fix: warn about stale OpenAI keys with Codex auth

2026-06-18 03:52:42 +08:00 · 2026-05-26 07:15:27 +10:00
2592 changed files with 44507 additions and 114046 deletions
--- a/.agents/skills/agent-transcript/SKILL.md
+++ b/.agents/skills/agent-transcript/SKILL.md
@@ -1,88 +0,0 @@
---
-name: agent-transcript
-description: "Add a redacted agent transcript section to GitHub PR or issue bodies during OpenClaw agent-created PR/issue workflows."
---
-
-# Agent Transcript
-
-Best-effort local-only provenance for OpenClaw PR/issue bodies. Use during agent-created GitHub PR or issue workflows before creating/updating the body.
-
-## Contract
-
- Never use network. Session discovery reads local agent logs only.
- Never upload raw logs. Render sanitized Markdown first.
- Always ask the user before adding transcript logs to a GitHub PR/issue body.
- Tell the user sanitized session logs help reviewers and can make PRs easier to prioritize.
- Offer a local HTML preview before insertion. If the user wants preview, open it and wait for confirmation before adding the section.
- Fail closed on unresolved secrets, private keys, browser/session/cookie details, or auth URLs.
- Drop system/developer prompts, raw tool outputs, reasoning, env, cookies, tokens, and broad local paths.
- Keep user prompts, assistant visible decisions, terse tool summaries, and test/proof outcomes.
- Remove session turns unrelated to the PR/issue work. Use the PR/issue title, branch name, changed files, and stated goal as scope; omit earlier/later unrelated tasks even when they are in the same session log.
- Best effort only: PR/issue creation must continue if no safe transcript is found.
- Add the `## Agent Transcript` section only when inserting a real transcript. Never add a placeholder transcript heading or text such as "A sanitized local transcript preview was generated but not included."
- Use a collapsed `<details>` section and update existing markers instead of duplicating sections.
-
-## Helper
-
-```bash
-.agents/skills/agent-transcript/scripts/agent-transcript --help
-```
-
-Find a likely local session:
-
-```bash
-.agents/skills/agent-transcript/scripts/agent-transcript find \
-  --query "$PR_TITLE $BRANCH_OR_PR_URL" \
-  --cwd "$PWD" \
-  --since-days 14
-```
-
-`find` scans the newest 400 matching local JSONL logs by default across Codex, Claude, Pi, and OpenClaw agent sessions. Use `--max-files N` for a wider local search.
-
-Render a PR/issue body section:
-
-```bash
-.agents/skills/agent-transcript/scripts/agent-transcript render \
-  --session "$SESSION_JSONL" \
-  --out /tmp/agent-transcript.md
-```
-
-Preview one candidate session locally:
-
-```bash
-.agents/skills/agent-transcript/scripts/agent-transcript preview \
-  --session "$SESSION_JSONL" \
-  --out /tmp/agent-transcript-preview.html
-open /tmp/agent-transcript-preview.html
-```
-
-Append/update a body file before `gh pr create --body-file` or connector PR creation:
-
-```bash
-.agents/skills/agent-transcript/scripts/agent-transcript append-body \
-  --body /tmp/pr-body.md \
-  --session "$SESSION_JSONL" \
-  --out /tmp/pr-body.with-transcript.md
-```
-
-## PR/Issue Workflow
-
-1. Draft the normal PR/issue body first.
-2. Run `find` with title, branch, PR URL/number if known, and cwd.
-3. If a high-confidence session is found, ask:
-   `Include a redacted agent transcript? It helps reviewers and can make the PR easier to prioritize. I can open a local preview first.`
-4. If the user wants preview, run `preview`, open the HTML with `open`, and wait for confirmation.
-5. Before insertion, trim unrelated session turns from the generated section. Keep only turns that explain this PR/issue's goal, implementation choices, files, tests, proof, blockers, and final outcome.
-6. If the user approves, run `append-body`.
-7. Use the enriched body file for creation/update.
-8. If no safe session is found, say nothing and continue without transcript. If the user declines, continue without transcript and do not add any transcript placeholder section.
-
-## Review Artifacts
-
-For manual audits across many PR/session candidates, create a local HTML preview from a local JSON file. This is for maintainers only and is not part of the PR/issue workflow:
-
-```bash
-.agents/skills/agent-transcript/scripts/agent-transcript html \
-  --prs /tmp/recent-prs.json \
-  --out /tmp/agent-transcript-preview.html
-```
--- a/.agents/skills/agent-transcript/scripts/agent-transcript
+++ b/.agents/skills/agent-transcript/scripts/agent-transcript
@@ -1,683 +0,0 @@
-#!/usr/bin/env node
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import process from "node:process";
-
-const MARKER_START = "<!-- agent-transcript:start -->";
-const MARKER_END = "<!-- agent-transcript:end -->";
-const DEFAULT_MAX_CHARS = 50000;
-const DEFAULT_ENTRY_MAX_CHARS = 6000;
-
-function usage() {
-  console.log(`Usage:
-  agent-transcript find --query TEXT [--cwd PATH] [--since-days N] [--max-files N] [--root PATH...]
-  agent-transcript render --session FILE [--out FILE] [--max-chars N] [--entry-max-chars N] [--title TEXT] [--url URL]
-  agent-transcript preview --session FILE [--out FILE] [--max-chars N] [--entry-max-chars N] [--title TEXT] [--url URL]
-  agent-transcript append-body --body FILE --session FILE [--out FILE] [--max-chars N] [--entry-max-chars N]
-  agent-transcript html --prs FILE [--out FILE] [--since-days N] [--min-score N] [--root PATH...] [--exclude-session FILE...]
-
-Local-only. No network calls.`);
-}
-
-function parseArgs(argv) {
-  const args = { _: [] };
-  for (let i = 0; i < argv.length; i++) {
-    const arg = argv[i];
-    if (!arg.startsWith("--")) {
-      args._.push(arg);
-      continue;
-    }
-    const key = arg.slice(2);
-    const next = argv[i + 1];
-    if (next == null || next.startsWith("--")) {
-      args[key] = true;
-      continue;
-    }
-    i++;
-    if (args[key] == null) args[key] = next;
-    else if (Array.isArray(args[key])) args[key].push(next);
-    else args[key] = [args[key], next];
-  }
-  return args;
-}
-
-function asArray(value) {
-  if (value == null) return [];
-  return Array.isArray(value) ? value : [value];
-}
-
-function homePath(...parts) {
-  return path.join(os.homedir(), ...parts);
-}
-
-function openClawSessionRoots() {
-  const stateDir = process.env.OPENCLAW_STATE_DIR || homePath(".openclaw");
-  const agentsDir = path.join(stateDir, "agents");
-  if (!fs.existsSync(agentsDir)) return [];
-  try {
-    const roots = fs
-      .readdirSync(agentsDir, { withFileTypes: true })
-      .filter((entry) => entry.isDirectory())
-      .flatMap((entry) => {
-        const agentDir = path.join(agentsDir, entry.name);
-        return [
-          path.join(agentDir, "sessions"),
-          path.join(agentDir, "agent", "sessions"),
-          path.join(agentDir, "agent", "codex-home", "sessions"),
-        ];
-      })
-      .filter((root) => fs.existsSync(root));
-    return [...new Set(roots)];
-  } catch {
-    return [];
-  }
-}
-
-function defaultRoots() {
-  return [
-    homePath(".codex", "sessions"),
-    homePath(".claude", "projects"),
-    homePath(".pi", "agent", "sessions"),
-    ...openClawSessionRoots(),
-  ];
-}
-
-function walkJsonl(root, sinceMs, out = []) {
-  if (!root || !fs.existsSync(root)) return out;
-  const stat = fs.statSync(root);
-  if (stat.isFile()) {
-    if (root.endsWith(".jsonl") && stat.mtimeMs >= sinceMs) out.push(root);
-    return out;
-  }
-  for (const entry of fs.readdirSync(root, { withFileTypes: true })) {
-    if (entry.name === "node_modules" || entry.name === ".git") continue;
-    const file = path.join(root, entry.name);
-    if (entry.isDirectory()) walkJsonl(file, sinceMs, out);
-    else if (entry.isFile() && entry.name.endsWith(".jsonl")) {
-      const entryStat = fs.statSync(file);
-      if (entryStat.mtimeMs >= sinceMs) out.push(file);
-    }
-  }
-  return out;
-}
-
-function readJsonl(file, maxLines = 12000) {
-  const text = fs.readFileSync(file, "utf8");
-  const lines = text.split(/\n+/).filter(Boolean).slice(0, maxLines);
-  const rows = [];
-  for (const line of lines) {
-    try {
-      rows.push(JSON.parse(line));
-    } catch {
-      rows.push({ type: "unparsed", text: line });
-    }
-  }
-  return rows;
-}
-
-function stringContent(value) {
-  if (value == null) return "";
-  if (typeof value === "string") return value;
-  if (Array.isArray(value)) return value.map(stringContent).filter(Boolean).join("\n");
-  if (typeof value === "object") {
-    if (typeof value.text === "string") return value.text;
-    if (typeof value.content === "string") return value.content;
-    if (typeof value.message === "string") return value.message;
-    if (Array.isArray(value.content)) return stringContent(value.content);
-    if (value.type === "text" && value.text) return String(value.text);
-  }
-  return "";
-}
-
-function detectAgent(file, rows) {
-  if (file.includes(`${path.sep}.codex${path.sep}`)) return "codex";
-  if (file.includes(`${path.sep}.claude${path.sep}`)) return "claude";
-  if (file.includes(`${path.sep}.pi${path.sep}`)) return "pi";
-  if (
-    file.includes(`${path.sep}.openclaw${path.sep}`) ||
-    (file.includes(`${path.sep}agents${path.sep}`) && file.includes(`${path.sep}sessions${path.sep}`))
-  ) {
-    return "openclaw";
-  }
-  if (rows.some((row) => row?.type === "session_meta" || row?.type === "response_item")) return "codex";
-  if (rows.some((row) => row?.sessionId && row?.userType)) return "claude";
-  return "agent";
-}
-
-function eventText(row) {
-  if (row?.type === "event_msg") {
-    const payload = row.payload || {};
-    return stringContent(payload.message || payload.text_elements || payload.content);
-  }
-  if (row?.type === "response_item") {
-    const payload = row.payload || {};
-    return stringContent(payload.content || payload.summary || payload.arguments || payload.output);
-  }
-  if (row?.message) return stringContent(row.message);
-  if (row?.content) return stringContent(row.content);
-  if (row?.text) return stringContent(row.text);
-  return "";
-}
-
-function eventRole(row) {
-  if (row?.type === "event_msg") {
-    const type = row.payload?.type;
-    if (type === "user_message") return "user";
-    if (type === "agent_message") return "assistant";
-    if (type === "token_count" || type === "task_started" || type === "task_complete") return null;
-    if (type === "web_search_end") return "web";
-  }
-  if (row?.type === "response_item") {
-    const payload = row.payload || {};
-    if (payload.type === "function_call") return "tool";
-    if (payload.type === "function_call_output") return "tool_output";
-    if (payload.type === "reasoning") return null;
-    if (payload.type === "web_search_call") return "web";
-    if (payload.role === "user") return "user";
-    if (payload.role === "assistant") return "assistant";
-  }
-  if (row?.type === "user") return "user";
-  if (row?.type === "assistant") return "assistant";
-  if (row?.message?.role === "user") return "user";
-  if (row?.message?.role === "assistant") return "assistant";
-  if (row?.type === "tool_result" || row?.type === "tool_use") return "tool";
-  return null;
-}
-
-function hasSetupBlob(text) {
-  return (
-    text.includes("<INSTRUCTIONS>") ||
-    text.includes("# AGENTS.MD") ||
-    text.includes("Knowledge cutoff:") ||
-    text.includes("You are Codex") ||
-    /\byour instructions\b/i.test(text) ||
-    /\binstructions absorbed\b/i.test(text) ||
-    /\bAGENTS\.md\b/i.test(text)
-  );
-}
-
-function redact(input, stats) {
-  let s = String(input ?? "");
-  const rules = [
-    [/-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g, "[REDACTED_PRIVATE_KEY]"],
-    [/sk-[A-Za-z0-9_-]{20,}/g, "[REDACTED_OPENAI_KEY]"],
-    [/(gh[pousr]_[A-Za-z0-9_]{20,})/g, "[REDACTED_GITHUB_TOKEN]"],
-    [/(AKIA[0-9A-Z]{16})/g, "[REDACTED_AWS_KEY]"],
-    [/eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{10,}/g, "[REDACTED_JWT]"],
-    [/\b(?:Bearer|Basic)\s+[A-Za-z0-9._~+/=-]{16,}/gi, "[REDACTED_AUTH_HEADER]"],
-    [/[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}/gi, "[REDACTED_EMAIL]"],
-    [/\b(?:\+?\d[\d .()-]{7,}\d)\b/g, "[REDACTED_PHONE]"],
-    [/\/Users\/[^\s`"'>)]+/g, "[LOCAL_PATH]"],
-    [/~\/[^\s`"'>)]+/g, "[HOME_PATH]"],
-    [/([?&](?:token|key|secret|signature|sig|access_token|auth)=)[^\s`"'>&]+/gi, "$1[REDACTED]"],
-  ];
-  for (const [re, repl] of rules) {
-    const before = s;
-    s = s.replace(re, repl);
-    if (s !== before) stats.redactions++;
-  }
-  return s;
-}
-
-function unsafe(text) {
-  const patterns = [
-    /-----BEGIN [A-Z ]*PRIVATE KEY-----/,
-    /\b(?:Bearer|Basic)\s+[A-Za-z0-9._~+/=-]{16,}/i,
-    /\b(?:user_session|_gh_sess|__Host-user_session_same_site|GH_SESSION_TOKEN)\b/i,
-    /\b(?:GITHUB_TOKEN|GH_TOKEN|OPENAI_API_KEY|ANTHROPIC_API_KEY)\b/,
-    /\/upload\/policies\/assets|uploadToken|authenticity_token/i,
-  ];
-  return patterns.filter((pattern) => pattern.test(text)).map((pattern) => String(pattern));
-}
-
-function normalizeEntry(role, text, stats, options = {}) {
-  let t = redact(text, stats).replace(/\n{3,}/g, "\n\n").trim();
-  if (!t) return null;
-  if (hasSetupBlob(t)) t = "[instructions recap omitted; policy/config text, not task dialogue]";
-  if (unsafe(t).length) t = "[omitted: browser/session/auth internals; not useful for public PR transcript]";
-  const entryMaxChars = Number(options.entryMaxChars || options["entry-max-chars"] || DEFAULT_ENTRY_MAX_CHARS);
-  if (t.length > entryMaxChars) {
-    t = `${t.slice(0, entryMaxChars).trimEnd()}\n...[truncated ${t.length - entryMaxChars} chars]`;
-  }
-  return `[${role}]\n${t}`;
-}
-
-function entryRole(entry) {
-  const match = entry.match(/^\[([^\]]+)\]\n/);
-  return match ? match[1] : null;
-}
-
-function entryBody(entry) {
-  return entry.replace(/^\[[^\]]+\]\n/, "");
-}
-
-function coalesceEntries(entries) {
-  const coalesced = [];
-  for (const entry of entries) {
-    const role = entryRole(entry);
-    const body = entryBody(entry);
-    const last = coalesced[coalesced.length - 1];
-    if (!last || !role || entryRole(last) !== role || role === "tool summary") {
-      coalesced.push(entry);
-      continue;
-    }
-    const lastBody = entryBody(last);
-    if (lastBody === body || lastBody.includes(body)) continue;
-    if (body.includes(lastBody)) {
-      coalesced[coalesced.length - 1] = `[${role}]\n${body}`;
-      continue;
-    }
-    coalesced[coalesced.length - 1] = `[${role}]\n${lastBody}\n\n${body}`;
-  }
-  return coalesced;
-}
-
-function toolFamily(name) {
-  const normalized = String(name).toLowerCase();
-  if (
-    /(read|fetch|open|list|find|search|grep|rg|sed|cat|head|tail|jq|wc|status|diff|show|view|snapshot|screenshot)/.test(
-      normalized,
-    )
-  ) {
-    return "read";
-  }
-  if (/(write|edit|patch|apply|create|update|append|save|comment|fill|click|type|navigate|upload)/.test(normalized)) {
-    return "write";
-  }
-  if (/(exec|command|shell|run|test|build|lint|format|install|pnpm|npm|node|git|gh|ssh)/.test(normalized)) {
-    return "execute";
-  }
-  if (/(web|http|fetch|browser|chrome|github|dropbox|notion|gmail|calendar)/.test(normalized)) {
-    return "network";
-  }
-  return "other";
-}
-
-function shellFamily(command) {
-  const cmd = String(command || "").trim();
-  if (!cmd) return "execute";
-  if (
-    /^(rg|grep|sed|cat|head|tail|jq|wc|ls|find|pwd|git (status|diff|show|log|blame)|gh (pr|issue|api|run|repo|auth) (view|list|status)|test |stat |ps |which |command -v )\b/.test(
-      cmd,
-    )
-  ) {
-    return "read";
-  }
-  if (/^(open |chmod |mkdir |touch |cp |mv |kill |git add|git commit|git push|gh pr create|gh issue create)\b/.test(cmd)) {
-    return "write";
-  }
-  if (/^(node|npm|pnpm|bun|python|python3|ruby|tsx|tsgo|make|cargo|go test|swift|xcodebuild)\b/.test(cmd)) {
-    return "execute";
-  }
-  if (/^(ssh|curl|wget|tailscale|nc )\b/.test(cmd)) return "network";
-  return "execute";
-}
-
-function toolCallFamily(row) {
-  const name = row.payload?.name || row.name || row.message?.name || row.type || "tool";
-  if (name === "exec_command") {
-    try {
-      const args = JSON.parse(row.payload?.arguments || "{}");
-      return shellFamily(args.cmd);
-    } catch {
-      return "execute";
-    }
-  }
-  if (name === "apply_patch") return "write";
-  if (name === "write_stdin") return "execute";
-  return toolFamily(name);
-}
-
-function compactToolSummary(familyCounts, dropped) {
-  const families = new Map();
-  for (const [family, count] of familyCounts.entries()) {
-    families.set(family, (families.get(family) || 0) + count);
-  }
-  const ordered = ["read", "write", "execute", "network", "other"]
-    .map((family) => [family, families.get(family) || 0])
-    .filter(([, count]) => count > 0)
-    .map(([family, count]) => `${count} ${family}`);
-  const calls = ordered.length ? ordered.join(", ") : "0 tool";
-  return `${calls}; raw tool outputs dropped: ${dropped}`;
-}
-
-function recountEntries(stats, entries) {
-  stats.rawEntries = stats.entries;
-  stats.entries = entries.length;
-  stats.user = entries.filter((entry) => entry.startsWith("[user]\n")).length;
-  stats.assistant = entries.filter((entry) => entry.startsWith("[assistant]\n")).length;
-}
-
-function renderSession(file, options = {}) {
-  const rows = readJsonl(file);
-  const agent = detectAgent(file, rows);
-  const stats = {
-    agent,
-    entries: 0,
-    user: 0,
-    assistant: 0,
-    toolCalls: 0,
-    toolOutputsDropped: 0,
-    web: 0,
-    redactions: 0,
-    omittedUnsafe: 0,
-  };
-  const toolCounts = new Map();
-  const items = [];
-  const seenEntries = new Set();
-  const hasEventDialogue = rows.some((row) => {
-    const type = row?.type === "event_msg" ? row.payload?.type : null;
-    return type === "user_message" || type === "agent_message";
-  });
-  for (const row of rows) {
-    const role = eventRole(row);
-    if (!role) continue;
-    if (hasEventDialogue && row.type === "response_item" && (role === "user" || role === "assistant")) {
-      continue;
-    }
-    if (role === "tool_output") {
-      stats.toolOutputsDropped++;
-      continue;
-    }
-    if (role === "tool") {
-      const family = toolCallFamily(row);
-      toolCounts.set(family, (toolCounts.get(family) || 0) + 1);
-      stats.toolCalls++;
-      continue;
-    }
-    if (role === "web") {
-      stats.web++;
-      continue;
-    }
-    const before = eventText(row);
-    const entry = normalizeEntry(role, before, stats, options);
-    if (!entry) continue;
-    const dedupeKey = entry.replace(/\s+/g, " ").trim();
-    if (seenEntries.has(dedupeKey)) continue;
-    seenEntries.add(dedupeKey);
-    if (entry.includes("[omitted: browser/session/auth internals")) stats.omittedUnsafe++;
-    items.push(entry);
-    stats.entries++;
-    if (role === "user") stats.user++;
-    if (role === "assistant") stats.assistant++;
-  }
-  if (toolCounts.size) {
-    items.push(`[tool summary]\n${compactToolSummary(toolCounts, stats.toolOutputsDropped)}`);
-    stats.entries++;
-  }
-  const renderedItems = coalesceEntries(items);
-  recountEntries(stats, renderedItems);
-  const maxChars = Number(options.maxChars || DEFAULT_MAX_CHARS);
-  let joined = renderedItems.join("\n\n");
-  if (joined.length > maxChars) joined = `${joined.slice(0, maxChars).trimEnd()}\n\n...[transcript truncated to ${maxChars} chars]`;
-  const headerBits = [options.title, options.url].filter(Boolean).join(" | ");
-  const unsafeAfter = unsafe(joined);
-  const safe = unsafeAfter.length === 0;
-  const markdown = `${MARKER_START}
-## Agent Transcript
-
-<details>
-<summary>Redacted ${agent} session transcript${headerBits ? `: ${redact(headerBits, stats)}` : ""}</summary>
-
-\`\`\`\`text
-source: [LOCAL_SESSION]
-redaction: local paths, emails, phone-shaped strings, token-shaped strings, auth headers, auth query params
-omitted: raw tool outputs, system/developer prompts, local paths, secrets, browser/session/auth details
-stats: ${JSON.stringify(stats)}
-
-${joined}
-\`\`\`\`
-
-</details>
-${MARKER_END}
-`;
-  return { file, agent, safe, unsafeAfter, stats, markdown };
-}
-
-function readBoundedText(file, maxBytes = 220000) {
-  const fd = fs.openSync(file, "r");
-  try {
-    const stat = fs.fstatSync(fd);
-    if (stat.size <= maxBytes) {
-      const buffer = Buffer.alloc(stat.size);
-      fs.readSync(fd, buffer, 0, stat.size, 0);
-      return buffer.toString("utf8");
-    }
-    const half = Math.floor(maxBytes / 2);
-    const head = Buffer.alloc(half);
-    const tail = Buffer.alloc(half);
-    fs.readSync(fd, head, 0, half, 0);
-    fs.readSync(fd, tail, 0, half, Math.max(0, stat.size - half));
-    return `${head.toString("utf8")}\n[...middle omitted for scan...]\n${tail.toString("utf8")}`;
-  } finally {
-    fs.closeSync(fd);
-  }
-}
-
-function sessionScanRecord(file, maxBytes) {
-  const stat = fs.statSync(file);
-  const agent = detectAgent(file, []);
-  return {
-    file,
-    agent,
-    mtime: new Date(stat.mtimeMs).toISOString(),
-    haystack: `${file}\n${readBoundedText(file, maxBytes)}`.toLowerCase(),
-  };
-}
-
-function scoreScanRecord(record, terms, cwd) {
-  const haystack = record.haystack;
-  let score = 0;
-  const reasons = [];
-  for (const term of terms) {
-    const normalized = term.toLowerCase().trim();
-    if (normalized.length < 3) continue;
-    if (haystack.includes(normalized)) {
-      score += Math.min(20, Math.max(3, Math.floor(normalized.length / 3)));
-      reasons.push(normalized.slice(0, 80));
-    }
-  }
-  if (cwd) {
-    const cwdLower = cwd.toLowerCase();
-    if (haystack.includes(cwdLower) || record.file.toLowerCase().includes(cwdLower.replaceAll("/", "-"))) {
-      score += 8;
-      reasons.push("cwd");
-    }
-  }
-  return { file: record.file, score, reasons, mtime: record.mtime, agent: record.agent };
-}
-
-function recentFiles(files, maxFiles) {
-  return files
-    .map((file) => {
-      try {
-        return { file, mtimeMs: fs.statSync(file).mtimeMs };
-      } catch {
-        return null;
-      }
-    })
-    .filter(Boolean)
-    .sort((a, b) => b.mtimeMs - a.mtimeMs)
-    .slice(0, maxFiles)
-    .map((entry) => entry.file);
-}
-
-function candidateFiles(roots, terms, sinceMs, options = {}) {
-  return recentFiles(roots.flatMap((root) => walkJsonl(root, sinceMs)), Number(options["max-files"] || 400));
-}
-
-function findSessions(options) {
-  const sinceDays = Number(options["since-days"] || 14);
-  const sinceMs = Date.now() - sinceDays * 24 * 60 * 60 * 1000;
-  const roots = asArray(options.root).length ? asArray(options.root) : defaultRoots();
-  const query = String(options.query || "");
-  const terms = query
-    .split(/\s+/)
-    .concat(query.match(/https?:\/\/\S+/g) || [])
-    .filter(Boolean);
-  const files = candidateFiles(roots, terms, sinceMs, options);
-  const scanBytes = Number(options["scan-bytes"] || 60000);
-  const results = files
-    .map((file) => scoreScanRecord(sessionScanRecord(file, scanBytes), terms, options.cwd))
-    .filter((result) => result.score > 0)
-    .sort((a, b) => b.score - a.score || b.mtime.localeCompare(a.mtime))
-    .slice(0, Number(options.limit || 10));
-  return results;
-}
-
-function sessionScanRecords(options) {
-  const sinceDays = Number(options["since-days"] || 14);
-  const sinceMs = Date.now() - sinceDays * 24 * 60 * 60 * 1000;
-  const roots = asArray(options.root).length ? asArray(options.root) : defaultRoots();
-  const excluded = new Set(asArray(options["exclude-session"]).map((file) => path.resolve(file)));
-  return roots
-    .flatMap((root) => walkJsonl(root, sinceMs))
-    .filter((file) => !excluded.has(path.resolve(file)))
-    .map((file) => sessionScanRecord(file, Number(options["scan-bytes"] || 90000)));
-}
-
-function replaceSection(body, section) {
-  const start = body.indexOf(MARKER_START);
-  const end = body.indexOf(MARKER_END);
-  if (start !== -1 && end !== -1 && end > start) {
-    return `${body.slice(0, start).trimEnd()}\n\n${section.trim()}\n\n${body.slice(end + MARKER_END.length).trimStart()}`;
-  }
-  return `${body.trimEnd()}\n\n${section.trim()}\n`;
-}
-
-function escapeHtml(text) {
-  return String(text)
-    .replaceAll("&", "&amp;")
-    .replaceAll("<", "&lt;")
-    .replaceAll(">", "&gt;")
-    .replaceAll('"', "&quot;");
-}
-
-function htmlDocument(records) {
-  const rows = records
-    .map((record) => `<section>
-<h2><a href="${escapeHtml(record.url || "")}">${escapeHtml(record.title || record.url || "PR")}</a></h2>
-<p><code>${escapeHtml(record.session ? "[LOCAL_SESSION]" : "no session")}</code> score: ${escapeHtml(record.score ?? "")} safe: ${escapeHtml(record.safe ?? "")}</p>
-<pre>${escapeHtml(record.markdown || record.error || "")}</pre>
-</section>`)
-    .join("\n");
-  return `<!doctype html>
-<meta charset="utf-8">
-<title>Agent Transcript Preview</title>
-<style>
-body{font:14px/1.45 system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;margin:32px;color:#1f2328;background:#fff}
-section{border-top:1px solid #d0d7de;padding:24px 0}
-h1,h2{line-height:1.2}
-pre{white-space:pre-wrap;background:#f6f8fa;border:1px solid #d0d7de;border-radius:6px;padding:16px;overflow:auto}
-code{background:#f6f8fa;padding:2px 4px;border-radius:4px}
-a{color:#0969da}
-</style>
-<h1>Agent Transcript Preview</h1>
-${rows}
-`;
-}
-
-function singlePreviewDocument(record) {
-  return htmlDocument([record]);
-}
-
-function readPrs(file) {
-  const raw = fs.readFileSync(file, "utf8");
-  const parsed = JSON.parse(raw);
-  return Array.isArray(parsed) ? parsed : parsed.items || parsed.prs || [];
-}
-
-function main() {
-  const [command, ...rest] = process.argv.slice(2);
-  const args = parseArgs(rest);
-  if (!command || command === "--help" || command === "-h" || args.help) {
-    usage();
-    return;
-  }
-  if (command === "find") {
-    console.log(JSON.stringify(findSessions(args), null, 2));
-    return;
-  }
-  if (command === "render") {
-    if (!args.session) throw new Error("--session is required");
-    const rendered = renderSession(args.session, args);
-    if (!rendered.safe) throw new Error(`unsafe transcript after redaction: ${rendered.unsafeAfter.join(", ")}`);
-    if (args.out) fs.writeFileSync(args.out, rendered.markdown);
-    else process.stdout.write(rendered.markdown);
-    return;
-  }
-  if (command === "preview") {
-    if (!args.session) throw new Error("--session is required");
-    const rendered = renderSession(args.session, args);
-    if (!rendered.safe) throw new Error(`unsafe transcript after redaction: ${rendered.unsafeAfter.join(", ")}`);
-    const output = singlePreviewDocument({
-      title: args.title || "Agent Transcript Preview",
-      url: args.url || "",
-      session: args.session,
-      safe: rendered.safe,
-      markdown: rendered.markdown,
-    });
-    if (args.out) fs.writeFileSync(args.out, output);
-    else process.stdout.write(output);
-    return;
-  }
-  if (command === "append-body") {
-    if (!args.body || !args.session) throw new Error("--body and --session are required");
-    const rendered = renderSession(args.session, args);
-    if (!rendered.safe) throw new Error(`unsafe transcript after redaction: ${rendered.unsafeAfter.join(", ")}`);
-    const body = fs.readFileSync(args.body, "utf8");
-    const next = replaceSection(body, rendered.markdown);
-    if (args.out) fs.writeFileSync(args.out, next);
-    else process.stdout.write(next);
-    return;
-  }
-  if (command === "html") {
-    if (!args.prs) throw new Error("--prs is required");
-    const records = [];
-    const scanRecords = sessionScanRecords(args);
-    const minScore = Number(args["min-score"] || 50);
-    for (const pr of readPrs(args.prs)) {
-      const query = [pr.url, pr.number ? `#${pr.number}` : "", pr.number, pr.title, pr.headRefName, pr.headRefName || pr.branch]
-        .filter(Boolean)
-        .join(" ");
-      const terms = query
-        .split(/\s+/)
-        .concat(query.match(/https?:\/\/\S+/g) || [])
-        .filter(Boolean);
-      const [candidate] = scanRecords
-        .map((record) => scoreScanRecord(record, terms, args.cwd))
-        .filter((result) => result.score >= minScore)
-        .sort((a, b) => b.score - a.score || b.mtime.localeCompare(a.mtime));
-      if (!candidate) {
-        records.push({ ...pr, error: "No local session match found." });
-        continue;
-      }
-      try {
-        const rendered = renderSession(candidate.file, { ...args, title: pr.title, url: pr.url });
-        records.push({
-          ...pr,
-          session: candidate.file,
-          score: candidate.score,
-          safe: rendered.safe,
-          markdown: rendered.markdown,
-        });
-      } catch (error) {
-        records.push({ ...pr, session: candidate.file, score: candidate.score, error: String(error) });
-      }
-    }
-    const output = htmlDocument(records);
-    if (args.out) fs.writeFileSync(args.out, output);
-    else process.stdout.write(output);
-    return;
-  }
-  usage();
-  process.exitCode = 2;
-}
-
-try {
-  main();
-} catch (error) {
-  console.error(error instanceof Error ? error.message : String(error));
-  process.exit(1);
-}
--- a/.agents/skills/autoreview/SKILL.md
+++ b/.agents/skills/autoreview/SKILL.md
@@ -26,12 +26,10 @@ Use when:
 - If a review-triggered fix changes code, rerun focused tests and rerun the structured review helper.
 - For security-audit suppression changes, verify accepted findings remain auditable: suppressed findings stay in structured output, active output keeps an unsuppressible suppression notice, and aggregate findings cannot hide unrelated active risk.
 - Never switch or override the requested review engine/model. If the review hits model capacity, retry the same command a few times with the same engine/model.
- Be patient with large bundles. Structured review can take up to 30 minutes while the model call is active, especially with Codex tools or web search.
- Treat heartbeat lines like `review still running: ... elapsed=... pid=...` as healthy progress, not a hang. Let the helper continue while heartbeats are advancing. Pass `--stream-engine-output` when live engine text is useful; Codex and Claude filter tool/file chatter, other engines pass raw output through.
- Do not kill a review just because it has been quiet for 2-5 minutes, or because it is still running under the 30-minute window. Inspect the process only after missing multiple expected heartbeats, after 30 minutes, or after an obviously failed subprocess; prefer letting the same helper command finish.
+- Be patient with large bundles. Structured review can be silent for several minutes while the model call is active, especially with Codex tools or web search. Treat `review still running: ... elapsed=... pid=...` as healthy progress, not a hang.
+- Do not kill a review just because it has been quiet for 2-5 minutes. Inspect the process only after multiple heartbeat intervals or an obviously failed subprocess; prefer letting the same helper command finish.
 - Tools are useful in review mode. The helper allows read-only inspection tools and web search by default so reviewers can check dependency contracts, upstream docs, and current behavior.
 - Security perspective is always included, but it should not cripple legitimate functionality. Report security findings only when the change creates a concrete, actionable risk or removes an important safety check.
- For regression provenance, if no blamed PR is traceable, use the blamed commit as the provenance: commit SHA, date, and author username. Do not guess a merger or frame missing PR metadata as a separate finding.
 - Do not invoke built-in `codex review`, nested reviewers, or reviewer panels from inside the review. The helper builds one bundle, calls one selected engine, validates one structured result, and stops.
 - Stop as soon as the helper exits 0 with no accepted/actionable findings. Do not run an extra review just to get a nicer "clean" line, a second opinion, or clearer closeout wording.
 - Treat the helper's successful exit plus absence of actionable findings as the clean review result, even if the underlying Codex CLI output is terse.
@@ -169,12 +167,11 @@ The helper:
 - supports `--engine codex`, `claude`, `droid`, and `copilot`; default is `AUTOREVIEW_ENGINE` or `codex`; Codex should remain the default when nothing is set
 - use `--mode commit --commit <ref>` for already-committed work, especially clean `main` after landing
 - should be left in `--mode auto` or forced to `--mode branch` for PR/branch work; do not force `--mode local` after committing
- writes only to stdout unless `--output`, `--json-output`, or live streamed engine stderr is set
+- writes only to stdout unless `--output` or `--json-output` is set
 - supports `--dry-run`, `--parallel-tests`, `--prompt`, `--prompt-file`, `--dataset`, `--no-tools`, `--no-web-search`, and commit refs
- supports `--stream-engine-output` or `AUTOREVIEW_STREAM_ENGINE_OUTPUT=1` for live engine text while preserving structured validation; Codex and Claude hide tool/file event details, emit compact activity summaries, and report usage at turn completion
 - supports opt-in review panels with `--panel` / `--reviewers`, plus per-engine `--model` and `--thinking`
 - allows read-only tools and web search by default where the selected CLI supports them; forbids nested review in the prompt; Codex is run through `codex exec` with read-only sandbox and structured output
- prints `review still running: <engine> elapsed=<seconds>s pid=<pid>` to stderr at long-running intervals while waiting for the selected review engine, unless streamed output or compact Codex activity has been visible recently
+- prints `review still running: <engine> elapsed=<seconds>s pid=<pid>` to stderr at long-running intervals while waiting for the selected review engine
 - prints `autoreview clean: no accepted/actionable findings reported` when the selected review command exits 0
 - exits nonzero when accepted/actionable findings are present

--- a/.agents/skills/autoreview/scripts/autoreview
+++ b/.agents/skills/autoreview/scripts/autoreview
@@ -6,15 +6,13 @@ import concurrent.futures
 import copy
 import json
 import os
-import queue
 import subprocess
 import sys
 import tempfile
 import textwrap
-import threading
 import time
 from pathlib import Path
-from typing import Any, Callable
+from typing import Any


 ENGINES = ("codex", "claude", "droid", "copilot")
@@ -102,18 +100,7 @@ def run_with_heartbeat(
    input_text: str | None = None,
    label: str,
    heartbeat_seconds: int = 60,
-    stream_output: bool = False,
-    stream_display: Callable[[str, str], str | None] | None = None,
 ) -> subprocess.CompletedProcess[str]:
-    if stream_output:
-        return run_with_stream(
-            args,
-            cwd,
-            input_text=input_text,
-            label=label,
-            heartbeat_seconds=heartbeat_seconds,
-            stream_display=stream_display,
-        )
    started = time.monotonic()
    proc = subprocess.Popen(
        args,
@@ -137,82 +124,6 @@ def run_with_heartbeat(
            print(f"review still running: {label} elapsed={elapsed}s pid={proc.pid}", file=sys.stderr, flush=True)


-def run_with_stream(
-    args: list[str],
-    cwd: Path,
-    *,
-    input_text: str | None,
-    label: str,
-    heartbeat_seconds: int,
-    stream_display: Callable[[str, str], str | None] | None,
-) -> subprocess.CompletedProcess[str]:
-    started = time.monotonic()
-    proc = subprocess.Popen(
-        args,
-        cwd=cwd,
-        stdin=subprocess.PIPE if input_text is not None else None,
-        stdout=subprocess.PIPE,
-        stderr=subprocess.PIPE,
-        text=True,
-        bufsize=1,
-    )
-    events: queue.Queue[tuple[str, str | None]] = queue.Queue()
-    stdout_parts: list[str] = []
-    stderr_parts: list[str] = []
-
-    def read_stream(name: str, stream: Any) -> None:
-        try:
-            for line in iter(stream.readline, ""):
-                events.put((name, line))
-        finally:
-            events.put((name, None))
-
-    def write_stdin() -> None:
-        if proc.stdin is None or input_text is None:
-            return
-        try:
-            proc.stdin.write(input_text)
-            proc.stdin.close()
-        except BrokenPipeError:
-            return
-
-    threads = [
-        threading.Thread(target=read_stream, args=("stdout", proc.stdout), daemon=True),
-        threading.Thread(target=read_stream, args=("stderr", proc.stderr), daemon=True),
-    ]
-    for thread in threads:
-        thread.start()
-    stdin_thread = threading.Thread(target=write_stdin, daemon=True)
-    stdin_thread.start()
-
-    open_streams = 2
-    while open_streams:
-        try:
-            name, line = events.get(timeout=heartbeat_seconds)
-        except queue.Empty:
-            elapsed = int(time.monotonic() - started)
-            print(f"review still running: {label} elapsed={elapsed}s pid={proc.pid}", file=sys.stderr, flush=True)
-            continue
-        if line is None:
-            open_streams -= 1
-            continue
-        if name == "stdout":
-            stdout_parts.append(line)
-        else:
-            stderr_parts.append(line)
-        display = stream_display(name, line) if stream_display else line
-        if display:
-            target = sys.stdout if name == "stdout" else sys.stderr
-            target.write(display)
-            target.flush()
-
-    for thread in threads:
-        thread.join()
-    stdin_thread.join(timeout=1)
-    returncode = proc.wait()
-    return subprocess.CompletedProcess(args, returncode, "".join(stdout_parts), "".join(stderr_parts))
-
-
 def git(repo: Path, *args: str, check: bool = True) -> str:
    return run(["git", *args], repo, check=check).stdout

@@ -425,11 +336,9 @@ def run_codex(args: argparse.Namespace, repo: Path, prompt: str) -> str:
        cmd.extend(["--model", args.model])
    if args.thinking:
        cmd.extend(["-c", f'model_reasoning_effort="{args.thinking}"'])
-    cmd.append("exec")
-    if args.stream_engine_output:
-        cmd.append("--json")
    cmd.extend(
        [
+            "exec",
            "--ephemeral",
            "-C",
            str(repo),
@@ -442,14 +351,7 @@ def run_codex(args: argparse.Namespace, repo: Path, prompt: str) -> str:
            "-",
        ]
    )
-    result = run_with_heartbeat(
-        cmd,
-        repo,
-        input_text=prompt,
-        label="codex",
-        stream_output=args.stream_engine_output,
-        stream_display=CodexStreamDisplay() if args.stream_engine_output else None,
-    )
+    result = run_with_heartbeat(cmd, repo, input_text=prompt, label="codex")
    try:
        output = output_path.read_text()
    finally:
@@ -466,7 +368,7 @@ def run_claude(args: argparse.Namespace, repo: Path, prompt: str) -> str:
        "--print",
        "--no-session-persistence",
        "--output-format",
-        "stream-json" if args.stream_engine_output else "json",
+        "json",
        "--json-schema",
        json.dumps(SCHEMA),
    ]
@@ -474,20 +376,11 @@ def run_claude(args: argparse.Namespace, repo: Path, prompt: str) -> str:
        cmd.extend(["--allowedTools", claude_allowed_tools(args)])
    else:
        cmd.extend(["--tools", ""])
-    if args.stream_engine_output:
-        cmd.append("--verbose")
    if args.model:
        cmd.extend(["--model", args.model])
    if args.thinking:
        cmd.extend(["--effort", args.thinking])
-    result = run_with_heartbeat(
-        cmd,
-        repo,
-        input_text=prompt,
-        label="claude",
-        stream_output=args.stream_engine_output,
-        stream_display=ClaudeStreamDisplay() if args.stream_engine_output else None,
-    )
+    result = run_with_heartbeat(cmd, repo, input_text=prompt, label="claude")
    if result.returncode != 0:
        raise SystemExit(f"claude engine failed ({result.returncode})\n{result.stderr or result.stdout}")
    return result.stdout
@@ -512,7 +405,7 @@ def run_droid(args: argparse.Namespace, repo: Path, prompt: str) -> str:
        cmd.extend(["--model", args.model])
    if not args.tools:
        cmd.extend(["--disabled-tools", "*"])
-    result = run_with_heartbeat(cmd, repo, label="droid", stream_output=args.stream_engine_output)
+    result = run_with_heartbeat(cmd, repo, label="droid")
    prompt_path.unlink(missing_ok=True)
    if result.returncode != 0:
        raise SystemExit(f"droid engine failed ({result.returncode})\n{result.stderr or result.stdout}")
@@ -537,7 +430,7 @@ def run_copilot(args: argparse.Namespace, repo: Path, prompt: str) -> str:
            "--output-format",
            "json",
            "--stream",
-            "on" if args.stream_engine_output else "off",
+            "off",
            "--no-ask-user",
            "--disable-builtin-mcps",
        ]
@@ -554,142 +447,12 @@ def run_copilot(args: argparse.Namespace, repo: Path, prompt: str) -> str:
        )
        if args.web_search:
            cmd.append("--allow-all-urls")
-        result = run_with_heartbeat(cmd, Path(tempdir), label="copilot", stream_output=args.stream_engine_output)
+        result = run_with_heartbeat(cmd, Path(tempdir), label="copilot")
    if result.returncode != 0:
        raise SystemExit(f"copilot engine failed ({result.returncode})\n{result.stderr or result.stdout}")
    return result.stdout


-class CodexStreamDisplay:
-    def __init__(self, *, activity_seconds: int = 20) -> None:
-        self.activity_seconds = activity_seconds
-        self.hidden_events = 0
-        self.last_visible = time.monotonic()
-
-    def __call__(self, name: str, line: str) -> str | None:
-        if name != "stdout":
-            return line
-        try:
-            event = json.loads(line)
-        except json.JSONDecodeError:
-            return self.visible(line)
-        event_type = event.get("type")
-        if event_type == "thread.started":
-            return self.visible(f"codex thread: {event.get('thread_id', '<unknown>')}\n")
-        if event_type == "turn.started":
-            return self.visible("codex turn started\n")
-        if event_type == "turn.completed":
-            usage = event.get("usage")
-            message = format_codex_usage(usage) + "\n" if isinstance(usage, dict) else "codex turn completed\n"
-            return self.visible(self.flush_hidden() + message)
-        item = event.get("item")
-        if isinstance(item, dict) and item.get("type") == "agent_message" and isinstance(item.get("text"), str):
-            return self.visible(self.flush_hidden() + item["text"].rstrip() + "\n")
-        return self.hidden_activity()
-
-    def hidden_activity(self) -> str | None:
-        self.hidden_events += 1
-        if time.monotonic() - self.last_visible < self.activity_seconds:
-            return None
-        return self.visible(self.flush_hidden())
-
-    def flush_hidden(self) -> str:
-        if not self.hidden_events:
-            return ""
-        count = self.hidden_events
-        self.hidden_events = 0
-        return f"codex activity: {count} hidden tool/status events\n"
-
-    def visible(self, text: str) -> str:
-        self.last_visible = time.monotonic()
-        return text
-
-
-class ClaudeStreamDisplay:
-    def __init__(self, *, activity_seconds: int = 20) -> None:
-        self.activity_seconds = activity_seconds
-        self.hidden_events = 0
-        self.last_visible = time.monotonic()
-        self.started = False
-
-    def __call__(self, name: str, line: str) -> str | None:
-        if name != "stdout":
-            return line
-        try:
-            event = json.loads(line)
-        except json.JSONDecodeError:
-            return self.visible(line)
-        event_type = event.get("type")
-        if event_type == "system" and not self.started:
-            self.started = True
-            return self.visible("claude turn started\n")
-        if event_type == "assistant":
-            return self.assistant_message(event)
-        if event_type == "result":
-            return self.visible(self.flush_hidden() + self.result_summary(event))
-        return self.hidden_activity()
-
-    def assistant_message(self, event: dict[str, Any]) -> str | None:
-        message = event.get("message")
-        if not isinstance(message, dict):
-            return self.hidden_activity()
-        chunks: list[str] = []
-        for item in message.get("content", []):
-            if not isinstance(item, dict):
-                continue
-            if item.get("type") == "text" and isinstance(item.get("text"), str):
-                chunks.append(item["text"].rstrip())
-        if chunks:
-            return self.visible(self.flush_hidden() + "\n".join(chunks) + "\n")
-        return self.hidden_activity()
-
-    def result_summary(self, event: dict[str, Any]) -> str:
-        usage = event.get("usage")
-        fields: list[str] = []
-        if isinstance(usage, dict):
-            for key in (
-                "input_tokens",
-                "cache_read_input_tokens",
-                "cache_creation_input_tokens",
-                "output_tokens",
-            ):
-                value = usage.get(key)
-                if isinstance(value, int):
-                    fields.append(f"{key}={value}")
-        cost = event.get("total_cost_usd")
-        if isinstance(cost, (int, float)) and not isinstance(cost, bool):
-            fields.append(f"cost_usd={cost:.6f}")
-        return "claude usage: " + " ".join(fields) + "\n" if fields else "claude turn completed\n"
-
-    def hidden_activity(self) -> str | None:
-        self.hidden_events += 1
-        if time.monotonic() - self.last_visible < self.activity_seconds:
-            return None
-        return self.visible(self.flush_hidden())
-
-    def flush_hidden(self) -> str:
-        if not self.hidden_events:
-            return ""
-        count = self.hidden_events
-        self.hidden_events = 0
-        return f"claude activity: {count} hidden tool/status events\n"
-
-    def visible(self, text: str) -> str:
-        self.last_visible = time.monotonic()
-        return text
-
-
-def format_codex_usage(usage: dict[str, Any]) -> str:
-    fields = [
-        "input_tokens",
-        "cached_input_tokens",
-        "output_tokens",
-        "reasoning_output_tokens",
-    ]
-    parts = [f"{field}={usage[field]}" for field in fields if isinstance(usage.get(field), int)]
-    return "codex usage: " + " ".join(parts) if parts else "codex usage: unavailable"
-
-
 def claude_allowed_tools(args: argparse.Namespace) -> str:
    tools = [tool.strip() for tool in args.claude_allowed_tools.split(",") if tool.strip()]
    if not args.web_search:
@@ -727,7 +490,7 @@ def extract_json(text: str) -> dict[str, Any]:


 def extract_json_from_jsonl(text: str) -> dict[str, Any] | None:
-    candidates: list[str | dict[str, Any]] = []
+    candidates: list[str] = []
    for line in text.splitlines():
        line = line.strip()
        if not line:
@@ -746,13 +509,7 @@ def extract_json_from_jsonl(text: str) -> dict[str, Any] | None:
            candidates.append(data["content"])
        if isinstance(event.get("result"), str):
            candidates.append(event["result"])
-        if isinstance(event.get("structured_output"), dict):
-            candidates.append(event["structured_output"])
    for candidate in reversed(candidates):
-        if isinstance(candidate, dict):
-            if "findings" in candidate:
-                return candidate
-            continue
        parsed = parse_json_candidate(candidate)
        if isinstance(parsed, dict) and "findings" in parsed:
            return parsed
@@ -916,12 +673,6 @@ def parse_args() -> argparse.Namespace:
    parser.add_argument("--dataset", action="append", help="Extra evidence file to include in the review bundle.")
    parser.add_argument("--output", help="Write human output to a file as well as stdout.")
    parser.add_argument("--json-output", help="Write validated structured review JSON.")
-    parser.add_argument(
-        "--stream-engine-output",
-        action="store_true",
-        default=os.environ.get("AUTOREVIEW_STREAM_ENGINE_OUTPUT") == "1",
-        help="Stream review engine output while preserving buffered output for validation. Codex output is filtered to hide tool/file chatter.",
-    )
    parser.add_argument("--parallel-tests", help="Run a test command concurrently with review; failure fails the helper.")
    parser.add_argument("--require-finding", action="append", default=[], help="Require finding text to contain this substring.")
    parser.add_argument("--expect-findings", action="store_true", help="Treat findings as success; for harness acceptance tests.")
--- a/.agents/skills/crabbox/SKILL.md
+++ b/.agents/skills/crabbox/SKILL.md
@@ -149,7 +149,7 @@ pnpm crabbox:run -- \
  --ttl 240m \
  --timing-json \
  --shell -- \
-  "pnpm test:changed"
+  "env CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test:changed"
 ```

 Full suite:
@@ -160,14 +160,9 @@ pnpm crabbox:run -- \
  --ttl 240m \
  --timing-json \
  --shell -- \
-  "pnpm verify"
+  "env CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test"
 ```

