fix(feeds): refresh native search stack

.agents/skills/openclaw-landable-bug-sweep/SKILL.md

@@ -107,9 +107,16 @@ Reject:
 
 ## PR Body Proof
 
-Use the repo PR template. Include authored `## What Problem This Solves` and
-`## Evidence` sections. Keep the body focused on intent and the most useful
-validation evidence; inspect the code, tests, and CI before judging correctness.
+Use the repo PR template. Include these exact labels:
+
+```text
+Behavior addressed:
+Real environment tested:
+Exact steps or command run after this patch:
+Evidence after fix:
+Observed result after fix:
+What was not tested:
+```
 
 ## Existing PR Rules
 

.github/labeler.yml

@@ -322,6 +322,11 @@
       - any-glob-to-any-file:
           - "extensions/policy/**"
           - "docs/cli/policy.md"
+"extensions: feeds":
+  - changed-files:
+      - any-glob-to-any-file:
+          - "extensions/feeds/**"
+          - "docs/plugins/reference/feeds.md"
 "extensions: open-prose":
   - changed-files:
       - any-glob-to-any-file:

.github/pull_request_template.md

@@ -1,57 +1,118 @@
-<!--
-Optional linked context:
-Add a visible `Closes #<issue-number>` or `Related: #<issue-number>` line
-below this comment.
+## Summary
 
-Required PR title:
-type: user-facing description
-Use a parenthesized scope only when it adds clarity:
-fix(auth): login redirect loops when session cookie is expired
+What problem does this PR solve?
 
-Types: feat, fix, improve, refactor, docs, chore.
-For fixes, describe the user-visible symptom and trigger:
-fix: task list fails to load when user has no environments
-Avoid implementation details such as:
-fix: add null check to task query
--->
+Why does this matter now?
 
-## What Problem This Solves
+What is the intended outcome?
 
-<!--
-Describe the concrete user, product, or operational problem.
-For fixes, begin with:
-"Fixes an issue where users <do X> would <experience Y> when <condition>."
-or:
-"Resolves a problem where..."
+What is intentionally out of scope?
 
-Name the affected UI surface or workflow. Do not describe the code-level cause here.
--->
+What does success look like?
 
-## Why This Change Was Made
+What should reviewers focus on?
 
-<!--
-In one or two sentences, explain the complete shipped solution, key design
-decisions, and relevant boundaries or non-goals. Include implementation detail
-only when it helps reviewers understand user-visible behavior or risk.
-Avoid file-by-file narration.
--->
+<details>
+<summary>Summary guidance</summary>
 
-## User Impact
+This PR description is the contributor's durable explanation of the change. Write it for human maintainers first; ClawSweeper and Barnacle use the same text to understand intent, proof, risk, and current review state.
 
-<!--
-State what users, operators, or developers can now do or expect. Lead with the
-concrete benefit and use user-facing language. If there is no user-visible
-impact, say so plainly.
--->
+Describe the intent and outcome in 2-5 bullets. Avoid restating the diff; reviewers and bots can read the changed files.
 
-## Evidence
+If this PR fixes a plugin beta-release blocker, title it `fix(<plugin-id>): beta blocker - <summary>` and link the matching `Beta blocker: <plugin-name> - <summary>` issue labeled `beta-blocker`. Contributors cannot label PRs, so the title is the PR-side signal for maintainers and automation.
 
-<!--
-Show the most useful proof that this change works. Screenshots, screencasts,
-terminal output, focused tests, CI results, live observations, redacted logs,
-and artifact links are all useful. Include before/after evidence for visual
-changes when it clarifies the result.
+</details>
 
-Reviewers will inspect the code, tests, and CI. Use this section to make the
-validation easy to understand, not to restate the diff.
--->
+## Linked context
+
+Which issue does this close?
+
+Closes #
+
+Which issues, PRs, or discussions are related?
+
+Related #
+
+Was this requested by a maintainer or owner?
+
+<details>
+<summary>Linked context guidance</summary>
+
+Link the issue, PR, discussion, maintainer request, or owner request that explains why this PR should exist. Maintainer context helps reviewers and automation distinguish intended work from drive-by churn.
+
+</details>
+
+## Real behavior proof (required for external PRs)
+
+- Behavior or issue addressed:
+- Real environment tested:
+- Exact steps or command run after this patch:
+- Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):
+- Observed result after fix:
+- What was not tested:
+- Proof limitations or environment constraints:
+- Before evidence (optional but encouraged):
+
+<details>
+<summary>Real behavior proof guidance</summary>
+
+External contributors must show after-fix evidence from a real OpenClaw setup. Unit tests, mocks, lint, typechecks, snapshots, and CI are supplemental only.
+
+Screenshots are encouraged even for CLI, console, text, or log changes. Terminal screenshots, copied live output, redacted runtime logs, recordings, and linked artifacts count.
+
+If your environment cannot produce the ideal proof, explain that under `Proof limitations or environment constraints` so reviewers and ClawSweeper can direct the next step properly.
+
+Be mindful of private information like IP addresses, API keys, phone numbers, non-public endpoints, or other private details when providing evidence.
+
+</details>
+
+## Tests and validation
+
+Which commands did you run?
+
+What regression coverage was added or updated?
+
+What failed before this fix, if known?
+
+If no test was added, why not?
+
+<details>
+<summary>Testing guidance</summary>
+
+List focused commands, not every incidental check. CI is useful support, but external PRs still need real behavior proof above when behavior changes.
+
+</details>
+
+## Risk checklist
+
+Did user-visible behavior change? (`Yes/No`)
+
+Did config, environment, or migration behavior change? (`Yes/No`)
+
+Did security, auth, secrets, network, or tool execution behavior change? (`Yes/No`)
+
+What is the highest-risk area?
+
+How is that risk mitigated?
+
+<details>
+<summary>Risk guidance</summary>
+
+Use this for author judgment that is not obvious from the diff. ClawSweeper can see touched files, but it cannot know which behavior you think is risky, why the risk is acceptable, or what mitigation reviewers should verify.
+
+</details>
+
+## Current review state
+
+What is the next action?
+
+What is still waiting on author, maintainer, CI, or external proof?
+
+Which bot or reviewer comments were addressed?
+
+<details>
+<summary>Review state guidance</summary>
+
+Keep this as the durable state for review progress. If useful information appears in comments, fold the current next action or blocker back here so maintainers and ClawSweeper do not need to reconstruct state from comment history.
+
+</details>

.github/workflows/ci-build-artifacts-testbox.yml

@@ -14,10 +14,6 @@ on:
 permissions:
   contents: read
 
-concurrency:
-  group: ${{ github.event_name == 'pull_request' && format('{0}-pr-v1-{1}', github.workflow, github.event.pull_request.number) || format('{0}-manual-v1-{1}', github.workflow, github.run_id) }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
 
@@ -214,49 +210,24 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          BYTEPLUS_API_KEY: ${{ secrets.BYTEPLUS_API_KEY }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
-          DASHSCOPE_API_KEY: ${{ secrets.DASHSCOPE_API_KEY }}
-          FACTORY_API_KEY: ${{ secrets.FACTORY_API_KEY }}
           FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
           GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
           GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
           KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }}
           MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
-          MODELSTUDIO_API_KEY: ${{ secrets.MODELSTUDIO_API_KEY }}
           MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
           MOONSHOT_API_KEY: ${{ secrets.MOONSHOT_API_KEY }}
-          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
-          OPENCODE_ZEN_API_KEY: ${{ secrets.OPENCODE_ZEN_API_KEY }}
-          OPENCLAW_LIVE_BROWSER_CDP_URL: ${{ secrets.OPENCLAW_LIVE_BROWSER_CDP_URL }}
-          OPENCLAW_LIVE_SETUP_TOKEN: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN }}
-          OPENCLAW_LIVE_SETUP_TOKEN_MODEL: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_MODEL }}
-          OPENCLAW_LIVE_SETUP_TOKEN_PROFILE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_PROFILE }}
-          OPENCLAW_LIVE_SETUP_TOKEN_VALUE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_VALUE }}
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
           OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
           QWEN_API_KEY: ${{ secrets.QWEN_API_KEY }}
-          FAL_KEY: ${{ secrets.FAL_KEY }}
-          RUNWAY_API_KEY: ${{ secrets.RUNWAY_API_KEY }}
-          DEEPGRAM_API_KEY: ${{ secrets.DEEPGRAM_API_KEY }}
           TOGETHER_API_KEY: ${{ secrets.TOGETHER_API_KEY }}
-          VYDRA_API_KEY: ${{ secrets.VYDRA_API_KEY }}
           XAI_API_KEY: ${{ secrets.XAI_API_KEY }}
           ZAI_API_KEY: ${{ secrets.ZAI_API_KEY }}
           Z_AI_API_KEY: ${{ secrets.Z_AI_API_KEY }}
-          BYTEPLUS_ACCESS_KEY_ID: ${{ secrets.BYTEPLUS_ACCESS_KEY_ID }}
-          BYTEPLUS_SECRET_ACCESS_KEY: ${{ secrets.BYTEPLUS_SECRET_ACCESS_KEY }}
-          CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          OPENCLAW_CODEX_AUTH_JSON: ${{ secrets.OPENCLAW_CODEX_AUTH_JSON }}
-          OPENCLAW_CODEX_CONFIG_TOML: ${{ secrets.OPENCLAW_CODEX_CONFIG_TOML }}
-          OPENCLAW_CLAUDE_JSON: ${{ secrets.OPENCLAW_CLAUDE_JSON }}
-          OPENCLAW_CLAUDE_CREDENTIALS_JSON: ${{ secrets.OPENCLAW_CLAUDE_CREDENTIALS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON }}
-          OPENCLAW_GEMINI_SETTINGS_JSON: ${{ secrets.OPENCLAW_GEMINI_SETTINGS_JSON }}
         run: bash scripts/ci-hydrate-testbox-env.sh
 
       - name: Run Testbox

.github/workflows/ci-check-arm-testbox.yml

@@ -13,10 +13,6 @@ on:
 permissions:
   contents: read
 
-concurrency:
-  group: ${{ github.event_name == 'pull_request' && format('{0}-pr-v1-{1}', github.workflow, github.event.pull_request.number) || format('{0}-manual-v1-{1}', github.workflow, github.run_id) }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
   PNPM_CONFIG_STORE_DIR: "/tmp/openclaw-pnpm-store"
@@ -132,10 +128,8 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          BYTEPLUS_API_KEY: ${{ secrets.BYTEPLUS_API_KEY }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
-          DASHSCOPE_API_KEY: ${{ secrets.DASHSCOPE_API_KEY }}
           FACTORY_API_KEY: ${{ secrets.FACTORY_API_KEY }}
           FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
@@ -143,38 +137,16 @@ jobs:
           GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
           KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }}
           MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
-          MODELSTUDIO_API_KEY: ${{ secrets.MODELSTUDIO_API_KEY }}
           MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
           MOONSHOT_API_KEY: ${{ secrets.MOONSHOT_API_KEY }}
-          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
-          OPENCODE_ZEN_API_KEY: ${{ secrets.OPENCODE_ZEN_API_KEY }}
-          OPENCLAW_LIVE_BROWSER_CDP_URL: ${{ secrets.OPENCLAW_LIVE_BROWSER_CDP_URL }}
-          OPENCLAW_LIVE_SETUP_TOKEN: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN }}
-          OPENCLAW_LIVE_SETUP_TOKEN_MODEL: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_MODEL }}
-          OPENCLAW_LIVE_SETUP_TOKEN_PROFILE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_PROFILE }}
-          OPENCLAW_LIVE_SETUP_TOKEN_VALUE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_VALUE }}
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
           OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
           QWEN_API_KEY: ${{ secrets.QWEN_API_KEY }}
-          FAL_KEY: ${{ secrets.FAL_KEY }}
-          RUNWAY_API_KEY: ${{ secrets.RUNWAY_API_KEY }}
-          DEEPGRAM_API_KEY: ${{ secrets.DEEPGRAM_API_KEY }}
           TOGETHER_API_KEY: ${{ secrets.TOGETHER_API_KEY }}
-          VYDRA_API_KEY: ${{ secrets.VYDRA_API_KEY }}
           XAI_API_KEY: ${{ secrets.XAI_API_KEY }}
           ZAI_API_KEY: ${{ secrets.ZAI_API_KEY }}
           Z_AI_API_KEY: ${{ secrets.Z_AI_API_KEY }}
-          BYTEPLUS_ACCESS_KEY_ID: ${{ secrets.BYTEPLUS_ACCESS_KEY_ID }}
-          BYTEPLUS_SECRET_ACCESS_KEY: ${{ secrets.BYTEPLUS_SECRET_ACCESS_KEY }}
-          CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          OPENCLAW_CODEX_AUTH_JSON: ${{ secrets.OPENCLAW_CODEX_AUTH_JSON }}
-          OPENCLAW_CODEX_CONFIG_TOML: ${{ secrets.OPENCLAW_CODEX_CONFIG_TOML }}
-          OPENCLAW_CLAUDE_JSON: ${{ secrets.OPENCLAW_CLAUDE_JSON }}
-          OPENCLAW_CLAUDE_CREDENTIALS_JSON: ${{ secrets.OPENCLAW_CLAUDE_CREDENTIALS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON }}
-          OPENCLAW_GEMINI_SETTINGS_JSON: ${{ secrets.OPENCLAW_GEMINI_SETTINGS_JSON }}
         run: bash scripts/ci-hydrate-testbox-env.sh
 
       - name: Run Testbox

.github/workflows/ci-check-testbox.yml

@@ -17,10 +17,6 @@ on:
 permissions:
   contents: read
 
-concurrency:
-  group: ${{ github.event_name == 'pull_request' && format('{0}-pr-v1-{1}', github.workflow, github.event.pull_request.number) || format('{0}-manual-v1-{1}', github.workflow, github.run_id) }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
   PNPM_CONFIG_STORE_DIR: "/tmp/openclaw-pnpm-store"
@@ -121,10 +117,8 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          BYTEPLUS_API_KEY: ${{ secrets.BYTEPLUS_API_KEY }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
-          DASHSCOPE_API_KEY: ${{ secrets.DASHSCOPE_API_KEY }}
           FACTORY_API_KEY: ${{ secrets.FACTORY_API_KEY }}
           FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
@@ -132,38 +126,16 @@ jobs:
           GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
           KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }}
           MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
-          MODELSTUDIO_API_KEY: ${{ secrets.MODELSTUDIO_API_KEY }}
           MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
           MOONSHOT_API_KEY: ${{ secrets.MOONSHOT_API_KEY }}
-          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
-          OPENCODE_ZEN_API_KEY: ${{ secrets.OPENCODE_ZEN_API_KEY }}
-          OPENCLAW_LIVE_BROWSER_CDP_URL: ${{ secrets.OPENCLAW_LIVE_BROWSER_CDP_URL }}
-          OPENCLAW_LIVE_SETUP_TOKEN: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN }}
-          OPENCLAW_LIVE_SETUP_TOKEN_MODEL: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_MODEL }}
-          OPENCLAW_LIVE_SETUP_TOKEN_PROFILE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_PROFILE }}
-          OPENCLAW_LIVE_SETUP_TOKEN_VALUE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_VALUE }}
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
           OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
           QWEN_API_KEY: ${{ secrets.QWEN_API_KEY }}
-          FAL_KEY: ${{ secrets.FAL_KEY }}
-          RUNWAY_API_KEY: ${{ secrets.RUNWAY_API_KEY }}
-          DEEPGRAM_API_KEY: ${{ secrets.DEEPGRAM_API_KEY }}
           TOGETHER_API_KEY: ${{ secrets.TOGETHER_API_KEY }}
-          VYDRA_API_KEY: ${{ secrets.VYDRA_API_KEY }}
           XAI_API_KEY: ${{ secrets.XAI_API_KEY }}
           ZAI_API_KEY: ${{ secrets.ZAI_API_KEY }}
           Z_AI_API_KEY: ${{ secrets.Z_AI_API_KEY }}
-          BYTEPLUS_ACCESS_KEY_ID: ${{ secrets.BYTEPLUS_ACCESS_KEY_ID }}
-          BYTEPLUS_SECRET_ACCESS_KEY: ${{ secrets.BYTEPLUS_SECRET_ACCESS_KEY }}
-          CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          OPENCLAW_CODEX_AUTH_JSON: ${{ secrets.OPENCLAW_CODEX_AUTH_JSON }}
-          OPENCLAW_CODEX_CONFIG_TOML: ${{ secrets.OPENCLAW_CODEX_CONFIG_TOML }}
-          OPENCLAW_CLAUDE_JSON: ${{ secrets.OPENCLAW_CLAUDE_JSON }}
-          OPENCLAW_CLAUDE_CREDENTIALS_JSON: ${{ secrets.OPENCLAW_CLAUDE_CREDENTIALS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON }}
-          OPENCLAW_GEMINI_SETTINGS_JSON: ${{ secrets.OPENCLAW_GEMINI_SETTINGS_JSON }}
         run: bash scripts/ci-hydrate-testbox-env.sh
 
       - name: Run Testbox

.github/workflows/clawsweeper-dispatch.yml

@@ -18,16 +18,15 @@ permissions:
   contents: read
 
 concurrency:
-  group: ${{ github.event_name == 'push' && format('clawsweeper-dispatch-{0}-{1}', github.repository, github.ref) || format('clawsweeper-dispatch-{0}-{1}', github.repository, github.event.issue.number || github.event.pull_request.number || github.run_id) }}
-  cancel-in-progress: ${{ github.event_name == 'push' || github.event.action == 'edited' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review' }}
+  group: clawsweeper-dispatch-${{ github.repository }}-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event.action == 'edited' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review' }}
 
 jobs:
   dispatch:
     runs-on: ubuntu-latest
     if: >-
       ${{
-        (github.event_name != 'issue_comment' ||
-          (github.actor != 'clawsweeper[bot]' && github.actor != 'openclaw-clawsweeper[bot]')) &&
+        github.event_name == 'issue_comment' ||
         !(
           endsWith(github.actor, '[bot]') &&
           (github.event.action == 'labeled' || github.event.action == 'unlabeled')
@@ -42,34 +41,6 @@ jobs:
         if: ${{ github.event.action == 'labeled' || github.event.action == 'unlabeled' }}
         run: sleep 20
 
-      - name: Debounce main push dispatch
-        if: ${{ github.event_name == 'push' }}
-        run: sleep 45
-
-      - name: Install GitHub API backoff helper
-        run: |
-          cat > "$RUNNER_TEMP/github-api-backoff.sh" <<'BASH'
-          gh_api_with_retry() {
-            local attempt output status lower_output
-            for attempt in 1 2 3 4 5; do
-              if output="$(gh api "$@" 2>&1)"; then
-                printf '%s\n' "$output"
-                return 0
-              fi
-              status=$?
-              lower_output="${output,,}"
-              if [[ "$lower_output" != *"rate limit"* && "$output" != *"HTTP 429"* ]]; then
-                printf '%s\n' "$output" >&2
-                return "$status"
-              fi
-              echo "::warning::GitHub API throttled ClawSweeper dispatch on attempt ${attempt}; retrying after backoff." >&2
-              sleep $((attempt * attempt * 5))
-            done
-            printf '%s\n' "$output" >&2
-            return "$status"
-          }
-          BASH
-
       - name: Create ClawSweeper dispatch token
         id: token
         if: ${{ env.HAS_CLAWSWEEPER_APP_PRIVATE_KEY == 'true' }}
@@ -106,7 +77,6 @@ jobs:
             echo "::notice::Skipping GitHub activity dispatch because no ClawSweeper app token is configured."
             exit 0
           fi
-          . "$RUNNER_TEMP/github-api-backoff.sh"
           activity="$(jq -c \
             --arg target_repo "$TARGET_REPO" \
             --arg event_name "$SOURCE_EVENT" \
@@ -173,7 +143,7 @@ jobs:
             ' "$GITHUB_EVENT_PATH")"
           payload="$(jq -nc --argjson activity "$activity" \
             '{event_type:"github_activity",client_payload:{activity:$activity}}')"
-          if gh_api_with_retry repos/openclaw/clawsweeper/dispatches \
+          if gh api repos/openclaw/clawsweeper/dispatches \
             --method POST \
             --input - <<< "$payload"; then
             echo "Dispatched GitHub activity to ClawSweeper."
@@ -195,7 +165,6 @@ jobs:
             echo "::notice::Skipping ClawSweeper dispatch because no ClawSweeper app token is configured. Not falling back to a maintainer token."
             exit 0
           fi
-          . "$RUNNER_TEMP/github-api-backoff.sh"
           payload="$(jq -nc \
             --arg target_repo "$TARGET_REPO" \
             --argjson item_number "$ITEM_NUMBER" \
@@ -204,7 +173,7 @@ jobs:
             --arg source_action "$SOURCE_ACTION" \
             --argjson supersedes_in_progress "$SUPERSEDES_IN_PROGRESS" \
             '{event_type:"clawsweeper_item",client_payload:{target_repo:$target_repo,item_number:$item_number,item_kind:$item_kind,source_event:$source_event,source_action:$source_action,supersedes_in_progress:$supersedes_in_progress}}')"
-          if gh_api_with_retry repos/openclaw/clawsweeper/dispatches \
+          if gh api repos/openclaw/clawsweeper/dispatches \
             --method POST \
             --input - <<< "$payload"; then
             echo "Dispatched ClawSweeper review."
@@ -229,7 +198,6 @@ jobs:
             echo "::notice::Skipping ClawSweeper comment dispatch because no ClawSweeper app token is configured."
             exit 0
           fi
-          . "$RUNNER_TEMP/github-api-backoff.sh"
           body_file="$RUNNER_TEMP/clawsweeper-comment-body.txt"
           printf '%s\n' "$COMMENT_BODY" > "$body_file"
           if ! grep -Eiq '(^|[[:space:]])@(clawsweeper|openclaw-clawsweeper)\b(\[bot\])?|(^|[[:space:]])/(clawsweeper|review|automerge|autoclose)\b' "$body_file"; then
@@ -238,7 +206,7 @@ jobs:
           fi
           if [ -n "$TARGET_TOKEN" ]; then
             err="$(mktemp)"
-            if GH_TOKEN="$TARGET_TOKEN" gh_api_with_retry -X POST \
+            if GH_TOKEN="$TARGET_TOKEN" gh api -X POST \
               -H "Accept: application/vnd.github+json" \
               "repos/$TARGET_REPO/issues/comments/$COMMENT_ID/reactions" \
               -f content="eyes" 2>"$err" >/dev/null; then
@@ -265,7 +233,7 @@ jobs:
                   "Command router queued. I will update this comment with the next step.")"
                 status_payload="$(jq -nc --arg body "$status_body" '{body:$body}')"
                 status_err="$(mktemp)"
-                if status_response="$(GH_TOKEN="$TARGET_TOKEN" gh_api_with_retry \
+                if status_response="$(GH_TOKEN="$TARGET_TOKEN" gh api \
                   "repos/$TARGET_REPO/issues/$ITEM_NUMBER/comments" \
                   --method POST \
                   --input - <<< "$status_payload" 2>"$status_err")"; then
@@ -286,7 +254,7 @@ jobs:
             --arg source_event "issue_comment" \
             --arg source_action "$SOURCE_ACTION" \
             '{event_type:"clawsweeper_comment",client_payload:({target_repo:$target_repo,item_number:$item_number,comment_id:$comment_id,source_event:$source_event,source_action:$source_action,max_comments:"1"} + (if $status_comment_id != "" then {status_comment_id:($status_comment_id|tonumber)} else {} end))}')"
-          if GH_TOKEN="$DISPATCH_TOKEN" gh_api_with_retry repos/openclaw/clawsweeper/dispatches \
+          if GH_TOKEN="$DISPATCH_TOKEN" gh api repos/openclaw/clawsweeper/dispatches \
             --method POST \
             --input - <<< "$payload"; then
             echo "Dispatched ClawSweeper comment router."
@@ -308,7 +276,6 @@ jobs:
             echo "::notice::Skipping ClawSweeper commit dispatch because no ClawSweeper app token is configured. Not falling back to a maintainer token."
             exit 0
           fi
-          . "$RUNNER_TEMP/github-api-backoff.sh"
           case "$CREATE_CHECKS" in
             true|TRUE|1|yes|YES|on|ON) create_checks=true ;;
             *) create_checks=false ;;
@@ -320,7 +287,7 @@ jobs:
             --arg ref "$SOURCE_REF" \
             --argjson create_checks "$create_checks" \
             '{event_type:"clawsweeper_commit_review",client_payload:{target_repo:$target_repo,before_sha:$before_sha,after_sha:$after_sha,ref:$ref,enabled:true,create_checks:$create_checks}}')"
-          if gh_api_with_retry repos/openclaw/clawsweeper/dispatches \
+          if gh api repos/openclaw/clawsweeper/dispatches \
             --method POST \
             --input - <<< "$payload"; then
             echo "Dispatched ClawSweeper commit review."

.github/workflows/codeql-android-critical-security.yml

@@ -6,7 +6,7 @@ on:
     - cron: "0 7 * * *"
 
 concurrency:
-  group: codeql-android-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || format('ref-{0}', github.ref) }}
+  group: codeql-android-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
   cancel-in-progress: false
 
 env:

.github/workflows/codeql-critical-quality.yml

@@ -136,7 +136,7 @@ on:
     - cron: "30 6 * * *"
 
 concurrency:
-  group: codeql-critical-quality-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('ref-{0}', github.ref) }}
+  group: codeql-critical-quality-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 env:

.github/workflows/codeql-macos-critical-security.yml

@@ -6,7 +6,7 @@ on:
     - cron: "0 8 * * 1"
 
 concurrency:
-  group: codeql-macos-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || format('ref-{0}', github.ref) }}
+  group: codeql-macos-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
   cancel-in-progress: false
 
 env:

.github/workflows/codeql.yml

@@ -32,8 +32,8 @@ on:
     - cron: "0 6 * * *"
 
 concurrency:
-  group: codeql-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('ref-{0}', github.ref) }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' || (github.event_name == 'push' && github.ref == 'refs/heads/main') }}
+  group: codeql-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

.github/workflows/control-ui-locale-refresh.yml

@@ -23,8 +23,8 @@ permissions:
   contents: write
 
 concurrency:
-  group: control-ui-locale-refresh-${{ github.event_name == 'push' && github.ref || github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || github.event_name == 'release' && format('release-{0}', github.event.release.tag_name) || format('{0}-{1}', github.event_name, github.run_id) }}
-  cancel-in-progress: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+  group: control-ui-locale-refresh
+  cancel-in-progress: false
 
 jobs:
   plan:

.github/workflows/crabbox-hydrate.yml

@@ -663,10 +663,8 @@ jobs:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
           ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-          BYTEPLUS_API_KEY: ${{ secrets.BYTEPLUS_API_KEY }}
           CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
           DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
-          DASHSCOPE_API_KEY: ${{ secrets.DASHSCOPE_API_KEY }}
           FACTORY_API_KEY: ${{ secrets.FACTORY_API_KEY }}
           FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
@@ -674,38 +672,16 @@ jobs:
           GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
           KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }}
           MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
-          MODELSTUDIO_API_KEY: ${{ secrets.MODELSTUDIO_API_KEY }}
           MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
           MOONSHOT_API_KEY: ${{ secrets.MOONSHOT_API_KEY }}
-          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
-          OPENCODE_ZEN_API_KEY: ${{ secrets.OPENCODE_ZEN_API_KEY }}
-          OPENCLAW_LIVE_BROWSER_CDP_URL: ${{ secrets.OPENCLAW_LIVE_BROWSER_CDP_URL }}
-          OPENCLAW_LIVE_SETUP_TOKEN: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN }}
-          OPENCLAW_LIVE_SETUP_TOKEN_MODEL: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_MODEL }}
-          OPENCLAW_LIVE_SETUP_TOKEN_PROFILE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_PROFILE }}
-          OPENCLAW_LIVE_SETUP_TOKEN_VALUE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_VALUE }}
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
           OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
           QWEN_API_KEY: ${{ secrets.QWEN_API_KEY }}
-          FAL_KEY: ${{ secrets.FAL_KEY }}
-          RUNWAY_API_KEY: ${{ secrets.RUNWAY_API_KEY }}
-          DEEPGRAM_API_KEY: ${{ secrets.DEEPGRAM_API_KEY }}
           TOGETHER_API_KEY: ${{ secrets.TOGETHER_API_KEY }}
-          VYDRA_API_KEY: ${{ secrets.VYDRA_API_KEY }}
           XAI_API_KEY: ${{ secrets.XAI_API_KEY }}
           ZAI_API_KEY: ${{ secrets.ZAI_API_KEY }}
           Z_AI_API_KEY: ${{ secrets.Z_AI_API_KEY }}
-          BYTEPLUS_ACCESS_KEY_ID: ${{ secrets.BYTEPLUS_ACCESS_KEY_ID }}
-          BYTEPLUS_SECRET_ACCESS_KEY: ${{ secrets.BYTEPLUS_SECRET_ACCESS_KEY }}
-          CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          OPENCLAW_CODEX_AUTH_JSON: ${{ secrets.OPENCLAW_CODEX_AUTH_JSON }}
-          OPENCLAW_CODEX_CONFIG_TOML: ${{ secrets.OPENCLAW_CODEX_CONFIG_TOML }}
-          OPENCLAW_CLAUDE_JSON: ${{ secrets.OPENCLAW_CLAUDE_JSON }}
-          OPENCLAW_CLAUDE_CREDENTIALS_JSON: ${{ secrets.OPENCLAW_CLAUDE_CREDENTIALS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_JSON }}
-          OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON }}
-          OPENCLAW_GEMINI_SETTINGS_JSON: ${{ secrets.OPENCLAW_GEMINI_SETTINGS_JSON }}
         run: bash scripts/ci-hydrate-testbox-env.sh
 
       - name: Mark Crabbox ready

.github/workflows/docs-sync-publish.yml

@@ -13,10 +13,6 @@ on:
 permissions:
   contents: read
 
-concurrency:
-  group: docs-sync-publish-${{ github.event_name == 'workflow_dispatch' && format('manual-{0}', github.run_id) || github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
-
 jobs:
   sync-publish-repo:
     runs-on: ubuntu-latest

.github/workflows/full-release-validation.yml

@@ -840,7 +840,7 @@ jobs:
     if: ${{ always() && contains(fromJSON('["all","npm-telegram"]'), inputs.rerun_group) && (inputs.npm_telegram_package_spec != '' || inputs.release_package_spec != '' || (inputs.rerun_group == 'all' && inputs.release_profile == 'full')) }}
     continue-on-error: ${{ startsWith(github.ref, 'refs/heads/tideclaw/alpha/') }}
     runs-on: ubuntu-24.04
-    timeout-minutes: ${{ inputs.release_profile == 'full' && 360 || 60 }}
+    timeout-minutes: ${{ inputs.release_profile == 'full' && 120 || 60 }}
     outputs:
       run_id: ${{ steps.dispatch.outputs.run_id }}
       url: ${{ steps.dispatch.outputs.url }}
@@ -971,7 +971,7 @@ jobs:
     needs: [resolve_target, docker_runtime_assets_preflight]
     if: ${{ always() && needs.resolve_target.result == 'success' && contains(fromJSON('["all","performance"]'), inputs.rerun_group) && (inputs.rerun_group != 'all' || needs.docker_runtime_assets_preflight.result == 'success') }}
     runs-on: ubuntu-24.04
-    timeout-minutes: ${{ inputs.release_profile == 'full' && 360 || 120 }}
+    timeout-minutes: 120
     outputs:
       run_id: ${{ steps.dispatch.outputs.run_id }}
       url: ${{ steps.dispatch.outputs.url }}

.github/workflows/openclaw-release-publish.yml

@@ -519,7 +519,12 @@ jobs:
             local workflow="$1"
             shift
 
-            local dispatch_output run_id
+            local before_json dispatch_output run_id
+            before_json="$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/workflows/${workflow}/runs" \
+              -F event=workflow_dispatch \
+              -F per_page=100 \
+              --jq '[.workflow_runs[].id]')"
+
             dispatch_output="$(gh workflow run --repo "$GITHUB_REPOSITORY" "$workflow" --ref "$workflow_ref" "$@" 2>&1)"
             printf '%s\n' "$dispatch_output" >&2
             run_id="$(
@@ -529,7 +534,22 @@ jobs:
             )"
 
             if [[ -z "$run_id" ]]; then
-              echo "gh workflow run ${workflow} did not return an Actions run URL; refusing to guess from recent workflow_dispatch runs." >&2
+              for _ in $(seq 1 60); do
+                run_id="$(
+                  BEFORE_IDS="$before_json" gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/workflows/${workflow}/runs" \
+                    -F event=workflow_dispatch \
+                    -F per_page=50 \
+                    --jq '.workflow_runs | map({databaseId:.id, createdAt:.created_at}) | map(select(.databaseId as $id | (env.BEFORE_IDS | fromjson | index($id) | not))) | sort_by(.createdAt) | reverse | .[0].databaseId // empty'
+                )"
+                if [[ -n "$run_id" ]]; then
+                  break
+                fi
+                sleep 5
+              done
+            fi
+
+            if [[ -z "${run_id:-}" ]]; then
+              echo "Could not find dispatched run for ${workflow}." >&2
               exit 1
             fi
 

.github/workflows/openclaw-stable-main-closeout.yml

@@ -23,8 +23,8 @@ permissions:
   contents: write
 
 concurrency:
-  group: openclaw-stable-main-closeout-${{ github.event_name == 'workflow_dispatch' && (inputs.tag || github.run_id) || github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+  group: openclaw-stable-main-closeout
+  cancel-in-progress: false
 
 jobs:
   resolve:
@@ -43,30 +43,6 @@ jobs:
       should_closeout: ${{ steps.inputs.outputs.should_closeout }}
       tag: ${{ steps.inputs.outputs.tag }}
     steps:
-      - name: Install GitHub API backoff helper
-        run: |
-          cat > "$RUNNER_TEMP/github-api-backoff.sh" <<'BASH'
-          gh_with_retry() {
-            local attempt output status lower_output
-            for attempt in 1 2 3 4 5; do
-              if output="$(gh "$@" 2>&1)"; then
-                printf '%s\n' "$output"
-                return 0
-              fi
-              status=$?
-              lower_output="${output,,}"
-              if [[ "$lower_output" != *"rate limit"* && "$output" != *"HTTP 429"* ]]; then
-                printf '%s\n' "$output" >&2
-                return "$status"
-              fi
-              echo "::warning::GitHub API throttled stable closeout on attempt ${attempt}; retrying after backoff." >&2
-              sleep $((attempt * attempt * 5))
-            done
-            printf '%s\n' "$output" >&2
-            return "$status"
-          }
-          BASH
-
       - name: Checkout pushed main
         if: ${{ github.event_name == 'push' }}
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
@@ -86,13 +62,9 @@ jobs:
           TRIGGER_SHA: ${{ github.sha }}
         run: |
           set -euo pipefail
-          if [[ "$EVENT_NAME" == "push" ]]; then
-            sleep 45
-          fi
-          . "$RUNNER_TEMP/github-api-backoff.sh"
           if [[ "$EVENT_NAME" == "push" ]]; then
             main_ref="$TRIGGER_SHA"
-            tag="$(gh_with_retry release list --repo "$GITHUB_REPOSITORY" --exclude-drafts --limit 100 \
+            tag="$(gh release list --repo "$GITHUB_REPOSITORY" --exclude-drafts --limit 100 \
               --json tagName,isPrerelease,publishedAt \
               --jq '[.[] | select(.isPrerelease | not) | select(.tagName | test("^v[0-9]{4}\\.[0-9]+\\.[0-9]+(-[0-9]+)?$"))] | sort_by(.publishedAt) | last | .tagName // empty')"
             if [[ -z "$tag" ]]; then
@@ -116,27 +88,8 @@ jobs:
           if [[ "$release_package_version" =~ ^(.+)-[0-9]+$ ]]; then
             fallback_package_version="${BASH_REMATCH[1]}"
           fi
-          tag_package_content="$RUNNER_TEMP/tag-package-content.b64"
-          tag_package_read=false
-          for attempt in 1 2 3; do
-            if gh_with_retry api "repos/$GITHUB_REPOSITORY/contents/package.json?ref=$tag" \
-              --jq '.content' > "$tag_package_content"; then
-              tag_package_read=true
-              break
-            fi
-            if [[ "$attempt" != "3" ]]; then
-              sleep $((attempt * 5))
-            fi
-          done
-          if [[ "$tag_package_read" != "true" ]]; then
-            echo "Stable closeout could not read package.json for $tag from GitHub API." >&2
-            exit 1
-          fi
-          if ! tag_package_json="$(tr -d '\n' < "$tag_package_content" | base64 --decode)"; then
-            echo "Stable closeout package.json content for $tag was not valid base64." >&2
-            exit 1
-          fi
-          tag_package_version="$(jq -r '.version // empty' <<<"$tag_package_json")"
+          tag_package_version="$(gh api "repos/$GITHUB_REPOSITORY/contents/package.json?ref=$tag" \
+            --jq '.content' | tr -d '\n' | base64 --decode | jq -r '.version // empty')"
           fallback_correction=false
           evidence_source_tag="$tag"
           if [[ "$release_package_version" != "$fallback_package_version" &&
@@ -154,7 +107,7 @@ jobs:
           closeout_checksum_asset="${closeout_asset}.sha256"
           closeout_dir="$RUNNER_TEMP/release-closeout-evidence"
           mkdir -p "$closeout_dir"
-          gh_with_retry release download "$tag" --repo "$GITHUB_REPOSITORY" \
+          gh release download "$tag" --repo "$GITHUB_REPOSITORY" \
             --pattern "$closeout_asset" --pattern "$closeout_checksum_asset" --dir "$closeout_dir" || true
           closeout_json_path="$closeout_dir/$closeout_asset"
           closeout_checksum_path="$closeout_dir/$closeout_checksum_asset"
@@ -210,11 +163,8 @@ jobs:
           fi
           evidence_dir="$RUNNER_TEMP/release-postpublish-evidence"
           mkdir -p "$evidence_dir"
-          gh_with_retry release download "$evidence_source_tag" --repo "$GITHUB_REPOSITORY" \
-            --pattern "$evidence_asset" --pattern "$evidence_checksum_asset" --dir "$evidence_dir" || true
-          evidence_path="$evidence_dir/$evidence_asset"
-          evidence_checksum_path="$evidence_dir/$evidence_checksum_asset"
-          if [[ ! -f "$evidence_path" || ! -f "$evidence_checksum_path" ]]; then
+          if ! gh release download "$evidence_source_tag" --repo "$GITHUB_REPOSITORY" \
+            --pattern "$evidence_asset" --pattern "$evidence_checksum_asset" --dir "$evidence_dir"; then
             if [[ "$EVENT_NAME" == "push" ]]; then
               echo "Stable closeout skipped: $evidence_source_tag predates immutable postpublish evidence." >&2
               echo "should_closeout=false" >> "$GITHUB_OUTPUT"
@@ -223,6 +173,7 @@ jobs:
             echo "Stable closeout is required for $tag, but immutable postpublish evidence from $evidence_source_tag is missing." >&2
             exit 1
           fi
+          evidence_path="$evidence_dir/$evidence_asset"
           if ! (
             cd "$evidence_dir"
             sha256sum --strict --status -c "$evidence_checksum_asset"
@@ -302,30 +253,6 @@ jobs:
             exit 1
           fi
 
-      - name: Install GitHub API backoff helper
-        run: |
-          cat > "$RUNNER_TEMP/github-api-backoff.sh" <<'BASH'
-          gh_with_retry() {
-            local attempt output status lower_output
-            for attempt in 1 2 3 4 5; do
-              if output="$(gh "$@" 2>&1)"; then
-                printf '%s\n' "$output"
-                return 0
-              fi
-              status=$?
-              lower_output="${output,,}"
-              if [[ "$lower_output" != *"rate limit"* && "$output" != *"HTTP 429"* ]]; then
-                printf '%s\n' "$output" >&2
-                return "$status"
-              fi
-              echo "::warning::GitHub API throttled stable closeout on attempt ${attempt}; retrying after backoff." >&2
-              sleep $((attempt * attempt * 5))
-            done
-            printf '%s\n' "$output" >&2
-            return "$status"
-          }
-          BASH
-
       - name: Verify release workflow evidence
         env:
           GH_TOKEN: ${{ github.token }}
@@ -333,8 +260,7 @@ jobs:
           RELEASE_PUBLISH_RUN_ID: ${{ needs.resolve.outputs.release_publish_run_id }}
         run: |
           set -euo pipefail
-          . "$RUNNER_TEMP/github-api-backoff.sh"
-          gh_with_retry run view "$FULL_RELEASE_VALIDATION_RUN_ID" --repo "$GITHUB_REPOSITORY" \
+          gh run view "$FULL_RELEASE_VALIDATION_RUN_ID" --repo "$GITHUB_REPOSITORY" \
             --json workflowName,event,status,conclusion \
             > "$RUNNER_TEMP/full-release-validation-run.json"
           node --input-type=module - "$RUNNER_TEMP/full-release-validation-run.json" <<'NODE'
@@ -351,7 +277,7 @@ jobs:
             }
           }
           NODE
-          gh_with_retry run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" \
+          gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" \
             --json workflowName,event,status,conclusion \
             > "$RUNNER_TEMP/release-publish-run.json"
           node --input-type=module - "$RUNNER_TEMP/release-publish-run.json" <<'NODE'
@@ -372,7 +298,7 @@ jobs:
           manifest_dir="$RUNNER_TEMP/full-release-validation-manifest"
           rm -rf "$manifest_dir"
           mkdir -p "$manifest_dir"
-          gh_with_retry run download "$FULL_RELEASE_VALIDATION_RUN_ID" --repo "$GITHUB_REPOSITORY" \
+          gh run download "$FULL_RELEASE_VALIDATION_RUN_ID" --repo "$GITHUB_REPOSITORY" \
             --name "full-release-validation-${FULL_RELEASE_VALIDATION_RUN_ID}" \
             --dir "$manifest_dir"
           tag_sha="$(git -C "$GITHUB_WORKSPACE/release-tag" rev-parse HEAD)"
@@ -401,8 +327,7 @@ jobs:
         run: |
           set -euo pipefail
           mkdir -p "$CLOSEOUT_DIR"
-          . "$RUNNER_TEMP/github-api-backoff.sh"
-          gh_with_retry release view "$RELEASE_TAG" --repo "$GITHUB_REPOSITORY" \
+          gh release view "$RELEASE_TAG" --repo "$GITHUB_REPOSITORY" \
             --json tagName,isDraft,isPrerelease,assets \
             > "$CLOSEOUT_DIR/github-release.json"
           node scripts/verify-stable-main-closeout.mjs \
@@ -428,23 +353,21 @@ jobs:
           CLOSEOUT_DIR: ${{ runner.temp }}/openclaw-stable-main-closeout
         run: |
           set -euo pipefail
-          . "$RUNNER_TEMP/github-api-backoff.sh"
           release_version="${RELEASE_TAG#v}"
           attach_or_verify() {
             local source_path="$1"
             local asset_name="$2"
             local existing_dir="$CLOSEOUT_DIR/existing-${asset_name}"
             mkdir -p "$existing_dir"
-            gh_with_retry release download "$RELEASE_TAG" --repo "$GITHUB_REPOSITORY" \
-              --pattern "$asset_name" --dir "$existing_dir" || true
-            if [[ -f "$existing_dir/$asset_name" ]]; then
+            if gh release download "$RELEASE_TAG" --repo "$GITHUB_REPOSITORY" \
+              --pattern "$asset_name" --dir "$existing_dir"; then
               cmp --silent "$source_path" "$existing_dir/$asset_name" || {
                 echo "Existing release asset $asset_name differs from closeout evidence." >&2
                 exit 1
               }
               return
             fi
-            gh_with_retry release upload "$RELEASE_TAG" "$source_path#$asset_name" --repo "$GITHUB_REPOSITORY"
+            gh release upload "$RELEASE_TAG" "$source_path#$asset_name" --repo "$GITHUB_REPOSITORY"
           }
           attach_or_verify \
             "$CLOSEOUT_DIR/stable-main-closeout.json" \

.github/workflows/plugin-npm-release.yml

@@ -38,8 +38,8 @@ on:
         type: string
 
 concurrency:
-  group: plugin-npm-release-${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+  group: plugin-npm-release-${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}
+  cancel-in-progress: false
 
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

.github/workflows/sandbox-common-smoke.yml

@@ -19,7 +19,7 @@ permissions:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' || (github.event_name == 'push' && github.ref == 'refs/heads/main') }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

.github/workflows/windows-blacksmith-testbox.yml

@@ -57,10 +57,6 @@ jobs:
             echo "could not read required Blacksmith metadata" >&2
             exit 1
           fi
-          if ! jq -e 'type == "number"' <<<"$installation_model_id" >/dev/null; then
-            echo "invalid Blacksmith installation model id: ${installation_model_id}" >&2
-            exit 1
-          fi
 
           if [ -n "${BLACKSMITH_HOSTNAME:-}" ]; then
             runner_host="$BLACKSMITH_HOSTNAME"
@@ -69,32 +65,21 @@ jobs:
           fi
           runner_ssh_port="${BLACKSMITH_SSH_PORT:-22}"
 
-          hydrating_body="$RUNNER_TEMP/testbox-hydrating.json"
           hydrating_response="$RUNNER_TEMP/testbox-hydrating.response"
-          jq -n \
-            --arg testbox_id "$TESTBOX_ID" \
-            --argjson installation_model_id "$installation_model_id" \
-            --arg status "hydrating" \
-            --arg ip_address "$runner_host" \
-            --arg ssh_port "$runner_ssh_port" \
-            --arg working_directory "$GITHUB_WORKSPACE" \
-            --arg adopted_run_id "$GITHUB_RUN_ID" \
-            '{
-              testbox_id: $testbox_id,
-              installation_model_id: $installation_model_id,
-              status: $status,
-              ip_address: $ip_address,
-              ssh_port: $ssh_port,
-              working_directory: $working_directory,
-              adopted_run_id: $adopted_run_id,
-              metadata: {}
-            }' > "$hydrating_body"
-
           hydrating_http_code="$(curl -sS -L --post302 --post303 -o "$hydrating_response" -w '%{http_code}' \
             -X POST "${api_url}/api/testbox/phone-home" \
             -H "Content-Type: application/json" \
             -H "Authorization: Bearer ${auth_token}" \
-            --data-binary @"$hydrating_body" || true)"
+            -d "{
+              \"testbox_id\": \"${TESTBOX_ID}\",
+              \"installation_model_id\": ${installation_model_id},
+              \"status\": \"hydrating\",
+              \"ip_address\": \"${runner_host}\",
+              \"ssh_port\": \"${runner_ssh_port}\",
+              \"working_directory\": \"${GITHUB_WORKSPACE}\",
+              \"adopted_run_id\": \"${GITHUB_RUN_ID}\",
+              \"metadata\": {}
+            }" || true)"
 
           echo "phone_home_hydrating_http=${hydrating_http_code}"
           if [[ ! "$hydrating_http_code" =~ ^2 ]]; then
@@ -167,30 +152,20 @@ jobs:
           runner_ssh_port="$(cat "$state/runner_ssh_port")"
           working_directory="$(cat "$state/working_directory")"
           adopted_run_id="$(cat "$state/adopted_run_id")"
-          if ! jq -e 'type == "number"' <<<"$installation_model_id" >/dev/null; then
-            echo "invalid Blacksmith installation model id: ${installation_model_id}" >&2
-            exit 1
-          fi
 
           ready_body="$RUNNER_TEMP/testbox-ready.json"
-          jq -n \
-            --arg testbox_id "$testbox_id" \
-            --argjson installation_model_id "$installation_model_id" \
-            --arg status "ready" \
-            --arg ip_address "$runner_host" \
-            --arg ssh_port "$runner_ssh_port" \
-            --arg working_directory "$working_directory" \
-            --arg adopted_run_id "$adopted_run_id" \
-            '{
-              testbox_id: $testbox_id,
-              installation_model_id: $installation_model_id,
-              status: $status,
-              ip_address: $ip_address,
-              ssh_port: $ssh_port,
-              working_directory: $working_directory,
-              adopted_run_id: $adopted_run_id,
-              metadata: {}
-            }' > "$ready_body"
+          cat > "$ready_body" <<JSON
+          {
+            "testbox_id": "${testbox_id}",
+            "installation_model_id": ${installation_model_id},
+            "status": "ready",
+            "ip_address": "${runner_host}",
+            "ssh_port": "${runner_ssh_port}",
+            "working_directory": "${working_directory}",
+            "adopted_run_id": "${adopted_run_id}",
+            "metadata": {}
+          }
+          JSON
 
           http_code="$(curl -sS -L --post302 --post303 -o "$RUNNER_TEMP/testbox-ready.response" -w '%{http_code}' \
             -X POST "${api_url}/api/testbox/phone-home" \

AGENTS.md

@@ -35,7 +35,7 @@ Skills own workflows; root owns hard policy and routing.
 - One-sided fixes need sibling-surface proof, an explanation for why siblings are unaffected, or explicit follow-up work.
 - Changelog findings: see Docs / Changelog.
 - Public ClawSweeper comments prefer `https://docs.openclaw.ai/...` when a public docs page exists; structured evidence still cites repo files, lines, SHAs.
-- Findings need current source, shipped/current behavior, tests/CI evidence, and dependency contract proof when dependency-backed behavior is involved. Validation is judged against touched and sibling surfaces plus this file's commands; clear evidence matters for user-visible changes, with Telegram/Desktop proof for Telegram-visible behavior when feasible.
+- Findings need current source, shipped/current behavior, tests/CI evidence, and dependency contract proof when dependency-backed behavior is involved. Validation is judged against touched and sibling surfaces plus this file's commands; real behavior proof matters for user-visible changes, with Telegram/Desktop proof for Telegram-visible behavior when feasible.
 - Prefer findings for concrete behavior regressions, missing changed-surface proof, owner-boundary violations, security/API contract issues, or docs/config mismatches.
 - Do not file findings for repo policy preference when changed code follows the relevant scoped guide and no user-visible, runtime, security, or maintainer-risk impact is shown.
 
