fix(onboard): skip config-handling prompt when no key settings detected

.agents/skills/clawdtributor/SKILL.md

@@ -1,159 +0,0 @@
----
-name: clawdtributor
-description: "Use for OpenClaw clawtributors PR/issue triage: Discrawl discovery, live-open rechecks, deep review, topic grouping, and compact @handle/LOC/type/blast/verification summaries."
----
-
-# Clawdtributor
-
-Use for the `#clawtributors` queue: Discord-discovered OpenClaw PRs/issues that need live GitHub status plus maintainer-quality review.
-
-## Compose with other skills
-
-- `$discrawl`: local Discord archive sync/search.
-- `$openclaw-pr-maintainer`: live GitHub PR/issue review, duplicate search, close/land rules.
-- `$gitcrawl`: related issue/PR and current-main/stale-proof search.
-- `$openclaw-testing` / `$crabbox`: proof choice when a candidate needs real validation.
-
-## Archive flow
-
-Local archive first; verify freshness for current questions.
-
-```bash
-discrawl status --json
-discrawl sync
-```
-
-Resolve channel if needed:
-
-```bash
-sqlite3 "$HOME/.discrawl/discrawl.db" \
-  "select id,name from channels where name like '%clawtributor%' order by name;"
-```
-
-Current known channel id from prior work: `1458141495701012561`. Re-resolve if it stops matching.
-
-Extract recent refs:
-
-```bash
-sqlite3 "$HOME/.discrawl/discrawl.db" "
-select m.created_at, coalesce(nullif(mm.username,''), m.author_id), m.content
-from messages m
-left join members mm on mm.guild_id=m.guild_id and mm.user_id=m.author_id
-where m.channel_id='1458141495701012561'
-  and m.created_at >= '<ISO cutoff>'
-order by m.created_at desc;" |
-perl -nE 'while(m{github\.com/openclaw/openclaw/(pull|issues)/(\d+)}g){say "$1\t$2\t$_"}'
-```
-
-Map a PR/issue back to the Discord handle:
-
-```bash
-sqlite3 -separator $'\t' "$HOME/.discrawl/discrawl.db" "
-select m.created_at,
-       coalesce(nullif(mm.username,''), nullif(mm.global_name,''), m.author_id)
-from messages m
-left join members mm on mm.guild_id=m.guild_id and mm.user_id=m.author_id
-where m.channel_id='1458141495701012561'
-  and m.content like '%github.com/openclaw/openclaw/<pull-or-issues>/<number>%'
-order by m.created_at desc
-limit 1;"
-```
-
-Show only `@handle` in the final list. Do not write the word Discord unless the user asks for source details.
-
-## Live GitHub recheck
-
-Always recheck live state before listing, closing, or saying "open".
-
-```bash
-GITHUB_TOKEN= GITHUB_TOKEN_NODIFF= GH_TOKEN= \
-gh api repos/openclaw/openclaw/pulls/<number> \
-  --jq '. | {number,title,state,merged,mergeable,draft,author:.user.login,url:.html_url,updatedAt:.updated_at,additions,deletions,changedFiles:.changed_files}'
-```
-
-For issues:
-
-```bash
-GITHUB_TOKEN= GITHUB_TOKEN_NODIFF= GH_TOKEN= \
-gh api repos/openclaw/openclaw/issues/<number> \
-  --jq '. | {number,title,state,author:.user.login,url:.html_url,updatedAt:.updated_at,pull_request}'
-```
-
-If `gh` says bad credentials, clear env vars with empty assignments as above. Use `--jq '. | {...}'` for object projections.
-
-## Review depth
-
-For each open item, inspect enough to classify risk:
-
-- PR body, linked issue, comments, files, additions/deletions, checks.
-- Current `origin/main` code path and adjacent tests.
-- Related threads with `gitcrawl neighbors/search`.
-- Whether main already fixed it, the PR is obsolete, or the idea is invalid.
-- Blast radius: touched runtime surfaces, config/schema, plugin/core boundary, user-visible behavior, release/package surface.
-- Verification: say if local unit/docs proof is enough, live/provider proof is needed, or it is not directly verifiable.
-
-Do not close from title alone. If closing as done on main or nonsensical, prove it against current main and comment first when mutation is requested. Bulk close/reopen above 5 requires explicit scope.