-Use `pnpm verify` when you need check plus full Vitest proof. It emits
-`CRABBOX_PHASE:check` and `CRABBOX_PHASE:test`, making Crabbox summaries show
-which stage failed. Use plain `pnpm test` only when check proof is already
-covered or intentionally skipped.
-
 Focused rerun:

 ```sh
@@ -176,7 +171,7 @@ pnpm crabbox:run -- \
  --ttl 240m \
  --timing-json \
  --shell -- \
-  "pnpm test <path-or-filter>"
+  "env CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test <path-or-filter>"
 ```

 Read the JSON summary. Useful fields:
@@ -211,7 +206,7 @@ node scripts/crabbox-wrapper.mjs run \
  --ttl 240m \
  --timing-json \
  -- \
-  corepack pnpm check:changed
+  CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 OPENCLAW_TESTBOX=1 OPENCLAW_TESTBOX_REMOTE_RUN=1 pnpm check:changed
 ```

 Read the JSON summary and the Testbox line. Useful fields:
@@ -549,14 +544,14 @@ If brokered AWS cannot dispatch, sync, attach, or stop, retry once with

 ```sh
 pnpm crabbox:run -- --debug --timing-json -- \
-  pnpm test:changed
+  CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test:changed
 ```

 Full suite:

 ```sh
 pnpm crabbox:run -- --debug --timing-json -- \
-  pnpm test
+  CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test
 ```

 Auth fallback, only when `blacksmith` says auth is missing:
@@ -596,7 +591,7 @@ Minimal Blacksmith-backed Crabbox run, from repo root:

 ```sh
 pnpm crabbox:run -- --provider blacksmith-testbox --timing-json -- \
-  corepack pnpm test:changed
+  CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test:changed
 ```

 Use direct Blacksmith only when Crabbox is the broken layer and you are
@@ -622,7 +617,7 @@ provider deliberately.
 ```sh
 pnpm crabbox:warmup -- --class beast --market on-demand --idle-timeout 90m
 pnpm crabbox:hydrate -- --id <cbx_id-or-slug>
-pnpm crabbox:run -- --id <cbx_id-or-slug> --timing-json --shell -- "pnpm test:changed"
+pnpm crabbox:run -- --id <cbx_id-or-slug> --timing-json --shell -- "env NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test:changed"
 pnpm crabbox:stop -- <cbx_id-or-slug>
 ```

--- a/.agents/skills/openclaw-changelog-update/SKILL.md
+++ b/.agents/skills/openclaw-changelog-update/SKILL.md
@@ -1,87 +0,0 @@
---
-name: openclaw-changelog-update
-description: Regenerate OpenClaw release changelog sections from git history before beta or stable releases.
---
-
-# OpenClaw Changelog Update
-
-Use this for release changelog rewrites and GitHub release-note source text.
-Use it with `release-openclaw-maintainer`; this skill owns changelog content,
-ordering, and audit discipline.
-
-## Goal
-
-Rewrite the target `CHANGELOG.md` version section from history, not from stale
-draft notes. Produce user-facing release notes sorted by user interest while
-preserving issue/PR refs and thanks.
-
-## Inputs
-
- Target base version: `YYYY.M.D`, without beta suffix.
- Base tag: last reachable shipped release tag, usually the previous stable or
-  the previous beta train requested by the operator.
- Target ref: exact branch/SHA being released.
-
-## Workflow
-
-1. Start on `main` before branching when possible:
-   - `git fetch --tags origin`
-   - `git pull --ff-only`
-   - confirm clean `git status -sb`
-2. Audit history, including direct commits:
-   - `git log --first-parent --date=iso-strict --pretty=format:'%h%x09%ad%x09%s' <base-tag>..<target-ref>`
-   - `git log --first-parent --grep='(#' --date=short --pretty=format:'%h%x09%ad%x09%s' <base-tag>..<target-ref>`
-   - also inspect `--since='24 hours ago'` when main moved during the release.
-3. Read linked PRs/issues or diffs for ambiguous commits. Direct commits matter;
-   infer notes from subject, body, touched files, tests, and nearby commits.
-4. Rewrite one stable-base section only:
-   - use `## YYYY.M.D`
-   - do not create beta-specific headings
-   - do not leave a stale `## Unreleased` section above the target release
-   - if `Unreleased` contains release-bound notes, fold them into the target
-     section instead of deleting them
-5. Section shape:
-   - `### Highlights`: 5-8 bullets, broad user wins first
-   - `### Changes`: new capabilities and behavior changes
-   - `### Fixes`: user-facing fixes first, grouped by impact and surface
-6. Preserve attribution:
-   - keep `#issue`, `(#PR)`, `Fixes #...`, and `Thanks @...`
-   - do not add GHSA references, advisory IDs, or security advisory slugs to
-     changelog entries or GitHub release-note text unless explicitly requested
-   - never thank bots, `@openclaw`, `@clawsweeper`, or `@steipete`
-   - if grouping multiple entries, carry all relevant refs and thanks into the
-     grouped bullet
-7. Sorting preference:
-   - security/data-loss and content-boundary fixes
-   - transcript/replay/reply delivery correctness
-   - channels and mobile integrations
-   - providers/Codex/local model reliability
-   - install/update/release path reliability
-   - performance and observability
-   - docs and contributor-only/internal details last or omitted
-8. Keep bullets single-line unless existing file style forces otherwise. Avoid
-   internal release-process noise unless it changes user install/update safety.
-9. Check release-note side conditions:
-   - inspect `src/plugins/compat/registry.ts`
-   - inspect `src/commands/doctor/shared/deprecation-compat.ts`
-   - if any compatibility `removeAfter` is on/before release date, resolve it
-     or explicitly record the blocker before shipping
-10. Validate and ship:
-   - `git diff --check`
-   - for docs/changelog-only changes, no broad tests are required
-   - commit with `scripts/committer "docs(changelog): refresh YYYY.M.D notes" CHANGELOG.md`
-   - push, pull/rebase if needed, then branch/rebase release from latest `main`
-
-## Quota / API Outage Rule
-
-If GitHub API quota is exhausted, do not idle. Continue work that does not need
-GitHub API:
-
- local changelog rewrite and release-note extraction
- local pretag checks and package/build sanity
- git push/tag checks over git protocol
- npm registry `npm view` checks
- exact workflow-dispatch command preparation
-
-Only GitHub Release creation, workflow dispatch, run polling, artifact download,
-and issue/PR mutation need API quota.
--- a/.agents/skills/openclaw-landable-bug-sweep/SKILL.md
+++ b/.agents/skills/openclaw-landable-bug-sweep/SKILL.md
@@ -89,11 +89,11 @@ Reject:
   - if unwritable or wrong shape, create own PR and preserve useful contributor credit
   - if no PR exists, create one
   - add regression test when it fits
-   - release-note context for user-facing fixes in PR body or commit message; credit human reporter/contributor when known
+   - changelog for user-facing fixes; thank credited human reporter/contributor
 6. Review, refresh, and publish:
   - rebase or otherwise refresh the PR branch on current `origin/main`
   - resolve drift, including newly exposed CI failures, rather than counting the PR as ready
-   - do not add `CHANGELOG.md` during normal sweep PRs; release automation generates it from PRs and commits
+   - changelog-only conflicts are routine on busy `main`; resolve them mechanically when already refreshing, but do not treat them as a real code conflict, a reason to reject the PR, or evidence that the branch needs extra fixup beyond the changelog entry order
   - left-test the rebased head with the smallest meaningful local/Testbox/live command that proves the bug
   - run `$autoreview` until no accepted/actionable findings remain before creating, updating, or presenting the PR URL
   - create/update PR with real body and proof fields
--- a/.agents/skills/openclaw-pr-maintainer/SKILL.md
+++ b/.agents/skills/openclaw-pr-maintainer/SKILL.md
@@ -139,12 +139,12 @@ Issue triage is review/prove/patch-local by default:
 2. Fix only issues that are easy, high-confidence, and narrowly owned by the implicated path.
 3. Add focused regression proof when practical.
 4. Stop with the dirty diff, touched files, and test/gate output for maintainer review.
-5. After maintainer approval to ship, make one commit per accepted fix, with release-note context in the PR body or commit message when user-facing.
+5. After maintainer approval to ship, make one commit per accepted fix, with its own changelog entry when user-facing.
 6. Pull/rebase, push, then comment and close only the issues that were fixed or explicitly triaged closed.

 Do not batch unrelated issue fixes into one commit. Do not publish, comment, close, or label during the review/prove phase.

-Missing `CHANGELOG.md` is not a PR review finding or merge blocker. If landing/fixing a user-visible change, make sure the PR body or commit message captures the release-note context; never ask or block solely on it.
+Missing changelog is not a PR review finding or merge blocker. If landing/fixing a user-visible change, add/update changelog automatically when practical; never ask or block solely on it.

 Only list candidates that pass all gates:

@@ -168,22 +168,13 @@ Output only qualifying candidates, with: ref, surface, proof, cause, fix sketch,

 - Start every PR review with 1-3 plain sentences explaining what the change does and why it matters. Put this before `Findings`.
 - Then list findings first. If none, say `No blocking findings` or `No findings`.
- Show size near the top as `LOC: +<additions>/-<deletions> (<changedFiles> files)`, using live PR stats or local diff stats.
 - Always answer: bug/behavior being fixed, PR/issue URL and affected surface, provenance for regressions when traceable, and best-fix verdict.
 - For bug/regression fixes, include a compact `Provenance:` line after cause/root-cause when a bounded history pass can identify it. Use `git log -S/-G`, `git blame`, linked PRs/issues, and tests.
- Provenance must separate roles when they differ: blamed code author username, blamed PR author username, blamed PR merger/committer username, automerge trigger when known, current PR author username, PR number, and date. Do not collapse them into one "introduced by" actor.
- If the blamed PR was merged by `clawsweeper[bot]` or another automation, identify the human trigger when practical. Check live PR timeline/comments first; if rate-limited, use gitcrawl/cache or public PR HTML. Look for maintainer command comments such as `@clawsweeper automerge`, `/landpr`, labels/events that armed automerge, and ClawSweeper status comments. Report `automerge triggered by @login`; if not found, say trigger unknown rather than naming the bot as the human decision-maker.
+- Provenance must separate roles when they differ: blamed code author username, blamed PR merger/committer username, current PR author username, PR number, and date. Do not collapse them into one "introduced by" actor.
 - For any confirmed bug, run `git blame` on the implicated line(s) after identifying the root cause. Report who broke it as the blamed PR merger/committer, and also name the blamed code author. Include the PR number. If no PR is traceable, use the blamed commit as the provenance: commit SHA, date, and author username. Do not guess a merger or frame missing PR metadata as a separate finding.
 - Phrase provenance as `introduced by`, `made visible by`, or `carried forward by`, with confidence (`clear`, `likely`, `unknown`). If unclear, say what evidence is missing instead of guessing. For features, docs, and refactors, use `Provenance: N/A` or omit it when no broken behavior is being fixed.
 - Keep summaries compact, but include enough proof that the verdict is auditable without rereading the PR.

-LOC proof:
-
-```bash
-gh pr view <number> --json additions,deletions,changedFiles \
-  --jq '"LOC: +\(.additions)/-\(.deletions) (\(.changedFiles) files)"'
-```
-
 ## Read beyond the diff

 - Review the surrounding code path, not just changed lines. Open the caller, callee, data contracts, adjacent tests, and owner module.
@@ -203,7 +194,7 @@ gh pr view <number> --json additions,deletions,changedFiles \
 - Before landing, require:
  1. symptom evidence such as a repro, logs, or a failing test
  2. a verified root cause in code with file/line
-  3. blame-backed provenance for regressions when traceable, including blamed PR merger and automerge trigger when known, or commit SHA/date when no PR is traceable
+  3. blame-backed provenance for regressions when traceable, including blamed PR merger and date, or commit SHA/date when no PR is traceable
  4. a fix that touches the implicated code path
  5. a regression test when feasible, or explicit manual verification plus a reason no test was added
 - If the claim is unsubstantiated or likely wrong, request evidence or changes instead of merging.
@@ -253,8 +244,9 @@ gh search issues --repo openclaw/openclaw --match title,body --limit 50 \

 ## Follow PR review and landing hygiene

- Never mention release-note bookkeeping in review-only output. It is landing
-  or release-generation mechanics, not a correctness finding.
+- Never mention merge conflicts that are relatively easy to resolve, such as
+  `CHANGELOG.md` entries, in review-only output. These are landing mechanics,
+  not correctness findings.
 - If bot review conversations exist on your PR, address them and resolve them yourself once fixed.
 - Leave a review conversation unresolved only when reviewer or maintainer judgment is still needed.
 - Before landing any PR with non-trivial code changes, run `$autoreview` until no accepted/actionable findings remain, unless equivalent manual review already covered it, the change is trivial/docs-only, or the user opts out.
--- a/.agents/skills/openclaw-testing/SKILL.md
+++ b/.agents/skills/openclaw-testing/SKILL.md
@@ -68,7 +68,6 @@ scripts/crabbox-wrapper.mjs` for Testbox, and `git commit --no-verify` only
 pnpm changed:lanes --json
 pnpm check:changed       # changed typecheck/lint/guards; no Vitest
 pnpm test:changed        # cheap smart changed Vitest targets
-pnpm verify              # full check, then full Vitest
 OPENCLAW_TEST_CHANGED_BROAD=1 pnpm test:changed
 pnpm test <path-or-filter> -- --reporter=verbose
 OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test <path-or-filter>
@@ -90,8 +89,6 @@ status checks or install reconciliation in a linked worktree.
 - `pnpm check` and `pnpm check:changed` do not run Vitest tests. They are for
  typecheck, lint, and guard proof.
 - `pnpm test` and `pnpm test:changed` run Vitest tests.
- `pnpm verify` runs `pnpm check`, then `pnpm test`, with Crabbox phase markers
-  so remote summaries show which half failed.
 - `pnpm test:changed` is intentionally cheap by default: direct test edits,
  sibling tests, explicit source mappings, and import-graph dependents.
 - `OPENCLAW_TEST_CHANGED_BROAD=1 pnpm test:changed` is the explicit broad
--- a/.agents/skills/release-openclaw-mac/SKILL.md
+++ b/.agents/skills/release-openclaw-mac/SKILL.md
@@ -5,19 +5,22 @@ description: "Run or recover OpenClaw macOS release signing, notarization, appca

 # OpenClaw Mac Release

-Use with `$release-openclaw-maintainer`, `$release-openclaw-ci`, `$one-password`, and `$release-private` if it exists when stable macOS assets, private mac preflight, notarization, appcast promotion, or mac release recovery is involved.
+Use with `$release-openclaw-maintainer`, `$release-openclaw-ci`, and `$one-password` when stable macOS assets, private mac preflight, notarization, appcast promotion, or mac release recovery is involved.

 ## Credentials

- Resolve Peter-owned ASC item refs, key ids, issuer ids, and service-token provenance from `$release-private`.
+- Canonical ASC item: vault `Molty`, title `API Key - App Store Connect - Personal - Release`.
 - Fields: `private_key_p8`, `key_id`, `issuer_id`.
+- Current known good key id: `AKVLXW849T`.
+- Legacy mirror: vault `Private`, title `API Key - App Store Connect - Personal`; keep it synced for older refs.
 - Stale/revoked key symptom: `xcrun notarytool submit` fails with `HTTP status code: 401. Unauthenticated`.
 - Validate candidate ASC credentials with `xcrun notarytool history` before setting GitHub secrets.

 ## 1Password

 - Use `$one-password`: all `op` work inside one persistent tmux session, no secret output.
- Use the service-token guidance from `$release-private` when available.
+- Prefer `OP_SERVICE_ACCOUNT_TOKEN` from `~/.profile` for Molty reads.
+- Do not assume `MOLTY_OP_SERVICE_ACCOUNT_TOKEN` is alive; it has previously pointed at a deleted service account.
 - If a service token fails, run status-only checks: token present/length and `op whoami`; never print token values.
 - If desktop app auth is needed but Touch ID is unavailable, set `OP_BIOMETRIC_UNLOCK_ENABLED=false` for the manual `op account add --signin` path.

--- a/.agents/skills/release-openclaw-maintainer/SKILL.md
+++ b/.agents/skills/release-openclaw-maintainer/SKILL.md
@@ -5,7 +5,7 @@ description: Prepare or verify OpenClaw stable/beta releases, changelogs, releas

 # OpenClaw Release Maintainer

-Use this skill for release and publish-time workflow. Load `$release-private` if it exists before resolving Peter-owned credential locators or private host topology. Keep ordinary development changes and GHSA-specific advisory work outside this skill.
+Use this skill for release and publish-time workflow. Keep ordinary development changes and GHSA-specific advisory work outside this skill.

 ## Respect release guardrails

@@ -23,8 +23,7 @@ Use this skill for release and publish-time workflow. Load `$release-private` if
  green. Then branch from that commit so regular development can continue on
  `main` while release validation runs.
 - Before release branching, commit any dirty files in coherent groups, push,
-  pull/rebase, then generate `CHANGELOG.md` on `main` from merged PRs and all
-  direct commits since the last reachable release tag. Commit/push/pull that
+  pull/rebase, then run `/changelog` on `main` and commit/push/pull that
  changelog rewrite immediately before creating the release branch.
 - During release planning, inspect both `src/plugins/compat/registry.ts` and
  `src/commands/doctor/shared/deprecation-compat.ts` before branching and again
@@ -69,9 +68,8 @@ Use this skill for release and publish-time workflow. Load `$release-private` if
  or clawgrit reports. Report regressions explicitly. A major regression is a
  release blocker unless the operator waives it or the data clearly proves
  infrastructure noise.
- Generate the changelog before version/tag preparation so the top changelog
-  section is deduped and ordered by user impact. Use
-  `$openclaw-changelog-update` for the rewrite.
+- Use `/changelog` before version/tag preparation so the top changelog section
+  is deduped and ordered by user impact.
 - Do not create beta-specific `CHANGELOG.md` headings. Beta releases use the
  stable base version section, for example `v2026.4.20-beta.1` uses
  `## 2026.4.20` release notes.
@@ -138,25 +136,11 @@ Use this skill for release and publish-time workflow. Load `$release-private` if

 ## Build changelog-backed release notes

- `CHANGELOG.md` is release-owned. Normal PRs and direct `main` fixes should
-  not edit it.
 - Before release branching or tagging, rewrite the target `CHANGELOG.md`
-  section from history, not existing notes. Use the last reachable stable or
-  beta release tag as the base, then inspect every commit through the target
-  release SHA.
- Include both merged PR commits and direct commits on `main`. Direct commits
-  matter: infer notes from their subject, body, touched files, linked issues,
-  tests, and nearby code when no PR body exists.
- Prefer PR bodies, issue links, review proof, and commit bodies over commit
-  subjects alone. If a commit fixed an issue directly, the commit body should
-  name the user-visible behavior, affected surface, issue ref, and credited
-  reporter/contributor when known.
- Treat missing context as a release-note audit gap: inspect the diff and linked
-  issue, draft the best accurate entry, and note the uncertainty for maintainer
-  review rather than inventing impact.
- Add missed user-facing changes, remove internal-only noise, dedupe overlapping
-  PR/direct-commit entries, and sort each section from most to least interesting
-  for users.
+  section from commit history, not just from existing notes: scan commits since
+  the last reachable release tag, add missed user-facing changes, dedupe
+  overlapping entries, and sort each section from most to least interesting for
+  users.
 - Changelog entries should be user-facing, not internal release-process notes.
 - GitHub release and prerelease bodies must use the full matching
  `CHANGELOG.md` version section, not highlights or an excerpt. When creating
@@ -437,7 +421,7 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
  - Hard rule: never run `op` directly in the main agent shell during release
    work. Any 1Password CLI use must happen inside that tmux session so prompts
    and alerts are contained and observable.
-  - Use `$release-private` for the npm credentials and OTP item.
+  - Use the 1Password item `op://Private/Npmjs` for npm credentials and OTP.
    Do not print passwords, tokens, or OTPs to the transcript; send them through
    tmux buffers, env vars scoped to the tmux command, or `expect` with
    `log_user 0`.
--- a/.agents/skills/release-openclaw-nightly/SKILL.md
+++ b/.agents/skills/release-openclaw-nightly/SKILL.md
@@ -5,7 +5,7 @@ description: "OpenClaw Tideclaw alpha/nightly release automation: isolated branc

 # Nightly Release

-Use for Tideclaw/OpenClaw alpha/nightly release automation, manual alpha triggers, beta prep, release-branch repair, and post-release forward-port. Load `$release-private` if it exists before using Tideclaw host paths, cron ids, or Discord routing ids.
+Use for Tideclaw/OpenClaw alpha/nightly release automation, manual alpha triggers, beta prep, release-branch repair, and post-release forward-port.

 ## Policy

@@ -36,7 +36,7 @@ This is good for auditability if commits are clearly machine-authored and gated
 - Branch prefix: `tideclaw/alpha/`
 - Branch name: `tideclaw/alpha/YYYY-MM-DD-HHMMZ`
 - Base: current `origin/main` SHA at trigger time.
- State file: resolve from `$release-private` on the Tideclaw host.
+- State file: `/root/tideclaw-workspace/.tideclaw-alpha-state.json`
 - Release tag: `vYYYY.M.D-alpha.N`
 - npm dist-tag: `alpha`

@@ -44,7 +44,7 @@ Do not reuse old alpha branches for a new run. If rerunning the same base SHA, c

 ## Start

-1. Work in the Tideclaw host checkout from `$release-private`.
+1. Work in `/root/tideclaw-workspace/openclaw`.
 2. Fetch first:

 ```bash
@@ -66,8 +66,7 @@ git switch -c "$BRANCH" "$BASE_SHA"
 Manual trigger:

 ```bash
-CRON_ID="<from release-private>"
-OPENCLAW_ALLOW_ROOT=1 openclaw cron run "$CRON_ID" --expect-final --timeout 21600000
+OPENCLAW_ALLOW_ROOT=1 openclaw cron run 8cfc76f6-d1b4-4608-85ec-1a659e76c0cd --expect-final --timeout 21600000
 ```

 ## Discord Alpha Trigger
@@ -89,7 +88,7 @@ Rules:
 3. Follow the normal alpha workflow: reuse prior fixes, run local checks, fix on the alpha branch, run release CI, publish alpha after green gates, then forward-port reusable fixes via fixes-only PR.
 4. If another alpha/beta/stable release run is already active, report the active branch/run and stop.
 5. `#maintainers` trigger requires an explicit Tideclaw mention; do not react to unmentioned release chatter there.
-6. Resolve Discord role/user ids and live host hotfix notes from `$release-private`.
+6. Discord currently resolves `@Tideclaw` in `#maintainers` to managed role `<@&1505299068748824609>`. The live host hotfix treats that role mention as addressing bot user `1505297171623186432`; if the hotfix is absent, the message is dropped before this skill runs and must be resent after fixing preflight.

 ## Discord Beta Trigger

@@ -120,7 +119,7 @@ Rules:

 Before running checks, mine recent Tideclaw alpha branches for fixes already made during previous release attempts:

-1. Read the Tideclaw state file from `$release-private` for the last successful alpha branch and fix commit SHAs.
+1. Read `/root/tideclaw-workspace/.tideclaw-alpha-state.json` for the last successful alpha branch and fix commit SHAs.
 2. List recent remote branches:

 ```bash
@@ -225,7 +224,7 @@ Release is not done until all are true:
 - Release body links npm version page, registry tarball, integrity, and CI/proof.
 - `npm view openclaw@<version>` shows the exact version, dist-tag `alpha`, tarball, integrity, and publish time.
 - Installed/package smoke follows repo release docs.
- The Tideclaw state file from `$release-private` records version, tag, base SHA, branch, fix commit SHAs, workflow run IDs, npm integrity, and timestamp.
+- `/root/tideclaw-workspace/.tideclaw-alpha-state.json` records version, tag, base SHA, branch, fix commit SHAs, workflow run IDs, npm integrity, and timestamp.

 Final Discord summary in `#releases`:

--- a/.github/actions/docker-e2e-plan/action.yml
+++ b/.github/actions/docker-e2e-plan/action.yml
@@ -123,14 +123,14 @@ runs:
      shell: bash
      run: |
        set -euo pipefail
-        bash scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"
+        docker pull "${OPENCLAW_DOCKER_E2E_BARE_IMAGE}"

    - name: Pull shared functional Docker E2E image
      if: inputs.hydrate-artifacts == 'true' && steps.plan.outputs.needs_functional_image == '1'
      shell: bash
      run: |
        set -euo pipefail
-        bash scripts/ci-docker-pull-retry.sh "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"
+        docker pull "${OPENCLAW_DOCKER_E2E_FUNCTIONAL_IMAGE}"

    - name: Validate Docker E2E credentials
      if: inputs.hydrate-artifacts == 'true'
--- a/.github/actions/setup-node-env/action.yml
+++ b/.github/actions/setup-node-env/action.yml
@@ -26,23 +26,11 @@ inputs:
 runs:
  using: composite
  steps:
-    - name: Normalize container toolcache
-      shell: bash
-      run: |
-        set -euo pipefail
-        if [[ -d /__t && ! -e /opt/hostedtoolcache ]]; then
-          mkdir -p /opt
-          ln -s /__t /opt/hostedtoolcache
-        fi
-
    - name: Setup Node.js
-      shell: bash
-      env:
-        REQUESTED_NODE_VERSION: ${{ inputs.node-version }}
-      run: |
-        set -euo pipefail
-        source "$GITHUB_ACTION_PATH/../setup-pnpm-store-cache/ensure-node.sh"
-        openclaw_ensure_node "$REQUESTED_NODE_VERSION"
+      uses: actions/setup-node@v6
+      with:
+        node-version: ${{ inputs.node-version }}
+        check-latest: false

    - name: Setup pnpm
      uses: ./.github/actions/setup-pnpm-store-cache
@@ -52,10 +40,9 @@ runs:

    - name: Setup Bun
      if: inputs.install-bun == 'true'
-      shell: bash
-      run: |
-        set -euo pipefail
-        npm install -g bun@1.3.14
+      uses: oven-sh/setup-bun@v2.2.0
+      with:
+        bun-version: "1.3.13"

    - name: Runtime versions
      shell: bash
--- a/.github/actions/setup-pnpm-store-cache/action.yml
+++ b/.github/actions/setup-pnpm-store-cache/action.yml
@@ -14,7 +14,7 @@ inputs:
    required: false
    default: ""
  use-actions-cache:
-    description: Whether actions/cache should cache the pnpm store.
+    description: Whether pnpm/action-setup should cache the pnpm store.
    required: false
    default: "true"
 outputs:
@@ -47,48 +47,12 @@ runs:
        openclaw_ensure_node "$requested_node"

    - name: Setup pnpm from packageManager
-      shell: bash
-      env:
-        COREPACK_ENABLE_DOWNLOAD_PROMPT: "0"
-        PACKAGE_MANAGER_FILE: ${{ inputs.package-manager-file }}
-      run: |
-        set -euo pipefail
-        package_manager="$(node -e "const fs = require('node:fs'); const path = require('node:path'); const pkg = JSON.parse(fs.readFileSync(path.resolve(process.argv[1]), 'utf8')); process.stdout.write(pkg.packageManager || '')" "$PACKAGE_MANAGER_FILE")"
-        case "$package_manager" in
-          pnpm@*) ;;
-          *)
-            echo "::error::Expected packageManager to pin pnpm, got '${package_manager:-<empty>}'"
-            exit 1
-            ;;
-        esac
-        corepack enable
-        for attempt in 1 2 3; do
-          if corepack prepare "$package_manager" --activate; then
-            exit 0
-          fi
-          sleep $((attempt * 5))
-        done
-        corepack prepare "$package_manager" --activate
-
-    - name: Resolve pnpm store path
-      id: pnpm-store
-      if: ${{ inputs.use-actions-cache == 'true' && runner.os != 'Windows' }}
-      shell: bash
-      run: |
-        set -euo pipefail
-        store_path="$(pnpm store path --silent)"
-        node -e "require('node:fs').mkdirSync(process.argv[1], { recursive: true })" "$store_path"
-        echo "path=$store_path" >> "$GITHUB_OUTPUT"
-
-    - name: Restore pnpm store cache
-      if: ${{ inputs.use-actions-cache == 'true' && runner.os != 'Windows' }}
-      uses: actions/cache@v5
+      uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093
      with:
-        path: ${{ steps.pnpm-store.outputs.path }}
-        key: pnpm-store-${{ runner.os }}-${{ inputs.node-version }}-${{ hashFiles(inputs.lockfile-path) }}
-        restore-keys: |
-          pnpm-store-${{ runner.os }}-${{ inputs.node-version }}-
-          pnpm-store-${{ runner.os }}-
+        package_json_file: ${{ inputs.package-manager-file }}
+        run_install: false
+        cache: ${{ inputs.use-actions-cache }}
+        cache_dependency_path: ${{ inputs.lockfile-path }}

    - name: Record pnpm version
      id: pnpm-version
--- a/.github/actions/setup-pnpm-store-cache/ensure-node.sh
+++ b/.github/actions/setup-pnpm-store-cache/ensure-node.sh
@@ -8,10 +8,7 @@ openclaw_node_version_matches() {
  fi
  case "$requested" in
    *x)
-      [[ "${actual%%.*}" == "${requested%%.*}" ]] || return 1
-      if [[ "${requested%%.*}" == "22" ]]; then
-        openclaw_node_version_at_least "$actual" "22.19.0"
-      fi
+      [[ "${actual%%.*}" == "${requested%%.*}" ]]
      ;;
    *.*.*)
      [[ "$actual" == "$requested" ]]
@@ -25,45 +22,15 @@ openclaw_node_version_matches() {
  esac
 }

-openclaw_node_version_at_least() {
-  local actual="$1"
-  local minimum="$2"
-  local actual_major actual_minor actual_patch minimum_major minimum_minor minimum_patch
-  IFS=. read -r actual_major actual_minor actual_patch <<< "$actual"
-  IFS=. read -r minimum_major minimum_minor minimum_patch <<< "$minimum"
-  actual_minor="${actual_minor:-0}"
-  actual_patch="${actual_patch:-0}"
-  minimum_minor="${minimum_minor:-0}"
-  minimum_patch="${minimum_patch:-0}"
-
-  if (( actual_major != minimum_major )); then
-    (( actual_major > minimum_major ))
-    return
-  fi
-  if (( actual_minor != minimum_minor )); then
-    (( actual_minor > minimum_minor ))
-    return
-  fi
-  (( actual_patch >= minimum_patch ))
-}
-
 openclaw_active_node_version() {
  node -p 'process.versions.node' 2>/dev/null || true
 }

 openclaw_prepend_node_bin() {
  local node_bin_dir="$1"
-  local shell_node_bin_dir="$node_bin_dir"
-  if command -v cygpath >/dev/null 2>&1; then
-    shell_node_bin_dir="$(cygpath -u "$node_bin_dir" 2>/dev/null || printf '%s' "$node_bin_dir")"
-  fi
-  export PATH="$shell_node_bin_dir:$PATH"
+  export PATH="$node_bin_dir:$PATH"
  if [[ -n "${GITHUB_PATH:-}" ]]; then
-    local github_node_bin_dir="$shell_node_bin_dir"
-    if command -v cygpath >/dev/null 2>&1; then
-      github_node_bin_dir="$(cygpath -w "$shell_node_bin_dir" 2>/dev/null || printf '%s' "$shell_node_bin_dir")"
-    fi
-    echo "$github_node_bin_dir" >> "$GITHUB_PATH"
+    echo "$node_bin_dir" >> "$GITHUB_PATH"
  fi
  hash -r
 }
@@ -76,15 +43,11 @@ openclaw_find_toolcache_node() {
    "${RUNNER_TOOL_CACHE:-}" \
    "${AGENT_TOOLSDIRECTORY:-}" \
    "${ACTIONS_RUNNER_TOOL_CACHE:-}" \
-    "${OPENCLAW_CONTAINER_TOOL_CACHE:-/__t}" \
    "/opt/hostedtoolcache" \
    "/home/runner/_work/_tool" \
    "/Users/runner/hostedtoolcache" \
    "/c/hostedtoolcache/windows"
  do
-    if [[ ! -d "$root" && "$root" == *\\* ]] && command -v cygpath >/dev/null 2>&1; then
-      root="$(cygpath -u "$root" 2>/dev/null || printf '%s' "$root")"
-    fi
    if [[ -d "$root/node" ]]; then
      roots+=("$root/node")
    elif [[ "$(basename "$root")" == "node" && -d "$root" ]]; then
@@ -105,75 +68,6 @@ openclaw_find_toolcache_node() {
  return 1
 }

-openclaw_resolve_node_download_version() {
-  local requested_node="$1"
-  if [[ "$requested_node" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-    [[ "$requested_node" == v* ]] && printf '%s\n' "$requested_node" || printf 'v%s\n' "$requested_node"
-    return 0
-  fi
-
-  local prefix="${requested_node#v}"
-  prefix="${prefix%%[xX]*}"
-  prefix="v${prefix}"
-  [[ "$prefix" == *. ]] || prefix="${prefix}."
-  curl -fsSL https://nodejs.org/dist/index.json |
-    OPENCLAW_NODE_PREFIX="$prefix" python3 -c 'import json, os, sys
-prefix = os.environ["OPENCLAW_NODE_PREFIX"]
-for item in json.load(sys.stdin):
-    version = item.get("version", "")
-    if version.startswith(prefix):
-        print(version)
-        break
-'
-}
-
-openclaw_node_download_platform() {
-  local os_name arch_name
-  os_name="$(uname -s)"
-  arch_name="$(uname -m)"
-  case "$os_name:$arch_name" in
-    Linux:x86_64) printf 'linux-x64\n' ;;
-    Linux:aarch64 | Linux:arm64) printf 'linux-arm64\n' ;;
-    Darwin:x86_64) printf 'darwin-x64\n' ;;
-    Darwin:arm64) printf 'darwin-arm64\n' ;;
-    MINGW*:x86_64 | MSYS*:x86_64 | CYGWIN*:x86_64 | MINGW*:AMD64 | MSYS*:AMD64 | CYGWIN*:AMD64)
-      printf 'win-x64\n'
-      ;;
-    *)
-      return 1
-      ;;
-  esac
-}
-
-openclaw_download_node() {
-  local requested_node="$1"
-  local version platform archive_url install_root
-  version="$(openclaw_resolve_node_download_version "$requested_node")"
-  platform="$(openclaw_node_download_platform)" || return 1
-  install_root="${RUNNER_TEMP:-/tmp}/openclaw-node-${version}-${platform}"
-  mkdir -p "$install_root"
-  if [[ "$platform" == win-* ]]; then
-    local archive_path
-    archive_url="https://nodejs.org/dist/${version}/node-${version}-${platform}.zip"
-    archive_path="${RUNNER_TEMP:-/tmp}/node-${version}-${platform}.zip"
-    echo "Downloading Node ${version} from ${archive_url}"
-    curl -fsSL "$archive_url" -o "$archive_path"
-    if command -v powershell.exe >/dev/null 2>&1 && command -v cygpath >/dev/null 2>&1; then
-      powershell.exe -NoLogo -NoProfile -Command \
-        "Expand-Archive -LiteralPath '$(cygpath -w "$archive_path")' -DestinationPath '$(cygpath -w "$install_root")' -Force"
-    else
-      unzip -q "$archive_path" -d "$install_root"
-    fi
-    openclaw_prepend_node_bin "$install_root/node-${version}-${platform}"
-    return 0
-  fi
-
-  archive_url="https://nodejs.org/dist/${version}/node-${version}-${platform}.tar.xz"
-  echo "Downloading Node ${version} from ${archive_url}"
-  curl -fsSL "$archive_url" | tar -xJ -C "$install_root" --strip-components=1
-  openclaw_prepend_node_bin "$install_root/bin"
-}
-
 openclaw_ensure_node() {
  local requested_node="${1:-}"
  requested_node="${requested_node#v}"
@@ -192,8 +86,6 @@ openclaw_ensure_node() {
  if [[ -n "$node_bin" ]]; then
    echo "Using Node $("$node_bin" -p 'process.versions.node') from $node_bin"
    openclaw_prepend_node_bin "$(dirname "$node_bin")"
-  else
-    openclaw_download_node "$requested_node" || true
  fi

  active_node_version="$(openclaw_active_node_version)"
--- a/.github/codex/prompts/docs-agent.md
+++ b/.github/codex/prompts/docs-agent.md
@@ -12,7 +12,7 @@ Hard limits:
 - Do not change production code, tests, package metadata, generated baselines, lockfiles, or CI config.
 - Keep changes minimal and factual.
 - Use "plugin/plugins" in user-facing docs/UI/changelog; `extensions/` is only the internal workspace layout.
- Do not add `CHANGELOG.md` entries during normal docs work. Capture user-facing release-note context in the PR body or commit message instead.
+- Do not add a changelog entry unless the docs update describes a user-facing behavior/API change from the triggering commit.

 Allowed paths:

--- a/.github/workflows/ci-build-artifacts-testbox.yml
+++ b/.github/workflows/ci-build-artifacts-testbox.yml
@@ -61,7 +61,7 @@ jobs:
            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              -c "http.extraheader=AUTHORIZATION: basic ${auth_header}" \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
--- a/.github/workflows/ci-check-testbox.yml
+++ b/.github/workflows/ci-check-testbox.yml
@@ -59,7 +59,7 @@ jobs:
            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              -c "http.extraheader=AUTHORIZATION: basic ${auth_header}" \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
@@ -132,5 +132,6 @@ jobs:
      - name: Run Testbox
        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
        if: success()
+        continue-on-error: true
        env:
          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -76,16 +76,13 @@ jobs:
      android_matrix: ${{ steps.manifest.outputs.android_matrix }}
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_REF: ${{ inputs.target_ref || github.sha }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_REF}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.target_ref || github.sha }}
+          fetch-depth: 1
+          fetch-tags: false
+          persist-credentials: true
+          submodules: false

      - name: Resolve checkout SHA
        id: checkout_ref
@@ -202,7 +199,6 @@ jobs:
          if (runNodeFull) {
            checksFastCoreTasks.push(
              { check_name: "checks-fast-bundled-protocol", runtime: "node", task: "bundled-protocol" },
-              { check_name: "checks-fast-bun-launcher", runtime: "bun", task: "bun-launcher" },
            );
          } else {
            if (runNodeFastCiRouting) {
@@ -303,16 +299,13 @@ jobs:
      PRE_COMMIT_HOME: .cache/pre-commit-security-fast
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_REF: ${{ inputs.target_ref || github.sha }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_REF}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.target_ref || github.sha }}
+          fetch-depth: 1
+          fetch-tags: false
+          persist-credentials: true
+          submodules: false

      - name: Ensure security base commit
        if: github.event_name != 'workflow_dispatch'
@@ -342,20 +335,22 @@ jobs:
          fi
          echo "PRE_COMMIT_CONFIG_PATH=$trusted_config" >> "$GITHUB_ENV"

-      - name: Resolve Python runtime
+      - name: Setup Python
        id: setup-python
-        run: |
-          set -euo pipefail
-          python3 --version
-          version="$(python3 - <<'PY'
-          import platform
-          print(platform.python_version())
-          PY
-          )"
-          echo "python-version=${version}" >> "$GITHUB_OUTPUT"
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Restore pre-commit cache
+        uses: actions/cache@v5
+        with:
+          path: .cache/pre-commit-security-fast
+          key: pre-commit-security-fast-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            pre-commit-security-fast-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-

      - name: Install pre-commit
-        run: python3 -m pip install --disable-pip-version-check pre-commit==4.2.0
+        run: python -m pip install --disable-pip-version-check pre-commit==4.2.0

      - name: Detect committed private keys
        run: pre-commit run --config "${PRE_COMMIT_CONFIG_PATH:-.pre-commit-config.yaml}" --all-files detect-private-key
@@ -388,12 +383,10 @@ jobs:
          pre-commit run --config "${PRE_COMMIT_CONFIG_PATH:-.pre-commit-config.yaml}" zizmor --files "${workflow_files[@]}"

      - name: Setup Node.js
-        env:
-          REQUESTED_NODE_VERSION: "24.x"
-        run: |
-          set -euo pipefail
-          source .github/actions/setup-pnpm-store-cache/ensure-node.sh
-          openclaw_ensure_node "$REQUESTED_NODE_VERSION"
+        uses: actions/setup-node@v6
+        with:
+          node-version: "24.x"
+          check-latest: false

      - name: Audit production dependencies
        run: node scripts/pre-commit/pnpm-audit-prod.mjs --audit-level=high
@@ -418,6 +411,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -433,10 +427,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -519,24 +513,7 @@ jobs:
        run: pnpm test:build:singleton

      - name: Check CLI startup memory
-        shell: bash
-        run: |
-          set +e
-          pnpm test:startup:memory
-          status=$?
-          if [[ -f .artifacts/startup-memory/summary.md ]]; then
-            cat .artifacts/startup-memory/summary.md >> "$GITHUB_STEP_SUMMARY"
-          fi
-          exit "$status"
-
-      - name: Upload startup memory report
-        if: always()
-        uses: actions/upload-artifact@v7
-        with:
-          name: startup-memory
-          path: .artifacts/startup-memory/
-          if-no-files-found: ignore
-          retention-days: 7
+        run: pnpm test:startup:memory

      - name: Run built artifact checks
        id: built_artifact_checks
@@ -642,6 +619,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -657,10 +635,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -684,7 +662,7 @@ jobs:
      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
        with:
-          install-bun: ${{ matrix.task == 'bun-launcher' && 'true' || 'false' }}
+          install-bun: "false"

      - name: Run ${{ matrix.task }} (${{ matrix.runtime }})
        env:
@@ -705,9 +683,6 @@ jobs:
            ci-routing)
              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/test-projects.test.ts
              ;;
-            bun-launcher)
-              OPENCLAW_TEST_BUN_LAUNCHER=1 pnpm test test/openclaw-launcher.e2e.test.ts
-              ;;
            *)
              echo "Unsupported checks-fast task: $TASK" >&2
              exit 1
@@ -731,6 +706,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -746,10 +722,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -811,6 +787,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -826,10 +803,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -888,6 +865,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -903,10 +881,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -963,6 +941,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -978,10 +957,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -1085,6 +1064,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -1100,10 +1080,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -1215,6 +1195,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -1230,10 +1211,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -1364,6 +1345,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -1379,10 +1361,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
@@ -1409,13 +1391,12 @@ jobs:
          install-bun: "false"

      - name: Checkout ClawHub docs source
-        run: |
-          set -euo pipefail
-          git init clawhub-source
-          git -C clawhub-source config gc.auto 0
-          git -C clawhub-source remote add origin "https://github.com/openclaw/clawhub.git"
-          git -C clawhub-source fetch --no-tags --depth=1 origin "+HEAD:refs/remotes/origin/checkout"
-          git -C clawhub-source checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6
+        with:
+          repository: openclaw/clawhub
+          path: clawhub-source
+          fetch-depth: 1
+          persist-credentials: true

      - name: Check docs
        env:
@@ -1431,16 +1412,11 @@ jobs:
    timeout-minutes: 20
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_SHA}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          persist-credentials: true
+          submodules: false

      - name: Setup Python
        uses: actions/setup-python@v6
@@ -1479,16 +1455,11 @@ jobs:
      matrix: ${{ fromJson(needs.preflight.outputs.checks_windows_matrix) }}
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_SHA}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          persist-credentials: true
+          submodules: false

      - name: Try to exclude workspace from Windows Defender (best-effort)
        shell: pwsh
@@ -1510,17 +1481,15 @@ jobs:
          }

      - name: Setup Node.js
-        env:
-          REQUESTED_NODE_VERSION: "22.x"
-        run: |
-          set -euo pipefail
-          source .github/actions/setup-pnpm-store-cache/ensure-node.sh
-          openclaw_ensure_node "$REQUESTED_NODE_VERSION"
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24.x
+          check-latest: false

      - name: Setup pnpm
        uses: ./.github/actions/setup-pnpm-store-cache
        with:
-          node-version: 22.x
+          node-version: 24.x

      - name: Runtime versions
        run: |
@@ -1579,16 +1548,11 @@ jobs:
      matrix: ${{ fromJson(needs.preflight.outputs.macos_node_matrix) }}
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_SHA}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          persist-credentials: true
+          submodules: false

      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
@@ -1625,16 +1589,11 @@ jobs:
    timeout-minutes: 20
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_SHA}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          persist-credentials: true
+          submodules: false

      - name: Install XcodeGen / SwiftLint / SwiftFormat
        run: brew install xcodegen swiftlint swiftformat
@@ -1734,6 +1693,7 @@ jobs:
        env:
          CHECKOUT_REPO: ${{ github.repository }}
          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -1749,10 +1709,10 @@ jobs:
            reset_checkout_dir
            git init "$workdir" >/dev/null
            git config --global --add safe.directory "$workdir"
-            git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
+            git -C "$workdir" remote add origin "https://x-access-token:${CHECKOUT_TOKEN}@github.com/${CHECKOUT_REPO}.git"
            git -C "$workdir" config gc.auto 0

-            timeout --signal=TERM --kill-after=10s 30s git -C "$workdir" \
+            timeout --signal=TERM 30s git -C "$workdir" \
              -c protocol.version=2 \
              fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \
              "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1
--- a/.github/workflows/crabbox-hydrate.yml
+++ b/.github/workflows/crabbox-hydrate.yml
@@ -72,24 +72,7 @@ jobs:
            echo "PNPM_HOME=$PNPM_HOME"
          } >> "$GITHUB_ENV"

-          package_manager="$(node -e "const fs = require('node:fs'); const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8')); process.stdout.write(pkg.packageManager || '')")"
-          case "$package_manager" in
-            pnpm@*) ;;
-            *)
-              echo "::error::Expected packageManager to pin pnpm, got '${package_manager:-<empty>}'"
-              exit 1
-              ;;
-          esac
          corepack enable --install-directory "$PNPM_HOME"
-          for attempt in 1 2 3; do
-            if corepack prepare "$package_manager" --activate; then
-              break
-            fi
-            if [ "$attempt" = 3 ]; then
-              corepack prepare "$package_manager" --activate
-            fi
-            sleep $((attempt * 5))
-          done
          node_bin="$(dirname "$(node -p 'process.execPath')")"
          echo "NODE_BIN=$node_bin" >> "$GITHUB_ENV"
          echo "$node_bin" >> "$GITHUB_PATH"
@@ -158,13 +141,7 @@ jobs:

          if ! command -v docker >/dev/null 2>&1; then
            echo "docker not found; installing fallback engine"
-            curl --fail --show-error --location \
-              --connect-timeout "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_CONNECT_TIMEOUT_SECONDS:-15}" \
-              --max-time "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_TIMEOUT_SECONDS:-300}" \
-              --retry "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRIES:-3}" \
-              --retry-delay "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRY_DELAY_SECONDS:-5}" \
-              --retry-all-errors \
-              https://get.docker.com | sudo sh
+            curl -fsSL https://get.docker.com | sudo sh
          fi

          if command -v systemctl >/dev/null 2>&1; then
@@ -189,12 +166,7 @@ jobs:
            esac
            buildx_version="${DOCKER_BUILDX_VERSION:-v0.15.1}"
            mkdir -p "$HOME/.docker/cli-plugins"
-            curl --fail --show-error --location \
-              --connect-timeout "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_CONNECT_TIMEOUT_SECONDS:-15}" \
-              --max-time "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_TIMEOUT_SECONDS:-300}" \
-              --retry "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRIES:-3}" \
-              --retry-delay "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRY_DELAY_SECONDS:-5}" \
-              --retry-all-errors \
+            curl -fsSL \
              "https://github.com/docker/buildx/releases/download/${buildx_version}/buildx-${buildx_version}.linux-${buildx_arch}" \
              -o "$HOME/.docker/cli-plugins/docker-buildx"
            chmod 0755 "$HOME/.docker/cli-plugins/docker-buildx"
@@ -335,13 +307,7 @@ jobs:

          if ! command -v docker >/dev/null 2>&1; then
            echo "docker not found; installing fallback engine"
-            curl --fail --show-error --location \
-              --connect-timeout "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_CONNECT_TIMEOUT_SECONDS:-15}" \
-              --max-time "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_TIMEOUT_SECONDS:-300}" \
-              --retry "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRIES:-3}" \
-              --retry-delay "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRY_DELAY_SECONDS:-5}" \
-              --retry-all-errors \
-              https://get.docker.com | sudo sh
+            curl -fsSL https://get.docker.com | sudo sh
          fi

          if command -v systemctl >/dev/null 2>&1; then
@@ -366,12 +332,7 @@ jobs:
            esac
            buildx_version="${DOCKER_BUILDX_VERSION:-v0.15.1}"
            mkdir -p "$HOME/.docker/cli-plugins"
-            curl --fail --show-error --location \
-              --connect-timeout "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_CONNECT_TIMEOUT_SECONDS:-15}" \
-              --max-time "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_TIMEOUT_SECONDS:-300}" \
-              --retry "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRIES:-3}" \
-              --retry-delay "${OPENCLAW_CRABBOX_HYDRATE_DOWNLOAD_RETRY_DELAY_SECONDS:-5}" \
-              --retry-all-errors \
+            curl -fsSL \
              "https://github.com/docker/buildx/releases/download/${buildx_version}/buildx-${buildx_version}.linux-${buildx_arch}" \
              -o "$HOME/.docker/cli-plugins/docker-buildx"
            chmod 0755 "$HOME/.docker/cli-plugins/docker-buildx"
--- a/.github/workflows/full-release-validation.yml
+++ b/.github/workflows/full-release-validation.yml
@@ -245,7 +245,7 @@ jobs:
          DOCKER_BUILDKIT: "1"
        run: |
          set -euo pipefail
-          timeout --kill-after=30s 35m docker build \
+          timeout --foreground --kill-after=30s 35m docker build \
            --target runtime-assets \
            --build-arg OPENCLAW_EXTENSIONS="diagnostics-otel,codex" \
            .
@@ -287,7 +287,7 @@ jobs:
                  printf '%s\n' "$output"
                  return 0
                fi
-                if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* || "$output" == *"Sorry. Your account was suspended"* ]]; then
+                if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* ]]; then
                  echo "::warning::gh $* failed on attempt ${attempt}: ${output}" >&2
                  sleep $((attempt * 10))
                  continue
@@ -417,7 +417,7 @@ jobs:
                  printf '%s\n' "$output"
                  return 0
                fi
-                if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* || "$output" == *"Sorry. Your account was suspended"* ]]; then
+                if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* ]]; then
                  echo "::warning::gh $* failed on attempt ${attempt}: ${output}" >&2
                  sleep $((attempt * 10))
                  continue
@@ -557,7 +557,7 @@ jobs:
                  printf '%s\n' "$output"
                  return 0
                fi
-                if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* || "$output" == *"Sorry. Your account was suspended"* ]]; then
+                if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* ]]; then
                  echo "::warning::gh $* failed on attempt ${attempt}: ${output}" >&2
                  sleep $((attempt * 10))
                  continue
@@ -859,7 +859,7 @@ jobs:
                printf '%s\n' "$output"
                return 0
              fi
-              if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* || "$output" == *"Sorry. Your account was suspended"* ]]; then
+              if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* ]]; then
                echo "::warning::gh $* failed on attempt ${attempt}: ${output}" >&2
                sleep $((attempt * 10))
                continue
@@ -975,7 +975,7 @@ jobs:
                printf '%s\n' "$output"
                return 0
              fi
-              if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* || "$output" == *"Sorry. Your account was suspended"* ]]; then
+              if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* ]]; then
                echo "::warning::gh $* failed on attempt ${attempt}: ${output}" >&2
                sleep $((attempt * 10))
                continue
@@ -1089,29 +1089,6 @@ jobs:
        run: |
          set -euo pipefail

-          gh_with_retry() {
-            local output status attempt
-            for attempt in 1 2 3 4 5 6; do
-              set +e
-              output="$(gh "$@" 2>&1)"
-              status=$?
-              set -e
-              if [[ "$status" -eq 0 ]]; then
-                printf '%s\n' "$output"
-                return 0
-              fi
-              if [[ "$output" == *"Bad credentials"* || "$output" == *"HTTP 401"* || "$output" == *"secondary rate limit"* || "$output" == *"API rate limit"* || "$output" == *"Sorry. Your account was suspended"* ]]; then
-                echo "::warning::gh $* failed on attempt ${attempt}: ${output}" >&2
-                sleep $((attempt * 10))
-                continue
-              fi
-              printf '%s\n' "$output" >&2
-              return "$status"
-            done
-            printf '%s\n' "$output" >&2
-            return "$status"
-          }
-
          release_check_blocking_job() {
            case "$1" in
              "resolve_target" | \
@@ -1168,7 +1145,7 @@ jobs:
            fi

            local run_json status conclusion url attempt head_sha
-            run_json="$(gh_with_retry run view "$run_id" --json status,conclusion,url,attempt,headSha,jobs)"
+            run_json="$(gh run view "$run_id" --json status,conclusion,url,attempt,headSha,jobs)"
            status="$(jq -r '.status' <<< "$run_json")"
            conclusion="$(jq -r '.conclusion' <<< "$run_json")"
            url="$(jq -r '.url' <<< "$run_json")"
@@ -1215,7 +1192,7 @@ jobs:
              fi

              local run_json row
-              run_json="$(gh_with_retry run view "$run_id" --json status,conclusion,url,createdAt,updatedAt,headSha)"
+              run_json="$(gh run view "$run_id" --json status,conclusion,url,createdAt,updatedAt,headSha)"
              row="$(
                jq -r --arg label "$label" '
                  def ts: fromdateiso8601;
@@ -1251,7 +1228,7 @@ jobs:
              echo
              echo "### Slowest jobs: ${label}"
              echo
-              gh_with_retry run view "$run_id" --json jobs --jq '
+              gh run view "$run_id" --json jobs --jq '
                def ts: fromdateiso8601;
                "| Job | Result | Minutes |",
                "| --- | --- | ---: |",
@@ -1268,7 +1245,7 @@ jobs:
              echo
              echo "### Longest queues: ${label}"
              echo
-              gh_with_retry api --paginate "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/jobs?per_page=100" --jq ".jobs[] | @json" | jq -sr '
+              gh api --paginate "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/jobs?per_page=100" --jq ".jobs[] | @json" | jq -sr '
                def ts: fromdateiso8601;
                "| Job | Result | Queue minutes | Run minutes |",
                "| --- | --- | ---: | ---: |",
@@ -1297,7 +1274,7 @@ jobs:
            fi

            local run_json status conclusion artifacts_json
-            run_json="$(gh_with_retry run view "$run_id" --json status,conclusion,url,jobs)"
+            run_json="$(gh run view "$run_id" --json status,conclusion,url,jobs)"
            status="$(jq -r '.status' <<< "$run_json")"
            conclusion="$(jq -r '.conclusion' <<< "$run_json")"
            if [[ "$status" == "completed" && "$conclusion" == "success" ]]; then
@@ -1320,7 +1297,7 @@ jobs:
              echo
              echo "Artifacts:"
              artifacts_json="$(
-                gh_with_retry api "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/artifacts?per_page=100" 2>/dev/null || true
+                gh api "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/artifacts?per_page=100" 2>/dev/null || true
              )"
              if [[ -n "${artifacts_json// }" ]]; then
                jq -r '
@@ -1494,7 +1471,6 @@ jobs:
          PLUGIN_PRERELEASE_RUN_ID: ${{ needs.plugin_prerelease.outputs.run_id }}
          RELEASE_CHECKS_RUN_ID: ${{ needs.release_checks.outputs.run_id }}
          NPM_TELEGRAM_RUN_ID: ${{ needs.npm_telegram.outputs.run_id }}
-          PERFORMANCE_RUN_ID: ${{ needs.performance.outputs.run_id }}
        run: |
          set -euo pipefail
          manifest_dir="${RUNNER_TEMP}/full-release-validation"
--- a/.github/workflows/install-smoke.yml
+++ b/.github/workflows/install-smoke.yml
@@ -121,7 +121,7 @@ jobs:
      # builder stalls; an explicit buildx invocation fails closed instead.
      - name: Build root Dockerfile smoke image
        run: |
-          timeout --kill-after=30s 45m docker buildx build \
+          timeout 45m docker buildx build \
            --progress=plain \
            --load \
            --build-arg OPENCLAW_EXTENSIONS=matrix \
@@ -132,7 +132,7 @@ jobs:

      - name: Run root Dockerfile CLI smoke
        run: |
-          timeout --kill-after=30s 20m docker run --rm --entrypoint sh openclaw-dockerfile-smoke:local -lc '
+          docker run --rm --entrypoint sh openclaw-dockerfile-smoke:local -lc '
            which openclaw &&
            openclaw --version &&
            node -e "
@@ -163,7 +163,7 @@ jobs:

      - name: Smoke test Dockerfile with matrix extension build arg
        run: |
-          timeout --kill-after=30s 20m docker run --rm --entrypoint sh openclaw-ext-smoke:local -lc '
+          docker run --rm --entrypoint sh openclaw-ext-smoke:local -lc '
            which openclaw &&
            openclaw --version &&
            node -e "
@@ -235,7 +235,7 @@ jobs:
          IMAGE_REF: ${{ needs.preflight.outputs.dockerfile_image }}
        run: |
          set -euo pipefail
-          if timeout --kill-after=30s 180s docker pull "$IMAGE_REF"; then
+          if timeout 180s docker pull "$IMAGE_REF"; then
            echo "exists=true" >> "$GITHUB_OUTPUT"
            echo "Using existing root Dockerfile smoke image: \`$IMAGE_REF\`" >> "$GITHUB_STEP_SUMMARY"
          else
@@ -256,7 +256,7 @@ jobs:
        env:
          IMAGE_REF: ${{ needs.preflight.outputs.dockerfile_image }}
        run: |
-          timeout --kill-after=30s 45m docker buildx build \
+          timeout 45m docker buildx build \
            --progress=plain \
            --push \
            --build-arg OPENCLAW_EXTENSIONS=matrix \
@@ -320,13 +320,13 @@ jobs:
      - name: Pull root Dockerfile smoke image
        env:
          IMAGE_REF: ${{ needs.root_dockerfile_image.outputs.image_ref }}
-        run: timeout --kill-after=30s 600s docker pull "$IMAGE_REF"
+        run: timeout 600s docker pull "$IMAGE_REF"

      - name: Run root Dockerfile CLI smoke
        env:
          IMAGE_REF: ${{ needs.root_dockerfile_image.outputs.image_ref }}
        run: |
-          timeout --kill-after=30s 20m docker run --rm --entrypoint sh "$IMAGE_REF" -lc '
+          docker run --rm --entrypoint sh "$IMAGE_REF" -lc '
            which openclaw &&
            openclaw --version &&
            node -e "
@@ -359,7 +359,7 @@ jobs:
        env:
          IMAGE_REF: ${{ needs.root_dockerfile_image.outputs.image_ref }}
        run: |
-          timeout --kill-after=30s 20m docker run --rm --entrypoint sh "$IMAGE_REF" -lc '
+          docker run --rm --entrypoint sh "$IMAGE_REF" -lc '
            which openclaw &&
            openclaw --version &&
            node -e "
@@ -426,7 +426,7 @@ jobs:
      - name: Pull root Dockerfile smoke image
        env:
          IMAGE_REF: ${{ needs.root_dockerfile_image.outputs.image_ref }}
-        run: timeout --kill-after=30s 600s docker pull "$IMAGE_REF"
+        run: timeout 600s docker pull "$IMAGE_REF"

      - name: Set up Blacksmith Docker Builder
        uses: useblacksmith/setup-docker-builder@722e97d12b1d06a961800dd6c05d79d951ad3c80 # v1
@@ -435,7 +435,7 @@ jobs:

      - name: Build installer smoke image
        run: |
-          timeout --kill-after=30s 20m docker buildx build \
+          timeout 20m docker buildx build \
            --progress=plain \
            --load \
            -t openclaw-install-smoke:local \
@@ -444,7 +444,7 @@ jobs:

      - name: Build installer non-root image
        run: |
-          timeout --kill-after=30s 20m docker buildx build \
+          timeout 20m docker buildx build \
            --progress=plain \
            --load \
            -t openclaw-install-nonroot:local \
@@ -475,22 +475,13 @@ jobs:

      - name: Run Rocky Linux installer smoke
        run: |
-          timeout --kill-after=30s 20m docker run --rm \
+          timeout 20m docker run --rm \
            -e OPENCLAW_NO_ONBOARD=1 \
            -e OPENCLAW_NO_PROMPT=1 \
            -v "$PWD/scripts/install.sh:/tmp/install.sh:ro" \
            rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6 \
            bash -lc 'dnf install -y -q ca-certificates tar gzip xz findutils which sudo >/dev/null && bash /tmp/install.sh --install-method npm --version latest --no-onboard --no-prompt --verify && openclaw --version'

-      - name: Run Rocky Linux CLI installer smoke
-        run: |
-          timeout --kill-after=30s 20m docker run --rm \
-            -e OPENCLAW_NO_ONBOARD=1 \
-            -e OPENCLAW_NO_PROMPT=1 \
-            -v "$PWD/scripts/install-cli.sh:/tmp/install-cli.sh:ro" \
-            rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6 \
-            bash -lc 'dnf install -y -q ca-certificates tar gzip xz findutils which sudo >/dev/null && bash /tmp/install-cli.sh --prefix /tmp/openclaw-cli --version latest --no-onboard && /tmp/openclaw-cli/bin/openclaw --version'
-
  bun_global_install_smoke:
    needs: [preflight, root_dockerfile_image]
    if: needs.preflight.outputs.run_full_install_smoke == 'true' && needs.preflight.outputs.run_bun_global_install_smoke == 'true'
@@ -512,7 +503,7 @@ jobs:
      - name: Pull root Dockerfile smoke image
        env:
          IMAGE_REF: ${{ needs.root_dockerfile_image.outputs.image_ref }}
-        run: timeout --kill-after=30s 600s docker pull "$IMAGE_REF"
+        run: timeout 600s docker pull "$IMAGE_REF"

      - name: Setup Node environment for Bun smoke
        uses: ./.github/actions/setup-node-env
--- a/.github/workflows/mantis-telegram-desktop-proof.yml
+++ b/.github/workflows/mantis-telegram-desktop-proof.yml
@@ -48,7 +48,6 @@ env:
  OPENCLAW_BUILD_PRIVATE_QA: "1"
  OPENCLAW_ENABLE_PRIVATE_QA_CLI: "1"
  CRABBOX_REF: main
-  CRABBOX_CAPACITY_REGIONS: eu-west-1,eu-west-2,eu-central-1,us-east-1,us-west-2
  MANTIS_OUTPUT_DIR: .artifacts/qa-e2e/mantis/telegram-desktop-proof

 jobs:
@@ -423,7 +422,7 @@ jobs:
          {
            printf '%s\n' 'Defaults env_keep += "CODEX_HOME CODEX_INTERNAL_ORIGINATOR_OVERRIDE"'
            printf '%s\n' 'Defaults env_keep += "BASELINE_REF BASELINE_SHA CANDIDATE_REF CANDIDATE_SHA"'
-            printf '%s\n' 'Defaults env_keep += "CRABBOX_ACCESS_CLIENT_ID CRABBOX_ACCESS_CLIENT_SECRET CRABBOX_COORDINATOR CRABBOX_COORDINATOR_TOKEN CRABBOX_LEASE_ID CRABBOX_PROVIDER CRABBOX_CAPACITY_REGIONS"'
+            printf '%s\n' 'Defaults env_keep += "CRABBOX_ACCESS_CLIENT_ID CRABBOX_ACCESS_CLIENT_SECRET CRABBOX_COORDINATOR CRABBOX_COORDINATOR_TOKEN CRABBOX_LEASE_ID CRABBOX_PROVIDER"'
            printf '%s\n' 'Defaults env_keep += "GH_TOKEN MANTIS_CANDIDATE_TRUST MANTIS_INSTRUCTIONS MANTIS_OUTPUT_DIR MANTIS_PR_NUMBER"'
            printf '%s\n' 'Defaults env_keep += "OPENCLAW_BUILD_PRIVATE_QA OPENCLAW_ENABLE_PRIVATE_QA_CLI OPENCLAW_QA_CONVEX_SECRET_CI OPENCLAW_QA_CONVEX_SITE_URL OPENCLAW_QA_CREDENTIAL_OWNER_ID OPENCLAW_QA_MANTIS_CRABBOX_COORDINATOR OPENCLAW_QA_MANTIS_CRABBOX_COORDINATOR_TOKEN"'
            printf '%s\n' 'Defaults env_keep += "OPENCLAW_TELEGRAM_USER_CRABBOX_BIN OPENCLAW_TELEGRAM_USER_CRABBOX_PROVIDER OPENCLAW_TELEGRAM_USER_DRIVER_SCRIPT OPENCLAW_TELEGRAM_USER_PROOF_CMD"'
@@ -452,7 +451,6 @@ jobs:
          CRABBOX_ACCESS_CLIENT_SECRET: ${{ secrets.CRABBOX_ACCESS_CLIENT_SECRET }}
          CRABBOX_COORDINATOR: ${{ secrets.CRABBOX_COORDINATOR || secrets.OPENCLAW_QA_MANTIS_CRABBOX_COORDINATOR }}
          CRABBOX_COORDINATOR_TOKEN: ${{ secrets.CRABBOX_COORDINATOR_TOKEN || secrets.OPENCLAW_QA_MANTIS_CRABBOX_COORDINATOR_TOKEN }}
-          CRABBOX_CAPACITY_REGIONS: ${{ env.CRABBOX_CAPACITY_REGIONS }}
          CRABBOX_LEASE_ID: ${{ needs.resolve_request.outputs.lease_id }}
          CRABBOX_PROVIDER: ${{ needs.resolve_request.outputs.crabbox_provider }}
          GH_TOKEN: ${{ github.token }}
@@ -494,11 +492,8 @@ jobs:
            exit 0
          fi
          status=0
-          mapfile -d '' session_files < <(sudo find .artifacts/qa-e2e -name session.json -type f -print0)
+          mapfile -d '' session_files < <(sudo find .artifacts/qa-e2e -path '*/telegram-user-crabbox/*/session.json' -type f -print0)
          for session_file in "${session_files[@]}"; do
-            if ! sudo -u codex node -e 'const fs = require("fs"); const session = JSON.parse(fs.readFileSync(process.argv[1], "utf8")); process.exit(session.command === "telegram-user-crabbox-session" ? 0 : 1);' "$session_file"; then
-              continue
-            fi
            lease_file="${session_file%/session.json}/.session/lease.json"
            if [[ ! -f "$lease_file" ]]; then
              continue
@@ -513,11 +508,8 @@ jobs:
              status=1
            fi
          done
-          mapfile -d '' lease_files < <(sudo find .artifacts/qa-e2e -path '*/.session/lease.json' -type f -print0)
+          mapfile -d '' lease_files < <(sudo find .artifacts/qa-e2e -path '*/telegram-user-crabbox/*/.session/lease.json' -type f -print0)
          for lease_file in "${lease_files[@]}"; do
-            if ! sudo -u codex node -e 'const fs = require("fs"); const lease = JSON.parse(fs.readFileSync(process.argv[1], "utf8")); process.exit(lease.kind === "telegram-user" ? 0 : 1);' "$lease_file"; then
-              continue
-            fi
            if ! sudo -u codex env \
              OPENCLAW_QA_CONVEX_SECRET_CI="$OPENCLAW_QA_CONVEX_SECRET_CI" \
              OPENCLAW_QA_CONVEX_SITE_URL="$OPENCLAW_QA_CONVEX_SITE_URL" \
--- a/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
+++ b/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
@@ -553,15 +553,6 @@ jobs:
          use-actions-cache: "false"

      - name: Download candidate artifact
-        id: download_candidate
-        continue-on-error: true
-        uses: actions/download-artifact@v8
-        with:
-          name: openclaw-cross-os-release-checks-candidate-${{ github.run_id }}
-          path: ${{ runner.temp }}/openclaw-cross-os-release-checks/candidate
-
-      - name: Retry candidate artifact download
-        if: ${{ steps.download_candidate.outcome == 'failure' }}
        uses: actions/download-artifact@v8
        with:
          name: openclaw-cross-os-release-checks-candidate-${{ github.run_id }}
@@ -569,38 +560,11 @@ jobs:

      - name: Download baseline artifact
        if: ${{ matrix.suite == 'packaged-upgrade' }}
-        id: download_baseline
-        continue-on-error: true
        uses: actions/download-artifact@v8
        with:
          name: openclaw-cross-os-release-checks-baseline-${{ github.run_id }}
          path: ${{ runner.temp }}/openclaw-cross-os-release-checks/baseline

-      - name: Retry baseline artifact download
-        if: ${{ matrix.suite == 'packaged-upgrade' && steps.download_baseline.outcome == 'failure' }}
-        uses: actions/download-artifact@v8
-        with:
-          name: openclaw-cross-os-release-checks-baseline-${{ github.run_id }}
-          path: ${{ runner.temp }}/openclaw-cross-os-release-checks/baseline
-
-      - name: Verify release-check inputs
-        shell: bash
-        env:
-          CANDIDATE_TGZ: ${{ runner.temp }}/openclaw-cross-os-release-checks/candidate/${{ needs.prepare.outputs.candidate_file_name }}
-          BASELINE_TGZ: ${{ runner.temp }}/openclaw-cross-os-release-checks/baseline/${{ needs.prepare.outputs.baseline_file_name }}
-          OUTPUT_DIR: ${{ runner.temp }}/openclaw-cross-os-release-checks/${{ matrix.artifact_name }}-${{ matrix.suite }}
-          SUITE: ${{ matrix.suite }}
-        run: |
-          mkdir -p "${OUTPUT_DIR}"
-          if [[ ! -f "${CANDIDATE_TGZ}" ]]; then
-            echo "::error::candidate artifact missing: ${CANDIDATE_TGZ}"
-            exit 1
-          fi
-          if [[ "${SUITE}" == "packaged-upgrade" ]] && [[ ! -f "${BASELINE_TGZ}" ]]; then
-            echo "::error::baseline artifact missing: ${BASELINE_TGZ}"
-            exit 1
-          fi
-
      - name: Run cross-OS release checks
        shell: bash
        env:
@@ -651,8 +615,7 @@ jobs:
          if [[ -f "${SUMMARY_PATH}" ]]; then
            cat "${SUMMARY_PATH}" >> "$GITHUB_STEP_SUMMARY"
          else
-            mkdir -p "$(dirname "${SUMMARY_PATH}")"
-            echo "No summary generated." | tee "${SUMMARY_PATH}" >> "$GITHUB_STEP_SUMMARY"
+            echo "No summary generated." >> "$GITHUB_STEP_SUMMARY"
          fi

      - name: Upload release-check artifacts
--- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
+++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
@@ -102,11 +102,6 @@ on:
          - beta
          - stable
          - full
-      use_github_hosted_runners:
-        description: Use GitHub-hosted runners instead of Blacksmith runners
-        required: false
-        default: false
-        type: boolean
      advisory:
        description: Treat failures as advisory for the caller
        required: false
@@ -213,11 +208,6 @@ on:
        required: false
        default: stable
        type: string
-      use_github_hosted_runners:
-        description: Use GitHub-hosted runners instead of Blacksmith runners
-        required: false
-        default: true
-        type: boolean
    secrets:
      OPENAI_API_KEY:
        required: false
@@ -484,7 +474,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'live-cache')
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
    timeout-minutes: 20
    env:
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
@@ -534,7 +524,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.include_repo_e2e && inputs.live_suite_filter == ''
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
    timeout-minutes: ${{ inputs.release_test_profile == 'full' && 90 || 60 }}
    env:
      OPENCLAW_VITEST_MAX_WORKERS: "2"
@@ -566,7 +556,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.include_repo_e2e && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'openshell-e2e')
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
    timeout-minutes: ${{ matrix.timeout_minutes }}
    strategy:
      fail-fast: false
@@ -640,7 +630,7 @@ jobs:
    if: inputs.include_release_path_suites && inputs.docker_lanes == ''
    name: Docker E2E (${{ matrix.label }})
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: ${{ matrix.timeout_minutes }}
    strategy:
      fail-fast: false
@@ -931,7 +921,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.docker_lanes != ''
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-4vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-4vcpu-ubuntu-2404' }}
    timeout-minutes: 5
    outputs:
      groups_json: ${{ steps.groups.outputs.groups_json }}
@@ -960,7 +950,7 @@ jobs:
    if: inputs.docker_lanes != ''
    name: Docker E2E targeted lanes (${{ matrix.group.label }})
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: 60
    strategy:
      fail-fast: false
@@ -1192,7 +1182,7 @@ jobs:
    if: inputs.include_openwebui && !inputs.include_release_path_suites && inputs.docker_lanes == ''
    name: Docker E2E (openwebui)
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: 60
    env:
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
@@ -1318,7 +1308,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.include_release_path_suites || inputs.include_openwebui || inputs.docker_lanes != ''
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: ${{ inputs.release_test_profile == 'full' && 90 || 60 }}
    permissions:
      actions: read
@@ -1561,7 +1551,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.include_live_suites && (inputs.live_suite_filter == '' || startsWith(inputs.live_suite_filter, 'live-') || startsWith(inputs.live_suite_filter, 'docker-live-models'))
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: 60
    permissions:
      contents: read
@@ -1634,7 +1624,7 @@ jobs:
    needs: [validate_selected_ref, prepare_live_test_image]
    if: inputs.include_live_suites && inputs.live_model_providers == '' && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'docker-live-models')
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: 45
    strategy:
      fail-fast: false
@@ -1785,7 +1775,7 @@ jobs:
    needs: [validate_selected_ref, prepare_live_test_image]
    if: inputs.include_live_suites && inputs.live_model_providers != '' && (inputs.live_suite_filter == '' || inputs.live_suite_filter == 'docker-live-models')
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: 45
    env:
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
@@ -1959,7 +1949,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || (startsWith(inputs.live_suite_filter, 'native-live-') && !startsWith(inputs.live_suite_filter, 'native-live-extensions-media') && inputs.live_suite_filter != 'native-live-extensions-a-k'))
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
    timeout-minutes: ${{ matrix.timeout_minutes }}
    strategy:
      fail-fast: false
@@ -2261,7 +2251,6 @@ jobs:
        env:
          OPENCLAW_LIVE_COMMAND: ${{ matrix.command }}
          OPENCLAW_LIVE_SUITE_ADVISORY: ${{ matrix.advisory }}
-        shell: bash
        run: |
          set +e
          bash .release-harness/scripts/ci-live-command-retry.sh
@@ -2281,7 +2270,7 @@ jobs:
    needs: [validate_selected_ref, prepare_live_test_image]
    if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || startsWith(inputs.live_suite_filter, 'live-'))
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-32vcpu-ubuntu-2404' }}
    timeout-minutes: ${{ matrix.timeout_minutes }}
    strategy:
      fail-fast: false
@@ -2289,13 +2278,13 @@ jobs:
        include:
          - suite_id: live-gateway-docker
            label: Docker live gateway OpenAI
-            command: OPENCLAW_LIVE_GATEWAY_THINKING=low OPENCLAW_LIVE_GATEWAY_PROVIDERS=openai OPENCLAW_LIVE_GATEWAY_MODELS=openai/gpt-5.5 OPENCLAW_LIVE_GATEWAY_MAX_MODELS=1 OPENCLAW_LIVE_GATEWAY_STEP_TIMEOUT_MS=90000 OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS=600000 OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" timeout --foreground --kill-after=30s 35m bash .release-harness/scripts/test-live-gateway-models-docker.sh
+            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=openai OPENCLAW_LIVE_GATEWAY_MODELS=openai/gpt-5.5 OPENCLAW_LIVE_GATEWAY_MAX_MODELS=1 OPENCLAW_LIVE_GATEWAY_STEP_TIMEOUT_MS=90000 OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS=300000 OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" timeout --foreground --kill-after=30s 35m bash .release-harness/scripts/test-live-gateway-models-docker.sh
            timeout_minutes: 40
            profile_env_only: false
            profiles: beta minimum stable full
          - suite_id: live-gateway-anthropic-docker
            label: Docker live gateway Anthropic
-            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=anthropic OPENCLAW_LIVE_GATEWAY_MODELS=anthropic/claude-sonnet-4-6 OPENCLAW_LIVE_GATEWAY_MAX_MODELS=1 OPENCLAW_LIVE_GATEWAY_STEP_TIMEOUT_MS=90000 OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS=180000 OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" timeout --foreground --kill-after=30s 35m bash .release-harness/scripts/test-live-gateway-models-docker.sh
+            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=anthropic OPENCLAW_LIVE_GATEWAY_MAX_MODELS=2 OPENCLAW_LIVE_GATEWAY_STEP_TIMEOUT_MS=90000 OPENCLAW_LIVE_GATEWAY_MODEL_TIMEOUT_MS=180000 OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" timeout --foreground --kill-after=30s 35m bash .release-harness/scripts/test-live-gateway-models-docker.sh
            timeout_minutes: 40
            profile_env_only: false
            profiles: stable full
@@ -2480,7 +2469,6 @@ jobs:
        env:
          OPENCLAW_LIVE_COMMAND: ${{ matrix.command }}
          OPENCLAW_LIVE_SUITE_ADVISORY: ${{ matrix.advisory }}
-        shell: bash
        run: |
          set +e
          bash .release-harness/scripts/ci-live-command-retry.sh
@@ -2500,7 +2488,7 @@ jobs:
    needs: validate_selected_ref
    if: inputs.include_live_suites && !inputs.live_models_only && (inputs.live_suite_filter == '' || startsWith(inputs.live_suite_filter, 'native-live-extensions-media') || inputs.live_suite_filter == 'native-live-extensions-a-k')
    continue-on-error: ${{ inputs.advisory }}
-    runs-on: ${{ inputs.use_github_hosted_runners && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
+    runs-on: ${{ github.event_name == 'workflow_call' && 'ubuntu-24.04' || 'blacksmith-8vcpu-ubuntu-2404' }}
    container:
      image: ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04
      credentials:
@@ -2668,7 +2656,6 @@ jobs:
        if: contains(matrix.profiles, inputs.release_test_profile) && (inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id || (inputs.live_suite_filter == 'native-live-extensions-media-video' && startsWith(matrix.suite_id, 'native-live-extensions-media-video-')))
        env:
          OPENCLAW_LIVE_SUITE_ADVISORY: ${{ matrix.advisory }}
-        shell: bash
        run: |
          set +e
          ${{ matrix.command }}
--- a/.github/workflows/openclaw-performance.yml
+++ b/.github/workflows/openclaw-performance.yml
@@ -307,36 +307,7 @@ jobs:
            exit 1
          fi
          report_md="${report_json%.json}.md"
-          effective_status="$status"
-          if [[ "$FAIL_ON_REGRESSION" == "true" && "$status" != "0" ]]; then
-            if REPORT_JSON="$report_json" node <<'NODE'
-          const fs = require("node:fs");
-          const report = JSON.parse(fs.readFileSync(process.env.REPORT_JSON, "utf8"));
-          const statuses = report.summary?.statuses ?? {};
-          const nonPassStatuses = Object.entries(statuses)
-            .filter(([status, count]) => status !== "PASS" && Number(count) > 0);
-          const baselineRegressionCount =
-            Number(report.baseline?.comparison?.regressionCount ?? report.gate?.baseline?.regressionCount ?? 0);
-          const gate = report.gate;
-          const toleratedPartial =
-            gate?.verdict === "PARTIAL" &&
-            Number(gate.blockingCount ?? 0) === 0 &&
-            baselineRegressionCount === 0 &&
-            nonPassStatuses.length === 0;
-          if (!toleratedPartial) {
-            process.exit(1);
-          }
-          NODE
-            then
-              effective_status=0
-              {
-                echo "Kova returned a partial release-gate verdict for filtered performance coverage, but all selected scenarios passed and no baseline regression was reported."
-                echo
-              } >> "$GITHUB_STEP_SUMMARY"
-            fi
-          fi
          echo "status=$status" >> "$GITHUB_OUTPUT"
-          echo "effective_status=$effective_status" >> "$GITHUB_OUTPUT"
          echo "report_json=$report_json" >> "$GITHUB_OUTPUT"
          echo "report_md=$report_md" >> "$GITHUB_OUTPUT"

@@ -373,43 +344,8 @@ jobs:
          EOF
          cat "$summary_path" >> "$GITHUB_STEP_SUMMARY"

-          if [[ "$FAIL_ON_REGRESSION" == "true" && "$effective_status" != "0" ]]; then
-            exit "$effective_status"
-          fi
-
-      - name: Fetch previous source performance baseline
-        if: ${{ steps.lane.outputs.run == 'true' && matrix.lane == 'mock-provider' && steps.clawgrit.outputs.present == 'true' }}
-        env:
-          CLAWGRIT_REPORTS_TOKEN: ${{ secrets.CLAWGRIT_REPORTS_TOKEN }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          reports_root=".artifacts/clawgrit-baseline"
-          mkdir -p "$reports_root"
-          git -C "$reports_root" init -b main
-          git -C "$reports_root" remote add origin "https://x-access-token:${CLAWGRIT_REPORTS_TOKEN}@github.com/openclaw/clawgrit-reports.git"
-          if ! git -C "$reports_root" fetch --depth=1 origin main; then
-            echo "No previous source performance baseline could be fetched." >> "$GITHUB_STEP_SUMMARY"
-            exit 0
-          fi
-          git -C "$reports_root" checkout -B main FETCH_HEAD
-          ref_slug="$(printf '%s' "${TESTED_REF}" | tr -c 'A-Za-z0-9._-' '-')"
-          pointer="${reports_root}/openclaw-performance/${ref_slug}/latest-mock-provider.json"
-          if [[ ! -f "$pointer" ]]; then
-            echo "No previous source performance baseline exists for ${TESTED_REF}." >> "$GITHUB_STEP_SUMMARY"
-            exit 0
-          fi
-          if ! latest_path="$(node -e "const fs=require('node:fs'); const data=JSON.parse(fs.readFileSync(process.argv[1],'utf8')); const value=String(data.path || ''); if (!/^openclaw-performance\\/[A-Za-z0-9._-]+\\/[0-9]+-[0-9]+\\/mock-provider$/u.test(value)) process.exit(1); process.stdout.write(value);" "$pointer")"; then
-            echo "Previous source performance baseline pointer is invalid." >> "$GITHUB_STEP_SUMMARY"
-            exit 0
-          fi
-          baseline_source="${reports_root}/${latest_path}/source"
-          if [[ -d "$baseline_source" ]]; then
-            baseline_source="$(realpath "$baseline_source")"
-            echo "SOURCE_PERF_BASELINE_DIR=$baseline_source" >> "$GITHUB_ENV"
-            echo "Using source performance baseline: ${latest_path}/source" >> "$GITHUB_STEP_SUMMARY"
-          else
-            echo "Previous source performance baseline has no source directory." >> "$GITHUB_STEP_SUMMARY"
+          if [[ "$FAIL_ON_REGRESSION" == "true" && "$status" != "0" ]]; then
+            exit "$status"
          fi

      - name: Run OpenClaw source performance probes
@@ -423,7 +359,7 @@ jobs:
          fi

          mkdir -p "$SOURCE_PERF_DIR/mock-hello"
-          if ! node -e "const fs=require('node:fs'); const scripts=require('./package.json').scripts||{}; process.exit(scripts['test:gateway:cpu-scenarios'] && scripts['test:extensions:memory'] && scripts.openclaw && fs.existsSync('scripts/bench-cli-startup.ts') && fs.existsSync('scripts/profile-extension-memory.mjs') ? 0 : 1)"; then
+          if ! node -e "const fs=require('node:fs'); const scripts=require('./package.json').scripts||{}; process.exit(scripts['test:gateway:cpu-scenarios'] && scripts.openclaw && fs.existsSync('scripts/bench-cli-startup.ts') ? 0 : 1)"; then
            cat > "$SOURCE_PERF_DIR/index.md" <<EOF
          # OpenClaw Source Performance

@@ -435,7 +371,7 @@ jobs:

          - Tested ref: ${TESTED_REF}
          - Tested SHA: ${TESTED_SHA}
-          - Required scripts: test:gateway:cpu-scenarios, test:extensions:memory, openclaw, scripts/bench-cli-startup.ts, scripts/profile-extension-memory.mjs
+          - Required scripts: test:gateway:cpu-scenarios, openclaw, scripts/bench-cli-startup.ts
          EOF
            cat "$SOURCE_PERF_DIR/index.md" >> "$GITHUB_STEP_SUMMARY"
            exit 0
@@ -455,9 +391,6 @@ jobs:
            --startup-case fiftyPlugins \
            --startup-case fiftyStartupLazyPlugins

-          pnpm test:extensions:memory \
-            -- --json "$SOURCE_PERF_DIR/extension-memory.json"
-
          for run_index in $(seq 1 "$source_runs"); do
            run_dir="$SOURCE_PERF_DIR/mock-hello/run-$(printf '%03d' "$run_index")"
            pnpm openclaw qa suite \
@@ -527,13 +460,9 @@ jobs:
          cleanup_gateway
          trap - EXIT

-          summary_args=(node "$PERFORMANCE_HELPER_DIR/scripts/openclaw-performance-source-summary.mjs" \
+          node "$PERFORMANCE_HELPER_DIR/scripts/openclaw-performance-source-summary.mjs" \
            --source-dir "$SOURCE_PERF_DIR" \
-            --output "$SOURCE_PERF_DIR/index.md")
-          if [[ -n "${SOURCE_PERF_BASELINE_DIR:-}" && -d "$SOURCE_PERF_BASELINE_DIR" ]]; then
-            summary_args+=(--baseline-source-dir "$SOURCE_PERF_BASELINE_DIR")
-          fi
-          "${summary_args[@]}"
+            --output "$SOURCE_PERF_DIR/index.md"

          cat "$SOURCE_PERF_DIR/index.md" >> "$GITHUB_STEP_SUMMARY"

--- a/.github/workflows/opengrep-precise.yml
+++ b/.github/workflows/opengrep-precise.yml
@@ -44,7 +44,7 @@ jobs:
        uses: actions/checkout@v6
        with:
          ref: ${{ github.sha }}
-          fetch-depth: 0
+          fetch-depth: 1
          fetch-tags: false
          persist-credentials: false
          submodules: false
--- a/.github/workflows/plugin-prerelease.yml
+++ b/.github/workflows/plugin-prerelease.yml
@@ -344,7 +344,7 @@ jobs:
          OPENCLAW_EXTENSION_BATCH_PARALLEL: 2
          OPENCLAW_VITEST_MAX_WORKERS: 1
          OPENCLAW_EXTENSION_BATCH: ${{ matrix.extensions_csv }}
-        run: pnpm test:extensions:batch "$OPENCLAW_EXTENSION_BATCH" -- --exclude extensions/codex/src/app-server/run-attempt.test.ts
+        run: pnpm test:extensions:batch "$OPENCLAW_EXTENSION_BATCH"

  plugin-prerelease-inspector:
    permissions:
--- a/.github/workflows/sandbox-common-smoke.yml
+++ b/.github/workflows/sandbox-common-smoke.yml
@@ -42,7 +42,7 @@ jobs:
        run: |
          set -euo pipefail

-          timeout --kill-after=30s 5m docker build -t openclaw-sandbox-smoke-base:bookworm-slim - <<'EOF'
+          docker build -t openclaw-sandbox-smoke-base:bookworm-slim - <<'EOF'
          FROM debian:bookworm-slim
          RUN useradd --create-home --shell /bin/bash sandbox
          USER sandbox
@@ -63,5 +63,5 @@ jobs:
            FINAL_USER=sandbox \
            scripts/sandbox-common-setup.sh

-          u="$(timeout --kill-after=30s 2m docker run --rm openclaw-sandbox-common-smoke:bookworm-slim sh -lc 'id -un')"
+          u="$(docker run --rm openclaw-sandbox-common-smoke:bookworm-slim sh -lc 'id -un')"
          test "$u" = "sandbox"
--- a/.github/workflows/tui-pty.yml
+++ b/.github/workflows/tui-pty.yml
@@ -38,4 +38,4 @@ jobs:
          install-bun: "false"

      - name: Run TUI PTY tests
-        run: timeout --kill-after=30s 120s node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts
+        run: timeout 120s node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts
--- a/.github/workflows/website-installer-sync.yml
+++ b/.github/workflows/website-installer-sync.yml
@@ -75,14 +75,14 @@ jobs:

      - name: install.sh in Docker
        run: |
-          timeout --kill-after=30s 20m docker run --rm \
+          docker run --rm \
            -v "$PWD/scripts/install.sh:/tmp/install.sh:ro" \
            node:24-bookworm-slim \
            bash -lc 'bash /tmp/install.sh --version latest && openclaw --version'

      - name: install-cli.sh in Docker
        run: |
-          timeout --kill-after=30s 20m docker run --rm \
+          docker run --rm \
            -e OPENCLAW_NO_ONBOARD=1 \
            -e OPENCLAW_NO_PROMPT=1 \
            -v "$PWD/scripts/install-cli.sh:/tmp/install-cli.sh:ro" \
--- a/.github/workflows/workflow-sanity.yml
+++ b/.github/workflows/workflow-sanity.yml
@@ -26,16 +26,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ github.sha }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_SHA}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6

      - name: Fail on tabs in workflow files
        run: |
@@ -67,16 +58,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ github.sha }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_SHA}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6

      - name: Install actionlint
        shell: bash
@@ -108,16 +90,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
-        env:
-          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ github.sha }}
-        run: |
-          set -euo pipefail
-          git init "$GITHUB_WORKSPACE"
-          git -C "$GITHUB_WORKSPACE" config gc.auto 0
-          git -C "$GITHUB_WORKSPACE" remote add origin "https://github.com/${CHECKOUT_REPO}.git"
-          git -C "$GITHUB_WORKSPACE" fetch --no-tags --depth=1 origin "+${CHECKOUT_SHA}:refs/remotes/origin/checkout"
-          git -C "$GITHUB_WORKSPACE" checkout --detach refs/remotes/origin/checkout
+        uses: actions/checkout@v6

      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -27,7 +27,7 @@ Skills own workflows; root owns hard policy and routing.
 - For PRs that add, remove, or change config/default surfaces with possible compatibility, upgrade, provider/plugin, operator, setup, startup, or fallback impact, ClawSweeper review should emit a `reviewMetrics` entry when practical. The metric should name the count and direction of the changes, such as added, changed, or removed config/default surfaces, and explain why the metric matters before merge. When the metric indicates concrete merge risk, also surface the concern in `risks`, use `mergeRiskLabels` when the risk matches the label rubric, make `bestSolution` name the desired pre-merge state, and ensure `labelJustifications` explain the specific reason rather than restating the label.
 - Review whole decision surfaces, not only the touched runtime, provider, channel, harness, plugin seam, or context path. Check sibling Codex/Pi-style runtimes, provider/model routing, channel delivery, gateway/protocol, plugin SDK, and context-management paths when relevant.
 - One-sided fixes need sibling-surface proof, an explanation for why siblings are unaffected, or explicit follow-up work.
- Changelog findings: see Docs / Changelog.
+- User-facing `fix`, `feat`, and `perf` changes need `CHANGELOG.md` before landing; contributor PR authors are not blocked solely on maintainer-owned changelog work. Never request thanks for bot/forbidden handles: `@openclaw`, `@clawsweeper`, `@codex`, `@steipete`.
 - Public ClawSweeper comments prefer `https://docs.openclaw.ai/...` when a public docs page exists; structured evidence still cites repo files, lines, SHAs.
 - Findings need current source, shipped/current behavior, tests/CI evidence, and dependency contract proof when dependency-backed behavior is involved. Validation is judged against touched and sibling surfaces plus this file's commands; real behavior proof matters for user-visible changes, with Telegram/Desktop proof for Telegram-visible behavior when feasible.
 - Prefer findings for concrete behavior regressions, missing changed-surface proof, owner-boundary violations, security/API contract issues, or docs/config mismatches.
@@ -58,17 +58,9 @@ Skills own workflows; root owns hard policy and routing.
 - Externalizing a bundled plugin: update package excludes, official catalogs, docs, tests, and prove core runtime paths resolve installed plugin roots before root-dep removal.
 - Runtime reads canonical config only. No silent compat for old/malformed config keys. If a config change invalidates existing files, add a matching `openclaw doctor --fix` migration. Core/auth config repairs live in core doctor; plugin-owned config repairs live in that plugin's doctor contract (`legacyConfigRules` / `normalizeCompatibilityConfig`).
 - Fix shape: default to clean bounded refactor, not smallest patch. Move ownership to right boundary; delete stale abstractions, duplicate policy, dead branches, wrappers, fallback stacks.
- Fix observed local failures with generic product rules; do not hardcode names, ids, log phrases, or user examples in prod code unless they are an explicit contract.
- Tests may use observed examples, but prod literals need a short contract reason.
- Compatibility is opt-in. "Shipped" means reachable from a release Git tag; main/GitHub/PR/unreleased code is not shipped.
- Refactor default: one canonical path. Delete the old path unless user explicitly wants compat or the shipped public contract is obvious and cited.
- Keep old behavior only for an explicit public API/config/plugin SDK/data contract, tagged upgrade path, security/migration boundary, dependency contract, or observed prod state.
- If unsure, ask before preserving compat. Do not keep aliases, shims, fallback stacks, stale names, or obsolete tests just in case.
- Tests alone do not make internals contracts. If compat stays, name the contract and migration/removal plan in code, test, or PR.
 - Lean code is a goal. No internal shims, aliases, legacy names, broad fallbacks, or defensive branches just to reduce diff or handle unrealistic edge cases.
- Handle real production states, tagged upgrade paths, security boundaries, and dependency contracts. Public/hostile/observed malformed input gets care; hypothetical malformed input does not.
- Deprecate shipped public contracts only.
- Plugin SDK exception: shipped external API gets new API first plus named compat/deprecation, small tests/docs if useful, removal plan.
+- Handle real production states, shipped upgrade paths, security boundaries, and dependency contracts. Public/hostile/observed malformed input gets care; hypothetical malformed input does not.
+- Public plugin SDK/API is the compat exception. New API first, old path only via named compat/deprecation metadata, docs, warnings when useful, tests for old+new, planned removal.
 - Migrate internal/bundled callers to modern API in the same change. Do not let internal compat become permanent architecture.
 - Channels are implementation under `src/channels/**`; plugin authors get SDK seams. Providers own auth/catalog/runtime hooks; core owns generic loop.
 - Hot paths should carry prepared facts forward: provider id, model ref, channel id, target, capability family, attachment class. Do not rediscover with broad plugin/provider/channel/capability loaders.
@@ -76,8 +68,7 @@ Skills own workflows; root owns hard policy and routing.
 - Gateway/plugin metadata is process-stable: installs, manifests, catalogs, generated paths, bundled metadata. Changes require restart or explicit owner reload/install/doctor flow.
 - Runtime hot paths: no freshness polling (`stat`/`realpath`/JSON reread/hash). Reuse current snapshots, install records, discovery, lookup tables, root scopes, resolved paths.
 - Process-local metadata caches ok when lifecycle-owned and bounded/single-slot. Freshness exceptions need named owner + tests.
- Inline comments: preserve reviewer context at the code site. Use for cross-path/state invariants, platform/dependency caps, deterministic ordering, compact encoded state, lifecycle ordering, ownership boundaries, session/id adoption, queue-depth symmetry, fallbacks, or intentional caller differences.
- Comment shape: 1-3 short lines; state why the branch/helper exists, what contract it protects, and the bad outcome if removed. Cite nearby constants/helpers when useful. No syntax narration, PR/user-specific lore, or obvious mechanics.
+- Inline code comments: brief notes for tricky, bug-prone, or previously buggy logic.
 - Gateway protocol changes: additive first; incompatible needs versioning/docs/client follow-through.
 - Protocol version bumps: explicit owner confirmation only; never automatic/generated.
 - Config contract: exported types, schema/help, metadata, baselines, docs aligned. Retired public keys stay retired; compat in raw migration/doctor only.
@@ -89,6 +80,7 @@ Skills own workflows; root owns hard policy and routing.
 - Runtime: Node 22.19+; Node 24 recommended. Keep Node + Bun paths working.
 - Package manager/runtime: repo defaults only. No swaps without approval.
 - Install: `pnpm install` (keep Bun lock/patches aligned if touched).
+- Sharp/Homebrew libvips source-build fail: `SHARP_IGNORE_GLOBAL_LIBVIPS=1 pnpm install`.
 - CLI: `pnpm openclaw ...` or `pnpm dev`; build: `pnpm build`.
 - Tests in a normal source checkout: `pnpm test <path-or-filter> [vitest args...]`, `pnpm test:changed`, `pnpm test:serial`, `pnpm test:coverage`; never raw `vitest`.
 - Tests in a Codex worktree or linked/sparse checkout: avoid direct local `pnpm test*`; use `node scripts/run-vitest.mjs <path-or-filter>` for tiny explicit-file proof, or Crabbox/Testbox for anything broader.
@@ -125,6 +117,7 @@ Skills own workflows; root owns hard policy and routing.
 - Do not leave associated issues open for hypothetical future repros. Close with rationale; ask for a new issue or reopen only if concrete new evidence appears. Close comment states: decision, why, supported alternative, and what evidence would change the decision.
 - PR review answer: bug/behavior, URL(s), affected surface, provenance for regressions when traceable, best-fix judgment, evidence from code/tests/CI/current or shipped behavior.
 - Issue/PR final answer: last line is the full GitHub URL.
+- Changelog: PR landings/fixes need one unless pure test/internal. Do not mention missing changelog as a review finding; Codex handles it during fix/landing.
 - PR verification: before merge, post exact local commands, CI/Testbox run IDs, before/after proof when used, and known proof gaps.
 - Issue fixed on `main` with proof: comment proof + commit/PR, then close.
 - After landing or requested close/sweep: search duplicates; comment proof + canonical commit/PR/release before closing.
@@ -132,10 +125,8 @@ Skills own workflows; root owns hard policy and routing.
 - `ship` that fixes an issue: after push, comment proof + commit link, then close the issue.
 - GH comments with backticks, `$`, or shell snippets: use heredoc/body file, not inline double-quoted `--body`.
 - PR create: real body required. Include Summary + Verification; mention refs, behavior, and proof.
- PR create/refresh: keep PR branches takeover-ready. Use a branch maintainers can push to, or for fork PRs ensure `maintainer_can_modify` / GitHub's `Allow edits by maintainers` is enabled unless explicitly told otherwise or GitHub's Actions/secrets warning makes that unsafe.
- GitHub issue/PR create: read `$agent-transcript`; ask about sanitized transcript logs when available.
 - Real behavior proof section is parsed. Use exact `field: value` labels: `Behavior addressed`, `Real environment tested`, `Exact steps or command run after this patch`, `Evidence after fix`, `Observed result after fix`, `What was not tested`.
- PR artifacts/screenshots: attach to PR/comment/external artifact store. Never push screenshots, videos, proof images, or proof assets to OpenClaw or any product repo branch, including temp artifact branches. Use Crabbox artifact publishing plus the manifest URL. Do not commit `.github/pr-assets`.
+- PR artifacts/screenshots: attach to PR/comment/external artifact store. Do not commit `.github/pr-assets`.
 - CI polling: exact SHA, relevant checks only, minimal fields. Skip routine noise (`Auto response`, `Labeler`, docs agents, performance/stale). Logs only after failure/completion or concrete need.
 - Maintainers: may skip/ignore `Real behavior proof` when local tests or Crabbox verified behavior; record proof in PR verification.
 - `/landpr`: use `~/.codex/prompts/landpr.md`; do not idle on `auto-response` or `check-docs`.
@@ -146,7 +137,6 @@ Skills own workflows; root owns hard policy and routing.
 - No `@ts-nocheck`. Lint suppressions only intentional + explained.
 - External boundaries: prefer `zod` or existing schema helpers.
 - Runtime branching: discriminated unions/closed codes over freeform strings. Avoid semantic sentinels (`?? 0`, empty object/string).
- Cross-function state: when valid combos matter, return a closed mode/result shape. Avoid parallel nullable fields or derived booleans that callers must keep in sync; make impossible states unrepresentable.
 - Formatter-friendly shape: when oxfmt explodes an expression vertically, extract named booleans, payloads, or small helpers. Do not change width or use format-ignore for local compactness.
 - Calls should be boring: complex decisions happen above; call args/object fields are names, literals, or simple property reads.
 - Prefer early returns over nested condition pyramids. Split code into gather -> normalize -> decide -> act.
@@ -160,13 +150,10 @@ Skills own workflows; root owns hard policy and routing.
 - Inline simple one-use objects/spreads when clearer. Extract only when it removes duplication or hard logic.
 - Tests prove behavior/regressions, not every internal branch.
 - For non-trivial refactors, check `git diff --numstat` before closeout. If LOC grew, trim or explain why.
- Prefer existing narrow helpers over repeated casts/guards. Add local helpers when 2+ nearby call sites share real boundary logic.
- Prefer ctor parameter properties for injected deps/config. Do not ban them for erasable-syntax purity.
- Prefer `satisfies` for registries/config maps; derive types from schemas when a runtime schema already exists.
- Table-drive repetitive tests when it reduces code and keeps failure names clear.
 - Dynamic import: no static+dynamic import for same prod module. Use `*.runtime.ts` lazy boundary. After edits: `pnpm build`; check `[INEFFECTIVE_DYNAMIC_IMPORT]`.
 - Cycles: keep `pnpm check:import-cycles` + architecture/madge green.
 - Classes: no prototype mixins/mutations. Prefer inheritance/composition. Tests prefer per-instance stubs.
+- Comments: brief, only non-obvious logic.