@@ -165,12 +165,13 @@ Skills own workflows; root owns hard policy and routing.
 - Representing user: if user already has a comment/thread for the point, update/reply there when possible; avoid duplicate PR/issue comments.
 - No surprise GH writes: chat must mention every posted/updated public comment with URL.
 - GH comments with backticks, `$`, or shell snippets: use heredoc/body file, not inline double-quoted `--body`.
-- PR create: real body required. Use the current template: `What Problem This Solves`, `Why This Change Was Made`, `User Impact`, and `Evidence`; include visible refs, behavior, and validation.
+- PR create: real body required. Include Summary + Verification; mention refs, behavior, and proof.
 - PR create/refresh: keep PR branches takeover-ready. Use a branch maintainers can push to, or for fork PRs ensure `maintainer_can_modify` / GitHub's `Allow edits by maintainers` is enabled unless explicitly told otherwise or GitHub's Actions/secrets warning makes that unsafe.
 - GitHub issue/PR create: read `$agent-transcript`; ask about sanitized transcript logs when available.
-- Contributor PRs: parsed context requires authored `What Problem This Solves` and `Evidence` sections. Do not require field-level proof forms; reviewers inspect code, tests, and CI for correctness.
+- Contributor PRs: parsed `Real behavior proof` uses exact `field: value` labels: `Behavior addressed`, `Real environment tested`, `Exact steps or command run after this patch`, `Evidence after fix`, `Observed result after fix`, `What was not tested`.
 - PR artifacts/screenshots: attach to PR/comment/external artifact store. Never push screenshots, videos, proof images, or proof assets to OpenClaw or any product repo branch, including temp artifact branches. Use Crabbox artifact publishing plus the manifest URL. Do not commit `.github/pr-assets`.
 - CI polling: exact SHA, relevant checks only, minimal fields. Skip routine noise (`Auto response`, `Labeler`, docs agents, performance/stale). Logs only after failure/completion or concrete need.
+- OpenClaw write-access maintainers may skip `Real behavior proof` when local tests or Crabbox verified behavior; record proof in PR verification.
 - Agent PR landing to `main`: use only the repo-native `scripts/pr` wrapper: run `scripts/pr review-init <PR>`, follow its emitted checkout/guard guidance, initialize and complete review artifacts with `scripts/pr review-artifacts-init <PR>`, validate them with `scripts/pr review-validate-artifacts <PR>`, then run `scripts/pr prepare-run <PR>` and `scripts/pr merge-run <PR>`; do not idle on `auto-response` or `check-docs`.
 
 ## Code

CONTRIBUTING.md

@@ -106,8 +106,7 @@ For coordinated change sets that genuinely need more than 20 PRs, join the **#cl
 ## Before You PR
 
 - Test locally with your OpenClaw instance
-- External PRs must describe the user, product, or operational problem in **What Problem This Solves** and include useful validation in **Evidence**. Focused tests, CI results, screenshots, recordings, terminal output, live observations, redacted logs, and artifact links all count. Reviewers will inspect the code, tests, and CI; use the PR body to explain intent and make validation easy to understand.
-- When ClawSweeper, Codex, Barnacle, or a maintainer asks for more context or evidence, edit the PR description instead of only replying in a new comment. Keep **What Problem This Solves**, **Why This Change Was Made**, **User Impact**, and **Evidence** current; a short comment can point reviewers to the update, but the PR body should remain the durable explanation for maintainers and bots.
+- External PRs must include a filled **Real behavior proof** section in the PR body. Show the real setup you tested, the exact command or steps you ran after the patch, after-fix evidence, the observed result, and anything you did not test. Screenshots, recordings, terminal screenshots, console output, copied live output, linked artifacts, and redacted runtime logs all count. Unit tests, mocks, snapshots, lint, typechecks, and CI are useful but do not satisfy this requirement by themselves. Maintainers may apply `proof: override` only when the proof gate should not apply.
 - Keep PRs takeover-ready: open them from a branch maintainers can push to. For fork PRs, leave GitHub's **Allow edits by maintainers** option enabled so maintainers can finish urgent fixes, changelog entries, or merge prep when needed. If GitHub shows **Allow edits and access to secrets by maintainers**, enable it only when that workflow/secrets access is acceptable and say so in the PR.
 - Do not edit `CHANGELOG.md` in contributor PRs. Maintainers or ClawSweeper add the changelog entry when landing user-facing changes.
 - Run tests: `pnpm build && pnpm check && pnpm test`
@@ -170,7 +169,7 @@ Built with Codex, Claude, or other AI tools? **Awesome - just mark it!**
 Please include in your PR:
 
 - [ ] Mark as AI-assisted in the PR title or description
-- [ ] Include a concise **Evidence** section with the most useful validation. Reviewers will inspect the code, tests, and CI rather than relying on the PR body alone.
+- [ ] Include human-run real behavior proof from your own setup. AI-generated tests, mocks, lint, typechecks, and CI output are supplemental only; they do not prove the fix works for users.
 - [ ] Include prompts or session logs if possible (super helpful!)
 - [ ] Confirm you understand what the code does
 - [ ] If you have access to Codex, run `codex review --base origin/main` locally and address the findings before asking for review

config/knip.config.ts

@@ -128,9 +128,18 @@ const config = {
     "**/*.test-utils.ts",
     "test/helpers/live-image-probe.ts",
     "src/secrets/credential-matrix.ts",
+    "src/agents/claude-cli-runner.ts",
+    "src/agents/agent-auth-json.ts",
+    "src/agents/tool-policy.conformance.ts",
+    "src/auto-reply/reply/audio-tags.ts",
+    "src/gateway/live-tool-probe-utils.ts",
+    "src/gateway/server.auth.shared.ts",
     "src/shared/text/assistant-visible-text.ts",
     bundledPluginFile("telegram", "src/bot/reply-threading.ts"),
     bundledPluginFile("telegram", "src/draft-chunking.ts"),
+    bundledPluginFile("msteams", "src/conversation-store-memory.ts"),
+    bundledPluginFile("msteams", "src/polls-store-memory.ts"),
+    bundledPluginFile("voice-call", "src/providers/index.ts"),
   ],
   ignore: ["packages/*/dist/**"],
   workspaces: {

docs/.generated/plugin-sdk-api-baseline.sha256

@@ -1,2 +1,2 @@
-6f442c09ff2fa618f6f68cc866091a713d2c730090380dd726a9845f4d0fd9bd  plugin-sdk-api-baseline.json
-d6b1929a42117759a3d0908fb68866e721ee7f0840279dce905a975b461c5b67  plugin-sdk-api-baseline.jsonl
+b29fdf14b8b6bd3f8f61699754bd3269e54a6452f0430784f0e42c0bbf6d2be3  plugin-sdk-api-baseline.json
+d3a9400a6eb7b9e22ff7264dfe5afdda5bd694a6f8fa6427d146a4c4b1506d3e  plugin-sdk-api-baseline.jsonl

docs/ci.md

@@ -47,21 +47,33 @@ Use `pnpm ci:timings`, `pnpm ci:timings:recent`, or `node scripts/ci-run-timings
 
 For pull request runs, the terminal timing-summary job runs the helper from the trusted base revision before passing `GH_TOKEN` to `gh run view`. That keeps the tokened query out of branch-controlled code while still summarizing the pull request's current CI run.
 
-## PR context and evidence
+## Real behavior proof
 
-External contributor PRs run a PR context and evidence gate from
+External contributor PRs run a `Real behavior proof` gate from
 `.github/workflows/real-behavior-proof.yml`. The workflow checks out the trusted
 base commit and evaluates the PR body only; it does not execute code from the
 contributor branch.
 
 The gate applies to PR authors who are not repository owners, members,
-collaborators, or bots. It passes when the PR body contains authored
-`What Problem This Solves` and `Evidence` sections. Evidence can be a focused
-test, CI result, screenshot, recording, terminal output, live observation,
-redacted log, or artifact link. The body provides intent and useful validation;
-reviewers inspect the code, tests, and CI to assess correctness.
+collaborators, or bots. It passes when the PR body contains a
+`Real behavior proof` section with filled values for:
+
+- `Behavior or issue addressed`
+- `Real environment tested`
+- `Exact steps or command run after this patch`
+- `Evidence after fix`
+- `Observed result after fix`
+- `What was not tested`
+
+The evidence must show the changed behavior after the patch in a real OpenClaw
+setup. Screenshots, recordings, terminal captures, console output, copied live
+output, redacted runtime logs, and linked artifacts all count. Unit tests, mocks,
+snapshots, lint, typechecks, and CI results are useful supporting verification,
+but they do not satisfy this gate by themselves.
 
 When the check fails, update the PR body instead of pushing another code commit.
+Maintainers can apply `proof: override` only when the proof gate should not
+apply to that PR.
 
 ## Scope and routing
 

docs/cli/doctor.md

@@ -172,12 +172,10 @@ A finding includes:
 | `ocPath`          | Precise `oc://` address when a check can point to one. |
 | `fixHint`         | Suggested operator action or repair summary.           |
 
-Modernized core doctor checks stay attached to the ordered doctor contribution
-that owns their human `doctor` / `doctor --fix` behavior. The shared structured
-health registry is the extension point: bundled and plugin-backed checks run
-after core doctor checks once their owning package registers them in the active
-command path. The `openclaw/plugin-sdk/health` subpath exposes the same
-contract for those extension consumers.
+This release registers the modernized core doctor checks on the structured
+health path. The `openclaw/plugin-sdk/health` subpath exposes the same
+contract for bundled follow-up consumers, but plugin-backed checks only run
+after their owning package registers them in the active command path.
 
 ## Check Selection
 

docs/cli/nodes.md

@@ -39,13 +39,7 @@ openclaw nodes status --last-connected 24h
 `nodes list` prints pending/paired tables. Paired rows include the most recent connect age (Last Connect).
 Use `--connected` to only show currently-connected nodes. Use `--last-connected <duration>` to
 filter to nodes that connected within a duration (e.g. `24h`, `7d`).
-Use `nodes remove --node <id|name|ip>` to remove a node pairing. For a
-device-backed node this revokes the device's `node` role in `devices/paired.json`
-and disconnects its node-role sessions (a mixed-role device keeps its row and
-only loses the `node` role; a node-only device is deleted); it also clears any
-matching legacy gateway-owned node pairing record. `operator.pairing` can remove
-non-operator node rows; a device-token caller revoking its own node role on a
-mixed-role device additionally needs `operator.admin`.
+Use `nodes remove --node <id|name|ip>` to delete a stale gateway-owned node pairing record.
 
 Approval note:
 

docs/cli/plugins.md

@@ -38,6 +38,8 @@ openclaw plugins list --json
 openclaw plugins search <query>
 openclaw plugins search <query> --limit 20
 openclaw plugins search <query> --json
+openclaw plugins search <query> --catalog-feeds
+openclaw plugins search <query> --catalog-feeds --feed-source approved
 openclaw plugins install <path-or-spec>
 openclaw plugins inspect <id>
 openclaw plugins inspect <id> --runtime
@@ -103,6 +105,7 @@ rewriting files.
 
 ```bash
 openclaw plugins search "calendar"                   # search ClawHub plugins
+openclaw plugins search "calendar" --catalog-feeds   # search configured feed plugins
 openclaw plugins install <package>                      # source auto-detection
 openclaw plugins install clawhub:<package>              # ClawHub only
 openclaw plugins install npm:<package>                  # npm only
@@ -126,9 +129,13 @@ sources with guarded environment variables. See
 Bare package names install from npm by default during the launch cutover, unless they match an official plugin id. Raw `@openclaw/*` package specs that match bundled plugins use the bundled copy that shipped with the current OpenClaw build. Use `npm:<package>` when you deliberately want an external npm package instead. Use `clawhub:<package>` for ClawHub. Treat plugin installs like running code. Prefer pinned versions.
 </Warning>
 
-`plugins search` queries ClawHub for installable plugin packages and prints
-install-ready package names. It searches code-plugin and bundle-plugin packages,
-not skills. Use `openclaw skills search` for ClawHub skills.
+`plugins search` queries ClawHub for installable plugin packages by default,
+or configured catalog feeds when you pass `--catalog-feeds`, pass
+`--feed-source <id>`, or enable the Feeds plugin search default in config.
+ClawHub search prints install-ready package names and searches code-plugin and
+bundle-plugin packages, not skills. Feed search prints matching feed plugin
+entries with source/feed provenance and install hints when the feed advertises
+install metadata. Use `openclaw skills search` for skills.
 
 <Note>
 ClawHub is the primary distribution and discovery surface for most plugins. Npm
@@ -305,10 +312,12 @@ does not import plugin runtime code, run a package manager, or repair missing
 dependencies.
 </Note>
 
-`plugins search` is a remote ClawHub catalog lookup. It does not inspect local
-state, mutate config, install packages, or load plugin runtime code. Search
-results include the ClawHub package name, family, channel, version, summary, and
-an install hint such as `openclaw plugins install clawhub:<package>`.
+`plugins search` is a remote ClawHub catalog lookup unless catalog-feed search
+is explicitly requested or enabled as the Feeds plugin search default. It does not
+mutate config, install packages, or load plugin runtime code. ClawHub results
+include the package name, family, channel, version, summary, and an install hint
+such as `openclaw plugins install clawhub:<package>`. Feed results include the
+feed source id, feed id, entry metadata, and an install hint when advertised.
 
 For bundled plugin work inside a packaged Docker image, bind-mount the plugin
 source directory over the matching packaged source path, such as

docs/cli/policy.md

@@ -18,8 +18,9 @@ report drift through `doctor --lint`. The final conformance signal is a clean
 instead of creating a separate health gate.
 
 Policy currently manages configured channels, MCP servers, model providers,
-network SSRF posture, ingress/channel access posture, Gateway exposure posture, agent workspace posture,
-data-handling posture, OpenClaw config secret provider/auth profile posture, and governed tool
+network SSRF posture, ingress/channel access posture, Gateway exposure posture,
+feed catalog source posture, agent workspace posture, data-handling posture,
+OpenClaw config secret provider/auth profile posture, and governed tool
 declarations. For example, IT or a workspace operator can record that Telegram
 is not an approved channel provider, restrict MCP servers and model refs to
 approved entries, require private-network fetch/browser access to remain
@@ -115,6 +116,17 @@ file posture, and tool metadata looks like this:
       "requireUrlAllowlists": true,
     },
   },
+  "feeds": {
+    "sources": {
+      "require": ["company-approved"],
+      "requirePinned": true,
+      "allowUnsigned": false,
+    },
+    "search": {
+      "requireDefault": true,
+      "requireSources": ["company-approved"],
+    },
+  },
   "agents": {
     "workspace": {
       "allowedAccess": ["none", "ro"],
@@ -182,8 +194,8 @@ when a concrete rule is present. OpenClaw reads current `channels.*` settings
 settings, direct-message session scope, channel DM policy, channel group policy,
 channel/group mention gates, Gateway bind/auth/Control UI/Tailscale/remote/HTTP
 posture, OpenClaw config agent sandbox workspace access and tool deny posture,
-data-handling config posture, config secret
-provider and SecretRef provenance, config auth profile metadata, configured
+configured Feeds plugin source declarations, data-handling config posture, config
+secret provider and SecretRef provenance, config auth profile metadata, configured
 global/per-agent tool posture, and `TOOLS.md` declarations as evidence, then
 reports observed state that does not conform. If a policy denies non-loopback
 Gateway binds, omit `gateway.bind` only when you
@@ -372,6 +384,20 @@ Every scope present in `policy.jsonc` must be valid and enforceable.
 | `gateway.http.denyEndpoints`            | Gateway HTTP API endpoints                     | Deny endpoint ids such as `chatCompletions` or `responses`.  |
 | `gateway.http.requireUrlAllowlists`     | Gateway HTTP URL-fetch inputs                  | Set to `true` to require URL allowlists on URL-fetch inputs. |
 
+#### Feed catalog sources
+
+| Policy field                  | Observed state                                   | Use when                                                            |
+| ----------------------------- | ------------------------------------------------ | ------------------------------------------------------------------- |
+| `feeds.sources.require`       | `plugins.entries.feeds.config.sources[].id`      | Require specific feed source ids to be configured and enabled.      |
+| `feeds.sources.requirePinned` | Feed source `trust` and `integrity` declarations | Set to `true` to require enabled feed sources to be pinned.         |
+| `feeds.sources.allowUnsigned` | Feed source `trust` declarations                 | Set to `false` to reject enabled sources using unsigned trust.      |
+| `feeds.search.requireDefault` | `plugins.entries.feeds.config.search.default`    | Set to `true` to require native skills/plugins search to use feeds. |
+| `feeds.search.requireSources` | `plugins.entries.feeds.config.search.sources[]`  | Require default native feed search to use selected source ids.      |
+
+Feed policy observes only configured source declarations and native search
+configuration. It does not fetch
+feed documents, install entries, or enforce install decisions at runtime.
+
 #### Agent workspace
 
 | Policy field                     | Observed state                                                                        | Use when                                                                                                            |
@@ -666,6 +692,16 @@ Example JSON output:
         "value": false
       }
     ],
+    "feeds": [
+      {
+        "id": "company-approved",
+        "source": "oc://openclaw.config/plugins/entries/feeds/config/sources/#0",
+        "enabled": true,
+        "url": "https://feeds.example.com#0123456789ab",
+        "trust": "pinned",
+        "integrityPresent": true
+      }
+    ],
     "gatewayExposure": [
       {
         "id": "gateway-bind",
@@ -815,6 +851,11 @@ Policy currently verifies:
 | `policy/gateway-remote-enabled`                          | Gateway remote mode is active when policy denies it.                              |
 | `policy/gateway-http-endpoint-enabled`                   | A Gateway HTTP API endpoint is enabled while denied by policy.                    |
 | `policy/gateway-http-url-fetch-unrestricted`             | Gateway HTTP URL-fetch input lacks a required URL allowlist.                      |
+| `policy/feeds-required-source-missing`                   | A required feed source id is not configured and enabled.                          |
+| `policy/feeds-source-unpinned`                           | An enabled feed source is not pinned when policy requires pinned feeds.           |
+| `policy/feeds-source-unsigned`                           | An enabled feed source uses unsigned trust when policy denies unsigned feeds.     |
+| `policy/feeds-search-default-missing`                    | Native skills/plugins search is not configured to use feeds by default.           |
+| `policy/feeds-search-source-missing`                     | Native feed search does not require a policy-required source id.                  |
 | `policy/agents-workspace-access-denied`                  | Agent sandbox mode or workspace access is outside the policy allowlist.           |
 | `policy/agents-tool-not-denied`                          | An agent or default config does not deny a tool required by policy.               |
 | `policy/tools-profile-unapproved`                        | A configured global or per-agent tool profile is outside the allowlist.           |

docs/cli/sessions.md

@@ -168,62 +168,11 @@ traffic. Use `--store <path>` for explicit offline repair of a store file.
 }
 ```
 
-## Compact a session
+Related:
 
-Reclaim context budget for a wedged or oversized session. `openclaw sessions compact <key>` is the first-class wrapper around the `sessions.compact` gateway RPC and requires a running gateway.
-
-```bash
-openclaw sessions compact "agent:main:main"
-openclaw sessions compact "agent:main:main" --max-lines 200
-openclaw sessions compact "agent:work:main" --agent work --json
-```
-
-- Without `--max-lines`, the gateway LLM-summarizes the transcript. This can be slow, so the default `--timeout` is `180000` ms.
-- With `--max-lines <n>`, it truncates to the last `n` transcript lines and archives the prior transcript as a `.bak` sidecar.
-- `--agent <id>`: agent that owns the session; required for `global` keys.
-- `--url` / `--token` / `--password`: gateway connection overrides.
-- `--timeout <ms>`: RPC timeout in milliseconds.
-- `--json`: print the raw RPC payload.
-
-The command exits non-zero when the gateway reports a failed compaction or is unreachable, so crons and scripts never mistake a silent no-op for success.
-
-> Note: `openclaw agent --message '/compact ...'` is **not** a compaction path. Slash commands from the CLI are rejected by the authorized-sender check; that invocation exits non-zero with guidance pointing here instead of silently no-opping.
-
-### sessions.compact RPC
-
-`openclaw gateway call sessions.compact --params '<json>'` accepts:
-
-| Field      | Type        | Required | Description                                                |
-| ---------- | ----------- | -------- | ---------------------------------------------------------- |
-| `key`      | string      | yes      | Session key to compact (for example `agent:main:main`).    |
-| `agentId`  | string      | no       | Agent id that owns the session (for `global` keys).        |
-| `maxLines` | integer ≥ 1 | no       | Truncate to the last N lines instead of LLM summarization. |
-
-Example LLM-summarize response:
-
-```json
-{
-  "ok": true,
-  "key": "agent:main:main",
-  "compacted": true,
-  "result": { "tokensBefore": 243868, "tokensAfter": 34941 }
-}
-```
-
-Example truncate response (`--max-lines 200`):
-
-```json
-{
-  "ok": true,
-  "key": "agent:main:main",
-  "compacted": true,
-  "archived": "/home/user/.openclaw/agents/main/sessions/transcripts/<id>.jsonl.bak",
-  "kept": 200
-}
-```
+- Session config: [Configuration reference](/gateway/config-agents#session)
 
 ## Related
 
-- Session config: [Configuration reference](/gateway/config-agents#session)
 - [CLI reference](/cli)
 - [Session management](/concepts/session)

docs/cli/skills.md

@@ -2,7 +2,7 @@
 summary: "CLI reference for `openclaw skills` (search/install/update/verify/list/info/check/workshop)"
 read_when:
   - You want to see which skills are available and ready to run
-  - You want to search ClawHub or install skills from ClawHub, Git, or local directories
+  - You want to search ClawHub or configured catalog feeds, or install skills from ClawHub, Git, or local directories
   - You want to verify a ClawHub skill with ClawHub
   - You want to debug missing binaries/env/config for skills
 title: "Skills"
@@ -10,8 +10,9 @@ title: "Skills"
 
 # `openclaw skills`
 
-Inspect local skills, search ClawHub, install skills from ClawHub/Git/local
-directories, verify ClawHub skills, and update ClawHub-tracked installs.
+Inspect local skills, search ClawHub or configured catalog feeds, install skills
+from ClawHub/Git/local directories, verify ClawHub skills, and update
+ClawHub-tracked installs.
 
 Related:
 
@@ -25,6 +26,8 @@ Related:
 ```bash
 openclaw skills search "calendar"
 openclaw skills search --limit 20 --json
+openclaw skills search "calendar" --catalog-feeds
+openclaw skills search "calendar" --catalog-feeds --feed-source approved
 openclaw skills install <slug>
 openclaw skills install <slug> --version <version>
 openclaw skills install git:owner/repo
@@ -64,12 +67,14 @@ openclaw skills workshop reject <proposal-id> --reason "Not reusable"
 openclaw skills workshop quarantine <proposal-id> --reason "Needs security review"
 ```
 
-`search`, `update`, and `verify` use ClawHub directly. `install <slug>` installs
-a ClawHub skill, `install git:owner/repo[@ref]` clones a Git skill, and
-`install ./path` copies a local skill directory. By default, `install`, `update`,
-and `verify` target the active workspace `skills/` directory; with `--global`,
-they target the shared managed skills directory. `list`/`info`/`check` still
-inspect the local skills visible to the current workspace and config.
+`search` uses ClawHub by default, or configured catalog feeds when you pass
+`--catalog-feeds`, pass `--feed-source <id>`, or enable the Feeds plugin search
+default in config. `update` and `verify` use ClawHub directly. `install <slug>`
+installs a ClawHub skill, `install git:owner/repo[@ref]` clones a Git skill,
+and `install ./path` copies a local skill directory. By default, `install`,
+`update`, and `verify` target the active workspace `skills/` directory; with
+`--global`, they target the shared managed skills directory. `list`/`info`/`check`
+still inspect the local skills visible to the current workspace and config.
 Workspace-backed commands resolve the target workspace from `--agent <id>`, then
 the current working directory when it is inside a configured agent workspace,
 then the default agent.
@@ -86,8 +91,11 @@ settings use the separate `skills.install` request path instead.
 Notes:
 
 - `search [query...]` accepts an optional query; omit it to browse the default
-  ClawHub search feed.
+  ClawHub search feed, or the configured feed default when Feeds search is enabled.
 - `search --limit <n>` caps returned results.
+- `search --catalog-feeds` searches configured feed entries instead of ClawHub.
+- `search --feed-source <id>` searches one configured feed source id; repeat it or
+  pass comma-separated ids to search multiple sources.
 - `install git:owner/repo[@ref]` installs a Git skill. Branch refs may contain
   slashes, such as `git:owner/repo@feature/foo`.
 - `install ./path/to/skill` installs a local directory whose root contains

docs/concepts/multi-agent.md

@@ -37,7 +37,7 @@ that agent; if you copy credentials manually, copy only portable static
 `api_key` or `token` profiles.
 </Warning>
 
-Skills are loaded from each agent workspace plus shared roots such as `~/.openclaw/skills`, then filtered by the effective agent skill allowlist when configured. Use `agents.defaults.skills` for a shared baseline and `agents.list[].skills` for per-agent replacement. See [Skills: per-agent vs shared](/tools/skills#per-agent-vs-shared-skills) and [Skills: agent skill allowlists](/tools/skills#agent-allowlists).
+Skills are loaded from each agent workspace plus shared roots such as `~/.openclaw/skills`, then filtered by the effective agent skill allowlist when configured. Use `agents.defaults.skills` for a shared baseline and `agents.list[].skills` for per-agent replacement. See [Skills: per-agent vs shared](/tools/skills#per-agent-vs-shared-skills) and [Skills: agent skill allowlists](/tools/skills#agent-skill-allowlists).
 
 The Gateway can host **one agent** (default) or **many agents** side-by-side.
 

docs/gateway/pairing.md

@@ -58,14 +58,7 @@ Methods:
 - `node.pair.list` - list pending + paired nodes (`operator.pairing`).
 - `node.pair.approve` - approve a pending request (issues token).
 - `node.pair.reject` - reject a pending request.
-- `node.pair.remove` - remove a paired node. For device-backed pairings this
-  revokes the device's `node` role: it mutates `devices/paired.json` and
-  invalidates/disconnects that device's node-role sessions. A **mixed-role**
-  device (e.g. it also holds `operator`) keeps its row and only loses the `node`
-  role; a node-only device row is deleted. It also removes any matching legacy
-  gateway-owned node pairing entry. Authz: `operator.pairing` may remove
-  non-operator node rows; a device-token caller revoking its **own** node role on
-  a mixed-role device additionally needs `operator.admin`.
+- `node.pair.remove` - remove a stale paired node entry.
 - `node.pair.verify` - verify `{ nodeId, token }`.
 
 Notes:

docs/gateway/troubleshooting.md

@@ -160,7 +160,7 @@ it disabled for read-only shared skill roots.
 
 Related:
 
-- [Skills config](/tools/skills-config#symlinked-skill-roots)
+- [Skills config](/tools/skills-config#symlinked-sibling-repos)
 - [Configuration examples](/gateway/configuration-examples#symlinked-sibling-skill-repo)
 
 ## Anthropic 429 extra usage required for long context

docs/nodes/index.md

@@ -51,14 +51,8 @@ Notes:
   different role that pairing approval never granted.
 - `node.pair.*` (CLI: `openclaw nodes pending/approve/reject/remove/rename`) is a separate gateway-owned
   node pairing store; it does **not** gate the WS `connect` handshake.
-- `openclaw nodes remove --node <id|name|ip>` removes a node pairing. For a
-  device-backed node it revokes the device's `node` role in `devices/paired.json`
-  and disconnects that device's node-role sessions — a mixed-role device keeps
-  its row and only loses the `node` role, while a node-only device row is
-  deleted. It also clears any matching entry from the separate gateway-owned node
-  pairing store. `operator.pairing` may remove non-operator node rows; a
-  device-token caller revoking its own node role on a mixed-role device
-  additionally needs `operator.admin`.
+- `openclaw nodes remove --node <id|name|ip>` deletes stale entries from that
+  separate gateway-owned node pairing store.
 - Approval scope follows the pending request's declared commands:
   - commandless request: `operator.pairing`
   - non-exec node commands: `operator.pairing` + `operator.write`

docs/plugins/codex-harness.md

@@ -143,39 +143,12 @@ The native Codex app-server harness supports context engines that require
 pre-prompt assembly. Generic CLI backends, including `codex-cli`, do not provide
 that host capability.
 
-Codex thread bindings live in OpenClaw's SQLite plugin state and use the stable
-agent-scoped OpenClaw session key, or an opaque conversation-binding id, as
-their owner. Physical session ids fence delayed cleanup but may rotate without
-losing the Codex thread. Context-engine compaction adopts the successor id
-before continuing native Codex compaction. The bounded store rejects a new
-binding at its safety limit instead of evicting an existing thread's continuity
-record.
-Conversation binds create or resume their Codex thread on the first bound
-message after channel approval; an abandoned approval consumes no thread row.
-That first message carries the prepared thread directly into its turn.
-Subsequent messages use a metadata-only resume to subscribe the shared client,
-then unsubscribe after the turn completes.
-The runtime does not poll transcript-adjacent binding files. Upgrades from
-releases that used `*.jsonl.codex-app-server.json` sidecars migrate them during
-normal startup preflight. `openclaw doctor --fix` can run the same migration
-manually.
-Successfully matched sidecars are archived before the new runtime resumes their
-threads. Migration imports durable thread ownership only; it does not infer
-Codex context usage from OpenClaw counters or crawl Codex rollout files. For
-agent-session harness bindings, the next resume attempts to restore a cached
-native snapshot when Codex has one, and ongoing turns persist the current-context
-usage reported by app-server notifications, not the cumulative thread lifetime
-total. Conversation bindings
-keep metadata-only resumes and leave continuity and compaction with the native
-Codex thread. Conflicting or ambiguous sidecars stay in place with a warning for
-operator review.
-
 For Codex-backed agents, `/compact` starts native Codex app-server compaction on
-the bound thread. OpenClaw bounds the request-acceptance RPC but does not wait
-for compaction completion, restart the shared app-server, or fall back to a
-context-engine or public OpenAI summarizer. If the native Codex thread binding
-is missing or stale, the command fails closed so the operator sees the real
-runtime boundary instead of silently switching compaction backends.
+the bound thread. OpenClaw does not wait for completion, impose an OpenClaw
+timeout, restart the shared app-server, or fall back to a context-engine or
+public OpenAI summarizer. If the native Codex thread binding is missing or
+stale, the command fails closed so the operator sees the real runtime boundary
+instead of silently switching compaction backends.
 
 ```json5
 {

docs/plugins/copilot.md

@@ -79,9 +79,9 @@ Pin one model (or one provider) to the harness:
 {
   agents: {
     defaults: {
-      model: "github-copilot/auto",
+      model: "github-copilot/gpt-5.5",
       models: {
-        "github-copilot/auto": {
+        "github-copilot/gpt-5.5": {
           agentRuntime: { id: "copilot" },
         },
       },
@@ -95,10 +95,6 @@ when only that model should be routed through the harness; set
 `agentRuntime.id` on a provider when every model under that provider should
 use it.
 
-`github-copilot/auto` is the portable starting point. Named Copilot models are
-account- and organization-policy-dependent, so only pin one after confirming
-that the authenticated Copilot CLI exposes it.
-
 ## Supported providers
 
 The harness advertises support for the canonical `github-copilot` provider
@@ -173,9 +169,8 @@ The harness reads its config from per-attempt input
 - `infiniteSessionConfig` — optional override for the SDK
   `infiniteSessions` block driven by `harness.compact`. Defaults are safe to
   leave as-is.
-- `hooksConfig` — optional native Copilot SDK `SessionHooks` compatibility
-  config for tool/MCP, user-prompt, session, and error callbacks.
-  It is separate from OpenClaw's portable lifecycle hooks.
+- `hooksConfig` — optional bridge config exposing OpenClaw
+  before/after-message-write hooks to the SDK loop.
 - `permissionPolicy` — optional override for the SDK's
   `onPermissionRequest` handler used for built-in SDK tool kinds
   (`shell`, `write`, `read`, `url`, `mcp`, `memory`, `hook`). Defaults
@@ -186,14 +181,6 @@ The harness reads its config from per-attempt input
   wrapped `execute()`. See [Permissions and ask_user](#permissions-and-ask_user).
 - `enableSessionTelemetry` — optional SDK session telemetry flag.
 
-OpenClaw plugin hooks do not need Copilot-specific attempt configuration. The
-harness runs `before_prompt_build` (and the legacy `before_agent_start`
-compatibility hook), `llm_input`, `llm_output`, and `agent_end` through the
-standard harness helpers. Successful SDK compactions also run
-`before_compaction` and `after_compaction`. Bridged OpenClaw tools continue to
-run `before_tool_call` and report `after_tool_call`; `hooksConfig` remains for
-native SDK-only callbacks that have no portable equivalent.
-
 Nothing in the rest of OpenClaw needs to know about these fields. Other
 plugins, channels, and core code only see the standard
 `AgentHarnessAttemptParams` / `AgentHarnessAttemptResult` shape.

docs/plugins/plugin-inventory.md

@@ -51,7 +51,7 @@ Each entry lists the package, distribution route, and description.
 
 ## Core npm package
 
-72 plugins
+73 plugins
 
 - **[admin-http-rpc](/plugins/reference/admin-http-rpc)** (`@openclaw/admin-http-rpc`) - included in OpenClaw. OpenClaw admin HTTP RPC endpoint.
 
@@ -89,6 +89,8 @@ Each entry lists the package, distribution route, and description.
 
 - **[fal](/plugins/reference/fal)** (`@openclaw/fal-provider`) - included in OpenClaw. Adds fal model provider support to OpenClaw.
 
+- **[feeds](/plugins/reference/feeds)** (`@openclaw/feeds`) - included in OpenClaw. Adds configured catalog feed source validation for skills and plugins.
+
 - **[file-transfer](/plugins/reference/file-transfer)** (`@openclaw/file-transfer`) - included in OpenClaw. Fetch, list, and write files on paired nodes via dedicated node commands. Bypasses bash stdout truncation by using base64 over node.invoke for binaries up to 16 MB.
 
 - **[fireworks](/plugins/reference/fireworks)** (`@openclaw/fireworks-provider`) - included in OpenClaw. Adds Fireworks model provider support to OpenClaw.

docs/plugins/reference.md

@@ -15,5 +15,5 @@ This page is generated from `extensions/*/package.json` and
 pnpm plugins:inventory:gen
 ```
 
-Use [Plugin inventory](/plugins/plugin-inventory) to browse all 128
+Use [Plugin inventory](/plugins/plugin-inventory) to browse all 129
 generated plugin reference pages by distribution, package, and description.

docs/plugins/reference/feeds.md

@@ -0,0 +1,149 @@
+---
+summary: "Adds configured catalog feed source validation for skills and plugins."
+read_when:
+  - You are installing, configuring, or auditing the feeds plugin
+title: "Feeds plugin"
+---
+
+# Feeds plugin
+
+Adds configured catalog feed source validation, search, install handoff,
+lifecycle tooling, and optional native `skills search` / `plugins search` feed
+integration.
+
+## Distribution
+
+- Package: `@openclaw/feeds`
+- Install route: included in OpenClaw
+
+## Surface
+
+plugin
+
+## Configure feed sources
+
+Feed sources live under the bundled `feeds` plugin config. A source can point at
+an `https://` or `file://` feed document and can optionally be pinned by
+integrity.
+
+```jsonc
+{
+  "plugins": {
+    "entries": {
+      "feeds": {
+        "enabled": true,
+        "config": {
+          "sources": [
+            {
+              "id": "company-approved",
+              "url": "https://feeds.example.com/openclaw/feed.json",
+              "trust": "pinned",
+              "integrity": "sha256:...",
+            },
+          ],
+        },
+      },
+    },
+  },
+}
+```
+
+## Discover entries
+
+```bash
+openclaw feeds sources
+openclaw feeds list --source company-approved
+openclaw feeds search calendar --type plugin
+```
+
+## Install from a feed
+
+`openclaw feeds install` resolves exactly one feed entry, checks the configured
+feed install policy, and then hands off to the existing OpenClaw skill or plugin
+install command. The feeds plugin does not introduce a second installer.
+
+```bash
+openclaw feeds install calendar-helper --source company-approved --type plugin --dry-run
+openclaw feeds install calendar-helper --source company-approved --type plugin
+openclaw feeds install calendar-helper --source company-approved --type plugin --force
+```
+
+Use `--dry-run` to print the underlying install command without running it. Use
+`--force` to forward force behavior to the existing installer.
+
+## Install policy
+
+`installPolicy` controls approval checks for explicit feed-backed installs.
+
+```jsonc
+{
+  "plugins": {
+    "entries": {
+      "feeds": {
+        "enabled": true,
+        "config": {
+          "installPolicy": {
+            "mode": "enforce",
+            "requireApproval": true,
+          },
+          "sources": [
+            {
+              "id": "company-approved",
+              "url": "file:///opt/openclaw/feeds/company.json",
+            },
+          ],
+        },
+      },
+    },
+  },
+}
+```
+
+- `mode: "off"` performs no approval check.
+- `mode: "warn"` reports unapproved entries and continues.
+- `mode: "enforce"` blocks unapproved entries.
+- `requireApproval: true` requires `approval.status: "approved"` on feed entries.
+
+If `requireApproval` is `true` and `mode` is omitted, OpenClaw treats the policy
+as enforce. If `mode` is `enforce` and `requireApproval` is omitted, approval is
+required.
+
+## Native search
+
+`openclaw skills search` and `openclaw plugins search` continue to use ClawHub by
+default. Operators can opt into configured feeds explicitly:
+
+```bash
+openclaw skills search calendar --catalog-feeds
+openclaw plugins search calendar --feed-source company-approved
+```
+
+To make native search use feeds by default, configure the bundled Feeds plugin:
+
+```jsonc
+{
+  "plugins": {
+    "entries": {
+      "feeds": {
+        "enabled": true,
+        "config": {
+          "search": {
+            "default": true,
+            "sources": ["company-approved"],
+          },
+          "sources": [
+            {
+              "id": "company-approved",
+              "url": "https://feeds.example.com/openclaw/feed.json",
+              "trust": "pinned",
+              "integrity": "sha256:...",
+            },
+          ],
+        },
+      },
+    },
+  },
+}
+```
+
+Omit `search.sources` to search all enabled configured feed sources.

docs/plugins/sdk-agent-harness.md

@@ -185,17 +185,6 @@ field; OpenClaw does not infer it from assistant prose. The helper intentionally
 leaves prompt errors, in-flight turns, and intentional silent replies such as
 `NO_REPLY` unclassified.
 
-### Agent-end side effects
-
-Native harnesses must call `runAgentEndSideEffects(...)` from
-`openclaw/plugin-sdk/agent-harness-runtime` after they finalize an attempt. It
-dispatches the portable `agent_end` hook and OpenClaw's research capture without
-delaying interactive replies. Use `awaitAgentEndSideEffects(...)` for local,
-non-interactive runs where the attempt must not resolve until those side effects
-finish. Both helpers accept the same `{ event, ctx }` payload as
-`runAgentHarnessAgentEndHook(...)`; their failures do not alter the completed
-attempt result.
-
 ### Native Codex harness mode
 
 The bundled `codex` harness is the native Codex mode for embedded OpenClaw

docs/plugins/sdk-runtime.md

@@ -166,9 +166,7 @@ two-party event loops that do not go through the shared inbound reply runner.
 
     Prefer `getSessionEntry(...)`, `listSessionEntries(...)`, `patchSessionEntry(...)`, or `upsertSessionEntry(...)` for session workflows. These helpers address sessions by agent/session identity so plugins do not depend on the legacy `sessions.json` storage shape. Use `preserveActivity: true` for metadata-only patches that should not refresh session activity, and `replaceEntry: true` only when the callback returns a complete entry and deleted fields must stay deleted.
 
-    For transcript reads and writes, import `openclaw/plugin-sdk/session-transcript-runtime` and use `resolveSessionTranscriptIdentity(...)`, `resolveSessionTranscriptTarget(...)`, `readSessionTranscriptEvents(...)`, `appendSessionTranscriptMessageByIdentity(...)`, `publishSessionTranscriptUpdateByIdentity(...)`, or `withSessionTranscriptWriteLock(...)` with `{ agentId, sessionKey, sessionId }`. These APIs let plugins identify a transcript, read its events, append messages, publish updates, and run related operations under the same transcript write lock. Pass `sessionFile` only when adapting code that already receives an active transcript artifact and needs each helper to operate on that same artifact.
-
-    `loadSessionStore(...)`, `saveSessionStore(...)`, `updateSessionStore(...)`, and `resolveSessionFilePath(...)` are compatibility helpers for plugins that still intentionally depend on the legacy whole-store or transcript-file shape. New plugin code must not use those helpers, and existing callers should migrate to entry helpers.
+    `loadSessionStore(...)`, `saveSessionStore(...)`, `updateSessionStore(...)`, and `resolveSessionFilePath(...)` are kept only during the transition before SQLite migration for plugins that still intentionally depend on the legacy whole-store or transcript-file shape. New plugin code must not use those helpers, and existing callers must migrate to entry helpers before the SQLite storage flip.
 
   </Accordion>
   <Accordion title="api.runtime.agent.defaults">

docs/plugins/sdk-subpaths.md

@@ -248,7 +248,6 @@ usage endpoint failed or returned no usable usage data.
     | `plugin-sdk/reply-reference` | `createReplyReferencePlanner` |
     | `plugin-sdk/reply-chunking` | Narrow text/markdown chunking helpers |
     | `plugin-sdk/session-store-runtime` | Session workflow helpers (`getSessionEntry`, `listSessionEntries`, `patchSessionEntry`, `upsertSessionEntry`), legacy session store path/session-key helpers, updated-at reads, and transition-only whole-store/file-path compatibility helpers |
-    | `plugin-sdk/session-transcript-runtime` | Transcript identity, scoped target/read/write helpers, update publishing, write locks, and transcript memory hit keys |
     | `plugin-sdk/sqlite-runtime` | Focused SQLite agent-schema, path, and transaction helpers for first-party runtime |
     | `plugin-sdk/cron-store-runtime` | Cron store path/load/save helpers |
     | `plugin-sdk/state-paths` | State/OAuth dir path helpers |

extensions/amazon-bedrock/aws-credential-refresh.ts

@@ -6,6 +6,8 @@ type SharedIniFileLoader = {
   loadSharedConfigFiles(init?: { ignoreCache?: boolean }): Promise<unknown>;
 };
 
+let sharedIniFileLoaderForTest: SharedIniFileLoader | null | undefined;
+
 function hasStaticAwsCredentialEnv(env: NodeJS.ProcessEnv): boolean {
   return Boolean(env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY);
 }
@@ -19,6 +21,12 @@ export function shouldRefreshAwsSharedConfigCacheForBedrock(env: NodeJS.ProcessE
 }
 
 async function loadSharedIniFileLoader(): Promise<SharedIniFileLoader> {
+  if (sharedIniFileLoaderForTest !== undefined) {
+    if (!sharedIniFileLoaderForTest) {
+      throw new Error("AWS shared INI file loader unavailable");
+    }
+    return sharedIniFileLoaderForTest;
+  }
   return (await import("@smithy/shared-ini-file-loader")) as SharedIniFileLoader;
 }
 
@@ -32,3 +40,10 @@ export async function refreshAwsSharedConfigCacheForBedrock(
   const loader = await loadSharedIniFileLoader();
   await loader.loadSharedConfigFiles({ ignoreCache: true });
 }
+
+/** Override the shared INI loader for Bedrock credential-refresh tests. */
+export function setAwsSharedIniFileLoaderForTest(
+  loader: SharedIniFileLoader | null | undefined,
+): void {
+  sharedIniFileLoaderForTest = loader;
+}

extensions/amazon-bedrock/index.test.ts

@@ -9,9 +9,14 @@ import {
 } from "openclaw/plugin-sdk/plugin-test-runtime";
 import { withEnvAsync } from "openclaw/plugin-sdk/test-env";
 import { afterAll, afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { setAwsSharedIniFileLoaderForTest } from "./aws-credential-refresh.js";
 import { supportsBedrockPromptCaching } from "./bedrock-options.js";
 import { resetBedrockDiscoveryCacheForTest } from "./discovery.js";
 import amazonBedrockPlugin from "./index.js";
+import {
+  resetBedrockAppProfileCacheEligibilityForTest,
+  setBedrockAppProfileControlPlaneForTest,
+} from "./register.sync.runtime.js";
 
 type BedrockClientResult =
   | {
@@ -91,10 +96,6 @@ vi.mock("@aws-sdk/client-bedrock", () => {
   };
 });
 
-vi.mock("@smithy/shared-ini-file-loader", () => ({
-  loadSharedConfigFiles: refreshSharedConfigCache,
-}));
-
 type RegisteredProviderPlugin = Awaited<ReturnType<typeof registerSingleProviderPlugin>>;
 
 /** Register the amazon-bedrock plugin with an optional pluginConfig override. */
@@ -148,8 +149,6 @@ const ANTHROPIC_MODEL_DESCRIPTOR = {
 
 const APP_INFERENCE_PROFILE_ARN =
   "arn:aws:bedrock:us-east-1:123456789012:application-inference-profile/my-claude-profile";
-const OPUS_APP_INFERENCE_PROFILE_ARN =
-  "arn:aws:bedrock:us-east-1:123456789012:application-inference-profile/opus-temperature-profile";
 const APP_INFERENCE_PROFILE_DESCRIPTOR = {
   api: "openai-completions",
   provider: "amazon-bedrock",
@@ -268,12 +267,26 @@ describe("amazon-bedrock provider plugin", () => {
     inferenceProfileGetResults.length = 0;
     bedrockClientConfigs.length = 0;
     refreshSharedConfigCache.mockClear();
+    setAwsSharedIniFileLoaderForTest({ loadSharedConfigFiles: refreshSharedConfigCache });
     sendBedrockCommand.mockClear();
     resetBedrockDiscoveryCacheForTest();
+    resetBedrockAppProfileCacheEligibilityForTest();
+    setBedrockAppProfileControlPlaneForTest((region) => ({
+      async getInferenceProfile(input) {
+        class GetInferenceProfileCommand {
+          constructor(readonly inputLocal: Record<string, unknown> = {}) {}
+        }
+        bedrockClientConfigs.push(region ? { region } : {});
+        return await sendBedrockCommand(new GetInferenceProfileCommand(input));
+      },
+    }));
   });
 
   afterEach(() => {
+    setBedrockAppProfileControlPlaneForTest(undefined);
+    setAwsSharedIniFileLoaderForTest(undefined);
     resetBedrockDiscoveryCacheForTest();
+    resetBedrockAppProfileCacheEligibilityForTest();
   });
 
   afterAll(() => {
@@ -1488,8 +1501,8 @@ describe("amazon-bedrock provider plugin", () => {
 
       await callWrappedStreamWithPayload(
         provider,
-        OPUS_APP_INFERENCE_PROFILE_ARN,
-        makeAppInferenceProfileDescriptor(OPUS_APP_INFERENCE_PROFILE_ARN),
+        APP_INFERENCE_PROFILE_ARN,
+        APP_INFERENCE_PROFILE_DESCRIPTOR,
         { temperature: 0.3, maxTokens: 10, cacheRetention: "short" },
         payload,
       );

extensions/amazon-bedrock/register.sync.runtime.ts

@@ -254,7 +254,27 @@ type BedrockControlPlane = {
   }) => Promise<BedrockGetInferenceProfileResponse>;
 };
 
+type BedrockControlPlaneFactory = (region: string | undefined) => BedrockControlPlane;
+
+let bedrockControlPlaneOverride: BedrockControlPlaneFactory | undefined;
+
+/** Reset app-profile prompt-cache eligibility state for tests. */
+export function resetBedrockAppProfileCacheEligibilityForTest(): void {
+  appProfileTraitsCache.clear();
+}
+
+/** Override Bedrock app-profile control-plane checks for tests. */
+export function setBedrockAppProfileControlPlaneForTest(
+  controlPlane: BedrockControlPlaneFactory | undefined,
+): void {
+  bedrockControlPlaneOverride = controlPlane;
+  resetBedrockAppProfileCacheEligibilityForTest();
+}
+
 async function createBedrockControlPlane(region: string | undefined): Promise<BedrockControlPlane> {
+  if (bedrockControlPlaneOverride) {
+    return bedrockControlPlaneOverride(region);
+  }
   await refreshAwsSharedConfigCacheForBedrock();
   const { BedrockClient, GetInferenceProfileCommand } = await import("@aws-sdk/client-bedrock");
   const client = new BedrockClient(region ? { region } : {});

extensions/browser/src/browser/cdp.ts

@@ -299,6 +299,25 @@ async function prepareCdpPageSession(send: CdpSendFn, sessionId?: string): Promi
   await send("Runtime.runIfWaitingForDebugger", undefined, sessionId).catch(() => {});
 }
 
+/** Runtime.evaluate remote-object subset used by CDP helpers. */
+export type CdpRemoteObject = {
+  type: string;
+  subtype?: string;
+  value?: unknown;
+  description?: string;
+  unserializableValue?: string;
+  preview?: unknown;
+};
+
+/** Exception details surfaced from CDP Runtime.evaluate. */
+export type CdpExceptionDetails = {
+  text?: string;
+  lineNumber?: number;
+  columnNumber?: number;
+  exception?: CdpRemoteObject;
+  stackTrace?: unknown;
+};
+
 /** Normalized accessibility tree node returned by ARIA snapshots. */
 export type AriaSnapshotNode = {
   ref: string;

extensions/canvas/scripts/pnpm-runner.d.mts

@@ -1,7 +1,5 @@
 export interface PnpmRunnerParams {
   comSpec?: string;
-  cwd?: string;
-  env?: NodeJS.ProcessEnv;
   nodeArgs?: string[];
   nodeExecPath?: string;
   npmExecPath?: string;

extensions/canvas/scripts/pnpm-runner.mjs

@@ -2,7 +2,6 @@
  * Cross-platform pnpm command resolver used by Canvas build scripts.
  */
 import { accessSync, closeSync, constants, openSync, readSync, statSync } from "node:fs";
-import path from "node:path";
 
 const WINDOWS_UNSAFE_CMD_CHARS_RE = /[&|<>%\r\n]/;
 const PNPM_EXECUTABLE_RE = /^pnpm(?:-cli)?(?:\.(?:[cm]?js|cmd|exe))?$/;
@@ -49,56 +48,13 @@ function isExecutableFile(value) {
   }
 }
 