-
-## Candidate selection
-
-When asked for `5 new`, exclude refs already surfaced in the session and refill from the archive until there are 5 live-open candidates. If fewer than 5 remain open, list all open ones and say how many short.
-
-When asked to `update`, `refresh`, `recheck`, `check again`, or similar, return an updated live-open candidate list. Do not fill the main list with items that merely merged/closed since the last pass; put those numbers in a short bottom line.
-
-Prefer:
-
-- Fresh, open, external contributor work.
-- Small, high-confidence bugfixes.
-- Clear repro, tests, or obvious code-path proof.
-
-Demote:
-
-- Broad product/features without owner decision.
-- Large rewrites with unclear contract.
-- PRs already in progress, merged, closed, duplicate, or fixed on main.
-
-## Topic grouping
-
-Group only when useful or requested:
-
-- Agents/tooling
-- Providers/auth/models
-- Channels/messaging
-- UI/web
-- Gateway/protocol/runtime
-- Config/memory/cache
-- Docker/install/release
-- Docs/tests/chore
-- Closed/obsolete
-
-Infer topic from labels, touched files, title/body, and actual code path.
-
-## Output format
-
-No Markdown tables. Compact bullets. Use color/risk markers:
-
-- 🟢 low/narrow
-- 🟡 medium or needs targeted proof
-- 🔴 broad/high runtime risk
-- 🟣 security/policy/owner-boundary slow review
-- ✅ merged
-- ⚪ closed unmerged
-
-Required line shape:
-
-```markdown
-- **PR #81244** `@whatsskill.` `+118/-1` `bug` 🟢 verifiable: yes. This prevents chat action buttons from overlapping short assistant replies. Blast: web chat rendering, low.
-- **Issue #81245** `@alice` `LOC n/a` `bug` 🟡 verifiable: partial. This reports duplicate Telegram replies when reconnecting after gateway restart. Blast: Telegram channel runtime, medium.
-```
-
-Rules:
-
-- Bold the `PR #n` or `Issue #n` marker.
-- Use `@handle`, not author bio text.
-- PR LOC is `+additions/-deletions`; issue LOC is `LOC n/a`.
-- Type: `bug`, `feature`, `perf`, `security`, `docs`, `test`, `chore`, or `refactor`.
-- Write a full sentence for what it does.
-- Always include blast radius in one phrase.
-- Always include `verifiable: yes|partial|no` plus the shortest proof hint when helpful.
-- If status is not open, still show it only when the user asked for all surfaced refs; use ✅ or ⚪ and state merged/closed.
-- For refresh-style asks, bottom line: `Merged/closed since last pass: #81016 merged, #81026 closed.` Omit if none.

.agents/skills/crabbox/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: crabbox
-description: Use Crabbox for OpenClaw remote validation across Linux, macOS, Windows, and WSL2. Default to Blacksmith Testbox for broad Linux proof; includes direct Blacksmith and owned AWS/Hetzner fallback notes when Crabbox fails.
+description: Use Crabbox for OpenClaw remote Linux validation. Default to Blacksmith Testbox; includes direct Blacksmith and owned AWS/Hetzner fallback notes when Crabbox fails.
 ---
 
 # Crabbox
@@ -31,16 +31,13 @@ pnpm crabbox:run -- --help | sed -n '1,120p'
 - Check `.crabbox.yaml` for repo defaults, but override provider explicitly.
   Even if config still says AWS, maintainer validation should normally pass
   `--provider blacksmith-testbox`.
-- If a warm direct-provider lease smells stale, retry with `--full-resync`
-  (alias `--fresh-sync`) before replacing the lease. This resets the remote
-  workdir, skips the fingerprint fast path, reseeds Git when possible, and
-  uploads the checkout from scratch.
-- For live/provider bugs, use the configured secret workflow before downgrading
-  to mocks. Copy only the exact needed key into the remote process environment
-  for that one command. Do not print it, do not sync it as a repo file, and do
-  not leave it in remote shell history or logs. If no secret-safe injection path
-  is available, say true live provider auth is blocked instead of silently using
-  a fake key.
+- For live/provider bugs, check keys on the local Mac before downgrading to
+  mocks: source local `~/.profile` and test only presence/length. If Crabbox
+  does not already have the key, copy only the exact needed key into the remote
+  process environment for that one command. Do not print it, do not sync it as a
+  repo file, and do not leave it in remote shell history or logs. If no
+  secret-safe injection path is available, say true live provider auth is
+  blocked instead of silently using a fake key.