 - Split files around ~700 LOC when clarity/testability improves.
 - Naming: **OpenClaw** product/docs; `openclaw` CLI/package/path/config.
 - English: American spelling.
@@ -188,9 +175,9 @@ Skills own workflows; root owns hard policy and routing.
 - Use `$technical-documentation` for docs writing/review. Docs change with behavior/API.
 - Codex harness upgrade (`extensions/codex/package.json` `@openai/codex`): refresh `docs/plugins/codex-harness.md` model snapshot from the new harness `model/list`.
 - Docs final answers: include relevant full `https://docs.openclaw.ai/...` URL(s). If issue/PR work too, GitHub URL last.
- `CHANGELOG.md`: release-owned. Do not edit for normal PRs, direct `main` fixes, or `ship it`; only explicit release/changelog generation may rewrite it. Do not ask contributors/agents for changelog edits.
- User-facing `fix`/`feat`/`perf`: put release-note context in PR body, squash message, or direct commit: behavior, surface, issue/PR refs, credited human author/reporter.
- Release generation: derive `CHANGELOG.md` from merged PRs + all direct `main` commits. Entries: active `### Changes`/`### Fixes`, single-line, thank credited humans; never thank bots/forbidden handles: `@openclaw`, `@clawsweeper`, `@codex`, `@steipete`.
+- Changelog entries: active version `### Changes`/`### Fixes`; single-line bullets only.
+- Contributor PR authors should not edit `CHANGELOG.md`; maintainer/AI adds entries during landing/merge.
+- Contributor-facing changelog entries thank credited human `@author`. Never thank bots, `@openclaw`, `@clawsweeper`, or `@steipete`; if unknown, omit thanks.

 ## Git

@@ -199,7 +186,7 @@ Skills own workflows; root owns hard policy and routing.
 - No manual stash/autostash unless explicit. No branch/worktree changes unless requested.
 - `main`: no merge commits; rebase on latest `origin/main` before push. After one green run plus clean rebase sanity, do not chase moving `main` with repeated full gates.
 - User says `commit`: your changes only. `commit all`: all changes in grouped chunks. `push`: may `git pull --rebase` first.
- User says `ship it`: commit intended changes, pull --rebase, push.
+- User says `ship it`: changelog if needed, commit intended changes, pull --rebase, push.
 - Do not delete/rename unexpected files; ask if blocking, else ignore.
 - Bulk PR close/reopen >5: ask with count/scope.

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,170 +2,40 @@

 Docs: https://docs.openclaw.ai

-## 2026.5.26
-
-### Highlights
-
- Faster Gateway and replies: startup avoids repeated plugin, channel, session, usage-cost, warning, scheduled-service, and filesystem scans; visible replies separate user-facing sends from slower follow-up work; Gateway runtime/session caches churn less under load.
- Transcripts are core: transcript-backed meeting summaries, source-provider chunks, cleaned user turns, media provenance, Codex mirrors, WebChat replies, and CLI/TUI replay now use one more reliable transcript path.
- More channels are production-ready: Telegram keeps typing/progress context and forum topics, iMessage handles attachment roots, remote media staging, and duplicate local Messages sources, WhatsApp restores group/media behavior, Discord improves voice playback and model picking, and Signal/iMessage/WhatsApp get reaction approvals.
- Better voice and Talk: realtime Talk runs can be inspected, steered, cancelled, or followed up from Web UI and Discord voice; wake-name handling is more tolerant without letting ambient speech trigger agents.
- Safer content boundaries: Browser snapshot reads honor SSRF policy, system-event text cannot spoof nested prompt markers, fetched file text is wrapped as external content, ClickClack inbound sender allowlists run before agent dispatch, stale device tokens are rejected, and serialized tool-call text is scrubbed from replies.
- Providers, Codex, and local models are steadier: named auth profiles, OpenAI sampling params, Codex app-server resume/timeout/usage-limit recovery, dynamic tool-schema guards, xAI usage-limit surfacing, Ollama top-p normalization, and local approval resolution reduce provider-specific dead ends.
- More reliable install/update/release paths: Alpine installs, trusted runtime fallback roots, stable update channels, Docker/package timeouts, Windows/macOS proof lanes, Testbox/Crabbox delegation, plugin publish checks, and macOS runner bootstraps all got hardened.
- Better observability: Activity tab, gateway secret-prep traces, tool/model stream progress, explicit fast-mode status, systemd Gateway hygiene, OpenTelemetry LLM spans, release performance evidence, and richer telemetry signals make failures easier to inspect.
+## Unreleased

 ### Changes

- Transcripts: add core transcript capture and source-provider support for transcript-backed meeting summaries, including the renamed Transcripts docs, CLI surface, source-provider chunks, and cleaned user-turn persistence.
- Auth: add named model login profiles and supported credential migration for Hermes, OpenCode, and Codex auth profiles, with explicit opt-out and non-interactive controls. (#85667) Thanks @fuller-stack-dev.
- Diagnostics: trace gateway secret preparation, classify skill/tool usage, surface model stream progress, add OpenTelemetry LLM content spans, and expose alertable telemetry for blocked tools, failover, stale sessions, liveness, oversized payloads, and webhook ingress. (#83019, #80370, #86191)
- Channels: add Signal reaction approvals, iMessage thumb approval reactions, and WhatsApp thumb approval reaction support so mobile approval flows work without textual `/approve` commands. (#85894, #85952, #85477)
- Agents/API: forward OpenAI sampling params through the Gateway and expose estimated context-budget status for active agent runs. (#84094)
- TUI/status: queue prompts submitted while an agent is busy and show explicit fast-mode state plus richer systemd Gateway hygiene in status output. (#86722, #87115, #86976)
- Exec approvals: hide durable approval actions that are unavailable for the current prompt and keep approval runtime tokens local-only so stale prompts cannot offer misleading controls. (#86270, #86359)
- Plugin SDK: add reaction approval helpers and keep diagnostic event root exports discoverable across function-name and alias-bound module graphs. (#86735, #87084)
- Android/iOS: add the Android pair-new-gateway action and improve mobile Talk mode surfaces, including iOS realtime Talk mode and Android offline voice/gateway recovery. (#86798, #86355) Thanks @ngutman.
- Performance: cache plugin metadata snapshots, package realpaths, stable gateway metadata, model cost indexes, channel resolution, usage-cost indexes, and session/auth hot-path facts so common Gateway and reply paths do less rediscovery. (#84649, #85843, #86517, #86678)
- Voice: expose shared realtime turn-context tracking through the realtime voice SDK and reuse it for Discord speaker attribution and wake-name context recovery.
- Voice: reuse shared realtime output activity tracking in Google Meet command and node audio bridges, including recent-output checks for local barge-in detection.
- Voice: expose shared realtime output activity tracking through the realtime voice SDK and reuse it for Discord playback activity and barge-in decisions.
- Voice: expose shared realtime consult question matching, speakable-result extraction, and alias-aware forced-consult coordination through the realtime voice SDK, then reuse it in Gateway Talk, Voice Call, and Discord voice paths.
- Voice: share activation-name matching and consult-transcript screening through the realtime voice SDK so Discord, browser voice, and meeting surfaces can reuse one implementation.
- Cron: default `cron.maxConcurrentRuns` to 8 so scheduled automations and their isolated agent turns can make progress in parallel without explicit configuration.
 - QA-Lab: add `qa coverage --match <query>` so focused proof selection can discover matching scenarios from existing metadata before running live or remote lanes.
- Discord/model picker: surface an alpha-bucket select (e.g. `A–G (12) · H–N (18) · O–Z (5)`) when the provider list or a provider's model list exceeds 25 items, so configs with `provider/*` wildcards stay one click from the right page instead of paginating through prev/next; falls back to numeric chunks when every item shares the same first letter.
 - Control UI: add an ephemeral Activity tab for sanitized live tool activity summaries without persisting raw telemetry. Fixes #12831. Thanks @BunsDev.
 - Build: include `ui:build` in the `full` and `ciArtifacts` profiles of `scripts/build-all.mjs` so `pnpm build` always rebuilds `dist/control-ui` after `tsdown` cleans `dist`, removing the second-command requirement and the missing-asset failure mode for source/runtime installs and CI artifact uploads. (#85206)
+- Migrate: import supported Hermes, OpenCode, and Codex auth credentials into OpenClaw auth profiles when credential migration is selected, with explicit opt-out and non-interactive controls. (#85667) Thanks @fuller-stack-dev.
 - iOS: improve Talk mode with direct realtime voice sessions, compact toolbar status, and responsive voice waveform feedback. (#86355) Thanks @ngutman.
- Media: replace the Sharp image backend with Rastermill for metadata, resizing, EXIF orientation, and PNG alpha-preserving optimization so OpenClaw no longer installs Sharp or the WhatsApp Jimp fallback for image processing. (#86437)
- Codex: update the bundled Codex CLI to 0.134.0 and keep native compaction disabled for budget-triggered app-server turns so OpenClaw owns the recovery boundary. (#86772)

 ### Fixes

- Memory/security: reject prompt-like text submitted through the explicit `memory_store` tool before embedding or storage, matching the existing auto-capture prompt-injection filter. (#87142)
- Security/content boundaries: validate Browser snapshot tab URLs against SSRF policy before ChromeMCP or direct CDP reads, sanitize queued system-event text so untrusted plugin/channel labels cannot spoof nested prompt markers, wrap fetched file text and metadata as external content, apply ClickClack `allowFrom` sender allowlists before agent dispatch, reject RPCs from invalidated device-token clients during rotation, require staged sandbox media refs, and scrub serialized tool-call text from replies. (#78526, #87094, #87062, #83741, #70707, #86924) Thanks @zsxsoft, @ttzero25, and @mmaps.
- Transcripts/user turns: persist CLI, WebChat, media, follow-up, hook, and Codex-mirror user turns to the admitted session target; keep cleaned transcript text, inline image routing, provenance metadata, replay hooks, and fallback paths idempotent when runtimes fail or restart.
- TUI/status/onboarding/UI: queue busy TUI prompts instead of dropping them, preserve the configured default model during onboarding, show failed tool results as errors, show config-open failures in Control UI, keep status JSON plugin scans healthy, preserve xAI usage-limit errors locally, and expose explicit fast-mode/systemd state. (#86722, #87000, #85786, #87108, #87001, #86614, #87115, #86976)
- Plugin commands/SDK: preserve plugin LLM command auth, keep `onDiagnosticEvent` exports discoverable through `Function.name`, stabilize diagnostic event root aliases, correlate pathless read diagnostics, suppress transient runner failures in channel command paths, and repair local approval resolution. (#85936, #87084, #86977, #87069, #86771)
- Codex/providers: keep WebChat delivery hints out of user prompts, avoid false queued-terminal idle timeouts, share the native hook relay registry, quarantine unsupported dynamic tool schemas, preserve Claude resumed-session system prompts, normalize greedy Ollama `top_p`, preserve per-agent thinking defaults for ingress runs, and avoid native compaction takeover on budget-triggered Codex turns. (#87096, #73950, #87049, #86689, #86772)
- Gateway/perf/release: reuse startup-warning metadata and prepared auth stores, defer warning and scheduled-service fallback imports, trim Gateway session/startup/runtime CPU churn, skip duplicate turn session touches, stop chat timeout fallback cascades, drop stale subagent announce history, bound benchmark/watch/kitchen-sink teardown waits, bound macOS/package/onboarding/plugin smoke commands, bound install finalization probes, resolve Parallels npm-update commands from guest `PATH`, and bootstrap raw AWS macOS Node/pnpm commands through `/usr/bin/env`. (#86997)
- Reply/perf: reduce visible reply delivery latency by preserving Telegram typing/progress context, lazy-loading slash-command startup metadata, avoiding hot-path model hydration, flag-gating Codex profiler timing, deferring context compaction maintenance, and tracking delivery timing. (#86989, #86990, #86991, #86992, #86993, #86994) Thanks @keshavbotagent.
- Reply/source delivery: keep TUI, Control UI, media, TTS, transcript, and Codex source-reply finals live without duplicate terminal events or stale replay artifacts.
- Agents/replay: repair legacy tool results before replay, preserve `sessions_spawn` transcript payloads, restore current guard checks, stage sandboxed workspace media, and keep duplicate transcripts tool display metadata from reappearing. (#82203, #86934, #87025) Thanks @martingarramon, @vincentkoc, and @joshavant.
- Agents/hooks/subagents: enforce default hook agent allowlists, recover failed subagent lifecycle completions, and keep node task lifecycle cleanup from closing the Gateway listener. (#86101)
- Codex: project newer OpenClaw chat history into resumed app-server threads and keep Codex turn timeouts inside the Codex runtime boundary so timeouts do not poison shared app-server clients or fall through to unrelated provider fallback. (#86677, #86476) Thanks @TurboTheTurtle and @pashpashpash.
- Config/doctor/update: narrow profiled tool-section doctor repair, keep runtime-injected legacy web-search provider config out of user-authored config validation, and keep prerelease tags excluded from stable updater resolution. (#87030, #86818, #86559) Thanks @joshavant, @luoyanglang, and @stevenepalmer.
- CLI/Windows: add a Windows-only stack-size respawn for stack-heavy startup paths, default CLI logs to local timestamps, and validate timeout/banner TTY state more strictly. (#87031, #85387) Thanks @giodl73-repo and @vincentkoc.
- Locking/security: require owner identity proof before stale plugin lock removal, memoize session lock owner arguments, and avoid writing default exec approval stores unless policy state actually changed. (#86814, #86964) Thanks @Alix-007 and @vincentkoc.
- Install/release: bound Docker package build, inventory, pack, and tarball preparation with process-group timeouts; pin shrinkwrap patch drift to the pnpm lock; harden macOS restart and dSYM packaging; and run release Docker/live timeout wrappers in the foreground so child processes cannot wedge gates.
- Telegram/network: treat `ENETDOWN` as a transient pre-connect network failure so Telegram sends, gateway unhandled-rejection handling, and cron network retries follow the same recovery path as sibling network outages. (#86762) Thanks @TurboTheTurtle.
- Telegram: preserve inbound text entities, overlapping DM replies, account topic cache sidecars, outbound reply context, targeted bot-command mentions, durable group retry targets, forum topic names, and native progress callbacks. (#83873, #85361, #85555, #85656, #85709, #86299, #86553) Thanks @SebTardif, @luoyanglang, and @neeravmakwana.
- iMessage: read image attachments from local Messages attachment roots, dedupe duplicate local Messages-source accounts, seed direct DM history, fix image/group media attachment commands, advance catchup cursors after live handling, and keep slash-command acknowledgements in the source conversation. (#82642, #85475, #86569, #86705, #86706, #86770) Thanks @homer-byte, @TurboTheTurtle, @swang430, and @OmarShahine.
- WhatsApp/QQ/Twitch/IRC/Slack: restore WhatsApp ack identity and group-drop warnings, make QQ Bot media respect `OPENCLAW_HOME`, serialize Twitch auth disconnects, store IRC channel routes canonically, and keep Slack downloaded files out of reply media. (#83833, #85309, #85777, #85794, #85906, #86318, #86697) Thanks @sliverp, @neeravmakwana, and @Kailigithub.
- Discord/voice: improve voice playback and wake replies, bucket large model picker menus, merge media captions into one message, route metadata through configured proxies, restore numeric channel sends, suppress self-reply echoes, and tighten wake matching without breaking fuzzy wake phrases. (#80227, #86238, #86487, #86571, #86595, #86601)
- Codex: preserve native web-search metadata, keep oversized native thread reuse, bridge CLI API-key auth into the app server, preserve sandbox bootstrap path style, recover context-window prompt errors, honor yolo approval policy, disable native thread personality, and route compaction through Codex auth. (#85378, #85542, #85891, #85909, #86408)
- Agents/runtime: enforce session lock max-hold reclaim, release embedded-attempt locks on all exits, treat aborted subagent runs as terminal, avoid runtime model hydration on hot paths, disclose scoped session list counts, derive overflow budgets from provider errors, and keep fallback errors scoped to the active model candidate. (#70473, #85764, #86014, #86134, #86427, #86944) Thanks @openperf, @fuller-stack-dev, @zhangguiping-xydt, and @ferminquant.
- Config/update/doctor: retry config recovery after failed backup restore, skip shell env fallback on Windows, exclude prerelease tags from the stable git channel, support deep config edits, warn instead of aborting on unreadable cron stores, prune stale bundled plugin paths, and avoid duplicate restart prompts when the Gateway is already healthy. (#85739, #85787, #86060, #86260, #86384, #86533) Thanks @liaoyl830.
- Install/release: support Alpine CLI installs and runtime floors, prefer trusted startup argv runtime fallback roots, reject stale CLI node runtimes, avoid npm `min-release-age` installer failures, bound npm/package/Docker install phases, restore config parent ownership in Docker, seed Docker lockfile package tarballs before prune, and make release/plugin prerelease checks fail closed instead of hanging or false-greening. (#85491)
- Security: avoid printing Gateway tokens in Docker, validate plugin model-pattern regexes safely, escape transcript metadata field names, harden session allowlist glob matching, audit Claude permission overrides under YOLO, and require explicit allow for ACP auto approvals. (#85849, #85934, #86046, #86557)
- Media/images: replace Sharp with Rastermill, keep EXIF normalization best-effort, normalize HEIC/HEIF before image descriptions, route Codex image API keys through OpenAI, preserve image compression metadata, and auto-scale live tool result caps. (#85776, #86037, #86437, #86857, #86923)
- Memory: prevent semantic vector indexes from silently degrading when embeddings are unavailable, stop doctor OOMs on large session stores, preserve sidecar hooks/artifacts, write fallback dream diaries, use CJK-aware dreaming dedupe, and avoid per-file watcher FD fan-out. (#80613, #82928, #85060, #85704, #85967, #86701) Thanks @brokemac79, @openperf, and @yaaboo-gif.
- Agents/sessions: include visibility metadata on restricted `sessions_list` results so scoped counts are clearly reported without widening access or exposing hidden-session counts. (#86944) Thanks @ferminquant.
- Gateway/DNS: validate wide-area discovery domains before deriving zone paths or writing zone files, so invalid `discovery.wideArea.domain` and `dns setup --domain` values fail with a DNS-name diagnostic instead of falling through to unrelated configuration errors. Thanks @mmaps.
- Agents/BTW: route fallback side-question streams through the embedded stream resolver so Anthropic-compatible MiniMax requests use the same capped transport as normal chat. (#86312) Thanks @neeravmakwana.
- Telegram: treat `/command@TargetBot` bot-command entities as explicit mentions for the addressed bot so `requireMention` groups no longer drop targeted commands or captions. Fixes #84462. (#86553) Thanks @luoyanglang.
- CI: bound Docker/Bash E2E tarball npm installs with `OPENCLAW_E2E_NPM_INSTALL_TIMEOUT` so package, onboarding, plugin, and upgrade lanes fail instead of hanging on a stuck npm install.
- CI: keep `OPENCLAW_TESTBOX=1 pnpm check:changed` delegating to Blacksmith Testbox through Crabbox without forwarding local Testbox or worker env into the remote command.
- CI: send KILL after the TERM grace period for manual checkout fetch timeouts so stuck Testbox and workflow checkout retries cannot hang behind a wedged `git fetch`.
- CI: send KILL after the TERM grace period for Bun global install smoke command timeouts so trapped `openclaw` child processes cannot wedge the scheduled install smoke.
- iMessage: thread current channel/account inbound attachment roots into the image tool so iMessage-saved attachments under `~/Library/Messages/Attachments` (including the wildcard `/Users/*/Library/Messages/Attachments` root) are read through the existing inbound path policy instead of being rejected as `path-not-allowed`. Literal `localRoots` stays workspace-scoped. Fixes #30170. (#86569)
- QQ Bot: respect `OPENCLAW_HOME` for outbound media path resolution so `<qqmedia>` sends no longer silently fail when `HOME` and `OPENCLAW_HOME` differ (Docker / multi-user hosts). Persisted QQ Bot data (sessions, known users, refs) stays anchored on the OS home for upgrade compatibility. Fixes #83562. Thanks @sliverp.
- Update: report the primary malformed `openclaw.extensions` payload error without adding a duplicate missing-main diagnostic. (#86596) Thanks @ferminquant.
- Control UI: keep host-local Markdown file paths inert while preserving app-relative links. (#86620) Thanks @BryanTegomoh.
- Gateway: dampen repeated unauthenticated device-required probes per URL while preserving explicit-auth and paired recovery paths. (#86575) Thanks @ferminquant.
- IRC: store inbound channel routes with the canonical `channel:#name` target and join transient channel sends before writing. (#85906) Thanks @Kailigithub.
- Usage: surface unknown all-zero model pricing as missing cost entries instead of a confident `$0` total. (#85882) Thanks @MichaelZelbel.
- Agents/Codex: honor yolo app-server approval policy only for the full `never` plus `danger-full-access` case. (#85909) Thanks @earlvanze.
- Gateway/Gmail: clear Gmail watcher renewal intervals on re-entry so hot reloads do not leak lifecycle timers. (#82947) Thanks @SebTardif.
- Logging: exit cleanly on broken stdout/stderr pipes without masking existing failure exit codes. (#80059) Thanks @pavelzak.
- Gateway/security: escape transcript metadata field names while extracting oversized session line prefixes. (#85934) Thanks @SebTardif.
- Plugins/security: validate manifest model pattern regexes with the safe-regex compiler so unsafe patterns are ignored before matching. (#86046) Thanks @SebTardif.
- Discord: route gateway metadata REST lookups through the configured Discord proxy so proxied accounts do not fall back to direct `discord.com` connections before opening the WebSocket. Fixes #80227. Thanks @Clivilwalker.
- Agents/media: hydrate current-turn image attachments from filename-derived MIME types so active vision can see generated or forwarded images whose source omitted an image content type. (#84812) Thanks @marchpure.
- Agents/fs: point workspace-only scratch-path guidance at in-workspace temp directories while keeping host-root writes rejected by the tool guard. (#86501) Thanks @tianxiaochannel-oss88.
- Agents/media: keep async cron media completions scoped to their run session while preserving direct delivery for stale generated-media success and failure notifications. (#86529) Thanks @ai-hpc.
- Gateway: emit plugin `session_end`/`session_start` hooks when `agent.send` rotates or replaces a session id, keeping hook lifecycle state aligned with `sessions.changed` notifications. Fixes #83507. (#85875) Thanks @brokemac79.
- OpenShell/SSH: reject malformed generated exec commands before sandbox/session setup so unresolved workflow placeholders fail fast instead of reaching the remote shell. Fixes #72373. Thanks @brokemac79.
- Google: stop normalizing `gemini-3.1-flash-lite` to the retired preview endpoint and update Flash Lite alias guidance to the GA model id. Fixes #86151. (#86240) Thanks @SebTardif.
- Installer: make Alpine apk installs cover Git, verify the Node runtime floor, try `nodejs-current`, and report Alpine version guidance when repositories only provide older Node packages.
- Agents/status: prefer the active Claude CLI OAuth auth label over an unused Anthropic env API-key label for equivalent runtime aliases. Fixes #80184. (#86570) Thanks @brokemac79.
- Agents/media: send direct fallback for generated media still missing after an active requester wake fails. (#85489) Thanks @fuller-stack-dev.
- Agents: derive overflow compaction budgets from provider-reported and synthetic over-budget token counts so confirmed context overflows compact before retrying. (#70473) Thanks @fuller-stack-dev.
- Agents/Codex: recover Codex context-window prompt errors through overflow compaction and surface reset guidance when recovery is exhausted. (#85542) Thanks @fuller-stack-dev.
- Agents/Codex: allow Codex app-server runs to bootstrap from `CODEX_API_KEY` or `OPENAI_API_KEY` when no Codex auth profile is configured.
- Agents/Codex: keep selected Codex runtime routing on OpenAI-Codex while preserving direct OpenAI API-key compaction fallback. (#86408) Thanks @funmerlin and @VACInc.
- Agent transcript: include OpenClaw agent session logs when finding local transcript candidates.
- Crabbox: bootstrap raw AWS macOS shell commands wrapped in absolute `time` paths so RSS probes can run Node and pnpm on fresh macOS runners.
- Crabbox: bootstrap raw AWS macOS shell commands even when setup statements precede Node or pnpm usage.
- TUI/local: skip unnecessary secret resolution, gateway model catalog loading, bootstrap, and skill scans in explicit local-model runs so startup reaches the model request faster.
- Sessions/doctor: load large session stores without clone amplification during read-only doctor checks and reclaim stale `sessions.json.*.tmp` sidecars. Fixes #56827. Thanks @openperf.
- Tests: clean successful plugin gateway gauntlet isolated temp roots while keeping an explicit preservation switch for failed/debug runs.
- Plugins/perf: reuse derived plugin metadata snapshots for the lifetime of the process so reply-time skill setup no longer rescans plugin metadata on every turn.
- Discord/OpenAI voice: keep wake-name master consults using the current speaker context after ignored ambient transcripts and shorten the default capture silence grace.
- Doctor: skip redundant Gateway restart prompts when a recent supervisor restart leaves the Gateway healthy. Fixes #86518. (#86533) Thanks @liaoyl830.
- Cron: restore suspended cron lanes to the configured/default concurrency instead of falling back to one after quota or circuit-breaker auto-resume.
- Gateway: keep session-only Control UI tool-start mirrors flowing during diagnostic queue pressure instead of silently dropping non-terminal tool updates.
- Agents/memory: return optional not-found context for missing date-only daily memory reads instead of logging benign first-run `ENOENT` failures. Fixes #82928. Thanks @galiniliev.
- Discord: merge streamed text captions into following media block replies so captions and attachments send as one message. (#86487) Thanks @neeravmakwana.
- Gateway: avoid sending duplicate tool-event frames to Control UI connections that are subscribed by both run and session.
- Discord/OpenAI voice: accept broader edge-position fuzzy wake-name transcripts while keeping ambient speech gated.
- Discord/OpenAI voice: accept longer leading wake-name mistranscripts such as "Open Club" for OpenClaw.
- Agents/OpenAI-compatible: stop ModelStudio-compatible chat requests before sending system/tool-only payloads that have no usable user or assistant turn. (#86177) Thanks @TurboTheTurtle.
- Gateway/plugins: reuse plugin package realpath checks while building installed plugin indexes so startup avoids repeated filesystem resolution work.
- Kilo Gateway: send string `stop` sequences as arrays so Kilo accepts OpenAI-compatible chat completions. (#86461) Thanks @SebTardif.
- Discord/OpenAI voice: accept leading fuzzy wake-name transcripts such as "Monty" or "Moti" for a Molty agent while keeping ambient speech gated.
- Media understanding: convert HEIC and HEIF images to JPEG before image description providers run so iPhone photos work in direct and configured image-description flows. (#86037)
- Agents: release embedded-attempt session locks from outer teardown so post-prompt exceptions cannot wedge later requests behind `SessionWriteLockTimeoutError`. Fixes #86014. Thanks @openperf.
 - Discord/OpenAI voice: rotate Realtime sessions at provider max duration without logging the expected session-expiry event as an error.
- Sessions: skip metadata-only entries during QMD-slugified session lookup so one incomplete row does not block transcript hit resolution. (#86327) Thanks @abnershang.
- Agents/media: derive bundled plugin local-media trust from plugin tool metadata instead of importing the full plugin registry on subscription paths. (#84409) Thanks @samzong.
- Image tool: keep config-backed custom-provider API keys usable for auto-discovered vision models, including deferred image-tool execution without env keys or auth profiles. (#85733)
 - Memory/local embeddings: run local GGUF embeddings in an isolated worker sidecar and degrade to configured fallback or keyword search on worker failure so native embedding crashes do not take down the Gateway. (#85348) Thanks @osolmaz.
 - Gateway: clear the runtime config snapshot before `SIGUSR1` in-process restarts so config changes survive the next gateway loop. (#86388) Thanks @XuZehan-iCenter.
 - Models: show OAuth delegation markers as configured `models.json` auth while keeping runtime route usability checks strict. (#86378) Thanks @rohitjavvadi.
 - Cron: seed active scheduled and manual cron task rows with a progress summary so status surfaces do not look blank while jobs run. (#86313) Thanks @ferminquant.
- Cron: preserve unsupported persisted cron payload rows during routine store writes while keeping those rows non-runnable. Fixes #84922. (#86415) Thanks @IWhatsskill.
 - Updater: exclude prerelease git tags from stable channel resolution so source updates do not check out newer alpha/rc/preview/canary tags. (#86260) Thanks @stevenepalmer.
- Security/Audit: flag webhook `hooks.token` reuse of active Gateway password auth in `openclaw security audit` while keeping password-mode startup compatibility. (#84338) Thanks @coygeek.
- QQBot: derive the outbound reply watchdog from configured agent and provider timeouts so slow local model replies are not cut off at five minutes. Fixes #85267. (#85271) Thanks @SymbolStar.
 - Agents/heartbeat: stop heartbeat turns after the first valid `heartbeat_respond` so repeated response loops do not burn tokens. (#86357) Thanks @udaymanish6.
- Tasks: keep retained lost tasks out of default status health counts, explain their cleanup window during maintenance, and prune lost task records after 24 hours instead of the general 7-day terminal retention.
 - Memory-core: keep REM dreaming focused on live light-staged memories and mark staged entries as considered so old recall history no longer dominates fresh candidates. (#86302) Thanks @SebTardif.
- Memory: abort sync instead of downgrading an existing semantic vector index to FTS-only when the configured embedding provider is temporarily unavailable. (#85704) Thanks @yaaboo-gif.
 - Telegram: propagate forum topic names through the account-scoped topic cache for native command context and topic create/edit actions. (#86299) Thanks @SebTardif.
 - Slack: keep downloaded read-only files out of reply media so Slack file reads do not echo files back to the conversation. (#86318) Thanks @neeravmakwana.
 - Cron: accept leading-plus relative durations such as `+5m` for one-shot `--at` schedules. (#86341) Thanks @mushuiyu886.
 - Agents/media: preserve async-started media tool metadata so background generation starts no longer surface generic incomplete-turn warnings while replay stays unsafe. (#85933) Thanks @fuller-stack-dev.
 - Docker E2E: dedupe scheduler lane resources so npm/service package lanes are not over-counted and serialized unnecessarily.
- QA/diagnostics: add a collector-backed OpenTelemetry smoke lane, make the OTLP payload leak check scenario-aware, and keep source QA builds from failing on optional dependency imports resolved through pnpm's temp module path.
 - Crabbox: bootstrap Git metadata for sparse remote changed gates so raw synced workspaces can run `pnpm check:changed` from the intended diff.
 - xAI/LM Studio: avoid buffering ordinary bracketed or `final` prose until stream completion while watching for plain-text tool-call fallbacks.
 - Doctor: warn and continue when the cron job store exists but cannot be read so later health checks still run. Fixes #86102. (#86384) Thanks @1052326311.
 - Discord: suppress a bot's previous reply body and referenced media from prompt context when a user replies to that bot message, while keeping reply metadata for routing. (#86238) Thanks @fuller-stack-dev.
- Discord: restore bare numeric channel IDs for outbound message-tool sends while keeping explicit DM targets unambiguous. (#86571) Thanks @joshavant.
 - Docker E2E: avoid rebuilding the Control UI twice while preparing the shared OpenClaw package tarball for package-backed scenario runs.
 - Tests: avoid rebuilding the Control UI twice during the installer Docker smoke now that `pnpm build` includes `ui:build`.
- Tests: give QA config mutation RPCs enough native Windows budget to finish gateway config writes and restart settle after hot scenario runs.
- Tests: keep the gateway restart-inflight QA scenario focused on restart recovery on native Windows by allowing expected embedded prompt handoff errors and using the Windows-safe timeout budget.
- QA-Lab: make the synthetic OpenAI provider honor generic `reply exactly:` directives after required kickoff reads so restart-recovery scenarios do not fall through to generic repo-summary prose.
- Gateway: abort active `agent` RPC runs during forced restart shutdown so stale in-process turns cannot keep writing a session after the Gateway lifecycle restarts.
- Crabbox: sync clean sparse worktrees through a temporary full checkout even when reusing an existing lease so tracked build-time files are not omitted.
 - Build: route `scripts/ui.js` through the shared pnpm runner and keep Control UI chunking helpers in sparse-included source so native Windows Corepack builds can produce `dist/control-ui`.
- Tests: give the memory fallback QA scenario enough turn budget to exercise native Windows gateway runs instead of failing on the client timeout while the mock agent is still dispatching.
 - Tests: collect QA gateway CPU/RSS metrics on native Windows and give the channel baseline enough turn budget to report slow gateway runs instead of timing out before proof.
 - Install/update: bypass npm `min-release-age` policies with `--min-release-age=0` instead of `--before` so hosted installers keep working on npm versions that reject the combined config. (#84749) Thanks @TeodoroRodrigo.
- Diagnostics: reclaim wedged session lanes when stale active-run bookkeeping blocks queued work despite no forward progress. Fixes #85639. Thanks @openperf.
 - WebChat: keep message-tool replies visible in the chat while still summarizing internal tool results for the model. Fixes #86347. Thanks @shakkernerd.
 - Gateway/perf: fail startup benchmark samples when the Gateway process exits before benchmark teardown, including signal deaths after readiness probes.
 - Gateway/perf: fail restart benchmark samples when the Gateway exits before benchmark teardown, including clean exits and signal deaths after successful restart probes.
@@ -177,48 +47,104 @@ Docs: https://docs.openclaw.ai
 - Checks: keep intentional Knip unused-file findings optional so full CI and sparse proof workspaces stay aligned.
 - Docker: restore writable `~/.config` in runtime images. Fixes #85968. Thanks @hkoessler and @Bartok9.
 - Plugin SDK: keep legacy root diagnostic subscriptions connected when built plugin SDK aliases resolve diagnostic helpers through a separate module graph.
- Diagnostics: export alertable OTel and Prometheus signals for blocked tools, model failover, stale sessions, liveness warnings, oversized payloads, and webhook ingress while fixing shared OTLP endpoints with query strings.
 - Tests: normalize macOS canonical temp paths in exec allowlists, fs-safe trash assertions, installed plugin matching, Telegram topic-name stores, and built ACPX MCP server expectations so native macOS proof runners cover the intended behavior.
 - Codex/app-server: preserve message-tool-only source reply delivery mode on active runs so sub-agent completion wakeups can steer the active Codex turn instead of being rejected. (#86287) Thanks @ferminquant.
 - Tests: sample the Windows kitchen-sink RPC gateway directly and serialize RSS probes so native runs keep the memory guard active.
 - Tests: normalize bundled plugin lifecycle probe paths and state-root lookup so native Windows release sweeps accept valid packaged plugin installs.
- Agents/Claude CLI: route live native Bash permission requests through OpenClaw exec policy so Claude turns no longer stall on `control_request`, and document that OpenClaw exec policy is authoritative. Fixes #80819. (#86330, from #81971) Thanks @guthirry and @sallyom.
- Security audit: warn when YOLO OpenClaw exec policy overrides a restrictive raw Claude `--permission-mode` for managed live sessions. (#86557) Thanks @sallyom.
 - Config: keep benign legacy metadata write anomalies out of default doctor and config command output while preserving explicit anomaly logging for diagnostics.
 - Codex: log when implicit app-server `never` approvals are promoted for OpenClaw tool policy, including whether the trigger was a `before_tool_call` hook or trusted tool policy.
 - Codex harness: make subscription usage-limit errors without reset times explain that OpenClaw cannot determine the reset and point users to wait until Codex is available, use another Codex account, or switch to another configured model/provider. Thanks @amknight.
+- Models/Codex: warn when stale OpenAI API-key auth remains beside Codex OAuth routes, and skip importing Codex `OPENAI_API_KEY` values when ChatGPT OAuth is present. Thanks @amknight.
 - Google Vertex: support production ADC modes such as Workload Identity Federation, service-account credentials, and metadata-server ADC for the native Vertex transport. (#83971) Thanks @damianFelixPago.
 - Telegram: route normal `[telegram][diag]` polling diagnostics through `runtime.log` while keeping non-diag warnings and persistence failures on `runtime.error`, so healthy polling startup no longer looks like an error. Fixes #82957. (#82958) Thanks @galiniliev.
- Providers/Ollama: strip inline Kimi cloud reasoning prefixes from streamed and final visible replies while keeping ordinary Kimi answers append-only. (#86286) Thanks @jason-allen-oneal.

 - Gateway: require Talk secret authority before setup-code handoff can include Talk secrets. (#85690) Thanks @ngutman.
- Agents: keep fallback error reporting scoped to the active model candidate so stale prior-provider quota/auth text is not reported for later fallback attempts. (#86134) Thanks @zhangguiping-xydt.
- iMessage: dedupe watcher startup when `channels.imessage.accounts` lists both `default` and a named account that point at the same local Messages source, so the gateway no longer spawns two `imsg rpc` processes or doubles inbound replies; the dedupe is scoped to watcher startup, leaving duplicate accounts addressable for outbound sends, status, and capability listings, and `openclaw doctor` flags the redundant account with a rebinding hint. Fixes #65141. (#86705) Thanks @swang430.

-## 2026.5.22
+## 2026.5.25
+
+### Fixes
+
+- Installer: let the local-prefix CLI installer use Alpine's `apk` Node.js, npm, and Git packages on musl Linux instead of downloading glibc Node tarballs that fail `node:sqlite`.
+- Checks: prefilter tracked conflict-marker scans so changed checks avoid reading every repository file on clean runs.
+- Plugins: allow linked local plugin paths to probe TypeScript source entries without requiring compiled package output, restoring source-checkout plugin development on native Windows.
+- CLI: route source-checkout build output to stderr before launching OpenClaw commands so stale local builds do not corrupt `--json` stdout.
+- Installer: install Node.js through `apk` on Alpine Linux instead of falling through to the NodeSource package-manager path.
+- Agents/perf: cache manifest-backed CLI provider descriptors and fallback provider resolution so model fallback retries avoid repeated bundled provider runtime scans while still invalidating across plugin reloads.
+- Installer: detect musl Linux shells such as Alpine as Linux instead of rejecting them before npm install.
+- Windows: run direct Node package scripts with env overrides through a cross-platform launcher so gateway, TUI, Docker-all, generated-module formatting, and optional Discord native opus installer entrypoints work on native Windows.
+- Tests: run Vitest import timing entrypoints through a Node wrapper so native Windows package scripts can collect import diagnostics.
+- Control UI: split large build-time runtime dependencies into stable chunks so Linux/Docker install and package builds stay below the app chunk warning threshold.
+- Tests: run `test:max` and `test:changed:max` through a Node wrapper so high-worker Vitest entrypoints work on native Windows.
+- Tests: retry transient loopback HTTP resets in the kitchen-sink RPC walk so native Windows readiness probes do not fail after the gateway is already ready.
+- Tests: run `test:serial` through a Node wrapper so targeted serial Vitest commands work on native Windows.
+- Tests: normalize Vitest config path assertions so the infra config suite runs on native Windows paths.
+- Installer: avoid the incompatible generated `--before` install filter when raw npm `min-release-age` config is present. (#85491) Thanks @TurboTheTurtle.
+- Agents/MCP: bound bundled MCP `tools/list` catalog discovery so hung MCP servers do not block session tool materialization. (#85063) Thanks @nxmxbbd.
+- Channels/iMessage: recover malformed anchorless group watch payloads by GUID before debounce/routing, and drop unrecoverable payloads instead of replying to the sender DM. Fixes #84470. Refs #84503. Thanks @zhangguiping-xydt and @zqchris.
+- Channels/iMessage: advance the startup catchup cursor from live-handled rows after a completed catchup pass, including rows received while catchup is still running, so restarts do not replay them. (#85475) Thanks @TurboTheTurtle.
+- Tests: mount the shared Windows command helper into bare Docker E2E harness containers so published upgrade-survivor config walks can start on Linux.
+- Tests: keep the plugin binding command escape Docker smoke focused on its intended Vitest cases and skip source-only install lifecycle scripts.
+- Tests: let the generic plugin install E2E assertions use a configurable temp root and Windows home-relative install paths.
+- Tests: keep kitchen-sink plugin assertion fixtures on a configurable temp root so native Windows runs no longer skip full-surface diagnostic coverage.
+- Tests: fail Gateway startup benchmarks when a child startup never produces ready probes or process metrics instead of reporting all `n/a` samples as passing.
+- Config/secrets: allow exec SecretRef ids to include `#` selectors so AWS-style `secret#json_key` ids validate consistently. (#80731) Thanks @TurboTheTurtle.
+- Tests: keep the Telegram user credential helper on platform temp and path APIs so native Windows credential export and restore commands do not write through POSIX-only paths.
+- Installer: include the optional verify phase in the progress counter so `--verify` shows `[4/4] Verifying installation` instead of `[4/3]`.
+- Crabbox: let the wrapper find a sibling Crabbox checkout from linked Git worktrees so Codex worktrees can run remote gates without a PATH shim.
+- CI: tolerate the standard `--` option separator in shared helper flag parsing so perf and test commands accept package-manager argument forwarding.
+- Tests: preserve `--` passthrough arguments in live-media, live-shard, and extension batch harnesses so Vitest filters are not misread or silently ignored.
+- Crabbox: default AWS macOS runner requests to on-demand capacity so EC2 Mac proof commands do not fail on the unsupported Spot market default.
+- Tests: run upgrade-survivor config recipe commands through the Windows npm shim so native Windows package walks keep baseline config coverage.
+- Image tool: use bundled Anthropic media limits when resolving image compression policy without provider-runtime hooks.
+- Tests: fail the kitchen-sink RPC Docker walk when gateway RSS sampling is unavailable instead of silently disabling the per-process memory guard.
+- Tests: suppress the current Rolldown plugin timing warning format in the Vitest wrapper so tiny focused runs do not drown useful stderr in repeated build-timing noise.
+- Models/OpenRouter: use endpoint-specific OpenRouter context limits from `top_provider` metadata so provider-routed models no longer overstate available context. (#85949) Thanks @TurboTheTurtle.
+- Crabbox: sync clean sparse-checkout remote changed gates from a temporary full checkout with local-only commits overlaid as worktree changes so git-backed script checks can seed the runner repository.
+- Agents: avoid loading bundled channel plugins while resolving completion delivery policy and queue defaults on subagent handoff paths.
+- Tests: allow split Vitest config shards through the explicit-target preflight so CI shard jobs run their intended projects.
+- Tests: make startup memory and startup bench smoke scripts build CLI startup artifacts when run from a fresh source checkout.
+- iMessage: mark authorized slash-command turns as text-sourced commands so `/status`, `/new`, and `/restart` acknowledgements return to the source conversation. (#82642) thanks @homer-byte.
+- Crabbox: install Corepack shims into the writable hydration `PNPM_HOME` so local AWS runner hydration no longer tries to overwrite `/usr/local/bin/pnpm`.
+- Live tests: fail Gateway live model sweeps when selected coverage is lost to timeouts or stale high-signal filters instead of reporting false missing-profile coverage, and pin Docker OpenAI gateway coverage to the current `gpt-5.5` lane.
+- Tests: fail Docker resource-ceiling checks when stats samples or configured limits are invalid instead of silently reporting zero peaks.
+- Agents: fail closed when provider-less session models match multiple provider-prefixed runtime policies so CLI runtime routing no longer depends on config order. (#85970) Thanks @potterdigital.
+- Control UI/agents: keep collapsed tool rows readable without early ellipses, preserve raw expanded tool details, and make post-compaction AGENTS.md reinjection opt-in to avoid duplicated project context. Fixes #45649 and #45488. Thanks @BunsDev.
+
+## 2026.5.24

 ### Changes

+- iMessage: support thumb-approval reactions — `👍` (Like tapback) resolves an approval as `allow-once` and `👎` resolves as `deny`, with the explicit-approver allowlist read from `channels.imessage.allowFrom`; `allow-always` stays on the manual `/approve <id> allow-always` text fallback. Mirrors the WhatsApp behavior from #85477.
 - Gateway/perf: reuse process-stable channel catalog reads, avoid repeated bundled-channel boundary checks, and rotate gateway watch CPU profiles so benchmark runs do not accumulate unbounded artifacts.
+- Gateway/perf: cache stable install-record, channel-catalog, bundled-channel, and Telegram session-store metadata during process-local hot paths to reduce repeated JSON and manifest reads.
 - Gateway/perf: reuse immutable plugin metadata snapshots across startup, config, model, channel, setup, and secret metadata readers so hot paths avoid repeated plugin file stats and manifest registry reloads.
+- Talk/realtime: let WebUI and Discord voice callers ask for active OpenClaw run status, cancel, steer, or queue follow-up work while a consult is still running. (#84231) Thanks @Solvely-Colin.
+- Discord/voice: add realtime wake-name gating with agent-name defaults and raise profile bootstrap context budget for longer `USER.md`/`SOUL.md` files.
 - Gateway/perf: lazy-load startup-idle plugin work, core gateway method handlers, and the embedded ACPX runtime so Gateway health and ready signals no longer wait on unused handler trees or ACPX probes.
 - Gateway/perf: cache plugin SDK public-surface alias maps and skip irrelevant macOS Linuxbrew PATH probes so Gateway startup avoids repeated filesystem walks and slow missing-directory stats.
- Transcripts: add the initial transcript capture and source-provider foundation, including auto-start capture config, manual transcript imports, read-only transcript access, and Discord voice as the first live source.
+- Image tool: add adaptive model-aware image compression with an `agents.defaults.imageQuality` preference for choosing token-efficient, balanced, or high-detail media handling.
+- Meeting Notes: add a source-only external meeting-notes plugin and SDK source-provider contract outside the core npm package, with auto-start capture config, manual transcript imports, read-only `openclaw meeting-notes` CLI access, and Discord voice as the first live source.
+- Meeting Notes/Discord: release channel account startup before meeting-notes auto-capture, wait for the Discord voice manager during gateway boot, and stop plugin services before channel shutdown so voice capture state remains available during startup and cleanup.
 - Docs/channels/config: add Signal `configPath`, Telegram wildcard topic defaults, local-time backup archive names, Termux home fallback, include-path validation, secret-scanner-safe placeholder guidance, Gemini CLI/Antigravity media guidance, and macOS VM auto-login guidance. Thanks @NorseGaud, @yudistiraashadi, @huangqian8, @VibhorGautam, @maweibin, @tianxingleo, @IgnacioPro, and @xzcxzcyy-claw.
 - Docs: clarify model-usage portability, Codex migration prerequisites, status bootstrap wording, thread-bound subagent limits, hook ownership, and config-preserving safety guidance. Thanks @aniruddhaadak80, @leno23, @TomDjerry, @matthewxmurphy, @vincentkoc, and @stablegenius49.
 - Docs: clarify README onboarding and Gateway startup paths, WhatsApp QR/408 recovery, cron output language prompts, skill advanced features, gateway upstream 403 troubleshooting, and plugin fallback override guidance. Thanks @deepujain, @Zacxxx, @Jah-yee, @neyric, @usimic, @Renu-Cybe, @BigUncle, and @SeashoreShi.
 - Docs: clarify context-pruning ratio bounds, local dashboard recovery, CLI env markers, remote onboarding token behavior, and Peekaboo Bridge permissions for subprocess agents. Thanks @ayesha-aziz123, @dishraters, @hougangdev, and @brandonlipman.
 - Docs: clarify browser CDP diagnostics, Plugin SDK allowlist imports, status-reaction timing defaults, queue steering behavior, limited-tool troubleshooting, cron HEARTBEAT handling, Telegram multi-agent groups, Bitwarden SecretRef setup, and EasyRunner deployments. Thanks @Quratulain-bilal, @mbelinky, @Mickey-, @vancece, @xenouzik, @posigit, @surlymochan, @janaka, and @choiking.
+- CLI/models: let `openclaw models auth login` store a single returned provider auth profile under a requested `--profile-id`, and document named Codex OAuth profile setup. (#49315) Thanks @DanielLSM.
 - Crabbox/Testbox: run clean sparse-checkout Testbox syncs from a temporary full checkout and route remote changed gates through Corepack pnpm.
 - Docs: clarify IPv4-only Gateway BYOH binding, trusted-proxy scope clearing, Android pairing approval, macOS Accessibility grants, Zalo profile env vars, password-store SecretRef setup, and Chinese memory navigation. Thanks @itskai-dev, @gwh7078, @longstoryscott, @MoeJaberr, and @yuaiccc.
 - Docs: consolidate GLM under Z.AI, add the Upstash Box install guide and Gateway exposure runbook, clarify MEDIA directives, Copilot and Voyage setup, config path quoting, real behavior proof, and memory-file write guidance. Thanks @BobDu, @alitariksahin, @Jefsky, @musaabhasan, @OmerZeyveli, @leno23, @WuKongAI-CMU, @luoyanglang, and @majin1102.
 - Docs: clarify media provider credentials, Codex/OpenClaw code-mode boundaries, Slack and Telegram ack reactions, Feishu dynamic agents, secrets plaintext boundaries, memory guidance, and Chinese glossary terms. Thanks @nielskaspers, @cosmopolitan033, @drclaw-iq, @alexgduarte, @zccyman, @chengoak, and @cassthebandit.
 - Packaging: exclude documentation images and assets from the npm tarball, reducing published package size without affecting runtime docs search or CLI behavior. Thanks @SebTardif.
 - Media understanding: stop auto-probing Gemini CLI and use Antigravity CLI only as a lower-priority image/video fallback after configured provider APIs.
+- Diagnostics: emit sanitized `secrets.prepare` timeline spans for Gateway secret preparation so operators can distinguish secret startup latency without exposing provider names, secret ids, or secret values. (#83019) Thanks @samzong.
+- Diagnostics: export bounded skill usage metrics/spans and tool source/owner labels for core, plugin, MCP, and channel tool execution without exposing raw paths or session identifiers. (#80370) Thanks @gauravprasadgp.
 - Agents/subagents: limit default sub-agent bootstrap context to `AGENTS.md` and `TOOLS.md`, keeping persona, identity, user, memory, heartbeat, and setup files out of delegated workers by default. (#85283) Thanks @100yenadmin.
+- Maintainer skills: require clean autoreview before surfacing bug-sweep PR URLs and treat changelog-only conflicts as routine busy-main churn.
 - Maintainer skills: exclude plugin SDK/API boundary work from `openclaw-landable-bug-sweep` so bugbash sweeps stay focused on small paper-cut fixes.
 - QA-Lab/diagnostics: extend the OpenTelemetry smoke harness to prove trace, metric, and log export, and add first-class Prometheus and observability smoke aliases.
 - Plugin SDK: add a generic channel-message poll sender so channel plugins can expose poll delivery without depending on channel-specific SDK facades.
+- Plugin SDK/cron delivery: route cron delivery through the modern target resolver and outbound session-route APIs, deprecate parser-backed target helpers and `plugin-sdk/messaging-targets`, and move bundled callers to `plugin-sdk/channel-targets`.
 - Crabbox: keep the local wrapper's provider validation synced with the installed Crabbox binary while preserving supported aliases such as `docker` and `blacksmith`. (#85302) Thanks @hxy91819.
 - Maintainer skills: add `openclaw-landable-bug-sweep` for producing five small, reviewed, CI-green OpenClaw bugfix PRs from issue/PR sweeps.
 - Control UI/chat: add search and Load More pagination to the chat session picker, keeping initial session loads bounded while making older conversations reachable. (#85237) Thanks @amknight.
@@ -248,21 +174,74 @@ Docs: https://docs.openclaw.ai

 ### Fixes

+- Gateway/update: avoid fetching unrelated tags during dev-channel git updates so moved release tags do not block branch-based updates. (#84737) Thanks @rubencu.
+- CLI/update: suppress the expected future-config warning while an old update parent hands off to the freshly installed post-core process.
+- MiniMax: store OAuth token expiry as an absolute millisecond timestamp so OAuth profiles no longer appear expired on every request. (#83480) Thanks @NianJiuZst.
+- Agents/Anthropic: strip missing or blank thinking signatures for signed-thinking providers even when recovery supplies a narrow replay policy without signature preservation. Fixes #84430. (#84448) Thanks @NianJiuZst.
+- Agents/channels: send a visible notice when an aborted main session cannot be resumed after restart, including Telegram group targets. (#85805) Thanks @pfrederiksen.
+- Discord/voice: serialize overlapping voice joins, retry aborted startup readiness within the configured timeout, upgrade meeting-notes-only sessions to realtime when the normal follow join arrives, detach promoted meeting-notes ownership without leaving voice, and include `OpenClaw` in default realtime wake names.
+- Gateway/restart: honor the configured restart drain budget for embedded runs and avoid spending the deferral timeout twice after forced restart timeouts. (#85708) Thanks @Kaspre.
+- Gateway/boot: run `BOOT.md` startup checks in an isolated boot session so gateway restarts do not overwrite the agent's main session mapping. (#85479)
+- Meeting Notes: include a speaker-labeled transcript section in generated summaries so Discord group voice captures show who said each captured utterance.
+- Discord/voice: recover stale realtime playback state when Discord stream-close/player-idle events do not arrive, and keep generated runtime plugin aliases available after postbuild rewrites.
+- Discord/voice: keep realtime playback running when meeting notes attaches to an existing voice session or a realtime consult starts, and route realtime user transcripts into meeting notes.
+- Config/secrets: preflight active runtime SecretRefs before root and include config writes persist, and roll back unchanged file/env state when post-write refresh fails. Fixes #46531. (#84454) Thanks @samzong.
+- CLI/models: preserve SecretRef-backed custom provider `apiKey` markers when `models status` regenerates `models.json`, avoiding resolved plaintext secrets on disk. Fixes #84632. (#84658) Thanks @NianJiuZst.
+- WhatsApp/auto-reply: deliver deferred media replies through the foreground reply fence so overlapping no-reply turns no longer hide already visible responses. (#85517) Thanks @cavit99.
+- Sessions/security: replace agent-to-agent wildcard allowlist regexes with a precompiled linear matcher so cross-agent access checks avoid backtracking-prone patterns. (#85849) Thanks @SebTardif.
+- WebChat: keep the run-complete indicator in progress until deferred history replay renders the assistant reply, so Done no longer appears before response text. (#85374) Thanks @neeravmakwana.
+- Agents/tools: give timed-out or cancelled process trees a bounded SIGTERM cleanup window before SIGKILL while preserving tree-aware cancellation. Fixes #66399. (#85865) Thanks @IWhatsskill.
+- Agents/subagents: treat aborted subagent stop reasons as killed terminal failures so parent sessions get error announcements instead of silent success. Fixes #72293. (#85860) Thanks @IWhatsskill.
+- Agents/providers: clamp proxy-like OpenAI Chat Completions output caps against the final request payload so strict local/API-compatible servers no longer reject prompts that already consume part of the context window. Fixes #83086. (#85889) Thanks @rendrag-git.
+- Agents/compaction: skip agent-harness preflight for provider-owned CLI runtime sessions so over-threshold Claude CLI sessions continue through normal compaction instead of failing on a missing harness. Fixes #84857. (#84878) Thanks @zhangguiping-xydt.
+- Codex/app-server: keep successful native hook relays available through a short post-turn grace window so late Codex hook subprocesses can finish policy enforcement without clearing a replacement relay. (#83987) Thanks @Kaspre.
+- Control UI/config: save form-mode edits from the source config snapshot so runtime-only provider defaults like empty `models.providers.<id>.baseUrl` are not written back and rejected. Fixes #85831. Thanks @garyd9.
+- Browser/existing-session: launch Chrome DevTools MCP with usage statistics disabled by default so its telemetry watchdog stays off unless an operator explicitly opts in. (#85886) Thanks @rohitjavvadi.
+- Telegram: normalize legacy durable group retry targets before retry sends, polls, and pins so group retries keep using the real chat id. (#85656) Thanks @luoyanglang.
+- Agents/PDF: route MiniMax PDF fallback policy through plugin metadata so MiniMax uses text extraction instead of VLM image fallback. (#85590, fixes #85575) Thanks @neeravmakwana.
+- CLI/plugins: tighten timeout, numeric option, media payload, permission, profile/TLS, plugin metadata, JSON, and remote URL handling; prevent stuck progress/app-server/IRC/Synology/Twitch waits; and keep imported chat history ordering stable.
+- Telegram/config: suppress the missing `accounts.default` warning when `channels.telegram.defaultAccount` names a configured account that also sorts first. Fixes #83948. Thanks @crypto86m.
+- Telegram: serialize visible topic replies through core reply-lane admission so heartbeat and queued follow-up turns cannot continue ownerless or misroute responses. (#85709) Thanks @jalehman.
+- CLI/node: print node status recovery hints on stdout consistently while keeping status errors on stderr. Fixes #83925. Thanks @davinci282828.
 - WebChat: summarize internal message-tool source replies so tool cards no longer duplicate the visible reply body. (#84773) Thanks @jason-allen-oneal.
+- Gateway/WebChat: hide duplicate `gateway-injected` assistant rows when Cursor ACP already persisted the same `acp-runtime` reply. Fixes #85741. Thanks @lxf-lxf.
+- WebChat: scope the visible attachment button to its own composer file input so clicking Upload reliably opens the file picker. (#83952, fixes #47983) Thanks @jason-allen-oneal.
 - Gateway: preserve deferred lifecycle-error cleanup across later non-terminal events so provider timeouts can persist failed session state instead of leaving sessions stuck running. (#85256, fixes #63819) Thanks @samzong.
+- Gateway/update: stop treating inherited macOS `XPC_SERVICE_NAME` values as launchd supervision during update respawn, so GUI-spawned gateways use detached respawn instead of exiting for a missing LaunchAgent. Fixes #85224. Thanks @richardmqq.
+- Gateway: stop sending duplicate message-phase `sessions.changed` websocket events after displayable `session.message` transcript updates. (#84834)
 - Agents/subagents: report tool-only child progress during timeout summaries instead of showing no visible output.
 - Telegram/ACP: preserve explicit `:topic:` conversation suffixes when inbound ACP targets do not carry a separate thread id.
 - Browser/proxy: bypass the managed proxy for the exact local managed Chrome CDP readiness and DevTools WebSocket endpoints, so `openclaw browser start` works when the operator proxy blocks loopback egress. (#83255) Thanks @lightcap.
 - Ollama: bypass the managed proxy for configured local embedding origins while keeping SSRF guardrails on unconfigured targets. Thanks @Kaspre.
 - OpenAI/images: route Codex API-key image generation through the native OpenAI Images API instead of the Codex OAuth streaming backend, avoiding 401s from valid API keys.
 - Agents/OpenAI completions: omit empty tool payload fields for proxy-like OpenAI-compatible endpoints so strict vLLM-style servers accept tool-free turns. (#85835) Thanks @rendrag-git.
+- Sandbox: keep workspace skill mounts read-only for remote container-cwd file operations and reject symlinked skill roots before creating protected overlays. (#85591) Thanks @jason-allen-oneal.
+- Scripts/Windows: route remaining QA, release, profile, and live-media `pnpm` launches through the managed runner so native Windows avoids brittle `.cmd` execution and shell-argv warnings.
+- Release: align generated config/API baselines and the meeting-notes plugin version so release preflight stays green on native Windows.
+- Install/Windows: run Git hook setup through a Node prepare helper so native Windows installs no longer print POSIX shell errors.
+- Checks/Windows: chunk and serialize extension oxlint shards on native Windows so changed gates avoid Go-backed linter memory spikes.
+- Release/Windows: run installed `openclaw.cmd` verification through explicit `cmd.exe` wrapping so npm prepublish/postpublish checks avoid Node shell-argv warnings.
+- Release/Windows: run release-check npm pack/install/root probes through the shared npm runner so native Windows avoids bare `npm` lookup and `.cmd` shell-argv handling.
+- Release/Windows: run cross-OS release check `.cmd` shims through explicit `cmd.exe` wrapping so native Windows install and gateway probes avoid Node shell-argv handling.
+- Control UI/Windows: run i18n Pi, npm, and pnpm helper commands through explicit Windows runners so native Windows translation sync avoids brittle `.cmd` launches.
+- Scripts/Windows: run the Z.AI fallback repro through the shared pnpm runner so native Windows avoids raw `.cmd` launches.
+- Codex/Windows: run app-server protocol formatting through the shared pnpm runner so native Windows avoids raw `.cmd` launches.
+- Plugins/Windows: run plugin npm package staging through the shared npm runner so native Windows release checks avoid bare `npm` lookup and `.cmd` shell-argv handling.
 - Checks/Windows: route full `pnpm check` stage commands through the managed child runner so Windows avoids Node shell-argv deprecation warnings there too.
+- Agents/fs: allow workspace-only host write/edit tools to write through in-workspace symlink directory parents while preserving outside-workspace symlink rejection. Fixes #84696. Thanks @garbagenetwork.
 - Checks/Windows: run managed child commands through explicit `cmd.exe` wrapping instead of Node shell mode with argv, avoiding Node 24 subprocess deprecation warnings during changed checks.
 - Gateway: omit internal stream-error placeholder entries from agent prompt history so failed assistant turns are not replayed as model-authored text. (#85652) Thanks @anyech.
 - Sessions: enforce the session write-lock max-hold policy during lock acquisition so long-held locks can be reclaimed before the stale-lock window. (#85764) Thanks @njuboy11.
+- Sessions/status: preserve user-facing model, fallback, usage, and cost attribution when internal subagent handoff runs use fallback models. (#85726, fixes #85082) Thanks @brokemac79.
+- Install/update: honor `OPENCLAW_HOME` when deriving default dev checkout and installer onboarding paths, while keeping explicit `OPENCLAW_GIT_DIR` and `OPENCLAW_CONFIG_PATH` overrides authoritative. Fixes #54014. Thanks @robertPiro.
 - Models: prune retired Groq, GitHub Copilot, OpenAI, xAI, and old Claude catalog entries, with doctor migration to upgrade existing configs to current provider refs.
+- Plugins/Gateway: treat non-empty return values from plugin gateway method handlers as successful responses so `openclaw gateway call` no longer times out after completed plugin work. Fixes #59470. Thanks @HTMG23.
 - Doctor/update: recognize junction-backed source checkouts as git installs by comparing canonical paths before showing package-manager update guidance. Fixes #82215. Thanks @igormf.
 - Channels: honor `/verbose on` for tool/progress summaries across direct chats, groups, channels, and forum topics while preserving quiet default behavior. (#85488) Thanks @kurplunkin.
+- Update: keep the detached gateway restart handoff best-effort when the restart script process cannot be spawned. (#83892) Thanks @davinci282828.
+- Windows/config: skip POSIX login-shell env fallback on native Windows so startup no longer warns about missing `/bin/sh`. Fixes #84795. Thanks @JIRBOY.
+- Telegram: persist the prompt-context message cache through plugin state and record bot-authored replies after sends and draft streaming so later turns can include prior assistant replies without relying on the JSON sidecar. (#85231) Thanks @keshavbotagent.
+- Agents/subagents: keep Codex persona and user workspace files turn-scoped so native Codex subagents inherit only shared tool guidance by default. (#85811) Thanks @lastguru-net.
 - CLI/skills: show an all-ready note with next-step commands when skill setup has no missing dependencies to install. (#85032) Thanks @aniruddhaadak80.
 - Microsoft Foundry: route DeepSeek V4 Pro and Flash models through the Foundry Responses API while keeping older DeepSeek models on their existing path. (#85549) Thanks @roslinmahmud.
 - Status/usage: show configured cost estimates for AWS SDK models in full usage output while keeping token-only usage replies cost-free. (#85619) Thanks @ItsOtherMauridian.
@@ -271,6 +250,7 @@ Docs: https://docs.openclaw.ai
 - Telegram: send local `path`/`filePath` and structured attachment media from `sendMessage` actions instead of dropping them or sending text-only messages. (#85219) Thanks @keshavbotagent.
 - Sessions/status: show the estimated context budget when fresh provider usage is unavailable and clear stale estimates across session resets and compaction boundaries. (#84830) Thanks @giodl73-repo.
 - Gateway/config: pin relative `OPENCLAW_STATE_DIR` overrides to an absolute path at startup so later working-directory changes cannot retarget gateway state. (#52264) Thanks @PerfectPan.
+- Checks/Parallels: make changed-lane scripts, shrinkwrap generation, and Parallels package smoke host commands run through native Windows-safe paths and `npm`/`pnpm` shims.
 - Release/package: run npm release, prepublish, and postpublish verification through Windows-safe npm command shims so native Windows checks can execute `npm.cmd` instead of treating it as a binary.
 - Agents/harness: pass CLI runtime aliases through harness selection so provider-owned CLI aliases no longer get rejected before reaching the right runtime. (#85631) Thanks @potterdigital.
 - Secrets: show the irreversible apply warning after interactive `secrets configure` confirmation so confirmed migrations still get the final safety prompt. (#85638) Thanks @alkor2000.
@@ -282,10 +262,13 @@ Docs: https://docs.openclaw.ai
 - Providers/Anthropic: migrate 1M context handling to GA-capable Claude 4.x models by sizing eligible models at 1M without the retired `context-1m-2025-08-07` beta, ignoring that retired beta in older configs, and preserving OAuth-required Anthropic beta headers. (#45613) Thanks @haoyu-haoyu.
 - Cron/Telegram: parse forum-topic delivery targets through the Telegram plugin instead of cron core, including `:topic:` and `:topicId` forms for announce delivery. Thanks @etticat.
 - Twitch: keep stale message-handler cleanup callbacks from removing newer handler registrations for the same account, preserving inbound message delivery after reconnects. Fixes #83888. (#85425) Thanks @alkor2000.
+- Control UI/chat: keep light-mode model, thinking, config, and agents select arrows visible without tiling background icons. Fixes #85713. Thanks @Linux2010.
 - Memory/LanceDB: expose public memory artifacts through the active memory provider bridge so memory-wiki imports durable memory files, daily notes, dream reports, and event logs without depending on memory-core internals. Fixes #83604. (#85060) Thanks @brokemac79.
 - Crabbox: keep AWS hydration compatible with local Actions replay by inlining the hydrate workflow's Node/pnpm setup instead of invoking repo-local composite actions.
 - Agents/subagents: simplify native sub-agent completion handoff so children report their latest visible assistant result to the requester without using `message`, while keeping parent-owned message-tool delivery policy intact. Fixes #85070. (#85089) Thanks @brokemac79.
 - Docker setup: stop printing the Gateway bearer token in setup logs and printed follow-up commands.
+- Gateway: defer channel account startup work until HTTP readiness and remove startup model prewarm, avoiding startup event-loop stalls and timer-delay warnings.
+- Models/perf: reuse plugin metadata during models.json planning, keep bundled catalog augmentation manifest/static, and use static provider catalogs for metadata-only startup discovery so provider model normalization, auth discovery, and Gateway startup metadata do not reload broad plugin runtimes.
 - Agents: let embedded compaction fallback retries proceed when PI-compatible candidates do not need agent harness plugin preparation.
 - Agents/tools: honor configured custom provider API keys when deciding whether media, image-generation, video-generation, music-generation, and PDF tools are available. (#85570)
 - StepFun: stop advertising stale generic API key auth choices so onboarding only offers runtime-backed Standard and Step Plan choices.
@@ -293,16 +276,22 @@ Docs: https://docs.openclaw.ai
 - Windows installer: fail Git checkout installs when `pnpm install` or `pnpm build` fails instead of writing a wrapper to a missing CLI build.
 - Sessions: surface previous-transcript archive failures during `/new` rotation so disk rename errors are logged instead of silently hiding stranded transcript files. Fixes #81984. (#85586, from #82081) Thanks @0xghost42.
 - TUI/agents: mirror internal-ui message-tool replies into final chat output so message-tool-only agents remain visible in `openclaw tui`. Fixes #85538. Thanks @danpolasek.
+- Gateway/TUI: preserve source-reply metadata through reply normalization and emit message-tool-only agent replies over the live chat stream so `openclaw tui` renders Codex replies without waiting for a history refresh. Thanks @shakkernerd.
+- Codex/TUI: keep long source-reply runs alive after Codex reasoning completes so delayed visible `message` calls can still reach `openclaw tui`. Thanks @shakkernerd.
+- TUI: keep quiet active runs busy after the response watchdog notice instead of reopening the prompt and encouraging duplicate submissions while the backend turn is still running. Thanks @shakkernerd.
+- Agents: preserve the latest assistant thinking blocks while stripping invalid replay signatures from older turns, and retry Anthropic thinking failures without thinking replay. Fixes #85557. Thanks @bryanbaer.
 - Agents: keep parallel OpenAI-compatible tool-call deltas in separate argument buffers so interleaved tool calls no longer corrupt streamed arguments. (#82263) Thanks @luna-system.
+- Telegram: avoid false pairing prompts after transient pairing-store read failures while preserving configured `allowFrom` and per-DM pairing authorization. (#85555)
 - Memory/doctor: report missing or unusable QMD workspace directories as workspace failures instead of generic binary failures. (#63167) Thanks @sercada.
 - Debug proxy: record CONNECT client-socket errors and destroy the paired upstream socket so abrupt client disconnects no longer leak tunnel resources. (#82444) Thanks @SebTardif.
 - Diffs: continue hydrating later diff cards when one card fails so a single broken card no longer blanks the whole diff viewer. (#84775) Thanks @cosmopolitan033.
 - Mac app: use the native settings sidebar window chrome so the sidebar toggle stays on the left and content no longer clips under oversized titlebar padding.
 - QA-Lab/Codex: bundle auth/plugin fixture imports for flow scenarios and let terminal async media tools end Codex app-server turns without timing out. (#80397, refs #80323) Thanks @100yenadmin.
+- WhatsApp: persist inbound message delivery state through plugin state before dispatch and delay read receipts until handler completion, so retryable failures can redeliver without adding a plugin-local disk cache. Thanks @samzong.
 - Gateway/agents: preserve fresh session overrides and metadata when stale cached agent-session entries race with store updates, so subagent model/provider overrides and routing policy survive concurrent writes. (#19328) Thanks @CodeReclaimers.
 - Control UI/chat: keep chat session search inline with the session selector so the header no longer shows a duplicate standalone search row.
 - Control UI/chat: collapse focused-mode header chrome and suppress hidden-header scroll updates so focus mode no longer jumps while scrolling. Thanks @amknight.
- Codex app-server: restart the native app-server and retry once when server-side compaction times out, so preflight compaction stalls recover instead of failing every dispatch. (#85500)
+- Codex app-server: leave automatic compaction to native Codex, drop OpenClaw preflight/CLI/context-engine forced compaction for Codex runtime sessions, and still forward explicit `/compact` or plugin compaction requests into Codex while failing native compaction honestly. (#85500)
 - Restore Control UI gateway token pairing [AI]. (#85459) Thanks @pgondhi987.
 - OpenAI video: honor configured provider request private-network opt-in for local/custom video endpoints so explicitly trusted mock and self-hosted providers are not blocked. Thanks @shakkernerd.
 - OpenAI video: send uploaded video edit requests to the documented `/videos/edits` endpoint with a `video` file instead of posting MP4 references to `/videos`. Thanks @shakkernerd.
@@ -311,9 +300,11 @@ Docs: https://docs.openclaw.ai
 - CLI/agents: default new omitted-account bindings to all accounts when the channel has multiple configured accounts, and clarify account-scope docs. (#49769) Thanks @Gcaufy.
 - Codex app-server: let authorized `/codex` control commands such as `/codex detach` escape plugin-owned conversation bindings while keeping unknown or unauthorized slash text routed to the bound plugin. Fixes #85157. (#85188) Thanks @TurboTheTurtle.
 - Auto-reply/models: keep `/models` browse replies fast by sharing the bounded read-only catalog path with Gateway model listing. (#84735) Thanks @safrano9999.
+- Browser/Doctor: read macOS Chrome app bundle versions from `Info.plist` before spawning Chrome and extend the fallback version probe timeout, avoiding false cold-cache warnings from Gatekeeper latency. Fixes #85418. Thanks @davidcittadini.
 - Codex app-server: disable native Code Mode when the effective exec host is `node` and keep OpenClaw `exec`/`process` available, so `/exec host=node` routes shell commands through the selected node instead of the gateway. Fixes #85012. (#85090) Thanks @sahilsatralkar.
 - Agents: bound embedded auto-compaction session write-lock watchdogs to the compaction timeout instead of the full run timeout, so stuck compaction cannot hold the live session lock for the whole run window. (#84949) Thanks @luoyanglang.
 - Gateway/agents: return phase-aware `agent.wait` timeout attribution and only cool auth profiles on provider-started timeouts. Refs #65504. Thanks @100yenadmin.
+- Gateway/systemd: launch managed update handoff helpers in a transient user scope so systemd-supervised Update Now flows survive the gateway unit restart. Fixes #84068.
 - Gateway: defer provider auth-state prewarm until after startup readiness so early gateway tool/session requests are not blocked by provider auth discovery. (#85272) Thanks @dutifulbob.