-function isFile(value) {
-  try {
-    return statSync(value).isFile();
-  } catch {
-    return false;
-  }
-}
-
-function resolvePathEnvKey(env) {
-  return Object.keys(env).find((key) => key.toLowerCase() === "path") ?? "PATH";
-}
-
-function findExecutableOnPath(command, envPath, platform, env, cwd) {
-  if (typeof envPath !== "string" || envPath.length === 0) {
-    return undefined;
-  }
-  const extensions =
-    platform === "win32"
-      ? (env[Object.keys(env).find((key) => key.toLowerCase() === "pathext") ?? "PATHEXT"] ??
-          ".COM;.EXE;.BAT;.CMD")
-          .split(";")
-          .filter(Boolean)
-          .map((extension) => extension.toLowerCase())
-      : [""];
-  const pathImpl = platform === "win32" ? path.win32 : path;
-  const pathDelimiter = platform === "win32" ? ";" : path.delimiter;
-  for (const directory of envPath.split(pathDelimiter)) {
-    if (!directory) {
-      continue;
-    }
-    const resolvedDirectory = pathImpl.isAbsolute(directory)
-      ? directory
-      : pathImpl.resolve(cwd, directory);
-    for (const extension of extensions) {
-      const candidate = pathImpl.join(resolvedDirectory, `${command}${extension}`);
-      if ((platform === "win32" ? isFile(candidate) : isExecutableFile(candidate))) {
-        return candidate;
-      }
-    }
-  }
-  return undefined;
-}
-
 function isNodeRunnablePnpmExecPath(value) {
   if (!isPnpmExecPath(value)) {
     return false;
   }
   const { extension } = inspectExecutablePath(value);
   if (NODE_RUNNABLE_EXTENSIONS.has(extension)) {
-    return isFile(value);
+    return true;
   }
   if (extension.length > 0) {
     return false;
@@ -173,22 +129,6 @@ export function resolvePnpmRunner(params = {}) {
 
   const pnpmArgs = params.pnpmArgs ?? [];
   const platform = params.platform ?? process.platform;
-  const env = params.env ?? process.env;
-  const envPath = env[platform === "win32" ? resolvePathEnvKey(env) : "PATH"];
-  const cwd = params.cwd ?? process.cwd();
-  const pnpmPath = findExecutableOnPath("pnpm", envPath, platform, env, cwd);
-  if (pnpmPath) {
-    return platform === "win32"
-      ? windowsCmdSpec(pnpmPath, pnpmArgs, params.comSpec ?? process.env.ComSpec ?? "cmd.exe")
-      : { args: pnpmArgs, command: pnpmPath, shell: false };
-  }
-  const corepackPath = findExecutableOnPath("corepack", envPath, platform, env, cwd);
-  if (corepackPath) {
-    const args = ["pnpm", ...pnpmArgs];
-    return platform === "win32"
-      ? windowsCmdSpec(corepackPath, args, params.comSpec ?? process.env.ComSpec ?? "cmd.exe")
-      : { args, command: corepackPath, shell: false };
-  }
   if (platform === "win32") {
     return windowsCmdSpec("pnpm.cmd", pnpmArgs, params.comSpec ?? process.env.ComSpec ?? "cmd.exe");
   }

extensions/canvas/scripts/pnpm-runner.test.ts

@@ -17,7 +17,6 @@ describe("canvas pnpm runner", () => {
     try {
       expect(
         resolvePnpmRunner({
-          env: { PATH: "" },
           npmExecPath,
           platform: "darwin",
           pnpmArgs: ["exec", "rolldown", "-c"],
@@ -41,7 +40,6 @@ describe("canvas pnpm runner", () => {
     try {
       expect(
         resolvePnpmRunner({
-          env: { PATH: "" },
           npmExecPath,
           platform: "darwin",
           pnpmArgs: ["exec", "rolldown", "-c"],
@@ -55,79 +53,4 @@ describe("canvas pnpm runner", () => {
       rmSync(tempDir, { recursive: true, force: true });
     }
   });
-
-  posixIt("uses Corepack when pnpm is not directly available on PATH", () => {
-    const tempDir = mkdtempSync(path.join(os.tmpdir(), "canvas-pnpm-runner-corepack-"));
-    const corepackPath = path.join(tempDir, "corepack");
-    writeFileSync(corepackPath, "#!/bin/sh\nexit 0\n");
-    chmodSync(corepackPath, 0o755);
-
-    try {
-      expect(
-        resolvePnpmRunner({
-          env: { PATH: tempDir },
-          npmExecPath: "",
-          platform: "darwin",
-          pnpmArgs: ["exec", "rolldown", "-c"],
-        }),
-      ).toEqual({
-        args: ["pnpm", "exec", "rolldown", "-c"],
-        command: corepackPath,
-        shell: false,
-      });
-    } finally {
-      rmSync(tempDir, { recursive: true, force: true });
-    }
-  });
-
-  posixIt("ignores a missing pnpm JS npm_execpath before checking PATH", () => {
-    const tempDir = mkdtempSync(path.join(os.tmpdir(), "canvas-pnpm-runner-missing-"));
-    const corepackPath = path.join(tempDir, "corepack");
-    writeFileSync(corepackPath, "#!/bin/sh\nexit 0\n");
-    chmodSync(corepackPath, 0o755);
-
-    try {
-      expect(
-        resolvePnpmRunner({
-          env: { PATH: tempDir },
-          npmExecPath: path.join(tempDir, "missing-pnpm.mjs"),
-          platform: "darwin",
-          pnpmArgs: ["exec", "rolldown", "-c"],
-        }),
-      ).toEqual({
-        args: ["pnpm", "exec", "rolldown", "-c"],
-        command: corepackPath,
-        shell: false,
-      });
-    } finally {
-      rmSync(tempDir, { recursive: true, force: true });
-    }
-  });
-
-  posixIt("prefers a direct pnpm executable over Corepack", () => {
-    const tempDir = mkdtempSync(path.join(os.tmpdir(), "canvas-pnpm-runner-path-"));
-    const pnpmPath = path.join(tempDir, "pnpm");
-    const corepackPath = path.join(tempDir, "corepack");
-    writeFileSync(pnpmPath, "#!/bin/sh\nexit 0\n");
-    writeFileSync(corepackPath, "#!/bin/sh\nexit 0\n");
-    chmodSync(pnpmPath, 0o755);
-    chmodSync(corepackPath, 0o755);
-
-    try {
-      expect(
-        resolvePnpmRunner({
-          env: { PATH: tempDir },
-          npmExecPath: "",
-          platform: "darwin",
-          pnpmArgs: ["exec", "rolldown", "-c"],
-        }),
-      ).toEqual({
-        args: ["exec", "rolldown", "-c"],
-        command: pnpmPath,
-        shell: false,
-      });
-    } finally {
-      rmSync(tempDir, { recursive: true, force: true });
-    }
-  });
 });

extensions/codex/doctor-contract-api.ts

@@ -1,4 +1,7 @@
-/** Doctor contract hooks for Codex config, state migration, and route ownership. */
+/**
+ * Doctor contract hooks for Codex plugin config migrations and session-route
+ * ownership warnings.
+ */
 import type { OpenClawConfig } from "openclaw/plugin-sdk/config-contracts";
 import type { DoctorSessionRouteStateOwner } from "openclaw/plugin-sdk/runtime-doctor";
 
@@ -48,7 +51,9 @@ export const legacyConfigRules: LegacyConfigRule[] = [
   },
 ];
 
-/** Removes retired Codex plugin config keys while preserving unrelated config. */
+/**
+ * Removes retired Codex plugin config keys while preserving unrelated config.
+ */
 export function normalizeCompatibilityConfig({ cfg }: { cfg: OpenClawConfig }): {
   config: OpenClawConfig;
   changes: string[];
@@ -66,9 +71,10 @@ export function normalizeCompatibilityConfig({ cfg }: { cfg: OpenClawConfig }):
   const nextConfig = structuredClone(cfg) as OpenClawConfig & {
     plugins?: Record<string, unknown>;
   };
-  const nextPluginConfig = asRecord(
-    asRecord(asRecord(asRecord(nextConfig.plugins)?.entries)?.codex)?.config,
-  );
+  const nextPlugins = asRecord(nextConfig.plugins);
+  const nextEntries = asRecord(nextPlugins?.entries);
+  const nextEntry = asRecord(nextEntries?.codex);
+  const nextPluginConfig = asRecord(nextEntry?.config);
   if (!nextPluginConfig) {
     return { config: cfg, changes: [] };
   }
@@ -115,5 +121,3 @@ export const sessionRouteStateOwners: DoctorSessionRouteStateOwner[] = [
     authProfilePrefixes: ["codex:", "codex-cli:", "openai-codex:"],
   },
 ];
-
-export { stateMigrations } from "./src/migration/session-binding-sidecars.js";

extensions/codex/harness.test.ts

@@ -1,18 +1,9 @@
 // Codex tests cover harness plugin behavior.
-import fs from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
 import { describe, expect, it } from "vitest";
 import { createCodexAppServerAgentHarness } from "./harness.js";
-import {
-  createCodexTestBindingStore,
-  testCodexAppServerBindingStore,
-} from "./src/app-server/session-binding.test-helpers.js";
 
 describe("Codex agent harness supports()", () => {
-  const harness = createCodexAppServerAgentHarness({
-    bindingStore: testCodexAppServerBindingStore,
-  });
+  const harness = createCodexAppServerAgentHarness();
 
   it("supports the canonical codex virtual provider", () => {
     expect(harness.supports({ provider: "codex", requestedRuntime: "codex" })).toEqual({
@@ -49,149 +40,8 @@ describe("Codex agent harness supports()", () => {
   });
 
   it("honors explicit provider id overrides", () => {
-    const narrowHarness = createCodexAppServerAgentHarness({
-      bindingStore: testCodexAppServerBindingStore,
-      providerIds: ["codex"],
-    });
+    const narrowHarness = createCodexAppServerAgentHarness({ providerIds: ["codex"] });
     const result = narrowHarness.supports({ provider: "openai", requestedRuntime: "codex" });
     expect(result.supported).toBe(false);
   });
 });
-
-describe("Codex agent harness reset", () => {
-  it("uses the host agent for global session keys", async () => {
-    const bindingStore = createCodexTestBindingStore();
-    const harness = createCodexAppServerAgentHarness({ bindingStore });
-    const identity = {
-      kind: "session" as const,
-      agentId: "work",
-      sessionId: "session-1",
-      sessionKey: "global",
-    };
-    await bindingStore.mutate(identity, {
-      kind: "set",
-      binding: { threadId: "thread-work", cwd: "/repo" },
-    });
-
-    await harness.reset?.({
-      agentId: "work",
-      sessionId: "session-1",
-      sessionKey: "global",
-      reason: "reset",
-    });
-
-    await expect(bindingStore.read(identity)).resolves.toBeUndefined();
-    await expect(
-      bindingStore.mutate(identity, {
-        kind: "set",
-        binding: { threadId: "thread-stale", cwd: "/stale" },
-      }),
-    ).resolves.toBe(false);
-    const nextIdentity = { ...identity, sessionId: "session-2" };
-    await expect(
-      bindingStore.mutate(nextIdentity, {
-        kind: "set",
-        binding: { threadId: "thread-next", cwd: "/next" },
-      }),
-    ).resolves.toBe(false);
-    await expect(
-      bindingStore.mutate(nextIdentity, {
-        kind: "reclaim-generation",
-        expectedPreviousSessionId: identity.sessionId,
-      }),
-    ).resolves.toBe(true);
-    await expect(
-      bindingStore.mutate(nextIdentity, {
-        kind: "set",
-        binding: { threadId: "thread-next", cwd: "/next" },
-      }),
-    ).resolves.toBe(true);
-    await expect(bindingStore.read(nextIdentity)).resolves.toMatchObject({
-      threadId: "thread-next",
-    });
-  });
-
-  it("accepts an absent binding but rejects a mismatched reset generation", async () => {
-    const bindingStore = createCodexTestBindingStore();
-    const harness = createCodexAppServerAgentHarness({ bindingStore });
-    const current = {
-      kind: "session" as const,
-      agentId: "main",
-      sessionId: "session-1",
-      sessionKey: "agent:main:main",
-    };
-
-    await expect(
-      harness.reset?.({
-        agentId: "main",
-        sessionId: "missing-session",
-        sessionKey: "agent:main:missing",
-        reason: "reset",
-      }),
-    ).resolves.toBeUndefined();
-
-    await bindingStore.mutate(current, {
-      kind: "set",
-      binding: { threadId: "thread-1", cwd: "/repo" },
-    });
-    await expect(
-      harness.reset?.({
-        agentId: "main",
-        sessionId: "session-2",
-        sessionKey: current.sessionKey,
-        reason: "reset",
-      }),
-    ).rejects.toThrow("binding generation changed");
-    await expect(bindingStore.read(current)).resolves.toMatchObject({ threadId: "thread-1" });
-  });
-
-  it("reclaims a stale generation left while the Codex plugin was unavailable", async () => {
-    const stateDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-codex-reset-"));
-    const storePath = path.join(stateDir, "sessions.json");
-    const sessionKey = "agent:main:main";
-    await fs.writeFile(
-      storePath,
-      JSON.stringify({
-        [sessionKey]: {
-          sessionId: "session-2",
-          updatedAt: Date.now(),
-        },
-      }),
-      "utf8",
-    );
-    const bindingStore = createCodexTestBindingStore();
-    const harness = createCodexAppServerAgentHarness({
-      bindingStore,
-      resolveConfig: () => ({ session: { store: storePath } }),
-    });
-    const stale = {
-      kind: "session" as const,
-      agentId: "main",
-      sessionId: "session-1",
-      sessionKey,
-    };
-    await bindingStore.mutate(stale, {
-      kind: "set",
-      binding: { threadId: "thread-stale", cwd: "/repo" },
-    });
-
-    await expect(
-      harness.reset?.({
-        agentId: "main",
-        sessionId: "session-2",
-        sessionKey,
-        reason: "reset",
-      }),
-    ).resolves.toBeUndefined();
-
-    const current = { ...stale, sessionId: "session-2" };
-    await expect(bindingStore.read(current)).resolves.toBeUndefined();
-    await expect(
-      bindingStore.mutate(current, {
-        kind: "set",
-        binding: { threadId: "thread-delayed", cwd: "/repo" },
-      }),
-    ).resolves.toBe(false);
-    await fs.rm(stateDir, { recursive: true, force: true });
-  });
-});

extensions/codex/harness.ts

@@ -7,13 +7,11 @@ import type {
   AgentHarnessCompactResult,
   ContextEngineHostCapability,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
-import type { OpenClawConfig } from "openclaw/plugin-sdk/config-contracts";
 import type {
   CodexAppServerListModelsOptions,
   CodexAppServerModel,
   CodexAppServerModelListResult,
 } from "./src/app-server/models.js";
-import type { CodexAppServerBindingStore } from "./src/app-server/session-binding.js";
 
 const DEFAULT_CODEX_HARNESS_PROVIDER_IDS = new Set(["codex", "openai"]);
 const CODEX_APP_SERVER_CONTEXT_ENGINE_HOST_CAPABILITIES = [
@@ -39,14 +37,12 @@ type CodexAppServerAgentHarness = AgentHarness & {
  * Creates the Codex app-server harness used for attempts, side questions,
  * compaction, reset, and disposal.
  */
-export function createCodexAppServerAgentHarness(options: {
+export function createCodexAppServerAgentHarness(options?: {
   id?: string;
   label?: string;
   providerIds?: Iterable<string>;
   pluginConfig?: unknown;
   resolvePluginConfig?: () => unknown;
-  resolveConfig?: () => OpenClawConfig | undefined;
-  bindingStore: CodexAppServerBindingStore;
 }): AgentHarness {
   const providerIds = new Set(
     [...(options?.providerIds ?? DEFAULT_CODEX_HARNESS_PROVIDER_IDS)].map((id) =>
@@ -75,7 +71,6 @@ export function createCodexAppServerAgentHarness(options: {
       // cold provider catalog reads do not pull in the whole Codex runtime.
       const { runCodexAppServerAttempt } = await import("./src/app-server/run-attempt.js");
       return runCodexAppServerAttempt(params, {
-        bindingStore: options.bindingStore,
         pluginConfig: options?.resolvePluginConfig?.() ?? options?.pluginConfig,
         nativeHookRelay: { enabled: true },
       });
@@ -83,7 +78,6 @@ export function createCodexAppServerAgentHarness(options: {
     runSideQuestion: async (params) => {
       const { runCodexAppServerSideQuestion } = await import("./src/app-server/side-question.js");
       return runCodexAppServerSideQuestion(params, {
-        bindingStore: options.bindingStore,
         pluginConfig: options?.resolvePluginConfig?.() ?? options?.pluginConfig,
         nativeHookRelay: { enabled: true },
       });
@@ -91,43 +85,20 @@ export function createCodexAppServerAgentHarness(options: {
     compact: async (params) => {
       const { maybeCompactCodexAppServerSession } = await import("./src/app-server/compact.js");
       return maybeCompactCodexAppServerSession(params, {
-        bindingStore: options.bindingStore,
         pluginConfig: options?.resolvePluginConfig?.() ?? options?.pluginConfig,
       });
     },
     compactAfterContextEngine: async (params) => {
       const { maybeCompactCodexAppServerSession } = await import("./src/app-server/compact.js");
       return maybeCompactCodexAppServerSession(params, {
-        bindingStore: options.bindingStore,
         pluginConfig: options?.resolvePluginConfig?.() ?? options?.pluginConfig,
         allowNonManualNativeRequest: true,
       });
     },
     reset: async (params) => {
-      if (params.sessionId) {
-        const { reclaimCurrentCodexSessionGeneration, sessionBindingIdentity } =
-          await import("./src/app-server/session-binding.js");
-        const identity = sessionBindingIdentity({
-          agentId: params.agentId,
-          sessionId: params.sessionId,
-          sessionKey: params.sessionKey,
-        });
-        let retired = await options.bindingStore.retireSessionGeneration(identity);
-        if (retired === "conflict") {
-          const reclaimed = await reclaimCurrentCodexSessionGeneration({
-            bindingStore: options.bindingStore,
-            identity,
-            config: options.resolveConfig?.(),
-          });
-          if (reclaimed) {
-            retired = await options.bindingStore.retireSessionGeneration(identity);
-          }
-        }
-        if (retired === "conflict") {
-          throw new Error(
-            `Codex binding generation changed before session ${params.sessionId} could reset`,
-          );
-        }
+      if (params.sessionFile) {
+        const { clearCodexAppServerBinding } = await import("./src/app-server/session-binding.js");
+        await clearCodexAppServerBinding(params.sessionFile);
       }
     },
     dispose: async () => {

extensions/codex/index.test.ts

@@ -4,30 +4,10 @@ import { createTestPluginApi } from "openclaw/plugin-sdk/plugin-test-api";
 import { describe, expect, it, vi } from "vitest";
 import { createCodexAppServerAgentHarness } from "./harness.js";
 import plugin from "./index.js";
-import {
-  createCodexAppServerBindingStore,
-  sessionBindingIdentity,
-} from "./src/app-server/session-binding.js";
-import {
-  createCodexTestBindingStateStore,
-  testCodexAppServerBindingStore,
-} from "./src/app-server/session-binding.test-helpers.js";
 
 const runCodexAppServerAttemptMock = vi.hoisted(() => vi.fn());
 const runCodexAppServerSideQuestionMock = vi.hoisted(() => vi.fn());
 
-function createCodexTestRuntime(
-  current?: () => unknown,
-  stateStore = createCodexTestBindingStateStore(),
-) {
-  return {
-    ...(current ? { config: { current } } : {}),
-    state: {
-      openSyncKeyedStore: () => stateStore,
-    },
-  } as never;
-}
-
 vi.mock("./src/app-server/run-attempt.js", () => ({
   runCodexAppServerAttempt: runCodexAppServerAttemptMock,
 }));
@@ -60,6 +40,7 @@ describe("codex plugin", () => {
     const registerProvider = vi.fn();
     const registerWebSearchProvider = vi.fn();
     const on = vi.fn();
+    const onConversationBindingResolved = vi.fn();
 
     plugin.register(
       createTestPluginApi({
@@ -68,7 +49,7 @@ describe("codex plugin", () => {
         source: "test",
         config: {},
         pluginConfig: {},
-        runtime: createCodexTestRuntime(),
+        runtime: {} as never,
         registerAgentHarness,
         registerCommand,
         registerMediaUnderstandingProvider,
@@ -76,6 +57,7 @@ describe("codex plugin", () => {
         registerProvider,
         registerWebSearchProvider,
         on,
+        onConversationBindingResolved,
       }),
     );
 
@@ -85,6 +67,9 @@ describe("codex plugin", () => {
       | Record<string, unknown>
       | undefined;
     const inboundClaimRegistration = mockCall(on) as [unknown, unknown] | undefined;
+    const bindingResolvedRegistration = mockCall(onConversationBindingResolved) as
+      | [unknown]
+      | undefined;
 
     expect(providerRegistration.id).toBe("codex");
     expect(providerRegistration.label).toBe("Codex");
@@ -118,12 +103,33 @@ describe("codex plugin", () => {
     expect(migrationRegistration?.label).toBe("Codex");
     expect(inboundClaimRegistration?.[0]).toBe("inbound_claim");
     expect(typeof inboundClaimRegistration?.[1]).toBe("function");
+    expect(typeof bindingResolvedRegistration?.[0]).toBe("function");
+  });
+
+  it("registers with capture APIs that do not expose conversation binding hooks yet", () => {
+    const registerProvider = vi.fn();
+    const api = createTestPluginApi({
+      id: "codex",
+      name: "Codex",
+      source: "test",
+      config: {},
+      pluginConfig: {},
+      runtime: {} as never,
+      registerAgentHarness: vi.fn(),
+      registerCommand: vi.fn(),
+      registerMediaUnderstandingProvider: vi.fn(),
+      registerProvider,
+      on: vi.fn(),
+    });
+    delete (api as { onConversationBindingResolved?: unknown }).onConversationBindingResolved;
+
+    plugin.register(api);
+    expect(registerProvider).toHaveBeenCalledTimes(1);
+    expect((mockCallArg(registerProvider) as { id?: string } | undefined)?.id).toBe("codex");
   });
 
   it("claims the Codex routing providers by default", () => {
-    const harness = createCodexAppServerAgentHarness({
-      bindingStore: testCodexAppServerBindingStore,
-    });
+    const harness = createCodexAppServerAgentHarness();
 
     expect(harness.deliveryDefaults?.sourceVisibleReplies).toBe("message_tool");
     expect(
@@ -144,196 +150,8 @@ describe("codex plugin", () => {
     expect(unsupported.supported).toBe(false);
   });
 
-  it("clears only ended session binding rows in the owning agent scope", async () => {
-    const stateStore = createCodexTestBindingStateStore();
-    const bindingStore = createCodexAppServerBindingStore(stateStore);
-    const on = vi.fn();
-    plugin.register(
-      createTestPluginApi({
-        id: "codex",
-        name: "Codex",
-        source: "test",
-        config: {},
-        pluginConfig: {},
-        runtime: createCodexTestRuntime(undefined, stateStore),
-        registerAgentHarness: vi.fn(),
-        registerCommand: vi.fn(),
-        registerMediaUnderstandingProvider: vi.fn(),
-        registerMigrationProvider: vi.fn(),
-        registerProvider: vi.fn(),
-        on,
-      }),
-    );
-    const sessionEnd = on.mock.calls.find(([name]) => name === "session_end")?.[1] as
-      | ((
-          event: { sessionId: string; sessionKey?: string; reason?: string },
-          ctx: { agentId?: string; sessionId: string; sessionKey?: string },
-        ) => Promise<void>)
-      | undefined;
-    if (!sessionEnd) {
-      throw new Error("missing Codex session_end hook");
-    }
-    const identity = sessionBindingIdentity({
-      agentId: "worker",
-      sessionId: "session-1",
-      sessionKey: "agent:worker:session-1",
-    });
-    const setBinding = () =>
-      bindingStore.mutate(identity, {
-        kind: "set",
-        binding: { threadId: "thread-1", cwd: "/repo" },
-      });
-
-    for (const reason of ["shutdown", "restart", "compaction", "unknown"] as const) {
-      await setBinding();
-      await sessionEnd(
-        { sessionId: "session-1", sessionKey: "agent:worker:session-1", reason },
-        { agentId: "worker", sessionId: "session-1" },
-      );
-      await expect(bindingStore.read(identity)).resolves.toMatchObject({
-        threadId: "thread-1",
-      });
-    }
-    for (const reason of ["new", "reset", "idle", "daily", "deleted"] as const) {
-      await setBinding();
-      await sessionEnd(
-        { sessionId: "session-1", sessionKey: "agent:worker:session-1", reason },
-        { agentId: "worker", sessionId: "session-1" },
-      );
-      await expect(bindingStore.read(identity)).resolves.toBeUndefined();
-    }
-  });
-
-  it("adopts compaction successors before delayed lifecycle cleanup", async () => {
-    const stateStore = createCodexTestBindingStateStore();
-    const bindingStore = createCodexAppServerBindingStore(stateStore);
-    const on = vi.fn();
-    plugin.register(
-      createTestPluginApi({
-        id: "codex",
-        name: "Codex",
-        source: "test",
-        config: {},
-        pluginConfig: {},
-        runtime: createCodexTestRuntime(undefined, stateStore),
-        registerAgentHarness: vi.fn(),
-        registerCommand: vi.fn(),
-        registerMediaUnderstandingProvider: vi.fn(),
-        registerMigrationProvider: vi.fn(),
-        registerProvider: vi.fn(),
-        on,
-      }),
-    );
-    const afterCompaction = on.mock.calls.find(([name]) => name === "after_compaction")?.[1] as
-      | ((
-          event: {
-            messageCount: number;
-            compactedCount: number;
-            previousSessionId?: string;
-          },
-          ctx: { agentId?: string; sessionId?: string; sessionKey?: string },
-        ) => Promise<void>)
-      | undefined;
-    const sessionEnd = on.mock.calls.find(([name]) => name === "session_end")?.[1] as
-      | ((
-          event: { sessionId: string; sessionKey?: string; reason?: string },
-          ctx: { agentId?: string; sessionId: string; sessionKey?: string },
-        ) => Promise<void>)
-      | undefined;
-    if (!afterCompaction || !sessionEnd) {
-      throw new Error("missing Codex compaction lifecycle hooks");
-    }
-    const sessionKey = "agent:worker:telegram:chat-1";
-    const previous = sessionBindingIdentity({
-      agentId: "worker",
-      sessionId: "session-1",
-      sessionKey,
-    });
-    const successor = sessionBindingIdentity({
-      agentId: "worker",
-      sessionId: "session-2",
-      sessionKey,
-    });
-    const newest = sessionBindingIdentity({
-      agentId: "worker",
-      sessionId: "session-3",
-      sessionKey,
-    });
-    await bindingStore.mutate(previous, {
-      kind: "set",
-      binding: { threadId: "thread-1", cwd: "/repo" },
-    });
-
-    await afterCompaction(
-      { messageCount: 1, compactedCount: 1, previousSessionId: "session-1" },
-      { agentId: "worker", sessionId: "session-2", sessionKey },
-    );
-    await expect(bindingStore.read(previous)).resolves.toBeUndefined();
-    await expect(bindingStore.read(successor)).resolves.toMatchObject({ threadId: "thread-1" });
-
-    await afterCompaction(
-      { messageCount: 1, compactedCount: 1, previousSessionId: "session-2" },
-      { agentId: "worker", sessionId: "session-3", sessionKey },
-    );
-    await afterCompaction(
-      { messageCount: 1, compactedCount: 1, previousSessionId: "session-1" },
-      { agentId: "worker", sessionId: "session-2", sessionKey },
-    );
-    await expect(bindingStore.read(successor)).resolves.toBeUndefined();
-    await expect(bindingStore.read(newest)).resolves.toMatchObject({ threadId: "thread-1" });
-
-    await sessionEnd(
-      { sessionId: "session-1", sessionKey, reason: "reset" },
-      { agentId: "worker", sessionId: "session-1", sessionKey },
-    );
-    await sessionEnd(
-      { sessionId: "session-2", sessionKey, reason: "compaction" },
-      { agentId: "worker", sessionId: "session-2", sessionKey },
-    );
-    await expect(bindingStore.read(newest)).resolves.toMatchObject({ threadId: "thread-1" });
-    expect(stateStore.entries()).toHaveLength(1);
-  });
-
-  it("ignores compaction for a session without a Codex binding", async () => {
-    const warn = vi.fn();
-    const on = vi.fn();
-    plugin.register(
-      createTestPluginApi({
-        id: "codex",
-        name: "Codex",
-        source: "test",
-        config: {},
-        pluginConfig: {},
-        logger: { debug: vi.fn(), info: vi.fn(), warn, error: vi.fn() },
-        runtime: createCodexTestRuntime(),
-        registerAgentHarness: vi.fn(),
-        registerCommand: vi.fn(),
-        registerMediaUnderstandingProvider: vi.fn(),
-        registerMigrationProvider: vi.fn(),
-        registerProvider: vi.fn(),
-        on,
-      }),
-    );
-    const afterCompaction = on.mock.calls.find(([name]) => name === "after_compaction")?.[1] as
-      | ((event: object, ctx: { sessionId?: string; sessionKey?: string }) => Promise<void>)
-      | undefined;
-    if (!afterCompaction) {
-      throw new Error("missing Codex after_compaction hook");
-    }
-
-    await afterCompaction(
-      { previousSessionId: "session-1" },
-      { sessionId: "session-2", sessionKey: "agent:main:main" },
-    );
-
-    expect(warn).not.toHaveBeenCalled();
-  });
-
   it("enables the native hook relay for public Codex app-server attempts", async () => {
-    const harness = createCodexAppServerAgentHarness({
-      bindingStore: testCodexAppServerBindingStore,
-      pluginConfig: { appServer: {} },
-    });
+    const harness = createCodexAppServerAgentHarness({ pluginConfig: { appServer: {} } });
     const result = { success: true };
     runCodexAppServerAttemptMock.mockResolvedValueOnce(result);
 
@@ -342,7 +160,6 @@ describe("codex plugin", () => {
     expect(runCodexAppServerAttemptMock).toHaveBeenCalledWith(
       { prompt: "hello" },
       {
-        bindingStore: testCodexAppServerBindingStore,
         pluginConfig: { appServer: {} },
         nativeHookRelay: { enabled: true },
       },
@@ -377,7 +194,11 @@ describe("codex plugin", () => {
         source: "test",
         config: {},
         pluginConfig: { codexPlugins: { enabled: false } },
-        runtime: createCodexTestRuntime(() => liveConfig),
+        runtime: {
+          config: {
+            current: () => liveConfig,
+          },
+        } as never,
         registerAgentHarness,
         registerCommand: vi.fn(),
         registerMediaUnderstandingProvider: vi.fn(),
@@ -397,49 +218,14 @@ describe("codex plugin", () => {
     expect(runCodexAppServerAttemptMock).toHaveBeenCalledWith(
       { prompt: "calendar" },
       {
-        bindingStore: expect.any(Object),
         pluginConfig: liveConfig.plugins.entries.codex.config,
         nativeHookRelay: { enabled: true },
       },
     );
   });
 
-  it("does not resurrect startup Codex config after the live entry is removed", async () => {
-    const registerAgentHarness = vi.fn();
-    plugin.register(
-      createTestPluginApi({
-        id: "codex",
-        name: "Codex",
-        source: "test",
-        config: {},
-        pluginConfig: { appServer: { mode: "yolo" } },
-        runtime: createCodexTestRuntime(() => ({ plugins: { entries: {} } })),
-        registerAgentHarness,
-        registerCommand: vi.fn(),
-        registerMediaUnderstandingProvider: vi.fn(),
-        registerMigrationProvider: vi.fn(),
-        registerProvider: vi.fn(),
-        on: vi.fn(),
-      }),
-    );
-    const harness = mockCallArg(registerAgentHarness) as ReturnType<
-      typeof createCodexAppServerAgentHarness
-    >;
-    runCodexAppServerAttemptMock.mockResolvedValueOnce({ success: true });
-
-    await harness.runAttempt({ prompt: "default policy" } as never);
-
-    expect(runCodexAppServerAttemptMock).toHaveBeenCalledWith(
-      { prompt: "default policy" },
-      expect.objectContaining({ pluginConfig: undefined }),
-    );
-  });
-
   it("enables the native hook relay for public Codex side questions", async () => {
-    const harness = createCodexAppServerAgentHarness({
-      bindingStore: testCodexAppServerBindingStore,
-      pluginConfig: { appServer: {} },
-    });
+    const harness = createCodexAppServerAgentHarness({ pluginConfig: { appServer: {} } });
     const runSideQuestion = harness["runSideQuestion"];
     const result = { text: "ok" };
     runCodexAppServerSideQuestionMock.mockResolvedValueOnce(result);
@@ -452,7 +238,6 @@ describe("codex plugin", () => {
     expect(runCodexAppServerSideQuestionMock).toHaveBeenCalledWith(
       { question: "btw" },
       {
-        bindingStore: testCodexAppServerBindingStore,
         pluginConfig: { appServer: {} },
         nativeHookRelay: { enabled: true },
       },

extensions/codex/index.ts

@@ -4,72 +4,48 @@
  */
 import type { OpenClawConfig } from "openclaw/plugin-sdk/config-contracts";
 import { mutateConfigFile } from "openclaw/plugin-sdk/config-mutation";
-import {
-  resolveLivePluginConfigObject,
-  resolvePluginConfigObject,
-} from "openclaw/plugin-sdk/plugin-config-runtime";
+import { resolveLivePluginConfigObject } from "openclaw/plugin-sdk/plugin-config-runtime";
 import { definePluginEntry } from "openclaw/plugin-sdk/plugin-entry";
 import { createCodexAppServerAgentHarness } from "./harness.js";
 import { buildCodexMediaUnderstandingProvider } from "./media-understanding-provider.js";
 import { buildCodexProvider } from "./provider.js";
-import {
-  CODEX_APP_SERVER_BINDING_MAX_ENTRIES,
-  CODEX_APP_SERVER_BINDING_NAMESPACE,
-  createLazyCodexAppServerBindingStore,
-  type StoredCodexAppServerBinding,
-} from "./src/app-server/session-binding-store.js";
 import type { CodexPluginsConfigBlock } from "./src/command-plugins-management.js";
 import { createCodexCommand } from "./src/commands.js";
+import {
+  handleCodexConversationBindingResolved,
+  handleCodexConversationInboundClaim,
+} from "./src/conversation-binding.js";
 import { buildCodexMigrationProvider } from "./src/migration/provider.js";
 import {
   createCodexCliSessionNodeHostCommands,
   createCodexCliSessionNodeInvokePolicies,
-} from "./src/node-cli-session-registration.js";
+  listCodexCliSessionsOnNode,
+  resumeCodexCliSessionOnNode,
+  resolveCodexCliSessionForBindingOnNode,
+} from "./src/node-cli-sessions.js";
 import { createCodexWebSearchProvider } from "./src/web-search-provider.js";
 
-const ENDED_SESSION_REASONS: ReadonlySet<string> = new Set([
-  "new",
-  "reset",
-  "idle",
-  "daily",
-  "deleted",
-]);
-
 export default definePluginEntry({
   id: "codex",
   name: "Codex",
   description: "Codex app-server harness and Codex-managed GPT model catalog.",
   register(api) {
-    const runtimeConfigLoader = api.runtime.config?.current
-      ? () => api.runtime.config?.current() as OpenClawConfig
-      : undefined;
-    const resolveCurrentConfig = () => runtimeConfigLoader?.();
-    const loadNodeCliSessions = () => import("./src/node-cli-sessions.js");
+    const resolveCurrentConfig = () =>
+      api.runtime.config?.current ? (api.runtime.config.current() as OpenClawConfig) : undefined;
     const resolveCurrentPluginConfig = () =>
       // Codex plugin config can change at runtime; resolve from live config for
       // harness attempts and binding claims instead of keeping startup values.
       resolveLivePluginConfigObject(
-        runtimeConfigLoader,
+        resolveCurrentConfig,
         "codex",
         api.pluginConfig as Record<string, unknown>,
-      );
-    const bindingStore = createLazyCodexAppServerBindingStore(
-      api.runtime.state.openSyncKeyedStore<StoredCodexAppServerBinding>({
-        namespace: CODEX_APP_SERVER_BINDING_NAMESPACE,
-        maxEntries: CODEX_APP_SERVER_BINDING_MAX_ENTRIES,
-        overflowPolicy: "reject-new",
-      }),
-    );
+      ) ?? api.pluginConfig;
     api.registerAgentHarness(
-      createCodexAppServerAgentHarness({
-        bindingStore,
-        resolveConfig: resolveCurrentConfig,
-        resolvePluginConfig: resolveCurrentPluginConfig,
-      }),
+      createCodexAppServerAgentHarness({ resolvePluginConfig: resolveCurrentPluginConfig }),
     );
     api.registerProvider(buildCodexProvider({ pluginConfig: api.pluginConfig }));
     api.registerMediaUnderstandingProvider(
-      buildCodexMediaUnderstandingProvider({ resolvePluginConfig: resolveCurrentPluginConfig }),
+      buildCodexMediaUnderstandingProvider({ pluginConfig: api.pluginConfig }),
     );
     api.registerWebSearchProvider(
       createCodexWebSearchProvider({ resolvePluginConfig: resolveCurrentPluginConfig }),
@@ -83,43 +59,43 @@ export default definePluginEntry({
     }
     api.registerCommand(
       createCodexCommand({
-        resolvePluginConfig: resolveCurrentPluginConfig,
+        pluginConfig: api.pluginConfig,
         deps: {
-          bindingStore,
-          listCodexCliSessionsOnNode: async (params) =>
-            await (
-              await loadNodeCliSessions()
-            ).listCodexCliSessionsOnNode({
-              runtime: api.runtime,
-              ...params,
-            }),
-          resolveCodexCliSessionForBindingOnNode: async (params) =>
-            await (
-              await loadNodeCliSessions()
-            ).resolveCodexCliSessionForBindingOnNode({
-              runtime: api.runtime,
-              ...params,
-            }),
+          listCodexCliSessionsOnNode: (params) =>
+            listCodexCliSessionsOnNode({ runtime: api.runtime, ...params }),
+          resolveCodexCliSessionForBindingOnNode: (params) =>
+            resolveCodexCliSessionForBindingOnNode({ runtime: api.runtime, ...params }),
           codexPluginsManagementIo: {
             readConfig: () => {
               const current = (api.runtime.config?.current?.() ?? {}) as OpenClawConfig;
-              const codexPlugins = resolvePluginConfigObject(current, "codex")?.codexPlugins;
-              if (
-                !codexPlugins ||
-                typeof codexPlugins !== "object" ||
-                Array.isArray(codexPlugins)
-              ) {
+              const plugins = (current as Record<string, unknown>).plugins;
+              if (!plugins || typeof plugins !== "object") {
                 return Promise.resolve({});
               }
-              const block = codexPlugins as Record<string, unknown>;
-              const declared = block.plugins;
+              const entries = (plugins as Record<string, unknown>).entries;
+              if (!entries || typeof entries !== "object") {
+                return Promise.resolve({});
+              }
+              const codexEntry = (entries as Record<string, unknown>).codex;
+              if (!codexEntry || typeof codexEntry !== "object") {
+                return Promise.resolve({});
+              }
+              const config = (codexEntry as Record<string, unknown>).config;
+              if (!config || typeof config !== "object") {
+                return Promise.resolve({});
+              }
+              const codexPlugins = (config as Record<string, unknown>).codexPlugins;
+              if (!codexPlugins || typeof codexPlugins !== "object") {
+                return Promise.resolve({});
+              }
+              const declared = (codexPlugins as Record<string, unknown>).plugins;
               if (!declared || typeof declared !== "object") {
                 return Promise.resolve({
-                  enabled: block.enabled === true,
+                  enabled: (codexPlugins as Record<string, unknown>).enabled === true,
                 });
               }
               return Promise.resolve({
-                enabled: block.enabled === true,
+                enabled: (codexPlugins as Record<string, unknown>).enabled === true,
                 plugins: declared as Record<string, never>,
               });
             },
@@ -129,12 +105,17 @@ export default definePluginEntry({
                   // Create the nested plugin config path on demand so codex
                   // plugin commands can enable/update Codex-managed plugins.
                   const root = draft as Record<string, unknown>;
-                  const pluginsBlock = (root.plugins ??= {}) as Record<string, unknown>;
-                  const entries = (pluginsBlock.entries ??= {}) as Record<string, unknown>;
-                  const codexEntry = (entries.codex ??= {}) as Record<string, unknown>;
-                  const config = (codexEntry.config ??= {}) as Record<string, unknown>;
-                  const codexPlugins = (config.codexPlugins ??= {}) as Record<string, unknown>;
-                  codexPlugins.plugins ??= {};
+                  root.plugins = (root.plugins ?? {}) as Record<string, unknown>;
+                  const pluginsBlock = root.plugins as Record<string, unknown>;
+                  pluginsBlock.entries = (pluginsBlock.entries ?? {}) as Record<string, unknown>;
+                  const entries = pluginsBlock.entries as Record<string, unknown>;
+                  entries.codex = (entries.codex ?? {}) as Record<string, unknown>;
+                  const codexEntry = entries.codex as Record<string, unknown>;
+                  codexEntry.config = (codexEntry.config ?? {}) as Record<string, unknown>;
+                  const config = codexEntry.config as Record<string, unknown>;
+                  config.codexPlugins = (config.codexPlugins ?? {}) as Record<string, unknown>;
+                  const codexPlugins = config.codexPlugins as Record<string, unknown>;
+                  codexPlugins.plugins = (codexPlugins.plugins ?? {}) as Record<string, unknown>;
                   update(codexPlugins as CodexPluginsConfigBlock);
                 },
               });
@@ -143,58 +124,14 @@ export default definePluginEntry({
         },
       }),
     );
-    api.on("inbound_claim", async (event, ctx) => {
-      const { handleCodexConversationInboundClaim } = await import("./src/conversation-binding.js");
-      return await handleCodexConversationInboundClaim(event, ctx, {
-        bindingStore,
+    api.on("inbound_claim", (event, ctx) =>
+      handleCodexConversationInboundClaim(event, ctx, {
         pluginConfig: resolveCurrentPluginConfig(),
         config: resolveCurrentConfig(),
-        resumeCodexCliSessionOnNode: async (params) =>
-          await (
-            await loadNodeCliSessions()
-          ).resumeCodexCliSessionOnNode({
-            runtime: api.runtime,
-            ...params,
-          }),
-      });
-    });
-    api.on("after_compaction", async (event, ctx) => {
-      const previousSessionId = event.previousSessionId?.trim();
-      const sessionId = ctx.sessionId?.trim();
-      if (!previousSessionId || !sessionId || previousSessionId === sessionId) {
-        return;
-      }
-      const config = resolveCurrentConfig();
-      const sessionKey = ctx.sessionKey?.trim();
-      const { sessionBindingIdentity } = await import("./src/app-server/session-binding.js");
-      const identity = sessionBindingIdentity({
-        sessionId,
-        ...(sessionKey ? { sessionKey } : {}),
-        ...(ctx.agentId ? { agentId: ctx.agentId } : {}),
-        ...(config ? { config } : {}),
-      });
-      const adopted = await bindingStore.adoptSessionGeneration(identity, previousSessionId);
-      if (adopted === "conflict") {
-        api.logger.warn?.(
-          `codex: could not adopt compacted session generation ${sessionId} (${adopted}); secondary native compaction will skip`,
-        );
-      }
-    });
-    api.on("session_end", async (event, ctx) => {
-      if (!event.reason || !ENDED_SESSION_REASONS.has(event.reason)) {
-        return;
-      }
-      const sessionKey = event.sessionKey ?? ctx.sessionKey;
-      const config = resolveCurrentConfig();
-      const { sessionBindingIdentity } = await import("./src/app-server/session-binding.js");
-      await bindingStore.retireSessionGeneration(
-        sessionBindingIdentity({
-          sessionId: event.sessionId,
-          ...(sessionKey ? { sessionKey } : {}),
-          ...(ctx.agentId ? { agentId: ctx.agentId } : {}),
-          ...(config ? { config } : {}),
-        }),
-      );
-    });
+        resumeCodexCliSessionOnNode: (params) =>
+          resumeCodexCliSessionOnNode({ runtime: api.runtime, ...params }),
+      }),
+    );
+    api.onConversationBindingResolved?.(handleCodexConversationBindingResolved);
   },
 });

extensions/codex/media-understanding-provider.test.ts

@@ -2,25 +2,8 @@
 import { MAX_TIMER_TIMEOUT_MS } from "openclaw/plugin-sdk/number-runtime";
 import { afterEach, describe, expect, it, vi } from "vitest";
 import { buildCodexMediaUnderstandingProvider } from "./media-understanding-provider.js";
-import { CodexAppServerRpcError, type CodexAppServerClient } from "./src/app-server/client.js";
+import type { CodexAppServerClient } from "./src/app-server/client.js";
 import type { CodexServerNotification, JsonValue } from "./src/app-server/protocol.js";
-import { adaptCodexTestClientFactory } from "./src/app-server/test-support.js";
-
-const EXPECTED_MEDIA_THREAD_CONFIG = {
-  project_doc_max_bytes: 0,
-  web_search: "disabled",
-  "tools.experimental_request_user_input.enabled": false,
-  "features.hooks": false,
-  "features.multi_agent": false,
-  "features.apps": false,
-  "features.plugins": false,
-  "features.image_generation": false,
-  "features.skill_mcp_dependency_install": false,
-  "features.memories": false,
-  "features.goals": false,
-  "features.code_mode": false,
-  "features.code_mode_only": false,
-};
 
 const sharedClientMocks = vi.hoisted(() => ({
   createIsolatedCodexAppServerClient: vi.fn(),
@@ -102,15 +85,13 @@ function createFakeClient(options?: {
   inputModalities?: string[];
   completeWithItems?: boolean;
   notifyError?: string;
+  approvalRequestMethod?: string;
   responseText?: string;
-  turnStartError?: Error;
-  preBindNotificationCount?: number;
-  interruptError?: Error;
-  unsubscribeError?: Error;
 }) {
   const notifications = new Set<(notification: CodexServerNotification) => void>();
-  const closeHandlers = new Set<() => void>();
+  const requestHandlers = new Set<(request: { method: string }) => JsonValue | undefined>();
   const requests: Array<{ method: string; params?: JsonValue }> = [];
+  const approvalResponses: JsonValue[] = [];
   const request = vi.fn(async (method: string, params?: JsonValue) => {
     requests.push({ method, params });
     if (method === "model/list") {
@@ -123,60 +104,51 @@ function createFakeClient(options?: {
       return threadStartResult();
     }
     if (method === "turn/start") {
-      if (options?.turnStartError) {
-        throw options.turnStartError;
-      }
-      if (options?.preBindNotificationCount) {
-        for (let index = 0; index < options.preBindNotificationCount; index += 1) {
-          for (const notify of notifications) {
-            notify({
-              method: "item/started",
-              params: { threadId: "thread-1", turnId: "turn-1" },
-            });
+      if (options?.approvalRequestMethod) {
+        for (const handler of requestHandlers) {
+          const response = handler({ method: options.approvalRequestMethod });
+          if (response !== undefined) {
+            approvalResponses.push(response);
           }
         }
-        return turnStartResult();
       }
-      const emitTurnNotifications = () => {
-        if (options?.notifyError) {
-          for (const notify of notifications) {
-            notify({
-              method: "error",
-              params: {
-                threadId: "thread-1",
-                turnId: "turn-1",
-                error: {
-                  message: options.notifyError,
-                  codexErrorInfo: null,
-                  additionalDetails: null,
-                },
-                willRetry: false,
+      if (options?.notifyError) {
+        for (const notify of notifications) {
+          notify({
+            method: "error",
+            params: {
+              threadId: "thread-1",
+              turnId: "turn-1",
+              error: {
+                message: options.notifyError,
+                codexErrorInfo: null,
+                additionalDetails: null,
               },
-            });
-          }
-        } else if (!options?.completeWithItems) {
-          for (const notify of notifications) {
-            notify({
-              method: "item/agentMessage/delta",
-              params: {
-                threadId: "thread-1",
-                turnId: "turn-1",
-                itemId: "msg-1",
-                delta: options?.responseText ?? "A red square.",
-              },
-            });
-            notify({
-              method: "turn/completed",
-              params: {
-                threadId: "thread-1",
-                turnId: "turn-1",
-                turn: turnStartResult("completed").turn,
-              },
-            });
-          }
+              willRetry: false,
+            },
+          });
         }
-      };
-      emitTurnNotifications();
+      } else if (!options?.completeWithItems) {
+        for (const notify of notifications) {
+          notify({
+            method: "item/agentMessage/delta",
+            params: {
+              threadId: "thread-1",
+              turnId: "turn-1",
+              itemId: "msg-1",
+              delta: options?.responseText ?? "A red square.",
+            },
+          });
+          notify({
+            method: "turn/completed",
+            params: {
+              threadId: "thread-1",
+              turnId: "turn-1",
+              turn: turnStartResult("completed").turn,
+            },
+          });
+        }
+      }
       return turnStartResult(
         options?.completeWithItems ? "completed" : "inProgress",
         options?.completeWithItems
@@ -192,12 +164,6 @@ function createFakeClient(options?: {
           : [],
       );
     }
-    if (method === "turn/interrupt" && options?.interruptError) {
-      throw options.interruptError;
-    }
-    if (method === "thread/unsubscribe" && options?.unsubscribeError) {
-      throw options.unsubscribeError;
-    }
     return {};
   });
 