 - Prefer local targeted tests for tight edit loops. Broad gates belong remote.
 - Do not treat inherited shell env as operator intent. In particular,
   `OPENCLAW_LOCAL_CHECK_MODE=throttled` from the local shell is not permission
@@ -67,8 +64,7 @@ Crabbox supports static SSH targets:
 - `target=macos` and `target=windows --windows-mode wsl2` use the POSIX SSH,
   bash, Git, rsync, and tar contract.
 - Native Windows uses OpenSSH, PowerShell, Git, and tar; sync is manifest tar
-  archive transfer into `static.workRoot`. Direct native Windows runs support
-  `--script*`, `--env-from-profile`, `--preflight`, and PowerShell `--shell`.
+  archive transfer into `static.workRoot`.
 - `crabbox actions hydrate/register` are Linux-only today; use plain
   `crabbox run` loops for static macOS and Windows hosts.
 - Live proof needs a reachable, operator-managed SSH host. Without one, verify
@@ -148,16 +144,8 @@ blacksmith testbox list
 Use these on debugging runs before inventing ad hoc logging:
 
 - `--preflight`: prints run context, workspace mode, SSH target, remote user/cwd,
-  and target-specific tool probes. Defaults cover `git`, `tar`, `node`, `npm`,
-  `corepack`, `pnpm`, `yarn`, `bun`, `docker`, plus POSIX
-  `sudo`/`apt`/`bubblewrap` and native Windows
-  `powershell`/`execution_policy`/`longpaths`/`temp`/`pwsh`. Add
-  `--preflight-tools node,bun,docker`, `CRABBOX_PREFLIGHT_TOOLS`, or repo
-  `run.preflightTools` to replace the list. `default` expands built-ins; `none`
-  prints only the workspace summary. Preflight is diagnostic only; install
-  toolchains through Actions hydration, images, devcontainer/Nix/mise/asdf, or
-  the run script. On `blacksmith-testbox`, this prints a delegated-unsupported
-  note because the workflow owns setup.
+  sudo/apt, Node, pnpm, Docker, and bubblewrap. On `blacksmith-testbox`, this
+  prints a delegated-unsupported note because the workflow owns setup.
 - `CRABBOX_ENV_ALLOW=NAME,...`: forwards only listed local env vars for direct
   providers and prints `set len=N secret=true` style summaries. On
   `blacksmith-testbox`, env forwarding is unsupported; put secrets in the
@@ -166,36 +154,21 @@ Use these on debugging runs before inventing ad hoc logging:
   `export NAME=value` / `NAME=value` lines from a local profile without
   executing it, then forwards only allowlisted names. `--allow-env` is
   repeatable and comma-separated. Profile values override ambient allowlisted
-  env values for that run. Direct POSIX, WSL2, and native Windows runs are
-  supported; delegated providers are not. Crabbox probes the uploaded profile
-  remotely and prints redacted presence/length metadata before the command.
-- `--env-helper <name>`: with `--env-from-profile` on POSIX SSH targets,
-  persists `.crabbox/env/<name>` and `.crabbox/env/<name>.env` so follow-up
-  commands on the same lease can run through `./.crabbox/env/<name> <command>`.
-  Use only on leases you control; the profile stays until cleanup, lease reset,
-  or `--full-resync`.
+  env values for that run.
 - `--script <file>` / `--script-stdin`: upload a local script into
   `.crabbox/scripts/` and execute it on the remote box. Shebang scripts execute
-  directly on POSIX; scripts without a shebang run through `bash`. Native
-  Windows uploads run through Windows PowerShell, and Crabbox appends `.ps1`
-  when needed. Arguments after `--` become script args.
+  directly; scripts without a shebang run through `bash`. Arguments after `--`
+  become script args.
 - `--fresh-pr owner/repo#123|URL|number`: skip dirty local sync and create a
   fresh remote checkout of the GitHub PR. Bare numbers use the current repo's
   GitHub origin. Add `--apply-local-patch` only when the current local
   `git diff --binary HEAD` should be applied on top of that PR checkout.