 - Gateway/models: coalesce provider auth-state rewarms after auth-profile failures and log event-loop delay for warm/rewarm work, so provider auth bursts no longer stack full auth sweeps behind channel replies.
 - Gateway/models: stop cancelled provider auth-state prewarms from continuing full provider sweeps, so reload and auth-failure bursts no longer keep startup busy.
@@ -328,6 +319,7 @@ Docs: https://docs.openclaw.ai
 - Control UI/logs: strip ANSI escape sequences from displayed Gateway log messages so color codes no longer appear as raw text. Fixes #64399. Thanks @guguangxin-eng.
 - Docker: pre-create the workspace and auth-profile config mount points with `node` ownership so first-run named volumes do not start root-owned. Fixes #85076. Thanks @Noerr.
 - Telegram: pass configured markdown table mode through outbound markdown chunking so chunked sends render tables consistently. Fixes #85085. Thanks @ShuaiHui.
+- Diagnostics/OTel: drop snake_case diagnostic id attributes alongside camelCase ids so exported telemetry cannot leak run, session, message, chat, trace, or tool-call identifiers. (#72645) Thanks @Lion0710.
 - CLI/update: preserve managed Gateway service environment during package cutovers so macOS LaunchAgent repair/restart reads the pre-update service state instead of caller shell state. (#83026)
 - Agents/providers: honor per-model `api` and `baseUrl` overrides in custom provider auth hooks and transport selection. Fixes #80487. (#80488) Thanks @huveewomg.
 - Gateway/restart: eager-load the lifecycle runtime before in-place upgrade signal handling so package replacement does not deadlock restart imports. (#84890) Thanks @myps6415.
@@ -338,9 +330,11 @@ Docs: https://docs.openclaw.ai
 - Gateway chat: broadcast returned agent-run error payloads after an agent starts so ACP/WebChat clients receive terminal idle-timeout errors. Fixes #84945.
 - Gateway chat display: preserve OpenAI-compatible `prompt_tokens`, `completion_tokens`, and `total_tokens` usage fields in sanitized chat history so llama.cpp sessions keep context counts. Fixes #77992. Thanks @MarTT79.
 - Dashboard/CLI: allow macOS browser launching through `open` even when SSH environment variables are present, while preserving Linux SSH no-display protection. Fixes #67088. Thanks @theglove44.
- Codex app-server: keep native web search observations out of mirrored chat transcripts while preserving tool progress telemetry. Fixes #85109. Thanks @ugitmebaby.
+- Codex app-server: keep native web search observations out of mirrored chat transcripts while preserving available action query metadata in tool progress telemetry. Fixes #85109. Thanks @ugitmebaby.
 - OpenCode Go: strip unsupported Kimi reasoning replay fields before provider requests so repeated `kimi-k2.6` turns do not fail schema validation. Fixes #83812. Thanks @Sleeck.
 - Browser/CDP: add a WSL2 portproxy self-loop hint when Chrome DevTools endpoints accept connections but return an empty HTTP reply. Fixes #59209. Thanks @Owlock.
+- Agents/tools: add bounded tool-policy audit log entries that identify which allow/deny rule removed tools or blocked a sandboxed tool call. Fixes #55801. Thanks @justinjkline.
+- CLI/logs: read implicit local Gateway logs through the passive backend client path so `openclaw logs --follow` does not register as a paired device, and use the active Linux systemd journal instead of stale configured-file fallbacks when live local RPC is unavailable. Fixes #83656 and #66841.
 - Agents/OpenAI: preserve structured provider error code, type, and redacted body metadata on boundary-aware transport failures.
 - Doctor/Codex: point native Codex asset warnings at the canonical `openclaw migrate plan codex` preview command. Fixes #84948. Thanks @markoa.
 - CLI/models: make `capability model auth logout --agent` remove auth profiles from the selected non-default agent store. Fixes #85092. Thanks @islandpreneur007.
@@ -382,7 +376,7 @@ Docs: https://docs.openclaw.ai
 - fix: constrain Windows task script names [AI]. (#85064) Thanks @pgondhi987.
 - Control UI: keep the chat session picker from hiding older or cross-agent configured conversations while preserving the bounded configured-agent refresh. (#85211) Thanks @amknight.
 - Agents/Anthropic: preserve unsafe integer tool-call input values in streamed Anthropic tool-use JSON, preventing Discord-style IDs from being rounded before dispatch. Fixes #47229. (#83063) Thanks @leno23.
- Agents/Codex: estimate tool-heavy prompt pressure at the LLM boundary before provider submission, so persistent sessions compact before overflowing context windows. (#85541) Thanks @fuller-stack-dev and @joshavant.
+- Agents: estimate tool-heavy prompt pressure at the LLM boundary before provider submission for non-Codex embedded runtimes, so persistent PI-style sessions compact before overflowing context windows. (#85541) Thanks @fuller-stack-dev and @joshavant.
 - Agents/hooks: wait for local one-shot CLI and Codex `agent_end` plugin hooks before process cleanup so terminal observability flushes reliably. (#85007)
 - Providers/Google: preserve Gemini 3 cron `thinkingDefault: "low"` when stale catalog metadata says `reasoning:false`, so scheduled runs keep provider-supported thinking instead of downgrading to off. (#85185) Thanks @neeravmakwana.
 - CLI/agents: allow `openclaw agent --session-key` to target explicit session keys, including agent-scoped legacy keys. (#85121) Thanks @Kaspre.
@@ -403,6 +397,7 @@ Docs: https://docs.openclaw.ai
 - CLI/update: pre-pack GitHub/git package update targets before the staged npm install, restoring `openclaw update --tag main` for one-off package updates. (#81296) Thanks @fuller-stack-dev.
 - Gateway: mirror successful same-source message-tool sends into session transcripts so delivered replies stay in later history/context. (#84837) Thanks @iFiras-Max1.
 - Media generation: keep image, music, and video completion delivery from duplicating or losing task ownership when generated media finishes through active session replies. (#84006) Thanks @fuller-stack-dev.
+- CLI/doctor: remove stale bundled plugin load paths from old versioned OpenClaw package roots after pnpm/npm upgrades. Fixes #58626. Thanks @solink7.
 - Infra/json: retry transient `File changed during read` races while loading JSON state so config and state reads recover instead of failing the turn. (#84285)
 - Plugins/providers: fail closed for workspace provider plugins during setup-mode discovery unless explicitly trusted, preventing untrusted workspace plugin code from running during provider setup. (#81069) Thanks @mmaps.
 - Providers/Ollama: resolve configured Ollama Cloud `OLLAMA_API_KEY` markers to the real discovery key so cloud provider entries keep authenticated model catalog access. (#85037)
@@ -429,6 +424,7 @@ Docs: https://docs.openclaw.ai
 - Update/doctor: prune stale local bundled plugin install records that point at old compiled bundled output so current bundled plugin schemas win after upgrade. (#84863) Thanks @fuller-stack-dev.
 - Providers/Ollama: preserve native Ollama tool-call IDs across assistant replay so Gemini over Ollama Cloud can keep its hidden function-call thought-signature handle.
 - Discord: keep session recovery and `/stop` abort ownership on the source dispatch lane while bound ACP turns continue routing to their target session, so stalled pre-run work and late replies are cleared instead of leaking after stop. Fixes #84477. (#85100) Thanks @joshavant.
+- Discord/voice-call: keep forced realtime voice consult diagnostics in debug logs instead of agent prompts, so callers do not hear OpenClaw policy text when the provider misses `openclaw_agent_consult`. (#84411) Thanks @fuller-stack-dev.
 - Codex app-server: mark missing turn completion after observed execution as replay-unsafe and release the session so follow-up turns can run. Fixes #84076. (#85107) Thanks @joshavant.
 - Codex app-server: give visible `message` dynamic tool sends a longer timeout budget so slow channel delivery can return its own result or error instead of hitting the 30-second Codex wrapper. (#85216) Thanks @amknight.
 - Codex app-server: add a dedicated post-tool raw assistant completion idle timeout config so trusted heavy turns can wait longer after tool handoff without weakening final assistant release.
@@ -437,6 +433,7 @@ Docs: https://docs.openclaw.ai
 - PDF tool: time out idle remote PDF body reads after 120 seconds so stalled remote documents return an error instead of wedging the session. Fixes #68649. (#84768) Thanks @luoyanglang.
 - Diagnostics/OpenTelemetry plugin: suppress handled OTLP exporter promise rejections so collector shutdowns no longer crash the Gateway. (#81085) Thanks @luoyanglang.
 - Agents/exec: omit raw command text and env values from denied exec failure logs while keeping safe correlation metadata. Fixes #85049. (#85140) Thanks @joshavant.
+- Media-understanding: restore the 4096-token default for image descriptions so reasoning-capable vision models no longer truncate before returning text, while preserving smaller model caps. (#84932) Thanks @scotthuang.
 - Media/audio: skip empty structured sherpa-onnx transcripts instead of treating the raw JSON payload as spoken text. (#84667) Thanks @TurboTheTurtle.
 - Agents/exec: preserve inherited XDG base-directory environment values for subprocesses while still rejecting agent-supplied XDG overrides. Fixes #84854. (#85139) Thanks @joshavant.
 - Node/Linux: keep `OPENCLAW_GATEWAY_TOKEN` out of generated systemd unit files by writing node service token values to a node-specific env file. (#84408)
@@ -2088,7 +2085,6 @@ Docs: https://docs.openclaw.ai
 - Telegram/groups: include the recent local chat window and nearby reply-target window as generic inbound context so stale reply ancestry does not overshadow the live group conversation.
 - Plugins/Nix: allow externally configured plugin roots under `/nix/store` to load in `OPENCLAW_NIX_MODE=1` while keeping normal external plugin hardlink rejection unchanged. Thanks @joshp123.
 - Nextcloud Talk: include the required bot `response` feature in setup, explain missing `--feature response` on rejected sends, and surface missing response capability in doctor/status checks. Fixes #78935. (#79657) Thanks @joshavant.
- Cron/diagnostics: emit the existing `message.queued`, `session.state` (processing/idle), and `message.processed` lifecycle events for isolated-cron agent turns in `runCronIsolatedAgentTurn`, matching the dispatch and embedded-runner paths so subscribers (diagnostics OTLP, OTel exporters, custom observability plugins) get per-run session attribution instead of bucketing isolated cron LLM calls under static fallback ids. Events are gated on `isDiagnosticsEnabled(cfg)` so the documented `diagnostics.enabled: false` master toggle continues to silence the recorder. (#79214) Thanks @arniesaha.
 - fix(discord): gate user allowlist name resolution [AI]. (#79002) Thanks @pgondhi987.
 - fix(msteams): gate startup user allowlist resolution [AI]. (#79003) Thanks @pgondhi987.
 - Infra/fetch-timeout: pass `operation` and `url` context to `buildTimeoutAbortSignal` from the music-generate reference fetch and the Matrix guarded redirect transport, so the `fetch timeout reached; aborting operation` warning carries actionable structured fields instead of a bare line. Fixes #79195. Thanks @pandadev66.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -107,7 +107,6 @@ For coordinated change sets that genuinely need more than 20 PRs, join the **#cl

 - Test locally with your OpenClaw instance
 - External PRs must include a filled **Real behavior proof** section in the PR body. Show the real setup you tested, the exact command or steps you ran after the patch, after-fix evidence, the observed result, and anything you did not test. Screenshots, recordings, terminal screenshots, console output, copied live output, linked artifacts, and redacted runtime logs all count. Unit tests, mocks, snapshots, lint, typechecks, and CI are useful but do not satisfy this requirement by themselves. Maintainers may apply `proof: override` only when the proof gate should not apply.
- Keep PRs takeover-ready: open them from a branch maintainers can push to. For fork PRs, leave GitHub's **Allow edits by maintainers** option enabled so maintainers can finish urgent fixes, changelog entries, or merge prep when needed. If GitHub shows **Allow edits and access to secrets by maintainers**, enable it only when that workflow/secrets access is acceptable and say so in the PR.
 - Do not edit `CHANGELOG.md` in contributor PRs. Maintainers or ClawSweeper add the changelog entry when landing user-facing changes.
 - Run tests: `pnpm build && pnpm check && pnpm test`
 - For iterative local commits, `scripts/committer --fast "message" <files...>` passes `FAST_COMMIT=1` through to the pre-commit hook so it skips the repo-wide `pnpm check`. Only use it when you've already run equivalent targeted validation for the touched surface.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -98,7 +98,7 @@ These are frequently reported but are typically closed with no code change:
 - Reports that treat `POST /tools/invoke` under shared-secret bearer auth (`gateway.auth.mode="token"` or `"password"`) as a narrower per-request/per-scope authorization surface. That endpoint is designed as the same trusted-operator HTTP boundary: shared-secret bearer auth is full operator access there, narrower `x-openclaw-scopes` values do not reduce that path, and owner-only tool policy follows the shared-secret operator contract.
 - Reports that only show differences in heuristic detection/parity (for example obfuscation-pattern detection on one exec path but not another, such as `node.invoke -> system.run` parity gaps) without demonstrating bypass of auth, approvals, allowlist enforcement, sandboxing, or other documented trust boundaries.
 - Reports that only show an ACP tool can indirectly execute, mutate, orchestrate sessions, or reach another tool/runtime without demonstrating bypass of ACP prompt/approval, allowlist enforcement, sandboxing, or another documented trust boundary. ACP silent approval is intentionally limited to narrow readonly classes; parity-only indirect-command findings are hardening, not vulnerabilities.
- Reports that only show untrusted media bytes reaching a maintained native decoder dependency (for example image codec libraries such as libheif) without proving the shipped dependency version is vulnerable and demonstrating crash, memory corruption, data exposure, or a boundary bypass through OpenClaw. JavaScript header sniffing and image dimension fast-paths are preflight/UX checks, not the security boundary for native decoder correctness.
+- Reports that only show untrusted media bytes reaching a maintained native decoder dependency (for example Sharp/libvips/libheif) without proving the shipped dependency version is vulnerable and demonstrating crash, memory corruption, data exposure, or a boundary bypass through OpenClaw. JavaScript header sniffing and image dimension fast-paths are preflight/UX checks, not the security boundary for native decoder correctness.
 - Reports whose only impact is transient extra memory, CPU, or allocation work from decoding, base64 expansion, media transcoding, serialization, or other format conversion after the input was already accepted under OpenClaw's configured size/trust limits, including base64 decode-before-size-estimate findings. These are performance issues, not vulnerabilities, unless the report demonstrates unauthenticated amplification, bypass of configured limits, crash/process termination, persistent resource exhaustion, data exposure, or another documented boundary bypass.
 - ReDoS/DoS claims that require trusted operator configuration input (for example catastrophic regex in `sessionFilter` or `logging.redactPatterns`) without a trust-boundary bypass.
 - Archive/install extraction claims that require pre-existing local filesystem priming in trusted state (for example planting symlink/hardlink aliases under destination directories such as skills/tools paths) without showing an untrusted path that can create/control that primitive.
--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -65,8 +65,8 @@ android {
    applicationId = "ai.openclaw.app"
    minSdk = 31
    targetSdk = 36
-    versionCode = 2026052601
-    versionName = "2026.5.26"
+    versionCode = 2026052501
+    versionName = "2026.5.25"
    ndk {
      // Support all major ABIs — native libs are tiny (~47 KB per ABI)
      abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")
--- a/apps/ios/CHANGELOG.md
+++ b/apps/ios/CHANGELOG.md
@@ -1,9 +1,5 @@
 # OpenClaw iOS Changelog

-## 2026.5.26 - 2026-05-26
-
-Maintenance update for the current OpenClaw release.
-
 ## 2026.5.25 - 2026-05-25

 Maintenance update for the current OpenClaw release.
--- a/apps/ios/Config/Version.xcconfig
+++ b/apps/ios/Config/Version.xcconfig
@@ -2,8 +2,8 @@
 // Source of truth: apps/ios/version.json
 // Generated by scripts/ios-sync-versioning.ts.

-OPENCLAW_IOS_VERSION = 2026.5.26
-OPENCLAW_MARKETING_VERSION = 2026.5.26
+OPENCLAW_IOS_VERSION = 2026.5.25
+OPENCLAW_MARKETING_VERSION = 2026.5.25
 OPENCLAW_BUILD_VERSION = 1

 #include? "../build/Version.xcconfig"
--- a/apps/ios/Sources/HomeToolbar.swift
+++ b/apps/ios/Sources/HomeToolbar.swift
@@ -85,8 +85,6 @@ struct TalkToolbarTray: View {
    var isSpeaking: Bool
    var isUserSpeechDetected: Bool
    var permissionState: TalkGatewayPermissionState
-    var voiceModeTitle: String
-    var voiceModeSubtitle: String?
    var onEnableTalk: () -> Void
    var onStopTalk: () -> Void

@@ -137,13 +135,6 @@ struct TalkToolbarTray: View {
                        .foregroundStyle(.secondary)
                        .lineLimit(1)
                }
-
-                if let voiceModeText = self.voiceModeText {
-                    Text(voiceModeText)
-                        .font(.caption2.weight(.semibold))
-                        .foregroundStyle(.secondary)
-                        .lineLimit(1)
-                }
            }

            Spacer(minLength: 0)
@@ -202,22 +193,7 @@ struct TalkToolbarTray: View {
        }
        .accessibilityElement(children: .combine)
        .accessibilityLabel("Talk Mode")
-        .accessibilityValue(self.accessibilityValue)
-    }
-
-    private var accessibilityValue: String {
-        if let voiceModeText {
-            return "\(self.state.title), \(self.subtitle), \(voiceModeText)"
-        }
-        return "\(self.state.title), \(self.subtitle)"
-    }
-
-    private var voiceModeText: String? {
-        guard !self.state.prefersPermissionCopy else { return nil }
-        let title = self.voiceModeTitle.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !title.isEmpty, title != "Not loaded" else { return nil }
-        let subtitle = (self.voiceModeSubtitle ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
-        return subtitle.isEmpty ? title : "\(title) • \(subtitle)"
+        .accessibilityValue("\(self.state.title), \(self.subtitle)")
    }

    private var subtitle: String {
--- a/apps/ios/Sources/RootCanvas.swift
+++ b/apps/ios/Sources/RootCanvas.swift
@@ -519,8 +519,6 @@ private struct CanvasContent: View {
                        isSpeaking: self.appModel.talkMode.isSpeaking,
                        isUserSpeechDetected: self.appModel.talkMode.isUserSpeechDetected,
                        permissionState: self.appModel.talkMode.gatewayTalkPermissionState,
-                        voiceModeTitle: self.appModel.talkMode.gatewayTalkVoiceModeTitle,
-                        voiceModeSubtitle: self.appModel.talkMode.gatewayTalkVoiceModeSubtitle,
                        onEnableTalk: {
                            self.showTalkPermissionPrompt = true
                        },
--- a/apps/ios/Sources/Settings/SettingsTab.swift
+++ b/apps/ios/Sources/Settings/SettingsTab.swift
@@ -612,7 +612,7 @@ struct SettingsTab: View {
    private var shouldShowRealtimeVoicePicker: Bool {
        let providerSelection = TalkModeProviderSelection.resolved(self.talkProviderSelectionRaw)
        return providerSelection == .openAIRealtime
-            || self.appModel.talkMode.gatewayTalkUsesRealtime
+            || self.appModel.talkMode.gatewayTalkUsesRealtimeRelay
    }

    private func talkVoiceSettingsView() -> AnyView {
@@ -633,16 +633,6 @@ struct SettingsTab: View {
                    }
                }
            }
-            LabeledContent("Voice Mode") {
-                VStack(alignment: .trailing, spacing: 2) {
-                    Text(self.appModel.talkMode.gatewayTalkVoiceModeTitle)
-                    if let subtitle = self.appModel.talkMode.gatewayTalkVoiceModeSubtitle {
-                        Text(subtitle)
-                            .font(.caption)
-                            .foregroundStyle(.secondary)
-                    }
-                }
-            }
            LabeledContent(
                "Active Provider",
                value: self.appModel.talkMode.gatewayTalkProviderLabel)
--- a/apps/ios/Sources/Voice/TalkModeGatewayConfig.swift
+++ b/apps/ios/Sources/Voice/TalkModeGatewayConfig.swift
@@ -3,107 +3,9 @@ import OpenClawKit

 enum TalkModeExecutionMode {
    case native
-    case realtimeClient
    case realtimeRelay
 }

-struct TalkVoiceModeDescriptor: Equatable {
-    let title: String
-    let subtitle: String?
-    let providerId: String?
-    let modelId: String?
-    let voiceId: String?
-    let transport: String?
-    let isRealtime: Bool
-
-    var accessibilityValue: String {
-        if let subtitle, !subtitle.isEmpty {
-            return "\(self.title), \(subtitle)"
-        }
-        return self.title
-    }
-}
-
-enum TalkVoiceModeDescriptorBuilder {
-    static func build(
-        providerId: String,
-        providerLabel: String,
-        modelId: String?,
-        voiceId: String?,
-        transport: String?,
-        isRealtime: Bool) -> TalkVoiceModeDescriptor
-    {
-        let normalizedProvider = providerId.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
-        let trimmedModel = Self.trimmed(modelId)
-        let trimmedVoice = Self.trimmed(voiceId)
-        let trimmedTransport = Self.trimmed(transport)
-        let title = if isRealtime, normalizedProvider == "openai", trimmedModel == "gpt-realtime-2" {
-            "GPT Realtime 2.0"
-        } else if isRealtime, normalizedProvider == "openai" {
-            "OpenAI Realtime"
-        } else if isRealtime {
-            providerLabel.isEmpty ? "Realtime Voice" : providerLabel
-        } else if normalizedProvider == "system" {
-            "iOS System Voice"
-        } else {
-            providerLabel.isEmpty ? "Talk Voice" : providerLabel
-        }
-
-        var details: [String] = []
-        if isRealtime, normalizedProvider != "openai", !providerLabel.isEmpty, providerLabel != title {
-            details.append(providerLabel)
-        }
-        if let trimmedTransport {
-            details.append(Self.transportLabel(trimmedTransport))
-        }
-        if let trimmedModel, title != "GPT Realtime 2.0" || trimmedModel != "gpt-realtime-2" {
-            details.append(trimmedModel)
-        }
-        if let trimmedVoice {
-            details.append(Self.voiceLabel(trimmedVoice))
-        }
-
-        return TalkVoiceModeDescriptor(
-            title: title,
-            subtitle: details.isEmpty ? nil : details.joined(separator: " • "),
-            providerId: normalizedProvider.isEmpty ? nil : normalizedProvider,
-            modelId: trimmedModel,
-            voiceId: trimmedVoice,
-            transport: trimmedTransport,
-            isRealtime: isRealtime)
-    }
-
-    private static func trimmed(_ value: String?) -> String? {
-        let trimmed = (value ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
-        return trimmed.isEmpty ? nil : trimmed
-    }
-
-    private static func voiceLabel(_ voice: String) -> String {
-        TalkModeRealtimeVoiceSelection.voices.contains(voice)
-            ? TalkModeRealtimeVoiceSelection.label(for: voice)
-            : voice
-    }
-
-    private static func transportLabel(_ transport: String) -> String {
-        switch transport.trimmingCharacters(in: .whitespacesAndNewlines).lowercased() {
-        case "webrtc":
-            "Native WebRTC"
-        case "gateway-relay":
-            "Gateway Relay"
-        case "provider-websocket":
-            "Provider WebSocket"
-        case "managed-room":
-            "Managed Room"
-        case "native":
-            "Native"
-        case let value where !value.isEmpty:
-            value
-        default:
-            "Native"
-        }
-    }
-}
-
 enum TalkModeProviderSelection: String, CaseIterable, Identifiable {
    case gatewayDefault = "gateway"
    case nativeElevenLabs = "elevenlabs"
@@ -210,9 +112,8 @@ enum TalkModeGatewayConfigParser {
        let defaultVoiceId = Self.firstString(activeConfig, keys: ["voiceId", "voice"])
        let defaultOutputFormat = Self.firstString(activeConfig, keys: ["outputFormat"])
        let realtime = talk?["realtime"]?.dictionaryValue
-        let realtimeProviders = realtime?["providers"]?.dictionaryValue
        let realtimeProvider = Self.firstString(realtime, keys: ["provider"])
-            ?? Self.singleRealtimeProviderId(realtimeProviders)
+        let realtimeProviders = realtime?["providers"]?.dictionaryValue
        let realtimeProviderConfig = Self.realtimeProviderConfig(
            providers: realtimeProviders,
            provider: realtimeProvider)
@@ -263,24 +164,12 @@ enum TalkModeGatewayConfigParser {
        let mode = Self.firstString(realtime, keys: ["mode"])?.lowercased()
        let transport = Self.firstString(realtime, keys: ["transport"])?.lowercased()
        let brain = Self.firstString(realtime, keys: ["brain"])?.lowercased()
-        guard mode == "realtime", brain == nil || brain == "agent-consult" else {
-            return .native
-        }
-        if transport == "gateway-relay" {
+        if mode == "realtime", transport == "gateway-relay", brain == nil || brain == "agent-consult" {
            return .realtimeRelay
        }
-        if transport == nil || transport == "webrtc" {
-            return .realtimeClient
-        }
        return .native
    }

-    private static func singleRealtimeProviderId(_ providers: [String: AnyCodable]?) -> String? {
-        guard let providers, providers.count == 1 else { return nil }
-        let provider = providers.keys.first?.trimmingCharacters(in: .whitespacesAndNewlines)
-        return provider?.isEmpty == false ? provider : nil
-    }
-
    private static func realtimeProviderConfig(
        providers: [String: AnyCodable]?,
        provider: String?) -> [String: AnyCodable]?
--- a/apps/ios/Sources/Voice/TalkModeManager.swift
+++ b/apps/ios/Sources/Voice/TalkModeManager.swift
@@ -24,7 +24,7 @@ private final class StreamFailureBox: @unchecked Sendable {
    }
 }

-enum TalkGatewayPermissionState: Equatable {
+enum TalkGatewayPermissionState: Equatable, Sendable {
    case unknown
    case ready
    case missingScope(String)
@@ -116,14 +116,10 @@ final class TalkModeManager: NSObject {
    var gatewayTalkDefaultVoiceId: String?
    var gatewayTalkProviderLabel: String = "Not loaded"
    var gatewayTalkTransportLabel: String = "Not loaded"
-    var gatewayTalkUsesRealtime: Bool = false
    var gatewayTalkUsesRealtimeRelay: Bool = false
    var gatewayTalkRealtimeProviderLabel: String?
    var gatewayTalkRealtimeModelId: String?
    var gatewayTalkRealtimeVoiceId: String?
-    var gatewayTalkVoiceModeTitle: String = "Not loaded"
-    var gatewayTalkVoiceModeSubtitle: String?
-    var gatewayTalkVoiceModeAccessibilityValue: String = "Not loaded"
    var gatewayTalkPermissionState: TalkGatewayPermissionState = .unknown

    private enum CaptureMode {
@@ -149,7 +145,6 @@ final class TalkModeManager: NSObject {
    private var recognitionTask: SFSpeechRecognitionTask?
    private var silenceTask: Task<Void, Never>?
    private var realtimeSession: TalkRealtimeWebRTCSession?
-    private var realtimeRelaySession: RealtimeTalkRelaySession?
    private var prefetchedRealtimeSession: TalkRealtimeClientSession?
    private var realtimePrefetchTask: Task<Void, Never>?

@@ -172,14 +167,6 @@ final class TalkModeManager: NSObject {
    private var realtimeProvider: String?
    private var realtimeModelId: String?
    private var realtimeVoiceId: String?
-    private var configuredVoiceModeDescriptor = TalkVoiceModeDescriptor(
-        title: "Not loaded",
-        subtitle: nil,
-        providerId: nil,
-        modelId: nil,
-        voiceId: nil,
-        transport: nil,
-        isRealtime: false)
    private var apiKey: String?
    private var voiceAliases: [String: String] = [:]
    private var interruptOnSpeech: Bool = true
@@ -317,13 +304,8 @@ final class TalkModeManager: NSObject {
            GatewayDiagnostics.log("talk.timeline manager start blocked gateway permission")
            return
        }
-        if self.realtimeWebRTCEnabled {
-            let started = self.executionMode == .realtimeRelay
-                ? await self.startRealtimeRelayIfAvailable()
-                : await self.startRealtimeIfAvailable()
-            if started {
-                return
-            }
+        if self.realtimeWebRTCEnabled, await self.startRealtimeIfAvailable() {
+            return
        }

        let speechOk = await Self.requestSpeechPermission()
@@ -437,7 +419,6 @@ final class TalkModeManager: NSObject {
        if let realtimeSession {
            realtimeSession.cancelResponse()
        }
-        self.realtimeRelaySession?.cancelOutput()
        self.stopSpeaking()
    }

@@ -1065,68 +1046,9 @@ final class TalkModeManager: NSObject {
        }
    }

-    private func startRealtimeRelayIfAvailable() async -> Bool {
-        guard let gateway else { return false }
-        GatewayDiagnostics.log("talk.timeline realtime relay start attempt sessionKey=\(self.mainSessionKey)")
-        let startedAt = Self.nowSeconds()
-        let relaySession = RealtimeTalkRelaySession(
-            gateway: gateway,
-            options: RealtimeTalkRelaySession.Options(
-                sessionKey: self.mainSessionKey,
-                provider: self.realtimeProvider,
-                model: self.realtimeModelId,
-                voice: self.realtimeVoiceId),
-            pcmPlayer: self.pcmPlayer,
-            onStatus: { [weak self] status in
-                guard let self else { return }
-                self.statusText = status
-                self.isListening = status.localizedCaseInsensitiveContains("listening")
-                if status.localizedCaseInsensitiveContains("thinking") {
-                    self.isListening = false
-                    self.isSpeaking = false
-                    self.isUserSpeechDetected = false
-                }
-            },
-            onSpeakingChanged: { [weak self] speaking in
-                guard let self else { return }
-                self.isSpeaking = speaking
-                if speaking {
-                    self.isListening = false
-                }
-            })
-        self.realtimeRelaySession = relaySession
-        do {
-            try Self.configureAudioSession()
-            try await relaySession.start()
-            guard self.realtimeRelaySession === relaySession, self.isEnabled else {
-                relaySession.stop()
-                return true
-            }
-            self.isListening = true
-            self.captureMode = .continuous
-            GatewayDiagnostics.log(
-                "talk.timeline realtime relay start ready elapsedMs=\(Self.elapsedMs(since: startedAt))")
-            return true
-        } catch {
-            guard self.realtimeRelaySession === relaySession, self.isEnabled else {
-                relaySession.stop()
-                return true
-            }
-            self.realtimeRelaySession = nil
-            GatewayDiagnostics.log(
-                "talk.timeline realtime relay start failed elapsedMs=\(Self.elapsedMs(since: startedAt)) "
-                    + "error=\(error.localizedDescription)")
-            return false
-        }
-    }
-
    func prefetchRealtimeSessionIfReady(reason: String) async {
-        guard self.gatewayConnected,
-              self.realtimeSession == nil,
-              self.realtimeRelaySession == nil,
-              !self.isEnabled
-        else { return }
-        guard self.realtimeWebRTCEnabled, self.executionMode != .realtimeRelay else { return }
+        guard self.gatewayConnected, self.realtimeSession == nil, !self.isEnabled else { return }
+        guard self.realtimeWebRTCEnabled else { return }
        guard self.gatewayTalkPermissionState == .ready else { return }
        guard self.consumePrefetchedRealtimeSession(peekOnly: true) == nil else { return }
        guard self.realtimePrefetchTask == nil else { return }
@@ -1194,8 +1116,6 @@ final class TalkModeManager: NSObject {
    private func stopRealtimeSession() {
        self.realtimeSession?.stop()
        self.realtimeSession = nil
-        self.realtimeRelaySession?.stop()
-        self.realtimeRelaySession = nil
    }

    private func subscribeChatIfNeeded(sessionKey: String) async {
@@ -1385,14 +1305,6 @@ final class TalkModeManager: NSObject {

            if canUseElevenLabs, let voiceId, let apiKey {
                GatewayDiagnostics.log("talk tts: provider=elevenlabs voiceId=\(voiceId)")
-                let modelId = directive?.modelId ?? self.currentModelId ?? self.defaultModelId
-                self.applyVoiceModeDescriptor(TalkVoiceModeDescriptorBuilder.build(
-                    providerId: "elevenlabs",
-                    providerLabel: Self.displayName(forProvider: "elevenlabs"),
-                    modelId: modelId,
-                    voiceId: voiceId,
-                    transport: "native",
-                    isRealtime: false))
                let desiredOutputFormat = (directive?.outputFormat ?? self.defaultOutputFormat)?
                    .trimmingCharacters(in: .whitespacesAndNewlines)
                let requestedOutputFormat = (desiredOutputFormat?.isEmpty == false) ? desiredOutputFormat : nil
@@ -1403,6 +1315,7 @@ final class TalkModeManager: NSObject {
                        "talk output_format unsupported for local playback: \(requestedOutputFormat, privacy: .public)")
                }

+                let modelId = directive?.modelId ?? self.currentModelId ?? self.defaultModelId
                if let modelId {
                    GatewayDiagnostics.log("talk tts: modelId=\(modelId)")
                }
@@ -1471,13 +1384,6 @@ final class TalkModeManager: NSObject {
            } else {
                self.logger.warning("tts unavailable; falling back to system voice (missing key or voiceId)")
                GatewayDiagnostics.log("talk tts: provider=system (missing key or voiceId)")
-                self.applyVoiceModeDescriptor(TalkVoiceModeDescriptorBuilder.build(
-                    providerId: "system",
-                    providerLabel: Self.displayName(forProvider: "system"),
-                    modelId: nil,
-                    voiceId: language,
-                    transport: "native",
-                    isRealtime: false))
                if self.interruptOnSpeech {
                    do {
                        try self.startRecognition()
@@ -1494,14 +1400,6 @@ final class TalkModeManager: NSObject {
                "tts failed: \(error.localizedDescription, privacy: .public); falling back to system voice")
            GatewayDiagnostics.log("talk tts: provider=system (error) msg=\(error.localizedDescription)")
            do {
-                let language = ElevenLabsTTSClient.validatedLanguage(directive?.language)
-                self.applyVoiceModeDescriptor(TalkVoiceModeDescriptorBuilder.build(
-                    providerId: "system",
-                    providerLabel: Self.displayName(forProvider: "system"),
-                    modelId: nil,
-                    voiceId: language,
-                    transport: "native",
-                    isRealtime: false))
                if self.interruptOnSpeech {
                    do {
                        try self.startRecognition()
@@ -1511,6 +1409,7 @@ final class TalkModeManager: NSObject {
                    }
                }
                self.statusText = "Speaking (System)…"
+                let language = ElevenLabsTTSClient.validatedLanguage(directive?.language)
                try await TalkSystemSpeechSynthesizer.shared.speak(text: cleaned, language: language)
            } catch {
                self.statusText = "Speak failed: \(error.localizedDescription)"
@@ -1520,7 +1419,6 @@ final class TalkModeManager: NSObject {

        self.stopRecognition()
        self.isSpeaking = false
-        self.restoreConfiguredVoiceModeDescriptor()
    }

    private func stopSpeaking(storeInterruption: Bool = true) {
@@ -1543,7 +1441,6 @@ final class TalkModeManager: NSObject {
        TalkSystemSpeechSynthesizer.shared.stop()
        self.cancelIncrementalSpeech()
        self.isSpeaking = false
-        self.restoreConfiguredVoiceModeDescriptor()
    }

    private func shouldInterrupt(with transcript: String) -> Bool {
@@ -2359,10 +2256,6 @@ extension TalkModeManager {
            "OpenAI"
        case "google":
            "Google"
-        case "system":
-            "iOS System Voice"
-        case "realtime":
-            "Realtime Voice"
        case let provider where !provider.isEmpty:
            provider
        default:
@@ -2370,36 +2263,6 @@ extension TalkModeManager {
        }
    }

-    private func applyVoiceModeDescriptor(_ descriptor: TalkVoiceModeDescriptor, persistAsConfigured: Bool = false) {
-        if persistAsConfigured {
-            self.configuredVoiceModeDescriptor = descriptor
-        }
-        self.gatewayTalkVoiceModeTitle = descriptor.title
-        self.gatewayTalkVoiceModeSubtitle = descriptor.subtitle
-        self.gatewayTalkVoiceModeAccessibilityValue = descriptor.accessibilityValue
-    }
-
-    private func restoreConfiguredVoiceModeDescriptor() {
-        self.applyVoiceModeDescriptor(self.configuredVoiceModeDescriptor)
-    }
-
-    private func buildConfiguredVoiceModeDescriptor(
-        provider: String,
-        providerLabel: String,
-        modelId: String?,
-        voiceId: String?,
-        transport: String,
-        isRealtime: Bool) -> TalkVoiceModeDescriptor
-    {
-        TalkVoiceModeDescriptorBuilder.build(
-            providerId: provider,
-            providerLabel: providerLabel,
-            modelId: modelId,
-            voiceId: voiceId,
-            transport: transport,
-            isRealtime: isRealtime)
-    }
-
    private func ensureTalkConfigLoadedForStart() async {
        if self.gatewayTalkConfigLoaded || self.gatewayTalkPermissionState.isApprovalRequestInProgress {
            GatewayDiagnostics.log(
@@ -2478,7 +2341,7 @@ extension TalkModeManager {
                realtimeProvider = realtimeProvider ?? "openai"
                realtimeModelId = realtimeModelId ?? Self.defaultRealtimeModelIdFallback
            }
-            let usesRealtimeConfig = activeProvider != Self.defaultTalkProvider || executionMode != .native
+            let usesRealtimeConfig = activeProvider != Self.defaultTalkProvider || executionMode == .realtimeRelay
            self.activeTalkProvider = activeProvider
            self.executionMode = executionMode
            self.realtimeWebRTCEnabled = usesRealtimeConfig
@@ -2514,31 +2377,14 @@ extension TalkModeManager {
            }
            self.gatewayTalkDefaultVoiceId = usesRealtimeConfig ? realtimeVoiceId : self.defaultVoiceId
            self.gatewayTalkDefaultModelId = usesRealtimeConfig ? realtimeModelId : self.defaultModelId
-            let providerLabel = providerSelection == .gatewayDefault
+            self.gatewayTalkProviderLabel = providerSelection == .gatewayDefault
                ? Self.displayName(forProvider: activeProvider)
                : providerSelection.label
-            let usesRealtimeRelay = executionMode == .realtimeRelay
-            let transport = usesRealtimeConfig ? (usesRealtimeRelay ? "gateway-relay" : "webrtc") : "native"
-            let transportLabel = usesRealtimeRelay ? "Gateway Relay" : (usesRealtimeConfig ? "Native WebRTC" : "Native")
-            self.gatewayTalkProviderLabel = providerLabel
-            self.gatewayTalkUsesRealtime = usesRealtimeConfig
-            self.gatewayTalkUsesRealtimeRelay = usesRealtimeRelay
-            self.gatewayTalkTransportLabel = transportLabel
+            self.gatewayTalkUsesRealtimeRelay = false
+            self.gatewayTalkTransportLabel = usesRealtimeConfig ? "Native WebRTC" : "Native"
            self.gatewayTalkRealtimeProviderLabel = realtimeProvider.map { Self.displayName(forProvider: $0) }
            self.gatewayTalkRealtimeModelId = realtimeModelId
            self.gatewayTalkRealtimeVoiceId = realtimeVoiceId
-            let voiceModeProvider = usesRealtimeConfig ? (realtimeProvider ?? "realtime") : activeProvider
-            let voiceModeLabel = usesRealtimeConfig
-                ? Self.displayName(forProvider: voiceModeProvider)
-                : Self.displayName(forProvider: activeProvider)
-            let voiceModeDescriptor = self.buildConfiguredVoiceModeDescriptor(
-                provider: voiceModeProvider,
-                providerLabel: voiceModeLabel,
-                modelId: usesRealtimeConfig ? realtimeModelId : self.defaultModelId,
-                voiceId: usesRealtimeConfig ? realtimeVoiceId : self.defaultVoiceId,
-                transport: transport,
-                isRealtime: usesRealtimeConfig)
-            self.applyVoiceModeDescriptor(voiceModeDescriptor, persistAsConfigured: true)
            self.gatewayTalkApiKeyConfigured = gatewayOwnedVoiceProvider || (self.apiKey?.isEmpty == false)
            self.gatewayTalkConfigLoaded = true
            self.talkConfigLoadedAt = Date()
@@ -2570,19 +2416,10 @@ extension TalkModeManager {
            self.realtimeVoiceId = nil
            self.gatewayTalkProviderLabel = "Not loaded"
            self.gatewayTalkTransportLabel = "Not loaded"
-            self.gatewayTalkUsesRealtime = false
            self.gatewayTalkUsesRealtimeRelay = false
            self.gatewayTalkRealtimeProviderLabel = nil
            self.gatewayTalkRealtimeModelId = nil
            self.gatewayTalkRealtimeVoiceId = nil
-            self.applyVoiceModeDescriptor(TalkVoiceModeDescriptor(
-                title: "Not loaded",
-                subtitle: nil,
-                providerId: nil,
-                modelId: nil,
-                voiceId: nil,
-                transport: nil,
-                isRealtime: false), persistAsConfigured: true)
            self.defaultModelId = Self.defaultModelIdFallback
            if !self.modelOverrideActive {
                self.currentModelId = self.defaultModelId
--- a/apps/ios/Sources/Voice/TalkRealtimeClientSession.swift
+++ b/apps/ios/Sources/Voice/TalkRealtimeClientSession.swift
@@ -9,7 +9,7 @@ struct TalkRealtimeClientCreateParams: Encodable {
    var voice: String?
 }

-struct TalkRealtimeClientSession: Decodable {
+struct TalkRealtimeClientSession: Decodable, Sendable {
    let provider: String
    let transport: String
    let clientSecret: String
@@ -24,12 +24,12 @@ struct TalkRealtimeClientSession: Decodable {
    }
 }

-struct TalkRealtimeToolCallResponse: Decodable {
+struct TalkRealtimeToolCallResponse: Decodable, Sendable {
    let runId: String?
    let idempotencyKey: String?
 }

-struct TalkRealtimeServerEvent: Decodable {
+struct TalkRealtimeServerEvent: Decodable, Sendable {
    let type: String
    let itemId: String?
    let item: TalkRealtimeServerItem?
@@ -69,7 +69,7 @@ struct TalkRealtimeServerEvent: Decodable {
    }
 }

-struct TalkRealtimeServerItem: Decodable {
+struct TalkRealtimeServerItem: Decodable, Sendable {
    let id: String?
    let type: String?
    let callId: String?
--- a/apps/ios/Tests/TalkModeConfigParsingTests.swift
+++ b/apps/ios/Tests/TalkModeConfigParsingTests.swift
@@ -48,46 +48,6 @@ import Testing
        #expect(parsed.realtimeVoiceId == "marin")
    }

-    @Test func infersRealtimeProviderWhenProviderMapHasSingleEntry() {
-        let config: [String: Any] = [
-            "talk": [
-                "realtime": [
-                    "mode": "realtime",
-                    "transport": "webrtc",
-                    "providers": [
-                        "openai": [
-                            "model": "gpt-realtime-2",
-                        ],
-                    ],
-                ],
-            ],
-        ]
-
-        let parsed = TalkModeGatewayConfigParser.parse(
-            config: config,
-            defaultProvider: "elevenlabs",
-            defaultModelIdFallback: "eleven_v3",
-            defaultRealtimeModelIdFallback: "gpt-realtime-2",
-            defaultSilenceTimeoutMs: 900)
-
-        #expect(parsed.executionMode == .realtimeClient)
-        #expect(parsed.realtimeProvider == "openai")
-        #expect(parsed.realtimeModelId == "gpt-realtime-2")
-    }
-
-    @Test func formatsGenericRealtimeVoiceModeWithoutNativeProviderFallback() {
-        let descriptor = TalkVoiceModeDescriptorBuilder.build(
-            providerId: "realtime",
-            providerLabel: "Realtime Voice",
-            modelId: "gpt-realtime-2",
-            voiceId: nil,
-            transport: "webrtc",
-            isRealtime: true)
-
-        #expect(descriptor.title == "Realtime Voice")
-        #expect(descriptor.subtitle == "Native WebRTC • gpt-realtime-2")
-    }
-
    @Test func defaultsOpenAIRealtimeModelWhenProviderOmitsModel() {
        let config: [String: Any] = [
            "talk": [
@@ -119,60 +79,7 @@ import Testing
        #expect(TalkModeRealtimeVoiceSelection.resolvedOverride("unknown") == nil)
    }

-    @Test func formatsOpenAIRealtimeVoiceMode() {
-        let descriptor = TalkVoiceModeDescriptorBuilder.build(
-            providerId: "openai",
-            providerLabel: "OpenAI",
-            modelId: "gpt-realtime-2",
-            voiceId: "marin",
-            transport: "webrtc",
-            isRealtime: true)
-
-        #expect(descriptor.title == "GPT Realtime 2.0")
-        #expect(descriptor.subtitle == "Native WebRTC • Marin")
-        #expect(descriptor.accessibilityValue == "GPT Realtime 2.0, Native WebRTC • Marin")
-    }
-
-    @Test func formatsGatewayRelayRealtimeVoiceMode() {
-        let descriptor = TalkVoiceModeDescriptorBuilder.build(
-            providerId: "google",
-            providerLabel: "Google Live Voice",
-            modelId: "gemini-live-2.5-flash-preview",
-            voiceId: nil,
-            transport: "gateway-relay",
-            isRealtime: true)
-
-        #expect(descriptor.title == "Google Live Voice")
-        #expect(descriptor.subtitle == "Gateway Relay • gemini-live-2.5-flash-preview")
-    }
-
-    @Test func formatsElevenLabsVoiceMode() {
-        let descriptor = TalkVoiceModeDescriptorBuilder.build(
-            providerId: "elevenlabs",
-            providerLabel: "ElevenLabs",
-            modelId: "eleven_v3",
-            voiceId: "voice-id",
-            transport: "native",
-            isRealtime: false)
-
-        #expect(descriptor.title == "ElevenLabs")
-        #expect(descriptor.subtitle == "Native • eleven_v3 • voice-id")
-    }
-
-    @Test func formatsSystemVoiceFallbackMode() {
-        let descriptor = TalkVoiceModeDescriptorBuilder.build(
-            providerId: "system",
-            providerLabel: "iOS System Voice",
-            modelId: nil,
-            voiceId: "en-US",
-            transport: "native",
-            isRealtime: false)
-
-        #expect(descriptor.title == "iOS System Voice")
-        #expect(descriptor.subtitle == "Native • en-US")
-    }
-
-    @Test func usesRealtimeClientModeForWebRTCTransport() {
+    @Test func leavesNativeModeWhenRealtimeTransportIsNotGatewayRelay() {
        let config: [String: Any] = [
            "talk": [
                "realtime": [
@@ -190,7 +97,7 @@ import Testing
            defaultRealtimeModelIdFallback: "gpt-realtime-2",
            defaultSilenceTimeoutMs: 900)

-        #expect(parsed.executionMode == .realtimeClient)
+        #expect(parsed.executionMode == .native)
    }

    @Test func detectsPCMFormatRejectionFromElevenLabsError() {
--- a/apps/ios/WatchApp/Info.plist
+++ b/apps/ios/WatchApp/Info.plist
@@ -20,9 +20,9 @@
 	<string>$(OPENCLAW_MARKETING_VERSION)</string>
 	<key>CFBundleVersion</key>
 	<string>$(OPENCLAW_BUILD_VERSION)</string>
+	<key>WKApplication</key>
+	<true/>
 	<key>WKCompanionAppBundleIdentifier</key>
 	<string>$(OPENCLAW_APP_BUNDLE_ID)</string>
-	<key>WKWatchKitApp</key>
-	<true/>
 </dict>
 </plist>
--- a/apps/ios/screenshots/session-2026-03-07/canvas-cool.png
+++ b/apps/ios/screenshots/session-2026-03-07/canvas-cool.png
--- a/apps/ios/screenshots/session-2026-03-07/onboarding.png
+++ b/apps/ios/screenshots/session-2026-03-07/onboarding.png
--- a/apps/ios/screenshots/session-2026-03-07/settings.png
+++ b/apps/ios/screenshots/session-2026-03-07/settings.png
--- a/apps/ios/screenshots/session-2026-03-07/talk-mode.png
+++ b/apps/ios/screenshots/session-2026-03-07/talk-mode.png
--- a/apps/ios/version.json
+++ b/apps/ios/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "2026.5.26"
+  "version": "2026.5.25"
 }
--- a/apps/macos/Sources/OpenClaw/ExecApprovals.swift
+++ b/apps/macos/Sources/OpenClaw/ExecApprovals.swift
@@ -84,7 +84,7 @@ enum ExecAsk: String, CaseIterable, Codable, Identifiable {
    }
 }

-enum ExecApprovalDecision: String, Codable, Equatable {
+enum ExecApprovalDecision: String, Codable {
    case allowOnce = "allow-once"
    case allowAlways = "allow-always"
    case deny
--- a/apps/macos/Sources/OpenClaw/ExecApprovalsGatewayPrompter.swift
+++ b/apps/macos/Sources/OpenClaw/ExecApprovalsGatewayPrompter.swift
@@ -70,9 +70,7 @@ final class ExecApprovalsGatewayPrompter {
                    timeoutMs: 10000)
                return
            }
-            guard let decision = ExecApprovalsPromptPresenter.prompt(request.request) else {
-                return
-            }
+            let decision = ExecApprovalsPromptPresenter.prompt(request.request)
            try await GatewayConnection.shared.requestVoid(
                method: .execApprovalResolve,
                params: [
--- a/apps/macos/Sources/OpenClaw/ExecApprovalsSocket.swift
+++ b/apps/macos/Sources/OpenClaw/ExecApprovalsSocket.swift
@@ -14,79 +14,6 @@ struct ExecApprovalPromptRequest: Codable {
    var agentId: String?
    var resolvedPath: String?
    var sessionKey: String?
-    var allowedDecisions: [ExecApprovalDecision]?
-
-    init(
-        command: String,
-        cwd: String? = nil,
-        host: String? = nil,
-        security: String? = nil,
-        ask: String? = nil,
-        agentId: String? = nil,
-        resolvedPath: String? = nil,
-        sessionKey: String? = nil,
-        allowedDecisions: [ExecApprovalDecision]? = nil)
-    {
-        self.command = command
-        self.cwd = cwd
-        self.host = host
-        self.security = security
-        self.ask = ask
-        self.agentId = agentId
-        self.resolvedPath = resolvedPath
-        self.sessionKey = sessionKey
-        self.allowedDecisions = allowedDecisions
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case command
-        case cwd
-        case host
-        case security
-        case ask
-        case agentId
-        case resolvedPath
-        case sessionKey
-        case allowedDecisions
-    }
-
-    init(from decoder: Decoder) throws {
-        let container = try decoder.container(keyedBy: CodingKeys.self)
-        self.command = try container.decode(String.self, forKey: .command)
-        self.cwd = try container.decodeIfPresent(String.self, forKey: .cwd)
-        self.host = try container.decodeIfPresent(String.self, forKey: .host)
-        self.security = try container.decodeIfPresent(String.self, forKey: .security)
-        self.ask = try container.decodeIfPresent(String.self, forKey: .ask)
-        self.agentId = try container.decodeIfPresent(String.self, forKey: .agentId)
-        self.resolvedPath = try container.decodeIfPresent(String.self, forKey: .resolvedPath)
-        self.sessionKey = try container.decodeIfPresent(String.self, forKey: .sessionKey)
-        let decodedDecisions = (try? container.decodeIfPresent(
-            [DecodedExecApprovalDecision].self,
-            forKey: .allowedDecisions)) ?? []
-        self.allowedDecisions = decodedDecisions.compactMap(\.decision)
-    }
-
-    static func allowedDecisions(forAsk ask: String?) -> [ExecApprovalDecision] {
-        // Older payloads did not carry ask/allowedDecisions. Preserve their durable
-        // approval option; explicit ask=always and allowedDecisions payloads are the
-        // policy-carrying shapes that remove it.
-        ask == ExecAsk.always.rawValue
-            ? [.allowOnce, .deny]
-            : [.allowOnce, .allowAlways, .deny]
-    }
-}
-
-private struct DecodedExecApprovalDecision: Decodable {
-    var decision: ExecApprovalDecision?
-
-    init(from decoder: Decoder) throws {
-        let container = try decoder.singleValueContainer()
-        guard let raw = try? container.decode(String.self) else {
-            self.decision = nil
-            return
-        }
-        self.decision = ExecApprovalDecision(rawValue: raw)
-    }
 }

 private struct ExecApprovalSocketRequest: Codable {
@@ -300,7 +227,7 @@ final class ExecApprovalsPromptServer {

 enum ExecApprovalsPromptPresenter {
    @MainActor
-    static func prompt(_ request: ExecApprovalPromptRequest) -> ExecApprovalDecision? {
+    static func prompt(_ request: ExecApprovalPromptRequest) -> ExecApprovalDecision {
        NSApp.activate(ignoringOtherApps: true)
        let alert = NSAlert()
        alert.alertStyle = .warning
@@ -308,47 +235,20 @@ enum ExecApprovalsPromptPresenter {
        alert.informativeText = "Review the command details before allowing."
        alert.accessoryView = self.buildAccessoryView(request)

-        let decisions = self.allowedPromptDecisions(request)
-        for decision in decisions {
-            alert.addButton(withTitle: self.buttonTitle(for: decision))
-        }
-        if #available(macOS 11.0, *),
-           let denyIndex = decisions.firstIndex(of: .deny),
-           alert.buttons.indices.contains(denyIndex)
-        {
-            alert.buttons[denyIndex].hasDestructiveAction = true
+        alert.addButton(withTitle: "Allow Once")
+        alert.addButton(withTitle: "Always Allow")
+        alert.addButton(withTitle: "Don't Allow")
+        if #available(macOS 11.0, *), alert.buttons.indices.contains(2) {
+            alert.buttons[2].hasDestructiveAction = true
        }

-        return self.decision(forModalResponse: alert.runModal(), decisions: decisions)
-    }
-
-    static func decision(
-        forModalResponse response: NSApplication.ModalResponse,
-        decisions: [ExecApprovalDecision]) -> ExecApprovalDecision?
-    {
-        let selectedIndex = response.rawValue
-            - NSApplication.ModalResponse.alertFirstButtonReturn.rawValue
-        if decisions.indices.contains(selectedIndex) {
-            return decisions[selectedIndex]
-        }
-        return decisions.contains(.deny) ? .deny : nil
-    }
-
-    static func allowedPromptDecisions(_ request: ExecApprovalPromptRequest) -> [ExecApprovalDecision] {
-        if let allowedDecisions = request.allowedDecisions, !allowedDecisions.isEmpty {
-            return allowedDecisions
-        }
-        return ExecApprovalPromptRequest.allowedDecisions(forAsk: request.ask)
-    }
-
-    private static func buttonTitle(for decision: ExecApprovalDecision) -> String {
-        switch decision {
-        case .allowOnce:
-            "Allow Once"
-        case .allowAlways:
-            "Always Allow"
-        case .deny:
-            "Don't Allow"
+        switch alert.runModal() {
+        case .alertFirstButtonReturn:
+            return .allowOnce
+        case .alertSecondButtonReturn:
+            return .allowAlways
+        default:
+            return .deny
        }
    }

@@ -492,7 +392,7 @@ private enum ExecHostExecutor {
        case .allow:
            break
        case .requiresPrompt:
-            guard let decision = ExecApprovalsPromptPresenter.prompt(
+            let decision = ExecApprovalsPromptPresenter.prompt(
                ExecApprovalPromptRequest(
                    command: context.displayCommand,
                    cwd: request.cwd,
@@ -501,15 +401,7 @@ private enum ExecHostExecutor {
                    ask: context.ask.rawValue,
                    agentId: context.agentId,
                    resolvedPath: context.resolution?.resolvedPath,
-                    sessionKey: request.sessionKey,
-                    allowedDecisions: ExecApprovalPromptRequest.allowedDecisions(
-                        forAsk: context.ask.rawValue)))
-            else {
-                return self.errorResponse(
-                    code: "UNAVAILABLE",
-                    message: "SYSTEM_RUN_DENIED: approval prompt closed without decision",
-                    reason: "approval-cancelled")
-            }
+                    sessionKey: request.sessionKey))

            let followupDecision: ExecApprovalDecision
            switch decision {
@@ -765,7 +657,7 @@ private final class ExecApprovalsSocketServer: @unchecked Sendable {
    private let logger = Logger(subsystem: "ai.openclaw", category: "exec-approvals.socket")
    private let socketPath: String
    private let token: String
-    private let onPrompt: @Sendable (ExecApprovalPromptRequest) async -> ExecApprovalDecision?
+    private let onPrompt: @Sendable (ExecApprovalPromptRequest) async -> ExecApprovalDecision
    private let onExec: @Sendable (ExecHostRequest) async -> ExecHostResponse
    private var socketFD: Int32 = -1
    private var acceptTask: Task<Void, Never>?
@@ -774,7 +666,7 @@ private final class ExecApprovalsSocketServer: @unchecked Sendable {
    init(
        socketPath: String,
        token: String,
-        onPrompt: @escaping @Sendable (ExecApprovalPromptRequest) async -> ExecApprovalDecision?,
+        onPrompt: @escaping @Sendable (ExecApprovalPromptRequest) async -> ExecApprovalDecision,
        onExec: @escaping @Sendable (ExecHostRequest) async -> ExecHostResponse)
    {
        self.socketPath = socketPath
@@ -916,7 +808,7 @@ private final class ExecApprovalsSocketServer: @unchecked Sendable {
                    try self.sendApprovalResponse(handle: handle, id: request.id, decision: .deny)
                    return
                }
-                guard let decision = await self.onPrompt(request.request) else { return }
+                let decision = await self.onPrompt(request.request)
                try self.sendApprovalResponse(handle: handle, id: request.id, decision: decision)
                return
            }
--- a/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
+++ b/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
@@ -6,6 +6,7 @@ import Foundation

 enum HostEnvSecurityPolicy {
    static let blockedInheritedKeys: Set<String> = [
+        "_JAVA_OPTIONS",
        "AMQP_URL",
        "ANSIBLE_CALLBACK_PLUGINS",
        "ANSIBLE_COLLECTIONS_PATH",
@@ -30,11 +31,12 @@ enum HostEnvSecurityPolicy {
        "AZURE_CLIENT_SECRET",
        "BASH_ENV",
        "BROWSER",
-        "BUNDLE_GEMFILE",
        "BUN_CONFIG_REGISTRY",
+        "BUNDLE_GEMFILE",
        "BZR_EDITOR",
        "BZR_PLUGIN_PATH",
        "BZR_SSH",
+        "C_INCLUDE_PATH",
        "CARGO_BUILD_RUSTC",
        "CARGO_BUILD_RUSTC_WRAPPER",
        "CARGO_HOME",
@@ -44,8 +46,8 @@ enum HostEnvSecurityPolicy {
        "CGO_CFLAGS",
        "CGO_LDFLAGS",
        "CLASSPATH",
-        "CMAKE_CXX_COMPILER",
        "CMAKE_C_COMPILER",
+        "CMAKE_CXX_COMPILER",
        "CMAKE_TOOLCHAIN_FILE",
        "COMPOSER_HOME",
        "CONFIG_SHELL",
@@ -56,7 +58,6 @@ enum HostEnvSecurityPolicy {
        "CPLUS_INCLUDE_PATH",
        "CURL_HOME",
        "CXX",
-        "C_INCLUDE_PATH",
        "DATABASE_URL",
        "DENO_DIR",
        "DOTNET_ADDITIONAL_DEPS",
@@ -74,8 +75,6 @@ enum HostEnvSecurityPolicy {
        "GEM_HOME",
        "GEM_PATH",
        "GH_TOKEN",
-        "GITHUB_TOKEN",
-        "GITLAB_TOKEN",
        "GIT_ALTERNATE_OBJECT_DIRECTORIES",
        "GIT_ASKPASS",
        "GIT_COMMON_DIR",
@@ -96,6 +95,8 @@ enum HostEnvSecurityPolicy {
        "GIT_SSL_NO_VERIFY",
        "GIT_TEMPLATE_DIR",
        "GIT_WORK_TREE",
+        "GITHUB_TOKEN",
+        "GITLAB_TOKEN",
        "GLIBC_TUNABLES",
        "GOENV",
        "GOFLAGS",
@@ -144,8 +145,8 @@ enum HostEnvSecurityPolicy {
        "PERL5DBCMD",
        "PERL5LIB",
        "PERL5OPT",
-        "PHPRC",
        "PHP_INI_SCAN_DIR",
+        "PHPRC",
        "PIP_CONFIG_FILE",
        "PIP_EXTRA_INDEX_URL",
        "PIP_FIND_LINKS",
@@ -159,17 +160,17 @@ enum HostEnvSecurityPolicy {
        "PYTHONPATH",
        "PYTHONSTARTUP",
        "PYTHONUSERBASE",
+        "R_ENVIRON",
+        "R_ENVIRON_USER",
+        "R_LIBS_USER",
+        "R_PROFILE",
+        "R_PROFILE_USER",
        "REDIS_URL",
        "RUBYLIB",
        "RUBYOPT",
        "RUBYSHELL",
        "RUSTC_WRAPPER",
        "RUSTFLAGS",
-        "R_ENVIRON",
-        "R_ENVIRON_USER",
-        "R_LIBS_USER",
-        "R_PROFILE",
-        "R_PROFILE_USER",
        "SBT_OPTS",
        "SHELL",
        "SHELLOPTS",
@@ -191,8 +192,7 @@ enum HostEnvSecurityPolicy {
        "VIRTUAL_ENV",
        "VISUAL",
        "WGETRC",
-        "YARN_RC_FILENAME",
-        "_JAVA_OPTIONS"
+        "YARN_RC_FILENAME"
    ]

    static let blockedInheritedPrefixes: [String] = [
@@ -202,6 +202,7 @@ enum HostEnvSecurityPolicy {
    ]

    static let blockedKeys: Set<String> = [
+        "_JAVA_OPTIONS",
        "ANT_OPTS",
        "BASH_ENV",
        "BROWSER",
@@ -212,8 +213,8 @@ enum HostEnvSecurityPolicy {
        "CARGO_BUILD_RUSTC_WRAPPER",
        "CATALINA_OPTS",
        "CC",
-        "CMAKE_CXX_COMPILER",
        "CMAKE_C_COMPILER",
+        "CMAKE_CXX_COMPILER",
        "CMAKE_TOOLCHAIN_FILE",
        "CONFIG_SHELL",
        "CONFIG_SITE",
@@ -274,14 +275,14 @@ enum HostEnvSecurityPolicy {
        "PYTHONBREAKPOINT",
        "PYTHONHOME",
        "PYTHONPATH",
-        "RUBYLIB",
-        "RUBYOPT",
-        "RUBYSHELL",
-        "RUSTC_WRAPPER",
        "R_ENVIRON",
        "R_ENVIRON_USER",
        "R_PROFILE",
        "R_PROFILE_USER",
+        "RUBYLIB",
+        "RUBYOPT",
+        "RUBYSHELL",
+        "RUSTC_WRAPPER",
        "SBT_OPTS",
        "SHELL",
        "SHELLOPTS",
@@ -290,8 +291,7 @@ enum HostEnvSecurityPolicy {
        "SVN_EDITOR",
        "SVN_SSH",
        "VAGRANT_VAGRANTFILE",
-        "VIMINIT",
-        "_JAVA_OPTIONS"
+        "VIMINIT"
    ]

    static let blockedOverrideKeys: Set<String> = [
@@ -321,8 +321,9 @@ enum HostEnvSecurityPolicy {
        "AZURE_AUTH_LOCATION",
        "AZURE_CLIENT_ID",
        "AZURE_CLIENT_SECRET",
-        "BUNDLE_GEMFILE",
        "BUN_CONFIG_REGISTRY",
+        "BUNDLE_GEMFILE",
+        "C_INCLUDE_PATH",
        "CARGO_BUILD_RUSTC_WRAPPER",
        "CARGO_HOME",
        "CFLAGS",
@@ -335,7 +336,6 @@ enum HostEnvSecurityPolicy {
        "CPLUS_INCLUDE_PATH",
        "CURL_CA_BUNDLE",
        "CURL_HOME",
-        "C_INCLUDE_PATH",
        "DATABASE_URL",
        "DENO_DIR",
        "DOCKER_CERT_PATH",
@@ -347,8 +347,6 @@ enum HostEnvSecurityPolicy {
        "GEM_HOME",
        "GEM_PATH",
        "GH_TOKEN",
-        "GITHUB_TOKEN",
-        "GITLAB_TOKEN",
        "GIT_ALTERNATE_OBJECT_DIRECTORIES",
        "GIT_ASKPASS",
        "GIT_COMMON_DIR",
@@ -364,6 +362,8 @@ enum HostEnvSecurityPolicy {
        "GIT_SSL_CAPATH",
        "GIT_SSL_NO_VERIFY",
        "GIT_WORK_TREE",
+        "GITHUB_TOKEN",
+        "GITLAB_TOKEN",
        "GOENV",
        "GOFLAGS",
        "GONOPROXY",
@@ -378,8 +378,8 @@ enum HostEnvSecurityPolicy {
        "HGRCPATH",
        "HISTFILE",
        "HOME",
-        "HTTPS_PROXY",
        "HTTP_PROXY",
+        "HTTPS_PROXY",
        "KUBECONFIG",
        "LDFLAGS",
        "LESSCLOSE",
@@ -391,10 +391,10 @@ enum HostEnvSecurityPolicy {
        "MANPAGER",
        "MFLAGS",
        "MONGODB_URI",
+        "NO_PROXY",
        "NODE_AUTH_TOKEN",
        "NODE_EXTRA_CA_CERTS",
        "NODE_TLS_REJECT_UNAUTHORIZED",
-        "NO_PROXY",
        "NPM_TOKEN",
        "OBJC_INCLUDE_PATH",
        "OPENSSL_CONF",
@@ -402,8 +402,8 @@ enum HostEnvSecurityPolicy {
        "PAGER",
        "PERL5DB",
        "PERL5DBCMD",
-        "PHPRC",
        "PHP_INI_SCAN_DIR",
+        "PHPRC",
        "PIP_CONFIG_FILE",
        "PIP_EXTRA_INDEX_URL",
        "PIP_FIND_LINKS",
@@ -413,11 +413,11 @@ enum HostEnvSecurityPolicy {
        "PROMPT_COMMAND",
        "PYTHONSTARTUP",
        "PYTHONUSERBASE",
+        "R_LIBS_USER",
        "REDIS_URL",
        "REQUESTS_CA_BUNDLE",
        "RUSTC_WRAPPER",
        "RUSTFLAGS",
-        "R_LIBS_USER",
        "SSH_ASKPASS",
        "SSH_AUTH_SOCK",
        "SSL_CERT_DIR",
--- a/apps/macos/Sources/OpenClaw/NodeMode/MacNodeRuntime.swift
+++ b/apps/macos/Sources/OpenClaw/NodeMode/MacNodeRuntime.swift
@@ -754,7 +754,7 @@ actor MacNodeRuntime {
        }

        if requiresAsk, !approvedByAsk {
-            let promptDecision = await MainActor.run {
+            let decision = await MainActor.run {
                ExecApprovalsPromptPresenter.prompt(
                    ExecApprovalPromptRequest(
                        command: context.displayCommand,
@@ -764,26 +764,7 @@ actor MacNodeRuntime {
                        ask: context.ask.rawValue,
                        agentId: context.agentId,
                        resolvedPath: context.resolution?.resolvedPath,
-                        sessionKey: context.sessionKey,
-                        allowedDecisions: ExecApprovalPromptRequest.allowedDecisions(
-                            forAsk: context.ask.rawValue)))
-            }
-            guard let decision = promptDecision else {
-                await self.emitExecEvent(
-                    "exec.denied",
-                    payload: ExecEventPayload(
-                        sessionKey: context.sessionKey,
-                        runId: context.runId,
-                        host: "node",
-                        command: context.displayCommand,
-                        reason: "approval-cancelled"))
-                return ExecApprovalOutcome(
-                    approvedByAsk: approvedByAsk,
-                    persistAllowlist: persistAllowlist,
-                    response: Self.errorResponse(
-                        req,
-                        code: .unavailable,
-                        message: "SYSTEM_RUN_DENIED: approval prompt closed without decision"))
+                        sessionKey: context.sessionKey))
            }
            switch decision {
            case .deny:
--- a/apps/macos/Sources/OpenClaw/Resources/Info.plist
+++ b/apps/macos/Sources/OpenClaw/Resources/Info.plist
@@ -15,9 +15,9 @@
    <key>CFBundlePackageType</key>
    <string>APPL</string>
    <key>CFBundleShortVersionString</key>
-    <string>2026.5.26</string>
+    <string>2026.5.25</string>
    <key>CFBundleVersion</key>
-    <string>2026052600</string>
+    <string>2026052500</string>
    <key>CFBundleIconFile</key>
    <string>OpenClaw</string>
    <key>CFBundleURLTypes</key>
--- a/apps/macos/Tests/OpenClawIPCTests/ExecApprovalPromptLayoutTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/ExecApprovalPromptLayoutTests.swift
@@ -5,123 +5,6 @@ import Testing
@Suite(.serialized)
@MainActor
 struct ExecApprovalPromptLayoutTests {
-    @Test func `allowed decisions omit durable approval even when ask allows it`() {
-        let decisions = ExecApprovalsPromptPresenter.allowedPromptDecisions(
-            ExecApprovalPromptRequest(
-                command: "/bin/sh -lc pwd",
-                cwd: "/Users/example/projects/openclaw",
-                host: "node",
-                security: "full",
-                ask: "on-miss",
-                agentId: "main",
-                resolvedPath: "/bin/sh",
-                sessionKey: "session-1",
-                allowedDecisions: [.allowOnce, .deny]))
-
-        #expect(decisions == [.allowOnce, .deny])
-    }
-
-    @Test func `ask always prompts omit durable approval when decisions are omitted`() {
-        let decisions = ExecApprovalsPromptPresenter.allowedPromptDecisions(
-            ExecApprovalPromptRequest(
-                command: "/bin/sh -lc pwd",
-                cwd: "/Users/example/projects/openclaw",
-                host: "node",
-                security: "full",
-                ask: "always",
-                agentId: "main",
-                resolvedPath: "/bin/sh",
-                sessionKey: "session-1"))
-
-        #expect(decisions == [.allowOnce, .deny])
-    }
-
-    @Test func `ask on miss prompts keep durable approval when decisions are omitted`() {
-        let decisions = ExecApprovalsPromptPresenter.allowedPromptDecisions(
-            ExecApprovalPromptRequest(
-                command: "/bin/sh -lc pwd",
-                cwd: "/Users/example/projects/openclaw",
-                host: "node",
-                security: "full",
-                ask: "on-miss",
-                agentId: "main",
-                resolvedPath: "/bin/sh",
-                sessionKey: "session-1"))
-
-        #expect(decisions == [.allowOnce, .allowAlways, .deny])
-    }
-
-    @Test func `legacy prompts keep durable approval when policy fields are omitted`() {
-        let decisions = ExecApprovalsPromptPresenter.allowedPromptDecisions(
-            ExecApprovalPromptRequest(
-                command: "/bin/sh -lc pwd",
-                cwd: "/Users/example/projects/openclaw",
-                host: "node",
-                security: "full",
-                agentId: "main",
-                resolvedPath: "/bin/sh",
-                sessionKey: "session-1"))
-
-        #expect(decisions == [.allowOnce, .allowAlways, .deny])
-    }
-
-    @Test func `unknown ask prompts keep legacy durable approval when decisions are omitted`() {
-        let decisions = ExecApprovalsPromptPresenter.allowedPromptDecisions(
-            ExecApprovalPromptRequest(
-                command: "/bin/sh -lc pwd",
-                cwd: "/Users/example/projects/openclaw",
-                host: "node",
-                security: "full",
-                ask: "unexpected",
-                agentId: "main",
-                resolvedPath: "/bin/sh",
-                sessionKey: "session-1"))
-
-        #expect(decisions == [.allowOnce, .allowAlways, .deny])
-    }
-
-    @Test func `approval request decodes valid allowed decisions only`() throws {
-        let data = """
-            {
-              "command": "/bin/sh -lc pwd",
-              "ask": "on-miss",
-              "allowedDecisions": ["allow-once", "bad", "deny", 3]
-            }
-            """.data(using: .utf8)!
-
-        let request = try JSONDecoder().decode(ExecApprovalPromptRequest.self, from: data)
-
-        #expect(request.allowedDecisions == [.allowOnce, .deny])
-    }
-
-    @Test func `approval request falls back when allowed decisions has wrong shape`() throws {
-        let data = """
-            {
-              "command": "/bin/sh -lc pwd",
-              "ask": "always",
-              "allowedDecisions": "allow-once"
-            }
-            """.data(using: .utf8)!
-
-        let request = try JSONDecoder().decode(ExecApprovalPromptRequest.self, from: data)
-
-        #expect(ExecApprovalsPromptPresenter.allowedPromptDecisions(request) == [.allowOnce, .deny])
-    }
-
-    @Test func `modal close does not synthesize deny when deny is unavailable`() {
-        let closeResponse = NSApplication.ModalResponse(rawValue: 0)
-
-        let withoutDeny = ExecApprovalsPromptPresenter.decision(
-            forModalResponse: closeResponse,
-            decisions: [.allowOnce])
-        let withDeny = ExecApprovalsPromptPresenter.decision(
-            forModalResponse: closeResponse,
-            decisions: [.allowOnce, .deny])
-
-        #expect(withoutDeny == nil)
-        #expect(withDeny == .deny)
-    }
-
    @Test func `accessory view reserves nonzero alert layout space`() {
        let accessory = ExecApprovalsPromptPresenter.buildAccessoryView(
            ExecApprovalPromptRequest(
--- a/apps/shared/OpenClawKit/Sources/OpenClawKit/Resources/tool-display.json
+++ b/apps/shared/OpenClawKit/Sources/OpenClawKit/Resources/tool-display.json
@@ -441,47 +441,6 @@
        "includeTools"
      ]
    },
-    "transcripts": {
-      "emoji": "🎙️",
-      "title": "Transcripts",
-      "actions": {
-        "start": {
-          "label": "start",
-          "detailKeys": [
-            "providerId",
-            "sessionId",
-            "title",
-            "meetingUrl",
-            "guildId",
-            "channelId"
-          ]
-        },
-        "stop": {
-          "label": "stop",
-          "detailKeys": [
-            "sessionId"
-          ]
-        },
-        "status": {
-          "label": "status"
-        },
-        "import": {
-          "label": "import",
-          "detailKeys": [
-            "providerId",
-            "sessionId",
-            "title",
-            "meetingUrl"
-          ]
-        },
-        "summarize": {
-          "label": "summarize",
-          "detailKeys": [
-            "sessionId"
-          ]
-        }
-      }
-    },
    "sessions_spawn": {
      "emoji": "🧑‍🔧",
      "title": "Sub-agent",
--- a/config/knip.config.ts
+++ b/config/knip.config.ts
@@ -64,7 +64,6 @@ const rootBundledPluginRuntimeDependencies = [
  "@grammyjs/transformer-throttler",
  "@homebridge/ciao",
  "@mozilla/readability",
-  "@silvia-odwyer/photon-node",
  "@slack/bolt",
  "@slack/types",
  "@slack/web-api",
@@ -163,6 +162,7 @@ const config = {
      entry: [
        "index.html!",
        "src/main.ts!",
+        "src/build/chunking.ts!",
        "vite.config.ts!",
        "vitest*.ts!",
      ],
--- a/docs/.generated/config-baseline.sha256
+++ b/docs/.generated/config-baseline.sha256
@@ -1,4 +1,4 @@
-53b7621e99d75b98ecc8f4389d38900f84cf213f95dbcc877f36125d763c660d  config-baseline.json
-e92bbf45714e418383118098d4ff15d347fa8ffc7e7837b437b522d2b59ce9fe  config-baseline.core.json
-b901fb766edfd9df630690281476fc4032c64772f69d1d8f7b2e0e913a90f229  config-baseline.channel.json
-5c214ab364011fd95735755f9fa4298aa4de8ad81144ae8dd08d969bb7ba318b  config-baseline.plugin.json
+e8e71a715bd33405280b5a9f6b6e788abed636fba66ec5f3a4f9b9a768a1637f  config-baseline.json
+003183db53a41905c540f37b1d30b3006ef8906915e13eac844b643cd210fdfe  config-baseline.core.json
+859b021f65400df22c95ae55b074cf26c83d3a0bfadb3fceeaca522f6ea391ae  config-baseline.channel.json
+74441e331aabb3026784c148d4ee5ce3f489a15ed87ffd9b7ba0c5e2a7bc93be  config-baseline.plugin.json
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-65cb96d0aa2888ddb7b014f810d7cd415f1f0ccdce7792fbf12b4aad11f146f8  plugin-sdk-api-baseline.json
-662b37da529f199ee9b56482f2f6897bdd010dfb72be778d208b289adaca1298  plugin-sdk-api-baseline.jsonl
+390681a3d97af8c004db89ead136bd6cff693af5a0ddfe86a8e3c55a29a077eb  plugin-sdk-api-baseline.json
+8dfaf69ee3d0a946bfdd1d8d97ef85262824d52c20854249f900db61f2a7f7b4  plugin-sdk-api-baseline.jsonl
--- a/docs/assets/pr/quick-settings-browser-tools.png
+++ b/docs/assets/pr/quick-settings-browser-tools.png
--- a/docs/assets/showcase/padel-cli.svg
+++ b/docs/assets/showcase/padel-cli.svg
@@ -0,0 +1,11 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="800" height="420" viewBox="0 0 800 420" role="img" aria-label="padel-cli availability output">
+  <rect width="800" height="420" rx="24" fill="#0b0f14" />
+  <rect x="24" y="24" width="752" height="372" rx="18" fill="#0f172a" stroke="#263246" stroke-width="2" />
+  <text x="48" y="72" fill="#9ca3af" font-size="18" font-family="Fragment Mono, ui-monospace, SFMono-Regular, Menlo, monospace">
+    <tspan x="48" dy="0">$ padel search --location "Barcelona" --date 2026-01-08 --time 18:00-22:00</tspan>
+    <tspan x="48" dy="30" fill="#e5e7eb">Available courts (3):</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">- Vall d'Hebron 19:00 Court 2 (90m) EUR 34</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">- Badalona 20:30 Court 1 (60m) EUR 28</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">- Gracia 21:00 Court 4 (90m) EUR 36</tspan>
+  </text>
+</svg>
--- a/docs/assets/showcase/roborock-status.svg
+++ b/docs/assets/showcase/roborock-status.svg
@@ -0,0 +1,13 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="800" height="420" viewBox="0 0 800 420" role="img" aria-label="GoHome Roborock status output">
+  <rect width="800" height="420" rx="24" fill="#0b0f14" />
+  <rect x="24" y="24" width="752" height="372" rx="18" fill="#111827" stroke="#263246" stroke-width="2" />
+  <text x="48" y="72" fill="#9ca3af" font-size="18" font-family="Fragment Mono, ui-monospace, SFMono-Regular, Menlo, monospace">
+    <tspan x="48" dy="0">$ gohome roborock status --device "Living Room"</tspan>
+    <tspan x="48" dy="30" fill="#e5e7eb">Device: Roborock Q Revo</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">State: cleaning (zone)</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">Battery: 78%</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">Dustbin: 42%</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">Water tank: 61%</tspan>
+    <tspan x="48" dy="28" fill="#e5e7eb">Last clean: 2026-01-06 19:42</tspan>
+  </text>
+</svg>
--- a/docs/automation/cron-jobs.md
+++ b/docs/automation/cron-jobs.md
@@ -306,7 +306,7 @@ Keep hook endpoints behind loopback, tailnet, or trusted reverse proxy.

 - Use a dedicated hook token; do not reuse gateway auth tokens.
 - Keep `hooks.path` on a dedicated subpath; `/` is rejected.
- Set `hooks.allowedAgentIds` to limit which effective agent a hook can target, including the default agent when `agentId` is omitted.
+- Set `hooks.allowedAgentIds` to limit explicit `agentId` routing.
 - Keep `hooks.allowRequestSessionKey=false` unless you require caller-selected sessions.
 - If you enable `hooks.allowRequestSessionKey`, also set `hooks.allowedSessionKeyPrefixes` to constrain allowed session key shapes.
 - Hook payloads are wrapped with safety boundaries by default.
@@ -436,7 +436,7 @@ Model override note:
  cron: {
    enabled: true,
    store: "~/.openclaw/cron/jobs.json",
-    maxConcurrentRuns: 8,
+    maxConcurrentRuns: 1,
    retry: {
      maxAttempts: 3,
      backoffMs: [60000, 120000, 300000],
@@ -449,7 +449,7 @@ Model override note:
 }
 ```

