCH" -> deviceTokenRetryBudgetUsed && !pendingDeviceTokenRetry
     else -> false

apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt

@@ -53,7 +53,10 @@ fun buildGatewayTlsConfig(
   onStore: ((String) -> Unit)? = null,
 ): GatewayTlsConfig? {
   if (params == null) return null
-  val expected = params.expectedFingerprint?.let(::normalizeFingerprint)
+  val expected =
+    params.expectedFingerprint
+      ?.let(::normalizeGatewayTlsFingerprint)
+      ?.takeIf { it.isNotBlank() }
   val defaultTrust = defaultTrustManager()
 
   @SuppressLint("CustomX509TrustManager")
@@ -200,7 +203,7 @@ private fun sha256Hex(data: ByteArray): String {
   return out.toString()
 }
 
-private fun normalizeFingerprint(raw: String): String {
+fun normalizeGatewayTlsFingerprint(raw: String): String {
   val stripped =
     raw
       .trim()

apps/android/app/src/main/java/ai/openclaw/app/node/JpegSizeLimiter.kt

@@ -27,28 +27,23 @@ internal object JpegSizeLimiter {
     require(initialWidth > 0 && initialHeight > 0) { "Invalid image size" }
     require(maxBytes > 0) { "Invalid maxBytes" }
 
+    val clampedStartQuality = startQuality.coerceIn(minQuality, 100)
     var width = initialWidth
     var height = initialHeight
-    val clampedStartQuality = startQuality.coerceIn(minQuality, 100)
-    var best =
-      JpegSizeLimiterResult(
-        bytes = encode(width, height, clampedStartQuality),
-        width = width,
-        height = height,
-        quality = clampedStartQuality,
-      )
-    if (best.bytes.size <= maxBytes) return best
+    var best: JpegSizeLimiterResult? = null
 
-    repeat(maxScaleAttempts) {
+    repeat(maxScaleAttempts + 1) { scaleAttempt ->
       var quality = clampedStartQuality
       repeat(maxQualityAttempts) {
         val bytes = encode(width, height, quality)
-        best = JpegSizeLimiterResult(bytes = bytes, width = width, height = height, quality = quality)
+        val attempt = JpegSizeLimiterResult(bytes = bytes, width = width, height = height, quality = quality)
+        best = attempt
         if (bytes.size <= maxBytes) return best
         if (quality <= minQuality) return@repeat
         quality = max(minQuality, (quality * 0.75).roundToInt())
       }
 
+      if (scaleAttempt == maxScaleAttempts) return@repeat
       val minScale = (minSize.toDouble() / min(width, height).toDouble()).coerceAtMost(1.0)
       val nextScale = max(scaleStep, minScale)
       val nextWidth = max(minSize, (width * nextScale).roundToInt())
@@ -58,10 +53,11 @@ internal object JpegSizeLimiter {
       height = min(nextHeight, height)
     }
 
-    if (best.bytes.size > maxBytes) {
-      throw IllegalStateException("CAMERA_TOO_LARGE: ${best.bytes.size} bytes > $maxBytes bytes")
+    val failed = checkNotNull(best)
+    if (failed.bytes.size > maxBytes) {
+      throw IllegalStateException("CAMERA_TOO_LARGE: ${failed.bytes.size} bytes > $maxBytes bytes")
     }
 
-    return best
+    return failed
   }
 }

apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt

@@ -100,8 +100,14 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
       containerColor = mobileCardSurface,
       title = { Text("Trust this gateway?", style = mobileHeadline, color = mobileText) },
       text = {
+        val message =
+          if (prompt.previousFingerprintSha256.isNullOrBlank()) {
+            "First-time TLS connection.\n\nVerify this SHA-256 fingerprint before trusting:\n${prompt.fingerprintSha256}"
+          } else {
+            "The gateway TLS certificate changed. Only continue if you expected this.\n\nOld SHA-256 fingerprint:\n${prompt.previousFingerprintSha256}\n\nNew SHA-256 fingerprint:\n${prompt.fingerprintSha256}"
+          }
         Text(
-          "First-time TLS connection.\n\nVerify this SHA-256 fingerprint before trusting:\n${prompt.fingerprintSha256}",
+          message,
           style = mobileCallout,
           color = mobileText,
         )

apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt

@@ -143,27 +143,15 @@ internal fun parseGatewayEndpointResult(rawInput: String): GatewayEndpointParseR
       ?.trim()
       ?.lowercase(Locale.US)
       .orEmpty()
-  val tls =
-    when (scheme) {
-      "ws", "http" -> false
-      "wss", "https" -> true
-      else -> true
-    }
+  if (scheme !in setOf("ws", "wss", "http", "https")) {
+    return GatewayEndpointParseResult(error = GatewayEndpointValidationError.INVALID_URL)
+  }
+  val tls = scheme == "wss" || scheme == "https"
   if (!tls && !isLoopbackGatewayHost(host)) {
     return GatewayEndpointParseResult(error = GatewayEndpointValidationError.INSECURE_REMOTE_URL)
   }
-  val defaultPort =
-    when (scheme) {
-      "wss", "https" -> 443
-      "ws", "http" -> 18789
-      else -> 443
-    }
-  val displayPort =
-    when (scheme) {
-      "wss", "https" -> 443
-      "ws", "http" -> 80
-      else -> 443
-    }
+  val defaultPort = if (tls) 443 else 18789
+  val displayPort = if (tls) 443 else 80
   val port = uri.port.takeIf { it in 1..65535 } ?: defaultPort
   val displayHost = if (host.contains(":")) "[$host]" else host
   val displayUrl =

apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt

@@ -497,8 +497,14 @@ fun OnboardingFlow(
       containerColor = onboardingSurface,
       title = { Text("Trust this gateway?", style = onboardingHeadlineStyle, color = onboardingText) },
       text = {
+        val message =
+          if (prompt.previousFingerprintSha256.isNullOrBlank()) {
+            "First-time TLS connection.\n\nVerify this SHA-256 fingerprint before trusting:\n${prompt.fingerprintSha256}"
+          } else {
+            "The gateway TLS certificate changed. Only continue if you expected this.\n\nOld SHA-256 fingerprint:\n${prompt.previousFingerprintSha256}\n\nNew SHA-256 fingerprint:\n${prompt.fingerprintSha256}"
+          }
         Text(
-          "First-time TLS connection.\n\nVerify this SHA-256 fingerprint before trusting:\n${prompt.fingerprintSha256}",
+          message,
           style = onboardingCalloutStyle,
           color = onboardingText,
         )

apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt

@@ -96,8 +96,10 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
   val talkModeEnabled by viewModel.talkModeEnabled.collectAsState()
   val talkModeListening by viewModel.talkModeListening.collectAsState()
   val talkModeSpeaking by viewModel.talkModeSpeaking.collectAsState()
+  val talkModeConversation by viewModel.talkModeConversation.collectAsState()
 
-  val hasStreamingAssistant = micConversation.any { it.role == VoiceConversationRole.Assistant && it.isStreaming }
+  val activeConversation = if (voiceCaptureMode == VoiceCaptureMode.TalkMode) talkModeConversation else micConversation
+  val hasStreamingAssistant = activeConversation.any { it.role == VoiceConversationRole.Assistant && it.isStreaming }
   val showThinkingBubble = micIsSending && !hasStreamingAssistant
 
   var hasMicPermission by remember { mutableStateOf(context.hasRecordAudioPermission()) }
@@ -131,8 +133,8 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
       pendingVoicePermissionAction = null
     }
 
-  LaunchedEffect(micConversation.size, showThinkingBubble) {
-    val total = micConversation.size + if (showThinkingBubble) 1 else 0
+  LaunchedEffect(voiceCaptureMode, activeConversation.size, showThinkingBubble) {
+    val total = activeConversation.size + if (showThinkingBubble) 1 else 0
     if (total > 0) {
       listState.animateScrollToItem(total - 1)
     }
@@ -154,7 +156,7 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
       contentPadding = PaddingValues(vertical = 4.dp),
       verticalArrangement = Arrangement.spacedBy(10.dp),
     ) {
-      if (micConversation.isEmpty() && !showThinkingBubble) {
+      if (activeConversation.isEmpty() && !showThinkingBubble) {
         item {
           Box(
             modifier = Modifier.fillParentMaxHeight().fillMaxWidth(),
@@ -185,7 +187,7 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
         }
       }
 
-      items(items = micConversation, key = { it.id }) { entry ->
+      items(items = activeConversation, key = { it.id }) { entry ->
         VoiceTurnBubble(entry = entry)
       }
 
@@ -347,10 +349,8 @@ fun VoiceTabScreen(viewModel: MainViewModel) {
           voiceCaptureMode == VoiceCaptureMode.TalkMode && talkModeSpeaking -> "Talk speaking"
           voiceCaptureMode == VoiceCaptureMode.TalkMode && talkModeListening -> "Talk listening"
           voiceCaptureMode == VoiceCaptureMode.TalkMode -> "Talk on"
+          micEnabled || micIsSending || micCooldown -> micStatusText
           queueCount > 0 -> "$queueCount queued"
-          micIsSending -> "Sending"
-          micCooldown -> "Cooldown"
-          micEnabled -> "Listening"
           else -> "Mic off"
         }
       val stateColor =

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatImageCodec.kt

@@ -13,7 +13,7 @@ import kotlin.math.max
 import kotlin.math.roundToInt
 
 private const val CHAT_ATTACHMENT_MAX_WIDTH = 1600
-private const val CHAT_ATTACHMENT_MAX_BASE64_CHARS = 300 * 1024
+internal const val CHAT_IMAGE_MAX_BASE64_CHARS = 300 * 1024
 private const val CHAT_ATTACHMENT_START_QUALITY = 85
 private const val CHAT_DECODE_MAX_DIMENSION = 1600
 private const val CHAT_IMAGE_CACHE_BYTES = 16 * 1024 * 1024
@@ -35,7 +35,7 @@ internal fun loadSizedImageAttachment(
   if (bitmap == null) {
     throw IllegalStateException("unsupported attachment")
   }
-  val maxBytes = (CHAT_ATTACHMENT_MAX_BASE64_CHARS / 4) * 3
+  val maxBytes = (CHAT_IMAGE_MAX_BASE64_CHARS / 4) * 3
   val encoded =
     JpegSizeLimiter.compressToLimit(
       initialWidth = bitmap.width,

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMarkdown.kt

@@ -30,13 +30,16 @@ import androidx.compose.ui.Modifier
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.layout.ContentScale
 import androidx.compose.ui.text.AnnotatedString
+import androidx.compose.ui.text.LinkAnnotation
 import androidx.compose.ui.text.SpanStyle
+import androidx.compose.ui.text.TextLinkStyles
 import androidx.compose.ui.text.TextStyle
 import androidx.compose.ui.text.buildAnnotatedString
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontStyle
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.text.style.TextDecoration
+import androidx.compose.ui.text.withLink
 import androidx.compose.ui.text.withStyle
 import androidx.compose.ui.unit.dp
 import androidx.compose.ui.unit.sp
@@ -72,10 +75,13 @@ import org.commonmark.node.SoftLineBreak
 import org.commonmark.node.StrongEmphasis
 import org.commonmark.node.ThematicBreak
 import org.commonmark.parser.Parser
+import java.net.URI
+import java.util.Locale
 import org.commonmark.node.Image as MarkdownImage
 import org.commonmark.node.Text as MarkdownTextNode
 
 private const val LIST_INDENT_DP = 14
+private const val DATA_IMAGE_HEADER_MAX_CHARS = 64
 private val dataImageRegex = Regex("^data:image/([a-zA-Z0-9+.-]+);base64,([A-Za-z0-9+/=\\n\\r]+)$")
 
 private val markdownParser: Parser by lazy {
@@ -499,19 +505,12 @@ private fun AnnotatedString.Builder.appendInlineNode(
         }
       }
       is Link -> {
-        withStyle(
-          SpanStyle(
-            color = linkColor,
-            textDecoration = TextDecoration.Underline,
-          ),
-        ) {
-          appendInlineNode(
-            current.firstChild,
-            inlineCodeBg = inlineCodeBg,
-            inlineCodeColor = inlineCodeColor,
-            linkColor = linkColor,
-          )
-        }
+        appendLinkNode(
+          link = current,
+          inlineCodeBg = inlineCodeBg,
+          inlineCodeColor = inlineCodeColor,
+          linkColor = linkColor,
+        )
       }
       is MarkdownImage -> {
         val alt = buildPlainText(current.firstChild)
@@ -527,13 +526,75 @@ private fun AnnotatedString.Builder.appendInlineNode(
         }
       }
       else -> {
-        appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
+        appendInlineNode(
+          current.firstChild,
+          inlineCodeBg = inlineCodeBg,
+          inlineCodeColor = inlineCodeColor,
+          linkColor = linkColor,
+        )
       }
     }
     current = current.next
   }
 }
 
+private fun AnnotatedString.Builder.appendLinkNode(
+  link: Link,
+  inlineCodeBg: Color,
+  inlineCodeColor: Color,
+  linkColor: Color,
+) {
+  val destination = link.destination?.trim().orEmpty()
+  val linkStyle =
+    SpanStyle(
+      color = linkColor,
+      textDecoration = TextDecoration.Underline,
+    )
+  if (destination.isEmpty() || !isSafeMarkdownLinkDestination(destination)) {
+    appendInlineNode(
+      link.firstChild,
+      inlineCodeBg = inlineCodeBg,
+      inlineCodeColor = inlineCodeColor,
+      linkColor = linkColor,
+    )
+    return
+  }
+
+  withLink(LinkAnnotation.Url(url = destination, styles = TextLinkStyles(style = linkStyle))) {
+    appendInlineNode(
+      link.firstChild,
+      inlineCodeBg = inlineCodeBg,
+      inlineCodeColor = inlineCodeColor,
+      linkColor = linkColor,
+    )
+  }
+}
+
+private fun isSafeMarkdownLinkDestination(destination: String): Boolean {
+  val scheme =
+    runCatching { URI(destination).scheme?.lowercase(Locale.US) }
+      .getOrNull()
+      ?: return false
+  return scheme == "http" || scheme == "https"
+}
+
+internal fun buildChatInlineMarkdown(
+  text: String,
+  linkColor: Color = Color.Blue,
+): AnnotatedString {
+  val document = markdownParser.parse(text) as Document
+  val paragraph = document.firstChild as? Paragraph ?: return AnnotatedString("")
+  return buildInlineMarkdown(
+    paragraph.firstChild,
+    InlineStyles(
+      inlineCodeBg = Color.Transparent,
+      inlineCodeColor = Color.Unspecified,
+      linkColor = linkColor,
+      baseCallout = TextStyle.Default,
+    ),
+  )
+}
+
 private fun buildPlainText(start: Node?): String {
   val sb = StringBuilder()
   var node = start
@@ -554,9 +615,10 @@ private fun standaloneDataImage(paragraph: Paragraph): ParsedDataImage? {
   return parseDataImageDestination(only.destination)
 }
 
-private fun parseDataImageDestination(destination: String?): ParsedDataImage? {
+internal fun parseDataImageDestination(destination: String?): ParsedDataImage? {
   val raw = destination?.trim().orEmpty()
   if (raw.isEmpty()) return null
+  if (raw.length > CHAT_IMAGE_MAX_BASE64_CHARS + DATA_IMAGE_HEADER_MAX_CHARS) return null
   val match = dataImageRegex.matchEntire(raw) ?: return null
   val subtype =
     match.groupValues
@@ -571,6 +633,7 @@ private fun parseDataImageDestination(destination: String?): ParsedDataImage? {
       ?.trim()
       .orEmpty()
   if (base64.isEmpty()) return null
+  if (base64.length > CHAT_IMAGE_MAX_BASE64_CHARS) return null
   return ParsedDataImage(mimeType = "image/$subtype", base64 = base64)
 }
 
@@ -598,7 +661,7 @@ private data class TableRenderRow(
   val cells: List<AnnotatedString>,
 )
 
-private data class ParsedDataImage(
+internal data class ParsedDataImage(
   val mimeType: String,
   val base64: String,
 )

apps/android/app/src/main/java/ai/openclaw/app/voice/MicCaptureManager.kt

@@ -1,29 +1,30 @@
 package ai.openclaw.app.voice
 
 import android.Manifest
+import android.annotation.SuppressLint
 import android.content.Context
-import android.content.Intent
 import android.content.pm.PackageManager
-import android.os.Bundle
-import android.os.Handler
-import android.os.Looper
-import android.speech.RecognitionListener
-import android.speech.RecognizerIntent
-import android.speech.SpeechRecognizer
+import android.media.AudioFormat
+import android.media.AudioRecord
+import android.media.MediaRecorder
 import android.util.Log
 import androidx.core.content.ContextCompat
+import kotlinx.coroutines.CancellationException
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
+import kotlinx.coroutines.channels.BufferOverflow
+import kotlinx.coroutines.channels.Channel
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.isActive
 import kotlinx.coroutines.launch
-import kotlinx.coroutines.withContext
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import java.util.UUID
+import kotlin.coroutines.coroutineContext
 
 enum class VoiceConversationRole {
   User,
@@ -40,6 +41,13 @@ data class VoiceConversationEntry(
 class MicCaptureManager(
   private val context: Context,
   private val scope: CoroutineScope,
+  private val createTranscriptionSession: suspend () -> String,
+  private val appendTranscriptionAudio: suspend (
+    sessionId: String,
+    audio: ByteArray,
+    onError: (String) -> Unit,
+  ) -> Unit,
+  private val closeTranscriptionSession: suspend (sessionId: String) -> Unit,
   /**
    * Send [message] to the gateway and return the run ID.
    * [onRunIdKnown] is called with the idempotency key *before* the network
@@ -50,15 +58,15 @@ class MicCaptureManager(
 ) {
   companion object {
     private const val tag = "MicCapture"
-    private const val speechMinSessionMs = 30_000L
-    private const val speechCompleteSilenceMs = 1_500L
-    private const val speechPossibleSilenceMs = 900L
+    private const val transcriptionSampleRateHz = 8_000
+    private const val transcriptionAudioFrameMs = 100
+    private const val pcmuBias = 0x84
+    private const val pcmuClip = 32635
     private const val transcriptIdleFlushMs = 1_600L
     private const val maxConversationEntries = 40
     private const val pendingRunTimeoutMs = 45_000L
   }
 
-  private val mainHandler = Handler(Looper.getMainLooper())
   private val json = Json { ignoreUnknownKeys = true }
 
   private val _micEnabled = MutableStateFlow(false)
@@ -95,9 +103,11 @@ class MicCaptureManager(
   private var pendingAssistantEntryId: String? = null
   private var gatewayConnected = false
 