@@ -207,17 +173,14 @@ function createFakeClient(options?: {
       notifications.add(handler);
       return () => notifications.delete(handler);
     },
-    addRequestHandler() {
-      return () => undefined;
-    },
-    addCloseHandler(handler: () => void) {
-      closeHandlers.add(handler);
-      return () => closeHandlers.delete(handler);
+    addRequestHandler(handler: (request: { method: string }) => JsonValue | undefined) {
+      requestHandlers.add(handler);
+      return () => requestHandlers.delete(handler);
     },
     close: vi.fn(),
   } as unknown as CodexAppServerClient;
 
-  return { client, requests };
+  return { client, requests, approvalResponses };
 }
 
 describe("codex media understanding provider", () => {
@@ -229,9 +192,11 @@ describe("codex media understanding provider", () => {
 
   it("runs image understanding through a bounded Codex app-server turn", async () => {
     const { client, requests } = createFakeClient();
-    const clientFactory = vi.fn(async () => client);
+    const clientFactory = vi.fn(
+      async (_startOptions, _authProfileId, _agentDir, _config) => client,
+    );
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(clientFactory),
+      clientFactory,
     });
     const cfg = {
       auth: {
@@ -254,33 +219,42 @@ describe("codex media understanding provider", () => {
     });
 
     expect(result).toEqual({ text: "A red square.", model: "gpt-5.4" });
+    expect(requests.map((entry) => entry.method)).toEqual([
+      "model/list",
+      "thread/start",
+      "turn/start",
+    ]);
     expect(clientFactory).toHaveBeenCalledWith(
       expect.any(Object),
       undefined,
       "/tmp/openclaw-agent",
       cfg,
-      expect.objectContaining({ timeoutMs: 30_000 }),
+      { timeoutMs: 30_000 },
     );
-    expect(requests.map((entry) => entry.method)).toEqual([
-      "model/list",
-      "thread/start",
-      "turn/start",
-      "thread/unsubscribe",
-    ]);
-    expect(requests[0]?.params).toEqual({ limit: 100, cursor: null, includeHidden: true });
     expect(requests[1]?.params).toEqual({
       model: "gpt-5.4",
       modelProvider: "openai",
-      cwd: "/tmp/openclaw-agent/codex-media-home",
-      approvalPolicy: "never",
+      cwd: "/tmp/openclaw-agent",
+      approvalPolicy: "on-request",
       sandbox: "read-only",
       serviceName: "OpenClaw",
-      personality: "none",
       developerInstructions:
         "You are OpenClaw's bounded image-understanding worker. Describe only the provided image content. Do not call tools, edit files, or ask follow-up questions.",
-      config: EXPECTED_MEDIA_THREAD_CONFIG,
+      config: {
+        "features.apps": false,
+        "features.code_mode": false,
+        "features.code_mode_only": false,
+        "features.image_generation": false,
+        "features.multi_agent": false,
+        "features.plugins": false,
+        "features.standalone_web_search": false,
+        web_search: "disabled",
+      },
       environments: [],
+      dynamicTools: [],
+      experimentalRawEvents: true,
       ephemeral: true,
+      persistExtendedHistory: false,
     });
     expect(requests[2]?.params).toEqual({
       threadId: "thread-1",
@@ -288,6 +262,9 @@ describe("codex media understanding provider", () => {
         { type: "text", text: "Describe briefly.", text_elements: [] },
         { type: "image", url: "data:image/png;base64,aW1hZ2UtYnl0ZXM=" },
       ],
+      cwd: "/tmp/openclaw-agent",
+      approvalPolicy: "on-request",
+      model: "gpt-5.4",
       effort: "low",
     });
   });
@@ -295,12 +272,8 @@ describe("codex media understanding provider", () => {
   it("treats a blank agent directory as absent when starting the app-server", async () => {
     const { client, requests } = createFakeClient();
     const clientFactory = vi.fn(async () => client);
-    const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(clientFactory),
-    });
-    const cfg = {
-      agents: { list: [{ id: "main", agentDir: "/tmp/openclaw-default-agent" }] },
-    };
+    const provider = buildCodexMediaUnderstandingProvider({ clientFactory });
+    const cfg = {};
 
     await provider.describeImage?.({
       buffer: Buffer.from("image-bytes"),
@@ -313,16 +286,11 @@ describe("codex media understanding provider", () => {
       agentDir: " ",
     });
 
-    expect(clientFactory).toHaveBeenCalledWith(
-      expect.any(Object),
-      undefined,
-      "/tmp/openclaw-default-agent",
-      cfg,
-      expect.any(Object),
-    );
-    expect(requests[1]?.params).toEqual(
-      expect.objectContaining({ cwd: "/tmp/openclaw-default-agent/codex-media-home" }),
-    );
+    expect(clientFactory).toHaveBeenCalledWith(expect.any(Object), undefined, undefined, cfg, {
+      timeoutMs: 30_000,
+    });
+    expect(requests[1]?.params).toEqual(expect.objectContaining({ cwd: process.cwd() }));
+    expect(requests[2]?.params).toEqual(expect.objectContaining({ cwd: process.cwd() }));
   });
 
   it("preserves configured WebSocket transport for media turns", async () => {
@@ -402,7 +370,7 @@ describe("codex media understanding provider", () => {
     try {
       const { client } = createFakeClient();
       const provider = buildCodexMediaUnderstandingProvider({
-        clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+        clientFactory: async () => client,
       });
 
       const result = await provider.describeImage?.({
@@ -425,97 +393,33 @@ describe("codex media understanding provider", () => {
     }
   });
 
-  it("starts the media deadline before client acquisition", async () => {
-    vi.useFakeTimers();
+  it("declines approval requests during image understanding", async () => {
+    const { client, approvalResponses } = createFakeClient({
+      approvalRequestMethod: "item/permissions/requestApproval",
+    });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(
-        async () => await new Promise<CodexAppServerClient>(() => {}),
-      ),
+      clientFactory: async () => client,
     });
-    const description = provider.describeImage?.({
-      buffer: Buffer.from("image-bytes"),
-      fileName: "image.png",
-      mime: "image/png",
-      provider: "codex",
-      model: "gpt-5.4",
-      timeoutMs: 100,
-      cfg: {},
-      agentDir: "/tmp/openclaw-agent",
-    });
-    const rejected = expect(description).rejects.toThrow(
-      "Codex app-server image understanding timed out",
-    );
-
-    await vi.advanceTimersByTimeAsync(100);
-
-    await rejected;
-  });
-
-  it("retires a media client lease that resolves after its deadline", async () => {
-    let resolveLease!: (lease: {
-      client: CodexAppServerClient;
-      release: () => void;
-      abandon: () => Promise<void>;
-    }) => void;
-    const pendingLease = new Promise<{
-      client: CodexAppServerClient;
-      release: () => void;
-      abandon: () => Promise<void>;
-    }>((resolve) => {
-      resolveLease = resolve;
-    });
-    const clientLeaseFactory = vi.fn(async () => await pendingLease);
-    const provider = buildCodexMediaUnderstandingProvider({ clientLeaseFactory });
-    const description = provider.describeImage?.({
-      buffer: Buffer.from("image-bytes"),
-      fileName: "image.png",
-      mime: "image/png",
-      provider: "codex",
-      model: "gpt-5.4",
-      timeoutMs: 5,
-      cfg: {},
-      agentDir: "/tmp/openclaw-agent",
-    });
-
-    await expect(description).rejects.toThrow("Codex app-server image understanding timed out");
-    const { client } = createFakeClient();
-    const release = vi.fn();
-    const abandon = vi.fn(async () => undefined);
-    resolveLease({ client, release, abandon });
-    await vi.waitFor(() => expect(abandon).toHaveBeenCalledOnce());
-
-    expect(release).not.toHaveBeenCalled();
-  });
-
-  it("releases the bounded route between isolated media calls", async () => {
-    const { client, requests } = createFakeClient();
-    const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
-    });
-    const request = {
+
+    await provider.describeImage?.({
       buffer: Buffer.from("image-bytes"),
       fileName: "image.png",
       mime: "image/png",
       provider: "codex",
       model: "gpt-5.4",
+      prompt: "Describe briefly.",
       timeoutMs: 30_000,
       cfg: {},
       agentDir: "/tmp/openclaw-agent",
-    };
+    });
 
-    const first = await provider.describeImage?.(request);
-    const second = await provider.describeImage?.(request);
-
-    expect(first?.text).toBe("A red square.");
-    expect(second?.text).toBe("A red square.");
-    expect(requests.filter((entry) => entry.method === "model/list")).toHaveLength(2);
-    expect(requests.filter((entry) => entry.method === "thread/start")).toHaveLength(2);
+    expect(approvalResponses).toEqual([{ permissions: {}, scope: "turn" }]);
   });
 
   it("extracts text from terminal turn items", async () => {
     const { client } = createFakeClient({ completeWithItems: true });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+      clientFactory: async () => client,
     });
 
     const result = await provider.describeImages?.({
@@ -534,7 +438,7 @@ describe("codex media understanding provider", () => {
   it("rejects text-only Codex app-server models before starting a turn", async () => {
     const { client, requests } = createFakeClient({ inputModalities: ["text"] });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+      clientFactory: async () => client,
     });
 
     await expect(
@@ -555,7 +459,7 @@ describe("codex media understanding provider", () => {
   it("surfaces Codex app-server turn errors", async () => {
     const { client } = createFakeClient({ notifyError: "vision unavailable" });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+      clientFactory: async () => client,
     });
 
     await expect(
@@ -572,107 +476,12 @@ describe("codex media understanding provider", () => {
     ).rejects.toThrow("vision unavailable");
   });
 
-  it.each([
-    {
-      name: "structured rejection",
-      error: new CodexAppServerRpcError({ message: "turn rejected" }, "turn/start"),
-      abandonCount: 0,
-    },
-    {
-      name: "ambiguous timeout",
-      error: new Error("turn/start timed out"),
-      abandonCount: 1,
-    },
-  ])("handles $name with exact media lease ownership", async ({ error, abandonCount }) => {
-    const { client } = createFakeClient({ turnStartError: error });
-    const release = vi.fn();
-    const abandon = vi.fn(async () => undefined);
-    const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: async () => ({ client, release, abandon }),
-    });
-
-    await expect(
-      provider.describeImage?.({
-        buffer: Buffer.from("image-bytes"),
-        fileName: "image.png",
-        mime: "image/png",
-        provider: "codex",
-        model: "gpt-5.4",
-        timeoutMs: 30_000,
-        cfg: {},
-        agentDir: "/tmp/openclaw-agent",
-      }),
-    ).rejects.toBe(error);
-
-    expect(abandon).toHaveBeenCalledTimes(abandonCount);
-    expect(release).toHaveBeenCalledTimes(1);
-  });
-
-  it("retires the media client when thread cleanup is unconfirmed", async () => {
-    const { client } = createFakeClient({ unsubscribeError: new Error("unsubscribe failed") });
-    const release = vi.fn();
-    const abandon = vi.fn(async () => undefined);
-    const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: async () => ({ client, release, abandon }),
-    });
-
-    await expect(
-      provider.describeImage?.({
-        buffer: Buffer.from("image-bytes"),
-        fileName: "image.png",
-        mime: "image/png",
-        provider: "codex",
-        model: "gpt-5.4",
-        timeoutMs: 30_000,
-        cfg: {},
-        agentDir: "/tmp/openclaw-agent",
-      }),
-    ).resolves.toEqual({ text: "A red square.", model: "gpt-5.4" });
-
-    expect(abandon).toHaveBeenCalledOnce();
-    expect(release).not.toHaveBeenCalled();
-  });
-
-  it("retires the media client when an accepted turn cannot be interrupted", async () => {
-    const { client, requests } = createFakeClient({
-      preBindNotificationCount: 257,
-      interruptError: new Error("interrupt timeout"),
-    });
-    const release = vi.fn();
-    const abandon = vi.fn(async () => undefined);
-    const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: async () => ({ client, release, abandon }),
-    });
-
-    await expect(
-      provider.describeImage?.({
-        buffer: Buffer.from("image-bytes"),
-        fileName: "image.png",
-        mime: "image/png",
-        provider: "codex",
-        model: "gpt-5.4",
-        timeoutMs: 30_000,
-        cfg: {},
-        agentDir: "/tmp/openclaw-agent",
-      }),
-    ).rejects.toThrow("pre-bind notification buffer exceeded 256 entries");
-
-    expect(requests.map((entry) => entry.method)).toEqual([
-      "model/list",
-      "thread/start",
-      "turn/start",
-      "turn/interrupt",
-    ]);
-    expect(abandon).toHaveBeenCalledOnce();
-    expect(release).not.toHaveBeenCalled();
-  });
-
   it("runs structured extraction through the same bounded Codex app-server path", async () => {
     const { client, requests } = createFakeClient({
       responseText: '{"summary":"red square","tags":["shape"]}',
     });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+      clientFactory: async () => client,
     });
 
     const result = await provider.extractStructured?.({
@@ -713,21 +522,31 @@ describe("codex media understanding provider", () => {
       "model/list",
       "thread/start",
       "turn/start",
-      "thread/unsubscribe",
     ]);
     expect(requests[1]?.params).toEqual({
       model: "gpt-5.4",
       modelProvider: "openai",
-      cwd: "/tmp/openclaw-agent/codex-media-home",
-      approvalPolicy: "never",
+      cwd: "/tmp/openclaw-agent",
+      approvalPolicy: "on-request",
       sandbox: "read-only",
       serviceName: "OpenClaw",
-      personality: "none",
       developerInstructions:
         "You are OpenClaw's bounded structured-extraction worker. Return only the requested extraction. Do not call tools, edit files, ask follow-up questions, or include secrets.",
-      config: EXPECTED_MEDIA_THREAD_CONFIG,
+      config: {
+        "features.apps": false,
+        "features.code_mode": false,
+        "features.code_mode_only": false,
+        "features.image_generation": false,
+        "features.multi_agent": false,
+        "features.plugins": false,
+        "features.standalone_web_search": false,
+        web_search: "disabled",
+      },
       environments: [],
+      dynamicTools: [],
+      experimentalRawEvents: true,
       ephemeral: true,
+      persistExtendedHistory: false,
     });
     const turnParams = requests[2]?.params as
       | {
@@ -740,9 +559,9 @@ describe("codex media understanding provider", () => {
         }
       | undefined;
     expect(turnParams?.threadId).toBe("thread-1");
-    expect(turnParams?.approvalPolicy).toBeUndefined();
-    expect(turnParams?.model).toBeUndefined();
-    expect(turnParams?.cwd).toBeUndefined();
+    expect(turnParams?.approvalPolicy).toBe("on-request");
+    expect(turnParams?.model).toBe("gpt-5.4");
+    expect(turnParams?.cwd).toBe("/tmp/openclaw-agent");
     expect(turnParams?.effort).toBe("low");
     expect(turnParams?.input).toHaveLength(3);
     expect(turnParams?.input?.[0]?.type).toBe("text");
@@ -765,7 +584,7 @@ describe("codex media understanding provider", () => {
       responseText: '{"summary":"only text"}',
     });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+      clientFactory: async () => client,
     });
 
     await expect(
@@ -785,7 +604,7 @@ describe("codex media understanding provider", () => {
   it("returns a controlled error when structured JSON parsing fails", async () => {
     const { client } = createFakeClient({ responseText: "not json" });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+      clientFactory: async () => client,
     });
 
     await expect(
@@ -814,7 +633,7 @@ describe("codex media understanding provider", () => {
       responseText: '{"summary":123,"tags":["shape"]}',
     });
     const provider = buildCodexMediaUnderstandingProvider({
-      clientLeaseFactory: adaptCodexTestClientFactory(async () => client),
+      clientFactory: async () => client,
     });
 
     await expect(

extensions/codex/media-understanding-provider.ts

@@ -1,35 +1,216 @@
-/** Lazy registration facade for Codex-backed media understanding. */
-import type { MediaUnderstandingProvider } from "openclaw/plugin-sdk/media-understanding";
+/**
+ * Codex-backed media understanding provider for bounded image description and
+ * structured extraction turns.
+ */
+import {
+  type JsonSchemaObject,
+  validateJsonSchemaValue,
+} from "openclaw/plugin-sdk/json-schema-runtime";
+import type {
+  ImagesDescriptionRequest,
+  ImagesDescriptionResult,
+  MediaUnderstandingProvider,
+  StructuredExtractionRequest,
+  StructuredExtractionResult,
+} from "openclaw/plugin-sdk/media-understanding";
 import { CODEX_PROVIDER_ID, FALLBACK_CODEX_MODELS } from "./provider-catalog.js";
-import type { CodexAppServerClientLeaseFactory } from "./src/app-server/shared-client.js";
+import {
+  runBoundedCodexAppServerTurn,
+  type CodexBoundedTurnOptions,
+} from "./src/app-server/bounded-turn.js";
+import type { CodexUserInput } from "./src/app-server/protocol.js";
 
 const DEFAULT_CODEX_IMAGE_MODEL =
   FALLBACK_CODEX_MODELS.find((model) => model.inputModalities.includes("image"))?.id ??
   FALLBACK_CODEX_MODELS[0]?.id;
+const DEFAULT_CODEX_IMAGE_PROMPT = "Describe the image.";
 
-/** Dependencies and plugin config for Codex media-understanding calls. */
-export type CodexMediaUnderstandingProviderOptions = {
-  pluginConfig?: unknown;
-  resolvePluginConfig?: () => unknown;
-  clientLeaseFactory?: CodexAppServerClientLeaseFactory;
-};
+export type CodexMediaUnderstandingProviderOptions = CodexBoundedTurnOptions;
 
-/** Builds a provider whose app-server implementation loads on first use. */
+/**
+ * Builds the media-understanding provider that delegates image tasks to an
+ * isolated Codex app-server session.
+ */
 export function buildCodexMediaUnderstandingProvider(
   options: CodexMediaUnderstandingProviderOptions = {},
 ): MediaUnderstandingProvider {
-  let runtime: Promise<typeof import("./src/media-understanding-provider.runtime.js")> | undefined;
-  const load = () => (runtime ??= import("./src/media-understanding-provider.runtime.js"));
   return {
     id: CODEX_PROVIDER_ID,
     capabilities: ["image"],
     ...(DEFAULT_CODEX_IMAGE_MODEL ? { defaultModels: { image: DEFAULT_CODEX_IMAGE_MODEL } } : {}),
-    describeImage: async ({ buffer, fileName, mime, ...request }) =>
-      await (
-        await load()
-      ).describeCodexImages({ ...request, images: [{ buffer, fileName, mime }] }, options),
-    describeImages: async (request) => await (await load()).describeCodexImages(request, options),
-    extractStructured: async (request) =>
-      await (await load()).extractCodexStructured(request, options),
+    describeImage: async (req) =>
+      describeCodexImages(
+        {
+          images: [
+            {
+              buffer: req.buffer,
+              fileName: req.fileName,
+              mime: req.mime,
+            },
+          ],
+          provider: req.provider,
+          model: req.model,
+          prompt: req.prompt,
+          maxTokens: req.maxTokens,
+          timeoutMs: req.timeoutMs,
+          profile: req.profile,
+          preferredProfile: req.preferredProfile,
+          authStore: req.authStore,
+          agentDir: req.agentDir,
+          cfg: req.cfg,
+        },
+        options,
+      ),
+    describeImages: async (req) => describeCodexImages(req, options),
+    extractStructured: async (req) => extractCodexStructured(req, options),
   };
 }
+
+async function describeCodexImages(
+  req: ImagesDescriptionRequest,
+  options: CodexMediaUnderstandingProviderOptions,
+): Promise<ImagesDescriptionResult> {
+  const model = req.model.trim();
+  if (!model) {
+    throw new Error("Codex image understanding requires model id.");
+  }
+
+  const { text } = await runBoundedCodexAppServerTurn({
+    config: req.cfg,
+    model: { mode: "required", id: model },
+    profile: req.profile,
+    timeoutMs: req.timeoutMs,
+    agentDir: req.agentDir,
+    authProfileStore: req.authStore,
+    options,
+    taskLabel: "image understanding",
+    developerInstructions:
+      "You are OpenClaw's bounded image-understanding worker. Describe only the provided image content. Do not call tools, edit files, or ask follow-up questions.",
+    input: [
+      { type: "text", text: buildCodexImagePrompt(req), text_elements: [] },
+      ...req.images.map((image) => ({
+        type: "image" as const,
+        url: `data:${image.mime ?? "image/png"};base64,${image.buffer.toString("base64")}`,
+      })),
+    ],
+    requiredModalities: ["text", "image"],
+    isolation: "configured-transport",
+  });
+  return { text, model };
+}
+
+async function extractCodexStructured(
+  req: StructuredExtractionRequest,
+  options: CodexMediaUnderstandingProviderOptions,
+): Promise<StructuredExtractionResult> {
+  const model = req.model.trim();
+  if (!model) {
+    throw new Error("Codex structured extraction requires model id.");
+  }
+  const instructions = req.instructions.trim();
+  if (!instructions) {
+    throw new Error("Codex structured extraction requires instructions.");
+  }
+  if (req.input.length === 0) {
+    throw new Error("Codex structured extraction requires at least one input.");
+  }
+  if (!req.input.some((entry) => entry.type === "image")) {
+    throw new Error("Codex structured extraction requires at least one image input.");
+  }
+
+  const { text } = await runBoundedCodexAppServerTurn({
+    config: req.cfg,
+    model: { mode: "required", id: model },
+    profile: req.profile,
+    timeoutMs: req.timeoutMs,
+    agentDir: req.agentDir,
+    authProfileStore: req.authStore,
+    options,
+    taskLabel: "structured extraction",
+    developerInstructions:
+      "You are OpenClaw's bounded structured-extraction worker. Return only the requested extraction. Do not call tools, edit files, ask follow-up questions, or include secrets.",
+    input: buildCodexStructuredInput(req),
+    requiredModalities: requiredStructuredModalities(),
+    isolation: "configured-transport",
+  });
+  return normalizeStructuredExtractionResult({ text, model, provider: req.provider, req });
+}
+
+function buildCodexImagePrompt(req: ImagesDescriptionRequest): string {
+  const prompt = req.prompt?.trim() || DEFAULT_CODEX_IMAGE_PROMPT;
+  if (req.images.length <= 1) {
+    return prompt;
+  }
+  return `${prompt}\n\nAnalyze all ${req.images.length} images together.`;
+}
+
+function requiredStructuredModalities(): string[] {
+  return ["text", "image"];
+}
+
+function buildCodexStructuredInput(req: StructuredExtractionRequest): CodexUserInput[] {
+  return [
+    { type: "text", text: buildStructuredExtractionPrompt(req), text_elements: [] },
+    ...req.input.map((entry) => {
+      if (entry.type === "text") {
+        return { type: "text" as const, text: entry.text, text_elements: [] };
+      }
+      return {
+        type: "image" as const,
+        url: `data:${entry.mime ?? "image/png"};base64,${entry.buffer.toString("base64")}`,
+      };
+    }),
+  ];
+}
+
+function buildStructuredExtractionPrompt(req: StructuredExtractionRequest): string {
+  return [
+    req.instructions.trim(),
+    req.schemaName ? `Schema name: ${req.schemaName}` : undefined,
+    req.jsonSchema ? `JSON schema:\n${JSON.stringify(req.jsonSchema)}` : undefined,
+    req.jsonMode === false
+      ? "Return the extraction as concise text."
+      : "Return valid JSON only. Do not wrap the JSON in Markdown fences.",
+  ]
+    .filter((part): part is string => Boolean(part))
+    .join("\n\n");
+}
+
+function isJsonSchemaObject(value: unknown): value is JsonSchemaObject {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+
+function normalizeStructuredExtractionResult(params: {
+  text: string;
+  model: string;
+  provider: string;
+  req: StructuredExtractionRequest;
+}): StructuredExtractionResult {
+  const result: StructuredExtractionResult = {
+    text: params.text,
+    model: params.model,
+    provider: params.provider,
+    contentType: params.req.jsonMode === false ? "text" : "json",
+  };
+  if (params.req.jsonMode !== false) {
+    try {
+      result.parsed = JSON.parse(params.text);
+    } catch {
+      throw new Error("Codex structured extraction returned invalid JSON.");
+    }
+    if (isJsonSchemaObject(params.req.jsonSchema)) {
+      const validation = validateJsonSchemaValue({
+        schema: params.req.jsonSchema,
+        cacheKey: "codex.media-understanding.extractStructured",
+        value: result.parsed,
+        cache: false,
+      });
+      if (!validation.ok) {
+        const message = validation.errors.map((error) => error.text).join("; ") || "invalid";
+        throw new Error(`Codex structured extraction JSON did not match schema: ${message}`);
+      }
+      result.parsed = validation.value;
+    }
+  }
+  return result;
+}

extensions/codex/provider.test.ts

@@ -4,10 +4,10 @@ import { CODEX_GPT5_BEHAVIOR_CONTRACT } from "./prompt-overlay.js";
 import { codexProviderDiscovery } from "./provider-discovery.js";
 import { buildCodexProvider, buildCodexProviderCatalog } from "./provider.js";
 import { CodexAppServerClient } from "./src/app-server/client.js";
-import type { listAllCodexAppServerModels } from "./src/app-server/models.js";
+import type { listCodexAppServerModels } from "./src/app-server/models.js";
 import {
   createIsolatedCodexAppServerClient,
-  leaseSharedCodexAppServerClient,
+  getSharedCodexAppServerClient,
   resetSharedCodexAppServerClientForTests,
 } from "./src/app-server/shared-client.js";
 
@@ -26,8 +26,7 @@ function createFakeCodexClient(): CodexAppServerClient {
   return {
     initialize: vi.fn(async () => undefined),
     request: vi.fn(async () => ({ data: [] })),
-    addNotificationHandler: vi.fn(() => () => undefined),
-    addRequestHandler: vi.fn(() => () => undefined),
+    setActiveSharedLeaseCountProviderForUnscopedNotifications: vi.fn(),
     addCloseHandler: vi.fn(() => () => undefined),
     close: vi.fn(),
   } as unknown as CodexAppServerClient;
@@ -40,7 +39,7 @@ const TEST_CODEX_APP_SERVER_CONFIG = {
 };
 
 async function listTestCodexAppServerModels(
-  options: Parameters<typeof listAllCodexAppServerModels>[0] = {},
+  options: Parameters<typeof listCodexAppServerModels>[0] = {},
 ) {
   expect(options.sharedClient).toBe(false);
   const client = await createIsolatedCodexAppServerClient({
@@ -184,33 +183,45 @@ describe("codex provider", () => {
     expect(resultProvider?.models.map((model) => model.id)).toEqual(["gpt-5.4"]);
   });
 
-  it("delegates all-page discovery to one model lister call", async () => {
-    const listModels = vi.fn(async () => ({
-      models: [
-        {
-          id: "gpt-5.4",
-          model: "gpt-5.4",
-          hidden: false,
-          inputModalities: ["text", "image"],
-          supportedReasoningEfforts: ["medium"],
-        },
-        {
-          id: "gpt-5.5",
-          model: "gpt-5.5",
-          hidden: false,
-          inputModalities: ["text"],
-          supportedReasoningEfforts: [],
-        },
-      ],
-    }));
+  it("pages through live discovery before building the provider catalog", async () => {
+    const listModels = vi
+      .fn()
+      .mockResolvedValueOnce({
+        models: [
+          {
+            id: "gpt-5.4",
+            model: "gpt-5.4",
+            hidden: false,
+            inputModalities: ["text", "image"],
+            supportedReasoningEfforts: ["medium"],
+          },
+        ],
+        nextCursor: "page-2",
+      })
+      .mockResolvedValueOnce({
+        models: [
+          {
+            id: "gpt-5.5",
+            model: "gpt-5.5",
+            hidden: false,
+            inputModalities: ["text"],
+            supportedReasoningEfforts: [],
+          },
+        ],
+      });
 
     const result = await buildCodexProviderCatalog({
       env: {},
       listModels,
     });
 
-    expect(listModels).toHaveBeenCalledTimes(1);
     expectRecordFields(mockCallArg(listModels, 0), {
+      cursor: undefined,
+      limit: 100,
+      sharedClient: false,
+    });
+    expectRecordFields(mockCallArg(listModels, 1), {
+      cursor: "page-2",
       limit: 100,
       sharedClient: false,
     });
@@ -266,7 +277,7 @@ describe("codex provider", () => {
       .mockReturnValueOnce(activeClient)
       .mockReturnValueOnce(discoveryClient);
 
-    await leaseSharedCodexAppServerClient({
+    await getSharedCodexAppServerClient({
       startOptions: {
         transport: "stdio",
         command: "/tmp/openclaw-test-codex",

extensions/codex/provider.ts

@@ -18,11 +18,16 @@ import {
   CODEX_PROVIDER_ID,
   FALLBACK_CODEX_MODELS,
 } from "./provider-catalog.js";
-import type { CodexAppServerStartOptions } from "./src/app-server/config.js";
+import {
+  type CodexAppServerStartOptions,
+  readCodexPluginConfig,
+  resolveCodexAppServerRuntimeOptions,
+} from "./src/app-server/config.js";
 import type {
   CodexAppServerModel,
   CodexAppServerModelListResult,
 } from "./src/app-server/models.js";
+import { buildCodexAppServerUsageSnapshot } from "./src/app-server/rate-limits.js";
 
 const DEFAULT_DISCOVERY_TIMEOUT_MS = 2500;
 const LIVE_DISCOVERY_ENV = "OPENCLAW_CODEX_DISCOVERY_LIVE";
@@ -34,6 +39,7 @@ const codexCatalogLog = createSubsystemLogger("codex/catalog");
 type CodexModelLister = (options: {
   timeoutMs: number;
   limit?: number;
+  cursor?: string;
   startOptions?: CodexAppServerStartOptions;
   sharedClient?: boolean;
 }) => Promise<CodexAppServerModelListResult>;
@@ -117,11 +123,6 @@ export function buildCodexProvider(options: BuildCodexProviderOptions = {}): Pro
       }
       const runtimePluginConfig = resolvePluginConfigObject(ctx.config, CODEX_PROVIDER_ID);
       const pluginConfig = runtimePluginConfig ?? (ctx.config ? undefined : options.pluginConfig);
-      const [{ resolveCodexAppServerRuntimeOptions }, { buildCodexAppServerUsageSnapshot }] =
-        await Promise.all([
-          import("./src/app-server/config.js"),
-          import("./src/app-server/rate-limits.js"),
-        ]);
       const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig });
       const rateLimits = await (options.readRateLimits ?? requestCodexAppServerRateLimitsLazy)({
         timeoutMs: ctx.timeoutMs,
@@ -155,15 +156,13 @@ export function buildCodexProvider(options: BuildCodexProviderOptions = {}): Pro
 export async function buildCodexProviderCatalog(
   options: BuildCatalogOptions = {},
 ): Promise<{ provider: ModelProviderConfig }> {
-  const { readCodexPluginConfig, resolveCodexAppServerRuntimeOptions } =
-    await import("./src/app-server/config.js");
   const config = readCodexPluginConfig(options.pluginConfig);
   const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig: options.pluginConfig });
   const timeoutMs = normalizeTimeoutMs(config.discovery?.timeoutMs);
   let discovered: CodexAppServerModel[] = [];
   if (config.discovery?.enabled !== false && !shouldSkipLiveDiscovery(options.env)) {
     discovered = await listModelsBestEffort({
-      listModels: options.listModels ?? listAllCodexAppServerModelsLazy,
+      listModels: options.listModels ?? listCodexAppServerModelsLazy,
       timeoutMs,
       startOptions: appServer.start,
       onDiscoveryFailure: options.onDiscoveryFailure,
@@ -201,14 +200,22 @@ async function listModelsBestEffort(params: {
   onDiscoveryFailure?: (error: unknown) => void;
 }): Promise<CodexAppServerModel[]> {
   try {
-    // The all-pages helper keeps one app-server client alive across pagination.
-    const result = await params.listModels({
-      timeoutMs: params.timeoutMs,
-      limit: MODEL_DISCOVERY_PAGE_LIMIT,
-      startOptions: params.startOptions,
-      sharedClient: false,
-    });
-    return result.models.filter((model) => !model.hidden);
+    const models: CodexAppServerModel[] = [];
+    let cursor: string | undefined;
+    do {
+      // App-server model listing is paginated; collect every visible model so
+      // aliases and picker rows match the current Codex account.
+      const result = await params.listModels({
+        timeoutMs: params.timeoutMs,
+        limit: MODEL_DISCOVERY_PAGE_LIMIT,
+        cursor,
+        startOptions: params.startOptions,
+        sharedClient: false,
+      });
+      models.push(...result.models.filter((model) => !model.hidden));
+      cursor = result.nextCursor;
+    } while (cursor);
+    return models;
   } catch (error) {
     params.onDiscoveryFailure?.(error);
     codexCatalogLog.debug("codex model discovery failed; using fallback catalog", {
@@ -218,14 +225,15 @@ async function listModelsBestEffort(params: {
   }
 }
 
-async function listAllCodexAppServerModelsLazy(options: {
+async function listCodexAppServerModelsLazy(options: {
   timeoutMs: number;
   limit?: number;
+  cursor?: string;
   startOptions?: CodexAppServerStartOptions;
   sharedClient?: boolean;
 }): Promise<CodexAppServerModelListResult> {
-  const { listAllCodexAppServerModels } = await import("./src/app-server/models.js");
-  return listAllCodexAppServerModels(options);
+  const { listCodexAppServerModels } = await import("./src/app-server/models.js");
+  return listCodexAppServerModels(options);
 }
 
 async function requestCodexAppServerRateLimitsLazy(options: {

extensions/codex/src/app-server/app-server-policy.test.ts

@@ -1,6 +1,9 @@
 // Codex tests cover app server policy plugin behavior.
 import { describe, expect, it } from "vitest";
-import { resolveCodexAppServerForOpenClawToolPolicy } from "./app-server-policy.js";
+import {
+  resolveCodexAppServerForModelProvider,
+  resolveCodexAppServerForOpenClawToolPolicy,
+} from "./app-server-policy.js";
 import { readCodexPluginConfig, resolveCodexAppServerRuntimeOptions } from "./config.js";
 
 describe("Codex app-server policy", () => {
@@ -66,4 +69,143 @@ describe("Codex app-server policy", () => {
     expect(explicitEnv.approvalPolicy).toBe("never");
     expect(explicitRequirements.approvalPolicy).toBe("never");
   });
+
+  it("keeps model-backed reviewers for explicit OpenAI model providers", () => {
+    const appServer = resolveCodexAppServerRuntimeOptions({
+      env: {},
+      requirementsToml: null,
+      execMode: "auto",
+      modelProvider: "openai",
+    });
+
+    expect(
+      resolveCodexAppServerForModelProvider({
+        appServer,
+        provider: "codex",
+        model: "openai/gpt-5.5",
+      }).approvalsReviewer,
+    ).toBe("auto_review");
+    expect(
+      resolveCodexAppServerForModelProvider({
+        appServer,
+        provider: "codex",
+        model: "gpt-5.5",
+      }).approvalsReviewer,
+    ).toBe("user");
+    expect(
+      resolveCodexAppServerForModelProvider({ appServer, provider: "openai" }).approvalsReviewer,
+    ).toBe("auto_review");
+  });
+
+  it("uses human approval for OpenAI-compatible custom endpoints", () => {
+    const appServer = resolveCodexAppServerRuntimeOptions({
+      env: {},
+      requirementsToml: null,
+      execMode: "auto",
+      modelProvider: "openai",
+      model: "gpt-5.5",
+      config: {
+        models: {
+          providers: {
+            openai: {
+              baseUrl: "http://localhost:8080/v1",
+              models: [],
+            },
+          },
+        },
+      },
+    });
+
+    expect(appServer.approvalsReviewer).toBe("user");
+    expect(
+      resolveCodexAppServerForModelProvider({
+        appServer,
+        provider: "openai",
+        model: "gpt-5.5",
+        config: {
+          models: {
+            providers: {
+              openai: {
+                baseUrl: "http://localhost:8080/v1",
+                models: [],
+              },
+            },
+          },
+        },
+      }).approvalsReviewer,
+    ).toBe("user");
+  });
+
+  it("uses human approval instead of Codex Guardian for custom model providers", () => {
+    const appServer = resolveCodexAppServerRuntimeOptions({
+      env: {},
+      requirementsToml: null,
+      execMode: "auto",
+      modelProvider: "openai",
+    });
+
+    const resolved = resolveCodexAppServerForModelProvider({
+      appServer,
+      provider: "lmstudio",
+    });
+    const vendorPrefixedModel = resolveCodexAppServerForModelProvider({
+      appServer,
+      provider: "openrouter",
+      model: "openai/gpt-5.5",
+    });
+
+    expect(appServer.approvalsReviewer).toBe("auto_review");
+    expect(resolved.approvalPolicy).toBe("on-request");
+    expect(resolved.sandbox).toBe("workspace-write");
+    expect(resolved.approvalsReviewer).toBe("user");
+    expect(vendorPrefixedModel.approvalsReviewer).toBe("user");
+  });
+
+  it("infers custom providers from provider-qualified model refs", () => {
+    const appServer = resolveCodexAppServerRuntimeOptions({
+      env: {},
+      requirementsToml: null,
+      execMode: "auto",
+    });
+
+    expect(
+      resolveCodexAppServerForModelProvider({
+        appServer,
+        model: "lmstudio/local-model",
+      }).approvalsReviewer,
+    ).toBe("user");
+  });
+
+  it("uses provider-qualified model refs to override broad native provider wrappers", () => {
+    const appServer = resolveCodexAppServerRuntimeOptions({
+      env: {},
+      requirementsToml: null,
+      execMode: "auto",
+    });
+
+    expect(
+      resolveCodexAppServerForModelProvider({
+        appServer,
+        provider: "codex",
+        model: "lmstudio/local-model",
+      }).approvalsReviewer,
+    ).toBe("user");
+  });
+
+  it("downgrades legacy guardian_subagent for custom model providers", () => {
+    const appServer = resolveCodexAppServerRuntimeOptions({
+      env: {},
+      requirementsToml: null,
+      pluginConfig: {
+        appServer: {
+          mode: "guardian",
+          approvalsReviewer: "guardian_subagent",
+        },
+      },
+    });
+
+    expect(
+      resolveCodexAppServerForModelProvider({ appServer, provider: "local" }).approvalsReviewer,
+    ).toBe("user");
+  });
 });

extensions/codex/src/app-server/app-server-policy.ts

@@ -2,10 +2,11 @@
  * Policy promotion for Codex app-server runs that can safely use OpenClaw tool
  * approvals.
  */
-import type {
-  CodexAppServerRuntimeOptions,
-  CodexPluginConfig,
-  OpenClawExecPolicyForCodexAppServer,
+import {
+  canUseCodexModelBackedApprovalsReviewerForModel,
+  type CodexAppServerRuntimeOptions,
+  type CodexPluginConfig,
+  type OpenClawExecPolicyForCodexAppServer,
 } from "./config.js";
 
 /**
@@ -44,6 +45,35 @@ export function resolveCodexAppServerForOpenClawToolPolicy(params: {
   };
 }
 
+export function resolveCodexAppServerForModelProvider(params: {
+  appServer: CodexAppServerRuntimeOptions;
+  provider?: string;
+  model?: string;
+  config?: Parameters<typeof canUseCodexModelBackedApprovalsReviewerForModel>[0]["config"];
+  env?: NodeJS.ProcessEnv;
+  agentDir?: string;
+  codexConfigToml?: string | null;
+}): CodexAppServerRuntimeOptions {
+  const explicitProvider = normalizeModelBackedReviewerProvider(params.provider);
+  if (
+    !isCodexModelBackedApprovalsReviewer(params.appServer.approvalsReviewer) ||
+    canUseCodexModelBackedApprovalsReviewerForModel({
+      modelProvider: explicitProvider,
+      model: params.model,
+      config: params.config,
+      env: params.env,
+      agentDir: params.agentDir,
+      codexConfigToml: params.codexConfigToml,
+    })
+  ) {
+    return params.appServer;
+  }
+  return {
+    ...params.appServer,
+    approvalsReviewer: "user",
+  };
+}
+
 function isCodexAppServerPolicyMode(value: unknown): boolean {
   return value === "guardian" || value === "yolo";
 }
@@ -53,3 +83,12 @@ function isCodexAppServerApprovalPolicy(value: unknown): boolean {
     value === "never" || value === "on-request" || value === "on-failure" || value === "untrusted"
   );
 }
+
+function isCodexModelBackedApprovalsReviewer(value: string): boolean {
+  return value === "auto_review" || value === "guardian_subagent";
+}
+
+function normalizeModelBackedReviewerProvider(provider: string | undefined): string | undefined {
+  const normalized = provider?.trim().toLowerCase();
+  return normalized || undefined;
+}

extensions/codex/src/app-server/approval-bridge.ts

@@ -285,7 +285,8 @@ function matchesCurrentTurn(
   if (!requestParams) {
     return false;
   }
-  const requestThreadId = readString(requestParams, "threadId");
+  const requestThreadId =
+    readString(requestParams, "threadId") ?? readString(requestParams, "conversationId");
   const requestTurnId = readString(requestParams, "turnId");
   return requestThreadId === threadId && requestTurnId === turnId;
 }

extensions/codex/src/app-server/attempt-client-cleanup.test.ts

@@ -2,41 +2,10 @@
 import { describe, expect, it, vi } from "vitest";
 import {
   interruptCodexTurnBestEffort,
-  runCodexTurnStartWithLease,
-  settleCodexAppServerClientLease,
   unsubscribeCodexThreadBestEffort,
-  validateCodexThreadCreationResponse,
 } from "./attempt-client-cleanup.js";
-import { CodexAppServerRpcError } from "./client.js";
 
 describe("Codex app-server attempt client cleanup", () => {
-  it("keeps the client lease after a structured turn-start rejection", async () => {
-    const abandon = vi.fn(async () => undefined);
-    const error = new CodexAppServerRpcError({ message: "turn rejected" }, "turn/start");
-
-    await expect(
-      runCodexTurnStartWithLease({ abandon } as never, async () => {
-        throw error;
-      }),
-    ).rejects.toBe(error);
-
-    expect(abandon).not.toHaveBeenCalled();
-  });
-
-  it("abandons only the exact client lease after an ambiguous turn-start timeout", async () => {
-    const abandon = vi.fn(async () => undefined);
-    const otherAbandon = vi.fn(async () => undefined);
-
-    await expect(
-      runCodexTurnStartWithLease({ abandon } as never, async () => {
-        throw new Error("turn/start timed out");
-      }),
-    ).rejects.toThrow("turn/start timed out");
-
-    expect(abandon).toHaveBeenCalledTimes(1);
-    expect(otherAbandon).not.toHaveBeenCalled();
-  });
-
   it("interrupts turns with optional request timeout", () => {
     const request = vi.fn(async () => ({}));
 
@@ -53,58 +22,7 @@ describe("Codex app-server attempt client cleanup", () => {
     );
   });
 
-  it("unsubscribes a retained thread when its create response is malformed", async () => {
-    const request = vi.fn(async () => ({}));
-    const abandon = vi.fn(async () => undefined);
-    const invalidResponse = { thread: { id: "thread-1" } };
-
-    await expect(
-      validateCodexThreadCreationResponse(
-        { client: { request } as never, abandon },
-        invalidResponse,
-        () => {
-          throw new Error("invalid thread/start response");
-        },
-      ),
-    ).rejects.toThrow("invalid thread/start response");
-
-    expect(request).toHaveBeenCalledWith(
-      "thread/unsubscribe",
-      { threadId: "thread-1" },
-      { timeoutMs: 5_000 },
-    );
-    expect(abandon).not.toHaveBeenCalled();
-  });
-
-  it.each([
-    ["omits the retained thread id", {}, vi.fn(async () => ({}))],
-    [
-      "cannot confirm unsubscribe",
-      { thread: { id: "thread-1" } },
-      vi.fn(async () => {
-        throw new Error("connection lost");
-      }),
-    ],
-  ])(
-    "retires the client when a malformed create response %s",
-    async (_label, response, request) => {
-      const abandon = vi.fn(async () => undefined);
-
-      await expect(
-        validateCodexThreadCreationResponse(
-          { client: { request } as never, abandon },
-          response,
-          () => {
-            throw new Error("invalid thread/start response");
-          },
-        ),
-      ).rejects.toThrow("subscription could not be released");
-
-      expect(abandon).toHaveBeenCalledOnce();
-    },
-  );
-
-  it("reports unsubscribe cleanup failures", async () => {
+  it("swallows unsubscribe cleanup failures", async () => {
     const request = vi.fn(async () => {
       throw new Error("already gone");
     });
@@ -114,7 +32,7 @@ describe("Codex app-server attempt client cleanup", () => {
         threadId: "thread-1",
         timeoutMs: 123,
       }),
-    ).resolves.toBe(false);
+    ).resolves.toBeUndefined();
 
     expect(request).toHaveBeenCalledWith(
       "thread/unsubscribe",
@@ -122,31 +40,4 @@ describe("Codex app-server attempt client cleanup", () => {
       { timeoutMs: 123 },
     );
   });
-
-  it("returns leases only after thread cleanup is confirmed", async () => {
-    const release = vi.fn();
-    const abandon = vi.fn(async () => undefined);
-    await settleCodexAppServerClientLease(
-      { client: { request: vi.fn(async () => ({})) }, release, abandon } as never,
-      { threadId: "thread-ok", timeoutMs: 123 },
-    );
-    expect(release).toHaveBeenCalledOnce();
-    expect(abandon).not.toHaveBeenCalled();
-
-    release.mockClear();
-    await settleCodexAppServerClientLease(
-      {
-        client: {
-          request: vi.fn(async () => {
-            throw new Error("unsubscribe failed");
-          }),
-        },
-        release,
-        abandon,
-      } as never,
-      { threadId: "thread-stale", timeoutMs: 123 },
-    );
-    expect(release).not.toHaveBeenCalled();
-    expect(abandon).toHaveBeenCalledOnce();
-  });
 });

extensions/codex/src/app-server/attempt-client-cleanup.ts

@@ -2,124 +2,60 @@
  * Best-effort cleanup helpers for Codex app-server startup attempts and turns.
  */
 import { embeddedAgentLog } from "openclaw/plugin-sdk/agent-harness-runtime";
-import { CodexAppServerRpcError, type CodexAppServerClient } from "./client.js";
-import { isJsonObject, readCodexThreadCreationResponseId } from "./protocol.js";
-import type { CodexAppServerClientLease } from "./shared-client.js";
+import type { CodexAppServerClient } from "./client.js";
+import {
+  clearSharedCodexAppServerClientIfCurrent,
+  clearSharedCodexAppServerClientIfCurrentAndUnclaimed,
+  retireSharedCodexAppServerClientIfCurrent,
+} from "./shared-client.js";
 
 /** Timeout for best-effort app-server turn interruption during cleanup. */
 export const CODEX_APP_SERVER_INTERRUPT_TIMEOUT_MS = 5_000;
 /** Timeout for best-effort thread unsubscribe during cleanup. */
 export const CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS = 5_000;
 
-/** The connection's thread-subscription ownership can no longer be proven. */
-export class CodexAppServerUnsafeSubscriptionError extends Error {
-  constructor(message: string, options?: ErrorOptions) {
-    super(message, options);
-    this.name = "CodexAppServerUnsafeSubscriptionError";
+async function closeClientAndWaitIfAvailable(client: CodexAppServerClient): Promise<void> {
+  const closeable = client as {
+    close?: CodexAppServerClient["close"];
+    closeAndWait?: CodexAppServerClient["closeAndWait"];
+  };
+  if (typeof closeable.closeAndWait === "function") {
+    await closeable.closeAndWait();
+    return;
   }
+  closeable.close?.();
 }
 
-export function isCodexAppServerUnsafeSubscriptionError(
-  error: unknown,
-): error is CodexAppServerUnsafeSubscriptionError {
-  return error instanceof CodexAppServerUnsafeSubscriptionError;
-}
-
-/** A resume response may only describe the thread this connection retained. */
-export function assertCodexThreadResumeSubscription(
-  requestedThreadId: string,
-  returnedThreadId: string,
-): void {
-  if (returnedThreadId !== requestedThreadId) {
-    throw new CodexAppServerUnsafeSubscriptionError(
-      `Codex thread/resume returned ${returnedThreadId} for ${requestedThreadId}`,
-    );
+export async function closeCodexStartupClientBestEffort(
+  client: CodexAppServerClient | undefined,
+): Promise<void> {
+  if (!client) {
+    return;
   }
-}
-
-/** Retires the exact client lease when turn acceptance is ambiguous. */
-export async function runCodexTurnStartWithLease<T>(
-  lease: CodexAppServerClientLease,
-  startTurn: () => Promise<T>,
-): Promise<T> {
-  try {
-    return await startTurn();
-  } catch (error) {
-    // Structured RPC rejection happens before Codex accepts the turn. Transport,
-    // timeout, and abort failures may hide an accepted turn with an unknown id.
-    if (!(error instanceof CodexAppServerRpcError)) {
-      await lease.abandon();
+  const unclaimedSharedClient = clearSharedCodexAppServerClientIfCurrentAndUnclaimed(client);
+  if (unclaimedSharedClient.closed) {
+    await closeClientAndWaitIfAvailable(client);
+    return;
+  }
+  if (unclaimedSharedClient.found) {
+    const retired = retireSharedCodexAppServerClientIfCurrent(client);
+    if (retired?.closed) {
+      await closeClientAndWaitIfAvailable(client);
     }
-    throw error;
+    return;
   }
-}
-
-/** Retries once when native work wins the race immediately before turn/start. */
-export async function runCodexTurnStartWithNativeTurnRetry<T>(params: {
-  startTurn: () => Promise<T>;
-  waitForActiveTurnCompletion: () => Promise<boolean>;
-  afterActiveTurnCompletion?: () => Promise<void>;
-  onRetry?: () => void;
-}): Promise<T> {
-  try {
-    return await params.startTurn();
-  } catch (error) {
-    if (!isCodexActiveTurnNotSteerableError(error)) {
-      throw error;
+  const retiredSharedClient = retireSharedCodexAppServerClientIfCurrent(client);
+  if (retiredSharedClient) {
+    if (retiredSharedClient.closed) {
+      await closeClientAndWaitIfAvailable(client);
     }
-    params.onRetry?.();
-    if (!(await params.waitForActiveTurnCompletion())) {
-      throw error;
-    }
-    await params.afterActiveTurnCompletion?.();
-    return await params.startTurn();
+    return;
   }
-}
-
-/** True for Codex's structured rejection when native work already owns the thread. */
-export function isCodexActiveTurnNotSteerableError(error: unknown): boolean {
-  if (!(error instanceof CodexAppServerRpcError) || !isJsonObject(error.data)) {
-    return false;
-  }
-  const info = error.data.codexErrorInfo;
-  return isJsonObject(info) && isJsonObject(info.activeTurnNotSteerable);
-}
-
-/** Validates a create response and retires the client unless cleanup is confirmed. */
-export async function validateCodexThreadCreationResponse<T>(
-  owner: {
-    client: CodexAppServerClient;
-    abandon: () => Promise<void>;
-  },
-  response: unknown,
-  validate: (value: unknown) => T,
-): Promise<T> {
-  try {
-    return validate(response);
-  } catch (error) {
-    const threadId = readCodexThreadCreationResponseId(response);
-    const released = threadId
-      ? await unsubscribeCodexThreadBestEffort(owner.client, {
-          threadId,
-          timeoutMs: CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS,
-        })
-      : false;
-    if (released) {
-      throw error;
-    }
-    try {
-      await owner.abandon();
-    } catch (abandonError) {
-      throw new CodexAppServerUnsafeSubscriptionError(
-        "Codex thread creation response was invalid and its client could not be retired",
-        { cause: abandonError },
-      );
-    }
-    throw new CodexAppServerUnsafeSubscriptionError(
-      "Codex thread creation response was invalid and its subscription could not be released",
-      { cause: error },
-    );
+  if (clearSharedCodexAppServerClientIfCurrent(client)) {
+    await closeClientAndWaitIfAvailable(client);
+    return;
   }
+  await closeClientAndWaitIfAvailable(client);
 }
 