-`maxConcurrentRuns` limits both scheduled cron dispatch and isolated agent-turn execution, and defaults to 8. Isolated cron agent turns use the queue's dedicated `cron-nested` execution lane internally, so raising this value lets independent cron LLM runs progress in parallel instead of only starting their outer cron wrappers. The shared non-cron `nested` lane is not widened by this setting.
+`maxConcurrentRuns` limits both scheduled cron dispatch and isolated agent-turn execution. Isolated cron agent turns use the queue's dedicated `cron-nested` execution lane internally, so raising this value lets independent cron LLM runs progress in parallel instead of only starting their outer cron wrappers. The shared non-cron `nested` lane is not widened by this setting.

 The runtime state sidecar is derived from `cron.store`: a `.json` store such as `~/clawd/cron/jobs.json` uses `~/clawd/cron/jobs-state.json`, while a store path without a `.json` suffix appends `-state.json`.

--- a/docs/automation/tasks.md
+++ b/docs/automation/tasks.md
@@ -102,7 +102,7 @@ Not every agent run creates a task. Heartbeat turns and normal interactive chat
  <Accordion title="Notify defaults for cron and media">
    Main-session cron tasks use `silent` notify policy by default - they create records for tracking but do not generate notifications. Isolated cron tasks also default to `silent` but are more visible because they run in their own session.