-  private var recognizer: SpeechRecognizer? = null
-  private var restartJob: Job? = null
-  private var drainJob: Job? = null
+  @Volatile private var transcriptionSessionId: String? = null
+  private var transcriptionStartJob: Job? = null
+  private var transcriptionCaptureJob: Job? = null
+  private var transcriptionAppendJob: Job? = null
+  private var transcriptionDrainJob: Job? = null
   private var transcriptFlushJob: Job? = null
   private var pendingRunTimeoutJob: Job? = null
   private var stopRequested = false
@@ -153,23 +163,23 @@ class MicCaptureManager(
         _statusText.value = if (_isSending.value) "Speaking · waiting for reply" else "Speaking…"
         return
       }
+      transcriptionDrainJob?.cancel()
+      transcriptionDrainJob = null
+      _micCooldown.value = false
       start()
       sendQueuedIfIdle()
     } else {
-      // Give the recognizer time to finish processing buffered audio.
-      // Cancel any prior drain to prevent duplicate sends on rapid toggle.
-      drainJob?.cancel()
+      transcriptionDrainJob?.cancel()
       _micCooldown.value = true
-      drainJob =
+      transcriptionDrainJob =
         scope.launch {
           delay(2000L)
           stop()
-          // Capture any partial transcript that didn't get a final result from the recognizer
           val partial = _liveTranscript.value?.trim().orEmpty()
           if (partial.isNotEmpty()) {
             queueRecognizedMessage(partial)
           }
-          drainJob = null
+          transcriptionDrainJob = null
           _micCooldown.value = false
           sendQueuedIfIdle()
         }
@@ -182,11 +192,9 @@ class MicCaptureManager(
         ttsPauseDepth += 1
         if (ttsPauseDepth > 1) return@synchronized false
         resumeMicAfterTts = _micEnabled.value
-        val active = resumeMicAfterTts || recognizer != null || _isListening.value
+        val active = resumeMicAfterTts || transcriptionSessionId != null || _isListening.value
         if (!active) return@synchronized false
         stopRequested = true
-        restartJob?.cancel()
-        restartJob = null
         transcriptFlushJob?.cancel()
         transcriptFlushJob = null
         _isListening.value = false
@@ -196,11 +204,7 @@ class MicCaptureManager(
         true
       }
     if (!shouldPause) return
-    withContext(Dispatchers.Main) {
-      recognizer?.cancel()
-      recognizer?.destroy()
-      recognizer = null
-    }
+    stopTranscription(preserveStatus = true)
   }
 
   suspend fun resumeAfterTts() {
@@ -231,9 +235,14 @@ class MicCaptureManager(
   fun onGatewayConnectionChanged(connected: Boolean) {
     gatewayConnected = connected
     if (connected) {
+      if (_micEnabled.value && transcriptionSessionId == null) {
+        start()
+      }
       sendQueuedIfIdle()
       return
     }
+    stopRequested = true
+    stopTranscription(preserveStatus = true)
     pendingRunTimeoutJob?.cancel()
     pendingRunTimeoutJob = null
     pendingRunId = null
@@ -248,6 +257,10 @@ class MicCaptureManager(
     event: String,
     payloadJson: String?,
   ) {
+    if (event == "talk.event") {
+      handleTranscriptionEvent(payloadJson)
+      return
+    }
     if (event != "chat") return
     if (payloadJson.isNullOrBlank()) return
     val payload =
@@ -304,93 +317,96 @@ class MicCaptureManager(
 
   private fun start() {
     stopRequested = false
-    if (!SpeechRecognizer.isRecognitionAvailable(context)) {
-      _statusText.value = "Speech recognizer unavailable"
-      _micEnabled.value = false
-      return
-    }
     if (!hasMicPermission()) {
       _statusText.value = "Microphone permission required"
       _micEnabled.value = false
       return
     }
-
-    mainHandler.post {
-      try {
-        if (recognizer == null) {
-          recognizer = SpeechRecognizer.createSpeechRecognizer(context).also { it.setRecognitionListener(listener) }
-        }
-        startListeningSession()
-      } catch (err: Throwable) {
-        _statusText.value = "Start failed: ${err.message ?: err::class.simpleName}"
-        _micEnabled.value = false
-      }
+    if (!gatewayConnected) {
+      _statusText.value = "Mic on · waiting for gateway"
+      return
     }
+    if (transcriptionSessionId != null || transcriptionStartJob?.isActive == true) return
+
+    val startJob =
+      scope.launch {
+        var restartAfterCancellation = false
+        try {
+          val sessionId = createTranscriptionSession()
+          if (stopRequested || !_micEnabled.value) {
+            closeTranscriptionSession(sessionId)
+            return@launch
+          }
+          transcriptionSessionId = sessionId
+          _isListening.value = true
+          _statusText.value = listeningStatus()
+          startTranscriptionCapture(sessionId)
+          Log.d(tag, "transcription session started sessionId=$sessionId")
+        } catch (err: Throwable) {
+          if (err is CancellationException) {
+            restartAfterCancellation = _micEnabled.value && gatewayConnected && !stopRequested
+            return@launch
+          }
+          _statusText.value = "Transcription unavailable: ${err.message ?: err::class.simpleName}"
+          _micEnabled.value = false
+          stopTranscription(preserveStatus = true)
+        } finally {
+          if (transcriptionStartJob === coroutineContext[Job]) {
+            transcriptionStartJob = null
+          }
+          if (restartAfterCancellation) {
+            start()
+          }
+        }
+      }
+    transcriptionStartJob = startJob
   }
 
   private fun stop() {
     stopRequested = true
-    restartJob?.cancel()
-    restartJob = null
+    stopTranscription()
+  }
+
+  private fun stopTranscription(preserveStatus: Boolean = false) {
+    val status = _statusText.value
+    val sessionId = transcriptionSessionId
+    transcriptionSessionId = null
+    if (sessionId != null) {
+      transcriptionStartJob?.cancel()
+      transcriptionStartJob = null
+    } else if (transcriptionStartJob?.isActive != true) {
+      transcriptionStartJob = null
+    }
+    transcriptionCaptureJob?.cancel()
+    transcriptionAppendJob?.cancel()
+    transcriptionCaptureJob = null
+    transcriptionAppendJob = null
     transcriptFlushJob?.cancel()
     transcriptFlushJob = null
     _isListening.value = false
-    _statusText.value = if (_isSending.value) "Mic off · sending…" else "Mic off"
     _inputLevel.value = 0f
-    mainHandler.post {
-      recognizer?.cancel()
-      recognizer?.destroy()
-      recognizer = null
+    if (!preserveStatus) {
+      _statusText.value = if (_isSending.value) "Mic off · sending…" else "Mic off"
+    } else {
+      _statusText.value = status
     }
-  }
-
-  private fun startListeningSession() {
-    val recognizerInstance = recognizer ?: return
-    val intent =
-      Intent(RecognizerIntent.ACTION_RECOGNIZE_SPEECH).apply {
-        putExtra(RecognizerIntent.EXTRA_LANGUAGE_MODEL, RecognizerIntent.LANGUAGE_MODEL_FREE_FORM)
-        putExtra(RecognizerIntent.EXTRA_PARTIAL_RESULTS, true)
-        putExtra(RecognizerIntent.EXTRA_MAX_RESULTS, 3)
-        putExtra(RecognizerIntent.EXTRA_CALLING_PACKAGE, context.packageName)
-        putExtra(RecognizerIntent.EXTRA_SPEECH_INPUT_MINIMUM_LENGTH_MILLIS, speechMinSessionMs)
-        putExtra(RecognizerIntent.EXTRA_SPEECH_INPUT_COMPLETE_SILENCE_LENGTH_MILLIS, speechCompleteSilenceMs)
-        putExtra(
-          RecognizerIntent.EXTRA_SPEECH_INPUT_POSSIBLY_COMPLETE_SILENCE_LENGTH_MILLIS,
-          speechPossibleSilenceMs,
-        )
-      }
-    _statusText.value =
-      when {
-        _isSending.value -> "Listening · sending queued voice"
-        hasQueuedMessages() -> "Listening · ${queuedMessageCount()} queued"
-        else -> "Listening"
-      }
-    _isListening.value = true
-    recognizerInstance.startListening(intent)
-  }
-
-  private fun scheduleRestart(delayMs: Long = 300L) {
-    if (stopRequested) return
-    if (!_micEnabled.value) return
-    restartJob?.cancel()
-    restartJob =
+    if (!sessionId.isNullOrBlank()) {
       scope.launch {
-        delay(delayMs)
-        mainHandler.post {
-          if (stopRequested || !_micEnabled.value) return@post
-          try {
-            startListeningSession()
-          } catch (_: Throwable) {
-            // retry through onError
+        try {
+          closeTranscriptionSession(sessionId)
+        } catch (err: Throwable) {
+          if (err !is CancellationException) {
+            Log.d(tag, "transcription close ignored: ${err.message ?: err::class.simpleName}")
           }
         }
       }
+    }
   }
 
   private fun queueRecognizedMessage(text: String) {
     val message = text.trim()
     _liveTranscript.value = null
-    if (message.isEmpty()) return
+    if (!message.hasTranscriptContent()) return
     appendConversation(
       role = VoiceConversationRole.User,
       text = message,
@@ -572,23 +588,210 @@ class MicCaptureManager(
     }
   }
 
-  private fun disableMic(status: String) {
-    stopRequested = true
-    restartJob?.cancel()
-    restartJob = null
-    transcriptFlushJob?.cancel()
-    transcriptFlushJob = null
-    _micEnabled.value = false
-    _isListening.value = false
-    _inputLevel.value = 0f
-    _statusText.value = status
-    mainHandler.post {
-      recognizer?.cancel()
-      recognizer?.destroy()
-      recognizer = null
+  @SuppressLint("MissingPermission")
+  private fun startTranscriptionCapture(sessionId: String) {
+    transcriptionCaptureJob?.cancel()
+    transcriptionAppendJob?.cancel()
+    val audioFrames =
+      Channel<ByteArray>(
+        capacity = 4,
+        onBufferOverflow = BufferOverflow.DROP_OLDEST,
+      )
+    transcriptionAppendJob =
+      scope.launch(Dispatchers.IO) {
+        for (frame in audioFrames) {
+          if (transcriptionSessionId != sessionId) continue
+          try {
+            appendTranscriptionAudio(sessionId, pcm16ToPcmu(frame)) { message ->
+              failTranscription(sessionId, message)
+            }
+          } catch (err: Throwable) {
+            if (err is CancellationException) throw err
+            failTranscription(sessionId, err.message ?: err::class.simpleName ?: "request failed")
+          }
+        }
+      }
+    transcriptionCaptureJob =
+      scope.launch(Dispatchers.IO) {
+        var audioRecord: AudioRecord? = null
+        try {
+          val frameBytes = transcriptionSampleRateHz * 2 * transcriptionAudioFrameMs / 1000
+          val minBuffer =
+            AudioRecord.getMinBufferSize(
+              transcriptionSampleRateHz,
+              AudioFormat.CHANNEL_IN_MONO,
+              AudioFormat.ENCODING_PCM_16BIT,
+            )
+          if (minBuffer <= 0) {
+            throw IllegalStateException("AudioRecord buffer unavailable")
+          }
+          audioRecord =
+            AudioRecord
+              .Builder()
+              .setAudioSource(MediaRecorder.AudioSource.VOICE_RECOGNITION)
+              .setAudioFormat(
+                AudioFormat
+                  .Builder()
+                  .setEncoding(AudioFormat.ENCODING_PCM_16BIT)
+                  .setSampleRate(transcriptionSampleRateHz)
+                  .setChannelMask(AudioFormat.CHANNEL_IN_MONO)
+                  .build(),
+              ).setBufferSizeInBytes(maxOf(minBuffer, frameBytes * 4))
+              .build()
+          val buffer = ByteArray(frameBytes)
+          audioRecord.startRecording()
+          while (coroutineContext.isActive && _micEnabled.value && transcriptionSessionId == sessionId) {
+            val read = audioRecord.read(buffer, 0, buffer.size)
+            if (read <= 0) continue
+            _inputLevel.value = pcm16Level(buffer, read)
+            audioFrames.trySend(buffer.copyOf(read))
+          }
+        } catch (err: Throwable) {
+          if (err is CancellationException) throw err
+          failTranscription(sessionId, err.message ?: err::class.simpleName ?: "capture failed")
+        } finally {
+          audioFrames.close()
+          audioRecord?.let { record ->
+            try {
+              record.stop()
+            } catch (_: Throwable) {
+            }
+            record.release()
+          }
+        }
+      }
+  }
+
+  private fun handleTranscriptionEvent(payloadJson: String?) {
+    if (payloadJson.isNullOrBlank()) return
+    val obj =
+      try {
+        json.parseToJsonElement(payloadJson).asObjectOrNull()
+      } catch (_: Throwable) {
+        null
+      } ?: return
+    val sessionId = obj["transcriptionSessionId"].asStringOrNull() ?: obj["sessionId"].asStringOrNull()
+    val currentSessionId = transcriptionSessionId
+    if (currentSessionId == null || sessionId != currentSessionId) return
+
+    when (obj["type"].asStringOrNull()) {
+      "ready", "inputAudio", "speechStart" -> {
+        _isListening.value = true
+        _statusText.value = listeningStatus()
+      }
+      "partial" -> {
+        val text = obj["text"].asStringOrNull()?.trim().orEmpty()
+        if (text.isNotEmpty()) {
+          _liveTranscript.value = text
+          scheduleTranscriptFlush(text)
+        }
+      }
+      "transcript" -> {
+        transcriptFlushJob?.cancel()
+        transcriptFlushJob = null
+        val text = obj["text"].asStringOrNull()?.trim().orEmpty()
+        if (text.isNotEmpty()) {
+          if (text != flushedPartialTranscript) {
+            queueRecognizedMessage(text)
+            sendQueuedIfIdle()
+          } else {
+            flushedPartialTranscript = null
+            _liveTranscript.value = null
+          }
+        }
+      }
+      "error" -> {
+        val message =
+          obj["message"]
+            .asStringOrNull()
+            ?.trim()
+            .orEmpty()
+            .ifEmpty { "transcription failed" }
+        failTranscription(currentSessionId, message)
+      }
+      "close" -> {
+        _micEnabled.value = false
+        stopTranscription()
+      }
     }
   }
 
+  private fun failTranscription(
+    sessionId: String,
+    message: String,
+  ) {
+    if (transcriptionSessionId != sessionId) return
+    _statusText.value = "Transcription failed: $message"
+    _micEnabled.value = false
+    stopTranscription(preserveStatus = true)
+  }
+
+  private fun listeningStatus(): String =
+    when {
+      _isSending.value -> "Listening · sending queued voice"
+      hasQueuedMessages() -> "Listening · ${queuedMessageCount()} queued"
+      else -> "Listening"
+    }
+
+  private fun pcm16Level(
+    frame: ByteArray,
+    length: Int,
+  ): Float {
+    var total = 0L
+    var count = 0
+    var index = 0
+    val limit = length - (length % 2)
+    while (index < limit) {
+      val sample =
+        (frame[index].toInt() and 0xff) or
+          (frame[index + 1].toInt() shl 8)
+      total += kotlin.math.abs(sample.toShort().toInt())
+      count += 1
+      index += 2
+    }
+    if (count == 0) return 0f
+    return ((total / count).toFloat() / Short.MAX_VALUE).coerceIn(0f, 1f)
+  }
+
+  private fun pcm16ToPcmu(pcm16: ByteArray): ByteArray {
+    val output = ByteArray(pcm16.size / 2)
+    var inputIndex = 0
+    var outputIndex = 0
+    while (inputIndex + 1 < pcm16.size) {
+      val sample =
+        (
+          (pcm16[inputIndex].toInt() and 0xff) or
+            (pcm16[inputIndex + 1].toInt() shl 8)
+        ).toShort().toInt()
+      output[outputIndex] = linear16ToPcmu(sample)
+      inputIndex += 2
+      outputIndex += 1
+    }
+    return output
+  }
+
+  private fun linear16ToPcmu(sample: Int): Byte {
+    var sign = 0
+    var magnitude = sample
+    if (magnitude < 0) {
+      sign = 0x80
+      magnitude = -magnitude
+    }
+    if (magnitude > pcmuClip) {
+      magnitude = pcmuClip
+    }
+    magnitude += pcmuBias
+
+    var exponent = 7
+    var mask = 0x4000
+    while ((magnitude and mask) == 0 && exponent > 0) {
+      exponent -= 1
+      mask = mask shr 1
+    }
+    val mantissa = (magnitude shr (exponent + 3)) and 0x0f
+    return (sign or (exponent shl 4) or mantissa).inv().toByte()
+  }
+
   private fun hasMicPermission(): Boolean =
     (
       ContextCompat.checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) ==
@@ -596,103 +799,10 @@ class MicCaptureManager(
     )
 
   private fun parseAssistantText(payload: JsonObject): String? = ChatEventText.assistantTextFromPayload(payload)
-
-  private val listener =
-    object : RecognitionListener {
-      override fun onReadyForSpeech(params: Bundle?) {
-        _isListening.value = true
-      }
-
-      override fun onBeginningOfSpeech() {}
-
-      override fun onRmsChanged(rmsdB: Float) {
-        val level = ((rmsdB + 2f) / 12f).coerceIn(0f, 1f)
-        _inputLevel.value = level
-      }
-
-      override fun onBufferReceived(buffer: ByteArray?) {}
-
-      override fun onEndOfSpeech() {
-        _inputLevel.value = 0f
-        scheduleRestart()
-      }
-
-      override fun onError(error: Int) {
-        if (stopRequested) return
-        _isListening.value = false
-        _inputLevel.value = 0f
-        val status =
-          when (error) {
-            SpeechRecognizer.ERROR_AUDIO -> "Audio error"
-            SpeechRecognizer.ERROR_CLIENT -> "Client error"
-            SpeechRecognizer.ERROR_NETWORK -> "Network error"
-            SpeechRecognizer.ERROR_NETWORK_TIMEOUT -> "Network timeout"
-            SpeechRecognizer.ERROR_NO_MATCH -> "Listening"
-            SpeechRecognizer.ERROR_RECOGNIZER_BUSY -> "Recognizer busy"
-            SpeechRecognizer.ERROR_SERVER -> "Server error"
-            SpeechRecognizer.ERROR_SPEECH_TIMEOUT -> "Listening"
-            SpeechRecognizer.ERROR_INSUFFICIENT_PERMISSIONS -> "Microphone permission required"
-            SpeechRecognizer.ERROR_LANGUAGE_NOT_SUPPORTED -> "Language not supported on this device"
-            SpeechRecognizer.ERROR_LANGUAGE_UNAVAILABLE -> "Language unavailable on this device"
-            SpeechRecognizer.ERROR_SERVER_DISCONNECTED -> "Speech service disconnected"
-            SpeechRecognizer.ERROR_TOO_MANY_REQUESTS -> "Speech requests limited; retrying"
-            else -> "Speech error ($error)"
-          }
-        _statusText.value = status
-
-        if (
-          error == SpeechRecognizer.ERROR_INSUFFICIENT_PERMISSIONS ||
-          error == SpeechRecognizer.ERROR_LANGUAGE_NOT_SUPPORTED ||
-          error == SpeechRecognizer.ERROR_LANGUAGE_UNAVAILABLE
-        ) {
-          disableMic(status)
-          return
-        }
-
-        val restartDelayMs =
-          when (error) {
-            SpeechRecognizer.ERROR_NO_MATCH,
-            SpeechRecognizer.ERROR_SPEECH_TIMEOUT,
-            -> 1_200L
-            SpeechRecognizer.ERROR_TOO_MANY_REQUESTS -> 2_500L
-            else -> 600L
-          }
-        scheduleRestart(delayMs = restartDelayMs)
-      }
-
-      override fun onResults(results: Bundle?) {
-        transcriptFlushJob?.cancel()
-        transcriptFlushJob = null
-        val text = results?.getStringArrayList(SpeechRecognizer.RESULTS_RECOGNITION).orEmpty().firstOrNull()
-        if (!text.isNullOrBlank()) {
-          val trimmed = text.trim()
-          if (trimmed != flushedPartialTranscript) {
-            queueRecognizedMessage(trimmed)
-            sendQueuedIfIdle()
-          } else {
-            flushedPartialTranscript = null
-            _liveTranscript.value = null
-          }
-        }
-        scheduleRestart()
-      }
-
-      override fun onPartialResults(partialResults: Bundle?) {
-        val text = partialResults?.getStringArrayList(SpeechRecognizer.RESULTS_RECOGNITION).orEmpty().firstOrNull()
-        if (!text.isNullOrBlank()) {
-          val trimmed = text.trim()
-          _liveTranscript.value = trimmed
-          scheduleTranscriptFlush(trimmed)
-        }
-      }
-
-      override fun onEvent(
-        eventType: Int,
-        params: Bundle?,
-      ) {}
-    }
 }
 
 private fun kotlinx.serialization.json.JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
 
 private fun kotlinx.serialization.json.JsonElement?.asStringOrNull(): String? = (this as? JsonPrimitive)?.takeIf { it.isString }?.content
+
+private fun String.hasTranscriptContent(): Boolean = any { it.isLetterOrDigit() }

apps/android/app/src/main/java/ai/openclaw/app/voice/TalkModeGatewayConfig.kt

@@ -11,8 +11,14 @@ internal data class TalkModeGatewayConfigState(
   val mainSessionKey: String,
   val interruptOnSpeech: Boolean?,
   val silenceTimeoutMs: Long,
+  val executionMode: TalkModeExecutionMode,
 )
 