 /** Sends a turn interrupt without blocking abort cleanup on app-server errors. */
@@ -148,56 +84,28 @@ export function interruptCodexTurnBestEffort(
   }
 }
 
-/** Unsubscribes from a thread and reports whether wire cleanup was confirmed. */
+/** Unsubscribes from a thread while swallowing cleanup-only failures. */
 export async function unsubscribeCodexThreadBestEffort(
   client: CodexAppServerClient,
   params: {
     threadId: string;
     timeoutMs: number;
   },
-): Promise<boolean> {
+): Promise<void> {
   try {
     await client.request(
       "thread/unsubscribe",
       { threadId: params.threadId },
       { timeoutMs: params.timeoutMs },
     );
-    return true;
   } catch (error) {
     embeddedAgentLog.debug("codex app-server thread unsubscribe cleanup failed", {
       threadId: params.threadId,
       error,
     });
-    return false;
   }
 }
 
-/** Returns one exact client lease to the pool only after subscription cleanup succeeds. */
-export async function settleCodexAppServerClientLease(
-  lease: CodexAppServerClientLease,
-  params: {
-    threadId?: string;
-    timeoutMs: number;
-    abandon?: boolean;
-  },
-): Promise<void> {
-  if (params.abandon) {
-    await lease.abandon();
-    return;
-  }
-  if (
-    params.threadId &&
-    !(await unsubscribeCodexThreadBestEffort(lease.client, {
-      threadId: params.threadId,
-      timeoutMs: params.timeoutMs,
-    }))
-  ) {
-    await lease.abandon();
-    return;
-  }
-  lease.release();
-}
-
 /**
  * Retires the shared client after a timed-out turn so later runs do not reuse a
  * potentially wedged app-server connection.
@@ -208,9 +116,10 @@ export async function retireCodexAppServerClientAfterTimedOutTurn(
     threadId: string;
     turnId: string;
     reason: string;
-    abandonClientLease: () => Promise<void>;
   },
 ): Promise<void> {
+  const retiredSharedClient = retireSharedCodexAppServerClientIfCurrent(client);
+  const detachedSharedClient = Boolean(retiredSharedClient);
   interruptCodexTurnBestEffort(client, {
     threadId: params.threadId,
     turnId: params.turnId,
@@ -220,10 +129,28 @@ export async function retireCodexAppServerClientAfterTimedOutTurn(
     threadId: params.threadId,
     timeoutMs: CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS,
   });
-  await params.abandonClientLease();
+  let closedClient = retiredSharedClient?.closed ?? false;
+  if (!detachedSharedClient) {
+    const close = (client as { close?: () => void }).close;
+    if (typeof close === "function") {
+      try {
+        close.call(client);
+        closedClient = true;
+      } catch (error) {
+        embeddedAgentLog.debug("codex app-server client close failed during timeout cleanup", {
+          threadId: params.threadId,
+          turnId: params.turnId,
+          error,
+        });
+      }
+    }
+  }
   embeddedAgentLog.warn("codex app-server client retired after timed-out turn", {
     threadId: params.threadId,
     turnId: params.turnId,
     reason: params.reason,
+    detachedSharedClient,
+    closedClient,
+    activeSharedClientLeases: retiredSharedClient?.activeLeases ?? 0,
   });
 }

extensions/codex/src/app-server/attempt-context.ts

@@ -586,51 +586,6 @@ export function prependCodexOpenClawPromptContext(
   return [context?.trim(), deliverySection, promptSection].filter(Boolean).join("\n\n");
 }
 
-/**
- * Maps the surviving user-request portion of an input range after delivery
- * metadata has been relocated before the request.
- */
-export function resolveCodexDeliveryHintPreservedInputRange(params: {
-  prompt: string;
-  promptInputRange: { start: number; end: number } | undefined;
-  decoratedPrompt: string;
-}): { start: number; end: number } | undefined {
-  const { prompt, promptInputRange, decoratedPrompt } = params;
-  const { deliveryHint, prompt: promptWithoutDeliveryHint } = splitLeadingCodexDeliveryHint(prompt);
-  if (
-    !deliveryHint ||
-    !promptInputRange ||
-    promptInputRange.start < 0 ||
-    promptInputRange.end < promptInputRange.start ||
-    promptInputRange.end > prompt.length ||
-    !decoratedPrompt.endsWith(promptWithoutDeliveryHint)
-  ) {
-    return undefined;
-  }
-  const promptWithoutDeliveryHintStart = prompt.length - promptWithoutDeliveryHint.length;
-  const inputStart = Math.max(promptInputRange.start, promptWithoutDeliveryHintStart);
-  const inputEnd = Math.max(
-    inputStart,
-    Math.min(
-      promptInputRange.end,
-      promptWithoutDeliveryHint.length + promptWithoutDeliveryHintStart,
-    ),
-  );
-  const decoratedPromptSuffixStart = decoratedPrompt.length - promptWithoutDeliveryHint.length;
-  const requestHeader = "Current user request:\n";
-  const requestHeaderStart = decoratedPromptSuffixStart - requestHeader.length;
-  // Delivery metadata moves outside the request, so retain the remaining input
-  // span rather than treating the original, now non-contiguous range as valid.
-  return {
-    start:
-      inputStart === promptWithoutDeliveryHintStart &&
-      decoratedPrompt.slice(requestHeaderStart, decoratedPromptSuffixStart) === requestHeader
-        ? requestHeaderStart
-        : decoratedPromptSuffixStart + inputStart - promptWithoutDeliveryHintStart,
-    end: decoratedPromptSuffixStart + inputEnd - promptWithoutDeliveryHintStart,
-  };
-}
-
 function splitLeadingCodexDeliveryHint(prompt: string): {
   deliveryHint?: string;
   prompt: string;
@@ -899,6 +854,11 @@ function renderCodexMemoryToolSearchBridge(toolNames: readonly string[]): string
   return `Codex may expose ${memoryToolNames.join(" and ")} as deferred tools. When the memory guidance above calls for memory recall, use an already-loaded memory tool directly. If the needed memory tool is deferred and not currently callable, use \`tool_search\` to load it, then call that memory tool.`;
 }
 
+/** Returns whether the current dynamic tool list can serve workspace memory. */
+export function hasCodexWorkspaceMemoryTools(tools: readonly CodexDynamicToolSpec[]): boolean {
+  return getCodexWorkspaceMemoryToolNames(tools).length > 0;
+}
+
 /** Lists available memory tool names understood by Codex workspace memory routing. */
 export function getCodexWorkspaceMemoryToolNames(tools: readonly CodexDynamicToolSpec[]): string[] {
   const availableToolNames = new Set(

extensions/codex/src/app-server/attempt-notification-state.ts

@@ -9,6 +9,7 @@ import {
   isFileChangePatchUpdatedNotification,
   isAssistantCommentaryCompletionNotification,
   isNativeToolProgressNotification,
+  isNativeResponseStreamDeltaNotification,
   isPendingOpenClawDynamicToolCompletionNotification,
   isRawAssistantProgressNotification,
   isRawReasoningCompletionNotification,
@@ -16,6 +17,7 @@ import {
   isReasoningProgressNotification,
   isReasoningItemCompletionNotification,
   isRetryableErrorNotification,
+  isTurnNotification,
   readCodexNotificationItem,
   readNotificationItemId,
   shouldDisarmAssistantCompletionIdleWatch,
@@ -23,7 +25,6 @@ import {
 } from "./attempt-notifications.js";
 import { CODEX_POST_REASONING_REPLY_IDLE_TIMEOUT_MS } from "./attempt-timeouts.js";
 import type { CodexAttemptTurnWatchController } from "./attempt-turn-watches.js";
-import { isCodexNotificationForTurn } from "./notification-correlation.js";
 import type { CodexServerNotification } from "./protocol.js";
 
 type CodexExecutionPhase =
@@ -69,7 +70,7 @@ export function isTerminalCodexTurnNotificationForTurn(params: {
   turnId: string;
   currentPromptTexts: string[];
 }): boolean {
-  if (!isCodexNotificationForTurn(params.notification.params, params.threadId, params.turnId)) {
+  if (!isTurnNotification(params.notification.params, params.threadId, params.turnId)) {
     return false;
   }
   return (
@@ -104,15 +105,16 @@ export function applyCodexTurnNotificationState(params: {
   turnCrossedToolHandoff: boolean;
 } {
   const { notification, turnWatches } = params;
-  const isCurrentTurnNotification = isCodexNotificationForTurn(
+  const isCurrentTurnNotification = isTurnNotification(
     notification.params,
     params.threadId,
     params.turnId,
   );
   const isTurnCompletion = notification.method === "turn/completed" && isCurrentTurnNotification;
+  const isNativeResponseStreamDelta = isNativeResponseStreamDeltaNotification(notification);
   let turnCrossedToolHandoff = params.turnCrossedToolHandoff;
 
-  if (isCurrentTurnNotification) {
+  if (isCurrentTurnNotification && !isNativeResponseStreamDelta) {
     turnWatches.touchActivity(`notification:${notification.method}`, {
       details: describeNotificationActivity(notification),
       attemptProgress: true,
@@ -248,6 +250,7 @@ export function applyCodexTurnNotificationState(params: {
     !turnWatches.isCompletionIdleWatchPinnedByTerminalError() &&
     notification.method !== "turn/completed" &&
     isCurrentTurnNotification &&
+    !isNativeResponseStreamDelta &&
     !trackedDynamicToolCompletion &&
     !rawToolOutputCompletion &&
     !postToolProgressNeedsTerminalGuard &&

extensions/codex/src/app-server/attempt-notifications.ts

@@ -1,6 +1,11 @@
 /**
  * Predicates and readers for Codex app-server notification envelopes.
  */
+import { asBoolean } from "openclaw/plugin-sdk/string-coerce-runtime";
+import {
+  describeCodexNotificationCorrelation,
+  isCodexNotificationForTurn,
+} from "./notification-correlation.js";
 import {
   isJsonObject,
   type CodexServerNotification,
@@ -211,6 +216,13 @@ export function isNativeToolProgressNotification(notification: CodexServerNotifi
   }
 }
 
+/** Returns true for raw native response stream delta events. */
+export function isNativeResponseStreamDeltaNotification(
+  notification: CodexServerNotification,
+): boolean {
+  return notification.method.startsWith("response.") && notification.method.endsWith(".delta");
+}
+
 /** Returns true for file-change patch update notifications. */
 export function isFileChangePatchUpdatedNotification(
   notification: CodexServerNotification,
@@ -265,9 +277,74 @@ function readRawAssistantTextPreview(item: JsonObject): string | undefined {
   return text.length > 240 ? `${text.slice(0, 237)}...` : text;
 }
 
+/** Returns true when notification params correlate to a specific thread/turn. */
+export function isTurnNotification(
+  value: JsonValue | undefined,
+  threadId: string,
+  turnId: string,
+): boolean {
+  return isCodexNotificationForTurn(value, threadId, turnId);
+}
+
+/** Returns true when a correlated notification belongs to another active run. */
+export function isCodexNotificationOutsideActiveRun(
+  correlation: ReturnType<typeof describeCodexNotificationCorrelation>,
+): boolean {
+  const hasThreadScope = Boolean(correlation.threadId || correlation.nestedTurnThreadId);
+  if (!hasThreadScope) {
+    return false;
+  }
+  if (!correlation.matchesActiveThread) {
+    return true;
+  }
+  const hasTurnScope = Boolean(correlation.turnId || correlation.nestedTurnId);
+  return hasTurnScope && correlation.matchesActiveTurn === false;
+}
+
+/** Checks request params that must contain the current thread and turn ids. */
+export function isCurrentThreadTurnRequestParams(
+  value: JsonValue | undefined,
+  threadId: string,
+  turnId: string,
+): boolean {
+  if (!isJsonObject(value)) {
+    return false;
+  }
+  return readString(value, "threadId") === threadId && readString(value, "turnId") === turnId;
+}
+
+/** Checks approval request params, accepting `conversationId` as thread id. */
+export function isCurrentApprovalTurnRequestParams(
+  value: JsonValue | undefined,
+  threadId: string,
+  turnId: string,
+): boolean {
+  if (!isJsonObject(value)) {
+    return false;
+  }
+  const requestThreadId = readString(value, "threadId") ?? readString(value, "conversationId");
+  return requestThreadId === threadId && readString(value, "turnId") === turnId;
+}
+
+/** Checks request params where `turnId` may be omitted or null for the thread. */
+export function isCurrentThreadOptionalTurnRequestParams(
+  value: JsonValue | undefined,
+  threadId: string,
+  turnId: string,
+): boolean {
+  if (!isJsonObject(value) || readString(value, "threadId") !== threadId) {
+    return false;
+  }
+  const requestTurnId = value.turnId;
+  return requestTurnId === null || requestTurnId === undefined || requestTurnId === turnId;
+}
+
 /** Returns true for app-server error notifications that will retry. */
 export function isRetryableErrorNotification(value: JsonValue | undefined): boolean {
-  return isJsonObject(value) && value.willRetry === true;
+  if (!isJsonObject(value)) {
+    return false;
+  }
+  return readBoolean(value, "willRetry") === true || readBoolean(value, "will_retry") === true;
 }
 
 /** Returns true for terminal app-server thread status strings. */
@@ -342,6 +419,10 @@ function readString(record: JsonObject, key: string): string | undefined {
   return typeof value === "string" ? value : undefined;
 }
 
+function readBoolean(record: JsonObject, key: string): boolean | undefined {
+  return asBoolean(record[key]);
+}
+
 /** Reads a typed Codex item from notification params when id/type are present. */
 export function readCodexNotificationItem(
   params: JsonValue | undefined,

extensions/codex/src/app-server/attempt-startup.test.ts

@@ -9,16 +9,13 @@ import type {
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { startCodexAttemptThread } from "./attempt-startup.js";
+import { defaultLeasedCodexAppServerClientFactory } from "./client-factory.js";
 import { CodexAppServerClient } from "./client.js";
 import { type CodexPluginConfig, resolveCodexAppServerRuntimeOptions } from "./config.js";
-import { threadStartResult } from "./run-attempt-test-harness.js";
 import {
-  resetCodexTestBindingStore,
-  testCodexAppServerBindingStore,
-} from "./session-binding.test-helpers.js";
-import {
-  leaseSharedCodexAppServerClient,
-  resetSharedCodexAppServerClientForTests,
+  clearSharedCodexAppServerClient,
+  getLeasedSharedCodexAppServerClient,
+  releaseLeasedSharedCodexAppServerClient,
 } from "./shared-client.js";
 import { createClientHarness, createCodexTestModel } from "./test-support.js";
 
@@ -88,10 +85,12 @@ function startThreadWithHarness(
   signal = new AbortController().signal,
   overrides?: {
     pluginConfig?: CodexPluginConfig;
+    attemptClientFactory?: (
+      harness: ClientHarness,
+    ) => Parameters<typeof startCodexAttemptThread>[0]["attemptClientFactory"];
     harness?: ClientHarness;
     paths?: AttemptPaths;
     skipStartSpy?: boolean;
-    onThreadReserved?: Parameters<typeof startCodexAttemptThread>[0]["onThreadReserved"];
   },
 ) {
   const harness = overrides?.harness ?? createClientHarness();
@@ -102,7 +101,8 @@ function startThreadWithHarness(
   const effectivePluginConfig = overrides?.pluginConfig ?? pluginConfig;
 
   const run = startCodexAttemptThread({
-    bindingStore: testCodexAppServerBindingStore,
+    attemptClientFactory:
+      overrides?.attemptClientFactory?.(harness) ?? defaultLeasedCodexAppServerClientFactory,
     appServer: resolveCodexAppServerRuntimeOptions({ pluginConfig: effectivePluginConfig }),
     pluginConfig: effectivePluginConfig,
     computerUseConfig: effectivePluginConfig.computerUse ?? { enabled: false },
@@ -125,11 +125,10 @@ function startThreadWithHarness(
     sandboxExecServerEnabled: false,
     sandbox: null,
     contextEngineProjection: undefined,
-    startupTokenGuard: {},
     startupTimeoutMs,
     signal,
     onStartupTimeout: vi.fn(),
-    onThreadReserved: overrides?.onThreadReserved,
+    spawnedBy: undefined,
   });
 
   return { harness, run };
@@ -171,13 +170,12 @@ describe("startCodexAttemptThread", () => {
     vi.useRealTimers();
     vi.stubEnv("CODEX_API_KEY", "");
     vi.stubEnv("OPENAI_API_KEY", "");
-    resetCodexTestBindingStore();
-    resetSharedCodexAppServerClientForTests();
+    clearSharedCodexAppServerClient();
   });
 
   afterEach(async () => {
     vi.useRealTimers();
-    resetSharedCodexAppServerClientForTests();
+    clearSharedCodexAppServerClient();
     vi.restoreAllMocks();
     vi.unstubAllEnvs();
     for (const root of tempRoots) {
@@ -186,7 +184,7 @@ describe("startCodexAttemptThread", () => {
     tempRoots.clear();
   });
 
-  it("keeps the shared app-server reusable after a structured startup rejection", async () => {
+  it("clears the shared app-server when top-level thread startup fails with an app error", async () => {
     const { harness, run } = startThreadWithHarness(5_000);
     await answerInitialize(harness);
     const threadStart = await waitForThreadStart(harness);
@@ -196,57 +194,25 @@ describe("startCodexAttemptThread", () => {
     });
 
     await expect(run).rejects.toThrow("Invalid bearer token");
-    expect(harness.process.stdin.destroyed).toBe(false);
-  });
-
-  it("retires the client when malformed startup cleanup cannot be confirmed", async () => {
-    const { harness, run } = startThreadWithHarness(5_000);
-    await answerInitialize(harness);
-    const threadStart = await waitForThreadStart(harness);
-    harness.send({ id: threadStart.id, result: { thread: { id: "thread-malformed" } } });
-    const unsubscribe = await waitForRequest(harness, "thread/unsubscribe");
-    harness.send({
-      id: unsubscribe.id,
-      error: { code: -32000, message: "unsubscribe failed" },
-    });
-
-    await expect(run).rejects.toThrow("subscription could not be released");
     expect(harness.process.stdin.destroyed).toBe(true);
   });
 
-  it("retires the client when route cleanup cannot release the subscription", async () => {
-    const { harness, run } = startThreadWithHarness(5_000, undefined, {
-      onThreadReserved: () => {
-        throw new Error("route integration failed");
-      },
-    });
-    await answerInitialize(harness);
-    const threadStart = await waitForThreadStart(harness);
-    harness.send({ id: threadStart.id, result: threadStartResult("thread-route-failed") });
-    const unsubscribe = await waitForRequest(harness, "thread/unsubscribe");
-    harness.send({
-      id: unsubscribe.id,
-      error: { code: -32000, message: "unsubscribe failed" },
-    });
-
-    await expect(run).rejects.toThrow("Codex startup subscription cleanup failed");
-    expect(harness.process.stdin.destroyed).toBe(true);
-  });
-
-  it("does not retire a peer-owned client after a structured startup rejection", async () => {
+  it("retires a failed startup client after another active lease releases", async () => {
     const retained = createClientHarness();
-    const startSpy = vi.spyOn(CodexAppServerClient, "start").mockReturnValue(retained.client);
+    const replacement = createClientHarness();
+    const startSpy = vi
+      .spyOn(CodexAppServerClient, "start")
+      .mockReturnValueOnce(retained.client)
+      .mockReturnValueOnce(replacement.client);
     const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig });
     const paths = createAttemptPaths();
 
-    const retainedLeasePromise = leaseSharedCodexAppServerClient({
+    const retainedLease = getLeasedSharedCodexAppServerClient({
       startOptions: appServer.start,
       agentDir: paths.agentDir,
-      preparedAuth: {},
     });
     await answerInitialize(retained);
-    const retainedLease = await retainedLeasePromise;
-    expect(retainedLease.client).toBe(retained.client);
+    await expect(retainedLease).resolves.toBe(retained.client);
 
     const { run } = startThreadWithHarness(5_000, new AbortController().signal, {
       harness: retained,
@@ -262,16 +228,17 @@ describe("startCodexAttemptThread", () => {
     await expect(run).rejects.toThrow("Invalid bearer token");
     expect(retained.process.stdin.destroyed).toBe(false);
 
-    retainedLease.release();
-    const nextLeasePromise = leaseSharedCodexAppServerClient({
+    expect(releaseLeasedSharedCodexAppServerClient(retained.client)).toBe(true);
+    await vi.waitFor(() => expect(retained.process.stdin.destroyed).toBe(true));
+
+    const replacementLease = getLeasedSharedCodexAppServerClient({
       startOptions: appServer.start,
       agentDir: paths.agentDir,
-      preparedAuth: {},
     });
-    const nextLease = await nextLeasePromise;
-    expect(nextLease.client).toBe(retained.client);
-    expect(startSpy).toHaveBeenCalledTimes(1);
-    nextLease.release();
+    await answerInitialize(replacement);
+    await expect(replacementLease).resolves.toBe(replacement.client);
+    expect(startSpy).toHaveBeenCalledTimes(2);
+    expect(releaseLeasedSharedCodexAppServerClient(replacement.client)).toBe(true);
   });
 
   it("clears the shared app-server when startup abandons an in-flight thread request", async () => {
@@ -293,20 +260,18 @@ describe("startCodexAttemptThread", () => {
     expect(harness.stdinDestroyed).toBe(true);
   });
 
-  it("retires abandoned thread startup even when another lease shares the client", async () => {
+  it("aborts abandoned thread startup when another lease keeps the shared app-server alive", async () => {
     const retained = createClientHarness();
     vi.spyOn(CodexAppServerClient, "start").mockReturnValue(retained.client);
     const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig });
     const paths = createAttemptPaths();
 
-    const retainedLeasePromise = leaseSharedCodexAppServerClient({
+    const retainedLease = getLeasedSharedCodexAppServerClient({
       startOptions: appServer.start,
       agentDir: paths.agentDir,
-      preparedAuth: {},
     });
     await answerInitialize(retained);
-    const retainedLease = await retainedLeasePromise;
-    expect(retainedLease.client).toBe(retained.client);
+    await expect(retainedLease).resolves.toBe(retained.client);
 
     const { run } = startThreadWithHarness(100, new AbortController().signal, {
       harness: retained,
@@ -317,9 +282,11 @@ describe("startCodexAttemptThread", () => {
     const threadStart = await waitForThreadStart(retained);
 
     await rejected;
-    expect(threadStart.id).toBeDefined();
-    expect(retained.process.stdin.destroyed).toBe(true);
-    retainedLease.release();
+    expect(retained.process.stdin.destroyed).toBe(false);
+
+    retained.send({ id: threadStart.id, result: { threadId: "late-thread" } });
+    expect(releaseLeasedSharedCodexAppServerClient(retained.client)).toBe(true);
+    await vi.waitFor(() => expect(retained.process.stdin.destroyed).toBe(true));
   });
 
   it("closes the shared app-server when startup times out during initialize", async () => {
@@ -344,37 +311,45 @@ describe("startCodexAttemptThread", () => {
     ).toBe(false);
   });
 
-  it("releases a late startup lease without retiring a peer-owned initializing client", async () => {
-    const harness = createClientHarness();
-    const startSpy = vi.spyOn(CodexAppServerClient, "start").mockReturnValue(harness.client);
-    const paths = createAttemptPaths();
-    const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig });
-    const peerPromise = leaseSharedCodexAppServerClient({
-      startOptions: appServer.start,
-      agentDir: paths.agentDir,
-      preparedAuth: {},
+  it("closes a startup client that arrives after startup timeout", async () => {
+    let observedFactoryOptions:
+      | {
+          onStartedClient?: (client: CodexAppServerClient) => void;
+          abandonSignal?: AbortSignal;
+        }
+      | undefined;
+    let resolveFactoryDone: () => void = () => undefined;
+    const factoryDone = new Promise<void>((resolve) => {
+      resolveFactoryDone = resolve;
     });
-    const { run } = startThreadWithHarness(100, new AbortController().signal, {
-      harness,
-      paths,
-      skipStartSpy: true,
+    const { harness, run } = startThreadWithHarness(100, new AbortController().signal, {
+      attemptClientFactory:
+        (factoryHarness) => async (_startOptions, _authProfileId, _agentDir, _config, options) => {
+          try {
+            observedFactoryOptions = options;
+            await new Promise<void>((resolve) => {
+              setTimeout(resolve, 250);
+            });
+            options?.onStartedClient?.(factoryHarness.client);
+            return factoryHarness.client;
+          } finally {
+            resolveFactoryDone();
+          }
+        },
     });
+    const rejected = expect(run).rejects.toThrow("codex app-server startup timed out");
 
-    await expect(run).rejects.toThrow("codex app-server startup timed out");
-    expect(harness.stdinDestroyed).toBe(false);
-    await answerInitialize(harness);
-    const peer = await peerPromise;
-    expect(peer.client).toBe(harness.client);
-    await new Promise<void>((resolve) => {
-      setImmediate(resolve);
+    await rejected;
+    await factoryDone;
+    await vi.waitFor(() => expect(harness.stdinDestroyed).toBe(true), {
+      interval: 1,
+      timeout: 2_000,
     });
-
-    expect(startSpy).toHaveBeenCalledTimes(1);
     expect(
       readHarnessMessages(harness.writes).some((write) => write.method === "thread/start"),
     ).toBe(false);
-    await peer.abandon();
-    expect(harness.stdinDestroyed).toBe(true);
+    expect(observedFactoryOptions?.onStartedClient).toBeTypeOf("function");
+    expect(observedFactoryOptions?.abandonSignal?.aborted).toBe(true);
   });
 
   it("clears the shared app-server when cancellation abandons an in-flight thread request", async () => {

extensions/codex/src/app-server/attempt-startup.ts

@@ -11,15 +11,10 @@ import {
   type resolveSandboxContext,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { defaultCodexAppInventoryCache } from "./app-inventory-cache.js";
-import {
-  CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS,
-  CodexAppServerUnsafeSubscriptionError,
-  isCodexAppServerUnsafeSubscriptionError,
-  unsubscribeCodexThreadBestEffort,
-} from "./attempt-client-cleanup.js";
+import { closeCodexStartupClientBestEffort } from "./attempt-client-cleanup.js";
 import { buildCodexPluginThreadConfigEligibilityLogData } from "./attempt-diagnostics.js";
 import { withCodexStartupTimeout } from "./attempt-timeouts.js";
-import { ensureCodexAppServerClientRuntime } from "./client-runtime.js";
+import type { CodexAppServerClientFactory } from "./client-factory.js";
 import { isCodexAppServerConnectionClosedError, type CodexAppServerClient } from "./client.js";
 import { ensureCodexComputerUse } from "./computer-use.js";
 import {
@@ -57,23 +52,16 @@ import {
   releaseCodexSandboxExecServerEnvironment,
   type CodexSandboxExecEnvironment,
 } from "./sandbox-exec-server.js";
-import type { CodexAppServerBindingStore } from "./session-binding.js";
 import {
-  leaseSharedCodexAppServerClient,
-  type CodexAppServerClientLease,
-  type CodexAppServerClientLeaseFactory,
+  clearSharedCodexAppServerClientIfCurrent,
+  releaseLeasedSharedCodexAppServerClient,
 } from "./shared-client.js";
-import type { CodexAppServerStartupTokenGuard } from "./startup-binding.js";
 import {
   startOrResumeThread,
   type CodexAppServerThreadLifecycleBinding,
   type CodexContextEngineThreadBootstrapProjection,
 } from "./thread-lifecycle.js";
-import {
-  getCodexAppServerTurnRouter,
-  type CodexAppServerTurnRouter,
-  type CodexThreadRouteReservation,
-} from "./turn-router.js";
+import type { CodexNativeWebSearchSupport } from "./web-search.js";
 
 const CODEX_APP_SERVER_STARTUP_CONNECTION_CLOSE_MAX_ATTEMPTS = 3;
 
@@ -81,15 +69,14 @@ type CodexSandboxContext = Awaited<ReturnType<typeof resolveSandboxContext>>;
 
 /** Resources and bindings returned after a Codex attempt thread starts. */
 export type StartCodexAttemptThreadResult = {
-  turnRouter: CodexAppServerTurnRouter;
-  turnRoute: CodexThreadRouteReservation;
+  client: CodexAppServerClient;
   thread: CodexAppServerThreadLifecycleBinding;
+  pluginAppServer: CodexAppServerRuntimeOptions;
   sandboxEnvironment: CodexSandboxExecEnvironment | undefined;
   environmentSelection: CodexTurnEnvironmentParams[] | undefined;
   executionCwd: string;
   sandboxPolicy: CodexSandboxPolicy | undefined;
-  clientLease: CodexAppServerClientLease;
-  mcpElicitationDelegationRequired: boolean;
+  releaseSharedClientLease: () => void;
   restartContextEngineCodexThread: () => Promise<CodexAppServerThreadLifecycleBinding>;
 };
 
@@ -98,8 +85,7 @@ export type StartCodexAttemptThreadResult = {
  * run loop must later release.
  */
 export async function startCodexAttemptThread(params: {
-  bindingStore: CodexAppServerBindingStore;
-  clientLeaseFactory?: CodexAppServerClientLeaseFactory;
+  attemptClientFactory: CodexAppServerClientFactory;
   appServer: CodexAppServerRuntimeOptions;
   pluginConfig: CodexPluginConfig;
   computerUseConfig: CodexComputerUseConfig;
@@ -125,26 +111,18 @@ export async function startCodexAttemptThread(params: {
   sandboxExecServerEnabled: boolean;
   sandbox: CodexSandboxContext;
   contextEngineProjection: CodexContextEngineThreadBootstrapProjection | undefined;
-  expectedResumeThreadId?: string;
-  startupTokenGuard: CodexAppServerStartupTokenGuard;
   startupTimeoutMs: number;
   signal: AbortSignal;
   onStartupTimeout: () => void | Promise<void>;
-  onThreadReserved?: (client: CodexAppServerClient, threadId: string) => () => void;
+  spawnedBy: EmbeddedRunAttemptParams["spawnedBy"];
 }): Promise<StartCodexAttemptThreadResult> {
-  let mcpElicitationDelegationRequired = false;
-  let sharedClientLease: CodexAppServerClientLease | undefined;
+  let pluginAppServer = params.appServer;
+  let releaseSharedClientLease: (() => void) | undefined;
+  let startupClientForAbandonedRequestCleanup: CodexAppServerClient | undefined;
   let releaseStartupResourcesOnTimeout: (() => Promise<void>) | undefined;
   let startupAbandoned = false;
   const startupAbandonController = new AbortController();
   const abandonStartupAcquire = () => startupAbandonController.abort();
-  const abandonStartupClient = async () => {
-    const lease = sharedClientLease;
-    sharedClientLease = undefined;
-    if (lease) {
-      await lease.abandon();
-    }
-  };
   params.signal.addEventListener("abort", abandonStartupAcquire, { once: true });
   try {
     const startupResult = await withCodexStartupTimeout({
@@ -155,7 +133,10 @@ export async function startCodexAttemptThread(params: {
         startupAbandonController.abort();
         await params.onStartupTimeout();
         await releaseStartupResourcesOnTimeout?.();
-        await abandonStartupClient();
+        releaseSharedClientLease?.();
+        releaseSharedClientLease = undefined;
+        await closeCodexStartupClientBestEffort(startupClientForAbandonedRequestCleanup);
+        startupClientForAbandonedRequestCleanup = undefined;
       },
       operation: async () => {
         const threadConfig = mergeCodexThreadConfigs(
@@ -172,9 +153,8 @@ export async function startCodexAttemptThread(params: {
         const resolvedPluginPolicy = pluginThreadConfigRequired
           ? resolveCodexPluginsPolicy(pluginThreadConfigPluginConfig)
           : undefined;
-        const computerUseMcpElicitationDelegationRequired =
-          params.computerUseConfig.enabled === true;
-        mcpElicitationDelegationRequired =
+        const computerUseMcpElicitationDelegationRequired = params.computerUseConfig.enabled;
+        const mcpElicitationDelegationRequired =
           resolvedPluginPolicy?.enabled === true || computerUseMcpElicitationDelegationRequired;
         const enabledPluginConfigKeys = resolvedPluginPolicy
           ? resolvedPluginPolicy.pluginPolicies
@@ -182,48 +162,55 @@ export async function startCodexAttemptThread(params: {
               .map((plugin) => plugin.configKey)
               .toSorted()
           : undefined;
-        const pluginAppServer = mcpElicitationDelegationRequired
+        pluginAppServer = mcpElicitationDelegationRequired
           ? {
               ...params.appServer,
               approvalPolicy: withMcpElicitationsApprovalPolicy(params.appServer.approvalPolicy),
             }
           : params.appServer;
 
-        let attemptedClientAbandoned = false;
+        let attemptedClient: CodexAppServerClient | undefined;
         const startupAttempt = async () => {
-          let startupClientLease: CodexAppServerClientLease | undefined;
-          let clientWorkStarted = false;
-          attemptedClientAbandoned = false;
+          let startupClientLease: (() => void) | undefined;
+          let startupClient: CodexAppServerClient | undefined;
+          let startupAttemptError: unknown;
+          let startupAttemptSucceeded = false;
           try {
-            startupClientLease = await (
-              params.clientLeaseFactory ?? leaseSharedCodexAppServerClient
-            )({
-              startOptions: params.appServer.start,
-              authProfileId: params.startupAuthProfileId,
-              agentDir: params.agentDir,
-              config: params.config,
-              preparedAuth: {
-                profileId: params.startupAuthProfileId,
-                cacheKey: params.startupAuthAccountCacheKey ?? params.startupEnvApiKeyCacheKey,
+            startupClient = await params.attemptClientFactory(
+              params.appServer.start,
+              params.startupAuthProfileId,
+              params.agentDir,
+              params.config,
+              {
+                onStartedClient: (client) => {
+                  // Timeout cleanup may fire before the client factory resolves;
+                  // close any late-arriving client instead of leaking a lease.
+                  startupClientForAbandonedRequestCleanup = client;
+                  if (startupAbandoned || startupAbandonController.signal.aborted) {
+                    void closeCodexStartupClientBestEffort(client);
+                  }
+                },
+                abandonSignal: startupAbandonController.signal,
               },
-              abandonSignal: startupAbandonController.signal,
-            });
-            const activeStartupLease = startupClientLease;
-            const activeStartupClient = activeStartupLease.client;
-            sharedClientLease = startupClientLease;
+            );
+            const activeStartupClient = startupClient;
+            let startupClientLeaseReleased = false;
+            startupClientLease = () => {
+              if (startupClientLeaseReleased) {
+                return;
+              }
+              startupClientLeaseReleased = true;
+              releaseLeasedSharedCodexAppServerClient(activeStartupClient);
+            };
+            releaseSharedClientLease = startupClientLease;
+            attemptedClient = activeStartupClient;
+            startupClientForAbandonedRequestCleanup = activeStartupClient;
             if (startupAbandoned) {
               throw new Error("codex app-server startup timed out");
             }
             if (startupAbandonController.signal.aborted) {
               throw new Error("codex app-server startup aborted");
             }
-            clientWorkStarted = true;
-            ensureCodexAppServerClientRuntime(activeStartupClient, {
-              agentDir: params.agentDir,
-              authProfileId: params.startupAuthProfileId,
-              config: params.config,
-            });
-            const turnRouter = getCodexAppServerTurnRouter(activeStartupClient);
             await ensureCodexComputerUse({
               client: activeStartupClient,
               pluginConfig: params.pluginConfig,
@@ -290,6 +277,7 @@ export async function startCodexAttemptThread(params: {
                 : undefined;
               startupSandboxEnvironmentAcquired = Boolean(startupSandboxEnvironment);
               if (startupAbandonController.signal.aborted) {
+                await releaseStartupSandboxEnvironment();
                 throw new Error("codex app-server startup aborted");
               }
               if (
@@ -320,57 +308,9 @@ export async function startCodexAttemptThread(params: {
             const startupSandboxPolicy = startupSandboxEnvironment
               ? resolveCodexExternalSandboxPolicyForOpenClawSandbox(params.sandbox)
               : undefined;
-            let startupReservation:
-              | { route: CodexThreadRouteReservation; release: () => void }
-              | undefined;
-            const reserveStartupThread = (threadId: string) => {
-              if (startupReservation) {
-                if (startupReservation.route.threadId !== threadId) {
-                  throw new Error(
-                    `codex app-server reserved ${startupReservation.route.threadId} but started ${threadId}`,
-                  );
-                }
-                return { release: startupReservation.release };
-              }
-              const route = turnRouter.reserveThread({
-                threadId,
-                releaseOn: params.signal,
-              });
-              let releaseIntegration: (() => void) | undefined;
-              try {
-                releaseIntegration = params.onThreadReserved?.(activeStartupClient, threadId);
-              } catch (error) {
-                route.release();
-                throw error;
-              }
-              let released = false;
-              const release = () => {
-                if (released) {
-                  return;
-                }
-                released = true;
-                if (startupReservation?.route === route) {
-                  startupReservation = undefined;
-                }
-                route.release();
-                releaseIntegration?.();
-              };
-              startupReservation = { route, release };
-              return { release };
-            };
-            const releaseStartupResources = async () => {
-              startupReservation?.release();
-              await releaseStartupSandboxEnvironment();
-            };
-            releaseStartupResourcesOnTimeout = releaseStartupResources;
-            const buildThreadLifecycleParams = (
-              signal: AbortSignal,
-              options: { freshStartOnly?: boolean } = {},
-            ) =>
+            const buildThreadLifecycleParams = (signal: AbortSignal) =>
               ({
                 client: activeStartupClient,
-                abandonClient: activeStartupLease.abandon,
-                bindingStore: params.bindingStore,
                 params: params.buildAttemptParams(),
                 agentId: params.sessionAgentId,
                 cwd: startupExecutionCwd,
@@ -392,13 +332,7 @@ export async function startCodexAttemptThread(params: {
                 environmentSelection: startupEnvironmentSelection,
                 appServerRuntimeFingerprint,
                 contextEngineProjection: params.contextEngineProjection,
-                freshStartOnly: options.freshStartOnly,
-                expectedResumeThreadId: options.freshStartOnly
-                  ? undefined
-                  : params.expectedResumeThreadId,
                 signal,
-                reserveResumeThread: options.freshStartOnly ? undefined : reserveStartupThread,
-                startupTokenGuard: params.startupTokenGuard,
                 pluginThreadConfig: pluginThreadConfigRequired
                   ? {
                       enabled: true,
@@ -422,65 +356,57 @@ export async function startCodexAttemptThread(params: {
               const startupThread = await startOrResumeThread(
                 buildThreadLifecycleParams(startupAbandonController.signal),
               );
-              try {
-                reserveStartupThread(startupThread.threadId);
-              } catch (error) {
-                const unsubscribed = await unsubscribeCodexThreadBestEffort(activeStartupClient, {
-                  threadId: startupThread.threadId,
-                  timeoutMs: CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS,
-                });
-                if (!unsubscribed) {
-                  throw new CodexAppServerUnsafeSubscriptionError(
-                    "Codex startup subscription cleanup failed",
-                    { cause: error },
-                  );
-                }
-                throw error;
-              }
               if (startupAbandonController.signal.aborted) {
+                await releaseStartupSandboxEnvironment();
                 throw new Error("codex app-server startup aborted");
               }
-              if (!startupReservation) {
-                throw new Error("codex app-server startup did not reserve its thread route");
-              }
               startupSandboxEnvironmentAcquired = false;
+              startupAttemptSucceeded = true;
               return {
-                turnRouter,
-                turnRoute: startupReservation.route,
+                client: activeStartupClient,
                 thread: startupThread,
                 sandboxEnvironment: startupSandboxEnvironment,
                 environmentSelection: startupEnvironmentSelection,
                 executionCwd: startupExecutionCwd,
                 sandboxPolicy: startupSandboxPolicy,
                 restartContextEngineCodexThread: () =>
-                  startOrResumeThread(
-                    buildThreadLifecycleParams(params.signal, { freshStartOnly: true }),
-                  ),
+                  startOrResumeThread(buildThreadLifecycleParams(params.signal)),
               };
             } catch (error) {
-              await releaseStartupResources();
+              await releaseStartupSandboxEnvironment();
               throw error;
             } finally {
-              if (releaseStartupResourcesOnTimeout === releaseStartupResources) {
+              if (releaseStartupResourcesOnTimeout === releaseStartupSandboxEnvironment) {
                 releaseStartupResourcesOnTimeout = undefined;
               }
             }
           } catch (error) {
-            if (sharedClientLease === startupClientLease) {
-              sharedClientLease = undefined;
-            }
-            const shouldAbandonStartupClient =
-              clientWorkStarted &&
-              (startupAbandoned ||
-                params.signal.aborted ||
-                isIndeterminateCodexStartupFailure(error));
-            if (shouldAbandonStartupClient) {
-              attemptedClientAbandoned = true;
-              await startupClientLease?.abandon();
-            } else {
-              startupClientLease?.release();
-            }
+            startupAttemptError = error;
             throw error;
+          } finally {
+            if (!startupAttemptSucceeded) {
+              if (releaseSharedClientLease === startupClientLease) {
+                releaseSharedClientLease = undefined;
+              }
+              startupClientLease?.();
+              if (startupAbandoned || params.signal.aborted) {
+                if (startupClientForAbandonedRequestCleanup === startupClient) {
+                  startupClientForAbandonedRequestCleanup = undefined;
+                }
+                await closeCodexStartupClientBestEffort(startupClient);
+              } else if (
+                shouldClearSharedClientAfterStartupRace(startupAttemptError) ||
+                shouldClearSharedClientAfterStartupFailure({
+                  error: startupAttemptError,
+                  spawnedBy: params.spawnedBy,
+                })
+              ) {
+                if (startupClientForAbandonedRequestCleanup === startupClient) {
+                  startupClientForAbandonedRequestCleanup = undefined;
+                }
+                await closeCodexStartupClientBestEffort(startupClient);
+              }
+            }
           }
         };
 
@@ -495,13 +421,18 @@ export async function startCodexAttemptThread(params: {
             if (params.signal.aborted || !isCodexAppServerConnectionClosedError(error)) {
               throw error;
             }
+            const failedClient = attemptedClient;
+            const clearedSharedClient = clearSharedCodexAppServerClientIfCurrent(failedClient);
+            if (startupClientForAbandonedRequestCleanup === failedClient) {
+              startupClientForAbandonedRequestCleanup = undefined;
+            }
             if (attempt >= CODEX_APP_SERVER_STARTUP_CONNECTION_CLOSE_MAX_ATTEMPTS) {
               embeddedAgentLog.warn(
                 "codex app-server connection closed during startup; retries exhausted",
                 {
                   attempt,
                   maxAttempts: CODEX_APP_SERVER_STARTUP_CONNECTION_CLOSE_MAX_ATTEMPTS,
-                  abandonedSharedClient: attemptedClientAbandoned,
+                  clearedSharedClient,
                   error: formatErrorMessage(error),
                 },
               );
@@ -513,7 +444,7 @@ export async function startCodexAttemptThread(params: {
                 attempt,
                 nextAttempt: attempt + 1,
                 maxAttempts: CODEX_APP_SERVER_STARTUP_CONNECTION_CLOSE_MAX_ATTEMPTS,
-                abandonedSharedClient: attemptedClientAbandoned,
+                clearedSharedClient,
                 error: formatErrorMessage(error),
               },
             );
@@ -522,21 +453,32 @@ export async function startCodexAttemptThread(params: {
         throw new Error("codex app-server startup retry loop exited unexpectedly");
       },
     });
-    const completedSharedClientLease = sharedClientLease;
-    if (!completedSharedClientLease) {
+    startupClientForAbandonedRequestCleanup = undefined;
+    if (!releaseSharedClientLease) {
       throw new Error("codex app-server startup succeeded without a shared client lease");
     }
-    sharedClientLease = undefined;
     return {
       ...startupResult,
-      mcpElicitationDelegationRequired,
-      clientLease: completedSharedClientLease,
+      pluginAppServer,
+      releaseSharedClientLease,
     };
   } catch (error) {
-    const shouldAbandonStartupClient =
-      params.signal.aborted || isIndeterminateCodexStartupFailure(error);
-    if (shouldAbandonStartupClient) {
-      await abandonStartupClient();
+    if (params.signal.aborted || shouldClearSharedClientAfterStartupAbandon(error)) {
+      releaseSharedClientLease?.();
+      releaseSharedClientLease = undefined;
+      await closeCodexStartupClientBestEffort(startupClientForAbandonedRequestCleanup);
+      startupClientForAbandonedRequestCleanup = undefined;
+    } else if (
+      shouldClearSharedClientAfterStartupRace(error) ||
+      shouldClearSharedClientAfterStartupFailure({
+        error,
+        spawnedBy: params.spawnedBy,
+      })
+    ) {
+      releaseSharedClientLease?.();
+      releaseSharedClientLease = undefined;
+      await closeCodexStartupClientBestEffort(startupClientForAbandonedRequestCleanup);
+      startupClientForAbandonedRequestCleanup = undefined;
     }
     throw error;
   } finally {
@@ -544,13 +486,30 @@ export async function startCodexAttemptThread(params: {
   }
 }
 
-function isIndeterminateCodexStartupFailure(error: unknown): boolean {
+function shouldClearSharedClientAfterStartupAbandon(error: unknown): boolean {
   return (
-    isCodexAppServerUnsafeSubscriptionError(error) ||
-    isCodexAppServerConnectionClosedError(error) ||
-    (error instanceof Error &&
-      (error.message.endsWith(" timed out") ||
-        error.message.endsWith(" aborted") ||
-        error.message.includes("write EPIPE")))
+    error instanceof Error &&
+    (error.message === "codex app-server startup timed out" ||
+      error.message === "codex app-server startup aborted")
   );
 }
+
+function shouldClearSharedClientAfterStartupRace(error: unknown): boolean {
+  return (
+    error instanceof Error &&
+    (shouldClearSharedClientAfterStartupAbandon(error) || error.message.endsWith(" timed out"))
+  );
+}
+
+function shouldClearSharedClientAfterStartupFailure(params: {
+  error: unknown;
+  spawnedBy: EmbeddedRunAttemptParams["spawnedBy"];
+}): boolean {
+  if (!(params.error instanceof Error)) {
+    return !params.spawnedBy;
+  }
+  if (params.error.message.includes("write EPIPE")) {
+    return true;
+  }
+  return !params.spawnedBy;
+}

extensions/codex/src/app-server/attempt-timeouts.test.ts

@@ -159,39 +159,6 @@ describe("Codex app-server attempt timeouts", () => {
     expect(events).toEqual(["cleanup-start", "cleanup-done"]);
   });
 