-    Session-backed `image_generate`, `music_generate`, and `video_generate` runs also use `silent` notify policy. They still create task records, but completion is handed back to the original agent session as an internal wake so the agent can write the follow-up message and attach the finished media itself. Generated-media completion events require message-tool delivery: the agent must send the finished media with the `message` tool, then reply `NO_REPLY`. If the requester session is no longer active or its active wake fails, and the completion agent misses some or all generated media, OpenClaw sends an idempotent direct fallback with only the missing media to the original channel target.
+    Session-backed `image_generate`, `music_generate`, and `video_generate` runs also use `silent` notify policy. They still create task records, but completion is handed back to the original agent session as an internal wake so the agent can write the follow-up message and attach the finished media itself. Generated-media completion events require message-tool delivery: the agent must send the finished media with the `message` tool, then reply `NO_REPLY`. If the requester session is no longer active and the completion agent misses some or all generated media, OpenClaw sends an idempotent direct fallback with only the missing media to the original channel target.

  </Accordion>
  <Accordion title="Concurrent media-generation guardrail">
--- a/docs/channels/discord.md
+++ b/docs/channels/discord.md
@@ -1234,7 +1234,7 @@ Notes:
 - In `stt-tts` mode, STT uses `tools.media.audio`; `voice.model` does not affect transcription.
 - In realtime modes, `voice.realtime.provider`, `voice.realtime.model`, and `voice.realtime.voice` configure the realtime audio session. For OpenAI Realtime 2 plus the Codex brain, use `voice.realtime.model: "gpt-realtime-2"` and `voice.model: "openai-codex/gpt-5.5"`.
 - Realtime voice modes include small `IDENTITY.md`, `USER.md`, and `SOUL.md` profile files in the realtime provider instructions by default so fast direct turns keep the same identity, user grounding, and persona as the routed OpenClaw agent. Set `voice.realtime.bootstrapContextFiles` to a subset to customize this, or `[]` to disable it. The supported realtime bootstrap files are limited to those profile files; `AGENTS.md` stays in the normal agent context. The injected profile context does not replace `openclaw_agent_consult` for workspace work, current facts, memory lookup, or tool-backed actions.
- In OpenAI `agent-proxy` realtime mode, set `voice.realtime.requireWakeName: true` to keep Discord realtime voice silent until a transcript starts or ends with a wake name. Configured wake names must be one or two words. If `voice.realtime.wakeNames` is unset, OpenClaw uses the routed agent `name` plus `OpenClaw`, falling back to the agent id plus `OpenClaw`. Wake-name gating disables realtime provider auto-response, routes accepted turns through the OpenClaw agent consult path, and gives a short spoken acknowledgement when a leading wake name is recognized from partial transcription before the final transcript arrives.
+- In OpenAI `agent-proxy` realtime mode, set `voice.realtime.requireWakeName: true` to keep Discord realtime voice silent until a transcript contains a wake name. If `voice.realtime.wakeNames` is unset, OpenClaw uses the routed agent `name` plus `OpenClaw`, falling back to the agent id plus `OpenClaw`. Wake-name gating disables realtime provider auto-response and routes accepted turns through the OpenClaw agent consult path.
 - The OpenAI realtime provider accepts current Realtime 2 event names and legacy Codex-compatible aliases for output audio and transcript events, so compatible provider snapshots can drift without dropping assistant audio.
 - `voice.realtime.bargeIn` controls whether Discord speaker-start events interrupt active realtime playback. If unset, it follows the realtime provider's input-audio interruption setting.
 - `voice.realtime.minBargeInAudioEndMs` controls the minimum assistant playback duration before an OpenAI realtime barge-in truncates audio. Default: `250`. Set `0` for immediate interruption in low-echo rooms, or raise it for echo-heavy speaker setups.
@@ -1247,12 +1247,12 @@ Notes:
 - `voice.allowedChannels` is an optional residency allowlist. Leave it unset to allow `/vc join` into any authorized Discord voice channel. When set, `/vc join`, startup auto-join, and bot voice-state moves are restricted to the listed `{ guildId, channelId }` entries. Set it to an empty array to deny all Discord voice joins. If Discord moves the bot outside the allowlist, OpenClaw leaves that channel and rejoins the configured auto-join target when one is available.
 - `voice.daveEncryption` and `voice.decryptionFailureTolerance` pass through to `@discordjs/voice` join options.
 - `@discordjs/voice` defaults are `daveEncryption=true` and `decryptionFailureTolerance=24` if unset.
- OpenClaw uses the bundled `libopus-wasm` codec for Discord voice receive and realtime raw PCM playback. It ships a pinned libopus WebAssembly build and does not require native opus addons.
+- OpenClaw defaults to the pure-JS `opusscript` decoder for Discord voice receive. The optional native `@discordjs/opus` package is ignored by the repo pnpm install policy so normal installs, Docker lanes, and unrelated tests do not compile a native addon. Dedicated voice-performance hosts can opt in with `OPENCLAW_DISCORD_OPUS_DECODER=native` after installing the native addon.
 - `voice.connectTimeoutMs` controls the initial `@discordjs/voice` Ready wait for `/vc join` and auto-join attempts. Default: `30000`.
 - `voice.reconnectGraceMs` controls how long OpenClaw waits for a disconnected voice session to begin reconnecting before destroying it. Default: `15000`.
 - In `stt-tts` mode, voice playback does not stop just because another user starts speaking. To avoid feedback loops, OpenClaw ignores new voice capture while TTS is playing; speak after playback finishes for the next turn. Realtime modes forward speaker starts as barge-in signals to the realtime provider.
 - In realtime modes, echo from speakers into an open mic can look like barge-in and interrupt playback. For echo-heavy Discord rooms, set `voice.realtime.providers.openai.interruptResponseOnInputAudio: false` to keep OpenAI from auto-interrupting on input audio. Add `voice.realtime.bargeIn: true` if you still want Discord speaker-start events to interrupt active playback. The OpenAI realtime bridge ignores playback truncations shorter than `voice.realtime.minBargeInAudioEndMs` as likely echo/noise and logs them as skipped instead of clearing Discord playback.
- `voice.captureSilenceGraceMs` controls how long OpenClaw waits after Discord reports a speaker has stopped before finalizing that audio segment for STT. Default: `2000`; raise this if Discord splits normal pauses into choppy partial transcripts.
+- `voice.captureSilenceGraceMs` controls how long OpenClaw waits after Discord reports a speaker has stopped before finalizing that audio segment for STT. Default: `2500`; raise this if Discord splits normal pauses into choppy partial transcripts.
 - When ElevenLabs is the selected TTS provider, Discord voice playback uses streaming TTS and starts from the provider response stream. Providers without streaming support fall back to the synthesized temp-file path.
 - OpenClaw also watches receive decrypt failures and auto-recovers by leaving/rejoining the voice channel after repeated failures in a short window.
 - If receive logs repeatedly show `DecryptionFailed(UnencryptedWhenPassthroughDisabled)` after updating, collect a dependency report and logs. The bundled `@discordjs/voice` line includes the upstream padding fix from discord.js PR #11449, which closed discord.js issue #11419.
@@ -1301,11 +1301,22 @@ Choose between the join modes:
 - Use `autoJoin` for fixed-room bots that should be present even when no tracked user is in voice.
 - Use `/vc join` for one-off joins or rooms where automatic voice presence would be surprising.

-Discord voice codec:
+Native opus setup for source checkouts:

- Voice receive logs show `discord voice: opus decoder: libopus-wasm`.
- Realtime playback encodes raw 48 kHz stereo PCM to Opus with the same bundled `libopus-wasm` package before handing packets to `@discordjs/voice`.
- File and provider-stream playback transcodes to raw 48 kHz stereo PCM with ffmpeg, then uses `libopus-wasm` for the Opus packet stream sent to Discord.
+```bash
+pnpm install
+mise exec node@22 -- pnpm discord:opus:install
+```
+
+Use Node 22 for the gateway when you want the upstream macOS arm64 prebuilt native addon. If you use another Node runtime, the opt-in installer may need a local `node-gyp` source-build toolchain.
+
+After installing the native addon, start the Gateway with:
+
+```bash
+OPENCLAW_DISCORD_OPUS_DECODER=native pnpm gateway:watch
+```
+
+Verbose voice logs should show `discord voice: opus decoder: @discordjs/opus`. Without the env opt-in, or if the native addon is missing or cannot load on the host, OpenClaw logs `discord voice: opus decoder: opusscript` and keeps receiving voice through the pure-JS fallback.

 STT plus TTS pipeline:

--- a/docs/channels/groups.md
+++ b/docs/channels/groups.md
@@ -51,7 +51,7 @@ If the message tool is unavailable under the active tool policy, OpenClaw falls
 back to automatic visible replies instead of silently suppressing the response.
 `openclaw doctor` warns about this mismatch.

-For direct chats and any other source event, use `messages.visibleReplies: "message_tool"` to apply the same tool-only visible-reply behavior globally. Internal WebChat direct turns default to automatic final-reply delivery so Pi and Codex receive the same visible-reply contract. Set `messages.visibleReplies: "message_tool"` to intentionally require `message(action=send)` for visible output. `messages.groupChat.visibleReplies` remains the more specific override for group/channel rooms.
+For direct chats and any other source event, use `messages.visibleReplies: "message_tool"` to apply the same tool-only visible-reply behavior globally. Some harnesses, including Codex, also default direct/source chats to message-tool delivery when this is unset. Set `messages.visibleReplies: "automatic"` to force the old automatic final-reply path. `messages.groupChat.visibleReplies` remains the more specific override for group/channel rooms.

 This replaces the old pattern of forcing the model to answer `NO_REPLY` for most lurk-mode turns. In tool-only mode, doing nothing visible simply means not calling the message tool.

--- a/docs/channels/imessage.md
+++ b/docs/channels/imessage.md
@@ -442,13 +442,6 @@ See [ACP Agents](/tools/acp-agents) for shared ACP binding behavior.
    Each account can override fields such as `cliPath`, `dbPath`, `allowFrom`, `groupPolicy`, `mediaMaxMb`, history settings, and attachment root allowlists.

  </Accordion>
-
-  <Accordion title="Direct-message history">
-    Set `channels.imessage.dmHistoryLimit` to seed new direct-message sessions with recent decoded `imsg` history for that conversation. Use `channels.imessage.dms["<sender>"].historyLimit` for per-sender overrides, including `0` to disable history for a sender.
-
-    iMessage DM history is fetched on demand from `imsg`. Leaving `dmHistoryLimit` unset disables global DM history seeding, but a positive per-sender `channels.imessage.dms["<sender>"].historyLimit` still enables seeding for that sender.
-
-  </Accordion>
 </AccordionGroup>

 ## Media, chunking, and delivery targets
--- a/docs/channels/signal.md
+++ b/docs/channels/signal.md
@@ -306,21 +306,6 @@ Config:
  - `minimal`/`extensive` enables agent reactions and sets the guidance level.
 - Per-account overrides: `channels.signal.accounts.<id>.actions.reactions`, `channels.signal.accounts.<id>.reactionLevel`.

-## Approval reactions
-
-Signal exec and plugin approval prompts use the top-level `approvals.exec` and
-`approvals.plugin` routing blocks. Signal does not have a
-`channels.signal.execApprovals` block.
-
- `👍` approves once.
- `👎` denies.
- Use `/approve <id> allow-always` when a request offers persistent approval.
-
-Approval reaction resolution requires explicit Signal approvers from
-`channels.signal.allowFrom`, `channels.signal.defaultTo`, or the matching account-level fields.
-Direct same-chat exec approval prompts can still suppress the duplicate local `/approve` fallback
-without explicit approvers; no-approver group approvals keep the local fallback visible.
-
 ## Delivery targets (CLI/cron)

 - DMs: `signal:+15551234567` (or plain E.164).
--- a/docs/channels/telegram.md
+++ b/docs/channels/telegram.md
@@ -292,17 +292,13 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
 - Routing is deterministic: Telegram inbound replies back to Telegram (the model does not pick channels).
 - Inbound messages normalize into the shared channel envelope with reply metadata, media placeholders, and persisted reply-chain context for Telegram replies the gateway has observed.
 - Group sessions are isolated by group ID. Forum topics append `:topic:<threadId>` to keep topics isolated.
- DM messages can carry `message_thread_id`; OpenClaw preserves it for replies. DM topic sessions split only when Telegram `getMe` reports `has_topics_enabled: true` for the bot; otherwise DMs stay on the flat session.
+- DM messages can carry `message_thread_id`; OpenClaw preserves the thread ID for replies but keeps DMs on the flat session by default. Configure `channels.telegram.dm.threadReplies: "inbound"`, `channels.telegram.direct.<chatId>.threadReplies: "inbound"`, `requireTopic: true`, or a matching topic config when you intentionally want DM topic session isolation.
 - Long polling uses grammY runner with per-chat/per-thread sequencing. Overall runner sink concurrency uses `agents.defaults.maxConcurrent`.
 - Multi-account startup bounds concurrent Telegram `getMe` probes so large bot fleets do not fan out every account probe at once.
 - Long polling is guarded inside each gateway process so only one active poller can use a bot token at a time. If you still see `getUpdates` 409 conflicts, another OpenClaw gateway, script, or external poller is likely using the same token.
 - Long-polling watchdog restarts trigger after 120 seconds without completed `getUpdates` liveness by default. Increase `channels.telegram.pollingStallThresholdMs` only if your deployment still sees false polling-stall restarts during long-running work. The value is in milliseconds and is allowed from `30000` to `600000`; per-account overrides are supported.
 - Telegram Bot API has no read-receipt support (`sendReadReceipts` does not apply).

-<Note>
-  `channels.telegram.dm.threadReplies` and `channels.telegram.direct.<chatId>.threadReplies` were removed. Run `openclaw doctor --fix` after upgrading if your config still has those keys. DM topic routing now follows the bot capability from Telegram `getMe.has_topics_enabled`, which is controlled by BotFather threaded mode: topics-enabled bots use thread-scoped DM sessions when Telegram sends `message_thread_id`; other DMs stay on the flat session.
-</Note>
-
 ## Feature reference

 <AccordionGroup>
@@ -667,8 +663,7 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"

    **Thread-bound ACP spawn from chat**: `/acp spawn <agent> --thread here|auto` binds the current topic to a new ACP session; follow-ups route there directly. OpenClaw pins the spawn confirmation in-topic. Requires `channels.telegram.threadBindings.spawnSessions` to remain enabled (default: `true`).

-    Template context exposes `MessageThreadId` and `IsForum`. DM chats with `message_thread_id` keep reply metadata; they use thread-aware session keys only when Telegram `getMe` reports `has_topics_enabled: true` for the bot.
-    The former `dm.threadReplies` and `direct.*.threadReplies` overrides are intentionally retired; use BotFather threaded mode as the single source of truth and run `openclaw doctor --fix` to remove stale config keys.
+    Template context exposes `MessageThreadId` and `IsForum`. DM chats with `message_thread_id` keep DM routing and reply metadata on flat sessions by default; they only use thread-aware session keys when configured with `threadReplies: "inbound"`, `threadReplies: "always"`, `requireTopic: true`, or a matching topic config. Use top-level `channels.telegram.dm.threadReplies` for the account default, or `direct.<chatId>.threadReplies` for one DM.

  </Accordion>

@@ -1083,7 +1078,7 @@ Primary reference: [Configuration reference - Telegram](/gateway/config-channels
 - topic defaults: `groups.<chatId>.topics."*"` applies to unmatched forum topics; exact topic IDs override it
 - exec approvals: `execApprovals`, `accounts.*.execApprovals`
 - command/menu: `commands.native`, `commands.nativeSkills`, `customCommands`
- threading/replies: `replyToMode`
+- threading/replies: `replyToMode`, `dm.threadReplies`, `direct.*.threadReplies`
 - streaming: `streaming` (preview), `streaming.preview.toolProgress`, `blockStreaming`
 - formatting/delivery: `textChunkLimit`, `chunkMode`, `linkPreview`, `responsePrefix`
 - media/network: `mediaMaxMb`, `mediaGroupFlushMs`, `timeoutSeconds`, `pollingStallThresholdMs`, `retry`, `network.autoSelectFamily`, `network.dangerouslyAllowPrivateNetwork`, `proxy`
--- a/docs/channels/whatsapp.md
+++ b/docs/channels/whatsapp.md
@@ -522,7 +522,6 @@ Ack reactions are gated by `reactionLevel` — they are suppressed when `reactio
 Behavior notes:

 - sent immediately after inbound is accepted (pre-reply)
- if `ackReaction` is present without `emoji`, WhatsApp uses the routed agent's identity emoji, falling back to "👀"; omit `ackReaction` or set `emoji: ""` to send no ack reaction
 - failures are logged but do not block normal reply delivery
 - group mode `mentions` reacts on mention-triggered turns; group activation `always` acts as bypass for this check
 - WhatsApp uses `channels.whatsapp.ackReaction` (legacy `messages.ackReaction` is not used here)
@@ -549,7 +548,6 @@ Set `messages.statusReactions.enabled: true` to let WhatsApp replace the ack rea
 Behavior notes:

 - `channels.whatsapp.ackReaction` still controls whether status reactions are eligible for direct messages and groups.
- The queued status reaction uses the same effective ack emoji as plain ack reactions.
 - WhatsApp has one bot reaction slot per message, so lifecycle updates replace the current reaction in place.
 - `messages.removeAckAfterReply: true` clears the final status reaction after the configured done/error hold.
 - Tool emoji categories include `tool`, `coding`, `web`, `deploy`, `build`, and `concierge`.
--- a/docs/ci.md
+++ b/docs/ci.md
@@ -43,7 +43,7 @@ OpenClaw CI runs on every push to `main` and every pull request. The `preflight`

 GitHub may mark superseded jobs as `cancelled` when a newer push lands on the same PR or `main` ref. Treat that as CI noise unless the newest run for the same ref is also failing. Matrix jobs use `fail-fast: false`, and `build-artifacts` reports embedded channel, core-support-boundary, and gateway-watch failures directly instead of queuing tiny verifier jobs. The automatic CI concurrency key is versioned (`CI-v7-*`) so a GitHub-side zombie in an old queue group cannot indefinitely block newer main runs. Manual full-suite runs use `CI-manual-v1-*` and do not cancel in-progress runs.

-The `ci-timings-summary` job uploads a compact `ci-timings-summary` artifact for each non-draft CI run. It records wall time, queue time, slowest jobs, and failed jobs for the current run, so CI health checks do not need to scrape the full Actions payload repeatedly. The `build-artifacts` job also runs the blocking startup-memory smoke and uploads a `startup-memory` artifact with per-command RSS values for `--help`, `status --json`, and `gateway status`.
+The `ci-timings-summary` job uploads a compact `ci-timings-summary` artifact for each non-draft CI run. It records wall time, queue time, slowest jobs, and failed jobs for the current run, so CI health checks do not need to scrape the full Actions payload repeatedly.

 ## Real behavior proof

@@ -157,8 +157,6 @@ node scripts/ci-run-timings.mjs --latest-main # ignore issue/comment noise and c
 node scripts/ci-run-timings.mjs --recent 10   # compare recent successful main CI runs
 pnpm test:perf:groups --full-suite --allow-failures --output .artifacts/test-perf/baseline-before.json
 pnpm test:perf:groups:compare .artifacts/test-perf/baseline-before.json .artifacts/test-perf/after-agent.json
-pnpm test:startup:memory
-pnpm test:extensions:memory -- --json .artifacts/openclaw-performance/source/mock-provider/extension-memory.json
 pnpm perf:kova:summary --report .artifacts/kova/reports/mock-provider/report.json --output .artifacts/kova/summary.md
 ```

@@ -180,7 +178,7 @@ The workflow installs OCM from a pinned release and Kova from `openclaw/Kova` at
 - `mock-deep-profile`: CPU/heap/trace profiling for startup, gateway, and agent-turn hotspots.
 - `live-openai-candidate`: a real OpenAI `openai/gpt-5.5` agent turn, skipped when `OPENAI_API_KEY` is unavailable.

-The mock-provider lane also runs OpenClaw-native source probes after the Kova pass: gateway boot timing and memory across default, hook, and 50-plugin startup cases; bundled plugin import RSS, repeated mock-OpenAI `channel-chat-baseline` hello loops, and CLI startup commands against the booted gateway. When the previous published mock-provider source report is available for the tested ref, the source summary compares current RSS and heap values against that baseline and marks large RSS increases as `watch`. The source probe Markdown summary lives at `source/index.md` in the report bundle, with raw JSON beside it.
+The mock-provider lane also runs OpenClaw-native source probes after the Kova pass: gateway boot timing and memory across default, hook, and 50-plugin startup cases; repeated mock-OpenAI `channel-chat-baseline` hello loops; and CLI startup commands against the booted gateway. The source probe Markdown summary lives at `source/index.md` in the report bundle, with raw JSON beside it.

 Every lane uploads GitHub artifacts. When `CLAWGRIT_REPORTS_TOKEN` is configured, the workflow also commits `report.json`, `report.md`, bundles, `index.md`, and source-probe artifacts into `openclaw/clawgrit-reports` under `openclaw-performance/<tested-ref>/<run-id>-<attempt>/<lane>/`. The current tested-ref pointer is written as `openclaw-performance/<tested-ref>/latest-<lane>.json`.

@@ -376,7 +374,7 @@ The separate `Install Smoke` workflow reuses the same scope script through its o

 `main` pushes (including merge commits) do not force the full path; when changed-scope logic would request full coverage on a push, the workflow keeps the fast Docker smoke and leaves the full install smoke to nightly or release validation.

-The slow Bun global install image-provider smoke is separately gated by `run_bun_global_install_smoke`. It runs on the nightly schedule and from the release checks workflow, and manual `Install Smoke` dispatches can opt into it, but pull requests and `main` pushes do not. Normal PR CI still runs the fast Bun launcher regression lane for Node-relevant changes. QR and installer Docker tests keep their own install-focused Dockerfiles.
+The slow Bun global install image-provider smoke is separately gated by `run_bun_global_install_smoke`. It runs on the nightly schedule and from the release checks workflow, and manual `Install Smoke` dispatches can opt into it, but pull requests and `main` pushes do not. QR and installer Docker tests keep their own install-focused Dockerfiles.

 ## Local Docker E2E

@@ -505,7 +503,7 @@ The `Docs Agent` workflow is an event-driven Codex maintenance lane for keeping

 ### Test Performance Agent

-The `Test Performance Agent` workflow is an event-driven Codex maintenance lane for slow tests. It has no pure schedule: a successful non-bot push CI run on `main` can trigger it, but it skips if another workflow-run invocation already ran or is running that UTC day. Manual dispatch bypasses that daily activity gate. The lane builds a full-suite grouped Vitest performance report, lets Codex make only small coverage-preserving test performance fixes instead of broad refactors, then reruns the full-suite report and rejects changes that reduce the passing baseline test count. The grouped report records per-config wall time and max RSS on Linux and macOS, so the before/after comparison surfaces test memory deltas beside duration deltas. If the baseline has failing tests, Codex may fix only obvious failures and the after-agent full-suite report must pass before anything is committed. When `main` advances before the bot push lands, the lane rebases the validated patch, reruns `pnpm check:changed`, and retries the push; conflicting stale patches are skipped. It uses GitHub-hosted Ubuntu so the Codex action can keep the same drop-sudo safety posture as the docs agent.
+The `Test Performance Agent` workflow is an event-driven Codex maintenance lane for slow tests. It has no pure schedule: a successful non-bot push CI run on `main` can trigger it, but it skips if another workflow-run invocation already ran or is running that UTC day. Manual dispatch bypasses that daily activity gate. The lane builds a full-suite grouped Vitest performance report, lets Codex make only small coverage-preserving test performance fixes instead of broad refactors, then reruns the full-suite report and rejects changes that reduce the passing baseline test count. If the baseline has failing tests, Codex may fix only obvious failures and the after-agent full-suite report must pass before anything is committed. When `main` advances before the bot push lands, the lane rebases the validated patch, reruns `pnpm check:changed`, and retries the push; conflicting stale patches are skipped. It uses GitHub-hosted Ubuntu so the Codex action can keep the same drop-sudo safety posture as the docs agent.

 ### Duplicate PRs After Merge

@@ -576,7 +574,7 @@ pnpm crabbox:run -- --provider blacksmith-testbox \
  --ttl 240m \
  --timing-json \
  --shell -- \
-  "corepack pnpm check:changed"
+  "env CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm check:changed"
 ```

 Focused test rerun:
@@ -591,7 +589,7 @@ pnpm crabbox:run -- --provider blacksmith-testbox \
  --ttl 240m \
  --timing-json \
  --shell -- \
-  "corepack pnpm test <path-or-filter>"
+  "env CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test <path-or-filter>"
 ```

 Full suite:
@@ -606,7 +604,7 @@ pnpm crabbox:run -- --provider blacksmith-testbox \
  --ttl 240m \
  --timing-json \
  --shell -- \
-  "corepack pnpm test"
+  "env CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm test"
 ```

 Read the final JSON summary. The useful fields are `provider`, `leaseId`, `syncDelegated`, `exitCode`, `commandMs`, and `totalMs`. One-shot Blacksmith-backed Crabbox runs should stop the Testbox automatically; if a run is interrupted or cleanup is unclear, inspect live boxes and stop only the boxes you created:
@@ -641,7 +639,7 @@ Escalate to owned Crabbox capacity only when Blacksmith is down, quota-limited,
 CRABBOX_CAPACITY_REGIONS=eu-west-1,eu-west-2,eu-central-1,us-east-1,us-west-2 \
  pnpm crabbox:warmup -- --provider aws --class standard --market on-demand --idle-timeout 90m
 pnpm crabbox:hydrate -- --id <cbx_id-or-slug>
-pnpm crabbox:run -- --id <cbx_id-or-slug> --timing-json --shell -- "pnpm check:changed"
+pnpm crabbox:run -- --id <cbx_id-or-slug> --timing-json --shell -- "env NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 pnpm check:changed"
 pnpm crabbox:stop -- <cbx_id-or-slug>
 ```

--- a/docs/cli/docs.md
+++ b/docs/cli/docs.md
@@ -2,13 +2,13 @@
 summary: "CLI reference for `openclaw docs` (search the live docs index)"
 read_when:
  - You want to search the live OpenClaw docs from the terminal
-  - You need to know which hosted search API the docs CLI calls
+  - You need to know which helper binaries the docs CLI shells out to
 title: "Docs"
 ---

 # `openclaw docs`

-Search the live OpenClaw docs index from the terminal. The command calls OpenClaw's Cloudflare-hosted docs search API and renders the results in your terminal.
+Search the live OpenClaw docs index from the terminal. The command shells out to the public Mintlify-hosted docs MCP search endpoint at `https://docs.openclaw.ai/mcp.search_open_claw` and renders the results in your terminal.

 ## Usage

@@ -35,7 +35,17 @@ With no query, `openclaw docs` prints the docs entrypoint URL plus a sample sear

 ## How it works

-`openclaw docs` calls `https://docs.openclaw.ai/api/search` and renders the JSON results. The search call uses a fixed 30 second timeout.
+`openclaw docs` invokes the `mcporter` CLI to call the docs search MCP tool, then parses the `Title: / Link: / Content:` blocks from the tool output into a list of results.
+
+To resolve `mcporter`, OpenClaw checks in order:
+
+1. `mcporter` on `PATH` (used directly if present).
+2. `pnpm dlx mcporter ...` if `pnpm` is installed.
+3. `npx -y mcporter ...` if `npx` is installed.
+
+If none are available, the command fails with a hint to install `pnpm` (`npm install -g pnpm`).
+
+The search call uses a fixed 30 second timeout. Result snippets are truncated to ~220 characters per entry.

 ## Output

@@ -52,10 +62,10 @@ In non-rich output (piped, `--no-color`, scripts), the same data renders as Mark

 ## Exit codes

-| Code | Meaning                                                           |
-| ---- | ----------------------------------------------------------------- |
-| `0`  | Search succeeded (including zero-result responses).               |
-| `1`  | The hosted docs search API call failed; stderr is printed inline. |
+| Code | Meaning                                             |
+| ---- | --------------------------------------------------- |
+| `0`  | Search succeeded (including zero-result responses). |
+| `1`  | The MCP tool call failed; stderr is printed inline. |

 ## Related

--- a/docs/cli/index.md
+++ b/docs/cli/index.md
@@ -30,12 +30,12 @@ Use the setup commands by intent:
 | Models and inference | [`models`](/cli/models) · [`infer`](/cli/infer) · `capability` (alias for [`infer`](/cli/infer)) · [`memory`](/cli/memory) · [`commitments`](/cli/commitments) · [`wiki`](/cli/wiki)                                                      |
 | Network and nodes    | [`directory`](/cli/directory) · [`nodes`](/cli/nodes) · [`devices`](/cli/devices) · [`node`](/cli/node)                                                                                                                                   |
 | Runtime and sandbox  | [`approvals`](/cli/approvals) · `exec-policy` (see [`approvals`](/cli/approvals)) · [`sandbox`](/cli/sandbox) · [`tui`](/cli/tui) · `chat`/`terminal` (aliases for [`tui --local`](/cli/tui)) · [`browser`](/cli/browser)                 |
-| Automation           | [`cron`](/cli/cron) · [`tasks`](/cli/tasks) · [`hooks`](/cli/hooks) · [`webhooks`](/cli/webhooks) · [`transcripts`](/cli/transcripts)                                                                                                     |
+| Automation           | [`cron`](/cli/cron) · [`tasks`](/cli/tasks) · [`hooks`](/cli/hooks) · [`webhooks`](/cli/webhooks)                                                                                                                                         |
 | Discovery and docs   | [`dns`](/cli/dns) · [`docs`](/cli/docs)                                                                                                                                                                                                   |
 | Pairing and channels | [`pairing`](/cli/pairing) · [`qr`](/cli/qr) · [`channels`](/cli/channels)                                                                                                                                                                 |
 | Security and plugins | [`security`](/cli/security) · [`secrets`](/cli/secrets) · [`skills`](/cli/skills) · [`plugins`](/cli/plugins) · [`proxy`](/cli/proxy)                                                                                                     |
 | Legacy aliases       | [`daemon`](/cli/daemon) (gateway service) · [`clawbot`](/cli/clawbot) (namespace)                                                                                                                                                         |
-| Plugins (optional)   | [`path`](/cli/path) · [`policy`](/cli/policy) · [`voicecall`](/cli/voicecall) (if installed)                                                                                                                                              |
+| Plugins (optional)   | [`meeting-notes`](/cli/meeting-notes) · [`path`](/cli/path) · [`policy`](/cli/policy) · [`voicecall`](/cli/voicecall) (if installed)                                                                                                      |

 ## Global flags

@@ -128,7 +128,7 @@ openclaw [--dev] [--profile <name>] <command>
    status
    index
    search
-  transcripts
+  meeting-notes
    list
    show
    path
--- a/docs/cli/logs.md
+++ b/docs/cli/logs.md
@@ -24,8 +24,7 @@ Related:
 - `--json`: emit line-delimited JSON events
 - `--plain`: plain text output without styled formatting
 - `--no-color`: disable ANSI colors
- `--local-time`: render timestamps in your local timezone (default)
- `--utc`: render timestamps in UTC
+- `--local-time`: render timestamps in your local timezone

 ## Shared Gateway RPC options

@@ -50,14 +49,13 @@ openclaw logs --plain
 openclaw logs --no-color
 openclaw logs --limit 500
 openclaw logs --local-time
-openclaw logs --utc
 openclaw logs --follow --local-time
 openclaw logs --url ws://127.0.0.1:18789 --token "$OPENCLAW_GATEWAY_TOKEN"
 ```

 ## Notes

- Timestamps render in your local timezone by default. Use `--utc` for UTC output.
+- Use `--local-time` to render timestamps in your local timezone.
 - If the implicit local loopback Gateway asks for pairing, closes during connect, or times out before `logs.tail` answers, `openclaw logs` falls back to the configured Gateway file log automatically. Explicit `--url` targets do not use this fallback.
 - `openclaw logs --follow` does not follow configured-file fallbacks after implicit local Gateway RPC failures. On Linux, it uses the active user-systemd Gateway journal by PID when available and prints the selected log source; otherwise it keeps retrying the live Gateway instead of tailing a potentially stale side-by-side file.
 - When using `--follow`, transient gateway disconnects (WebSocket close, timeout, connection drop) trigger automatic reconnection with exponential backoff (up to 8 retries, capped at 30 s between attempts). A warning is printed to stderr on each retry, and a `[logs] gateway reconnected` notice is printed once a poll succeeds. In `--json` mode both the retry warning and the reconnect transition are emitted as `{"type":"notice"}` records on stderr. Non-recoverable errors (auth failure, bad configuration) still exit immediately.
--- a/docs/cli/meeting-notes.md
+++ b/docs/cli/meeting-notes.md
@@ -1,17 +1,18 @@
 ---
-summary: "CLI reference for `openclaw transcripts` (list, show, and locate stored transcripts)"
+summary: "CLI reference for `openclaw meeting-notes` (list, show, and locate stored meeting notes)"
 read_when:
-  - You want to read stored transcript summaries from the terminal
-  - You need the path to a transcripts markdown summary
-  - You are debugging the core transcripts storage layout
-title: "Transcripts CLI"
+  - You want to read stored meeting note summaries from the terminal
+  - You need the path to a meeting notes markdown summary
+  - You are debugging the meeting-notes plugin storage layout
+title: "Meeting Notes CLI"
 ---

-# `openclaw transcripts`
+# `openclaw meeting-notes`

-Inspect transcripts written by OpenClaw's core `transcripts` tool. This CLI is
-read-only; capture, import, and summarization are owned by the agent tool and
-configured auto-start sources.
+Inspect meeting notes written by the external `meeting-notes` plugin. This CLI
+is read-only and is available when that plugin is installed or loaded from
+source. Capture, import, and summarization are owned by the `meeting_notes`
+agent tool and by configured auto-start sources.