+internal enum class TalkModeExecutionMode {
+  Native,
+  RealtimeRelay,
+}
+
 internal object TalkModeGatewayConfigParser {
   fun parse(config: JsonObject?): TalkModeGatewayConfigState {
     val talk = config?.get("talk").asObjectOrNull()
@@ -21,9 +27,22 @@ internal object TalkModeGatewayConfigParser {
       mainSessionKey = normalizeMainKey(sessionCfg?.get("mainKey").asStringOrNull()),
       interruptOnSpeech = talk?.get("interruptOnSpeech").asBooleanOrNull(),
       silenceTimeoutMs = resolvedSilenceTimeoutMs(talk),
+      executionMode = resolvedExecutionMode(talk),
     )
   }
 
+  fun resolvedExecutionMode(talk: JsonObject?): TalkModeExecutionMode {
+    val realtime = talk?.get("realtime").asObjectOrNull() ?: return TalkModeExecutionMode.Native
+    val mode = realtime["mode"].asStringOrNull()
+    val transport = realtime["transport"].asStringOrNull()
+    val brain = realtime["brain"].asStringOrNull()
+    return if (mode == "realtime" && transport == "gateway-relay" && (brain == null || brain == "agent-consult")) {
+      TalkModeExecutionMode.RealtimeRelay
+    } else {
+      TalkModeExecutionMode.Native
+    }
+  }
+
   fun resolvedSilenceTimeoutMs(talk: JsonObject?): Long {
     val fallback = TalkDefaults.defaultSilenceTimeoutMs
     val primitive = talk?.get("silenceTimeoutMs") as? JsonPrimitive ?: return fallback

apps/android/app/src/main/java/ai/openclaw/app/voice/TalkModeManager.kt

@@ -2,12 +2,17 @@ package ai.openclaw.app.voice
 
 import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
+import android.annotation.SuppressLint
 import android.content.Context
 import android.content.Intent
 import android.content.pm.PackageManager
 import android.media.AudioAttributes
 import android.media.AudioFocusRequest
+import android.media.AudioFormat
 import android.media.AudioManager
+import android.media.AudioRecord
+import android.media.AudioTrack
+import android.media.MediaRecorder
 import android.os.Bundle
 import android.os.Handler
 import android.os.Looper
@@ -17,6 +22,7 @@ import android.speech.RecognizerIntent
 import android.speech.SpeechRecognizer
 import android.speech.tts.TextToSpeech
 import android.speech.tts.UtteranceProgressListener
+import android.util.Base64
 import android.util.Log
 import androidx.core.content.ContextCompat
 import kotlinx.coroutines.CancellationException
@@ -25,17 +31,23 @@ import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.NonCancellable
+import kotlinx.coroutines.TimeoutCancellationException
+import kotlinx.coroutines.channels.BufferOverflow
+import kotlinx.coroutines.channels.Channel
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.isActive
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
+import kotlinx.coroutines.withTimeout
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonElement
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonObject
+import java.util.LinkedHashMap
 import java.util.Locale
 import java.util.UUID
 import java.util.concurrent.atomic.AtomicLong
@@ -62,6 +74,16 @@ data class TalkPttStopPayload(
     }.toString()
 }
 
+internal data class RealtimeToolRun(
+  val callId: String,
+  val relaySessionId: String,
+)
+
+private data class RealtimeToolCompletion(
+  val state: String,
+  val messageEl: JsonElement?,
+)
+
 class TalkModeManager internal constructor(
   private val context: Context,
   private val scope: CoroutineScope,
@@ -70,15 +92,19 @@ class TalkModeManager internal constructor(
   private val isConnected: () -> Boolean,
   private val onBeforeSpeak: suspend () -> Unit = {},
   private val onAfterSpeak: suspend () -> Unit = {},
+  private val onStoppedByRelay: () -> Unit = {},
   private val talkSpeakClient: TalkSpeechSynthesizing = TalkSpeakClient(session = session),
   private val talkAudioPlayer: TalkAudioPlaying = TalkAudioPlayer(context),
 ) {
   companion object {
     private const val tag = "TalkMode"
+    private const val realtimeSampleRateHz = 24_000
+    private const val realtimeAudioFrameMs = 100
     private const val listenWatchdogMs = 12_000L
     private const val chatFinalWaitWithSubscribeMs = 45_000L
     private const val chatFinalWaitWithoutSubscribeMs = 6_000L
     private const val maxCachedRunCompletions = 128
+    private const val maxConversationEntries = 40
   }
 
   private val mainHandler = Handler(Looper.getMainLooper())
@@ -98,6 +124,9 @@ class TalkModeManager internal constructor(
   private val _lastAssistantText = MutableStateFlow<String?>(null)
   val lastAssistantText: StateFlow<String?> = _lastAssistantText
 
+  private val _conversation = MutableStateFlow<List<VoiceConversationEntry>>(emptyList())
+  val conversation: StateFlow<List<VoiceConversationEntry>> = _conversation
+
   private var recognizer: SpeechRecognizer? = null
   private var restartJob: Job? = null
   private var stopRequested = false
@@ -126,8 +155,29 @@ class TalkModeManager internal constructor(
   private val completedRunTexts = LinkedHashMap<String, String>()
   private var chatSubscribedSessionKey: String? = null
   private var configLoaded = false
+  private var executionMode = TalkModeExecutionMode.Native
+  private val startGeneration = AtomicLong(0L)
 
-  @Volatile private var playbackEnabled = true
+  @Volatile private var realtimeSessionId: String? = null
+  private var realtimeCaptureJob: Job? = null
+  private var realtimeAppendJob: Job? = null
+  private val realtimeToolRuns = LinkedHashMap<String, RealtimeToolRun>()
+  private val pendingRealtimeToolCalls = LinkedHashSet<String>()
+  private val pendingRealtimeToolCompletions = LinkedHashMap<String, RealtimeToolCompletion>()
+  private var realtimeUserEntryId: String? = null
+  private var realtimeAssistantEntryId: String? = null
+  private val realtimePlaybackLock = Any()
+  private var realtimeAudioTrack: AudioTrack? = null
+  private var realtimePlaybackIdleJob: Job? = null
+
+  @Volatile
+  private var realtimePlaybackEndsAtMs = 0L
+
+  @Volatile
+  private var realtimeOutputSuppressed = false
+
+  @Volatile
+  private var playbackEnabled = true
   private val playbackGeneration = AtomicLong(0L)
 
   private var ttsJob: Job? = null
@@ -356,6 +406,10 @@ class TalkModeManager internal constructor(
     event: String,
     payloadJson: String?,
   ) {
+    if (event == "talk.event") {
+      handleRealtimeTalkEvent(payloadJson)
+      return
+    }
     if (ttsOnAllResponses) {
       Log.d(tag, "gateway event: $event")
     }
@@ -379,6 +433,13 @@ class TalkModeManager internal constructor(
     val activeSession = mainSessionKey.ifBlank { "main" }
     if (eventSession != null && eventSession != activeSession) return
 
+    if (maybeCompleteRealtimeToolCall(runId = runId, state = state, messageEl = obj["message"])) {
+      return
+    }
+    if (holdPendingRealtimeToolCompletion(runId = runId, state = state, messageEl = obj["message"])) {
+      return
+    }
+
     // If this is a response we initiated, handle normally below.
     // Otherwise, if ttsOnAllResponses, finish streaming TTS on terminal events.
     val pending = pendingRunId
@@ -423,6 +484,7 @@ class TalkModeManager internal constructor(
     if (playbackEnabled == enabled) return
     playbackEnabled = enabled
     if (!enabled) {
+      stopRealtimePlayback()
       stopSpeaking()
     }
   }
@@ -442,16 +504,43 @@ class TalkModeManager internal constructor(
   }
 
   private fun start() {
-    mainHandler.post {
-      if (_isListening.value) return@post
-      stopRequested = false
-      listeningMode = true
-      Log.d(tag, "start")
+    if (realtimeSessionId != null || realtimeCaptureJob?.isActive == true) return
+    val generation = startGeneration.incrementAndGet()
+    stopRequested = false
+    listeningMode = true
+    Log.d(tag, "start")
+    scope.launch {
+      try {
+        ensureConfigLoaded()
+        if (generation != startGeneration.get() || !_isEnabled.value || stopRequested) return@launch
+        if (executionMode == TalkModeExecutionMode.RealtimeRelay) {
+          startRealtimeRelay(generation)
+        } else {
+          startNativeRecognition(generation)
+        }
+      } catch (err: Throwable) {
+        if (err is CancellationException) return@launch
+        _statusText.value = "Start failed: ${err.message ?: err::class.simpleName}"
+        Log.w(tag, "start failed: ${err.message ?: err::class.simpleName}")
+        if (executionMode == TalkModeExecutionMode.RealtimeRelay) {
+          stopRealtimeRelay(closeSession = false, preserveStatus = true)
+          disableRealtimeModeAndNotifyOwner()
+        }
+      }
+    }
+  }
+
+  private suspend fun startNativeRecognition(generation: Long) {
+    withContext(Dispatchers.Main) {
+      if (generation != startGeneration.get()) return@withContext
+      if (!_isEnabled.value || stopRequested) return@withContext
+      if (_isListening.value) return@withContext
+      Log.d(tag, "start native")
 
       if (!SpeechRecognizer.isRecognitionAvailable(context)) {
         _statusText.value = "Speech recognizer unavailable"
         Log.w(tag, "speech recognizer unavailable")
-        return@post
+        return@withContext
       }
 
       val micOk =
@@ -460,19 +549,14 @@ class TalkModeManager internal constructor(
       if (!micOk) {
         _statusText.value = "Microphone permission required"
         Log.w(tag, "microphone permission required")
-        return@post
+        return@withContext
       }
 
-      try {
-        recognizer?.destroy()
-        recognizer = SpeechRecognizer.createSpeechRecognizer(context).also { it.setRecognitionListener(listener) }
-        startListeningInternal(markListening = true)
-        startSilenceMonitor()
-        Log.d(tag, "listening")
-      } catch (err: Throwable) {
-        _statusText.value = "Start failed: ${err.message ?: err::class.simpleName}"
-        Log.w(tag, "start failed: ${err.message ?: err::class.simpleName}")
-      }
+      recognizer?.destroy()
+      recognizer = SpeechRecognizer.createSpeechRecognizer(context).also { it.setRecognitionListener(listener) }
+      startListeningInternal(markListening = true)
+      startSilenceMonitor()
+      Log.d(tag, "listening")
     }
   }
 
@@ -484,6 +568,7 @@ class TalkModeManager internal constructor(
     pttAutoStopEnabled = false
     pttCompletion?.cancel()
     pttCompletion = null
+    startGeneration.incrementAndGet()
     pttTimeoutJob?.cancel()
     pttTimeoutJob = null
     restartJob?.cancel()
@@ -494,6 +579,7 @@ class TalkModeManager internal constructor(
     lastHeardAtMs = null
     _isListening.value = false
     _statusText.value = "Off"
+    stopRealtimeRelay()
     stopSpeaking()
     chatSubscribedSessionKey = null
     pendingRunId = null
@@ -512,6 +598,565 @@ class TalkModeManager internal constructor(
     shutdownTextToSpeech()
   }
 