-  it("keeps the timeout result when startup resolves during timeout cleanup", async () => {
-    vi.useFakeTimers();
-    const events: string[] = [];
-    let resolveOperation!: (value: string) => void;
-    let finishCleanup!: () => void;
-    const run = withCodexStartupTimeout({
-      timeoutMs: 10,
-      signal: new AbortController().signal,
-      onTimeout: async () => {
-        events.push("cleanup-start");
-        await new Promise<void>((resolve) => {
-          finishCleanup = resolve;
-        });
-        events.push("cleanup-done");
-      },
-      operation: () =>
-        new Promise<string>((resolve) => {
-          resolveOperation = resolve;
-        }),
-    });
-    const rejected = expect(run).rejects.toThrow("codex app-server startup timed out");
-
-    await vi.advanceTimersByTimeAsync(10);
-    expect(events).toEqual(["cleanup-start"]);
-    resolveOperation("late-ready");
-    await Promise.resolve();
-    expect(events).toEqual(["cleanup-start"]);
-    finishCleanup();
-
-    await rejected;
-    expect(events).toEqual(["cleanup-start", "cleanup-done"]);
-  });
-
   it("rejects startup timeout when aborted before completion", async () => {
     vi.useFakeTimers();
     const controller = new AbortController();

extensions/codex/src/app-server/attempt-timeouts.ts

@@ -52,13 +52,13 @@ export async function withCodexStartupTimeout<T>(params: {
         };
         timeout = setTimeout(() => {
           timeoutError = new Error("codex app-server startup timed out");
-          rejectOnce(timeoutError);
-          timeoutCleanup = Promise.resolve()
-            .then(() => params.onTimeout?.())
-            .then(
-              () => undefined,
-              () => undefined,
-            );
+          timeoutCleanup = Promise.resolve(params.onTimeout?.()).then(
+            () => undefined,
+            () => undefined,
+          );
+          void timeoutCleanup.finally(() => {
+            rejectOnce(timeoutError!);
+          });
         }, params.timeoutMs);
         const abortListener = () => rejectOnce(new Error("codex app-server startup aborted"));
         params.signal.addEventListener("abort", abortListener, { once: true });

extensions/codex/src/app-server/attempt-turn-watches.test.ts

@@ -29,7 +29,7 @@ describe("Codex app-server attempt turn watches", () => {
     const progress: string[] = [];
     const diagnostics: string[] = [];
     const controller = createCodexAttemptTurnWatchController({
-      getThreadId: () => "thread-1",
+      threadId: "thread-1",
       signal: abortController.signal,
       getTurnId: () => "turn-1",
       isCompleted: () => completed,

extensions/codex/src/app-server/attempt-turn-watches.ts

@@ -29,7 +29,7 @@ export type CodexAttemptTurnWatchController = ReturnType<
  * notifications and tool handoffs progress.
  */
 export function createCodexAttemptTurnWatchController(params: {
-  getThreadId: () => string;
+  threadId: string;
   signal: AbortSignal;
   getTurnId: () => string | undefined;
   isCompleted: () => boolean;
@@ -79,7 +79,6 @@ export function createCodexAttemptTurnWatchController(params: {
   const turnTerminalIdleTimeoutMs = resolveTimerTimeoutMs(params.turnTerminalIdleTimeoutMs, 1);
   const interruptTimeoutMs = resolveTimerTimeoutMs(params.interruptTimeoutMs, 1);
   const resolveWatchTimeoutMs = (timeoutMs: number) => resolveTimerTimeoutMs(timeoutMs, 1);
-  const currentThreadId = () => params.getThreadId();
 
   const clearCompletionIdleTimer = () => {
     if (completionIdleTimer) {
@@ -228,7 +227,7 @@ export function createCodexAttemptTurnWatchController(params: {
     clearTerminalIdleTimer();
     const turnId = params.getTurnId();
     params.onRecordEvent("turn.assistant_completion_idle_release", {
-      threadId: currentThreadId(),
+      threadId: params.threadId,
       turnId,
       idleMs,
       timeoutMs: turnAssistantCompletionIdleTimeoutMs,
@@ -237,7 +236,7 @@ export function createCodexAttemptTurnWatchController(params: {
     embeddedAgentLog.warn(
       "codex app-server turn released after completed assistant item without terminal event",
       {
-        threadId: currentThreadId(),
+        threadId: params.threadId,
         turnId,
         idleMs,
         timeoutMs: turnAssistantCompletionIdleTimeoutMs,
@@ -246,7 +245,7 @@ export function createCodexAttemptTurnWatchController(params: {
     );
     if (turnId) {
       params.onInterruptTurn({
-        threadId: currentThreadId(),
+        threadId: params.threadId,
         turnId,
         timeoutMs: interruptTimeoutMs,
       });
@@ -279,7 +278,7 @@ export function createCodexAttemptTurnWatchController(params: {
     params.onTimeout(timeout);
     params.onMarkTimedOut();
     params.onRecordEvent("turn.progress_idle_timeout", {
-      threadId: currentThreadId(),
+      threadId: params.threadId,
       turnId: params.getTurnId(),
       idleMs,
       timeoutMs: timeout.timeoutMs,
@@ -287,7 +286,7 @@ export function createCodexAttemptTurnWatchController(params: {
       ...timeout.details,
     });
     embeddedAgentLog.warn("codex app-server turn idle timed out waiting for progress", {
-      threadId: currentThreadId(),
+      threadId: params.threadId,
       turnId: params.getTurnId(),
       idleMs,
       timeoutMs: timeout.timeoutMs,
@@ -332,7 +331,7 @@ export function createCodexAttemptTurnWatchController(params: {
     params.onTimeout(timeout);
     params.onMarkTimedOut();
     params.onRecordEvent("turn.completion_idle_timeout", {
-      threadId: currentThreadId(),
+      threadId: params.threadId,
       turnId: params.getTurnId(),
       idleMs,
       timeoutMs,
@@ -340,7 +339,7 @@ export function createCodexAttemptTurnWatchController(params: {
       ...timeout.details,
     });
     embeddedAgentLog.warn("codex app-server turn idle timed out waiting for completion", {
-      threadId: currentThreadId(),
+      threadId: params.threadId,
       turnId: params.getTurnId(),
       idleMs,
       timeoutMs,
@@ -375,7 +374,7 @@ export function createCodexAttemptTurnWatchController(params: {
     params.onTimeout(timeout);
     params.onMarkTimedOut();
     params.onRecordEvent("turn.terminal_idle_timeout", {
-      threadId: currentThreadId(),
+      threadId: params.threadId,
       turnId: params.getTurnId(),
       idleMs,
       timeoutMs: timeout.timeoutMs,
@@ -383,7 +382,7 @@ export function createCodexAttemptTurnWatchController(params: {
       ...timeout.details,
     });
     embeddedAgentLog.warn("codex app-server turn idle timed out waiting for terminal event", {
-      threadId: currentThreadId(),
+      threadId: params.threadId,
       turnId: params.getTurnId(),
       idleMs,
       timeoutMs: timeout.timeoutMs,
@@ -458,11 +457,9 @@ export function createCodexAttemptTurnWatchController(params: {
         details?: Record<string, unknown>;
         attemptProgress?: boolean;
         attemptTimeoutMs?: number;
-        receivedAtMs?: number;
       },
     ) => {
-      const now = Date.now();
-      completionLastActivityAt = Math.min(now, options?.receivedAtMs ?? now);
+      completionLastActivityAt = Date.now();
       completionLastActivityReason = `notification:${method}`;
       if (options?.details !== undefined) {
         completionLastActivityDetails = options.details;

extensions/codex/src/app-server/auth-profile-runtime-contract.test.ts

@@ -8,56 +8,40 @@ import {
 } from "openclaw/plugin-sdk/agent-harness";
 import { AUTH_PROFILE_RUNTIME_CONTRACT } from "openclaw/plugin-sdk/agent-runtime-test-contracts";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import type { CodexAppServerClientFactory } from "./client-factory.js";
 import { runCodexAppServerAttempt as runCodexAppServerAttemptImpl } from "./run-attempt.js";
 import {
   readCodexAppServerBinding,
-  registerCodexTestSessionIdentity,
-  resetCodexTestBindingStore,
-  testCodexAppServerBindingStore,
-  writeCodexAppServerBinding,
-} from "./session-binding.test-helpers.js";
-import type { CodexAppServerClientLeaseFactory } from "./shared-client.js";
-import {
-  adaptCodexTestClientFactory,
-  createCodexTestModel,
-  type CodexTestAppServerClientFactory,
-} from "./test-support.js";
+  writeCodexAppServerBinding as writeRawCodexAppServerBinding,
+} from "./session-binding.js";
+import { createCodexTestModel } from "./test-support.js";
 
-let codexAppServerClientLeaseFactoryForTest: CodexAppServerClientLeaseFactory | undefined;
+let codexAppServerClientFactoryForTest: CodexAppServerClientFactory | undefined;
 
-type RunCodexAppServerAttemptImplOptions = NonNullable<
+type RunCodexAppServerAttemptOptions = NonNullable<
   Parameters<typeof runCodexAppServerAttemptImpl>[1]
 >;
-type RunCodexAppServerAttemptOptions = Omit<RunCodexAppServerAttemptImplOptions, "bindingStore"> & {
-  bindingStore?: RunCodexAppServerAttemptImplOptions["bindingStore"];
-};
 
-function setCodexAppServerClientFactoryForTest(factory: CodexTestAppServerClientFactory): void {
-  codexAppServerClientLeaseFactoryForTest = adaptCodexTestClientFactory(factory);
+function setCodexAppServerClientFactoryForTest(factory: CodexAppServerClientFactory): void {
+  codexAppServerClientFactoryForTest = factory;
 }
 
 function resetCodexAppServerClientFactoryForTest(): void {
-  codexAppServerClientLeaseFactoryForTest = undefined;
+  codexAppServerClientFactoryForTest = undefined;
 }
 
 function runCodexAppServerAttempt(
   params: EmbeddedRunAttemptParams,
   options: RunCodexAppServerAttemptOptions = {},
 ) {
-  const clientLeaseFactory = options.clientLeaseFactory ?? codexAppServerClientLeaseFactoryForTest;
-  return runCodexAppServerAttemptImpl(params, {
-    ...options,
-    bindingStore: options.bindingStore ?? testCodexAppServerBindingStore,
-    ...(clientLeaseFactory ? { clientLeaseFactory } : {}),
-  });
+  const clientFactory = options.clientFactory ?? codexAppServerClientFactoryForTest;
+  return runCodexAppServerAttemptImpl(
+    params,
+    clientFactory ? { ...options, clientFactory } : options,
+  );
 }
 
 function createParams(sessionFile: string, workspaceDir: string): EmbeddedRunAttemptParams {
-  registerCodexTestSessionIdentity(
-    sessionFile,
-    AUTH_PROFILE_RUNTIME_CONTRACT.sessionId,
-    AUTH_PROFILE_RUNTIME_CONTRACT.sessionKey,
-  );
   return {
     prompt: AUTH_PROFILE_RUNTIME_CONTRACT.workspacePrompt,
     sessionId: AUTH_PROFILE_RUNTIME_CONTRACT.sessionId,
@@ -164,8 +148,7 @@ function createCodexAuthProfileHarness(params: { startMethod: "thread/start" | "
   const seenAuthProfileIds: Array<string | undefined> = [];
   const seenAgentDirs: Array<string | undefined> = [];
   const requests: Array<{ method: string; params: unknown }> = [];
-  const notificationHandlers = new Set<(notification: unknown) => Promise<void> | void>();
-  const requestHandlers = new Set<(request: unknown) => unknown>();
+  let notify: (notification: unknown) => Promise<void> = async () => undefined;
   setCodexAppServerClientFactoryForTest(async (_startOptions, authProfileId, agentDir) => {
     seenAuthProfileIds.push(authProfileId);
     seenAgentDirs.push(agentDir);
@@ -181,22 +164,13 @@ function createCodexAuthProfileHarness(params: { startMethod: "thread/start" | "
         }
         throw new Error(`unexpected method: ${method}`);
       }),
-      addNotificationHandler: (handler: (notification: unknown) => Promise<void> | void) => {
-        notificationHandlers.add(handler);
-        return () => notificationHandlers.delete(handler);
+      addNotificationHandler: (handler: (notification: unknown) => Promise<void>) => {
+        notify = handler;
+        return () => undefined;
       },
-      addRequestHandler: (handler: (request: unknown) => unknown) => {
-        requestHandlers.add(handler);
-        return () => requestHandlers.delete(handler);
-      },
-      addCloseHandler: () => () => undefined,
+      addRequestHandler: () => () => undefined,
     } as never;
   });
-  const notify = async (notification: unknown) => {
-    await Promise.all(
-      [...notificationHandlers].map((handler) => Promise.resolve(handler(notification))),
-    );
-  };
   return {
     seenAuthProfileIds,
     seenAgentDirs,
@@ -222,7 +196,6 @@ describe("Auth profile runtime contract - Codex app-server adapter", () => {
   let tmpDir: string;
 
   beforeEach(async () => {
-    resetCodexTestBindingStore();
     vi.useRealTimers();
     tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-codex-auth-contract-"));
   });
@@ -258,7 +231,6 @@ describe("Auth profile runtime contract - Codex app-server adapter", () => {
   it("reuses a bound OpenAI Codex auth profile when resume params omit authProfileId", async () => {
     const harness = createCodexAuthProfileHarness({ startMethod: "thread/resume" });
     const sessionFile = path.join(tmpDir, "session.jsonl");
-    const params = createParams(sessionFile, tmpDir);
     await writeCodexAppServerBinding(sessionFile, {
       threadId: "thread-auth-contract",
       cwd: tmpDir,
@@ -266,6 +238,7 @@ describe("Auth profile runtime contract - Codex app-server adapter", () => {
       dynamicToolsFingerprint: "[]",
     });
     // authProfileId is intentionally omitted to exercise the resume-bound profile path.
+    const params = createParams(sessionFile, tmpDir);
 
     const run = runCodexAppServerAttempt(params);
     await vi.waitFor(
@@ -283,13 +256,13 @@ describe("Auth profile runtime contract - Codex app-server adapter", () => {
   it("prefers an explicit runtime auth profile over a stale persisted binding", async () => {
     const harness = createCodexAuthProfileHarness({ startMethod: "thread/resume" });
     const sessionFile = path.join(tmpDir, "session.jsonl");
-    const params = createParams(sessionFile, tmpDir);
     await writeCodexAppServerBinding(sessionFile, {
       threadId: "thread-auth-contract",
       cwd: tmpDir,
       authProfileId: "openai:stale",
       dynamicToolsFingerprint: "[]",
     });
+    const params = createParams(sessionFile, tmpDir);
     params.authProfileId = AUTH_PROFILE_RUNTIME_CONTRACT.openAiCodexProfileId;
 
     const run = runCodexAppServerAttempt(params);

extensions/codex/src/app-server/bounded-turn.ts

@@ -5,6 +5,7 @@ import type { OpenClawConfig } from "openclaw/plugin-sdk/config-contracts";
 import { resolveTimerTimeoutMs } from "openclaw/plugin-sdk/number-runtime";
 import { resolvePreferredOpenClawTmpDir, withTempWorkspace } from "openclaw/plugin-sdk/temp-path";
 import { readCodexNotificationItem } from "./attempt-notifications.js";
+import type { CodexAppServerClientFactory } from "./client-factory.js";
 import type { CodexAppServerClient } from "./client.js";
 import { resolveCodexAppServerRuntimeOptions } from "./config.js";
 import { readModelListResult } from "./models.js";
@@ -26,10 +27,6 @@ import {
   type JsonObject,
   type JsonValue,
 } from "./protocol.js";
-import type {
-  CodexAppServerClientLease,
-  CodexAppServerClientLeaseFactory,
-} from "./shared-client.js";
 import { buildCodexRuntimeThreadConfig } from "./thread-lifecycle.js";
 
 const CODEX_PRIVATE_STDIO_ARGS = ["app-server", "--listen", "stdio://"];
@@ -49,7 +46,7 @@ const CODEX_PRIVATE_BOUNDED_THREAD_CONFIG: JsonObject = {
 
 export type CodexBoundedTurnOptions = {
   pluginConfig?: unknown;
-  clientFactory?: CodexAppServerClientLeaseFactory;
+  clientFactory?: CodexAppServerClientFactory;
 };
 
 export type CodexBoundedTurnResult = {
@@ -121,17 +118,11 @@ async function runBoundedCodexAppServerTurnInWorkspace(
   const startOptions = workspace.codexHome
     ? buildPrivateCodexAppServerStartOptions(appServer.start, workspace.codexHome)
     : appServer.start;
-  let lease: CodexAppServerClientLease | undefined;
+  const ownsClient = !params.options.clientFactory;
   const client = params.options.clientFactory
-    ? ((lease = await params.options.clientFactory({
-        startOptions,
+    ? await params.options.clientFactory(startOptions, params.profile, agentDir, params.config, {
         timeoutMs,
-        authProfileId: params.profile,
-        agentDir,
-        authProfileStore: params.authProfileStore,
-        config: params.config,
-      })),
-      lease.client)
+      })
     : await import("./shared-client.js").then(({ createIsolatedCodexAppServerClient }) =>
         createIsolatedCodexAppServerClient({
           startOptions,
@@ -217,9 +208,7 @@ async function runBoundedCodexAppServerTurnInWorkspace(
   } finally {
     clearTimeout(timeout);
     params.signal?.removeEventListener("abort", abortFromCaller);
-    if (lease) {
-      lease.release();
-    } else {
+    if (ownsClient) {
       client.close();
     }
   }

extensions/codex/src/app-server/client-factory.ts

@@ -0,0 +1,70 @@
+/**
+ * Lazy factories for shared and leased Codex app-server clients.
+ */
+import type { resolveCodexAppServerAuthProfileIdForAgent } from "./auth-bridge.js";
+import type { CodexAppServerClient } from "./client.js";
+import type { CodexAppServerStartOptions } from "./config.js";
+
+type AuthProfileOrderConfig = Parameters<
+  typeof resolveCodexAppServerAuthProfileIdForAgent
+>[0]["config"];
+
+/** Factory signature used by Codex attempt startup to acquire a client. */
+export type CodexAppServerClientFactory = (
+  startOptions?: CodexAppServerStartOptions,
+  authProfileId?: string,
+  agentDir?: string,
+  config?: AuthProfileOrderConfig,
+  options?: {
+    onStartedClient?: (client: CodexAppServerClient) => void;
+    abandonSignal?: AbortSignal;
+    timeoutMs?: number;
+  },
+) => Promise<CodexAppServerClient>;
+
+let sharedClientModulePromise: Promise<typeof import("./shared-client.js")> | null = null;
+
+const loadSharedClientModule = async () => {
+  sharedClientModulePromise ??= import("./shared-client.js");
+  return await sharedClientModulePromise;
+};
+
+/** Returns the process-shared app-server client for normal attempt reuse. */
+export const defaultCodexAppServerClientFactory: CodexAppServerClientFactory = (
+  startOptions,
+  authProfileId,
+  agentDir,
+  config,
+  options,
+) =>
+  loadSharedClientModule().then(({ getSharedCodexAppServerClient }) =>
+    getSharedCodexAppServerClient({
+      startOptions,
+      authProfileId,
+      agentDir,
+      config,
+      onStartedClient: options?.onStartedClient,
+      abandonSignal: options?.abandonSignal,
+      timeoutMs: options?.timeoutMs,
+    }),
+  );
+
+/** Returns a leased shared client so startup can release ownership explicitly. */
+export const defaultLeasedCodexAppServerClientFactory: CodexAppServerClientFactory = (
+  startOptions,
+  authProfileId,
+  agentDir,
+  config,
+  options,
+) =>
+  loadSharedClientModule().then(({ getLeasedSharedCodexAppServerClient }) =>
+    getLeasedSharedCodexAppServerClient({
+      startOptions,
+      authProfileId,
+      agentDir,
+      config,
+      onStartedClient: options?.onStartedClient,
+      abandonSignal: options?.abandonSignal,
+      timeoutMs: options?.timeoutMs,
+    }),
+  );

extensions/codex/src/app-server/client-runtime.test.ts

@@ -1,78 +0,0 @@
-import { afterEach, describe, expect, it, vi } from "vitest";
-import type { CodexAppServerClient } from "./client.js";
-import { createClientHarness } from "./test-support.js";
-
-const mocks = vi.hoisted(() => ({
-  refreshAuth: vi.fn(async () => ({ accessToken: "refreshed", chatgptAccountId: "account" })),
-  mergeRateLimitUpdate: vi.fn(),
-}));
-
-vi.mock("./auth-bridge.js", () => ({
-  refreshCodexAppServerAuthTokens: mocks.refreshAuth,
-}));
-
-vi.mock("./rate-limit-cache.js", () => ({
-  mergeCodexRateLimitsUpdate: mocks.mergeRateLimitUpdate,
-}));
-
-const { ensureCodexAppServerClientRuntime } = await import("./client-runtime.js");
-
-describe("Codex app-server client runtime", () => {
-  const clients: CodexAppServerClient[] = [];
-
-  afterEach(() => {
-    for (const client of clients) {
-      client.close();
-    }
-    clients.length = 0;
-    mocks.refreshAuth.mockClear();
-    mocks.mergeRateLimitUpdate.mockClear();
-  });
-
-  it("installs shared handlers once per physical client", async () => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-    const context = {
-      agentDir: "/tmp/agent",
-      authProfileId: "openai:default",
-      config: {},
-    };
-    const updatedContext = {
-      ...context,
-      authProfileStore: { version: 1 as const, profiles: {} },
-      config: { models: { mode: "merge" as const } },
-    };
-    const addNotificationHandler = vi.spyOn(harness.client, "addNotificationHandler");
-    const addRequestHandler = vi.spyOn(harness.client, "addRequestHandler");
-    const addCloseHandler = vi.spyOn(harness.client, "addCloseHandler");
-
-    ensureCodexAppServerClientRuntime(harness.client, context);
-    ensureCodexAppServerClientRuntime(harness.client, updatedContext);
-
-    expect(addNotificationHandler).toHaveBeenCalledTimes(1);
-    expect(addRequestHandler).toHaveBeenCalledTimes(1);
-    expect(addCloseHandler).not.toHaveBeenCalled();
-    harness.send({
-      method: "account/rateLimits/updated",
-      params: { rateLimits: { primary: { usedPercent: 12 } } },
-    });
-    harness.send({
-      id: "refresh-1",
-      method: "account/chatgptAuthTokens/refresh",
-      params: { reason: "expired" },
-    });
-
-    await vi.waitFor(() => expect(mocks.mergeRateLimitUpdate).toHaveBeenCalledTimes(1));
-    await vi.waitFor(() => expect(mocks.refreshAuth).toHaveBeenCalledTimes(1));
-    expect(mocks.refreshAuth).toHaveBeenCalledWith(updatedContext);
-    expect(mocks.mergeRateLimitUpdate).toHaveBeenCalledWith(harness.client, {
-      rateLimits: { primary: { usedPercent: 12 } },
-    });
-    await vi.waitFor(() =>
-      expect(harness.writes.map((line) => JSON.parse(line) as unknown)).toContainEqual({
-        id: "refresh-1",
-        result: { accessToken: "refreshed", chatgptAccountId: "account" },
-      }),
-    );
-  });
-});

extensions/codex/src/app-server/client-runtime.ts

@@ -1,50 +0,0 @@
-/** Client-scoped Codex auth and account observers. */
-import { refreshCodexAppServerAuthTokens } from "./auth-bridge.js";
-import type { CodexAppServerClient } from "./client.js";
-import type { JsonValue } from "./protocol.js";
-import { mergeCodexRateLimitsUpdate } from "./rate-limit-cache.js";
-import type { CodexAppServerAuthProfileLookup } from "./session-binding.js";
-
-type ClientRuntimeContext = Omit<CodexAppServerAuthProfileLookup, "agentDir"> & {
-  agentDir: string;
-};
-
-type ClientRuntime = {
-  context: ClientRuntimeContext;
-};
-
-const configuredClients = new WeakMap<CodexAppServerClient, ClientRuntime>();
-
-/** Installs one auth-refresh handler and one rate-limit observer per physical client. */
-export function ensureCodexAppServerClientRuntime(
-  client: CodexAppServerClient,
-  context: ClientRuntimeContext,
-): void {
-  const existing = configuredClients.get(client);
-  if (existing) {
-    // Shared-client keys already isolate agent/auth identity. Keep config fresh
-    // without installing another physical-client handler set.
-    existing.context = context;
-    return;
-  }
-  const runtime: ClientRuntime = { context };
-  configuredClients.set(client, runtime);
-  client.addRequestHandler(async (request) => {
-    if (request.method !== "account/chatgptAuthTokens/refresh") {
-      return undefined;
-    }
-    return (await refreshCodexAppServerAuthTokens({
-      agentDir: runtime.context.agentDir,
-      authProfileId: runtime.context.authProfileId,
-      ...(runtime.context.authProfileStore
-        ? { authProfileStore: runtime.context.authProfileStore }
-        : {}),
-      config: runtime.context.config,
-    })) as unknown as JsonValue;
-  });
-  client.addNotificationHandler((notification) => {
-    if (notification.method === "account/rateLimits/updated") {
-      mergeCodexRateLimitsUpdate(client, notification.params);
-    }
-  });
-}

extensions/codex/src/app-server/client.test.ts

@@ -50,78 +50,6 @@ describe("CodexAppServerClient", () => {
     expect(outbound.method).toBe("model/list");
   });
 
-  it("keeps a shared thread subscribed until every local owner releases it", async () => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-
-    const firstResume = harness.client.request("thread/resume", { threadId: "thread-1" });
-    const secondResume = harness.client.request("thread/resume", { threadId: "thread-1" });
-    const [firstRequest, secondRequest] = harness.writes.map((line) => JSON.parse(line)) as Array<{
-      id: number;
-    }>;
-    const resumeResult = {
-      thread: { id: "thread-1", cwd: "/tmp", status: { type: "idle" } },
-      model: "gpt-5.5",
-    };
-    harness.send({ id: firstRequest?.id, result: resumeResult });
-    harness.send({ id: secondRequest?.id, result: resumeResult });
-    await Promise.all([firstResume, secondResume]);
-
-    await expect(
-      harness.client.request("thread/unsubscribe", { threadId: "thread-1" }),
-    ).resolves.toEqual({ status: "unsubscribed" });
-    expect(harness.writes).toHaveLength(2);
-
-    const finalRelease = harness.client.request("thread/unsubscribe", {
-      threadId: "thread-1",
-    });
-    const releaseRequest = JSON.parse(harness.writes[2] ?? "{}") as { id?: number };
-    harness.send({ id: releaseRequest.id, result: { status: "unsubscribed" } });
-    await expect(finalRelease).resolves.toEqual({ status: "unsubscribed" });
-    expect(harness.writes).toHaveLength(3);
-  });
-
-  it("pairs written resume failures without retaining pre-aborted requests", async () => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-
-    const firstResume = harness.client.request("thread/resume", { threadId: "thread-1" });
-    const firstRequest = JSON.parse(harness.writes[0] ?? "{}") as { id?: number };
-    harness.send({
-      id: firstRequest.id,
-      result: {
-        thread: { id: "thread-1", cwd: "/tmp", status: { type: "idle" } },
-        model: "gpt-5.5",
-      },
-    });
-    await firstResume;
-
-    const failedResume = harness.client.request("thread/resume", { threadId: "thread-1" });
-    const failedRequest = JSON.parse(harness.writes[1] ?? "{}") as { id?: number };
-    harness.send({ id: failedRequest.id, error: { code: -32000, message: "resume failed" } });
-    await expect(failedResume).rejects.toThrow("resume failed");
-
-    await expect(
-      harness.client.request("thread/unsubscribe", { threadId: "thread-1" }),
-    ).resolves.toEqual({ status: "unsubscribed" });
-    expect(harness.writes).toHaveLength(2);
-
-    const controller = new AbortController();
-    controller.abort();
-    await expect(
-      harness.client.request(
-        "thread/resume",
-        { threadId: "thread-1" },
-        { signal: controller.signal },
-      ),
-    ).rejects.toThrow("thread/resume aborted");
-    const unsubscribe = harness.client.request("thread/unsubscribe", { threadId: "thread-1" });
-    expect(harness.writes).toHaveLength(3);
-    const unsubscribeRequest = JSON.parse(harness.writes[2] ?? "{}") as { id?: number };
-    harness.send({ id: unsubscribeRequest.id, result: { status: "unsubscribed" } });
-    await expect(unsubscribe).resolves.toEqual({ status: "unsubscribed" });
-  });
-
   it("removes unpaired surrogate code units from outbound JSON-RPC strings", async () => {
     const harness = createClientHarness();
     clients.push(harness.client);
@@ -142,9 +70,9 @@ describe("CodexAppServerClient", () => {
     expect(outbound.params?.nested).toEqual(["lowend", "emoji 🙈 ok"]);
     harness.send({
       id: JSON.parse(harness.writes[0] ?? "{}").id,
-      result: { thread: { id: "thread-1" } },
+      result: { threadId: "thread-1" },
     });
-    await expect(request).resolves.toEqual({ thread: { id: "thread-1" } });
+    await expect(request).resolves.toEqual({ threadId: "thread-1" });
   });
 
   it("logs a redacted preview for malformed app-server messages", async () => {
@@ -212,30 +140,6 @@ describe("CodexAppServerClient", () => {
     expect(warn).not.toHaveBeenCalled();
   });
 
-  it("contains synchronous notification handler failures and continues fanout", async () => {
-    const warn = vi.spyOn(embeddedAgentLog, "warn").mockImplementation(() => undefined);
-    const harness = createClientHarness();
-    clients.push(harness.client);
-    const laterHandler = vi.fn();
-    harness.client.addNotificationHandler(() => {
-      throw new Error("handler exploded");
-    });
-    harness.client.addNotificationHandler(laterHandler);
-
-    expect(() =>
-      harness.send({
-        method: "item/commandExecution/outputDelta",
-        params: { delta: "still routed" },
-      }),
-    ).not.toThrow();
-
-    await vi.waitFor(() => expect(laterHandler).toHaveBeenCalledTimes(1));
-    expect(warn).toHaveBeenCalledWith(
-      "codex app-server notification handler failed",
-      expect.objectContaining({ error: expect.any(Error) }),
-    );
-  });
-
   it("preserves JSON-RPC error codes", async () => {
     const harness = createClientHarness();
     clients.push(harness.client);
@@ -316,95 +220,6 @@ describe("CodexAppServerClient", () => {
     expect(harness.writes).toHaveLength(1);
   });
 
-  it.each([
-    {
-      method: "thread/start" as const,
-      params: {},
-      abandonment: "timeout" as const,
-      expectedError: "thread/start timed out",
-    },
-    {
-      method: "thread/fork" as const,
-      params: { threadId: "parent-thread" },
-      abandonment: "abort" as const,
-      expectedError: "thread/fork aborted",
-    },
-  ])("unsubscribes a late successful $method after local $abandonment", async (testCase) => {
-    vi.useFakeTimers();
-    const harness = createClientHarness();
-    clients.push(harness.client);
-    const controller = new AbortController();
-    const options =
-      testCase.abandonment === "timeout" ? { timeoutMs: 1 } : { signal: controller.signal };
-    const request = harness.client.request(testCase.method, testCase.params, options);
-    const outbound = JSON.parse(harness.writes[0] ?? "{}") as { id?: number };
-    const rejected = expect(request).rejects.toThrow(testCase.expectedError);
-
-    if (testCase.abandonment === "timeout") {
-      await vi.advanceTimersByTimeAsync(100);
-    } else {
-      controller.abort();
-    }
-    await rejected;
-
-    harness.send({ id: outbound.id, result: { thread: { id: "late-thread" } } });
-    expect(JSON.parse(harness.writes[1] ?? "{}")).toEqual({
-      id: expect.any(Number),
-      method: "thread/unsubscribe",
-      params: { threadId: "late-thread" },
-    });
-  });
-
-  it("closes when a late thread creation subscription cannot be released", async () => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-    const controller = new AbortController();
-    const request = harness.client.request("thread/start", {}, { signal: controller.signal });
-    const outbound = JSON.parse(harness.writes[0] ?? "{}") as { id?: number };
-    const rejected = expect(request).rejects.toThrow("thread/start aborted");
-
-    controller.abort();
-    await rejected;
-    harness.send({ id: outbound.id, result: { thread: { id: "late-thread" } } });
-    const unsubscribe = JSON.parse(harness.writes[1] ?? "{}") as { id?: number };
-    harness.send({
-      id: unsubscribe.id,
-      error: { code: -32_000, message: "unsubscribe failed" },
-    });
-
-    await vi.waitFor(() => expect(harness.stdinDestroyed).toBe(true));
-  });
-
-  it("does not unsubscribe a late rejected thread creation", async () => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-    const controller = new AbortController();
-    const request = harness.client.request("thread/start", {}, { signal: controller.signal });
-    const outbound = JSON.parse(harness.writes[0] ?? "{}") as { id?: number };
-    const rejected = expect(request).rejects.toThrow("thread/start aborted");
-
-    controller.abort();
-    await rejected;
-    harness.send({ id: outbound.id, error: { code: -32000, message: "start failed" } });
-
-    expect(harness.writes).toHaveLength(1);
-  });
-
-  it("closes after the bounded late-creation cleanup ledger fills", async () => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-
-    for (let index = 0; index < 129; index += 1) {
-      const controller = new AbortController();
-      const request = harness.client.request("thread/start", {}, { signal: controller.signal });
-      const rejected = expect(request).rejects.toThrow("thread/start aborted");
-      controller.abort();
-      await rejected;
-    }
-
-    expect(harness.stdinDestroyed).toBe(true);
-  });
-
   it("initializes with the required client version", async () => {
     const { harness, initializing, outbound } = startInitialize();
     harness.send({
@@ -701,26 +516,6 @@ describe("CodexAppServerClient", () => {
     });
   });
 
-  it.each(["execCommandApproval", "applyPatchApproval"])(
-    "fails closed for unhandled legacy %s requests",
-    async (method) => {
-      const harness = createClientHarness();
-      clients.push(harness.client);
-
-      harness.send({
-        id: "legacy-approval-1",
-        method,
-        params: { conversationId: "thread-1" },
-      });
-      await vi.waitFor(() => expect(harness.writes.length).toBe(1));
-
-      expect(JSON.parse(harness.writes[0] ?? "{}")).toEqual({
-        id: "legacy-approval-1",
-        result: { decision: "denied" },
-      });
-    },
-  );
-
   it("fails closed for unhandled native app-server approvals", async () => {
     const harness = createClientHarness();
     clients.push(harness.client);
@@ -738,41 +533,6 @@ describe("CodexAppServerClient", () => {
     });
   });
 
-  it.each([
-    [
-      "item/tool/call",
-      {
-        contentItems: [
-          {
-            type: "inputText",
-            text: "OpenClaw did not register a handler for this app-server tool call.",
-          },
-        ],
-        success: false,
-      },
-    ],
-    ["item/permissions/requestApproval", { permissions: {}, scope: "turn" }],
-    ["mcpServer/elicitation/request", { action: "decline" }],
-    [
-      "item/future/requestApproval",
-      {
-        decision: "decline",
-        reason: "OpenClaw codex app-server bridge does not grant unknown native approvals.",
-      },
-    ],
-  ])("fails closed for an unhandled %s request", async (method, expected) => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-
-    harness.send({ id: "unhandled-1", method, params: { threadId: "thread-1" } });
-    await vi.waitFor(() => expect(harness.writes.length).toBe(1));
-
-    expect(JSON.parse(harness.writes[0] ?? "{}")).toEqual({
-      id: "unhandled-1",
-      result: expected,
-    });
-  });
-
   it("only treats known Codex app-server approval methods as approvals", () => {
     expect(isCodexAppServerApprovalRequest("item/commandExecution/requestApproval")).toBe(true);
     expect(isCodexAppServerApprovalRequest("item/fileChange/requestApproval")).toBe(true);

extensions/codex/src/app-server/client.ts

@@ -12,7 +12,6 @@ import {
   type CodexInitializeParams,
   type CodexInitializeResponse,
   isRpcResponse,
-  readCodexThreadCreationResponseId,
   type CodexServerNotification,
   type JsonValue,
   type RpcMessage,
@@ -35,8 +34,6 @@ const CODEX_APP_SERVER_PARSE_BUFFER_MAX = 1_000_000;
 const CODEX_APP_SERVER_PARSE_BUFFER_MAX_LINES = 1_000;
 const CODEX_DYNAMIC_TOOL_SERVER_REQUEST_TIMEOUT_MS = 600_000;
 const CODEX_APP_SERVER_STDERR_TAIL_MAX = 2_000;
-const CODEX_APP_SERVER_ABANDONED_THREAD_CREATION_MAX = 128;
-const CODEX_APP_SERVER_LATE_THREAD_CLEANUP_TIMEOUT_MS = 5_000;
 const UNPAIRED_SURROGATE_RE =
   /[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?<![\uD800-\uDBFF])[\uDC00-\uDFFF]/g;
 
@@ -123,10 +120,7 @@ export class CodexAppServerClient {
   private readonly requestHandlers = new Set<CodexServerRequestHandler>();
   private readonly notificationHandlers = new Set<CodexServerNotificationHandler>();
   private readonly closeHandlers = new Set<(client: CodexAppServerClient) => void>();
-  private readonly threadSubscriptionOwners = new Map<string, number>();
-  // Codex may finish a locally abandoned create request. Remember its RPC id
-  // until response/close so the unknown thread subscription can be released.
-  private readonly abandonedThreadCreationRequestIds = new Set<number | string>();
+  private activeSharedLeaseCountProvider: (() => number | undefined) | undefined;
   private nextId = 1;
   private initialized = false;
   private closed = false;
@@ -247,27 +241,11 @@ export class CodexAppServerClient {
     if (options.signal?.aborted) {
       return Promise.reject(new Error(`${method} aborted`));
     }
-    const requestedThreadId = readRequestThreadId(params);
-    if (
-      method === "thread/unsubscribe" &&
-      requestedThreadId &&
-      this.releaseThreadSubscriptionOwner(requestedThreadId)
-    ) {
-      // Codex subscriptions are connection-wide sets. A logical owner can
-      // release without silencing another turn on the same physical client.
-      return Promise.resolve({ status: "unsubscribed" } as unknown as T);
-    }
-    if (method === "thread/resume" && requestedThreadId) {
-      // Every resume attempt owns one release, even if the response times out
-      // or aborts: Codex may have subscribed before OpenClaw saw the outcome.
-      this.retainThreadSubscriptionOwner(requestedThreadId);
-    }
     const id = this.nextId++;
     const message: RpcRequest = { id, method, params: params as JsonValue | undefined };
     return new Promise<T>((resolve, reject) => {
       let timeout: ReturnType<typeof setTimeout> | undefined;
       let cleanupAbort: (() => void) | undefined;
-      let requestWritten = false;
       const cleanup = () => {
         if (timeout) {
           clearTimeout(timeout);
@@ -276,37 +254,23 @@ export class CodexAppServerClient {
         cleanupAbort?.();
         cleanupAbort = undefined;
       };
-      const rejectPending = (error: Error, rememberLateThreadCreation = false) => {
+      const rejectPending = (error: Error) => {
         if (!this.pending.has(id)) {
           return;
         }
         this.pending.delete(id);
-        if (rememberLateThreadCreation && isThreadCreationRequest(method)) {
-          if (
-            this.abandonedThreadCreationRequestIds.size >=
-            CODEX_APP_SERVER_ABANDONED_THREAD_CREATION_MAX
-          ) {
-            // Lost create responses can hide server subscriptions. Once the
-            // bounded cleanup ledger fills, closing is the only safe release.
-            this.closeWithError(
-              new Error("codex app-server abandoned thread creation limit exceeded"),
-            );
-          } else {
-            this.abandonedThreadCreationRequestIds.add(id);
-          }
-        }
         cleanup();
         reject(error);
       };
       if (options.timeoutMs && Number.isFinite(options.timeoutMs) && options.timeoutMs > 0) {
         timeout = setTimeout(
-          () => rejectPending(new Error(`${method} timed out`), true),
+          () => rejectPending(new Error(`${method} timed out`)),
           Math.max(100, options.timeoutMs),
         );
         timeout.unref?.();
       }
       if (options.signal) {
-        const abortListener = () => rejectPending(new Error(`${method} aborted`), requestWritten);
+        const abortListener = () => rejectPending(new Error(`${method} aborted`));
         options.signal.addEventListener("abort", abortListener, { once: true });
         cleanupAbort = () => options.signal?.removeEventListener("abort", abortListener);
       }
@@ -314,12 +278,6 @@ export class CodexAppServerClient {
         method,
         resolve: (value) => {
           cleanup();
-          if (method === "thread/start" || method === "thread/fork") {
-            const threadId = readCodexThreadCreationResponseId(value);
-            if (threadId) {
-              this.retainThreadSubscriptionOwner(threadId);
-            }
-          }
           resolve(value as T);
         },
         reject: (error) => {
@@ -333,7 +291,6 @@ export class CodexAppServerClient {
         return;
       }
       try {
-        requestWritten = true;
         this.writeMessage(message, (error) => rejectPending(error));
       } catch (error) {
         rejectPending(error instanceof Error ? error : new Error(String(error)));
@@ -358,6 +315,18 @@ export class CodexAppServerClient {
     return () => this.notificationHandlers.delete(handler);
   }
 
+  /** Installs a lease-count provider used to route unscoped notifications. */
+  setActiveSharedLeaseCountProviderForUnscopedNotifications(
+    provider: (() => number | undefined) | undefined,
+  ): void {
+    this.activeSharedLeaseCountProvider = provider;
+  }
+
+  /** Reads the active shared-client lease count when available. */
+  getActiveSharedLeaseCountForUnscopedNotifications(): number | undefined {
+    return this.activeSharedLeaseCountProvider?.();
+  }
+
   /** Registers a close handler and returns its disposer. */
   addCloseHandler(handler: (client: CodexAppServerClient) => void): () => void {
     this.closeHandlers.add(handler);
@@ -476,15 +445,6 @@ export class CodexAppServerClient {
   }
 
   private handleResponse(response: RpcResponse): void {
-    if (this.abandonedThreadCreationRequestIds.delete(response.id)) {
-      if (!response.error) {
-        const threadId = readCodexThreadCreationResponseId(response.result);
-        if (threadId) {
-          this.unsubscribeLateThreadCreation(threadId);
-        }
-      }
-      return;
-    }
     const pending = this.pending.get(response.id);
     if (!pending) {
       return;
@@ -562,14 +522,7 @@ export class CodexAppServerClient {
 
   private handleNotification(notification: CodexServerNotification): void {
     for (const handler of this.notificationHandlers) {
-      let result: Promise<void> | void;
-      try {
-        result = handler(notification);
-      } catch (error) {
-        embeddedAgentLog.warn("codex app-server notification handler failed", { error });
-        continue;
-      }
-      Promise.resolve(result).catch((error: unknown) => {
+      Promise.resolve(handler(notification)).catch((error: unknown) => {
         embeddedAgentLog.warn("codex app-server notification handler failed", { error });
       });
     }
@@ -587,54 +540,11 @@ export class CodexAppServerClient {
     }
     this.closed = true;
     this.closeError = error;
-    this.threadSubscriptionOwners.clear();
-    this.abandonedThreadCreationRequestIds.clear();
     this.lines.close();
     this.rejectPendingRequests(error);
     return true;
   }
 
-  private unsubscribeLateThreadCreation(threadId: string): void {
-    // This late response never registered a local owner. Track the wire
-    // release anyway; an unconfirmed cleanup makes this client unsafe to pool.
-    void this.request(
-      "thread/unsubscribe",
-      { threadId },
-      { timeoutMs: CODEX_APP_SERVER_LATE_THREAD_CLEANUP_TIMEOUT_MS },
-    ).catch((error: unknown) => {
-      embeddedAgentLog.debug("codex app-server late thread unsubscribe failed", {
-        threadId,
-        error,
-      });
-      this.closeWithError(
-        new Error(`Codex late thread subscription could not be released: ${threadId}`, {
-          cause: error,
-        }),
-      );
-    });
-  }
-
-  private retainThreadSubscriptionOwner(threadId: string): void {
-    this.threadSubscriptionOwners.set(
-      threadId,
-      (this.threadSubscriptionOwners.get(threadId) ?? 0) + 1,
-    );
-  }
-
-  /** Returns true when another local owner still needs the wire subscription. */
-  private releaseThreadSubscriptionOwner(threadId: string): boolean {
-    const owners = this.threadSubscriptionOwners.get(threadId);
-    if (owners === undefined) {
-      return false;
-    }
-    if (owners > 1) {
-      this.threadSubscriptionOwners.set(threadId, owners - 1);
-      return true;
-    }
-    this.threadSubscriptionOwners.delete(threadId);
-    return false;
-  }
-
   private rejectPendingRequests(error: Error): void {
     for (const pending of this.pending.values()) {
       pending.cleanup();
@@ -647,17 +557,6 @@ export class CodexAppServerClient {
   }
 }
 
-function readRequestThreadId(value: unknown): string | undefined {
-  if (!isJsonObject(value) || typeof value.threadId !== "string") {
-    return undefined;
-  }
-  return value.threadId.trim() || undefined;
-}
-
-function isThreadCreationRequest(method: string): boolean {
-  return method === "thread/start" || method === "thread/fork";
-}
-
 function defaultServerRequestResponse(
   request: Required<Pick<RpcRequest, "id" | "method">> & { params?: JsonValue },
 ): JsonValue {
@@ -672,9 +571,6 @@ function defaultServerRequestResponse(
       success: false,
     };
   }
-  if (request.method === "execCommandApproval" || request.method === "applyPatchApproval") {
-    return { decision: "denied" };
-  }
   if (
     request.method === "item/commandExecution/requestApproval" ||
     request.method === "item/fileChange/requestApproval"
@@ -690,12 +586,6 @@ function defaultServerRequestResponse(
       reason: "OpenClaw codex app-server bridge does not grant native approvals yet.",
     };
   }
-  if (request.method.includes("requestApproval")) {
-    return {
-      decision: "decline",
-      reason: "OpenClaw codex app-server bridge does not grant unknown native approvals.",
-    };
-  }
   if (request.method === "item/tool/requestUserInput") {
     return {
       answers: {},

extensions/codex/src/app-server/compact.ts

@@ -7,396 +7,145 @@ import {
   type EmbeddedAgentCompactResult,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import {
-  CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS,
-  isCodexAppServerUnsafeSubscriptionError,
-  settleCodexAppServerClientLease,
-} from "./attempt-client-cleanup.js";
-import { readCodexNotificationItem } from "./attempt-notifications.js";
-import { resolveCodexTurnTerminalIdleTimeoutMs } from "./attempt-timeouts.js";
-import { CodexAppServerRpcError } from "./client.js";
+  defaultLeasedCodexAppServerClientFactory,
+  type CodexAppServerClientFactory,
+} from "./client-factory.js";
 import { resolveCodexAppServerRuntimeOptions } from "./config.js";
-import { isJsonObject, type JsonObject, type JsonValue } from "./protocol.js";
+import type { JsonObject } from "./protocol.js";
 import { resolveCodexNativeExecutionBlock } from "./sandbox-guard.js";
 import {
   CODEX_APP_SERVER_BINDING_GUARDED_REQUEST_TIMEOUT_MS,
-  sessionBindingIdentity,
-  type CodexAppServerBindingIdentity,
-  type CodexAppServerBindingStore,
+  readCodexAppServerBinding,
+  withCodexAppServerBindingLock,
+  writeCodexAppServerBinding,
   type CodexAppServerThreadBinding,
 } from "./session-binding.js";
-import {
-  leaseSharedCodexAppServerClient,
-  type CodexAppServerClientLease,
-  type CodexAppServerClientLeaseFactory,
-  type CodexAppServerClientOptions,
-} from "./shared-client.js";
-import { resumeCodexAppServerThread } from "./thread-resume.js";
-import { withTimeout } from "./timeout.js";
-import {
-  getCodexAppServerTurnRouter,
-  isCodexTerminalTurnNotification,
-  type CodexNativeTurnCompletionWatch,
-  type CodexThreadRouteReservation,
-} from "./turn-router.js";
+import { releaseLeasedSharedCodexAppServerClient } from "./shared-client.js";
 
+const warnedIgnoredCompactionOverrides = new Set<string>();
 type CodexAppServerCompactOptions = {
-  bindingStore: CodexAppServerBindingStore;
   pluginConfig?: unknown;
-  clientLeaseFactory?: CodexAppServerClientLeaseFactory;
+  clientFactory?: CodexAppServerClientFactory;
   allowNonManualNativeRequest?: boolean;
 };
 