 Use the CLI when you want to find yesterday's notes, open the Markdown file in
 an editor, feed a transcript to another tool, or debug where a session landed on
@@ -20,7 +21,7 @@ disk. It does not start or stop capture.
 Artifacts live under the OpenClaw state directory:

 ```text
-$OPENCLAW_STATE_DIR/transcripts/YYYY-MM-DD/<session>/
+$OPENCLAW_STATE_DIR/meeting-notes/YYYY-MM-DD/<session>/
  metadata.json
  transcript.jsonl
  summary.json
@@ -34,17 +35,17 @@ session directory is a safe filesystem segment derived from the session id.
 ## Commands

 ```bash
-openclaw transcripts list
-openclaw transcripts show <session>
-openclaw transcripts show YYYY-MM-DD/<session>
-openclaw transcripts path <session>
-openclaw transcripts path YYYY-MM-DD/<session>
-openclaw transcripts path <session> --dir
-openclaw transcripts path <session> --metadata
-openclaw transcripts path <session> --transcript
-openclaw transcripts list --json
-openclaw transcripts show <session> --json
-openclaw transcripts path <session> --json
+openclaw meeting-notes list
+openclaw meeting-notes show <session>
+openclaw meeting-notes show YYYY-MM-DD/<session>
+openclaw meeting-notes path <session>
+openclaw meeting-notes path YYYY-MM-DD/<session>
+openclaw meeting-notes path <session> --dir
+openclaw meeting-notes path <session> --metadata
+openclaw meeting-notes path <session> --transcript
+openclaw meeting-notes list --json
+openclaw meeting-notes show <session> --json
+openclaw meeting-notes path <session> --json
 ```

 - `list`: list stored sessions, date-qualified selector, start time, title, and `summary.md` path.
@@ -56,7 +57,7 @@ openclaw transcripts path <session> --json
 - `--json`: print machine-readable output.

 When a human session id repeats across days, use the date-qualified selector
-from `list`, for example `openclaw transcripts show 2026-05-22/standup`.
+from `list`, for example `openclaw meeting-notes show 2026-05-22/standup`.
 Default session ids include a timestamp and random suffix; configure fixed
 session ids only when they are unique within the day.

@@ -65,7 +66,7 @@ session ids only when they are unique within the day.
 `list` prints one session per line:

 ```text
-2026-05-22/standup  2026-05-22T09:00:00.000Z  Weekly standup  /Users/alex/.openclaw/transcripts/2026-05-22/standup/summary.md
+2026-05-22/standup  2026-05-22T09:00:00.000Z  Weekly standup  /Users/alex/.openclaw/meeting-notes/2026-05-22/standup/summary.md
 ```

 The output is tab-separated. The columns are selector, start time, title, and
@@ -90,13 +91,13 @@ and whether that file exists.

 ## Many meetings per day

-Transcripts groups sessions by date, then by session id. Ten meetings on one
+Meeting Notes groups sessions by date, then by session id. Ten meetings on one
 day become ten sibling folders:

 ```text
-~/.openclaw/transcripts/2026-05-22/
-  transcript-2026-05-22T09-00-00-000Z-a1b2c3d4/
-  transcript-2026-05-22T10-30-00-000Z-b2c3d4e5/
+~/.openclaw/meeting-notes/2026-05-22/
+  meeting-2026-05-22T09-00-00-000Z-a1b2c3d4/
+  meeting-2026-05-22T10-30-00-000Z-b2c3d4e5/
  standup/
 ```

@@ -111,41 +112,7 @@ write `summary.md` immediately after import. A session can still appear in
 or metadata was written before any utterances arrived.

 Use `path <session> --transcript` to inspect the append-only transcript, and use
-the `transcripts` tool action `summarize` to regenerate the Markdown summary.
+the `meeting_notes` tool action `summarize` to regenerate the Markdown summary.

-## Configuration
-
-Transcript capture is opt-in because live sources can join and record meeting
-audio. Enable the tool with top-level `transcripts.enabled`:
-
-```json
-{
-  "transcripts": {
-    "enabled": true,
-    "maxUtterances": 2000
-  }
-}
-```
-
-Configure auto-start sources with `transcripts.autoStart` in `openclaw.json`.
-Each entry is enabled by being present; omit an entry to disable that source.
-
-```json
-{
-  "transcripts": {
-    "enabled": true,
-    "autoStart": [
-      {
-        "providerId": "discord-voice",
-        "guildId": "1234567890",
-        "channelId": "2345678901"
-      },
-      {
-        "providerId": "slack-huddle",
-        "accountId": "workspace",
-        "channelId": "C123"
-      }
-    ]
-  }
-}
-```
+See [Meeting Notes](/plugins/meeting-notes) for configuration, auto-start, and
+source-provider details.
--- a/docs/cli/plugins.md
+++ b/docs/cli/plugins.md
@@ -103,7 +103,7 @@ rewriting files.

 ```bash
 openclaw plugins search "calendar"                   # search ClawHub plugins
-openclaw plugins install <package>                      # source auto-detection
+openclaw plugins install <package>                      # npm by default
 openclaw plugins install clawhub:<package>              # ClawHub only
 openclaw plugins install npm:<package>                  # npm only
 openclaw plugins install npm-pack:<path.tgz>            # local npm pack through npm install semantics
@@ -123,7 +123,7 @@ sources with guarded environment variables. See
 [Plugin install overrides](/plugins/install-overrides).

 <Warning>
-Bare package names install from npm by default during the launch cutover, unless they match an official plugin id. Raw `@openclaw/*` package specs that match bundled plugins use the bundled copy that shipped with the current OpenClaw build. Use `npm:<package>` when you deliberately want an external npm package instead. Use `clawhub:<package>` for ClawHub. Treat plugin installs like running code. Prefer pinned versions.
+Bare package names install from npm by default during the launch cutover. Use `clawhub:<package>` for ClawHub. Treat plugin installs like running code. Prefer pinned versions.
 </Warning>

 `plugins search` queries ClawHub for installable plugin packages and prints
@@ -171,9 +171,7 @@ is available, then fall back to `latest`.

    Npm specs are **registry-only** (package name + optional **exact version** or **dist-tag**). Git/URL/file specs and semver ranges are rejected. Dependency installs run project-local with `--ignore-scripts` for safety, even when your shell has global npm install settings. Managed plugin npm roots inherit OpenClaw's package-level npm `overrides`, so host security pins apply to hoisted plugin dependencies too.

-    Use `npm:<package>` when you want to make npm resolution explicit. Bare package specs also install directly from npm during the launch cutover unless they match an official plugin id.
-
-    Raw `@openclaw/*` package specs that match bundled plugins resolve to the image-owned bundled copy before npm fallback. For example, `openclaw plugins install @openclaw/discord@2026.5.20 --pin` uses the bundled Discord plugin from the current OpenClaw build instead of creating a managed npm override. To force the external npm package, use `openclaw plugins install npm:@openclaw/discord@2026.5.20 --pin`.
+    Use `npm:<package>` when you want to make npm resolution explicit. Bare package specs also install directly from npm during the launch cutover.

    Bare specs and `@latest` stay on the stable track. OpenClaw date-stamped correction versions such as `2026.5.3-1` are stable releases for this check. If npm resolves either of those to a prerelease, OpenClaw stops and asks you to opt in explicitly with a prerelease tag such as `@beta`/`@rc` or an exact prerelease version such as `@1.2.3-beta.4`.

@@ -209,7 +207,7 @@ openclaw plugins install clawhub:openclaw-codex-app-server
 openclaw plugins install clawhub:openclaw-codex-app-server@1.2.3
 ```

-Bare npm-safe plugin specs install from npm by default during the launch cutover unless they match an official plugin id:
+Bare npm-safe plugin specs install from npm by default during the launch cutover:

 ```bash
 openclaw plugins install openclaw-codex-app-server
@@ -219,7 +217,6 @@ Use `npm:` to make npm-only resolution explicit:

 ```bash
 openclaw plugins install npm:openclaw-codex-app-server
-openclaw plugins install npm:@openclaw/discord@2026.5.20
 openclaw plugins install npm:@scope/plugin-name@1.0.1
 ```

--- a/docs/cli/policy.md
+++ b/docs/cli/policy.md
@@ -172,22 +172,6 @@ present in `policy.jsonc`. The observed state is existing OpenClaw config or
 workspace metadata; policy reports drift but does not rewrite runtime behavior
 unless a repair path is explicitly available and enabled.

-Agent-specific policy overlays keep broad `tools.*` and `agents.workspace`
-posture global, then let named scope blocks add stricter normal policy sections
-for explicit `agentIds` under `scopes.<scopeName>`. The initial scoped
-sections are `tools` and `agents.workspace`; sandbox and ingress can use the
-same container once their evidence is attributable to an agent. Scoped fields
-carry strictness metadata such as allowlist subset, denylist superset, required
-boolean, and exact-list semantics so future policy-file conformance can reuse
-the same rule inventory instead of guessing. The overlay is additive: global
-claims still run, and a scoped claim can emit its own finding against the same
-observed config. See [Agent-scoped policy overlays](/plan/policy-agent-scoped-overlays).
-Every scope present in `policy.jsonc` must be valid and enforceable. Scopes
-currently require `agentIds`, and that selector supports only `tools.*` and
-`agents.workspace.*`. If an `agentIds` entry is not present in `agents.list[]`,
-the scoped rule is evaluated against the inherited global/default posture for
-that runtime agent id instead of being skipped.
-
 #### Channels

 | Policy field                         | Observed state                          | Use when                                                     |
@@ -266,7 +250,6 @@ that runtime agent id instead of being skipped.
 | `tools.exec.requireAsk`         | `tools.exec.ask` and per-agent exec ask mode                | Require approval posture such as `always`.                                                               |
 | `tools.exec.allowHosts`         | `tools.exec.host` and per-agent exec host routing           | Allow only exec host routing modes such as `sandbox`.                                                    |
 | `tools.elevated.allow`          | `tools.elevated.enabled` and per-agent elevated posture     | Set to `false` to require elevated tool mode to stay disabled.                                           |
-| `tools.alsoAllow.expected`      | `tools.alsoAllow` and per-agent `tools.alsoAllow`           | Require exact `alsoAllow` entries and report missing or unexpected additive tool grants.                 |
 | `tools.denyTools`               | `tools.deny` and `agents.list[].tools.deny`                 | Require configured tool deny lists to include tool ids or groups such as `group:runtime` and `group:fs`. |

 Run policy-only checks during authoring:
@@ -550,8 +533,6 @@ Policy currently verifies:
 | `policy/tools-exec-ask-unapproved`           | Exec ask mode is outside the policy allowlist.                                   |
 | `policy/tools-exec-host-unapproved`          | Exec host routing is outside the policy allowlist.                               |
 | `policy/tools-elevated-enabled`              | Elevated tool mode is enabled when policy denies it.                             |
-| `policy/tools-also-allow-missing`            | A configured `alsoAllow` list is missing an entry required by policy.            |
-| `policy/tools-also-allow-unexpected`         | A configured `alsoAllow` list includes an entry not expected by policy.          |
 | `policy/tools-required-deny-missing`         | A global or per-agent tool deny list does not include a required denied tool.    |
 | `policy/secrets-unmanaged-provider`          | A config SecretRef references a provider not declared under `secrets.providers`. |
 | `policy/secrets-denied-provider-source`      | A config secret provider or SecretRef uses a source denied by policy.            |
--- a/docs/cli/security.md
+++ b/docs/cli/security.md
@@ -32,19 +32,7 @@ This is for cooperative/shared inbox hardening. A single Gateway shared by mutua
 It also emits `security.trust_model.multi_user_heuristic` when config suggests likely shared-user ingress (for example open DM/group policy, configured group targets, or wildcard sender rules), and reminds you that OpenClaw is a personal-assistant trust model by default.
 For intentional shared-user setups, the audit guidance is to sandbox all sessions, keep filesystem access workspace-scoped, and keep personal/private identities or credentials off that runtime.
 It also warns when small models (`<=300B`) are used without sandboxing and with web/browser tools enabled.
-For webhook ingress, it warns when:
-
- `hooks.token` reuses an active Gateway shared-secret auth value (`gateway.auth.token` / `OPENCLAW_GATEWAY_TOKEN` or `gateway.auth.password` / `OPENCLAW_GATEWAY_PASSWORD`)
- `hooks.token` is short
- `hooks.path="/"`
- `hooks.defaultSessionKey` is unset
- `hooks.allowedAgentIds` is unrestricted
- request `sessionKey` overrides are enabled
- overrides are enabled without `hooks.allowedSessionKeyPrefixes`
-
-If Gateway password auth is supplied only at startup, pass the same value to `openclaw security audit --auth password --password <password>` so the audit can check it against `hooks.token`.
-Password-mode reuse is an audit finding for compatibility; rotate one of the secrets instead of expecting Gateway startup to reject that configuration.
-
+For webhook ingress, it warns when `hooks.token` reuses the Gateway token, when `hooks.token` is short, when `hooks.path="/"`, when `hooks.defaultSessionKey` is unset, when `hooks.allowedAgentIds` is unrestricted, when request `sessionKey` overrides are enabled, and when overrides are enabled without `hooks.allowedSessionKeyPrefixes`.
 It also warns when sandbox Docker settings are configured while sandbox mode is off, when `gateway.nodes.denyCommands` uses ineffective pattern-like/unknown entries (exact node command-name matching only, not shell-text filtering), when `gateway.nodes.allowCommands` explicitly enables dangerous node commands, when global `tools.profile="minimal"` is overridden by agent tool profiles, when write/edit tools are disabled but `exec` is still available without a constraining sandbox filesystem boundary, when open groups expose runtime/filesystem tools without sandbox/workspace guards, and when installed plugin tools may be reachable under permissive tool policy.
 It also flags `gateway.allowRealIpFallback=true` (header-spoofing risk if proxies are misconfigured) and `discovery.mdns.mode="full"` (metadata leakage via mDNS TXT records).
 It also warns when sandbox browser uses Docker `bridge` network without `sandbox.browser.cdpSourceRange`.
--- a/docs/concepts/agent-loop.md
+++ b/docs/concepts/agent-loop.md
@@ -165,7 +165,7 @@ surfaces, while Codex native hooks remain a separate lower-level Codex mechanism
 - `agent.wait` default: 30s (just the wait). `timeoutMs` param overrides.
 - Agent runtime: `agents.defaults.timeoutSeconds` default 172800s (48 hours); enforced in `runEmbeddedPiAgent` abort timer.
 - Cron runtime: isolated agent-turn `timeoutSeconds` is owned by cron. The scheduler starts that timer when execution begins, aborts the underlying run at the configured deadline, then runs bounded cleanup before recording the timeout so a stale child session cannot keep the lane stuck.
- Session liveness diagnostics: with diagnostics enabled, `diagnostics.stuckSessionWarnMs` classifies long `processing` sessions that have no observed reply, tool, status, block, or ACP progress. Active embedded runs, model calls, and tool calls report as `session.long_running`; active work with no recent progress reports as `session.stalled`; `session.stuck` is reserved for recoverable stale session bookkeeping, including idle queued sessions with stale ownerless model/tool activity. Stale session bookkeeping releases the affected session lane immediately after recovery gates pass; stalled embedded runs are abort-drained only after `diagnostics.stuckSessionAbortMs` (default: at least 5 minutes and 3x the warning threshold) so queued work can resume without cutting off merely slow runs. Recovery emits structured requested/completed outcomes, and diagnostic state is marked idle only if the same processing generation is still current. Repeated `session.stuck` diagnostics back off while the session remains unchanged.
+- Session liveness diagnostics: with diagnostics enabled, `diagnostics.stuckSessionWarnMs` classifies long `processing` sessions that have no observed reply, tool, status, block, or ACP progress. Active embedded runs, model calls, and tool calls report as `session.long_running`; active work with no recent progress reports as `session.stalled`; `session.stuck` is reserved for stale session bookkeeping with no active work. Stale session bookkeeping releases the affected session lane immediately; stalled embedded runs are abort-drained only after `diagnostics.stuckSessionAbortMs` (default: at least 5 minutes and 3x the warning threshold) so queued work can resume without cutting off merely slow runs. Recovery emits structured requested/completed outcomes, and diagnostic state is marked idle only if the same processing generation is still current. Repeated `session.stuck` diagnostics back off while the session remains unchanged.
 - Model idle timeout: OpenClaw aborts a model request when no response chunks arrive before the idle window. `models.providers.<id>.timeoutSeconds` extends this idle watchdog for slow local/self-hosted providers, but it is still bounded by any lower `agents.defaults.timeoutSeconds` or run-specific timeout because those control the whole agent run. Otherwise OpenClaw uses `agents.defaults.timeoutSeconds` when configured, capped at 120s by default. Cron-triggered runs with no explicit model or agent timeout disable the idle watchdog and rely on the cron outer timeout.
 - Provider HTTP request timeout: `models.providers.<id>.timeoutSeconds` applies to that provider's model HTTP fetches, including connect, headers, body, SDK request timeout, total guarded-fetch abort handling, and model stream idle watchdog. Use this for slow local/self-hosted providers such as Ollama before raising the whole agent runtime timeout, and keep the agent/runtime timeout at least as high when the model request needs to run longer.

--- a/docs/concepts/compaction.md
+++ b/docs/concepts/compaction.md
@@ -106,14 +106,14 @@ The byte guard requires `truncateAfterCompaction: true`. Without transcript rota

 ### Successor transcripts

-When `agents.defaults.compaction.truncateAfterCompaction` is enabled, OpenClaw does not rewrite the existing transcript in place. It creates a new active successor transcript from the compaction summary, preserved state, and unsummarized tail, then records checkpoint metadata that points branch/restore flows at that compacted successor.
+When `agents.defaults.compaction.truncateAfterCompaction` is enabled, OpenClaw does not rewrite the existing transcript in place. It creates a new active successor transcript from the compaction summary, preserved state, and unsummarized tail, then keeps the previous JSONL as the archived checkpoint source.
 Successor transcripts also drop exact duplicate long user turns that arrive
 inside a short retry window, so channel retry storms are not carried into the
 next active transcript after compaction.

-OpenClaw no longer writes separate `.checkpoint.*.jsonl` copies for new
-compactions. Existing legacy checkpoint files can still be used while referenced
-and are pruned by normal session cleanup.
+Pre-compaction checkpoints are retained only while they stay below OpenClaw's
+checkpoint size cap; oversized active transcripts still compact, but OpenClaw
+skips the large debug snapshot instead of doubling disk usage.

 ### Compaction notices

--- a/docs/concepts/model-providers.md
+++ b/docs/concepts/model-providers.md
@@ -99,7 +99,7 @@ OpenClaw ships with the pi-ai catalog. These providers require **no** `models.pr
 - Use `params.serviceTier` when you want an explicit tier instead of the shared `/fast` toggle
 - Hidden OpenClaw attribution headers (`originator`, `version`, `User-Agent`) apply only on native OpenAI traffic to `api.openai.com`, not generic OpenAI-compatible proxies
 - Native OpenAI routes also keep Responses `store`, prompt-cache hints, and OpenAI reasoning-compat payload shaping; proxy routes do not
- `openai/gpt-5.3-codex-spark` is intentionally suppressed in OpenClaw because live OpenAI API requests reject it; use `openai-codex/gpt-5.3-codex-spark` only when the Codex catalog exposes it for your account
+- `openai/gpt-5.3-codex-spark` is intentionally suppressed in OpenClaw because live OpenAI API requests reject it and the current Codex catalog does not expose it

 ```json5
 {
@@ -150,7 +150,6 @@ Anthropic staff told us OpenClaw-style Claude CLI usage is allowed again, so Ope
 - For the common subscription plus native Codex runtime route, sign in with `openai-codex` auth but configure `openai/gpt-5.5`; OpenAI agent turns select Codex by default.
 - Use provider/model `agentRuntime.id: "pi"` only when you want a compatibility route through PI; otherwise keep `openai/gpt-5.5` on the default Codex harness.
 - `openai-codex/gpt-*` refs remain a legacy PI route. Prefer `openai/gpt-5.5` on the native Codex runtime for new agent config, and run `openclaw doctor --fix` when you want to migrate old `openai-codex/*` refs to canonical `openai/*` refs.
- `openai-codex/gpt-5.3-codex-spark` remains available only through Codex catalog discovery when the signed-in account advertises it; direct `openai/*` and Azure refs for that model stay suppressed.

 ```json5
 {
--- a/docs/concepts/qa-e2e-automation.md
+++ b/docs/concepts/qa-e2e-automation.md
@@ -93,26 +93,13 @@ That script starts a local OTLP/HTTP receiver, runs the `otel-trace-smoke` QA
 scenario with the `diagnostics-otel` plugin enabled, then asserts traces,
 metrics, and logs are exported. It decodes the exported protobuf trace spans
 and checks the release-critical shape:
-`openclaw.run`, `openclaw.harness.run`, a latest GenAI semantic-convention
-model-call span, `openclaw.context.assembled`, and `openclaw.message.delivery`
-must be present. The smoke forces
-`OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental`, so the model-call
-span must use the `{gen_ai.operation.name} {gen_ai.request.model}` name;
+`openclaw.run`, `openclaw.harness.run`, `openclaw.model.call`,
+`openclaw.context.assembled`, and `openclaw.message.delivery` must be present;
 model calls must not export `StreamAbandoned` on successful turns; raw diagnostic IDs and
 `openclaw.content.*` attributes must stay out of the trace. The raw OTLP
 payloads must not contain the prompt sentinel, response sentinel, or QA session
 key. It writes `otel-smoke-summary.json` next to the QA suite artifacts.

-For a collector-backed OpenTelemetry smoke, run:
-
-```bash
-pnpm qa:otel:collector-smoke
-```
-
-That lane puts a real OpenTelemetry Collector Docker container in front of the
-same local receiver. Use it when changing endpoint wiring, collector
-compatibility, or OTLP export behavior that the in-process receiver could mask.
-
 For the protected Prometheus scrape smoke, run:

 ```bash
@@ -131,13 +118,6 @@ To run both observability smokes back to back, use:
 pnpm qa:observability:smoke
 ```

-For the collector-backed OpenTelemetry lane plus the protected Prometheus scrape
-smoke, use:
-
-```bash
-pnpm qa:observability:collector-smoke
-```
-
 Observability QA stays source-checkout only. The npm tarball intentionally omits
 QA Lab, so package Docker release lanes do not run `qa` commands. Use
 `pnpm qa:otel:smoke`, `pnpm qa:prometheus:smoke`, or
--- a/docs/concepts/queue.md
+++ b/docs/concepts/queue.md
@@ -126,7 +126,7 @@ keys.
 - If commands seem stuck, enable verbose logs and look for "queued for ...ms" lines to confirm the queue is draining.
 - If you need queue depth, enable verbose logs and watch for queue timing lines.
 - Codex app-server runs that accept a turn and then stop emitting progress are interrupted by the Codex adapter so the active session lane can release instead of waiting for the outer run timeout.
- When diagnostics are enabled, sessions that remain in `processing` past `diagnostics.stuckSessionWarnMs` with no observed reply, tool, status, block, or ACP progress are classified by current activity. Active work logs as `session.long_running`; active work with no recent progress logs as `session.stalled`; `session.stuck` is reserved for recoverable stale session bookkeeping, including idle queued sessions with stale ownerless model/tool activity, and only that path can release the affected session lane so queued work drains. Repeated `session.stuck` diagnostics back off while the session remains unchanged.
+- When diagnostics are enabled, sessions that remain in `processing` past `diagnostics.stuckSessionWarnMs` with no observed reply, tool, status, block, or ACP progress are classified by current activity. Active work logs as `session.long_running`; active work with no recent progress logs as `session.stalled`; `session.stuck` is reserved for stale session bookkeeping with no active work, and only that path can release the affected session lane so queued work drains. Repeated `session.stuck` diagnostics back off while the session remains unchanged.

 ## Related

--- a/docs/concepts/session-tool.md
+++ b/docs/concepts/session-tool.md
@@ -49,12 +49,10 @@ effective tool list.
 token counts, and timestamps. Filter by kind (`main`, `group`, `cron`, `hook`,
 `node`), exact `label`, exact `agentId`, search text, or recency
 (`activeMinutes`). When you need mailbox-style triage, it can also ask for a
-visibility-scoped derived title, a last-message preview snippet, or bounded recent
-messages on each row. Derived titles and previews are produced only for sessions
-the caller can already see under the configured session tool visibility policy, so
-unrelated sessions stay hidden. When visibility is restricted, `sessions_list`
-returns optional `visibility` metadata showing the effective mode and a warning that
-results may be scope-limited.
+visibility-scoped derived title, a last-message preview snippet, or bounded
+recent messages on each row. Derived titles and previews are produced only for
+sessions the caller can already see under the configured session tool
+visibility policy, so unrelated sessions stay hidden.

 `sessions_history` fetches the conversation transcript for a specific session.
 By default, tool results are excluded -- pass `includeTools: true` to see them.
--- a/docs/diagnostics/flags.md
+++ b/docs/diagnostics/flags.md
@@ -50,50 +50,6 @@ Disable all flags:
 OPENCLAW_DIAGNOSTICS=0
 ```

-`OPENCLAW_DIAGNOSTICS=0` is a process-level disable override: it disables
-flags from both env and config for that process.
-
-## Profiling flags
-
-Profiler flags enable targeted timing spans without raising global logging
-levels. They are disabled by default.
-
-Enable all profiler-gated spans for one gateway run:
-
-```bash
-OPENCLAW_DIAGNOSTICS=profiler openclaw gateway run
-```
-
-Enable only reply-dispatch profiler spans:
-
-```bash
-OPENCLAW_DIAGNOSTICS=reply.profiler openclaw gateway run
-```
-
-Enable only Codex app-server startup/tool/thread profiler spans:
-
-```bash
-OPENCLAW_DIAGNOSTICS=codex.profiler openclaw gateway run
-```
-
-Enable profiler flags from config:
-
-```json
-{
-  "diagnostics": {
-    "flags": ["reply.profiler", "codex.profiler"]
-  }
-}
-```
-
-Restart the gateway after changing config flags. To disable a profiler flag,
-remove it from `diagnostics.flags` and restart. To temporarily disable every
-diagnostics flag even when config enables profiler flags, start the process with:
-
-```bash
-OPENCLAW_DIAGNOSTICS=0 openclaw gateway run
-```
-
 ## Timeline artifacts

 The `timeline` flag writes structured startup and runtime timing events for
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -1212,6 +1212,7 @@
                  "plugins/codex-native-plugins",
                  "plugins/codex-computer-use",
                  "plugins/google-meet",
+                  "plugins/meeting-notes",
                  "plugins/webhooks",
                  "plugins/admin-http-rpc",
                  "plugins/voice-call",
--- a/docs/gateway/cli-backends.md
+++ b/docs/gateway/cli-backends.md
@@ -170,15 +170,13 @@ the prompt. Skill env/API key overrides are still applied by OpenClaw to the
 child process environment for the run.

 Claude CLI also has its own noninteractive permission mode. OpenClaw maps that
-to the existing exec policy instead of adding Claude-specific policy config.
-For OpenClaw-managed Claude live sessions, the effective OpenClaw exec policy is
-authoritative: YOLO (`tools.exec.security: "full"` and
-`tools.exec.ask: "off"`) launches Claude with
-`--permission-mode bypassPermissions`, while restrictive effective exec policy
-launches Claude with `--permission-mode default`. Per-agent
-`agents.list[].tools.exec` settings override global `tools.exec` for that
-agent. Raw Claude backend args may still include `--permission-mode`, but live
-Claude launches normalize that flag to match the effective OpenClaw exec policy.
+to the existing exec policy instead of adding Claude-specific config: when the
+effective requested exec policy is YOLO (`tools.exec.security: "full"` and
+`tools.exec.ask: "off"`), OpenClaw adds `--permission-mode bypassPermissions`.
+Per-agent `agents.list[].tools.exec` settings override global `tools.exec` for
+that agent. To force a different Claude mode, set explicit raw backend args
+such as `--permission-mode default` or `--permission-mode acceptEdits` under
+`agents.defaults.cliBackends.claude-cli.args` and matching `resumeArgs`.

 The bundled Anthropic `claude-cli` backend also maps OpenClaw `/think` levels
 to Claude Code's native `--effort` flag for non-off levels. `minimal` and
@@ -399,22 +397,6 @@ minutes; set `0` to disable). One-shot embedded runs such as auth probes,
 slug generation, and active-memory recall request cleanup at run end so stdio
 children and Streamable HTTP/SSE streams do not outlive the run.

-## Reseed history cap
-
-When a fresh CLI session is seeded from a prior OpenClaw transcript (for
-example after a `session_expired` retry), the rendered
-`<conversation_history>` block is capped to keep reseed prompts from
-exploding. The default is `12288` characters (about 3000 tokens).
-
-Claude CLI backends automatically use a larger cap derived from the resolved
-Claude context tier. Standard 200K-token Claude runs keep a larger transcript
-slice, and 1M-token Claude runs keep a larger slice again, while other CLI
-backends keep the conservative default.
-
- The cap only governs the reseed prompt's prior-history block. Live-session
-  output limits are tuned separately under `reliability.outputLimits`
-  (see [Sessions](#sessions)).
-
 ## Limitations

 - **No direct OpenClaw tool calls.** OpenClaw does not inject tool calls into
--- a/docs/gateway/config-agents.md
+++ b/docs/gateway/config-agents.md
@@ -235,6 +235,7 @@ Shared defaults for bounded runtime context surfaces.
      contextLimits: {
        memoryGetMaxChars: 12000,
        memoryGetDefaultLines: 120,
+        toolResultMaxChars: 16000,
        postCompactionMaxChars: 1800,
      },
    },
@@ -246,12 +247,8 @@ Shared defaults for bounded runtime context surfaces.
  metadata and continuation notice are added.
 - `memoryGetDefaultLines`: default `memory_get` line window when `lines` is
  omitted.
- `toolResultMaxChars`: advanced live tool-result ceiling used for persisted
-  results and overflow recovery. Leave unset for the model-context auto cap:
-  `16000` chars below 100K tokens, `32000` chars at 100K+ tokens, and `64000`
-  chars at 200K+ tokens. The effective cap is still limited to about 30% of the
-  model context window. `openclaw doctor --deep` prints the effective cap, and
-  doctor warns only when an explicit override is stale or has no effect.
+- `toolResultMaxChars`: live tool-result cap used for persisted results and
+  overflow recovery.
 - `postCompactionMaxChars`: AGENTS.md excerpt cap used during post-compaction
  refresh injection.

@@ -266,6 +263,7 @@ from `agents.defaults.contextLimits`.
    defaults: {
      contextLimits: {
        memoryGetMaxChars: 12000,
+        toolResultMaxChars: 16000,
      },
    },
    list: [
@@ -273,7 +271,7 @@ from `agents.defaults.contextLimits`.
        id: "tiny-local",
        contextLimits: {
          memoryGetMaxChars: 6000,
-          toolResultMaxChars: 8000, // advanced ceiling for this agent
+          toolResultMaxChars: 8000,
        },
      },
    ],
@@ -505,16 +503,16 @@ Time format in system prompt. Default: `auto` (OS preference).

 **Built-in alias shorthands** (only apply when the model is in `agents.defaults.models`):

-| Alias               | Model                           |
-| ------------------- | ------------------------------- |
-| `opus`              | `anthropic/claude-opus-4-6`     |
-| `sonnet`            | `anthropic/claude-sonnet-4-6`   |
-| `gpt`               | `openai/gpt-5.5`                |
-| `gpt-mini`          | `openai/gpt-5.4-mini`           |
-| `gpt-nano`          | `openai/gpt-5.4-nano`           |
-| `gemini`            | `google/gemini-3.1-pro-preview` |
-| `gemini-flash`      | `google/gemini-3-flash-preview` |
-| `gemini-flash-lite` | `google/gemini-3.1-flash-lite`  |
+| Alias               | Model                                  |
+| ------------------- | -------------------------------------- |
+| `opus`              | `anthropic/claude-opus-4-6`            |
+| `sonnet`            | `anthropic/claude-sonnet-4-6`          |
+| `gpt`               | `openai/gpt-5.5`                       |
+| `gpt-mini`          | `openai/gpt-5.4-mini`                  |
+| `gpt-nano`          | `openai/gpt-5.4-nano`                  |
+| `gemini`            | `google/gemini-3.1-pro-preview`        |
+| `gemini-flash`      | `google/gemini-3-flash-preview`        |
+| `gemini-flash-lite` | `google/gemini-3.1-flash-lite-preview` |

 Your configured aliases always win over defaults.

@@ -577,7 +575,7 @@ Replace the entire OpenClaw-assembled system prompt with a fixed string. Set at

 ### `agents.defaults.promptOverlays`

-Provider-independent prompt overlays applied by model family on OpenClaw-assembled prompt surfaces. GPT-5-family model ids receive the shared behavior contract across PI/provider routes; `personality` controls only the friendly interaction-style layer. Native Codex app-server routes keep Codex-owned base/model instructions instead of this OpenClaw GPT-5 overlay, and OpenClaw disables Codex's built-in personality for native threads.
+Provider-independent prompt overlays applied by model family on OpenClaw-assembled prompt surfaces. GPT-5-family model ids receive the shared behavior contract across PI/provider routes; `personality` controls only the friendly interaction-style layer. Native Codex app-server routes keep Codex-owned base/model/personality instructions instead of this OpenClaw GPT-5 overlay.

 ```json5
 {
--- a/docs/gateway/config-channels.md
+++ b/docs/gateway/config-channels.md
@@ -788,7 +788,7 @@ See the full channel index: [Channels](/channels).

 Group messages default to **require mention** (metadata mention or safe regex patterns). Applies to WhatsApp, Telegram, Discord, Google Chat, and iMessage group chats.

-Visible replies are controlled separately. Normal group, channel, and internal WebChat direct requests default to automatic final delivery: final assistant text posts through the legacy visible reply path. Opt into `messages.visibleReplies: "message_tool"` or `messages.groupChat.visibleReplies: "message_tool"` when visible output should only post after the agent calls `message(action=send)`. If the model returns final text without calling the message tool in an opted-in tool-only mode, that final text stays private and the gateway verbose log records suppressed payload metadata.
+Visible replies are controlled separately. Normal group and channel requests default to automatic final delivery: final assistant text posts through the legacy visible reply path. Some harnesses, including Codex, default direct/source chats to message-tool delivery so visible output only posts after the agent calls `message(action=send)`. If the model returns final text without calling the message tool, that final text stays private and the gateway verbose log records suppressed payload metadata.

 Tool-only visible replies require a model/runtime that reliably calls tools, and are recommended for shared ambient rooms on latest-generation models such as GPT 5.5. If
 the session log shows assistant text with `didSendViaMessagingTool: false`, the
@@ -834,7 +834,7 @@ Fix: either pick a stronger tool-calling model, remove the explicit `"message_to

 `messages.groupChat.unmentionedInbound: "room_event"` submits unmentioned always-on group/channel messages as quiet room context on supported channels. Mentioned messages, commands, and direct messages remain user requests. See [Ambient room events](/channels/ambient-room-events) for complete Discord, Slack, and Telegram examples.

-`messages.visibleReplies` is the global source-event default; `messages.groupChat.visibleReplies` overrides it for group/channel source events. When `messages.visibleReplies` is unset, direct/source chats use the selected runtime or harness default, but internal WebChat direct turns use automatic final delivery for Pi/Codex prompt parity. Set `messages.visibleReplies: "message_tool"` to intentionally require `message(action=send)` for visible output. Channel allowlists and mention gating still decide whether an event is processed.
+`messages.visibleReplies` is the global source-event default; `messages.groupChat.visibleReplies` overrides it for group/channel source events. When `messages.visibleReplies` is unset, direct/source chats use the selected runtime or harness default. The Codex harness defaults direct/source chats to message-tool delivery; set `messages.visibleReplies: "automatic"` to use automatic final delivery. Channel allowlists and mention gating still decide whether an event is processed.

 #### DM history limits

--- a/docs/gateway/config-tools.md
+++ b/docs/gateway/config-tools.md
@@ -357,9 +357,6 @@ Default: `tree` (current session + sessions spawned by it, such as subagents).
    - `agent`: any session belonging to the current agent id (can include other users if you run per-sender sessions under the same agent id).
    - `all`: any session. Cross-agent targeting still requires `tools.agentToAgent`.
    - Sandbox clamp: when the current session is sandboxed and `agents.defaults.sandbox.sessionToolsVisibility="spawned"`, visibility is forced to `tree` even if `tools.sessions.visibility="all"`.
-    - When not `all`, `sessions_list` includes a compact `visibility` field
-      describing the effective mode and a warning that some sessions may be
-      omitted outside the current scope.

  </Accordion>
 </AccordionGroup>
--- a/docs/gateway/configuration-examples.md
+++ b/docs/gateway/configuration-examples.md
@@ -385,7 +385,7 @@ Save to `~/.openclaw/openclaw.json` and you can DM the bot from that number.
  cron: {
    enabled: true,
    store: "~/.openclaw/cron/cron.json",
-    maxConcurrentRuns: 8, // default; cron dispatch + isolated cron agent-turn execution
+    maxConcurrentRuns: 2, // cron dispatch + isolated cron agent-turn execution
    sessionRetention: "24h",
    runLog: {
      maxBytes: "2mb",
--- a/docs/gateway/configuration-reference.md
+++ b/docs/gateway/configuration-reference.md
@@ -687,8 +687,7 @@ Query-string hook tokens are rejected.
 Validation and safety notes:

 - `hooks.enabled=true` requires a non-empty `hooks.token`.
- `hooks.token` must be distinct from `gateway.auth.token` / `OPENCLAW_GATEWAY_TOKEN`; reusing the Gateway token fails startup validation.
- `openclaw security audit` also flags `hooks.token` reuse of active Gateway password auth (`gateway.auth.password` / `OPENCLAW_GATEWAY_PASSWORD`, or `--auth password --password <password>`) as a critical finding; password-mode reuse stays startup-compatible and should be repaired by rotating one of the secrets.
+- `hooks.token` must be **distinct** from `gateway.auth.token`; reusing the Gateway token is rejected.
 - `hooks.path` cannot be `/`; use a dedicated subpath such as `/hooks`.
 - If `hooks.allowRequestSessionKey=true`, constrain `hooks.allowedSessionKeyPrefixes` (for example `["hook:"]`).
 - If a mapping or preset uses a templated `sessionKey`, set `hooks.allowedSessionKeyPrefixes` and `hooks.allowRequestSessionKey=true`. Static mapping keys do not require that opt-in.
@@ -709,8 +708,8 @@ Validation and safety notes:
 - `transform` can point to a JS/TS module returning a hook action.
  - `transform.module` must be a relative path and stays within `hooks.transformsDir` (absolute paths and traversal are rejected).
  - Keep `hooks.transformsDir` under `~/.openclaw/hooks/transforms`; workspace skill directories are rejected. If `openclaw doctor` reports this path as invalid, move the transform module into the hooks transforms directory or remove `hooks.transformsDir`.
- `agentId` routes to a specific agent; unknown IDs fall back to the default agent.
- `allowedAgentIds`: restricts effective agent routing, including the default-agent path when `agentId` is omitted (`*` or omitted = allow all, `[]` = deny all).
+- `agentId` routes to a specific agent; unknown IDs fall back to default.
+- `allowedAgentIds`: restricts explicit routing (`*` or omitted = allow all, `[]` = deny all).
 - `defaultSessionKey`: optional fixed session key for hook agent runs without explicit `sessionKey`.
 - `allowRequestSessionKey`: allow `/hooks/agent` callers and template-driven mapping session keys to set `sessionKey` (default: `false`).
 - `allowedSessionKeyPrefixes`: optional prefix allowlist for explicit `sessionKey` values (request + mapping), e.g. `["hook:"]`. It becomes required when any mapping or preset uses a templated `sessionKey`.
@@ -1052,7 +1051,6 @@ Notes:
        toolInputs: false,
        toolOutputs: false,
        systemPrompt: false,
-        toolDefinitions: false,
      },
    },

@@ -1081,8 +1079,8 @@ Notes:
 - `otel.traces` / `otel.metrics` / `otel.logs`: enable trace, metrics, or log export.
 - `otel.sampleRate`: trace sampling rate `0`-`1`.
 - `otel.flushIntervalMs`: periodic telemetry flush interval in ms.
- `otel.captureContent`: opt-in raw content capture for OTEL span attributes. Defaults to off. Boolean `true` captures non-system message/tool content; the object form lets you enable `inputMessages`, `outputMessages`, `toolInputs`, `toolOutputs`, `systemPrompt`, and `toolDefinitions` explicitly.
- `OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental`: environment toggle for latest experimental GenAI inference span shape, including `{gen_ai.operation.name} {gen_ai.request.model}` span names, `CLIENT` span kind, and `gen_ai.provider.name` instead of legacy `gen_ai.system`. By default spans keep `openclaw.model.call` and `gen_ai.system` for compatibility; GenAI metrics use bounded semantic attributes.
+- `otel.captureContent`: opt-in raw content capture for OTEL span attributes. Defaults to off. Boolean `true` captures non-system message/tool content; the object form lets you enable `inputMessages`, `outputMessages`, `toolInputs`, `toolOutputs`, and `systemPrompt` explicitly.
+- `OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental`: environment toggle for latest experimental GenAI span provider attributes. By default spans keep the legacy `gen_ai.system` attribute for compatibility; GenAI metrics use bounded semantic attributes.
 - `OPENCLAW_OTEL_PRELOADED=1`: environment toggle for hosts that already registered a global OpenTelemetry SDK. OpenClaw then skips plugin-owned SDK startup/shutdown while keeping diagnostic listeners active.
 - `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT`, `OTEL_EXPORTER_OTLP_METRICS_ENDPOINT`, and `OTEL_EXPORTER_OTLP_LOGS_ENDPOINT`: signal-specific endpoint env vars used when the matching config key is unset.
 - `cacheTrace.enabled`: log cache trace snapshots for embedded runs (default: `false`).
@@ -1241,7 +1239,7 @@ Current builds no longer include the TCP bridge. Nodes connect over the Gateway
 {
  cron: {
    enabled: true,
-    maxConcurrentRuns: 8, // default; cron dispatch + isolated cron agent-turn execution
+    maxConcurrentRuns: 2, // cron dispatch + isolated cron agent-turn execution
    webhook: "https://example.invalid/legacy", // deprecated fallback for stored notify:true jobs
    webhookToken: "replace-with-dedicated-token", // optional bearer token for outbound webhook auth
    sessionRetention: "24h", // duration string or false
--- a/docs/gateway/configuration.md
+++ b/docs/gateway/configuration.md
@@ -419,7 +419,7 @@ candidate contains redacted secret placeholders such as `***`.
    {
      cron: {
        enabled: true,
-        maxConcurrentRuns: 8, // default; cron dispatch + isolated cron agent-turn execution
+        maxConcurrentRuns: 2, // cron dispatch + isolated cron agent-turn execution
        sessionRetention: "24h",
        runLog: {
          maxBytes: "2mb",
@@ -461,7 +461,7 @@ candidate contains redacted secret placeholders such as `***`.

    Security note:
    - Treat all hook/webhook payload content as untrusted input.
-    - Use a dedicated `hooks.token`; do not reuse active Gateway auth secrets (`gateway.auth.token` / `OPENCLAW_GATEWAY_TOKEN` or `gateway.auth.password` / `OPENCLAW_GATEWAY_PASSWORD`).
+    - Use a dedicated `hooks.token`; do not reuse the shared Gateway token.
    - Hook auth is header-only (`Authorization: Bearer ...` or `x-openclaw-token`); query-string tokens are rejected.
    - `hooks.path` cannot be `/`; keep webhook ingress on a dedicated subpath such as `/hooks`.
    - Keep unsafe-content bypass flags disabled (`hooks.gmail.allowUnsafeExternalContent`, `hooks.mappings[].allowUnsafeExternalContent`) unless doing tightly scoped debugging.
--- a/docs/gateway/doctor.md
+++ b/docs/gateway/doctor.md
@@ -413,7 +413,7 @@ That stages grounded durable candidates into the short-term dreaming store while
    - short cooldowns (rate limits/timeouts/auth failures)
    - longer disables (billing/credit failures)

-    Legacy Codex OAuth profiles whose tokens live in macOS Keychain (older onboarding before the file-based sidecar layout) are not picked up by the embedded runtime path — that path runs with `allowKeychainPrompt: false` and cannot trigger a Keychain prompt. Affected users will see a one-shot `log.warn` from the legacy sidecar loader naming `openclaw doctor --fix` and macOS Keychain (instead of the credential silently falling through to a downstream `No API key found for provider "openai-codex"`). Run `openclaw doctor --fix` once from an interactive terminal to migrate Keychain-backed legacy tokens inline into `auth-profiles.json`; after that, embedded turns (Telegram, cron, sub-agent dispatch) resolve them like any other inline OAuth profile.
+    Legacy Codex OAuth profiles whose tokens live in macOS Keychain (older onboarding before the file-based sidecar layout) are not picked up by the embedded runtime path — that path runs with `allowKeychainPrompt: false` and cannot trigger a Keychain prompt. Run `openclaw doctor --fix` once to migrate Keychain-backed legacy tokens inline into `auth-profiles.json`; after that, embedded turns (Telegram, cron, sub-agent dispatch) resolve them like any other inline OAuth profile.

  </Accordion>
  <Accordion title="6. Hooks model validation">
--- a/docs/gateway/openai-http-api.md
+++ b/docs/gateway/openai-http-api.md
@@ -219,11 +219,8 @@ Set `stream: true` to receive Server-Sent Events (SSE):
 - `max_tokens`: number; legacy alias accepted for backwards compatibility. Ignored when `max_completion_tokens` is also present.
 - `temperature`: number; best-effort sampling temperature forwarded to the upstream provider via the agent stream-param channel.
 - `top_p`: number; best-effort nucleus sampling forwarded to the upstream provider via the agent stream-param channel.
- `frequency_penalty`: number; best-effort frequency penalty forwarded to the upstream provider via the agent stream-param channel. Validated range: -2.0 to 2.0. Returns `400 invalid_request_error` for out-of-range values.
- `presence_penalty`: number; best-effort presence penalty forwarded to the upstream provider via the agent stream-param channel. Validated range: -2.0 to 2.0. Returns `400 invalid_request_error` for out-of-range values.
- `seed`: number (integer); best-effort seed forwarded to the upstream provider via the agent stream-param channel. Returns `400 invalid_request_error` for non-integer values.

-When either token-cap field is set, the value is forwarded to the upstream provider via the agent stream-param channel. The actual wire field name sent to the upstream provider is chosen by the provider transport: `max_completion_tokens` for OpenAI-family endpoints, and `max_tokens` for providers that only accept the legacy name (such as Mistral and Chutes). Sampling fields (`temperature`, `top_p`, `frequency_penalty`, `presence_penalty`, `seed`) follow the same stream-param channel; the ChatGPT-based Codex Responses backend strips them server-side since it uses fixed sampling.
+When either token-cap field is set, the value is forwarded to the upstream provider via the agent stream-param channel. The actual wire field name sent to the upstream provider is chosen by the provider transport: `max_completion_tokens` for OpenAI-family endpoints, and `max_tokens` for providers that only accept the legacy name (such as Mistral and Chutes). Sampling fields (`temperature`, `top_p`) follow the same stream-param channel; the ChatGPT-based Codex Responses backend strips them server-side since it uses fixed sampling.

 ### Unsupported variants

--- a/Show More
+++ b/Show More