+  private suspend fun startRealtimeRelay(generation: Long) {
+    if (!isConnected()) {
+      _statusText.value = "Gateway not connected"
+      Log.w(tag, "realtime start: gateway not connected")
+      disableRealtimeModeAndNotifyOwner()
+      return
+    }
+
+    val micOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) ==
+        PackageManager.PERMISSION_GRANTED
+    if (!micOk) {
+      _statusText.value = "Microphone permission required"
+      Log.w(tag, "realtime start: microphone permission required")
+      disableRealtimeModeAndNotifyOwner()
+      return
+    }
+
+    ensureConfigLoaded()
+    cancelActivePlayback()
+    stopTextToSpeechPlayback()
+    withContext(Dispatchers.Main) {
+      recognizer?.cancel()
+      recognizer?.destroy()
+      recognizer = null
+    }
+
+    _statusText.value = "Connecting…"
+    val params =
+      buildJsonObject {
+        put("sessionKey", JsonPrimitive(mainSessionKey.ifBlank { "main" }))
+        put("mode", JsonPrimitive("realtime"))
+        put("transport", JsonPrimitive("gateway-relay"))
+        put("brain", JsonPrimitive("agent-consult"))
+      }
+    val payload = session.request("talk.session.create", params.toString(), timeoutMs = 15_000)
+    val root = json.parseToJsonElement(payload).asObjectOrNull()
+    val relaySession = root?.get("relaySessionId").asStringOrNull()
+    val sessionId = relaySession ?: root?.get("sessionId").asStringOrNull()
+    if (sessionId.isNullOrBlank()) {
+      throw IllegalStateException("talk.session.create returned no session id")
+    }
+    if (generation != startGeneration.get() || !_isEnabled.value || stopRequested) {
+      closeRealtimeSession(sessionId)
+      throw CancellationException("realtime talk stopped while connecting")
+    }
+
+    realtimeSessionId = sessionId
+    realtimeOutputSuppressed = false
+    _isListening.value = true
+    _statusText.value = "Listening"
+    startRealtimeCapture(sessionId)
+    Log.d(tag, "realtime session started relaySessionId=$sessionId")
+  }
+
+  private fun disableRealtimeModeAndNotifyOwner() {
+    if (!_isEnabled.value) return
+    _isEnabled.value = false
+    _isListening.value = false
+    onStoppedByRelay()
+  }
+
+  private fun failRealtimeRelay(
+    sessionId: String,
+    message: String,
+  ) {
+    if (realtimeSessionId != sessionId) return
+    _statusText.value = "Talk failed: $message"
+    stopRealtimeRelay(cancelCapture = false, cancelAppend = false, preserveStatus = true)
+    disableRealtimeModeAndNotifyOwner()
+  }
+
+  @SuppressLint("MissingPermission")
+  private fun startRealtimeCapture(sessionId: String) {
+    realtimeCaptureJob?.cancel()
+    realtimeAppendJob?.cancel()
+    val audioFrames =
+      Channel<ByteArray>(
+        capacity = 4,
+        onBufferOverflow = BufferOverflow.DROP_OLDEST,
+      )
+    realtimeAppendJob =
+      scope.launch(Dispatchers.IO) {
+        for (frame in audioFrames) {
+          if (realtimeSessionId != sessionId) continue
+          if (isRealtimePlaybackActive()) continue
+          val audioBase64 = Base64.encodeToString(frame, Base64.NO_WRAP)
+          val params =
+            buildJsonObject {
+              put("sessionId", JsonPrimitive(sessionId))
+              put("audioBase64", JsonPrimitive(audioBase64))
+              put("timestamp", JsonPrimitive(SystemClock.elapsedRealtime()))
+            }
+          try {
+            session.sendRequestFrame(
+              "talk.session.appendAudio",
+              params.toString(),
+              timeoutMs = 8_000,
+            ) { error ->
+              Log.w(tag, "realtime appendAudio failed: ${error.message}")
+              failRealtimeRelay(sessionId, error.message)
+            }
+          } catch (err: Throwable) {
+            if (err is CancellationException) throw err
+            Log.w(tag, "realtime appendAudio failed: ${err.message ?: err::class.simpleName}")
+            failRealtimeRelay(sessionId, err.message ?: err::class.simpleName ?: "request failed")
+          }
+        }
+      }
+    realtimeCaptureJob =
+      scope.launch(Dispatchers.IO) {
+        var audioRecord: AudioRecord? = null
+        try {
+          val frameBytes = realtimeSampleRateHz * 2 * realtimeAudioFrameMs / 1000
+          val minBuffer =
+            AudioRecord.getMinBufferSize(
+              realtimeSampleRateHz,
+              AudioFormat.CHANNEL_IN_MONO,
+              AudioFormat.ENCODING_PCM_16BIT,
+            )
+          if (minBuffer <= 0) {
+            throw IllegalStateException("AudioRecord buffer unavailable")
+          }
+          audioRecord =
+            AudioRecord
+              .Builder()
+              .setAudioSource(MediaRecorder.AudioSource.VOICE_RECOGNITION)
+              .setAudioFormat(
+                AudioFormat
+                  .Builder()
+                  .setEncoding(AudioFormat.ENCODING_PCM_16BIT)
+                  .setSampleRate(realtimeSampleRateHz)
+                  .setChannelMask(AudioFormat.CHANNEL_IN_MONO)
+                  .build(),
+              ).setBufferSizeInBytes(maxOf(minBuffer, frameBytes * 4))
+              .build()
+          val buffer = ByteArray(frameBytes)
+          audioRecord.startRecording()
+          while (coroutineContext.isActive && _isEnabled.value && realtimeSessionId == sessionId) {
+            val read = audioRecord.read(buffer, 0, buffer.size)
+            if (read <= 0) continue
+            if (!shouldAppendRealtimeCapturedFrame(read)) continue
+            audioFrames.trySend(buffer.copyOf(read))
+          }
+        } catch (err: Throwable) {
+          if (err is CancellationException) throw err
+          Log.w(tag, "realtime capture failed: ${err.message ?: err::class.simpleName}")
+          failRealtimeRelay(sessionId, err.message ?: err::class.simpleName ?: "capture failed")
+        } finally {
+          audioFrames.close()
+          audioRecord?.let { record ->
+            try {
+              record.stop()
+            } catch (_: Throwable) {
+            }
+            record.release()
+          }
+        }
+      }
+  }
+
+  private fun shouldAppendRealtimeCapturedFrame(length: Int): Boolean = !isRealtimePlaybackActive() && length > 0
+
+  private fun isRealtimePlaybackActive(): Boolean = _isSpeaking.value || SystemClock.elapsedRealtime() < realtimePlaybackEndsAtMs
+
+  private fun handleRealtimeTalkEvent(payloadJson: String?) {
+    if (payloadJson.isNullOrBlank()) return
+    val obj =
+      try {
+        json.parseToJsonElement(payloadJson).asObjectOrNull()
+      } catch (_: Throwable) {
+        null
+      } ?: return
+    val sessionId = obj["relaySessionId"].asStringOrNull() ?: obj["sessionId"].asStringOrNull()
+    val currentSessionId = realtimeSessionId
+    if (currentSessionId == null || sessionId != currentSessionId) return
+
+    when (val type = obj["type"].asStringOrNull()) {
+      "ready" -> {
+        _isListening.value = true
+        _statusText.value = "Listening"
+      }
+      "inputAudio" -> {
+        _isListening.value = true
+      }
+      "audio" -> {
+        if (realtimeOutputSuppressed) return
+        val audioBase64 = obj["audioBase64"].asStringOrNull() ?: return
+        val bytes =
+          try {
+            Base64.decode(audioBase64, Base64.DEFAULT)
+          } catch (err: Throwable) {
+            Log.w(tag, "realtime audio decode failed: ${err.message ?: err::class.simpleName}")
+            return
+          }
+        playRealtimeAudio(bytes)
+      }
+      "clear" -> stopRealtimePlayback()
+      "mark" -> Unit
+      "transcript" -> {
+        val role = obj["role"].asStringOrNull()
+        val text = obj["text"].asStringOrNull()?.trim().orEmpty()
+        val isFinal = obj["final"].asBooleanOrNull() == true
+        if (text.isNotEmpty()) {
+          when (role) {
+            "user" -> upsertRealtimeConversation(VoiceConversationRole.User, text, isFinal)
+            "assistant" -> upsertRealtimeConversation(VoiceConversationRole.Assistant, text, isFinal)
+          }
+        }
+        if (role == "assistant" && text.isNotEmpty()) {
+          _lastAssistantText.value = text
+        }
+        if (isFinal && role == "user") {
+          realtimeOutputSuppressed = false
+          _statusText.value = "Thinking…"
+        } else if (isFinal && role == "assistant") {
+          scheduleRealtimePlaybackIdle()
+        }
+      }
+      "toolCall" -> {
+        val callId = obj["callId"].asStringOrNull() ?: return
+        val name = obj["name"].asStringOrNull() ?: return
+        handleRealtimeToolCall(
+          callId = callId,
+          name = name,
+          args = obj["args"],
+        )
+      }
+      "toolResult" -> Unit
+      "error" -> {
+        val message = obj["message"].asStringOrNull() ?: "realtime talk error"
+        _statusText.value = "Talk failed: $message"
+        Log.w(tag, "realtime error: $message")
+      }
+      "close" -> {
+        Log.d(tag, "realtime close reason=${obj["reason"].asStringOrNull()}")
+        stopRealtimeRelay(closeSession = false)
+        if (_isEnabled.value) {
+          _isEnabled.value = false
+          _statusText.value = "Off"
+          onStoppedByRelay()
+        }
+      }
+      else -> {
+        if (type != null) Log.d(tag, "ignored realtime event type=$type")
+      }
+    }
+  }
+
+  private fun playRealtimeAudio(bytes: ByteArray) {
+    if (!playbackEnabled || realtimeOutputSuppressed || bytes.isEmpty()) return
+    synchronized(realtimePlaybackLock) {
+      val track =
+        realtimeAudioTrack ?: run {
+          val minBuffer =
+            AudioTrack.getMinBufferSize(
+              realtimeSampleRateHz,
+              AudioFormat.CHANNEL_OUT_MONO,
+              AudioFormat.ENCODING_PCM_16BIT,
+            )
+          val created =
+            AudioTrack
+              .Builder()
+              .setAudioAttributes(
+                AudioAttributes
+                  .Builder()
+                  .setUsage(AudioAttributes.USAGE_MEDIA)
+                  .setContentType(AudioAttributes.CONTENT_TYPE_SPEECH)
+                  .build(),
+              ).setAudioFormat(
+                AudioFormat
+                  .Builder()
+                  .setEncoding(AudioFormat.ENCODING_PCM_16BIT)
+                  .setSampleRate(realtimeSampleRateHz)
+                  .setChannelMask(AudioFormat.CHANNEL_OUT_MONO)
+                  .build(),
+              ).setTransferMode(AudioTrack.MODE_STREAM)
+              .setBufferSizeInBytes(maxOf(minBuffer, bytes.size * 4))
+              .build()
+          created.play()
+          realtimeAudioTrack = created
+          created
+        }
+      _isSpeaking.value = true
+      _statusText.value = "Speaking…"
+      track.write(bytes, 0, bytes.size)
+      val durationMs = ((bytes.size / 2.0) / realtimeSampleRateHz * 1000.0).toLong()
+      val now = SystemClock.elapsedRealtime()
+      realtimePlaybackEndsAtMs = maxOf(now, realtimePlaybackEndsAtMs) + durationMs
+      scheduleRealtimePlaybackIdle()
+    }
+  }
+
+  private fun scheduleRealtimePlaybackIdle() {
+    realtimePlaybackIdleJob?.cancel()
+    val delayMs = maxOf(0L, realtimePlaybackEndsAtMs - SystemClock.elapsedRealtime())
+    realtimePlaybackIdleJob =
+      scope.launch {
+        delay(delayMs)
+        val idle =
+          synchronized(realtimePlaybackLock) {
+            val playbackIdle = SystemClock.elapsedRealtime() >= realtimePlaybackEndsAtMs
+            if (playbackIdle) _isSpeaking.value = false
+            playbackIdle
+          }
+        if (idle && _isEnabled.value && realtimeSessionId != null) {
+          _statusText.value = "Listening"
+        }
+      }
+  }
+
+  private fun stopRealtimePlayback() {
+    realtimePlaybackIdleJob?.cancel()
+    realtimePlaybackIdleJob = null
+    realtimePlaybackEndsAtMs = 0L
+    synchronized(realtimePlaybackLock) {
+      realtimeAudioTrack?.let { track ->
+        try {
+          track.pause()
+          track.flush()
+          track.stop()
+        } catch (_: Throwable) {
+        }
+        track.release()
+      }
+      realtimeAudioTrack = null
+    }
+    _isSpeaking.value = false
+    if (_isEnabled.value) {
+      _statusText.value = "Listening"
+    }
+  }
+
+  private fun stopRealtimeRelay(
+    closeSession: Boolean = true,
+    cancelCapture: Boolean = true,
+    cancelAppend: Boolean = true,
+    preserveStatus: Boolean = false,
+  ) {
+    val status = _statusText.value
+    val sessionId = realtimeSessionId
+    realtimeSessionId = null
+    realtimeOutputSuppressed = false
+    if (cancelCapture) {
+      realtimeCaptureJob?.cancel()
+    }
+    if (cancelAppend) {
+      realtimeAppendJob?.cancel()
+    }
+    realtimeCaptureJob = null
+    realtimeAppendJob = null
+    realtimeToolRuns.clear()
+    pendingRealtimeToolCalls.clear()
+    pendingRealtimeToolCompletions.clear()
+    realtimeUserEntryId = null
+    realtimeAssistantEntryId = null
+    stopRealtimePlayback()
+    if (preserveStatus) {
+      _statusText.value = status
+    }
+    _isListening.value = false
+    if (closeSession && !sessionId.isNullOrBlank()) {
+      scope.launch {
+        closeRealtimeSession(sessionId)
+      }
+    }
+  }
+
+  private suspend fun closeRealtimeSession(sessionId: String) {
+    try {
+      val params = buildJsonObject { put("sessionId", JsonPrimitive(sessionId)) }
+      session.request("talk.session.close", params.toString(), timeoutMs = 5_000)
+    } catch (err: Throwable) {
+      if (err !is CancellationException) {
+        Log.d(tag, "realtime close ignored: ${err.message ?: err::class.simpleName}")
+      }
+    }
+  }
+
+  private fun handleRealtimeToolCall(
+    callId: String,
+    name: String,
+    args: JsonElement?,
+  ) {
+    val relaySessionId = realtimeSessionId ?: return
+    pendingRealtimeToolCalls.add(callId)
+    scope.launch {
+      try {
+        val params =
+          buildJsonObject {
+            put("sessionKey", JsonPrimitive(mainSessionKey.ifBlank { "main" }))
+            put("callId", JsonPrimitive(callId))
+            put("name", JsonPrimitive(name))
+            put("relaySessionId", JsonPrimitive(relaySessionId))
+            if (args != null) put("args", args)
+          }
+        val response =
+          session.request("talk.client.toolCall", params.toString(), timeoutMs = 15_000)
+        val runId = parseRunId(response)
+        if (!runId.isNullOrBlank()) {
+          if (realtimeSessionId != relaySessionId) return@launch
+          realtimeToolRuns[runId] =
+            RealtimeToolRun(callId = callId, relaySessionId = relaySessionId)
+          val completion = pendingRealtimeToolCompletions.remove(runId)
+          if (completion != null) {
+            maybeCompleteRealtimeToolCall(
+              runId = runId,
+              state = completion.state,
+              messageEl = completion.messageEl,
+            )
+          } else {
+            _statusText.value = "Thinking…"
+          }
+        } else {
+          submitRealtimeToolError(callId, "tool call returned no run id", relaySessionId)
+        }
+      } catch (err: Throwable) {
+        if (err is CancellationException) throw err
+        Log.w(tag, "realtime toolCall failed: ${err.message ?: err::class.simpleName}")
+        submitRealtimeToolError(callId, err.message ?: "tool call failed", relaySessionId)
+      } finally {
+        pendingRealtimeToolCalls.remove(callId)
+      }
+    }
+  }
+
+  private fun holdPendingRealtimeToolCompletion(
+    runId: String,
+    state: String,
+    messageEl: JsonElement?,
+  ): Boolean {
+    if (realtimeSessionId == null || pendingRealtimeToolCalls.isEmpty()) return false
+    if (state != "final" && state != "aborted" && state != "error") return false
+    pendingRealtimeToolCompletions[runId] =
+      RealtimeToolCompletion(state = state, messageEl = messageEl)
+    return true
+  }
+
+  private fun maybeCompleteRealtimeToolCall(
+    runId: String,
+    state: String,
+    messageEl: JsonElement?,
+  ): Boolean {
+    val toolRun = realtimeToolRuns[runId] ?: return false
+    if (toolRun.relaySessionId != realtimeSessionId) {
+      realtimeToolRuns.remove(runId)
+      return true
+    }
+    when (state) {
+      "final" -> {
+        realtimeToolRuns.remove(runId)
+        val text = extractTextFromChatEventMessage(messageEl).orEmpty()
+        scope.launch {
+          submitRealtimeToolResult(
+            callId = toolRun.callId,
+            result = buildJsonObject { put("text", JsonPrimitive(text)) },
+            sessionId = toolRun.relaySessionId,
+          )
+        }
+        return true
+      }
+      "aborted", "error" -> {
+        realtimeToolRuns.remove(runId)
+        scope.launch {
+          submitRealtimeToolError(toolRun.callId, state, toolRun.relaySessionId)
+        }
+        return true
+      }
+    }
+    return false
+  }
+
+  private suspend fun submitRealtimeToolError(
+    callId: String,
+    message: String,
+    sessionId: String? = realtimeSessionId,
+  ) {
+    submitRealtimeToolResult(
+      callId = callId,
+      result = buildJsonObject { put("error", JsonPrimitive(message)) },
+      sessionId = sessionId,
+    )
+  }
+
+  private suspend fun submitRealtimeToolResult(
+    callId: String,
+    result: JsonObject,
+    sessionId: String? = realtimeSessionId,
+  ) {
+    val activeSessionId = sessionId ?: return
+    val params =
+      buildJsonObject {
+        put("sessionId", JsonPrimitive(activeSessionId))
+        put("callId", JsonPrimitive(callId))
+        put("result", result)
+      }
+    try {
+      session.request("talk.session.submitToolResult", params.toString(), timeoutMs = 15_000)
+    } catch (err: Throwable) {
+      if (err is CancellationException) throw err
+      Log.w(tag, "realtime submitToolResult failed: ${err.message ?: err::class.simpleName}")
+    }
+  }
+
+  private fun upsertRealtimeConversation(
+    role: VoiceConversationRole,
+    text: String,
+    isFinal: Boolean,
+  ) {
+    val entryId =
+      when (role) {
+        VoiceConversationRole.User -> realtimeUserEntryId
+        VoiceConversationRole.Assistant -> realtimeAssistantEntryId
+      }
+    val resolvedEntryId =
+      if (entryId == null) {
+        appendConversation(role = role, text = text, isStreaming = !isFinal)
+      } else {
+        updateConversationEntry(id = entryId, text = text, isStreaming = !isFinal)
+        entryId
+      }
+    when (role) {
+      VoiceConversationRole.User -> realtimeUserEntryId = if (isFinal) null else resolvedEntryId
+      VoiceConversationRole.Assistant -> realtimeAssistantEntryId = if (isFinal) null else resolvedEntryId
+    }
+  }
+
+  private fun appendConversation(
+    role: VoiceConversationRole,
+    text: String,
+    isStreaming: Boolean,
+  ): String {
+    val id = UUID.randomUUID().toString()
+    _conversation.value =
+      (_conversation.value + VoiceConversationEntry(id = id, role = role, text = text, isStreaming = isStreaming))
+        .takeLast(maxConversationEntries)
+    return id
+  }
+
+  private fun updateConversationEntry(
+    id: String,
+    text: String,
+    isStreaming: Boolean,
+  ) {
+    val current = _conversation.value
+    val targetIndex =
+      when {
+        current.isEmpty() -> -1
+        current[current.lastIndex].id == id -> current.lastIndex
+        else -> current.indexOfFirst { it.id == id }
+      }
+    if (targetIndex < 0) return
+    val entry = current[targetIndex]
+    if (entry.text == text && entry.isStreaming == isStreaming) return
+    val updated = current.toMutableList()
+    updated[targetIndex] = entry.copy(text = text, isStreaming = isStreaming)
+    _conversation.value = updated
+  }
+
   private fun startListeningInternal(markListening: Boolean) {
     val r = recognizer ?: return
     val intent =
@@ -522,8 +1167,8 @@ class TalkModeManager internal constructor(
         putExtra(RecognizerIntent.EXTRA_CALLING_PACKAGE, context.packageName)
         // Use cloud recognition — it handles natural speech and pauses better
         // than on-device which cuts off aggressively after short silences.
-        putExtra(RecognizerIntent.EXTRA_SPEECH_INPUT_COMPLETE_SILENCE_LENGTH_MILLIS, 2500L)
-        putExtra(RecognizerIntent.EXTRA_SPEECH_INPUT_POSSIBLY_COMPLETE_SILENCE_LENGTH_MILLIS, 1800L)
+        putExtra(RecognizerIntent.EXTRA_SPEECH_INPUT_COMPLETE_SILENCE_LENGTH_MILLIS, 2500)
+        putExtra(RecognizerIntent.EXTRA_SPEECH_INPUT_POSSIBLY_COMPLETE_SILENCE_LENGTH_MILLIS, 1800)
       }
 
     if (markListening) {
@@ -762,7 +1407,7 @@ class TalkModeManager internal constructor(
     }
   }
 
-  private suspend fun waitForChatFinal(runId: String): Boolean {
+  internal suspend fun waitForChatFinal(runId: String): Boolean {
     consumeRunCompletion(runId)?.let { return it }
     val deferred =
       if (pendingRunId == runId) {
@@ -773,13 +1418,12 @@ class TalkModeManager internal constructor(
 
     consumeRunCompletion(runId)?.let { return it }
 
+    val timeoutMs = if (supportsChatSubscribe) chatFinalWaitWithSubscribeMs else chatFinalWaitWithoutSubscribeMs
     val result =
-      withContext(Dispatchers.IO) {
-        try {
-          kotlinx.coroutines.withTimeout(120_000) { deferred.await() }
-        } catch (_: Throwable) {
-          false
-        }
+      try {
+        withTimeout(timeoutMs) { deferred.await() }
+      } catch (_: TimeoutCancellationException) {
+        false
       }
 
     if (!result && pendingRunId == runId) {
@@ -1077,11 +1721,32 @@ class TalkModeManager internal constructor(
   }
 
   fun stopTts() {
+    realtimeOutputSuppressed = true
+    stopRealtimePlayback()
+    cancelRealtimeOutput(reason = "android-stop-tts")
     stopSpeaking(resetInterrupt = true)
     _isSpeaking.value = false
     _statusText.value = "Listening"
   }
 