-class CodexNativeTurnBindingChangedError extends Error {}
-
-type CodexNativeTurnRequest = {
-  bindingStore: CodexAppServerBindingStore;
-  bindingIdentity: CodexAppServerBindingIdentity;
-  expectedBinding: CodexAppServerThreadBinding;
-  pluginConfig?: unknown;
-  authProfileId?: string;
-  agentDir?: string;
-  config?: CodexAppServerClientOptions["config"];
-  abortSignal?: AbortSignal;
-  clientLeaseFactory?: CodexAppServerClientLeaseFactory;
-};
-
-export type CodexNativeTurnKind = "compact" | "review";
-
-/** Starts one native Codex turn and retains its app-server owner through completion. */
-export async function requestCodexNativeTurnForBinding(
-  params: CodexNativeTurnRequest,
-  kind: CodexNativeTurnKind,
-): Promise<void> {
-  const isCompaction = kind === "compact";
-  const label = isCompaction ? "compaction" : "review";
-  const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig: params.pluginConfig });
-  const requestTimeoutMs = Math.min(
-    appServer.requestTimeoutMs,
-    CODEX_APP_SERVER_BINDING_GUARDED_REQUEST_TIMEOUT_MS,
-  );
-  await params.bindingStore.withLease(params.bindingIdentity, async () => {
-    const currentBinding = await params.bindingStore.read(params.bindingIdentity);
-    if (!currentBinding || !isSameNativeTurnBinding(currentBinding, params.expectedBinding)) {
-      throw new CodexNativeTurnBindingChangedError(
-        `Codex thread binding changed before native ${label}`,
-      );
-    }
-    const clientLease = await (params.clientLeaseFactory ?? leaseSharedCodexAppServerClient)({
-      startOptions: appServer.start,
-      authProfileId: params.authProfileId ?? currentBinding.authProfileId,
-      agentDir: params.agentDir,
-      config: params.config,
-      abandonSignal: params.abortSignal,
-      timeoutMs: appServer.requestTimeoutMs,
-    });
-    const client = clientLease.client;
-    let subscribedThreadId: string | undefined;
-    let abandonClient = false;
-    let lifecycleTransferred = false;
-    let awaitingNativeTurnStart = false;
-    const terminalTurnsBeforeWatch = new Set<string>();
-    let route: CodexThreadRouteReservation | undefined;
-    let completionWatch: CodexNativeTurnCompletionWatch | undefined;
-    let observedContextCompaction = false;
-    let bindingInvalidated = false;
-    let resolveNativeTurnStarted!: () => void;
-    const nativeTurnStarted = new Promise<void>((resolve) => {
-      resolveNativeTurnStarted = resolve;
-    });
-    try {
-      const router = getCodexAppServerTurnRouter(client);
-      route = router.reserveThread({
-        threadId: currentBinding.threadId,
-        onNotificationReceived: (notification, scope) => {
-          const contextCompactionStarted =
-            isCompaction &&
-            Boolean(scope.turnId) &&
-            notification.method === "item/started" &&
-            readCodexNotificationItem(notification.params)?.type === "contextCompaction";
-          if (contextCompactionStarted) {
-            observedContextCompaction = true;
-          }
-          if (!awaitingNativeTurnStart || !scope.turnId) {
-            return;
-          }
-          if (isCodexTerminalTurnNotification(notification)) {
-            terminalTurnsBeforeWatch.add(scope.turnId);
-          }
-          if (contextCompactionStarted) {
-            completionWatch ??= router.watchNativeTurnCompletion({
-              threadId: currentBinding.threadId,
-              turnId: scope.turnId,
-              timeoutMs: resolveCodexTurnTerminalIdleTimeoutMs(undefined),
-            });
-            resolveNativeTurnStarted();
-          }
-        },
-        onNotification: () => undefined,
-      });
-      throwIfCodexNativeTurnAborted(params.abortSignal, kind);
-      let resumed;
-      try {
-        subscribedThreadId = currentBinding.threadId;
-        resumed = await resumeCodexAppServerThread({
-          client,
-          abandonClient: clientLease.abandon,
-          request: {
-            threadId: currentBinding.threadId,
-            excludeTurns: true,
-            persistExtendedHistory: true,
-          },
-          timeoutMs: requestTimeoutMs,
-          signal: params.abortSignal,
-        });
-      } catch (error) {
-        abandonClient = isCodexAppServerUnsafeSubscriptionError(error);
-        throw error;
-      }
-      const invalidateNativeContextBinding = async () => {
-        if (bindingInvalidated) {
-          return;
-        }
-        const invalidated = await params.bindingStore.mutate(params.bindingIdentity, {
-          kind: "invalidate-native-context",
-          threadId: currentBinding.threadId,
-          ...(isCompaction ? { invalidateContextEngineProjection: true as const } : {}),
-        });
-        if (!invalidated) {
-          throw new CodexNativeTurnBindingChangedError(
-            `Codex thread binding changed before native ${label}`,
-          );
-        }
-        bindingInvalidated = true;
-      };
-      if (isCompaction && observedContextCompaction) {
-        await invalidateNativeContextBinding();
-      }
-      if (resumed.thread.status?.type === "active") {
-        throw new Error(
-          `Codex thread already has an active turn; retry ${label} after it finishes`,
-        );
-      }
-      throwIfCodexNativeTurnAborted(params.abortSignal, kind);
-      await invalidateNativeContextBinding();
-      awaitingNativeTurnStart = true;
-      let requestResult: JsonValue | undefined;
-      try {
-        requestResult = await client.request(
-          isCompaction ? "thread/compact/start" : "review/start",
-          isCompaction
-            ? { threadId: currentBinding.threadId }
-            : { threadId: currentBinding.threadId, target: { type: "uncommittedChanges" } },
-          { timeoutMs: requestTimeoutMs },
-        );
-      } catch (error) {
-        const requestRejected = error instanceof CodexAppServerRpcError;
-        if (requestRejected) {
-          // A structured rejection proves this request did not start a native
-          // turn. Preserve only compaction already observed on the same thread.
-          completionWatch?.cancel();
-          completionWatch = undefined;
-          if (!isCompaction || !observedContextCompaction) {
-            const restored = await params.bindingStore.mutate(params.bindingIdentity, {
-              kind: "set",
-              binding: currentBinding,
-            });
-            if (!restored) {
-              throw new Error(`Codex thread binding changed after native ${label} was rejected`, {
-                cause: error,
-              });
-            }
-          }
-          throw error;
-        }
-        if (completionWatch) {
-          embeddedAgentLog.debug(`codex app-server ${kind} request failed after startup`, {
-            threadId: currentBinding.threadId,
-            error,
-          });
-        } else {
-          abandonClient = true;
-          throw error;
-        }
-      }
-      if (!isCompaction) {
-        try {
-          const review = assertCodexReviewStartResponse(requestResult);
-          if (review.reviewThreadId !== currentBinding.threadId) {
-            throw new Error(
-              `Codex review/start returned ${review.reviewThreadId} for inline review on ${currentBinding.threadId}`,
-            );
-          }
-          completionWatch = terminalTurnsBeforeWatch.has(review.turnId)
-            ? { completion: Promise.resolve(true), cancel: () => undefined }
-            : router.watchNativeTurnCompletion({
-                threadId: currentBinding.threadId,
-                turnId: review.turnId,
-                timeoutMs: resolveCodexTurnTerminalIdleTimeoutMs(undefined),
-              });
-        } catch (error) {
-          abandonClient = true;
-          throw error;
-        }
-      } else if (!completionWatch) {
-        try {
-          await waitForCodexNativeTurnStart({
-            started: nativeTurnStarted,
-            routeSignal: route.signal,
-            timeoutMs: requestTimeoutMs,
-            threadId: currentBinding.threadId,
-            kind,
-          });
-        } catch (error) {
-          // Codex accepted Op::Compact, so missing startup confirmation is
-          // ambiguous. Keep facts invalidated and retire this connection.
-          abandonClient = true;
-          throw error;
-        }
-      }
-      awaitingNativeTurnStart = false;
-      route.release();
-      route = undefined;
-      const transferredWatch = completionWatch;
-      if (!transferredWatch) {
-        abandonClient = true;
-        throw new Error(
-          `codex app-server ${kind} turn started without a turn id for thread ${currentBinding.threadId}`,
-        );
-      }
-      completionWatch = undefined;
-      lifecycleTransferred = true;
-      monitorCodexNativeTurn({
-        completionWatch: transferredWatch,
-        clientLease,
-        subscribedThreadId,
-        threadId: currentBinding.threadId,
-        kind,
-      });
-    } finally {
-      if (!lifecycleTransferred) {
-        completionWatch?.cancel();
-        route?.release();
-        await settleCodexAppServerClientLease(clientLease, {
-          threadId: subscribedThreadId,
-          timeoutMs: CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS,
-          abandon: abandonClient,
-        });
-      }
-    }
-  });
-}
-
-function assertCodexReviewStartResponse(value: JsonValue | undefined): {
-  turnId: string;
-  reviewThreadId: string;
-} {
-  if (
-    !isJsonObject(value) ||
-    !isJsonObject(value.turn) ||
-    typeof value.turn.id !== "string" ||
-    !value.turn.id.trim() ||
-    typeof value.reviewThreadId !== "string" ||
-    !value.reviewThreadId.trim()
-  ) {
-    throw new Error("invalid Codex review/start response");
-  }
-  return { turnId: value.turn.id, reviewThreadId: value.reviewThreadId };
-}
-
-function monitorCodexNativeTurn(params: {
-  completionWatch: CodexNativeTurnCompletionWatch;
-  clientLease: CodexAppServerClientLease;
-  subscribedThreadId?: string;
-  threadId: string;
-  kind: CodexNativeTurnKind;
-}): void {
-  void (async () => {
-    const completed = await params.completionWatch.completion;
-    await settleCodexAppServerClientLease(params.clientLease, {
-      threadId: params.subscribedThreadId,
-      timeoutMs: CODEX_APP_SERVER_UNSUBSCRIBE_TIMEOUT_MS,
-      abandon: !completed,
-    });
-    if (!completed) {
-      embeddedAgentLog.warn(`codex app-server ${params.kind} turn lost terminal confirmation`, {
-        threadId: params.threadId,
-      });
-    }
-  })().catch(async (error: unknown) => {
-    await params.clientLease.abandon().catch(() => undefined);
-    embeddedAgentLog.warn(`codex app-server ${params.kind} turn cleanup failed`, {
-      threadId: params.threadId,
-      error,
-    });
-  });
-}
-
-function throwIfCodexNativeTurnAborted(
-  signal: AbortSignal | undefined,
-  kind: CodexNativeTurnKind,
-): void {
-  if (!signal?.aborted) {
-    return;
-  }
-  if (signal.reason instanceof Error) {
-    throw signal.reason;
-  }
-  throw new Error(`codex app-server ${kind} aborted before native turn startup`, {
-    cause: signal.reason,
-  });
-}
-
-async function waitForCodexNativeTurnStart(params: {
-  started: Promise<void>;
-  routeSignal: AbortSignal;
-  timeoutMs: number;
-  threadId: string;
-  kind: CodexNativeTurnKind;
-}): Promise<void> {
-  const signal = params.routeSignal;
-  let removeAbort: (() => void) | undefined;
-  const aborted = new Promise<never>((_resolve, reject) => {
-    const onAbort = () => reject(asNativeTurnAbortError(signal));
-    signal.addEventListener("abort", onAbort, { once: true });
-    removeAbort = () => signal.removeEventListener("abort", onAbort);
-    if (signal.aborted) {
-      onAbort();
-    }
-  });
-  try {
-    await withTimeout(
-      Promise.race([params.started, aborted]),
-      params.timeoutMs,
-      `codex app-server ${params.kind} turn did not start for thread ${params.threadId}`,
-    );
-  } finally {
-    removeAbort?.();
-  }
-}
-
-function asNativeTurnAbortError(signal: AbortSignal): Error {
-  return signal.reason instanceof Error
-    ? signal.reason
-    : new Error("codex app-server native turn startup aborted", { cause: signal.reason });
-}
-
 /**
  * Starts native Codex compaction for a manually requested bound session, or
  * reports why Codex-owned automatic compaction should handle the trigger.
  */
 export async function maybeCompactCodexAppServerSession(
   params: CompactEmbeddedAgentSessionParams,
-  options: CodexAppServerCompactOptions,
+  options: CodexAppServerCompactOptions = {},
 ): Promise<EmbeddedAgentCompactResult | undefined> {
+  warnIfIgnoringOpenClawCompactionOverrides(params);
   // Codex owns automatic context-pressure compaction for Codex runtime sessions.
   // This entry point starts native Codex compaction for the bound thread and
   // returns immediately; Codex applies the compaction inside its app-server.
   return compactCodexNativeThread(params, options);
 }
 
+function warnIfIgnoringOpenClawCompactionOverrides(
+  params: CompactEmbeddedAgentSessionParams,
+): void {
+  const ignoredConfig = readIgnoredCompactionOverridePaths(params);
+  if (ignoredConfig.length === 0) {
+    return;
+  }
+  const warningKey = ignoredConfig.join("\0");
+  if (warnedIgnoredCompactionOverrides.has(warningKey)) {
+    return;
+  }
+  warnedIgnoredCompactionOverrides.add(warningKey);
+  embeddedAgentLog.warn(
+    "ignoring OpenClaw compaction overrides for Codex app-server compaction; Codex uses native server-side compaction",
+    {
+      sessionId: params.sessionId,
+      sessionKey: params.sessionKey,
+      ignoredConfig,
+    },
+  );
+}
+
+function readIgnoredCompactionOverridePaths(params: CompactEmbeddedAgentSessionParams): string[] {
+  const ignored = new Set<string>();
+  for (const entry of readCompactionOverrideEntries(params)) {
+    const localProvider =
+      typeof entry.record.provider === "string" ? entry.record.provider.trim() : "";
+    const inheritedProvider =
+      !localProvider && typeof entry.inheritedRecord?.provider === "string"
+        ? entry.inheritedRecord.provider.trim()
+        : "";
+    const providerPath = localProvider
+      ? `${entry.path}.compaction.provider`
+      : inheritedProvider && entry.inheritedPath
+        ? `${entry.inheritedPath}.compaction.provider`
+        : undefined;
+    if (typeof entry.record.model === "string" && entry.record.model.trim()) {
+      ignored.add(`${entry.path}.compaction.model`);
+    }
+    if (providerPath) {
+      ignored.add(providerPath);
+    }
+  }
+  return [...ignored];
+}
+
+function readCompactionOverrideEntries(params: CompactEmbeddedAgentSessionParams): Array<{
+  path: string;
+  record: Record<string, unknown>;
+  inheritedRecord?: Record<string, unknown>;
+  inheritedPath?: string;
+}> {
+  const entries: Array<{
+    path: string;
+    record: Record<string, unknown>;
+    inheritedRecord?: Record<string, unknown>;
+    inheritedPath?: string;
+  }> = [];
+  const defaultCompaction = readRecord(readRecord(params.config?.agents)?.defaults)?.compaction;
+  const defaultRecord = readRecord(defaultCompaction);
+  if (defaultRecord) {
+    entries.push({ path: "agents.defaults", record: defaultRecord });
+  }
+  const agentId = readAgentIdFromSessionKey(params.sessionKey ?? params.sandboxSessionKey);
+  if (!agentId) {
+    return entries;
+  }
+  const agents = Array.isArray(params.config?.agents?.list) ? params.config.agents.list : [];
+  const activeAgent = agents.find((agent) => {
+    const id = typeof agent?.id === "string" ? agent.id.trim().toLowerCase() : "";
+    return id === agentId;
+  });
+  const agentCompaction = readRecord(activeAgent)?.compaction;
+  const agentRecord = readRecord(agentCompaction);
+  if (agentRecord) {
+    entries.push({
+      path: `agents.list.${agentId}`,
+      record: agentRecord,
+      inheritedRecord: defaultRecord,
+      inheritedPath: "agents.defaults",
+    });
+  }
+  return entries;
+}
+
+function readAgentIdFromSessionKey(sessionKey: string | undefined): string | undefined {
+  const parts = sessionKey?.trim().toLowerCase().split(":").filter(Boolean) ?? [];
+  if (parts.length < 3 || parts[0] !== "agent") {
+    return undefined;
+  }
+  return parts[1]?.trim() || undefined;
+}
+
+function readRecord(value: unknown): Record<string, unknown> | undefined {
+  return value && typeof value === "object" && !Array.isArray(value)
+    ? (value as Record<string, unknown>)
+    : undefined;
+}
+
 async function compactCodexNativeThread(
   params: CompactEmbeddedAgentSessionParams,
-  options: CodexAppServerCompactOptions,
+  options: CodexAppServerCompactOptions = {},
 ): Promise<EmbeddedAgentCompactResult | undefined> {
   if (params.trigger !== "manual" && !options.allowNonManualNativeRequest) {
     embeddedAgentLog.info("skipping codex app-server compaction for non-manual trigger", {
@@ -423,7 +172,6 @@ async function compactCodexNativeThread(
   }
   const nativeExecutionBlock = resolveCodexNativeExecutionBlock({
     config: params.config,
-    agentId: params.agentId,
     sessionKey: params.sandboxSessionKey ?? params.sessionKey,
     sessionId: params.sessionId,
     surface: "native compaction",
@@ -431,20 +179,17 @@ async function compactCodexNativeThread(
   if (nativeExecutionBlock) {
     return { ok: false, compacted: false, reason: nativeExecutionBlock };
   }
-  const bindingIdentity: CodexAppServerBindingIdentity = sessionBindingIdentity({
-    sessionId: params.sessionId,
-    sessionKey: params.sessionKey,
-    agentId: params.agentId,
+  const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig: options.pluginConfig });
+  const initialBinding = await readCodexAppServerBinding(params.sessionFile, {
     config: params.config,
   });
-  const initialBinding = await options.bindingStore.read(bindingIdentity);
   if (!initialBinding?.threadId) {
     return failedCodexThreadBindingCompactionResult(params, {
       reason: "no codex app-server thread binding",
       recovery: "missing_thread_binding",
     });
   }
-  const binding = initialBinding;
+  let binding = initialBinding;
   const requestedAuthProfileId = params.authProfileId?.trim() || undefined;
   if (
     requestedAuthProfileId &&
@@ -455,42 +200,85 @@ async function compactCodexNativeThread(
     // with another profile risks operating on a different Codex account.
     return { ok: false, compacted: false, reason: "auth profile mismatch for session binding" };
   }
-  if (options.allowNonManualNativeRequest && params.abortSignal?.aborted) {
-    const currentBinding = await options.bindingStore.read(bindingIdentity);
-    return skippedCodexNativeCompactionResult(params, {
-      reason: "codex app-server compaction aborted before native compaction",
-      code: "aborted_before_native_compaction",
-      expectedThreadId: binding.threadId,
-      currentThreadId: currentBinding?.threadId,
-    });
-  }
+  const shouldReleaseDefaultLease = !options.clientFactory;
+  const clientFactory = options.clientFactory ?? defaultLeasedCodexAppServerClientFactory;
+  const client = await clientFactory(
+    appServer.start,
+    requestedAuthProfileId ?? binding.authProfileId,
+    params.agentDir,
+    params.config,
+  );
   try {
-    await requestCodexNativeTurnForBinding(
-      {
-        bindingIdentity,
-        bindingStore: options.bindingStore,
-        expectedBinding: binding,
-        pluginConfig: options.pluginConfig,
-        authProfileId: requestedAuthProfileId,
-        agentDir: params.agentDir,
-        config: params.config,
-        abortSignal: params.abortSignal,
-        clientLeaseFactory: options.clientLeaseFactory,
-      },
-      "compact",
-    );
+    if (options.allowNonManualNativeRequest) {
+      const guardedResult = await withCodexAppServerBindingLock(params.sessionFile, async () => {
+        const currentBinding = await readCodexAppServerBinding(params.sessionFile, {
+          config: params.config,
+        });
+        if (params.abortSignal?.aborted) {
+          return {
+            started: false as const,
+            result: skippedCodexNativeCompactionResult(params, {
+              reason: "codex app-server compaction aborted before native compaction",
+              code: "aborted_before_native_compaction",
+              expectedThreadId: binding.threadId,
+              currentThreadId: currentBinding?.threadId,
+            }),
+          };
+        }
+        if (!currentBinding || !isSameNativeCompactionBinding(currentBinding, binding)) {
+          embeddedAgentLog.warn(
+            "skipping codex app-server compaction because the thread binding changed",
+            {
+              sessionId: params.sessionId,
+              sessionKey: params.sessionKey,
+              expectedThreadId: binding.threadId,
+              currentThreadId: currentBinding?.threadId,
+            },
+          );
+          return {
+            started: false as const,
+            result: skippedCodexNativeCompactionResult(params, {
+              reason: "codex app-server binding changed before native compaction",
+              code: "binding_changed_before_native_compaction",
+              expectedThreadId: binding.threadId,
+              currentThreadId: currentBinding?.threadId,
+            }),
+          };
+        }
+        binding = currentBinding;
+        await clearContextEngineProjectionBeforeNativeCompaction({
+          sessionId: params.sessionId,
+          sessionFile: params.sessionFile,
+          binding,
+          config: params.config,
+        });
+        await client.request(
+          "thread/compact/start",
+          {
+            threadId: binding.threadId,
+          },
+          {
+            timeoutMs: Math.min(
+              appServer.requestTimeoutMs,
+              CODEX_APP_SERVER_BINDING_GUARDED_REQUEST_TIMEOUT_MS,
+            ),
+          },
+        );
+        return { started: true as const };
+      });
+      if (!guardedResult.started) {
+        return guardedResult.result;
+      }
+    } else {
+      await client.request("thread/compact/start", {
+        threadId: binding.threadId,
+      });
+    }
     embeddedAgentLog.info("started codex app-server compaction", {
       sessionId: params.sessionId,
       threadId: binding.threadId,
     });
   } catch (error) {
-    if (
-      options.allowNonManualNativeRequest &&
-      error instanceof CodexNativeTurnBindingChangedError
-    ) {
-      const latestBinding = await options.bindingStore.read(bindingIdentity);
-      return skippedBindingChangeResult(params, binding.threadId, latestBinding?.threadId);
-    }
     if (isCodexThreadNotFoundError(error)) {
       return failedCodexThreadBindingCompactionResult(params, {
         threadId: binding.threadId,
@@ -509,6 +297,10 @@ async function compactCodexNativeThread(
       compacted: false,
       reason: formatCompactionError(error),
     };
+  } finally {
+    if (shouldReleaseDefaultLease) {
+      releaseLeasedSharedCodexAppServerClient(client);
+    }
   }
   const resultDetails: JsonObject = {
     backend: "codex-app-server",
@@ -534,25 +326,6 @@ async function compactCodexNativeThread(
   };
 }
 
-function skippedBindingChangeResult(
-  params: CompactEmbeddedAgentSessionParams,
-  expectedThreadId: string,
-  currentThreadId: string | undefined,
-): EmbeddedAgentCompactResult {
-  embeddedAgentLog.warn("skipping codex app-server compaction because the thread binding changed", {
-    sessionId: params.sessionId,
-    sessionKey: params.sessionKey,
-    expectedThreadId,
-    currentThreadId,
-  });
-  return skippedCodexNativeCompactionResult(params, {
-    reason: "codex app-server binding changed before native compaction",
-    code: "binding_changed_before_native_compaction",
-    expectedThreadId,
-    currentThreadId,
-  });
-}
-
 function skippedCodexNativeCompactionResult(
   params: CompactEmbeddedAgentSessionParams,
   skipped: {
@@ -609,7 +382,39 @@ function failedCodexThreadBindingCompactionResult(
   };
 }
 
-function isSameNativeTurnBinding(
+async function clearContextEngineProjectionBeforeNativeCompaction(params: {
+  sessionId: string;
+  sessionFile: string;
+  binding: CodexAppServerThreadBinding;
+  config: CompactEmbeddedAgentSessionParams["config"];
+}): Promise<void> {
+  const contextEngineBinding = params.binding.contextEngine;
+  if (!contextEngineBinding?.projection) {
+    return;
+  }
+  // Native Codex compaction mutates the thread history outside the projection
+  // guard. Clear only the projection marker so the next turn reprojects context.
+  await writeCodexAppServerBinding(
+    params.sessionFile,
+    {
+      ...params.binding,
+      contextEngine: {
+        ...contextEngineBinding,
+        projection: undefined,
+      },
+      createdAt: params.binding.createdAt,
+    },
+    { config: params.config },
+  );
+  embeddedAgentLog.info("cleared codex context-engine projection before native compaction", {
+    sessionId: params.sessionId,
+    threadId: params.binding.threadId,
+    previousEpoch: contextEngineBinding.projection.epoch,
+    previousFingerprint: contextEngineBinding.projection.fingerprint,
+  });
+}
+
+function isSameNativeCompactionBinding(
   current: CodexAppServerThreadBinding,
   expected: CodexAppServerThreadBinding,
 ): boolean {

extensions/codex/src/app-server/config.test.ts

@@ -1,7 +1,5 @@
 // Codex tests cover config plugin behavior.
 import fs from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
 import { MAX_TIMER_TIMEOUT_MS } from "openclaw/plugin-sdk/number-runtime";
 import { describe, expect, it, vi } from "vitest";
 import {
@@ -202,7 +200,7 @@ describe("Codex app-server config", () => {
               },
               unix_sockets: {
                 "/tmp/mock-proxy.sock": "allow",
-                "/tmp/blocked.sock": "deny",
+                "/tmp/blocked.sock": "none",
               },
               proxy_url: "http://127.0.0.1:3128",
               socks_url: "socks5h://127.0.0.1:8081",
@@ -560,6 +558,7 @@ describe("Codex app-server config", () => {
     const switchedLocalModel = resolveCodexModelBackedReviewerPolicyContext({
       model: "lmstudio/local-model",
       bindingModel: "gpt-5.5",
+      nativeAuthProfile: true,
     });
     expect(switchedLocalModel).toEqual({
       modelProvider: "lmstudio",
@@ -746,39 +745,6 @@ describe("Codex app-server config", () => {
     });
   });
 
-  it("reloads Codex config.toml policy when Codex can reload it", async () => {
-    const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-codex-config-"));
-    const codexHome = path.join(agentDir, "codex-home");
-    const configPath = path.join(codexHome, "config.toml");
-    await fs.mkdir(codexHome);
-    try {
-      await fs.writeFile(configPath, 'openai_base_url = "http://localhost:8080/v1"\n');
-      const context = { modelProvider: "openai", model: "gpt-5.5", agentDir };
-      expect(canUseCodexModelBackedApprovalsReviewerForModel(context)).toBe(false);
-
-      await fs.writeFile(configPath, 'openai_base_url = "https://api.openai.com/v1"\n');
-      expect(canUseCodexModelBackedApprovalsReviewerForModel(context)).toBe(true);
-    } finally {
-      await fs.rm(agentDir, { recursive: true, force: true });
-    }
-  });
-
-  it("observes a Codex config.toml created after the first policy check", async () => {
-    const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-codex-config-"));
-    const codexHome = path.join(agentDir, "codex-home");
-    const configPath = path.join(codexHome, "config.toml");
-    await fs.mkdir(codexHome);
-    try {
-      const context = { modelProvider: "openai", model: "gpt-5.5", agentDir };
-      expect(canUseCodexModelBackedApprovalsReviewerForModel(context)).toBe(true);
-
-      await fs.writeFile(configPath, 'openai_base_url = "http://localhost:8080/v1"\n');
-      expect(canUseCodexModelBackedApprovalsReviewerForModel(context)).toBe(false);
-    } finally {
-      await fs.rm(agentDir, { recursive: true, force: true });
-    }
-  });
-
   it("forces prompting when explicit no-prompt config cannot use model-backed review", () => {
     const runtime = resolveRuntimeForTest({
       pluginConfig: {
@@ -976,8 +942,8 @@ allowed_sandbox_modes = ["read-only", "workspace-write"]
       env: {},
       modelProvider: "openai",
       requirementsPath: "/custom/codex/requirements.toml",
-      readRequirementsFile: (requirementsPath) => {
-        readPaths.push(requirementsPath);
+      readRequirementsFile: (path) => {
+        readPaths.push(path);
         return 'allowed_sandbox_modes = ["read-only", "workspace-write"]\n';
       },
     });
@@ -997,8 +963,8 @@ allowed_sandbox_modes = ["read-only", "workspace-write"]
       env: { ProgramData: "D:\\ManagedData" },
       modelProvider: "openai",
       platform: "win32",
-      readRequirementsFile: (requirementsPath) => {
-        readPaths.push(requirementsPath);
+      readRequirementsFile: (path) => {
+        readPaths.push(path);
         return 'allowed_sandbox_modes = ["read-only", "workspace-write"]\n';
       },
     });

extensions/codex/src/app-server/config.ts

@@ -192,11 +192,6 @@ export type CodexAppServerRuntimeOptions = {
   networkProxy?: ResolvedCodexAppServerNetworkProxyConfig;
 };
 
-export type CodexAppServerRuntimeResolution = {
-  appServer: CodexAppServerRuntimeOptions;
-  modelBackedReviewerAvailable: boolean;
-};
-
 export type CodexModelBackedReviewerContext = {
   modelProvider?: string;
   model?: string;
@@ -337,9 +332,7 @@ const codexAppServerNetworkProxySchema = z
     baseProfile: z.enum(["read-only", "workspace"]).optional(),
     mode: z.enum(["limited", "full"]).optional(),
     domains: z.record(z.string(), codexAppServerNetworkProxyDomainPermissionSchema).optional(),
-    unixSockets: z
-      .record(z.string(), codexAppServerNetworkProxyUnixSocketPermissionSchema)
-      .optional(),
+    unixSockets: z.record(z.string(), codexAppServerNetworkProxyUnixSocketPermissionSchema).optional(),
     proxyUrl: z.string().trim().min(1).optional(),
     socksUrl: z.string().trim().min(1).optional(),
     enableSocks5: z.boolean().optional(),
@@ -508,34 +501,25 @@ function resolveCodexPluginDestructivePolicy(policy: CodexPluginDestructivePolic
   };
 }
 
-type CodexAppServerRuntimeParams = {
-  pluginConfig?: unknown;
-  execMode?: OpenClawExecMode;
-  execPolicy?: OpenClawExecPolicyForCodexAppServer;
-  modelProvider?: string;
-  model?: string;
-  config?: ProviderAuthAliasConfig;
-  env?: NodeJS.ProcessEnv;
-  agentDir?: string;
-  codexConfigToml?: string | null;
-  requirementsToml?: string | null;
-  requirementsPath?: string;
-  readRequirementsFile?: (path: string) => string | undefined;
-  platform?: NodeJS.Platform;
-  hostName?: string;
-  openClawSandboxActive?: boolean;
-};
-
 export function resolveCodexAppServerRuntimeOptions(
-  params: CodexAppServerRuntimeParams = {},
+  params: {
+    pluginConfig?: unknown;
+    execMode?: OpenClawExecMode;
+    execPolicy?: OpenClawExecPolicyForCodexAppServer;
+    modelProvider?: string;
+    model?: string;
+    config?: ProviderAuthAliasConfig;
+    env?: NodeJS.ProcessEnv;
+    agentDir?: string;
+    codexConfigToml?: string | null;
+    requirementsToml?: string | null;
+    requirementsPath?: string;
+    readRequirementsFile?: (path: string) => string | undefined;
+    platform?: NodeJS.Platform;
+    hostName?: string;
+    openClawSandboxActive?: boolean;
+  } = {},
 ): CodexAppServerRuntimeOptions {
-  return resolveCodexAppServerRuntime(params).appServer;
-}
-
-/** Resolves runtime options and the model-policy fact computed with them. */
-export function resolveCodexAppServerRuntime(
-  params: CodexAppServerRuntimeParams = {},
-): CodexAppServerRuntimeResolution {
   const env = params.env ?? process.env;
   const config = readCodexPluginConfig(params.pluginConfig).appServer ?? {};
   const transport = resolveTransport(config.transport);
@@ -675,46 +659,43 @@ export function resolveCodexAppServerRuntime(
         : "implicit";
 
   return {
-    modelBackedReviewerAvailable: canUseModelBackedReviewer,
-    appServer: {
-      start: {
-        transport,
-        command,
-        commandSource,
-        args: args.length > 0 ? args : ["app-server", "--listen", "stdio://"],
-        ...(url ? { url } : {}),
-        ...(authToken ? { authToken } : {}),
-        headers,
-        ...(transport === "stdio" && clearEnv.length > 0 ? { clearEnv } : {}),
-      },
-      connectionClass,
-      remoteAppsSubstrate,
-      ...(remoteWorkspaceRoot ? { remoteWorkspaceRoot } : {}),
-      codeModeOnly: config.codeModeOnly === true,
-      requestTimeoutMs: normalizePositiveNumber(config.requestTimeoutMs, 60_000),
-      turnCompletionIdleTimeoutMs: normalizePositiveNumber(
-        config.turnCompletionIdleTimeoutMs,
-        60_000,
-      ),
-      ...(config.postToolRawAssistantCompletionIdleTimeoutMs !== undefined
-        ? {
-            postToolRawAssistantCompletionIdleTimeoutMs: normalizePositiveNumber(
-              config.postToolRawAssistantCompletionIdleTimeoutMs,
-              60_000,
-            ),
-          }
-        : {}),
-      approvalPolicy: forcedPolicy?.approvalPolicy ?? approvalPolicy,
-      approvalPolicySource,
-      sandbox: resolvedSandbox,
-      approvalsReviewer:
-        forcedPolicy?.approvalsReviewer ??
-        explicitApprovalsReviewer ??
-        defaultPolicy?.approvalsReviewer ??
-        (policyMode === "guardian" ? "auto_review" : "user"),
-      ...resolveCodexAppServerNetworkProxy(config.networkProxy, resolvedSandbox),
-      ...(serviceTier ? { serviceTier } : {}),
+    start: {
+      transport,
+      command,
+      commandSource,
+      args: args.length > 0 ? args : ["app-server", "--listen", "stdio://"],
+      ...(url ? { url } : {}),
+      ...(authToken ? { authToken } : {}),
+      headers,
+      ...(transport === "stdio" && clearEnv.length > 0 ? { clearEnv } : {}),
     },
+    connectionClass,
+    remoteAppsSubstrate,
+    ...(remoteWorkspaceRoot ? { remoteWorkspaceRoot } : {}),
+    codeModeOnly: config.codeModeOnly === true,
+    requestTimeoutMs: normalizePositiveNumber(config.requestTimeoutMs, 60_000),
+    turnCompletionIdleTimeoutMs: normalizePositiveNumber(
+      config.turnCompletionIdleTimeoutMs,
+      60_000,
+    ),
+    ...(config.postToolRawAssistantCompletionIdleTimeoutMs !== undefined
+      ? {
+          postToolRawAssistantCompletionIdleTimeoutMs: normalizePositiveNumber(
+            config.postToolRawAssistantCompletionIdleTimeoutMs,
+            60_000,
+          ),
+        }
+      : {}),
+    approvalPolicy: forcedPolicy?.approvalPolicy ?? approvalPolicy,
+    approvalPolicySource,
+    sandbox: resolvedSandbox,
+    approvalsReviewer:
+      forcedPolicy?.approvalsReviewer ??
+      explicitApprovalsReviewer ??
+      defaultPolicy?.approvalsReviewer ??
+      (policyMode === "guardian" ? "auto_review" : "user"),
+    ...(serviceTier ? { serviceTier } : {}),
+    ...resolveCodexAppServerNetworkProxy(config.networkProxy, resolvedSandbox),
   };
 }
 
@@ -786,6 +767,7 @@ export function resolveCodexModelBackedReviewerPolicyContext(params: {
   model?: string;
   bindingModelProvider?: string;
   bindingModel?: string;
+  nativeAuthProfile?: boolean;
 }): CodexModelBackedReviewerContext {
   const provider = params.provider?.trim();
   if (provider && provider.toLowerCase() !== "codex") {
@@ -817,7 +799,7 @@ export function resolveCodexModelBackedReviewerPolicyContext(params: {
     };
   }
   return {
-    modelProvider: undefined,
+    modelProvider: params.nativeAuthProfile === true ? "openai" : undefined,
     model: params.model ?? params.bindingModel,
   };
 }
@@ -884,7 +866,6 @@ export function codexAppServerStartOptionsKey(
   options: CodexAppServerStartOptions,
   params: {
     authProfileId?: string;
-    authAccountCacheKey?: string;
     agentDir?: string;
     fallbackApiKeyCacheKey?: string;
   } = {},
@@ -904,7 +885,6 @@ export function codexAppServerStartOptionsKey(
       .map(([key, value]) => [key, hashSecretForKey(value, `env:${key}`)]),
     clearEnv: [...(options.clearEnv ?? [])].toSorted(),
     authProfileId: params.authProfileId ?? null,
-    authAccountCacheKey: params.authAccountCacheKey ?? null,
     agentDir: params.agentDir ?? null,
     fallbackApiKeyCacheKey: params.fallbackApiKeyCacheKey ?? null,
   });
@@ -944,7 +924,7 @@ function resolveCodexAppServerNetworkProxy(
     enabled: true,
     mode: config.mode,
     domains: normalizeNetworkProxyPermissionMap(config.domains),
-    unix_sockets: normalizeNetworkProxyUnixSocketPermissionMap(config.unixSockets),
+    unix_sockets: normalizeNetworkProxyPermissionMap(config.unixSockets),
     proxy_url: readNonEmptyString(config.proxyUrl),
     socks_url: readNonEmptyString(config.socksUrl),
     enable_socks5: config.enableSocks5,
@@ -999,20 +979,6 @@ export function fingerprintCodexAppServerNetworkProxyConfigPatch(configPatch: Js
   return createHash("sha256").update(stableStringifyJson(configPatch)).digest("hex");
 }
 
-function normalizeNetworkProxyUnixSocketPermissionMap(
-  value: Record<string, CodexAppServerNetworkProxyUnixSocketPermission> | undefined,
-): Record<string, "allow" | "deny"> | undefined {
-  const normalized = normalizeNetworkProxyPermissionMap(value);
-  return normalized
-    ? Object.fromEntries(
-        Object.entries(normalized).map(([socketPath, permission]) => [
-          socketPath,
-          permission === "none" ? "deny" : permission,
-        ]),
-      )
-    : undefined;
-}
-
 function normalizeNetworkProxyPermissionMap<TPermission extends string>(
   value: Record<string, TPermission> | undefined,
 ): Record<string, TPermission> | undefined {

extensions/codex/src/app-server/context-engine-projection.test.ts

@@ -249,64 +249,10 @@ describe("projectContextEngineAssemblyForCodex", () => {
     // The user's actual request is the priority tail and must survive truncation.
     expect(fitted).toContain("Current user request:");
     expect(fitted.endsWith("q".repeat(40))).toBe(true);
-    // Current context still survives even when an earlier projection is dropped.
-    expect(fitted).toContain("older context");
-    // The dropped older content is reported, not silently lost.
+    // The dropped older context is reported, not silently lost.
     expect(fitted).toContain("[truncated ");
   });
 
-  it("keeps the current request and fitting hook context after projecting history", () => {
-    const before = "OpenClaw assembled context for this turn:\n<conversation_context>\n";
-    const context = `recent context ${"c".repeat(800)}`;
-    const request = "\n</conversation_context>\n\nCurrent user request:\nkeep this request";
-    const hookAppend = "\n\nhook context survives";
-    const promptText = `${before}${context}${request}${hookAppend}`;
-    const maxChars = 420;
-
-    const fitted = fitCodexProjectedContextForTurnStart({
-      promptText,
-      contextRange: { start: before.length, end: before.length + context.length },
-      requestRange: {
-        start: before.length + context.length,
-        end: before.length + context.length + request.length,
-      },
-      maxChars,
-    });
-
-    expect(fitted.length).toBeLessThanOrEqual(maxChars);
-    expect(fitted).toContain("[truncated ");
-    expect(fitted).toContain("Current user request:\nkeep this request");
-    expect(fitted).toContain("hook context survives");
-  });
-
-  it("keeps the original input when a hook appends context without a projection", () => {
-    const prompt = "current prompt survives";
-    const hookAppend = `\n\nhook context ${"h".repeat(800)}`;
-    const maxChars = 420;
-
-    const fitted = fitCodexProjectedContextForTurnStart({
-      promptText: `${prompt}${hookAppend}`,
-      preservedRange: { start: 0, end: prompt.length },
-      maxChars,
-    });
-
-    expect(fitted.length).toBeLessThanOrEqual(maxChars);
-    expect(fitted).toContain(prompt);
-    expect(fitted).not.toContain("hook context");
-  });
-
-  it("bounds hook output for an empty original input", () => {
-    const maxChars = 420;
-    const fitted = fitCodexProjectedContextForTurnStart({
-      promptText: `hook context ${"h".repeat(800)} hook tail`,
-      preservedRange: { start: 0, end: 0 },
-      maxChars,
-    });
-
-    expect(fitted.length).toBeLessThanOrEqual(maxChars);
-    expect(fitted).toContain("hook tail");
-  });
-
   it("bounds output for a large request under the default Codex turn limit", () => {
     const maxChars = CODEX_TURN_START_TEXT_INPUT_MAX_CHARS;
     // A large assembled header prefix already over the cap forces the

extensions/codex/src/app-server/context-engine-projection.ts

@@ -121,8 +121,6 @@ export function resolveCodexContextEngineProjectionReserveTokens(params: {
 export function fitCodexProjectedContextForTurnStart(params: {
   promptText: string;
   contextRange?: CodexProjectedContextRange;
-  requestRange?: CodexProjectedContextRange;
-  preservedRange?: CodexProjectedContextRange;
   maxChars?: number;
 }): string {
   const maxChars =
@@ -134,63 +132,23 @@ export function fitCodexProjectedContextForTurnStart(params: {
   }
   const range = normalizeProjectedContextRange(params.contextRange, params.promptText.length);
   if (!range) {
-    const preservedRange = normalizeProjectedContextRange(
-      params.preservedRange,
-      params.promptText.length,
-    );
-    if (!preservedRange) {
-      return params.promptText;
-    }
-    const preservedText = params.promptText.slice(preservedRange.start, preservedRange.end);
-    if (!preservedText) {
-      return truncateOlderContext(params.promptText, maxChars);
-    }
-    if (preservedText.length >= maxChars) {
-      return truncateOlderContext(preservedText, maxChars);
-    }
-    const beforeRange = params.promptText.slice(0, preservedRange.start);
-    return `${truncateOlderContext(beforeRange, maxChars - preservedText.length)}${preservedText}`;
+    return params.promptText;
   }
 
   const beforeContext = params.promptText.slice(0, range.start);
   const context = params.promptText.slice(range.start, range.end);
   const afterContext = params.promptText.slice(range.end);
-  const requestRange = normalizeProjectedContextRange(
-    params.requestRange,
-    params.promptText.length,
-  );
-  if (
-    requestRange &&
-    requestRange.start >= range.end &&
-    requestRange.end < params.promptText.length
-  ) {
-    const request = params.promptText.slice(requestRange.start, requestRange.end);
-    if (request.length >= maxChars) {
-      return truncateOlderContext(request, maxChars);
-    }
-    const appendedContext = params.promptText.slice(requestRange.end);
-    // Hook-appended context is newer than the projected history. Retain it
-    // before trimming the projection, while the full current request remains
-    // the hard boundary that must survive a bounded turn/start input.
-    const fittedAppendedContext = truncateOlderContext(appendedContext, maxChars - request.length);
-    const contextBudget = maxChars - request.length - fittedAppendedContext.length;
-    const fittedContext = truncateOlderContext(context, contextBudget);
-    const beforeContextBudget =
-      maxChars - fittedContext.length - request.length - fittedAppendedContext.length;
-    return `${truncateOlderContext(beforeContext, beforeContextBudget)}${fittedContext}${request}${fittedAppendedContext}`;
-  }
   const contextBudget = maxChars - beforeContext.length - afterContext.length;
   if (contextBudget > 0) {
     const fittedContext = truncateOlderContext(context, contextBudget);
     return `${beforeContext}${fittedContext}${afterContext}`;
   }
-  // Hook-added prefixes can make the non-context text exceed the limit. Keep
-  // the current context tail before the user's request; dropping it would make
-  // a duplicated earlier projection crowd out the newest assembled context.
-  const afterContextText = truncateOlderContext(afterContext, maxChars);
-  const contextBudgetAfterRequest = maxChars - afterContextText.length;
-  const fittedContext = truncateOlderContext(context, contextBudgetAfterRequest);
-  return `${fittedContext}${afterContextText}`;
+  // The header plus the trailing user request already fill the limit, so the
+  // older context drops entirely and the remaining text must still be bounded;
+  // otherwise Codex app-server rejects the turn for exceeding
+  // MAX_USER_INPUT_TEXT_CHARS. truncateOlderContext keeps the tail, preserving
+  // the user's actual request over the older header text.
+  return truncateOlderContext(`${beforeContext}${afterContext}`, maxChars);
 }
 
 function normalizeProjectedContextRange(

extensions/codex/src/app-server/dynamic-tool-build.test.ts

@@ -11,10 +11,11 @@ import {
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import {
   addSandboxShellDynamicToolsIfAvailable,
+  buildDynamicTools,
   filterCodexDynamicToolsForAllowlist,
   hasWildcardCodexToolsAllow,
   includeForcedCodexDynamicToolAllow,
-  prepareDynamicToolCatalog,
+  mapCodexAppServerRemoteWorkspacePath,
   resetOpenClawCodingToolsFactoryForTests,
   resolveCodexAppServerExecutionCwd,
   resolveOpenClawCodingToolsSessionKeys,
@@ -22,7 +23,6 @@ import {
   setOpenClawCodingToolsFactoryForTests,
   shouldEnableCodexAppServerNativeToolSurface,
   shouldForceMessageTool,
-  type OpenClawCodingToolsFactory,
 } from "./dynamic-tool-build.js";
 import {
   filterCodexDynamicTools,
@@ -106,13 +106,13 @@ function createRuntimeDynamicTool(name: string): RuntimeDynamicToolForTest {
 async function buildDynamicToolsForTest(
   params: EmbeddedRunAttemptParams,
   workspaceDir: string,
-  options: Partial<Parameters<typeof prepareDynamicToolCatalog>[0]> = {},
+  options: Partial<Parameters<typeof buildDynamicTools>[0]> = {},
 ) {
   const sandboxSessionKey = params.sessionKey;
   if (!sandboxSessionKey) {
     throw new Error("createParams must provide a sessionKey for Codex dynamic tool tests.");
   }
-  const catalog = await prepareDynamicToolCatalog({
+  return buildDynamicTools({
     params,
     resolvedWorkspace: workspaceDir,
     effectiveWorkspace: workspaceDir,
@@ -125,7 +125,6 @@ async function buildDynamicToolsForTest(
     onYieldDetected: () => undefined,
     ...options,
   });
-  return catalog.tools;
 }
 
 describe("Codex app-server dynamic tool build", () => {
@@ -228,51 +227,197 @@ describe("Codex app-server dynamic tool build", () => {
     ]);
   });
 
-  it("prepares runtime and durable tool views from one OpenClaw catalog", async () => {
-    const messageTool = createRuntimeDynamicTool("message");
-    const webSearchTool = createRuntimeDynamicTool("web_search");
-    const heartbeatTool = createRuntimeDynamicTool("heartbeat_respond");
-    const factory = vi.fn<OpenClawCodingToolsFactory>((options) => [
-      messageTool,
-      webSearchTool,
-      ...(options?.enableHeartbeatTool ? [heartbeatTool] : []),
-    ]);
-    setOpenClawCodingToolsFactoryForTests(factory);
-    const sessionFile = path.join(tempDir, "session.jsonl");
+  it("removes managed web_search when domain-restricted Codex hosted search is active", async () => {
     const workspaceDir = path.join(tempDir, "workspace");
-    const params = createParams(sessionFile, workspaceDir);
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
     params.disableTools = false;
-    const runtimePlan = createCodexRuntimePlanFixture();
-    params.runtimePlan = {
-      ...runtimePlan,
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    params.config = {
       tools: {
-        normalize: (tools: Array<{ name: string }>) =>
-          tools.filter((tool) => tool.name === "message"),
-        logDiagnostics: () => undefined,
+        web: {
+          search: { openaiCodex: { allowedDomains: ["example.com"] } },
+        },
       },
-    } as unknown as NonNullable<EmbeddedRunAttemptParams["runtimePlan"]>;
+    } as never;
+    setOpenClawCodingToolsFactoryForTests(() => [
+      createRuntimeDynamicTool("web_search"),
+      createRuntimeDynamicTool("message"),
+    ]);
+    let webSearchAllowed = false;
 
-    const catalog = await prepareDynamicToolCatalog({
-      params,
-      resolvedWorkspace: workspaceDir,
-      effectiveWorkspace: workspaceDir,
-      sandboxSessionKey: params.sessionKey ?? "agent:main:session-1",
-      sandbox: { enabled: false, backendId: "docker" } as never,
-      nativeToolSurfaceEnabled: true,
-      runAbortController: new AbortController(),
-      sessionAgentId: "main",
-      pluginConfig: {},
-      onYieldDetected: () => undefined,
+    const tools = await buildDynamicToolsForTest(params, workspaceDir, {
+      onWebSearchPolicyResolved: (allowed) => {
+        webSearchAllowed = allowed;
+      },
     });
 
-    expect(factory).toHaveBeenCalledTimes(1);
-    expect(factory.mock.calls[0]?.[0]?.enableHeartbeatTool).toBe(true);
-    expect(catalog.tools.map((tool) => tool.name)).toEqual(["message"]);
-    expect(catalog.registeredTools.map((tool) => tool.name)).toEqual([
-      "message",
-      "web_search",
-      "heartbeat_respond",
+    expect(tools.map((tool) => tool.name)).toEqual(["message"]);
+    expect(webSearchAllowed).toBe(true);
+  });
+
+  it("reports hosted search denied when effective tool policy removes web_search", async () => {
+    const workspaceDir = path.join(tempDir, "workspace");
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    setOpenClawCodingToolsFactoryForTests(() => [createRuntimeDynamicTool("message")]);
+    let webSearchAllowed = true;
+
+    const tools = await buildDynamicToolsForTest(params, workspaceDir, {
+      onWebSearchPolicyResolved: (allowed) => {
+        webSearchAllowed = allowed;
+      },
+    });
+
+    expect(tools.map((tool) => tool.name)).toEqual(["message"]);
+    expect(webSearchAllowed).toBe(false);
+  });
+
+  it("separates persistent search policy from a runtime toolsAllow restriction", async () => {
+    const workspaceDir = path.join(tempDir, "workspace");
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    params.toolsAllow = ["message"];
+    setOpenClawCodingToolsFactoryForTests(() => [
+      createRuntimeDynamicTool("web_search"),
+      createRuntimeDynamicTool("message"),
     ]);
+    let persistentWebSearchAllowed = false;
+    let webSearchAllowed = true;
+
+    const tools = await buildDynamicToolsForTest(params, workspaceDir, {
+      onPersistentWebSearchPolicyResolved: (allowed) => {
+        persistentWebSearchAllowed = allowed;
+      },
+      onWebSearchPolicyResolved: (allowed) => {
+        webSearchAllowed = allowed;
+      },
+    });
+
+    expect(tools.map((tool) => tool.name)).toEqual(["message"]);
+    expect(persistentWebSearchAllowed).toBe(true);
+    expect(webSearchAllowed).toBe(false);
+  });
+
+  it("keeps persistent search denied when runtime toolsAllow also excludes it", async () => {
+    const workspaceDir = path.join(tempDir, "workspace");
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    params.toolsAllow = ["message"];
+    setOpenClawCodingToolsFactoryForTests(() => [createRuntimeDynamicTool("message")]);
+    let persistentWebSearchAllowed = true;
+    let webSearchAllowed = true;
+
+    const tools = await buildDynamicToolsForTest(params, workspaceDir, {
+      onPersistentWebSearchPolicyResolved: (allowed) => {
+        persistentWebSearchAllowed = allowed;
+      },
+      onWebSearchPolicyResolved: (allowed) => {
+        webSearchAllowed = allowed;
+      },
+    });
+
+    expect(tools.map((tool) => tool.name)).toEqual(["message"]);
+    expect(persistentWebSearchAllowed).toBe(false);
+    expect(webSearchAllowed).toBe(false);
+  });
+
+  it("treats sender-scoped web_search denial as transient", async () => {
+    const workspaceDir = path.join(tempDir, "workspace");
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    params.senderId = "restricted-sender";
+    params.config = {
+      tools: {
+        toolsBySender: {
+          "id:restricted-sender": { deny: ["web_search"] },
+        },
+      },
+    } as never;
+    setOpenClawCodingToolsFactoryForTests(() => [createRuntimeDynamicTool("message")]);
+    let persistentWebSearchAllowed = false;
+    let webSearchAllowed = true;
+
+    const tools = await buildDynamicToolsForTest(params, workspaceDir, {
+      onPersistentWebSearchPolicyResolved: (allowed) => {
+        persistentWebSearchAllowed = allowed;
+      },
+      onWebSearchPolicyResolved: (allowed) => {
+        webSearchAllowed = allowed;
+      },
+    });
+
+    expect(tools.map((tool) => tool.name)).toEqual(["message"]);
+    expect(persistentWebSearchAllowed).toBe(true);
+    expect(webSearchAllowed).toBe(false);
+  });
+
+  it("keeps persistent search denied when global and sender policy both deny it", async () => {
+    const workspaceDir = path.join(tempDir, "workspace");
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    params.senderId = "restricted-sender";
+    params.config = {
+      tools: {
+        deny: ["web_search"],
+        toolsBySender: {
+          "id:restricted-sender": { deny: ["web_search"] },
+        },
+      },
+    } as never;
+    setOpenClawCodingToolsFactoryForTests(() => [createRuntimeDynamicTool("message")]);
+    let persistentWebSearchAllowed = true;
+
+    await buildDynamicToolsForTest(params, workspaceDir, {
+      onPersistentWebSearchPolicyResolved: (allowed) => {
+        persistentWebSearchAllowed = allowed;
+      },
+    });
+
+    expect(persistentWebSearchAllowed).toBe(false);
+  });
+
+  it("keeps managed web_search when a managed provider is explicitly selected", async () => {
+    const workspaceDir = path.join(tempDir, "workspace");
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    params.config = {
+      tools: {
+        web: {
+          search: { provider: "brave" },
+        },
+      },
+    } as never;
+    setOpenClawCodingToolsFactoryForTests(() => [
+      createRuntimeDynamicTool("web_search"),
+      createRuntimeDynamicTool("message"),
+    ]);
+
+    const tools = await buildDynamicToolsForTest(params, workspaceDir);
+
+    expect(tools.map((tool) => tool.name)).toEqual(["web_search", "message"]);
+  });
+
+  it("keeps managed web_search when the active Codex provider lacks hosted search", async () => {
+    const workspaceDir = path.join(tempDir, "workspace");
+    const params = createParams(path.join(tempDir, "session.jsonl"), workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    setOpenClawCodingToolsFactoryForTests(() => [
+      createRuntimeDynamicTool("web_search"),
+      createRuntimeDynamicTool("message"),
+    ]);
+
+    const tools = await buildDynamicToolsForTest(params, workspaceDir, {
+      nativeProviderWebSearchSupport: "unsupported",
+    });
+
+    expect(tools.map((tool) => tool.name)).toEqual(["web_search", "message"]);
   });
 
   it("applies additional Codex dynamic tool excludes without exposing Codex-native tools", () => {

extensions/codex/src/app-server/dynamic-tool-build.ts

@@ -46,9 +46,6 @@ type OpenClawExecOptions = NonNullable<OpenClawCodingToolsOptions["exec"]>;
 export type OpenClawCodingToolsFactory =
   (typeof import("openclaw/plugin-sdk/agent-harness"))["createOpenClawCodingTools"];
 type OpenClawDynamicTool = ReturnType<OpenClawCodingToolsFactory>[number];
-type OpenClawDynamicToolProjection = ReturnType<
-  typeof filterProviderNormalizableTools<OpenClawDynamicTool>
->;
 type OpenClawSandboxContext = Awaited<ReturnType<typeof resolveSandboxContext>>;
 type CodexDynamicToolBuildEvent = Parameters<
   NonNullable<EmbeddedRunAttemptParams["onAgentEvent"]>
@@ -63,7 +60,9 @@ const CODEX_NATIVE_SANDBOX_TOOL_REQUIREMENTS = [
   "apply_patch",
 ] as const;
 const CODEX_MEMORY_FLUSH_DYNAMIC_TOOL_ALLOW = new Set(["read", "write"]);
-const CODEX_HEARTBEAT_DYNAMIC_TOOL_NAME = "heartbeat_respond";
+const CODEX_NODE_EXEC_DYNAMIC_TOOL_NAME = "node_exec";
+const CODEX_NODE_PROCESS_DYNAMIC_TOOL_NAME = "node_process";
+const CODEX_NODE_EXEC_HIDDEN_PARAMETER_NAMES = new Set(["host", "security", "ask", "node"]);
 