+  private fun cancelRealtimeOutput(reason: String) {
+    val sessionId = realtimeSessionId ?: return
+    scope.launch {
+      try {
+        val params =
+          buildJsonObject {
+            put("sessionId", JsonPrimitive(sessionId))
+            put("reason", JsonPrimitive(reason))
+          }
+        session.request("talk.session.cancelOutput", params.toString(), timeoutMs = 5_000)
+      } catch (err: Throwable) {
+        if (err !is CancellationException) {
+          Log.d(tag, "realtime cancelOutput ignored: ${err.message ?: err::class.simpleName}")
+        }
+      }
+    }
+  }
+
   private fun stopSpeaking(resetInterrupt: Boolean = true) {
     playbackGeneration.incrementAndGet()
     if (!_isSpeaking.value) {
@@ -1245,9 +1910,11 @@ class TalkModeManager internal constructor(
       val parsed = TalkModeGatewayConfigParser.parse(root?.get("config").asObjectOrNull())
       silenceWindowMs = parsed.silenceTimeoutMs
       parsed.interruptOnSpeech?.let { interruptOnSpeech = it }
+      executionMode = parsed.executionMode
       configLoaded = true
     } catch (_: Throwable) {
       silenceWindowMs = TalkDefaults.defaultSilenceTimeoutMs
+      executionMode = TalkModeExecutionMode.Native
       configLoaded = false
     }
   }

apps/android/app/src/main/java/ai/openclaw/app/voice/VoiceWakeManager.kt

@@ -33,7 +33,7 @@ class VoiceWakeManager(
 
   private var recognizer: SpeechRecognizer? = null
   private var restartJob: Job? = null
-  private var lastDispatched: String? = null
+  private var lastCycleDispatched: String? = null
   private var stopRequested = false
 
   fun setTriggerWords(words: List<String>) {
@@ -110,8 +110,8 @@ class VoiceWakeManager(
 
   private fun handleTranscription(text: String) {
     val command = VoiceWakeCommandExtractor.extractCommand(text, triggerWords) ?: return
-    if (command == lastDispatched) return
-    lastDispatched = command
+    if (command == lastCycleDispatched) return
+    lastCycleDispatched = command
 
     scope.launch { onCommand(command) }
     _statusText.value = "Triggered"
@@ -121,6 +121,7 @@ class VoiceWakeManager(
   private val listener =
     object : RecognitionListener {
       override fun onReadyForSpeech(params: Bundle?) {
+        lastCycleDispatched = null
         _statusText.value = "Listening"
       }
 

apps/android/app/src/test/java/ai/openclaw/app/GatewayBootstrapAuthTest.kt

@@ -10,6 +10,7 @@ import ai.openclaw.app.node.InvokeDispatcher
 import ai.openclaw.app.protocol.OpenClawTalkCommand
 import ai.openclaw.app.voice.TalkModeManager
 import android.Manifest
+import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.runBlocking
 import org.junit.Assert.assertEquals
@@ -64,7 +65,7 @@ class GatewayBootstrapAuthTest {
         storedOperatorToken = "stored-token",
       ),
     )
-    assertFalse(
+    assertTrue(
       shouldConnectOperatorSession(
         NodeRuntime.GatewayConnectAuth(token = null, bootstrapToken = "", password = null),
         storedOperatorToken = null,
@@ -94,6 +95,17 @@ class GatewayBootstrapAuthTest {
     assertNull(resolved)
   }
 
+  @Test
+  fun resolveOperatorSessionConnectAuthUsesNoAuthWhenGatewayHasNoAuth() {
+    val resolved =
+      resolveOperatorSessionConnectAuth(
+        auth = NodeRuntime.GatewayConnectAuth(token = null, bootstrapToken = null, password = null),
+        storedOperatorToken = null,
+      )
+
+    assertEquals(NodeRuntime.GatewayConnectAuth(token = null, bootstrapToken = null, password = null), resolved)
+  }
+
   @Test
   fun resolveOperatorSessionConnectAuthPrefersExplicitSharedAuth() {
     val resolved =
@@ -153,7 +165,7 @@ class GatewayBootstrapAuthTest {
         NodeRuntime(
           app,
           prefs,
-          tlsFingerprintProbe = { _, _ -> GatewayTlsProbeResult(fingerprintSha256 = "fp-1") },
+          tlsFingerprintProbe = { _, _ -> GatewayTlsProbeResult(fingerprintSha256 = "fp:1") },
         )
       val endpoint = GatewayEndpoint.manual(host = "gateway.example", port = 18789)
       val explicitAuth =
@@ -169,11 +181,93 @@ class GatewayBootstrapAuthTest {
 
       runtime.acceptGatewayTrustPrompt()
 
-      assertEquals("fp-1", prefs.loadGatewayTlsFingerprint(endpoint.stableId))
-      assertEquals("setup-bootstrap-token", desiredBootstrapToken(runtime, "nodeSession"))
+      assertEquals("f1", prefs.loadGatewayTlsFingerprint(endpoint.stableId))
+      assertEquals("setup-bootstrap-token", waitForDesiredBootstrapToken(runtime, "nodeSession"))
       assertNull(desiredBootstrapToken(runtime, "operatorSession"))
     }
 
+  @Test
+  fun connect_promptsBeforeReplacingChangedTlsFingerprint() =
+    runBlocking {
+      val app = RuntimeEnvironment.getApplication()
+      val securePrefs =
+        app.getSharedPreferences(
+          "openclaw.node.secure.test.${UUID.randomUUID()}",
+          android.content.Context.MODE_PRIVATE,
+        )
+      val prefs = SecurePrefs(app, securePrefsOverride = securePrefs)
+      val endpoint = GatewayEndpoint.manual(host = "gateway.example", port = 18789)
+      prefs.saveGatewayTlsFingerprint(endpoint.stableId, "sha256:aa:aa:aa:aa")
+      val runtime =
+        NodeRuntime(
+          app,
+          prefs,
+          tlsFingerprintProbe = { _, _ -> GatewayTlsProbeResult(fingerprintSha256 = "sha256:bb:bb:bb:bb") },
+        )
+
+      runtime.connect(
+        endpoint,
+        NodeRuntime.GatewayConnectAuth(token = "shared-token", bootstrapToken = null, password = null),
+      )
+
+      val prompt = waitForGatewayTrustPrompt(runtime)
+      assertEquals("aaaaaaaa", prompt.previousFingerprintSha256)
+      assertEquals("bbbbbbbb", prompt.fingerprintSha256)
+      assertEquals("sha256:aa:aa:aa:aa", prefs.loadGatewayTlsFingerprint(endpoint.stableId))
+
+      runtime.declineGatewayTrustPrompt()
+
+      assertEquals("sha256:aa:aa:aa:aa", prefs.loadGatewayTlsFingerprint(endpoint.stableId))
+
+      runtime.connect(
+        endpoint,
+        NodeRuntime.GatewayConnectAuth(token = "shared-token", bootstrapToken = null, password = null),
+      )
+      waitForGatewayTrustPrompt(runtime)
+      runtime.acceptGatewayTrustPrompt()
+
+      assertEquals("bbbbbbbb", prefs.loadGatewayTlsFingerprint(endpoint.stableId))
+    }
+
+  @Test
+  fun connect_ignoresStaleTlsProbeAfterDisconnect() =
+    runBlocking {
+      val app = RuntimeEnvironment.getApplication()
+      val securePrefs =
+        app.getSharedPreferences(
+          "openclaw.node.secure.test.${UUID.randomUUID()}",
+          android.content.Context.MODE_PRIVATE,
+        )
+      val prefs = SecurePrefs(app, securePrefsOverride = securePrefs)
+      val endpoint = GatewayEndpoint.manual(host = "gateway.example", port = 18789)
+      prefs.saveGatewayTlsFingerprint(endpoint.stableId, "aaaaaaaa")
+      val probeStarted = CompletableDeferred<Unit>()
+      val probeResult = CompletableDeferred<GatewayTlsProbeResult>()
+      val runtime =
+        NodeRuntime(
+          app,
+          prefs,
+          tlsFingerprintProbe = { _, _ ->
+            probeStarted.complete(Unit)
+            probeResult.await()
+          },
+        )
+
+      runtime.connect(
+        endpoint,
+        NodeRuntime.GatewayConnectAuth(token = "shared-token", bootstrapToken = null, password = null),
+      )
+      probeStarted.await()
+
+      runtime.disconnect()
+      probeResult.complete(GatewayTlsProbeResult(fingerprintSha256 = "aaaaaaaa"))
+      Thread.sleep(100)
+
+      assertNull(runtime.pendingGatewayTrust.value)
+      assertNull(desiredBootstrapToken(runtime, "nodeSession"))
+      assertEquals("aaaaaaaa", prefs.loadGatewayTlsFingerprint(endpoint.stableId))
+    }
+
   @Test
   fun connect_showsSecureEndpointGuidanceWhenTlsProbeFails() {
     val app = RuntimeEnvironment.getApplication()
@@ -269,6 +363,21 @@ class GatewayBootstrapAuthTest {
     return readField(desired, "bootstrapToken")
   }
 
+  private fun waitForDesiredBootstrapToken(
+    runtime: NodeRuntime,
+    sessionFieldName: String,
+  ): String {
+    var lastObserved: String? = null
+    repeat(50) {
+      desiredBootstrapToken(runtime, sessionFieldName)?.let { token ->
+        lastObserved = token
+        return token
+      }
+      Thread.sleep(10)
+    }
+    error("Expected desired bootstrap token for $sessionFieldName; last observed=$lastObserved")
+  }
+
   private fun <T> readField(
     target: Any,
     name: String,

apps/android/app/src/test/java/ai/openclaw/app/PermissionRequesterTest.kt

@@ -0,0 +1,129 @@
+package ai.openclaw.app
+
+import android.Manifest
+import androidx.activity.ComponentActivity
+import androidx.activity.result.ActivityResultLauncher
+import androidx.activity.result.contract.ActivityResultContract
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.core.app.ActivityOptionsCompat
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.TimeoutCancellationException
+import kotlinx.coroutines.async
+import kotlinx.coroutines.test.StandardTestDispatcher
+import kotlinx.coroutines.test.advanceTimeBy
+import kotlinx.coroutines.test.resetMain
+import kotlinx.coroutines.test.runCurrent
+import kotlinx.coroutines.test.runTest
+import kotlinx.coroutines.test.setMain
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.Robolectric
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.annotation.Config
+
+@RunWith(RobolectricTestRunner::class)
+@Config(sdk = [34])
+class PermissionRequesterTest {
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun timedOutRequestCallbackDoesNotCompleteNextRequest() =
+    runTest {
+      Dispatchers.setMain(StandardTestDispatcher(testScheduler))
+      val launchers = mutableListOf<FakePermissionLauncher>()
+      val requester =
+        PermissionRequester(activity()) { callback ->
+          FakePermissionLauncher(callback).also { launchers += it }
+        }
+
+      try {
+        val first = async { requester.requestIfMissing(listOf(Manifest.permission.CAMERA), timeoutMs = 10) }
+        runCurrent()
+        advanceTimeBy(11)
+        runCurrent()
+
+        assertTrue(first.isCompleted)
+        assertTrue(first.getCompletionExceptionOrNull() is TimeoutCancellationException)
+        assertEquals(listOf(listOf(Manifest.permission.CAMERA)), launchers[0].launches)
+
+        val second = async { requester.requestIfMissing(listOf(Manifest.permission.CAMERA), timeoutMs = 1_000) }
+        runCurrent()
+        assertEquals(listOf(listOf(Manifest.permission.CAMERA)), launchers[1].launches)
+
+        launchers[0].deliver(mapOf(Manifest.permission.CAMERA to false))
+        runCurrent()
+
+        assertFalse(second.isCompleted)
+
+        launchers[1].deliver(mapOf(Manifest.permission.CAMERA to true))
+        runCurrent()
+
+        assertEquals(mapOf(Manifest.permission.CAMERA to true), second.await())
+      } finally {
+        Dispatchers.resetMain()
+      }
+    }
+
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun timedOutRequestWithoutCallbackDoesNotBlockNextRequest() =
+    runTest {
+      Dispatchers.setMain(StandardTestDispatcher(testScheduler))
+      val launchers = mutableListOf<FakePermissionLauncher>()
+      val requester =
+        PermissionRequester(activity()) { callback ->
+          FakePermissionLauncher(callback).also { launchers += it }
+        }
+
+      try {
+        val first = async { requester.requestIfMissing(listOf(Manifest.permission.CAMERA), timeoutMs = 10) }
+        runCurrent()
+        advanceTimeBy(11)
+        runCurrent()
+
+        assertTrue(first.isCompleted)
+        assertTrue(first.getCompletionExceptionOrNull() is TimeoutCancellationException)
+
+        val second = async { requester.requestIfMissing(listOf(Manifest.permission.CAMERA), timeoutMs = 1_000) }
+        runCurrent()
+
+        assertEquals(listOf(listOf(Manifest.permission.CAMERA)), launchers[1].launches)
+
+        launchers[1].deliver(mapOf(Manifest.permission.CAMERA to true))
+        runCurrent()
+
+        assertEquals(mapOf(Manifest.permission.CAMERA to true), second.await())
+      } finally {
+        Dispatchers.resetMain()
+      }
+    }
+
+  private fun activity(): ComponentActivity =
+    Robolectric
+      .buildActivity(ComponentActivity::class.java)
+      .setup()
+      .get()
+}
+
+private class FakePermissionLauncher(
+  private val callback: (Map<String, Boolean>) -> Unit,
+) : ActivityResultLauncher<Array<String>>() {
+  val launches = mutableListOf<List<String>>()
+  override val contract: ActivityResultContract<Array<String>, *> = ActivityResultContracts.RequestMultiplePermissions()
+
+  override fun launch(
+    input: Array<String>,
+    options: ActivityOptionsCompat?,
+  ) {
+    launches += input.toList()
+  }
+
+  override fun unregister() {}
+
+  fun deliver(result: Map<String, Boolean>) {
+    callback(result)
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionReconnectTest.kt

@@ -1,10 +1,129 @@
 package ai.openclaw.app.gateway
 
+import kotlinx.coroutines.CompletableDeferred
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.SupervisorJob
+import kotlinx.coroutines.cancelAndJoin
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withTimeout
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.jsonObject
+import kotlinx.serialization.json.jsonPrimitive
+import okhttp3.Response
+import okhttp3.WebSocket
+import okhttp3.WebSocketListener
+import okhttp3.mockwebserver.Dispatcher
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import okhttp3.mockwebserver.RecordedRequest
+import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
 import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+import org.robolectric.annotation.Config
+import java.util.concurrent.ConcurrentLinkedQueue
 
+private const val LIFECYCLE_TEST_TIMEOUT_MS = 8_000L
+private const val LIFECYCLE_CONNECT_CHALLENGE_FRAME =
+  """{"type":"event","event":"connect.challenge","payload":{"nonce":"android-test-nonce"}}"""
+
+private class ReconnectDeviceAuthStore : DeviceAuthTokenStore {
+  override fun loadEntry(
+    deviceId: String,
+    role: String,
+  ): DeviceAuthEntry? = null
+
+  override fun saveToken(
+    deviceId: String,
+    role: String,
+    token: String,
+    scopes: List<String>,
+  ) = Unit
+
+  override fun clearToken(
+    deviceId: String,
+    role: String,
+  ) = Unit
+}
+
+private data class ReconnectHarness(
+  val session: GatewaySession,
+  val sessionJob: Job,
+)
+
+private data class ReconnectServer(
+  val server: MockWebServer,
+  val sockets: ConcurrentLinkedQueue<WebSocket>,
+) {
+  val port: Int
+    get() = server.port
+
+  val requestCount: Int
+    get() = server.requestCount
+
+  fun shutdown() {
+    sockets.forEach { runCatching { it.cancel() } }
+    runCatching { server.shutdown() }
+      .onFailure { err ->
+        if (err.message != "Gave up waiting for queue to shut down") throw err
+      }
+  }
+}
+
+@RunWith(RobolectricTestRunner::class)
+@Config(sdk = [34])
 class GatewaySessionReconnectTest {
+  @Test
+  fun connectToNewGatewayClosesActiveConnectionAndStartsReplacement() =
+    runBlocking {
+      val json = Json { ignoreUnknownKeys = true }
+      val firstConnect = CompletableDeferred<Unit>()
+      val firstClosed = CompletableDeferred<Unit>()
+      val secondConnect = CompletableDeferred<Unit>()
+      val secondClosed = CompletableDeferred<Unit>()
+      val firstServer =
+        startGatewayServer(
+          json = json,
+          onClosed = { firstClosed.complete(Unit) },
+        ) { webSocket, id, method ->
+          if (method == "connect") {
+            firstConnect.complete(Unit)
+            webSocket.send(connectResponseFrame(id))
+          }
+        }
+      val secondServer =
+        startGatewayServer(
+          json = json,
+          onClosed = { secondClosed.complete(Unit) },
+        ) { webSocket, id, method ->
+          if (method == "connect") {
+            secondConnect.complete(Unit)
+            webSocket.send(connectResponseFrame(id))
+          }
+        }
+      val harness = createReconnectHarness()
+
+      try {
+        connectNodeSession(harness.session, firstServer.port)
+        withTimeout(LIFECYCLE_TEST_TIMEOUT_MS) { firstConnect.await() }
+
+        connectNodeSession(harness.session, secondServer.port)
+
+        withTimeout(LIFECYCLE_TEST_TIMEOUT_MS) { firstClosed.await() }
+        withTimeout(LIFECYCLE_TEST_TIMEOUT_MS) { secondConnect.await() }
+        assertEquals(1, secondServer.requestCount)
+        harness.session.disconnect()
+        withTimeout(LIFECYCLE_TEST_TIMEOUT_MS) { secondClosed.await() }
+      } finally {
+        shutdownReconnectHarness(harness, firstServer, secondServer)
+      }
+    }
+
   @Test
   fun bootstrapNodePairingRequiredKeepsReconnectActive() {
     val error =
@@ -113,4 +232,125 @@ class GatewaySessionReconnectTest {
       ),
     )
   }
+
+  private fun createReconnectHarness(): ReconnectHarness {
+    val app = RuntimeEnvironment.getApplication()
+    val sessionJob = SupervisorJob()
+    val session =
+      GatewaySession(
+        scope = CoroutineScope(sessionJob + Dispatchers.Default),
+        identityStore = DeviceIdentityStore(app),
+        deviceAuthStore = ReconnectDeviceAuthStore(),
+        onConnected = { _, _, _ -> },
+        onDisconnected = { _ -> },
+        onEvent = { _, _ -> },
+        onInvoke = { GatewaySession.InvokeResult.ok("""{"handled":true}""") },
+      )
+    return ReconnectHarness(session = session, sessionJob = sessionJob)
+  }
+
+  private suspend fun connectNodeSession(
+    session: GatewaySession,
+    port: Int,
+  ) {
+    session.connect(
+      endpoint =
+        GatewayEndpoint(
+          stableId = "manual|127.0.0.1|$port",
+          name = "test",
+          host = "127.0.0.1",
+          port = port,
+          tlsEnabled = false,
+        ),
+      token = "test-token",
+      bootstrapToken = null,
+      password = null,
+      options =
+        GatewayConnectOptions(
+          role = "node",
+          scopes = listOf("node:invoke"),
+          caps = emptyList(),
+          commands = emptyList(),
+          permissions = emptyMap(),
+          client =
+            GatewayClientInfo(
+              id = "openclaw-android-test",
+              displayName = "Android Test",
+              version = "1.0.0-test",
+              platform = "android",
+              mode = "node",
+              instanceId = "android-test-instance",
+              deviceFamily = "android",
+              modelIdentifier = "test",
+            ),
+        ),
+      tls = null,
+    )
+  }
+
+  private suspend fun shutdownReconnectHarness(
+    harness: ReconnectHarness,
+    vararg servers: ReconnectServer,
+  ) {
+    harness.session.disconnect()
+    harness.sessionJob.cancelAndJoin()
+    servers.forEach { it.shutdown() }
+  }
+
+  private fun connectResponseFrame(id: String): String = """{"type":"res","id":"$id","ok":true,"payload":{"snapshot":{"sessionDefaults":{"mainSessionKey":"main"}}}}"""
+
+  private fun startGatewayServer(
+    json: Json,
+    onClosed: () -> Unit = {},
+    onRequestFrame: (webSocket: WebSocket, id: String, method: String) -> Unit,
+  ): ReconnectServer {
+    val sockets = ConcurrentLinkedQueue<WebSocket>()
+    val server =
+      MockWebServer().apply {
+        dispatcher =
+          object : Dispatcher() {
+            override fun dispatch(request: RecordedRequest): MockResponse =
+              MockResponse().withWebSocketUpgrade(
+                object : WebSocketListener() {
+                  override fun onOpen(
+                    webSocket: WebSocket,
+                    response: Response,
+                  ) {
+                    sockets += webSocket
+                    webSocket.send(LIFECYCLE_CONNECT_CHALLENGE_FRAME)
+                  }
+
+                  override fun onMessage(
+                    webSocket: WebSocket,
+                    text: String,
+                  ) {
+                    val frame = json.parseToJsonElement(text).jsonObject
+                    if (frame["type"]?.jsonPrimitive?.content != "req") return
+                    val id = frame["id"]?.jsonPrimitive?.content ?: return
+                    val method = frame["method"]?.jsonPrimitive?.content ?: return
+                    onRequestFrame(webSocket, id, method)
+                  }
+
+                  override fun onClosing(
+                    webSocket: WebSocket,
+                    code: Int,
+                    reason: String,
+                  ) {
+                    onClosed()
+                  }
+
+                  override fun onClosed(
+                    webSocket: WebSocket,
+                    code: Int,
+                    reason: String,
+                  ) {
+                    onClosed()
+                  }
+                },
+              )
+          }
+        start()
+      }
+    return ReconnectServer(server = server, sockets = sockets)
+  }
 }

apps/android/app/src/test/java/ai/openclaw/app/node/JpegSizeLimiterTest.kt

@@ -44,4 +44,27 @@ class JpegSizeLimiterTest {
     assertEquals(600, result.height)
     assertEquals(90, result.quality)
   }
+
+  @Test
+  fun triesFinalScaledImageBeforeFailing() {
+    val result =
+      JpegSizeLimiter.compressToLimit(
+        initialWidth = 1000,
+        initialHeight = 800,
+        startQuality = 90,
+        maxBytes = 100,
+        minSize = 1,
+        scaleStep = 0.5,
+        maxScaleAttempts = 1,
+        maxQualityAttempts = 1,
+        encode = { width, _, _ ->
+          if (width == 500) ByteArray(80) else ByteArray(120)
+        },
+      )
+
+    assertEquals(500, result.width)
+    assertEquals(400, result.height)
+    assertEquals(90, result.quality)
+    assertEquals(80, result.bytes.size)
+  }
 }

apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt

@@ -268,6 +268,14 @@ class GatewayConfigResolverTest {
     assertEquals(GatewayEndpointValidationError.INSECURE_REMOTE_URL, parsed.error)
   }
 
+  @Test
+  fun parseGatewayEndpointResultRejectsUnsupportedSchemes() {
+    val parsed = parseGatewayEndpointResult("ftp://gateway.example:21")
+
+    assertNull(parsed.config)
+    assertEquals(GatewayEndpointValidationError.INVALID_URL, parsed.error)
+  }
+
   @Test
   fun parseGatewayEndpointResultFlagsInsecureLanCleartextGateway() {
     val parsed = parseGatewayEndpointResult("ws://192.168.1.20:18789")

apps/android/app/src/test/java/ai/openclaw/app/ui/chat/ChatMarkdownTest.kt

@@ -0,0 +1,75 @@
+package ai.openclaw.app.ui.chat
+
+import androidx.compose.ui.text.LinkAnnotation
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class ChatMarkdownTest {
+  @Test
+  fun bareUrlsCarryClickableUrlAnnotations() {
+    val url = "https://www.amazon.it/GAZEBO-CANOPY-ACCIAIO-BIANCO-IMPERMEABILE/dp/B01G5R9FCK"
+
+    val annotated = buildChatInlineMarkdown("Open $url")
+
+    assertEquals("Open $url", annotated.text)
+    val links = annotated.getLinkAnnotations(0, annotated.length)
+    assertEquals(1, links.size)
+    assertEquals(5, links.single().start)
+    assertEquals(5 + url.length, links.single().end)
+    assertEquals(url, (links.single().item as LinkAnnotation.Url).url)
+  }
+
+  @Test
+  fun markdownLinksUseLabelTextAndDestinationUrl() {
+    val annotated = buildChatInlineMarkdown("Open [docs](https://docs.openclaw.ai/help/testing) now")
+
+    assertEquals("Open docs now", annotated.text)
+    val links = annotated.getLinkAnnotations(0, annotated.length)
+    assertEquals(1, links.size)
+    assertEquals(5, links.single().start)
+    assertEquals(9, links.single().end)
+    assertEquals("https://docs.openclaw.ai/help/testing", (links.single().item as LinkAnnotation.Url).url)
+  }
+
+  @Test
+  fun markdownLinksDropUnsafeDestinations() {
+    listOf(
+      "intent://example/#Intent;scheme=openclaw;end",
+      "file:///sdcard/Download/x",
+      "content://downloads/public_downloads/1",
+      "tel:+15551234567",
+      "javascript:alert(1)",
+    ).forEach { destination ->
+      val annotated = buildChatInlineMarkdown("Open [settings]($destination)")
+
+      assertEquals("Open settings", annotated.text)
+      assertTrue(annotated.getLinkAnnotations(0, annotated.length).isEmpty())
+    }
+  }
+
+  @Test
+  fun plainTextDoesNotAddLinkAnnotations() {
+    val annotated = buildChatInlineMarkdown("No link here")
+
+    assertEquals("No link here", annotated.text)
+    assertTrue(annotated.getLinkAnnotations(0, annotated.length).isEmpty())
+  }
+
+  @Test
+  fun parseDataImageDestinationAcceptsBoundedPayloads() {
+    val parsed = parseDataImageDestination("data:image/png;base64,QUJD")
+
+    assertEquals(ParsedDataImage(mimeType = "image/png", base64 = "QUJD"), parsed)
+  }
+
+  @Test
+  fun parseDataImageDestinationRejectsOversizedPayloads() {
+    val oversized = "A".repeat(CHAT_IMAGE_MAX_BASE64_CHARS + 1)
+
+    val parsed = parseDataImageDestination("data:image/png;base64,$oversized")
+
+    assertNull(parsed)
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/voice/MicCaptureManagerTest.kt

@@ -0,0 +1,263 @@
+package ai.openclaw.app.voice
+
+import android.Manifest
+import kotlinx.coroutines.CancellationException
+import kotlinx.coroutines.CompletableDeferred
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.test.advanceUntilIdle
+import kotlinx.coroutines.test.runCurrent
+import kotlinx.coroutines.test.runTest
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+import org.robolectric.Shadows.shadowOf
+import org.robolectric.annotation.Config
+
+@RunWith(RobolectricTestRunner::class)
+@Config(sdk = [34])
+class MicCaptureManagerTest {
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun transcriptionFinalQueuesGatewayMessage() =
+    runTest {
+      val sentMessages = mutableListOf<String>()
+      val manager =
+        createManager(
+          scope = this,
+          sendToGateway = { message, onRunIdKnown ->
+            sentMessages += message
+            onRunIdKnown("run-1")
+            null
+          },
+        )
+
+      setPrivateField(manager, "transcriptionSessionId", "transcription-1")
+      manager.onGatewayConnectionChanged(true)
+      manager.handleGatewayEvent(
+        "talk.event",
+        """{"transcriptionSessionId":"transcription-1","type":"partial","text":"hello"}""",
+      )
+      manager.handleGatewayEvent(
+        "talk.event",
+        """{"transcriptionSessionId":"transcription-1","type":"transcript","text":"hello world","final":true}""",
+      )
+      runCurrent()
+      manager.handleGatewayEvent("chat", chatFinalPayload(runId = "run-1", text = "reply"))
+      advanceUntilIdle()
+
+      assertNull(manager.liveTranscript.value)
+      assertEquals(listOf("hello world"), sentMessages)
+      val conversation = manager.conversation.value.first()
+      assertEquals(VoiceConversationRole.User, conversation.role)
+      assertEquals("hello world", conversation.text)
+    }
+
+  @Test
+  fun transcriptionErrorDisablesMic() {
+    val manager = createManager()
+
+    setPrivateField(manager, "transcriptionSessionId", "transcription-1")
+    manager.handleGatewayEvent(
+      "talk.event",
+      """{"transcriptionSessionId":"transcription-1","type":"error","message":"provider unavailable"}""",
+    )
+
+    assertEquals(false, manager.micEnabled.value)
+    assertEquals("Transcription failed: provider unavailable", manager.statusText.value)
+  }
+
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun punctuationOnlyTranscriptDoesNotSendTurn() =
+    runTest {
+      val sentMessages = mutableListOf<String>()
+      val manager =
+        createManager(
+          scope = this,
+          sendToGateway = { message, onRunIdKnown ->
+            sentMessages += message
+            onRunIdKnown("run-1")
+            "run-1"
+          },
+        )
+
+      setPrivateField(manager, "transcriptionSessionId", "transcription-1")
+      manager.onGatewayConnectionChanged(true)
+      manager.handleGatewayEvent(
+        "talk.event",
+        """{"transcriptionSessionId":"transcription-1","type":"transcript","text":".","final":true}""",
+      )
+      advanceUntilIdle()
+
+      assertEquals(emptyList<String>(), sentMessages)
+      assertEquals(emptyList<VoiceConversationEntry>(), manager.conversation.value)
+    }
+
+  @Test
+  fun pcm16FramesAreEncodedAsPcmuFrames() {
+    val manager = createManager()
+    val method = manager.javaClass.getDeclaredMethod("pcm16ToPcmu", ByteArray::class.java)
+    method.isAccessible = true
+
+    val encoded = method.invoke(manager, byteArrayOf(0, 0, 0, 0)) as ByteArray
+
+    assertEquals(2, encoded.size)
+    assertEquals(0xff.toByte(), encoded[0])
+    assertEquals(0xff.toByte(), encoded[1])
+  }
+
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun disablingMicDuringSessionCreateClosesReturnedSession() =
+    runTest {
+      val createdSession = CompletableDeferred<String>()
+      val closedSessions = mutableListOf<String>()
+      val manager =
+        createManager(
+          scope = this,
+          createTranscriptionSession = { createdSession.await() },
+          closeTranscriptionSession = { sessionId -> closedSessions += sessionId },
+        )
+
+      manager.onGatewayConnectionChanged(true)
+      manager.setMicEnabled(true)
+      manager.setMicEnabled(false)
+      createdSession.complete("transcription-1")
+      advanceUntilIdle()
+
+      assertEquals(listOf("transcription-1"), closedSessions)
+      assertEquals(false, manager.isListening.value)
+    }
+
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun disablingMicKeepsSessionOpenForFinalTranscript() =
+    runTest {
+      val manager = createManager(scope = this)
+
+      setPrivateMutableStateFlowValue(manager, "_micEnabled", true)
+      setPrivateField(manager, "transcriptionSessionId", "transcription-1")
+      manager.setMicEnabled(false)
+      manager.handleGatewayEvent(
+        "talk.event",
+        """{"transcriptionSessionId":"transcription-1","type":"transcript","text":"testing testing 1 2 3","final":true}""",
+      )
+      runCurrent()
+
+      assertEquals(
+        "testing testing 1 2 3",
+        manager.conversation.value
+          .single()
+          .text,
+      )
+      assertEquals("transcription-1", privateField<String?>(manager, "transcriptionSessionId"))
+      privateField<Job?>(manager, "transcriptionDrainJob")?.cancel()
+    }
+
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun reconnectRestartsAfterPendingCreateCancellation() =
+    runTest {
+      val firstCreate = CompletableDeferred<String>()
+      val secondCreate = CompletableDeferred<String>()
+      var createCalls = 0
+      val manager =
+        createManager(
+          scope = this,
+          createTranscriptionSession = {
+            createCalls += 1
+            if (createCalls == 1) firstCreate.await() else secondCreate.await()
+          },
+        )
+
+      manager.onGatewayConnectionChanged(true)
+      manager.setMicEnabled(true)
+      runCurrent()
+      manager.onGatewayConnectionChanged(false)
+      manager.onGatewayConnectionChanged(true)
+      firstCreate.completeExceptionally(CancellationException("connection closed"))
+      runCurrent()
+
+      assertEquals(2, createCalls)
+      assertEquals(true, manager.micEnabled.value)
+      manager.setMicEnabled(false)
+      secondCreate.completeExceptionally(CancellationException("test complete"))
+      runCurrent()
+    }
+
+  private fun createManager(
+    scope: CoroutineScope = CoroutineScope(Dispatchers.Unconfined),
+    createTranscriptionSession: suspend () -> String = { "transcription-1" },
+    closeTranscriptionSession: suspend (String) -> Unit = { _ -> },
+    sendToGateway: suspend (String, (String) -> Unit) -> String? = { _, onRunIdKnown ->
+      onRunIdKnown("run-1")
+      "run-1"
+    },
+  ): MicCaptureManager =
+    MicCaptureManager(
+      context =
+        RuntimeEnvironment.getApplication().also { app ->
+          shadowOf(app).grantPermissions(Manifest.permission.RECORD_AUDIO)
+        },
+      scope = scope,
+      createTranscriptionSession = createTranscriptionSession,
+      appendTranscriptionAudio = { _, _, _ -> },
+      closeTranscriptionSession = closeTranscriptionSession,
+      sendToGateway = sendToGateway,
+    )
+
+  private fun setPrivateField(
+    target: Any,
+    name: String,
+    value: Any?,
+  ) {
+    val field = target.javaClass.getDeclaredField(name)
+    field.isAccessible = true
+    field.set(target, value)
+  }
+
+  @Suppress("UNCHECKED_CAST")
+  private fun setPrivateMutableStateFlowValue(
+    target: Any,
+    name: String,
+    value: Boolean,
+  ) {
+    val field = target.javaClass.getDeclaredField(name)
+    field.isAccessible = true
+    (field.get(target) as MutableStateFlow<Boolean>).value = value
+  }
+
+  @Suppress("UNCHECKED_CAST")
+  private fun <T> privateField(
+    target: Any,
+    name: String,
+  ): T {
+    val field = target.javaClass.getDeclaredField(name)
+    field.isAccessible = true
+    return field.get(target) as T
+  }
+
+  private fun chatFinalPayload(
+    runId: String,
+    text: String,
+  ): String =
+    """
+    {
+      "runId": "$runId",
+      "state": "final",
+      "message": {
+        "role": "assistant",
+        "content": [
+          { "type": "text", "text": "$text" }
+        ]
+      }
+    }
+    """.trimIndent()
+}

apps/android/app/src/test/java/ai/openclaw/app/voice/TalkModeConfigParsingTest.kt

@@ -62,4 +62,37 @@ class TalkModeConfigParsingTest {
       TalkModeGatewayConfigParser.resolvedSilenceTimeoutMs(talk),
     )
   }
+
+  @Test
+  fun defaultsToNativeTalkMode() {
+    val talk =
+      buildJsonObject {
+        put("realtime", buildJsonObject { put("transport", "webrtc") })
+      }
+
+    assertEquals(
+      TalkModeExecutionMode.Native,
+      TalkModeGatewayConfigParser.resolvedExecutionMode(talk),
+    )
+  }
+
+  @Test
+  fun usesRealtimeRelayWhenGatewayRelayIsConfigured() {
+    val talk =
+      buildJsonObject {
+        put(
+          "realtime",
+          buildJsonObject {
+            put("mode", "realtime")
+            put("transport", "gateway-relay")
+            put("brain", "agent-consult")
+          },
+        )
+      }
+
+    assertEquals(
+      TalkModeExecutionMode.RealtimeRelay,
+      TalkModeGatewayConfigParser.resolvedExecutionMode(talk),
+    )
+  }
 }

apps/android/app/src/test/java/ai/openclaw/app/voice/TalkModeManagerTest.kt

@@ -4,12 +4,16 @@ import ai.openclaw.app.gateway.DeviceAuthEntry
 import ai.openclaw.app.gateway.DeviceAuthTokenStore
 import ai.openclaw.app.gateway.DeviceIdentityStore
 import ai.openclaw.app.gateway.GatewaySession
+import android.os.SystemClock
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.ExperimentalCoroutinesApi
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.SupervisorJob
 import kotlinx.coroutines.launch
+import kotlinx.coroutines.test.advanceUntilIdle
+import kotlinx.coroutines.test.currentTime
 import kotlinx.coroutines.test.runTest
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
@@ -19,6 +23,7 @@ import org.junit.runner.RunWith
 import org.robolectric.RobolectricTestRunner
 import org.robolectric.RuntimeEnvironment
 import org.robolectric.annotation.Config
+import java.util.concurrent.atomic.AtomicBoolean
 import java.util.concurrent.atomic.AtomicLong
 
 @RunWith(RobolectricTestRunner::class)
@@ -91,6 +96,87 @@ class TalkModeManagerTest {
     assertEquals(0L, playbackGeneration(manager).get())
   }
 