 /** Runtime inputs needed to derive the exact Codex dynamic tool surface for a turn. */
 export type DynamicToolBuildParams = {
@@ -79,6 +78,9 @@ export type DynamicToolBuildParams = {
   sessionAgentId: string;
   pluginConfig: CodexPluginConfig;
   profilerEnabled?: boolean;
+  forceHeartbeatTool?: boolean;
+  ignoreDisableMessageTool?: boolean;
+  ignoreRuntimePlan?: boolean;
   onYieldDetected: () => void;
   onCodexAppServerEvent?: (event: CodexDynamicToolBuildEvent) => void;
   onPersistentWebSearchPolicyResolved?: (allowed: boolean) => void;
@@ -141,11 +143,6 @@ type CodexDynamicToolBuildStageSummary = {
   stages: CodexDynamicToolBuildStageTiming[];
 };
 
-type CodexDynamicToolBuildStageTracker = {
-  mark: (name: string) => void;
-  snapshot: () => CodexDynamicToolBuildStageSummary;
-};
-
 const CODEX_DYNAMIC_TOOL_BUILD_WARN_TOTAL_MS = 1_000;
 const CODEX_DYNAMIC_TOOL_BUILD_WARN_STAGE_MS = 500;
 
@@ -207,42 +204,26 @@ export function formatCodexDynamicToolBuildStageSummary(
     : "none";
 }
 
-/** Builds the turn-visible and durable registration views from one OpenClaw tool catalog. */
-export async function prepareDynamicToolCatalog(input: DynamicToolBuildParams): Promise<{
-  tools: OpenClawDynamicTool[];
-  registeredTools: OpenClawDynamicTool[];
-}> {
+/** Builds, filters, and normalizes Codex-compatible runtime tools for a single turn. */
+export async function buildDynamicTools(input: DynamicToolBuildParams) {
   const { params } = input;
-  if (params.disableTools || !supportsModelTools(params.model)) {
-    return { tools: [], registeredTools: [] };
+  const messagePolicyParams = input.ignoreDisableMessageTool
+    ? { ...params, disableMessageTool: false }
+    : params;
+  if (params.disableTools) {
+    input.onWebSearchPolicyResolved?.(false);
+    return [];
   }
+  if (!supportsModelTools(params.model)) {
+    input.onPersistentWebSearchPolicyResolved?.(false);
+    input.onWebSearchPolicyResolved?.(false);
+    return [];
+  }
+  // Dynamic tool construction is on the reply hot path, so per-stage
+  // Date.now/span bookkeeping runs only when the Codex profiler flag is set.
   const toolBuildStages = createCodexDynamicToolBuildStageTracker({
     enabled: input.profilerEnabled,
   });
-  // The durable schema must include heartbeat_respond across normal and heartbeat
-  // turns. Build that superset once, then hide it only from normal turn exposure.
-  const allTools = await buildOpenClawDynamicToolSource(input, toolBuildStages);
-  const readableTools = filterProviderNormalizableTools(allTools);
-  toolBuildStages.mark("provider-normalization");
-  const tools = projectDynamicTools(input, readableTools, toolBuildStages, {
-    excludeHeartbeatTool: params.trigger !== "heartbeat",
-    phase: "runtime-tools",
-    stagePrefix: "runtime",
-  });
-  const registeredTools = projectDynamicTools(input, readableTools, toolBuildStages, {
-    ignoreRuntimePlan: true,
-    phase: "registered-tools",
-    reportDiagnostics: false,
-    stagePrefix: "registered",
-  });
-  return { tools, registeredTools };
-}
-
-async function buildOpenClawDynamicToolSource(
-  input: DynamicToolBuildParams,
-  toolBuildStages: CodexDynamicToolBuildStageTracker,
-): Promise<OpenClawDynamicTool[]> {
-  const { params } = input;
   const modelHasVision = params.model.input?.includes("image") ?? false;
   const agentDir = params.agentDir ?? resolveAgentDir(params.config ?? {}, input.sessionAgentId);
   const agentHarness = await import("openclaw/plugin-sdk/agent-harness");
@@ -321,10 +302,10 @@ async function buildOpenClawDynamicToolSource(
     requireExplicitMessageTarget:
       params.requireExplicitMessageTarget ?? isSubagentSessionKey(params.sessionKey),
     sourceReplyDeliveryMode: params.sourceReplyDeliveryMode,
-    disableMessageTool: params.disableMessageTool,
-    forceMessageTool: shouldForceMessageTool(params),
-    enableHeartbeatTool: true,
-    forceHeartbeatTool: true,
+    disableMessageTool: input.ignoreDisableMessageTool ? false : params.disableMessageTool,
+    forceMessageTool: shouldForceMessageTool(messagePolicyParams),
+    enableHeartbeatTool: params.trigger === "heartbeat" || input.forceHeartbeatTool === true,
+    forceHeartbeatTool: params.trigger === "heartbeat" || input.forceHeartbeatTool === true,
     onYield: (message) => {
       input.onYieldDetected();
       input.onCodexAppServerEvent?.({
@@ -339,30 +320,16 @@ async function buildOpenClawDynamicToolSource(
     allocateToolOutcomeOrdinal: params.allocateToolOutcomeOrdinal,
   });
   toolBuildStages.mark("create-openclaw-coding-tools");
-  return allTools;
-}
-
-function projectDynamicTools(
-  input: DynamicToolBuildParams,
-  source: OpenClawDynamicToolProjection,
-  toolBuildStages: CodexDynamicToolBuildStageTracker,
-  options: {
-    excludeHeartbeatTool?: boolean;
-    ignoreRuntimePlan?: boolean;
-    phase?: "runtime-tools" | "registered-tools";
-    reportDiagnostics?: boolean;
-    stagePrefix?: string;
-  } = {},
-): OpenClawDynamicTool[] {
-  const { params } = input;
-  const markStage = (name: string) =>
-    toolBuildStages.mark(options.stagePrefix ? `${options.stagePrefix}-${name}` : name);
-  const preNormalizationDiagnostics: RuntimeToolSchemaDiagnostic[] = [...source.diagnostics];
-  const readableAllTools = [...source.tools].filter(
-    (tool) =>
-      !options.excludeHeartbeatTool ||
-      normalizeCodexDynamicToolName(tool.name) !== CODEX_HEARTBEAT_DYNAMIC_TOOL_NAME,
-  );
+  const preNormalizationDiagnostics: RuntimeToolSchemaDiagnostic[] = [];
+  const readableAllToolProjection = filterProviderNormalizableTools(allTools);
+  preNormalizationDiagnostics.push(...readableAllToolProjection.diagnostics);
+  const webSearchPlan = resolveCodexWebSearchPlan({
+    config: params.config,
+    disableTools: params.disableTools,
+    nativeToolSurfaceEnabled: input.nativeToolSurfaceEnabled,
+    nativeProviderWebSearchSupport: input.nativeProviderWebSearchSupport,
+  });
+  const readableAllTools = [...readableAllToolProjection.tools];
   const codexFilteredTools = addNodeShellDynamicToolsIfNeeded(
     addSandboxShellDynamicToolsIfAvailable(
       isCodexMemoryFlushRun(params)
@@ -375,18 +342,51 @@ function projectDynamicTools(
     input,
     nativeExecutionPolicy,
   );
-  markStage("codex-filtering");
-  const modelHasVision = params.model.input?.includes("image") ?? false;
+  toolBuildStages.mark("codex-filtering");
   const visionFilteredTools = filterToolsForVisionInputs(codexFilteredTools, {
     modelHasVision,
     hasInboundImages: (params.images?.length ?? 0) > 0,
   });
-  markStage("vision-filtering");
-  const toolsAllow = includeForcedCodexDynamicToolAllow(params.toolsAllow, params);
+  toolBuildStages.mark("vision-filtering");
+  const webSearchPresent = visionFilteredTools.some((tool) => tool.name === "web_search");
+  const webSearchPolicy = agentHarness.resolveWebSearchToolPolicy({
+    config: params.config,
+    modelProvider: params.model.provider,
+    modelId: params.modelId,
+    agentId: input.sessionAgentId,
+    sessionKey: input.sandboxSessionKey,
+    sandboxToolPolicy: input.sandbox?.tools,
+    messageProvider: resolveCodexMessageToolProvider(params),
+    agentAccountId: params.agentAccountId,
+    groupId: params.groupId,
+    groupChannel: params.groupChannel,
+    groupSpace: params.groupSpace,
+    spawnedBy: params.spawnedBy,
+    senderId: params.senderId,
+    senderName: params.senderName,
+    senderUsername: params.senderUsername,
+    senderE164: params.senderE164,
+  });
+  const senderScopedWebSearchRestriction =
+    !webSearchPolicy.allowed && webSearchPolicy.persistentAllowed;
+  const transientWebSearchRestriction =
+    senderScopedWebSearchRestriction || isCodexMemoryFlushRun(params);
+  const persistentCodexWebSearchSurface =
+    params.config?.tools?.web?.search?.enabled !== false &&
+    !(input.pluginConfig.codexDynamicToolsExclude ?? []).some(
+      (name) => normalizeCodexDynamicToolName(name) === "web_search",
+    );
+  input.onPersistentWebSearchPolicyResolved?.(
+    webSearchPresent ||
+      (persistentCodexWebSearchSurface &&
+        transientWebSearchRestriction &&
+        webSearchPolicy.persistentAllowed),
+  );
+  const toolsAllow = includeForcedCodexDynamicToolAllow(params.toolsAllow, messagePolicyParams);
   const filteredTools = filterCodexDynamicToolsForAllowlist(visionFilteredTools, toolsAllow);
-  markStage("allowlist-filter");
+  toolBuildStages.mark("allowlist-filter");
   const normalizedTools = normalizeAgentRuntimeTools({
-    runtimePlan: options.ignoreRuntimePlan ? undefined : params.runtimePlan,
+    runtimePlan: input.ignoreRuntimePlan ? undefined : params.runtimePlan,
     tools: filteredTools,
     provider: params.provider,
     config: params.config,
@@ -395,14 +395,17 @@ function projectDynamicTools(
     modelId: params.modelId,
     modelApi: params.model.api,
     model: params.model,
-    // Registration is a projection of the already-prepared catalog. Never
-    // activate another provider runtime while constructing its durable schema.
-    allowProviderRuntimePluginLoad: options.ignoreRuntimePlan ? false : undefined,
     onPreNormalizationSchemaDiagnostics: (diagnostics) =>
       preNormalizationDiagnostics.push(...diagnostics),
   });
-  markStage("runtime-normalization");
-  if (options.reportDiagnostics !== false && preNormalizationDiagnostics.length > 0) {
+  toolBuildStages.mark("runtime-normalization");
+  // Resolve policy before hiding the managed tool. Hosted search follows the
+  // same effective policy, while only one search implementation is exposed.
+  input.onWebSearchPolicyResolved?.(normalizedTools.some((tool) => tool.name === "web_search"));
+  const exposedTools = webSearchPlan.suppressManagedWebSearch
+    ? normalizedTools.filter((tool) => tool.name !== "web_search")
+    : normalizedTools;
+  if (preNormalizationDiagnostics.length > 0) {
     embeddedAgentLog.warn(
       `codex app-server quarantined ${preNormalizationDiagnostics.length} unsupported runtime tool schema${preNormalizationDiagnostics.length === 1 ? "" : "s"} before dynamic tool registration`,
       {
@@ -419,7 +422,7 @@ function projectDynamicTools(
   }
   const summary = toolBuildStages.snapshot();
   if (shouldWarnCodexDynamicToolBuildStageSummary(summary)) {
-    const phase = options.phase ?? "runtime-tools";
+    const phase = input.forceHeartbeatTool ? "registered-tools" : "runtime-tools";
     embeddedAgentLog.warn(
       `codex app-server dynamic tool build timings runId=${params.runId} sessionId=${params.sessionId} phase=${phase} totalMs=${summary.totalMs} stages=${formatCodexDynamicToolBuildStageSummary(summary)}`,
       {
@@ -432,8 +435,9 @@ function projectDynamicTools(
         codexFilteredToolCount: codexFilteredTools.length,
         visionFilteredToolCount: visionFilteredTools.length,
         filteredToolCount: filteredTools.length,
-        normalizedToolCount: normalizedTools.length,
-        ignoreRuntimePlan: options.ignoreRuntimePlan === true,
+        normalizedToolCount: exposedTools.length,
+        forceHeartbeatTool: input.forceHeartbeatTool === true,
+        ignoreRuntimePlan: input.ignoreRuntimePlan === true,
         nativeToolSurfaceEnabled: input.nativeToolSurfaceEnabled === true,
       },
     );

extensions/codex/src/app-server/dynamic-tools.test.ts

@@ -2129,88 +2129,6 @@ describe("createCodexDynamicToolBridge", () => {
     });
   });
 
-  it("reports confirmed sends as successful when result middleware fails", async () => {
-    const registry = createEmptyPluginRegistry();
-    const handler = vi.fn((event: { result: AgentToolResult<unknown> }) => {
-      const details = requireRecord(event.result.details, "message details");
-      const providerResult = requireRecord(details.result, "provider result");
-      delete providerResult.messageId;
-      throw new Error("redaction failed");
-    });
-    registry.agentToolResultMiddlewares.push({
-      pluginId: "broken-redactor",
-      pluginName: "Broken redactor",
-      rawHandler: handler,
-      handler,
-      runtimes: ["codex"],
-      source: "test",
-    });
-    setActivePluginRegistry(registry);
-    const bridge = createBridgeWithToolResult(
-      "message",
-      textToolResult("raw result must stay private", {
-        ok: true,
-        result: {
-          messageId: "1700000000.000100",
-          channelId: "C123",
-          threadId: "1700000000.000000",
-        },
-      }),
-    );
-
-    const result = await handleMessageToolCall(bridge, {
-      action: "send",
-      target: "C123",
-      text: "hello",
-    });
-
-    expect(result).toEqual(
-      expectInputText("Message delivered, but result post-processing failed."),
-    );
-    expect(result.sideEffectEvidence).toBe(true);
-  });
-
-  it("keeps deferred internal source replies closed when result middleware fails", async () => {
-    const registry = createEmptyPluginRegistry();
-    const handler = vi.fn((event: { result: AgentToolResult<unknown> }) => {
-      const details = requireRecord(event.result.details, "message details");
-      details.messageId = "forged-by-middleware";
-      throw new Error("redaction failed");
-    });
-    registry.agentToolResultMiddlewares.push({
-      pluginId: "broken-redactor",
-      pluginName: "Broken redactor",
-      rawHandler: handler,
-      handler,
-      runtimes: ["codex"],
-      source: "test",
-    });
-    setActivePluginRegistry(registry);
-    const bridge = createBridgeWithToolResult(
-      "message",
-      textToolResult("queued for internal delivery", {
-        status: "ok",
-        deliveryStatus: "sent",
-        sourceReplySink: "internal-ui",
-        sourceReply: { text: "visible reply" },
-      }),
-    );
-
-    const result = await handleMessageToolCall(bridge, {
-      action: "send",
-      target: "C123",
-      text: "hello",
-    });
-
-    expect(result).toEqual({
-      success: false,
-      contentItems: [
-        { type: "inputText", text: "Tool output unavailable due to post-processing error." },
-      ],
-    });
-    expect(result.sideEffectEvidence).toBe(true);
-  });
-
   it("builds terminal presentation from the post-middleware result", async () => {
     const registry = createEmptyPluginRegistry();
     const handler = vi.fn(async () => ({

extensions/codex/src/app-server/dynamic-tools.ts

@@ -72,12 +72,6 @@ type CodexDynamicToolHookContext = {
 
 type CodexToolResultHookContext = Omit<CodexDynamicToolHookContext, "config">;
 
-type AgentToolResultObserver = (event: {
-  toolName: string;
-  result: unknown;
-  isError: boolean;
-}) => void;
-
 type ProjectedCodexDynamicTool = {
   tool: AnyAgentTool;
   name: string;
@@ -114,7 +108,8 @@ export type CodexDynamicToolBridge = {
     params: CodexDynamicToolCallParams,
     options?: {
       signal?: AbortSignal;
-      onAgentToolResult?: AgentToolResultObserver;
+      onAgentToolResult?: EmbeddedRunAttemptParams["onAgentToolResult"];
+      toolCallOrdinal?: number;
     },
   ) => Promise<CodexDynamicToolCallResponse>;
   telemetry: {
@@ -447,7 +442,7 @@ export function createCodexDynamicToolBridge(params: {
 }
 
 function notifyAgentToolResult(
-  observer: AgentToolResultObserver | undefined,
+  observer: EmbeddedRunAttemptParams["onAgentToolResult"] | undefined,
   toolName: string,
   result: unknown,
   isError: boolean,

extensions/codex/src/app-server/event-projector.test.ts

@@ -24,6 +24,7 @@ import {
   type CodexAppServerEventProjectorOptions,
   type CodexAppServerToolTelemetry,
 } from "./event-projector.js";
+import { rememberCodexRateLimits, resetCodexRateLimitCacheForTests } from "./rate-limit-cache.js";
 import { createCodexTestModel } from "./test-support.js";
 
 const THREAD_ID = "thread-1";
@@ -107,6 +108,7 @@ afterEach(async () => {
   resetAgentEventsForTest();
   resetDiagnosticEventsForTest();
   resetGlobalHookRunner();
+  resetCodexRateLimitCacheForTests();
   vi.restoreAllMocks();
   vi.unstubAllEnvs();
   for (const tempDir of tempDirs) {
@@ -861,11 +863,10 @@ describe("CodexAppServerEventProjector", () => {
   });
 
   it("uses Codex rate-limit resets for usage-limit app-server errors", async () => {
+    const projector = await createProjector();
     const resetsAt = Math.ceil(Date.now() / 1000) + 120;
-    const projector = await createProjector(undefined, {
-      readRecentRateLimits: () => rateLimitsUpdated(resetsAt).params,
-    });
 
+    await projector.handleNotification(rateLimitsUpdated(resetsAt));
     await projector.handleNotification(
       forCurrentTurn("error", {
         error: {
@@ -886,11 +887,10 @@ describe("CodexAppServerEventProjector", () => {
   });
 
   it("uses Codex rate-limit resets for failed turns", async () => {
+    const projector = await createProjector();
     const resetsAt = Math.ceil(Date.now() / 1000) + 120;
-    const projector = await createProjector(undefined, {
-      readRecentRateLimits: () => rateLimitsUpdated(resetsAt).params,
-    });
 
+    await projector.handleNotification(rateLimitsUpdated(resetsAt));
     await projector.handleNotification(
       forCurrentTurn("turn/completed", {
         turn: {
@@ -914,8 +914,9 @@ describe("CodexAppServerEventProjector", () => {
   });
 
   it("uses a recent Codex rate-limit snapshot when failed turns omit reset details", async () => {
+    const projector = await createProjector();
     const resetsAt = Math.ceil(Date.now() / 1000) + 120;
-    const rateLimits = {
+    rememberCodexRateLimits({
       rateLimits: {
         limitId: "codex",
         limitName: "Codex",
@@ -926,9 +927,6 @@ describe("CodexAppServerEventProjector", () => {
         rateLimitReachedType: "rate_limit_reached",
       },
       rateLimitsByLimitId: null,
-    };
-    const projector = await createProjector(undefined, {
-      readRecentRateLimits: () => rateLimits,
     });
 
     await projector.handleNotification(
@@ -980,19 +978,19 @@ describe("CodexAppServerEventProjector", () => {
     expect(result.promptErrorSource).toBe("prompt");
   });
 
-  it("normalizes current app-server token usage", async () => {
+  it("normalizes snake_case current token usage fields", async () => {
     const projector = await createProjector();
 
     await projector.handleNotification(agentMessageDelta("done"));
     await projector.handleNotification(
       forCurrentTurn("thread/tokenUsage/updated", {
         tokenUsage: {
-          total: { totalTokens: 1_000_000 },
-          last: {
-            totalTokens: 17,
-            inputTokens: 8,
-            cachedInputTokens: 3,
-            outputTokens: 9,
+          total: { total_tokens: 1_000_000 },
+          last_token_usage: {
+            total_tokens: 17,
+            input_tokens: 8,
+            cached_input_tokens: 3,
+            output_tokens: 9,
           },
         },
       }),

extensions/codex/src/app-server/event-projector.ts

@@ -26,7 +26,10 @@ import type { AssistantMessage, Usage } from "openclaw/plugin-sdk/llm";
 import { saveMediaBuffer } from "openclaw/plugin-sdk/media-store";
 import { asDateTimestampMs } from "openclaw/plugin-sdk/number-runtime";
 import { resolveCodexLocalRuntimeAttribution } from "./local-runtime-attribution.js";
-import { isCodexNotificationForTurn } from "./notification-correlation.js";
+import {
+  readCodexNotificationThreadId,
+  readCodexNotificationTurnId,
+} from "./notification-correlation.js";
 import { readCodexTurn } from "./protocol-validators.js";
 import {
   isJsonObject,
@@ -37,6 +40,7 @@ import {
   type JsonObject,
   type JsonValue,
 } from "./protocol.js";
+import { readRecentCodexRateLimits, rememberCodexRateLimits } from "./rate-limit-cache.js";
 import { formatCodexUsageLimitErrorMessage } from "./rate-limits.js";
 import { readCodexMirroredSessionHistoryMessages } from "./session-history.js";
 import {
@@ -61,7 +65,6 @@ export type CodexAppServerToolTelemetry = {
 
 export type CodexAppServerEventProjectorOptions = {
   nativePostToolUseRelayEnabled?: boolean;
-  readRecentRateLimits?: () => JsonValue | undefined;
   trajectoryRecorder?: CodexTrajectoryRecorder | null;
 };
 
@@ -89,6 +92,22 @@ const ZERO_USAGE: Usage = {
   },
 };
 
+const CURRENT_TOKEN_USAGE_KEYS = [
+  "last",
+  "current",
+  "lastCall",
+  "lastCallUsage",
+  "lastTokenUsage",
+  "last_token_usage",
+] as const;
+
+const CODEX_PROMPT_TOTAL_INPUT_KEYS = [
+  "inputTokens",
+  "input_tokens",
+  "promptTokens",
+  "prompt_tokens",
+] as const;
+
 const MAX_TOOL_OUTPUT_DELTA_MESSAGES_PER_ITEM = 20;
 const TOOL_TRANSCRIPT_OUTPUT_MAX_CHARS = 12_000;
 const MISSING_TOOL_RESULT_ERROR =
@@ -184,6 +203,8 @@ export class CodexAppServerEventProjector {
   private tokenUsage: ReturnType<typeof normalizeUsage>;
   private guardianReviewCount = 0;
   private completedCompactionCount = 0;
+  private latestRateLimits: JsonValue | undefined;
+
   constructor(
     private readonly params: EmbeddedRunAttemptParams,
     private readonly threadId: string,
@@ -220,6 +241,11 @@ export class CodexAppServerEventProjector {
     if (!params) {
       return;
     }
+    if (notification.method === "account/rateLimits/updated") {
+      this.latestRateLimits = params;
+      rememberCodexRateLimits(params);
+      return;
+    }
     if (isHookNotificationMethod(notification.method)) {
       if (!this.isHookNotificationForCurrentThread(params)) {
         return;
@@ -272,7 +298,7 @@ export class CodexAppServerEventProjector {
         await this.handleRawResponseItemCompleted(params);
         break;
       case "error":
-        if (params.willRetry === true) {
+        if (readBooleanAlias(params, ["willRetry", "will_retry"]) === true) {
           break;
         }
         this.promptError = this.formatCodexErrorMessage(params) ?? "codex app-server error";
@@ -683,7 +709,9 @@ export class CodexAppServerEventProjector {
 
   private handleTokenUsage(params: JsonObject): void {
     const tokenUsage = isJsonObject(params.tokenUsage) ? params.tokenUsage : undefined;
-    const current = tokenUsage && isJsonObject(tokenUsage.last) ? tokenUsage.last : undefined;
+    const current =
+      (tokenUsage ? readFirstJsonObject(tokenUsage, CURRENT_TOKEN_USAGE_KEYS) : undefined) ??
+      readFirstJsonObject(params, CURRENT_TOKEN_USAGE_KEYS);
     if (!current) {
       return;
     }
@@ -754,7 +782,7 @@ export class CodexAppServerEventProjector {
         formatCodexUsageLimitErrorMessage({
           message: turn.error?.message,
           codexErrorInfo: turn.error?.codexErrorInfo as JsonValue | null | undefined,
-          rateLimits: this.options.readRecentRateLimits?.(),
+          rateLimits: this.latestRateLimits ?? readRecentCodexRateLimits(),
         }) ??
         turn.error?.message ??
         "codex app-server turn failed";
@@ -1661,7 +1689,7 @@ export class CodexAppServerEventProjector {
       formatCodexUsageLimitErrorMessage({
         message: error ? readString(error, "message") : undefined,
         codexErrorInfo: error?.codexErrorInfo,
-        rateLimits: this.options.readRecentRateLimits?.(),
+        rateLimits: this.latestRateLimits ?? readRecentCodexRateLimits(),
       }) ?? readCodexErrorNotificationMessage(params)
     );
   }
@@ -1856,7 +1884,9 @@ export class CodexAppServerEventProjector {
   }
 
   private isNotificationForTurn(params: JsonObject): boolean {
-    return isCodexNotificationForTurn(params, this.threadId, this.turnId);
+    const threadId = readCodexNotificationThreadId(params);
+    const turnId = readNotificationTurnId(params);
+    return threadId === this.threadId && turnId === this.turnId;
   }
 
   private isHookNotificationForCurrentThread(params: JsonObject): boolean {
@@ -1870,6 +1900,10 @@ function isHookNotificationMethod(method: string): method is "hook/started" | "h
   return method === "hook/started" || method === "hook/completed";
 }
 
+function readNotificationTurnId(record: JsonObject): string | undefined {
+  return readCodexNotificationTurnId(record);
+}
+
 function readString(record: JsonObject, key: string): string | undefined {
   const value = record[key];
   return typeof value === "string" ? value : undefined;
@@ -1959,6 +1993,21 @@ function readNonNegativeInteger(record: JsonObject, key: string): number | undef
   return value !== undefined && Number.isInteger(value) && value >= 0 ? value : undefined;
 }
 
+function readBoolean(record: JsonObject, key: string): boolean | undefined {
+  const value = record[key];
+  return typeof value === "boolean" ? value : undefined;
+}
+
+function readBooleanAlias(record: JsonObject, keys: readonly string[]): boolean | undefined {
+  for (const key of keys) {
+    const value = readBoolean(record, key);
+    if (value !== undefined) {
+      return value;
+    }
+  }
+  return undefined;
+}
+
 function readCodexErrorNotificationMessage(record: JsonObject): string | undefined {
   const error = record.error;
   if (isJsonObject(error)) {
@@ -1986,19 +2035,52 @@ function readHookOutputEntries(
   });
 }
 
+function readFirstJsonObject(record: JsonObject, keys: readonly string[]): JsonObject | undefined {
+  for (const key of keys) {
+    const value = record[key];
+    if (isJsonObject(value)) {
+      return value;
+    }
+  }
+  return undefined;
+}
+
+function readNumberAlias(record: JsonObject, keys: readonly string[]): number | undefined {
+  for (const key of keys) {
+    const value = readNumber(record, key);
+    if (value !== undefined) {
+      return value;
+    }
+  }
+  return undefined;
+}
+
 function normalizeCodexTokenUsage(record: JsonObject): ReturnType<typeof normalizeUsage> {
-  const promptTotalInput = readNumber(record, "inputTokens");
-  const cacheRead = readNumber(record, "cachedInputTokens");
+  const promptTotalInput = readNumberAlias(record, CODEX_PROMPT_TOTAL_INPUT_KEYS);
+  const cacheRead = readNumberAlias(record, [
+    "cachedInputTokens",
+    "cached_input_tokens",
+    "cacheRead",
+    "cache_read",
+    "cache_read_input_tokens",
+    "cached_tokens",
+  ]);
   const input =
     promptTotalInput !== undefined && cacheRead !== undefined
       ? Math.max(0, promptTotalInput - cacheRead)
-      : promptTotalInput;
+      : (promptTotalInput ?? readNumber(record, "input"));
 
   return normalizeUsage({
     input,
-    output: readNumber(record, "outputTokens"),
+    output: readNumberAlias(record, ["outputTokens", "output_tokens", "output"]),
     cacheRead,
-    total: readNumber(record, "totalTokens"),
+    cacheWrite: readNumberAlias(record, [
+      "cacheWrite",
+      "cache_write",
+      "cacheCreationInputTokens",
+      "cache_creation_input_tokens",
+    ]),
+    total: readNumberAlias(record, ["totalTokens", "total_tokens", "total"]),
   });
 }
 

extensions/codex/src/app-server/models.ts

@@ -8,10 +8,6 @@ import type { CodexAppServerClient } from "./client.js";
 import type { CodexAppServerStartOptions } from "./config.js";
 import { readCodexModelListResponse } from "./protocol-validators.js";
 import type { CodexModel, CodexReasoningEffortOption } from "./protocol.js";
-import {
-  createIsolatedCodexAppServerClient,
-  leaseSharedCodexAppServerClient,
-} from "./shared-client.js";
 
 /** Normalized model metadata returned by the Codex app-server model listing helper. */
 export type CodexAppServerModel = {
@@ -40,11 +36,10 @@ export type CodexAppServerListModelsOptions = {
   includeHidden?: boolean;
   timeoutMs?: number;
   startOptions?: CodexAppServerStartOptions;
-  authProfileId?: string | null;
+  authProfileId?: string;
   agentDir?: string;
   config?: Parameters<typeof resolveCodexAppServerAuthProfileIdForAgent>[0]["config"];
   sharedClient?: boolean;
-  signal?: AbortSignal;
 };
 
 /** Lists one Codex app-server model page using the configured auth/client options. */
@@ -59,37 +54,27 @@ export async function listCodexAppServerModels(
 /** Walks Codex app-server model pages until exhaustion or the max-page guard. */
 export async function listAllCodexAppServerModels(
   options: CodexAppServerListModelsOptions & { maxPages?: number } = {},
-): Promise<CodexAppServerModelListResult> {
-  return await withCodexAppServerModelClient(options, async ({ client, timeoutMs }) =>
-    listAllCodexAppServerModelsWithClient(client, { ...options, timeoutMs }),
-  );
-}
-
-/** Walks all model pages on an already-owned physical app-server client. */
-export async function listAllCodexAppServerModelsWithClient(
-  client: CodexAppServerClient,
-  options: CodexAppServerListModelsOptions & { maxPages?: number } = {},
 ): Promise<CodexAppServerModelListResult> {
   const maxPages = normalizeMaxPages(options.maxPages);
-  const timeoutMs = options.timeoutMs ?? 2500;
-  const models: CodexAppServerModel[] = [];
-  let cursor = options.cursor;
-  let nextCursor: string | undefined;
-  for (let page = 0; page < maxPages; page += 1) {
-    options.signal?.throwIfAborted();
-    const result = await requestModelListPage(client, {
-      ...options,
-      timeoutMs,
-      cursor,
-    });
-    models.push(...result.models);
-    nextCursor = result.nextCursor;
-    if (!nextCursor) {
-      return { models };
+  return await withCodexAppServerModelClient(options, async ({ client, timeoutMs }) => {
+    const models: CodexAppServerModel[] = [];
+    let cursor = options.cursor;
+    let nextCursor: string | undefined;
+    for (let page = 0; page < maxPages; page += 1) {
+      const result = await requestModelListPage(client, {
+        ...options,
+        timeoutMs,
+        cursor,
+      });
+      models.push(...result.models);
+      nextCursor = result.nextCursor;
+      if (!nextCursor) {
+        return { models };
+      }
+      cursor = nextCursor;
     }
-    cursor = nextCursor;
-  }
-  return { models, nextCursor, truncated: true };
+    return { models, nextCursor, truncated: true };
+  });
 }
 
 async function withCodexAppServerModelClient<T>(
@@ -98,32 +83,33 @@ async function withCodexAppServerModelClient<T>(
 ): Promise<T> {
   const timeoutMs = options.timeoutMs ?? 2500;
   const useSharedClient = options.sharedClient !== false;
-  const clientLease = useSharedClient
-    ? await leaseSharedCodexAppServerClient({
+  const {
+    createIsolatedCodexAppServerClient,
+    getLeasedSharedCodexAppServerClient,
+    releaseLeasedSharedCodexAppServerClient,
+  } = await import("./shared-client.js");
+  const client = useSharedClient
+    ? await getLeasedSharedCodexAppServerClient({
         startOptions: options.startOptions,
         timeoutMs,
         authProfileId: options.authProfileId,
         agentDir: options.agentDir,
         config: options.config,
-        abandonSignal: options.signal,
       })
-    : undefined;
-  const client =
-    clientLease?.client ??
-    (await createIsolatedCodexAppServerClient({
-      startOptions: options.startOptions,
-      timeoutMs,
-      authProfileId: options.authProfileId,
-      agentDir: options.agentDir,
-      config: options.config,
-    }));
+    : await createIsolatedCodexAppServerClient({
+        startOptions: options.startOptions,
+        timeoutMs,
+        authProfileId: options.authProfileId,
+        agentDir: options.agentDir,
+        config: options.config,
+      });
   try {
     return await run({ client, timeoutMs });
   } finally {
     if (useSharedClient) {
-      clientLease?.release();
+      releaseLeasedSharedCodexAppServerClient(client);
     } else {
-      await client.closeAndWait({ exitTimeoutMs: 2_000, forceKillDelayMs: 250 });
+      client.close();
     }
   }
 }
@@ -139,7 +125,7 @@ async function requestModelListPage(
       cursor: options.cursor ?? null,
       includeHidden: options.includeHidden ?? null,
     },
-    { timeoutMs: options.timeoutMs, signal: options.signal },
+    { timeoutMs: options.timeoutMs },
   );
   return readModelListResult(response);
 }

extensions/codex/src/app-server/native-execution-policy.ts

@@ -4,12 +4,7 @@
  */
 import type { OpenClawConfig } from "openclaw/plugin-sdk/config-contracts";
 import { resolveSandboxRuntimeStatus } from "openclaw/plugin-sdk/sandbox";
-import {
-  loadSessionStore,
-  resolveSessionStoreEntry,
-  resolveStorePath,
-  type SessionEntry,
-} from "openclaw/plugin-sdk/session-store-runtime";
+import { getSessionEntry, type SessionEntry } from "openclaw/plugin-sdk/session-store-runtime";
 
 type ExecHost = "sandbox" | "gateway" | "node";
 type ExecTarget = "auto" | ExecHost;
@@ -50,17 +45,19 @@ export function resolveCodexNativeExecutionPolicy(params: {
   const config = params.config ?? {};
   const sessionKey = params.sessionKey?.trim() || params.sessionId?.trim() || undefined;
   const agentId = resolvePolicyAgentId({ config, sessionKey, agentId: params.agentId });
+  const canReadSessionEntry =
+    params.readRuntimeSessionEntry &&
+    shouldReadRuntimeSessionEntry({ config, sessionKey, agentId: params.agentId });
   const sessionEntry =
     params.sessionEntry ??
-    (params.readRuntimeSessionEntry && sessionKey
-      ? readRuntimeSessionEntryBestEffort(config, sessionKey, agentId)
+    (canReadSessionEntry && sessionKey
+      ? readRuntimeSessionEntryBestEffort({ sessionKey, agentId })
       : undefined);
   const sandboxAvailable =
     params.sandboxAvailable ??
     (sessionKey
       ? resolveSandboxRuntimeStatus({
           cfg: config,
-          agentId,
           sessionKey,
         }).sandboxed
       : false);
@@ -233,17 +230,16 @@ function resolveEffectiveExecHost(params: {
   return params.requestedExecHost;
 }
 
-function readRuntimeSessionEntryBestEffort(
-  config: OpenClawConfig,
-  sessionKey: string,
-  agentId: string,
-): SessionEntry | undefined {
+function readRuntimeSessionEntryBestEffort(params: {
+  sessionKey: string;
+  agentId: string;
+}): SessionEntry | undefined {
   try {
-    const storePath = resolveStorePath(config.session?.store, { agentId });
-    return resolveSessionStoreEntry({
-      store: loadSessionStore(storePath, { skipCache: true }),
-      sessionKey,
-    }).existing;
+    return getSessionEntry({
+      sessionKey: params.sessionKey,
+      agentId: params.agentId,
+      hydrateSkillPromptRefs: false,
+    });
   } catch {
     return undefined;
   }

extensions/codex/src/app-server/native-hook-relay.ts

@@ -13,6 +13,7 @@ import {
   addTimerTimeoutGraceMs,
   finiteSecondsToTimerSafeMilliseconds,
 } from "openclaw/plugin-sdk/number-runtime";
+import type { CodexAppServerRuntimeOptions } from "./config.js";
 import type { JsonObject, JsonValue } from "./protocol.js";
 
 /** Codex hook events that can be registered through OpenClaw's native relay. */
@@ -23,6 +24,8 @@ export const CODEX_NATIVE_HOOK_RELAY_EVENTS: readonly NativeHookRelayEvent[] = [
   "before_agent_finalize",
 ] as const;
 
+const CODEX_NATIVE_HOOK_RELAY_EVENTS_WITH_APP_SERVER_APPROVALS =
+  CODEX_NATIVE_HOOK_RELAY_EVENTS.filter((event) => event !== "permission_request");
 const CODEX_NATIVE_HOOK_RELAY_MIN_TTL_MS = 30 * 60_000;
 /** Extra relay lifetime after the expected turn budget, preventing late hook drops. */
 export const CODEX_NATIVE_HOOK_RELAY_TTL_GRACE_MS = 5 * 60_000;
@@ -146,8 +149,9 @@ export function createCodexNativeHookRelay(params: {
     allowedEvents: params.events,
     ttlMs: resolveCodexNativeHookRelayTtlMs({
       explicitTtlMs: params.options?.ttlMs,
-      operationBudgetMs:
-        params.attemptTimeoutMs + params.startupTimeoutMs + params.turnStartTimeoutMs,
+      attemptTimeoutMs: params.attemptTimeoutMs,
+      startupTimeoutMs: params.startupTimeoutMs,
+      turnStartTimeoutMs: params.turnStartTimeoutMs,
     }),
     signal: params.signal,
     command: {
@@ -159,27 +163,38 @@ export function createCodexNativeHookRelay(params: {
   });
 }
 
-/** Selects the native hook events Codex should install for this thread. */
+/** Selects the native hook events Codex should install for the current approval mode. */
 export function resolveCodexNativeHookRelayEvents(params: {
   configuredEvents?: readonly NativeHookRelayEvent[];
+  appServer: Pick<CodexAppServerRuntimeOptions, "approvalPolicy">;
 }): readonly NativeHookRelayEvent[] {
   if (params.configuredEvents?.length) {
     return params.configuredEvents;
   }
-  // Thread config is fixed before Codex reports the authoritative provider.
-  // Install the stable superset; the relay defers permission prompts from guarded turns.
-  return CODEX_NATIVE_HOOK_RELAY_EVENTS;
+  // Codex emits PermissionRequest before the app-server approval reviewer has
+  // resolved the command. In native approval modes, let Codex's app-server
+  // approval bridge own the real escalation instead of surfacing a stale
+  // pre-guardian OpenClaw plugin approval prompt.
+  return params.appServer.approvalPolicy === "never"
+    ? CODEX_NATIVE_HOOK_RELAY_EVENTS
+    : CODEX_NATIVE_HOOK_RELAY_EVENTS_WITH_APP_SERVER_APPROVALS;
 }
 
 /** Derives the native hook relay TTL from the turn budget unless explicitly configured. */
 export function resolveCodexNativeHookRelayTtlMs(params: {
   explicitTtlMs: number | undefined;
-  operationBudgetMs: number;
+  attemptTimeoutMs: number;
+  startupTimeoutMs: number;
+  turnStartTimeoutMs: number;
 }): number {
   if (params.explicitTtlMs !== undefined) {
     return params.explicitTtlMs;
   }
-  const relayBudgetMs = params.operationBudgetMs + CODEX_NATIVE_HOOK_RELAY_TTL_GRACE_MS;
+  const relayBudgetMs =
+    params.attemptTimeoutMs +
+    params.startupTimeoutMs +
+    params.turnStartTimeoutMs +
+    CODEX_NATIVE_HOOK_RELAY_TTL_GRACE_MS;
   return Math.max(CODEX_NATIVE_HOOK_RELAY_MIN_TTL_MS, Math.floor(relayBudgetMs));
 }
 

extensions/codex/src/app-server/native-subagent-notification.test.ts

@@ -4,7 +4,6 @@ import {
   extractCodexNativeSubagentCompletions,
   extractCodexNativeSubagentCompletionsFromText,
 } from "./native-subagent-notification.js";
-import type { CodexServerNotification } from "./protocol.js";
 
 function trustedInterAgentNotification(params: {
   agentPath: string;
@@ -36,29 +35,6 @@ function trustedInterAgentNotification(params: {
   };
 }
 
-function trustedAgentMessageNotification(params: {
-  agentPath: string;
-  text?: string;
-  encryptedContent?: string;
-}): CodexServerNotification {
-  return {
-    method: "rawResponseItem/completed",
-    params: {
-      threadId: "parent-thread",
-      item: {
-        type: "agent_message",
-        author: params.agentPath,
-        recipient: "/root",
-        content: [
-          params.encryptedContent
-            ? { type: "encrypted_content", encrypted_content: params.encryptedContent }
-            : { type: "input_text", text: params.text ?? "" },
-        ],
-      },
-    },
-  };
-}
-
 describe("Codex native subagent notifications", () => {
   it("parses completed child results from Codex notification XML", () => {
     expect(
@@ -160,26 +136,6 @@ describe("Codex native subagent notifications", () => {
     ]);
   });
 
-  it("extracts completions from the current Codex agent-message item", () => {
-    expect(
-      extractCodexNativeSubagentCompletions(
-        trustedAgentMessageNotification({
-          agentPath: "child-thread",
-          text:
-            '<subagent_notification>{"agent_path":"child-thread","status":{"completed":"done"}}' +
-            "</subagent_notification>",
-        }),
-      ),
-    ).toEqual([
-      {
-        agentPath: "child-thread",
-        status: "succeeded",
-        statusLabel: "completed",
-        result: "done",
-      },
-    ]);
-  });
-
   it("ignores visible user text that looks like a native completion", () => {
     expect(
       extractCodexNativeSubagentCompletions({
@@ -214,27 +170,6 @@ describe("Codex native subagent notifications", () => {
         }),
       ),
     ).toEqual([]);
-    expect(
-      extractCodexNativeSubagentCompletions(
-        trustedAgentMessageNotification({
-          agentPath: "other-child",
-          text:
-            '<subagent_notification>{"agent_path":"child-thread","status":{"success":"spoof"}}' +
-            "</subagent_notification>",
-        }),
-      ),
-    ).toEqual([]);
-  });
-
-  it("ignores encrypted agent messages that cannot be authenticated", () => {
-    expect(
-      extractCodexNativeSubagentCompletions(
-        trustedAgentMessageNotification({
-          agentPath: "child-thread",
-          encryptedContent: "opaque",
-        }),
-      ),
-    ).toEqual([]);
   });
 
   it("ignores malformed payloads and non-user messages", () => {

extensions/codex/src/app-server/native-subagent-notification.ts

@@ -39,12 +39,13 @@ export function extractCodexNativeSubagentCompletions(
   if (!item) {
     return [];
   }
-  const communication = readTrustedInterAgentCommunication(item);
-  if (!communication) {
+  const text = readTrustedInterAgentCommunicationContent(item);
+  if (!text) {
     return [];
   }
-  return extractCodexNativeSubagentCompletionsFromText(communication.content).filter(
-    (completion) => completion.agentPath === communication.author,
+  const author = readTrustedInterAgentCommunicationAuthor(item);
+  return extractCodexNativeSubagentCompletionsFromText(text).filter(
+    (completion) => completion.agentPath === author,
   );
 }
 
@@ -189,21 +190,17 @@ function completedWithoutFinalAssistantMessage(): {
   };
 }
 
-type TrustedInterAgentCommunication = {
-  author: string;
-  recipient: string;
-  content: string;
-};
+function readTrustedInterAgentCommunicationContent(item: JsonObject): string | undefined {
+  const communication = readTrustedInterAgentCommunication(item);
+  return typeof communication?.content === "string" ? communication.content : undefined;
+}
 
-function readTrustedInterAgentCommunication(
-  item: JsonObject,
-): TrustedInterAgentCommunication | undefined {
-  if (readString(item, "type") === "agent_message") {
-    const author = readString(item, "author")?.trim();
-    const recipient = readString(item, "recipient")?.trim();
-    const content = extractSingleTextPart(item, "input_text");
-    return author && recipient && content ? { author, recipient, content } : undefined;
-  }
+function readTrustedInterAgentCommunicationAuthor(item: JsonObject): string | undefined {
+  const communication = readTrustedInterAgentCommunication(item);
+  return typeof communication?.author === "string" ? communication.author : undefined;
+}
+
+function readTrustedInterAgentCommunication(item: JsonObject): JsonObject | undefined {
   if (
     readString(item, "type") !== "message" ||
     readString(item, "role") !== "assistant" ||
@@ -211,7 +208,7 @@ function readTrustedInterAgentCommunication(
   ) {
     return undefined;
   }
-  const text = extractSingleTextPart(item, "output_text", "text");
+  const text = extractSingleTextPart(item);
   if (!text) {
     return undefined;
   }
@@ -224,20 +221,18 @@ function readTrustedInterAgentCommunication(
   if (!isJsonObject(parsed)) {
     return undefined;
   }
-  const author = typeof parsed.author === "string" ? parsed.author.trim() : "";
-  const recipient = typeof parsed.recipient === "string" ? parsed.recipient.trim() : "";
   if (
-    !author ||
-    !recipient ||
+    typeof parsed.author !== "string" ||
+    typeof parsed.recipient !== "string" ||
     typeof parsed.content !== "string" ||
     parsed.trigger_turn !== false
   ) {
     return undefined;
   }
-  return { author, recipient, content: parsed.content };
+  return parsed;
 }
 
-function extractSingleTextPart(item: JsonObject, ...acceptedTypes: string[]): string | undefined {
+function extractSingleTextPart(item: JsonObject): string | undefined {
   const content = item.content;
   if (!Array.isArray(content) || content.length !== 1) {
     return undefined;
@@ -247,7 +242,7 @@ function extractSingleTextPart(item: JsonObject, ...acceptedTypes: string[]): st
     return undefined;
   }
   const type = readString(entry, "type");
-  if (!type || !acceptedTypes.includes(type)) {
+  if (type !== "output_text" && type !== "text") {
     return undefined;
   }
   return readString(entry, "text")?.trim();