+  @Test
+  fun realtimeToolFinalDoesNotUseAllResponseTts() {
+    val manager = createManager()
+
+    manager.ttsOnAllResponses = true
+    setPrivateField(manager, "realtimeSessionId", "relay-1")
+    realtimeToolRuns(manager)["run-tool"] =
+      RealtimeToolRun(callId = "call-1", relaySessionId = "relay-1")
+
+    manager.handleGatewayEvent("chat", chatFinalPayload(runId = "run-tool", text = "tool result"))
+
+    assertEquals(0L, playbackGeneration(manager).get())
+    assertTrue(realtimeToolRuns(manager).isEmpty())
+  }
+
+  @Test
+  fun realtimeTranscriptsPopulateVoiceConversation() {
+    val manager = createManager()
+
+    setPrivateField(manager, "realtimeSessionId", "relay-1")
+
+    manager.handleGatewayEvent("talk.event", realtimeTranscriptPayload(role = "user", text = "hello"))
+    manager.handleGatewayEvent("talk.event", realtimeTranscriptPayload(role = "user", text = "hello world", final = true))
+    manager.handleGatewayEvent("talk.event", realtimeTranscriptPayload(role = "assistant", text = "hi"))
+    manager.handleGatewayEvent("talk.event", realtimeTranscriptPayload(role = "assistant", text = "hi there", final = true))
+
+    assertEquals(
+      listOf(
+        VoiceConversationEntry(
+          id = manager.conversation.value[0].id,
+          role = VoiceConversationRole.User,
+          text = "hello world",
+        ),
+        VoiceConversationEntry(
+          id = manager.conversation.value[1].id,
+          role = VoiceConversationRole.Assistant,
+          text = "hi there",
+        ),
+      ),
+      manager.conversation.value,
+    )
+  }
+
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun realtimeStartWithoutGatewayTurnsTalkOff() =
+    runTest {
+      val stoppedByRelay = AtomicBoolean(false)
+      val manager =
+        createManager(
+          scope = this,
+          isConnected = { false },
+          onStoppedByRelay = { stoppedByRelay.set(true) },
+        )
+
+      setPrivateField(manager, "executionMode", TalkModeExecutionMode.RealtimeRelay)
+      setPrivateField(manager, "configLoaded", true)
+      manager.setEnabled(true)
+      advanceUntilIdle()
+
+      assertFalse(manager.isEnabled.value)
+      assertFalse(manager.isListening.value)
+      assertEquals("Gateway not connected", manager.statusText.value)
+      assertTrue(stoppedByRelay.get())
+    }
+
+  @Test
+  fun staleRealtimeToolFinalDoesNotUseAllResponseTts() {
+    val manager = createManager()
+
+    manager.ttsOnAllResponses = true
+    setPrivateField(manager, "realtimeSessionId", "relay-2")
+    realtimeToolRuns(manager)["run-tool"] =
+      RealtimeToolRun(callId = "call-1", relaySessionId = "relay-1")
+
+    manager.handleGatewayEvent("chat", chatFinalPayload(runId = "run-tool", text = "stale result"))
+
+    assertEquals(0L, playbackGeneration(manager).get())
+    assertTrue(realtimeToolRuns(manager).isEmpty())
+  }
+
   @Test
   fun textReadyDoesNotEnterSpeakingUntilAudioPlaybackStarts() =
     runTest {
@@ -125,9 +211,43 @@ class TalkModeManagerTest {
       job.join()
     }
 
+  @Test
+  fun realtimeAudioFramesStreamUntilPlaybackStarts() {
+    val manager = createManager()
+
+    assertFalse(shouldAppendRealtimeCapturedFrame(manager, 0))
+    assertTrue(shouldAppendRealtimeCapturedFrame(manager, 16))
+    assertTrue(shouldAppendRealtimeCapturedFrame(manager, 4_800))
+
+    setPrivateField(manager, "realtimePlaybackEndsAtMs", SystemClock.elapsedRealtime() + 1_000)
+
+    assertFalse(shouldAppendRealtimeCapturedFrame(manager, 4_800))
+
+    setPrivateField(manager, "realtimePlaybackEndsAtMs", SystemClock.elapsedRealtime() - 1)
+
+    assertTrue(shouldAppendRealtimeCapturedFrame(manager, 4_800))
+  }
+
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun chatFinalWaitWithoutSubscribeUsesShortTimeout() =
+    runTest {
+      val manager = createManager(scope = this, supportsChatSubscribe = false)
+
+      setPrivateField(manager, "pendingRunId", "run-missing-final")
+      setPrivateField(manager, "pendingFinal", CompletableDeferred<Boolean>())
+
+      assertFalse(manager.waitForChatFinal("run-missing-final"))
+      assertEquals(6_000, currentTime)
+    }
+
   private fun createManager(
     talkSpeakClient: TalkSpeechSynthesizing = TalkSpeakClient(),
     talkAudioPlayer: TalkAudioPlaying? = null,
+    scope: CoroutineScope = CoroutineScope(SupervisorJob() + Dispatchers.Default),
+    supportsChatSubscribe: Boolean = false,
+    isConnected: () -> Boolean = { true },
+    onStoppedByRelay: () -> Unit = {},
   ): TalkModeManager {
     val app = RuntimeEnvironment.getApplication()
     val sessionJob = SupervisorJob()
@@ -142,17 +262,21 @@ class TalkModeManagerTest {
       )
     return TalkModeManager(
       context = app,
-      scope = CoroutineScope(SupervisorJob() + Dispatchers.Default),
+      scope = scope,
       session = session,
-      supportsChatSubscribe = false,
-      isConnected = { true },
+      supportsChatSubscribe = supportsChatSubscribe,
+      isConnected = isConnected,
+      onStoppedByRelay = onStoppedByRelay,
       talkSpeakClient = talkSpeakClient,
       talkAudioPlayer = talkAudioPlayer ?: TalkAudioPlayer(app),
     )
   }
 
   @Suppress("UNCHECKED_CAST")
-  private fun playbackGeneration(manager: TalkModeManager): AtomicLong = readPrivateField(manager, "playbackGeneration") as AtomicLong
+  private fun playbackGeneration(manager: TalkModeManager) = readPrivateField(manager, "playbackGeneration") as AtomicLong
+
+  @Suppress("UNCHECKED_CAST")
+  private fun realtimeToolRuns(manager: TalkModeManager) = readPrivateField(manager, "realtimeToolRuns") as MutableMap<String, RealtimeToolRun>
 
   private fun setPrivateField(
     target: Any,
@@ -173,6 +297,19 @@ class TalkModeManagerTest {
     return field.get(target)
   }
 
+  private fun shouldAppendRealtimeCapturedFrame(
+    manager: TalkModeManager,
+    length: Int,
+  ): Boolean {
+    val method =
+      manager.javaClass.getDeclaredMethod(
+        "shouldAppendRealtimeCapturedFrame",
+        Int::class.javaPrimitiveType,
+      )
+    method.isAccessible = true
+    return method.invoke(manager, length) as Boolean
+  }
+
   private fun chatFinalPayload(
     runId: String,
     text: String,
@@ -191,6 +328,21 @@ class TalkModeManagerTest {
       }
     }
     """.trimIndent()
+
+  private fun realtimeTranscriptPayload(
+    role: String,
+    text: String,
+    final: Boolean = false,
+  ): String =
+    """
+    {
+      "relaySessionId": "relay-1",
+      "type": "transcript",
+      "role": "$role",
+      "text": "$text",
+      "final": $final
+    }
+    """.trimIndent()
 }
 
 private class FakeTalkSpeechSynthesizer : TalkSpeechSynthesizing {

apps/android/app/src/test/java/ai/openclaw/app/voice/VoiceWakeManagerTest.kt

@@ -0,0 +1,55 @@
+package ai.openclaw.app.voice
+
+import android.os.Bundle
+import android.speech.RecognitionListener
+import android.speech.SpeechRecognizer
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.test.advanceUntilIdle
+import kotlinx.coroutines.test.runTest
+import org.junit.Assert.assertEquals
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+import org.robolectric.annotation.Config
+
+@RunWith(RobolectricTestRunner::class)
+@Config(sdk = [34])
+class VoiceWakeManagerTest {
+  @Test
+  @OptIn(ExperimentalCoroutinesApi::class)
+  fun repeatedCommandDispatchesInNewRecognitionCycle() =
+    runTest {
+      val commands = mutableListOf<String>()
+      val manager =
+        VoiceWakeManager(
+          context = RuntimeEnvironment.getApplication(),
+          scope = this,
+          onCommand = { command -> commands += command },
+        )
+      manager.setTriggerWords(listOf("claude"))
+      val listener = recognitionListener(manager)
+
+      listener.onReadyForSpeech(null)
+      listener.onPartialResults(recognitionResults("claude take a photo"))
+      listener.onResults(recognitionResults("claude take a photo"))
+      advanceUntilIdle()
+
+      listener.onReadyForSpeech(null)
+      listener.onResults(recognitionResults("claude take a photo"))
+      advanceUntilIdle()
+
+      assertEquals(listOf("take a photo", "take a photo"), commands)
+    }
+
+  private fun recognitionResults(text: String): Bundle =
+    Bundle().apply {
+      putStringArrayList(SpeechRecognizer.RESULTS_RECOGNITION, arrayListOf(text))
+    }
+
+  private fun recognitionListener(manager: VoiceWakeManager): RecognitionListener {
+    val field = VoiceWakeManager::class.java.getDeclaredField("listener")
+    field.isAccessible = true
+    return field.get(manager) as RecognitionListener
+  }
+}

apps/android/app/src/testThirdParty/java/ai/openclaw/app/node/CallLogHandlerTest.kt

@@ -1,6 +1,7 @@
 package ai.openclaw.app.node
 
 import android.content.Context
+import android.provider.CallLog
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.jsonArray
 import kotlinx.serialization.json.jsonObject
@@ -246,6 +247,13 @@ class CallLogHandlerTest : NodeHandlerRobolectricTest() {
     assertEquals(0, source.lastRequest?.offset)
   }
 
+  @Test
+  fun callLogLikeFiltersEscapeWildcards() {
+    assertEquals("${CallLog.Calls.CACHED_NAME} LIKE ? ESCAPE '\\'", buildCallLogCachedNameLikeSelection())
+    assertEquals("${CallLog.Calls.NUMBER} LIKE ? ESCAPE '\\'", buildCallLogNumberLikeSelection())
+    assertEquals("%a\\%b\\_c\\\\d%", buildCallLogLikeArg("a%b_c\\d"))
+  }
+
   @Test
   fun handleCallLogSearch_mapsSearchFailuresToUnavailable() {
     val handler =

apps/android/app/src/thirdParty/java/ai/openclaw/app/node/CallLogHandler.kt

@@ -69,13 +69,13 @@ private object SystemCallLogDataSource : CallLogDataSource {
     val selectionArgs = mutableListOf<String>()
 
     request.cachedName?.let {
-      selections.add("${CallLog.Calls.CACHED_NAME} LIKE ?")
-      selectionArgs.add("%$it%")
+      selections.add(buildCallLogCachedNameLikeSelection())
+      selectionArgs.add(buildCallLogLikeArg(it))
     }
 
     request.number?.let {
-      selections.add("${CallLog.Calls.NUMBER} LIKE ?")
-      selectionArgs.add("%$it%")
+      selections.add(buildCallLogNumberLikeSelection())
+      selectionArgs.add(buildCallLogLikeArg(it))
     }
 
     // Support time range query
@@ -149,6 +149,25 @@ private object SystemCallLogDataSource : CallLogDataSource {
   }
 }
 
+internal fun escapeCallLogSqlLikeLiteral(value: String): String =
+  buildString(value.length) {
+    for (ch in value) {
+      when (ch) {
+        '\\', '%', '_' -> {
+          append('\\')
+          append(ch)
+        }
+        else -> append(ch)
+      }
+    }
+  }
+
+internal fun buildCallLogCachedNameLikeSelection(): String = "${CallLog.Calls.CACHED_NAME} LIKE ? ESCAPE '\\'"
+
+internal fun buildCallLogNumberLikeSelection(): String = "${CallLog.Calls.NUMBER} LIKE ? ESCAPE '\\'"
+
+internal fun buildCallLogLikeArg(value: String): String = "%${escapeCallLogSqlLikeLiteral(value)}%"
+
 class CallLogHandler private constructor(
   private val appContext: Context,
   private val dataSource: CallLogDataSource,

apps/ios/ActivityWidget/OpenClawLiveActivity.swift

@@ -13,8 +13,9 @@ struct OpenClawLiveActivity: Widget {
                 }
                 DynamicIslandExpandedRegion(.center) {
                     Text(context.state.statusText)
-                        .font(.subheadline)
+                        .font(.subheadline.weight(.semibold))
                         .lineLimit(1)
+                        .minimumScaleFactor(0.8)
                 }
                 DynamicIslandExpandedRegion(.trailing) {
                     self.trailingView(state: context.state)
@@ -22,10 +23,7 @@ struct OpenClawLiveActivity: Widget {
             } compactLeading: {
                 self.statusDot(state: context.state)
             } compactTrailing: {
-                Text(context.state.statusText)
-                    .font(.caption2)
-                    .lineLimit(1)
-                    .frame(maxWidth: 64)
+                self.compactStatusIcon(state: context.state)
             } minimal: {
                 self.statusDot(state: context.state)
             }
@@ -33,39 +31,32 @@ struct OpenClawLiveActivity: Widget {
     }
 
     private func lockScreenView(context: ActivityViewContext<OpenClawActivityAttributes>) -> some View {
-        HStack(spacing: 8) {
-            self.statusDot(state: context.state)
-                .frame(width: 10, height: 10)
+        HStack(spacing: 10) {
+            self.statusIcon(state: context.state)
+                .frame(width: 30, height: 30)
+                .background(.thinMaterial, in: Circle())
             VStack(alignment: .leading, spacing: 2) {
                 Text("OpenClaw")
                     .font(.subheadline.bold())
+                    .lineLimit(1)
                 Text(context.state.statusText)
                     .font(.caption)
                     .foregroundStyle(.secondary)
+                    .lineLimit(1)
+                    .minimumScaleFactor(0.8)
             }
             Spacer()
             self.trailingView(state: context.state)
         }
         .padding(.horizontal, 12)
-        .padding(.vertical, 4)
+        .padding(.vertical, 8)
     }
 
     @ViewBuilder
     private func trailingView(state: OpenClawActivityAttributes.ContentState) -> some View {
-        if state.isConnecting {
-            ProgressView().controlSize(.small)
-        } else if state.isDisconnected {
-            Image(systemName: "wifi.slash")
-                .foregroundStyle(.red)
-        } else if state.isIdle {
-            Image(systemName: "antenna.radiowaves.left.and.right")
-                .foregroundStyle(.green)
-        } else {
-            Text(state.startedAt, style: .timer)
-                .font(.caption)
-                .monospacedDigit()
-                .foregroundStyle(.secondary)
-        }
+        self.statusIcon(state: state)
+            .font(.system(size: 16, weight: .semibold))
+            .frame(width: 28, height: 28)
     }
 
     private func statusDot(state: OpenClawActivityAttributes.ContentState) -> some View {
@@ -74,10 +65,34 @@ struct OpenClawLiveActivity: Widget {
             .frame(width: 6, height: 6)
     }
 
+    @ViewBuilder
+    private func compactStatusIcon(state: OpenClawActivityAttributes.ContentState) -> some View {
+        self.statusIcon(state: state)
+            .font(.system(size: 12, weight: .semibold))
+            .frame(width: 18, height: 18)
+    }
+
+    @ViewBuilder
+    private func statusIcon(state: OpenClawActivityAttributes.ContentState) -> some View {
+        if state.isConnecting {
+            Image(systemName: "arrow.triangle.2.circlepath")
+                .foregroundStyle(.cyan)
+        } else if state.isDisconnected {
+            Image(systemName: "wifi.slash")
+                .foregroundStyle(.red)
+        } else if state.isIdle {
+            Image(systemName: "checkmark")
+                .foregroundStyle(.green)
+        } else {
+            Image(systemName: "exclamationmark.triangle.fill")
+                .foregroundStyle(.orange)
+        }
+    }
+
     private func dotColor(state: OpenClawActivityAttributes.ContentState) -> Color {
         if state.isDisconnected { return .red }
-        if state.isConnecting { return .gray }
+        if state.isConnecting { return .cyan }
         if state.isIdle { return .green }
-        return .blue
+        return .orange
     }
 }

apps/ios/CHANGELOG.md

@@ -1,5 +1,13 @@
 # OpenClaw iOS Changelog
 
+## 2026.5.19 - 2026-05-19
+
+Maintenance update for the current OpenClaw release.
+
+## 2026.5.17 - 2026-05-17
+
+Maintenance update for the current OpenClaw release.
+
 ## 2026.5.12 - 2026-05-12
 
 Maintenance update for the current OpenClaw beta release.

apps/ios/Config/Version.xcconfig

@@ -2,8 +2,8 @@
 // Source of truth: apps/ios/version.json
 // Generated by scripts/ios-sync-versioning.ts.
 
-OPENCLAW_IOS_VERSION = 2026.5.16
-OPENCLAW_MARKETING_VERSION = 2026.5.16
+OPENCLAW_IOS_VERSION = 2026.5.19
+OPENCLAW_MARKETING_VERSION = 2026.5.19
 OPENCLAW_BUILD_VERSION = 1
 
 #include? "../build/Version.xcconfig"

apps/ios/Sources/LiveActivity/LiveActivityManager.swift

@@ -8,6 +8,8 @@ final class LiveActivityManager {
     static let shared = LiveActivityManager()
 
     private let logger = Logger(subsystem: "ai.openclaw.ios", category: "LiveActivity")
+    private let connectingStaleSeconds: TimeInterval = 120
+    private let hydrationStaleSeconds: TimeInterval = 300
     private var currentActivity: Activity<OpenClawActivityAttributes>?
     private var activityStartDate: Date = .now
 
@@ -24,11 +26,11 @@ final class LiveActivityManager {
         return true
     }
 
-    func startActivity(agentName: String, sessionKey: String) {
+    func showConnecting(statusText: String = "Connecting...", agentName: String, sessionKey: String) {
         self.hydrateCurrentAndPruneDuplicates()
 
         if self.currentActivity != nil {
-            self.handleConnecting()
+            self.handleConnecting(statusText: statusText)
             return
         }
 
@@ -40,11 +42,14 @@ final class LiveActivityManager {
 
         self.activityStartDate = .now
         let attributes = OpenClawActivityAttributes(agentName: agentName, sessionKey: sessionKey)
+        let state = self.connectingState(statusText: statusText)
 
         do {
             let activity = try Activity.request(
                 attributes: attributes,
-                content: ActivityContent(state: self.connectingState(), staleDate: nil),
+                content: ActivityContent(
+                    state: state,
+                    staleDate: Date().addingTimeInterval(self.connectingStaleSeconds)),
                 pushType: nil)
             self.currentActivity = activity
             self.logger.info("started live activity id=\(activity.id, privacy: .public)")
@@ -53,16 +58,57 @@ final class LiveActivityManager {
         }
     }
 
-    func handleConnecting() {
-        self.updateCurrent(state: self.connectingState())
+    func showAttention(statusText: String, agentName: String, sessionKey: String) {
+        self.hydrateCurrentAndPruneDuplicates()
+
+        if self.currentActivity == nil {
+            let authInfo = ActivityAuthorizationInfo()
+            guard authInfo.areActivitiesEnabled else {
+                self.logger.info("Live Activities disabled; skipping attention state")
+                return
+            }
+            self.activityStartDate = .now
+            let attributes = OpenClawActivityAttributes(agentName: agentName, sessionKey: sessionKey)
+            do {
+                let activity = try Activity.request(
+                    attributes: attributes,
+                    content: ActivityContent(state: self.attentionState(statusText: statusText), staleDate: nil),
+                    pushType: nil)
+                self.currentActivity = activity
+                self.logger.info("started attention live activity id=\(activity.id, privacy: .public)")
+            } catch {
+                self.logger.error(
+                    "failed to start attention live activity: \(error.localizedDescription, privacy: .public)")
+            }
+            return
+        }
+
+        self.updateCurrent(state: self.attentionState(statusText: statusText), staleDate: nil)
+    }
+
+    func handleConnecting(statusText: String = "Connecting...") {
+        self.updateCurrent(
+            state: self.connectingState(statusText: statusText),
+            staleDate: Date().addingTimeInterval(self.connectingStaleSeconds))
     }
 
     func handleReconnect() {
-        self.updateCurrent(state: self.idleState())
+        self.endActivity(reason: "connected")
     }
 
     func handleDisconnect() {
-        self.updateCurrent(state: self.disconnectedState())
+        self.endActivity(reason: "disconnected")
+    }
+
+    func endActivity(reason: String) {
+        guard let activity = self.currentActivity else { return }
+        self.currentActivity = nil
+        self.logger.info("ending live activity reason=\(reason, privacy: .public)")
+        Task {
+            await activity.end(
+                ActivityContent(state: self.disconnectedState(), staleDate: nil),
+                dismissalPolicy: .immediate)
+        }
     }
 
     private func hydrateCurrentAndPruneDuplicates() {
@@ -72,39 +118,71 @@ final class LiveActivityManager {
             return
         }
 
-        let keeper = active.max { lhs, rhs in
+        let now = Date()
+        let candidates = active.filter { activity in
+            let state = activity.content.state
+            guard activity.activityState == .active else { return false }
+            guard !state.isIdle, !state.isDisconnected else { return false }
+            return now.timeIntervalSince(state.startedAt) < self.hydrationStaleSeconds
+        }
+
+        guard !candidates.isEmpty else {
+            self.currentActivity = nil
+            for activity in active {
+                self.end(activity: activity)
+            }
+            return
+        }
+
+        let keeper = candidates.max { lhs, rhs in
             lhs.content.state.startedAt < rhs.content.state.startedAt
-        } ?? active[0]
+        } ?? candidates[0]
 
         self.currentActivity = keeper
         self.activityStartDate = keeper.content.state.startedAt
 
         let stale = active.filter { $0.id != keeper.id }
         for activity in stale {
-            Task {
-                await activity.end(
-                    ActivityContent(state: self.disconnectedState(), staleDate: nil),
-                    dismissalPolicy: .immediate)
-            }
+            self.end(activity: activity)
         }
     }
 
-    private func updateCurrent(state: OpenClawActivityAttributes.ContentState) {
-        guard let activity = self.currentActivity else { return }
+    private func updateCurrent(state: OpenClawActivityAttributes.ContentState, staleDate: Date? = nil) {
+        guard let activity = self.currentActivity, activity.activityState == .active else {
+            self.currentActivity = nil
+            return
+        }
         Task {
-            await activity.update(ActivityContent(state: state, staleDate: nil))
+            await activity.update(ActivityContent(state: state, staleDate: staleDate))
         }
     }
 
-    private func connectingState() -> OpenClawActivityAttributes.ContentState {
+    private func end(activity: Activity<OpenClawActivityAttributes>) {
+        Task {
+            await activity.end(
+                ActivityContent(state: self.disconnectedState(), staleDate: nil),
+                dismissalPolicy: .immediate)
+        }
+    }
+
+    private func connectingState(statusText: String = "Connecting...") -> OpenClawActivityAttributes.ContentState {
         OpenClawActivityAttributes.ContentState(
-            statusText: "Connecting...",
+            statusText: statusText,
             isIdle: false,
             isDisconnected: false,
             isConnecting: true,
             startedAt: self.activityStartDate)
     }
 
+    private func attentionState(statusText: String) -> OpenClawActivityAttributes.ContentState {
+        OpenClawActivityAttributes.ContentState(
+            statusText: statusText,
+            isIdle: false,
+            isDisconnected: false,
+            isConnecting: false,
+            startedAt: self.activityStartDate)
+    }
+
     private func idleState() -> OpenClawActivityAttributes.ContentState {
         OpenClawActivityAttributes.ContentState(
             statusText: "Idle",

apps/ios/Sources/LiveActivity/OpenClawActivityAttributes.swift

@@ -41,5 +41,12 @@ extension OpenClawActivityAttributes.ContentState {
         isDisconnected: true,
         isConnecting: false,
         startedAt: .now)
+
+    static let attention = OpenClawActivityAttributes.ContentState(
+        statusText: "Approval needed",
+        isIdle: false,
+        isDisconnected: false,
+        isConnecting: false,
+        startedAt: .now)
 }
 #endif

apps/ios/Sources/Model/NodeAppModel.swift

@@ -546,6 +546,7 @@ final class NodeAppModel {
                 self.talkMode.updateGatewayConnected(false)
                 if self.isBackgrounded {
                     self.gatewayStatusText = "Background idle"
+                    LiveActivityManager.shared.endActivity(reason: "background_idle")
                     self.gatewayServerName = nil
                     self.gatewayRemoteAddress = nil
                     self.showLocalCanvasOnDisconnect()
@@ -1839,7 +1840,7 @@ extension NodeAppModel {
         self.operatorGatewayTask = nil
         self.voiceWakeSyncTask?.cancel()
         self.voiceWakeSyncTask = nil
-        LiveActivityManager.shared.handleDisconnect()
+        LiveActivityManager.shared.endActivity(reason: "manual_disconnect")
         self.gatewayHealthMonitor.stop()
         Task {
             await self.operatorGateway.disconnect()
@@ -1877,7 +1878,7 @@ extension NodeAppModel {
         self.operatorConnected = false
         self.voiceWakeSyncTask?.cancel()
         self.voiceWakeSyncTask = nil
-        LiveActivityManager.shared.handleDisconnect()
+        LiveActivityManager.shared.endActivity(reason: "new_gateway_connect")
         self.gatewayDefaultAgentId = nil
         self.gatewayAgents = []
         self.selectedAgentId = GatewaySettingsStore.loadGatewaySelectedAgentId(stableID: stableID)
@@ -1908,6 +1909,12 @@ extension NodeAppModel {
             self.gatewayPairingPaused = false
             self.gatewayPairingRequestId = nil
         }
+        if problem.needsPairingApproval || problem.pauseReconnect {
+            LiveActivityManager.shared.showAttention(
+                statusText: problem.needsPairingApproval ? "Approval needed" : "Action required",
+                agentName: self.activeAgentName,
+                sessionKey: self.mainSessionKey)
+        }
     }
 
     private func shouldKeepGatewayProblemStatus(forDisconnectReason reason: String) -> Bool {
@@ -2112,7 +2119,6 @@ extension NodeAppModel {
                             await self.refreshShareRouteFromGateway()
                             await self.registerAPNsTokenIfNeeded()
                             await self.startVoiceWakeSync()
-                            await MainActor.run { LiveActivityManager.shared.handleReconnect() }
                             await MainActor.run { self.startGatewayHealthMonitor() }
                         },
                         onDisconnected: { [weak self] reason in
@@ -2120,7 +2126,7 @@ extension NodeAppModel {
                             await MainActor.run {
                                 self.operatorConnected = false
                                 self.talkMode.updateGatewayConnected(false)
-                                LiveActivityManager.shared.handleDisconnect()
+                                LiveActivityManager.shared.endActivity(reason: "operator_disconnected")
                             }
                             GatewayDiagnostics.log("operator gateway disconnected reason=\(reason)")
                             await MainActor.run { self.stopGatewayHealthMonitor() }
@@ -2186,14 +2192,10 @@ extension NodeAppModel {
                     self.gatewayStatusText = (attempt == 0) ? "Connecting…" : "Reconnecting…"
                     self.gatewayServerName = nil
                     self.gatewayRemoteAddress = nil
-                    let liveActivity = LiveActivityManager.shared
-                    if liveActivity.isActive {
-                        liveActivity.handleConnecting()
-                    } else {
-                        liveActivity.startActivity(
-                            agentName: self.selectedAgentId ?? "main",
-                            sessionKey: self.mainSessionKey)
-                    }
+                    LiveActivityManager.shared.showConnecting(
+                        statusText: (attempt == 0) ? "Connecting..." : "Reconnecting...",
+                        agentName: self.activeAgentName,
+                        sessionKey: self.mainSessionKey)
                 }
 
                 do {
@@ -2220,6 +2222,7 @@ extension NodeAppModel {
                                 self.gatewayConnected = true
                                 self.screen.errorText = nil
                                 UserDefaults.standard.set(true, forKey: "gateway.autoconnect")
+                                LiveActivityManager.shared.handleReconnect()
                             }
                             let usedBootstrapToken =
                                 reconnectAuth.token?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty != false &&
@@ -2360,6 +2363,7 @@ extension NodeAppModel {
             await MainActor.run {
                 self.lastGatewayProblem = nil
                 self.gatewayStatusText = "Offline"
+                LiveActivityManager.shared.endActivity(reason: "gateway_loop_stopped")
                 self.gatewayServerName = nil
                 self.gatewayRemoteAddress = nil
                 self.connectedGatewayID = nil
@@ -3962,7 +3966,7 @@ extension NodeAppModel {
         switch route {
         case let .agent(link):
             await self.handleAgentDeepLink(link, originalURL: url)
-        case .gateway:
+        case .gateway, .dashboard:
             break
         }
     }

apps/ios/fastlane/metadata/en-US/release_notes.txt

@@ -1 +1 @@
-Maintenance update for the current OpenClaw beta release.
+Maintenance update for the current OpenClaw release.

apps/ios/version.json

@@ -1,3 +1,3 @@
 {
-  "version": "2026.5.16"
+  "version": "2026.5.19"
 }

apps/macos/Package.swift

@@ -81,6 +81,7 @@ let package = Package(
             dependencies: [
                 "OpenClawIPC",
                 "OpenClaw",
+                "OpenClawMacCLI",
                 "OpenClawDiscovery",
                 .product(name: "OpenClawProtocol", package: "OpenClawKit"),
                 .product(name: "SwabbleKit", package: "swabble"),

apps/macos/Sources/OpenClaw/AboutSettings.swift

@@ -85,9 +85,7 @@ struct AboutSettings: View {
             Spacer()
         }
         .frame(maxWidth: .infinity, maxHeight: .infinity)
-        .padding(.top, 4)
-        .padding(.horizontal, 24)
-        .padding(.bottom, 24)
+        .settingsDetailContent()
         .onAppear {
             guard let updater, !self.didLoadUpdaterState else { return }
             // Keep Sparkle’s auto-check setting in sync with the persisted toggle.

apps/macos/Sources/OpenClaw/AppNavigationActions.swift

@@ -0,0 +1,49 @@
+import AppKit
+
+@MainActor
+enum AppNavigationActions {
+    static func openDashboard() {
+        NSApp.activate(ignoringOtherApps: true)
+        if DashboardManager.shared.showConfiguredWindowIfPossible() {
+            return
+        }
+        Task { @MainActor in
+            if DashboardManager.shared.showConfiguredWindowIfPossible() {
+                return
+            }
+            do {
+                try await DashboardManager.shared.show()
+            } catch {
+                DashboardManager.shared.showFailure(error)
+            }
+        }
+    }
+
+    static func openChat() {
+        NSApp.activate(ignoringOtherApps: true)
+        Task { @MainActor in
+            let sessionKey = await WebChatManager.shared.preferredSessionKey()
+            WebChatManager.shared.show(sessionKey: sessionKey)
+        }
+    }
+
+    static func toggleCanvas() {
+        NSApp.activate(ignoringOtherApps: true)
+        Task { @MainActor in
+            if AppStateStore.shared.canvasPanelVisible {
+                CanvasManager.shared.hideAll()
+            } else {
+                let sessionKey = await GatewayConnection.shared.mainSessionKey()
+                _ = try? CanvasManager.shared.show(sessionKey: sessionKey, path: nil)
+            }
+        }
+    }
+
+    static func openSettings(tab: SettingsTab = .general) {
+        SettingsTabRouter.request(tab)
+        SettingsWindowOpener.shared.open()
+        DispatchQueue.main.async {
+            NotificationCenter.default.post(name: .openclawSelectSettingsTab, object: tab)
+        }
+    }
+}

apps/macos/Sources/OpenClaw/AppState.swift

@@ -318,7 +318,12 @@ final class AppState {
             self.iconAnimationsEnabled = true
             UserDefaults.standard.set(true, forKey: iconAnimationsEnabledKey)
         }
-        self.showDockIcon = UserDefaults.standard.bool(forKey: showDockIconKey)
+        if let storedShowDockIcon = UserDefaults.standard.object(forKey: showDockIconKey) as? Bool {
+            self.showDockIcon = storedShowDockIcon
+        } else {
+            self.showDockIcon = true
+            UserDefaults.standard.set(true, forKey: showDockIconKey)
+        }
         self.voiceWakeMicID = UserDefaults.standard.string(forKey: voiceWakeMicKey) ?? ""
         self.voiceWakeMicName = UserDefaults.standard.string(forKey: voiceWakeMicNameKey) ?? ""
         self.voiceWakeLocaleID = UserDefaults.standard.string(forKey: voiceWakeLocaleKey) ?? Locale.current.identifier
@@ -358,19 +363,29 @@ final class AppState {
         }
 
         let configRoot = OpenClawConfigFile.loadDict()
-        let configRemoteUrl = GatewayRemoteConfig.resolveUrlString(root: configRoot)
         let configRemoteToken = GatewayRemoteConfig.resolveTokenValue(root: configRoot)
-        let configRemoteTransport = GatewayRemoteConfig.resolveTransport(root: configRoot)
+        let configRemoteResolution = GatewayRemoteConfig.resolveTransportResolution(root: configRoot)
+        let configRemoteTransport = configRemoteResolution.transport
+        let configRemoteUrl = configRemoteResolution.directURL?.absoluteString
+            ?? GatewayRemoteConfig.resolveUrlString(root: configRoot)
         let resolvedConnectionMode = ConnectionModeResolver.resolve(root: configRoot).mode
         self.remoteTransport = configRemoteTransport
         self.connectionMode = resolvedConnectionMode
 
+        let configRemote = (configRoot["gateway"] as? [String: Any])?["remote"] as? [String: Any]
+        let configRemoteTarget = (configRemote?["sshTarget"] as? String)?
+            .trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
         let storedRemoteTarget = UserDefaults.standard.string(forKey: remoteTargetKey) ?? ""
         if resolvedConnectionMode == .remote,
-           configRemoteTransport != .direct,
-           storedRemoteTarget.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty,
-           let host = AppState.remoteHost(from: configRemoteUrl),
-           !LoopbackHost.isLoopbackHost(host)
+           !configRemoteTarget.isEmpty,
+           storedRemoteTarget.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            self.remoteTarget = configRemoteTarget
+        } else if resolvedConnectionMode == .remote,
+                  configRemoteTransport != .direct,
+                  storedRemoteTarget.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty,
+                  let host = AppState.remoteHost(from: configRemoteUrl),
+                  !LoopbackHost.isLoopbackHost(host)
         {
             self.remoteTarget = "\(NSUserName())@\(host)"
         } else {
@@ -380,9 +395,11 @@ final class AppState {
         self.remoteToken = configRemoteToken.textFieldValue
         self.remoteTokenDirty = false
         self.remoteTokenUnsupported = configRemoteToken.isUnsupportedNonString
-        self.remoteIdentity = UserDefaults.standard.string(forKey: remoteIdentityKey) ?? ""
-        self.remoteProjectRoot = UserDefaults.standard.string(forKey: remoteProjectRootKey) ?? ""
-        self.remoteCliPath = UserDefaults.standard.string(forKey: remoteCliPathKey) ?? ""
+        self.remoteIdentity = UserDefaults.standard.string(forKey: remoteIdentityKey)?.nonEmpty
+            ?? configRemote?["sshIdentity"] as? String
+            ?? ""
+        self.remoteProjectRoot = UserDefaults.standard.string(forKey: remoteProjectRootKey)?.nonEmpty ?? ""
+        self.remoteCliPath = UserDefaults.standard.string(forKey: remoteCliPathKey)?.nonEmpty ?? ""
         self.canvasEnabled = UserDefaults.standard.object(forKey: canvasEnabledKey) as? Bool ?? true
         let execDefaults = ExecApprovalsStore.resolveDefaults()
         self.execApprovalMode = ExecApprovalQuickMode.from(security: execDefaults.security, ask: execDefaults.ask)
@@ -517,7 +534,10 @@ final class AppState {
             }
 
         case .ssh:
-            changed = Self.updateGatewayString(&remote, key: "transport", value: nil) || changed
+            changed = Self.updateGatewayString(
+                &remote,
+                key: "transport",
+                value: RemoteTransport.ssh.rawValue) || changed
 
             let sanitizedTarget = Self.sanitizeSSHTarget(draft.remoteTarget)
             let expectedRemoteHost = CommandResolver.parseSSHTarget(sanitizedTarget)?.host ?? draft.remoteHost
@@ -561,7 +581,8 @@ final class AppState {
         let hasRemoteUrl = !(remoteUrl?
             .trimmingCharacters(in: .whitespacesAndNewlines)
             .isEmpty ?? true)
-        let remoteTransport = GatewayRemoteConfig.resolveTransport(root: root)
+        let remoteResolution = GatewayRemoteConfig.resolveTransportResolution(root: root)
+        let remoteTransport = remoteResolution.transport
 
         let desiredMode: ConnectionMode? = switch modeRaw {
         case "local":
@@ -585,7 +606,7 @@ final class AppState {
         if remoteTransport != self.remoteTransport {
             self.remoteTransport = remoteTransport
         }
-        let remoteUrlText = remoteUrl ?? ""
+        let remoteUrlText = remoteResolution.directURL?.absoluteString ?? remoteUrl ?? ""
         if remoteUrlText != self.remoteUrl {
             self.remoteUrl = remoteUrlText
         }

apps/macos/Sources/OpenClaw/CLIInstallPrompter.swift

@@ -26,7 +26,7 @@ final class CLIInstallPrompter {
         case .alertFirstButtonReturn:
             Task { await self.installCLI() }
         case .alertThirdButtonReturn:
-            self.openSettings(tab: .general)
+            self.openSettings(tab: .connection)
         default:
             break
         }