-- `--full-resync` / `--fresh-sync`: reset a stale direct-provider workdir
-  before syncing. Use after sync fingerprints look wrong, SSH times out before
-  sync, or rsync watchdog output suggests it. It is redundant with
-  `--fresh-pr`, incompatible with `--no-sync`, and unsupported by delegated
-  providers.
 - `--capture-stdout <path>` / `--capture-stderr <path>`: write remote streams to
   local files and keep binary/noisy output out of retained logs. Parent
   directories must already exist. These are direct-provider only.
 - `--capture-on-fail`: on non-zero direct-provider exits, downloads
   `.crabbox/captures/*.tar.gz` with `test-results`, `playwright-report`,
   `coverage`, JUnit XML, and nearby logs. Treat as secret-bearing until reviewed.
-- `--keep-on-failure`: leave a failed one-shot lease alive for live debugging
-  until idle/TTL expiry. Useful on direct providers and delegated one-shots.
 - `--timing-json`: final machine-readable timing. Add
   `echo CRABBOX_PHASE:install`, `CRABBOX_PHASE:test`, etc. in long shell
   commands; direct providers and Blacksmith Testbox both report them as
@@ -207,6 +180,7 @@ Live-provider debug template for direct AWS/Hetzner leases:
 mkdir -p .crabbox/logs
 pnpm crabbox:run -- --provider aws \
   --preflight \
+  --env-from-profile ~/.profile \
   --allow-env OPENAI_API_KEY,OPENAI_BASE_URL \
   --timing-json \
   --capture-stdout .crabbox/logs/live-provider.stdout.log \
@@ -217,10 +191,9 @@ pnpm crabbox:run -- --provider aws \
 ```
 
 Do not pass `--capture-*`, `--download`, `--checksum`, `--force-sync-large`, or
-`--sync-only` to delegated providers. Also do not pass `--script*`,
-`--fresh-pr`, `--full-resync`, or `--env-helper` there. Crabbox rejects these
-because the provider owns sync or command transport. `--keep-on-failure` is OK
-for delegated one-shots when you need to inspect a failed lease.
+`--sync-only` to delegated providers. Also do not pass `--script*` or
+`--fresh-pr` there. Crabbox rejects these because the provider owns sync or
+command transport.
 
 ## Efficient Bug E2E Verification
 
@@ -233,8 +206,8 @@ Pick the lane by symptom:
 - Docker/setup/install bug: build a package tarball and run the matching
   `scripts/e2e/*-docker.sh` or package script. This proves npm packaging,
   install paths, runtime deps, config writes, and container behavior.
-- Provider/model/auth bug: prefer true live E2E. Use the configured secret
-  workflow, then inject the single needed key into Crabbox if needed. Scrub
+- Provider/model/auth bug: prefer true live E2E. First source local Mac
+  `~/.profile`, then inject the single needed key into Crabbox if needed. Scrub
   unrelated provider env vars in the child command so interactive defaults do
   not drift to another provider. If only a dummy key is used, label the proof
   narrowly, e.g. "UI/install path only; live provider auth not exercised."
@@ -268,8 +241,6 @@ Keep it efficient:
 - Use `--fresh-pr <pr>` when validating an upstream PR in isolation from the
   local dirty tree. Add `--apply-local-patch` only when testing a local fixup on
   top of that PR.
-- Use `--full-resync` before replacing a warmed direct-provider lease when the
-  remote workdir or sync fingerprint appears stale.
 - Use one-shot Crabbox for a single proof; use a reusable Testbox only when
   several commands must share built images, installed packages, or live state.
 - Prefer `OPENCLAW_CURRENT_PACKAGE_TGZ` with Docker/package lanes when testing a
@@ -365,17 +336,10 @@ Useful WebVNC commands:
 
 ```sh
 ../crabbox/bin/crabbox webvnc --provider hetzner --id <cbx_id-or-slug> --open
-../crabbox/bin/crabbox webvnc daemon start --provider hetzner --id <cbx_id-or-slug> --open
-../crabbox/bin/crabbox webvnc daemon status --provider hetzner --id <cbx_id-or-slug>
-../crabbox/bin/crabbox webvnc daemon stop --provider hetzner --id <cbx_id-or-slug>
-../crabbox/bin/crabbox webvnc status --provider hetzner --id <cbx_id-or-slug>
-../crabbox/bin/crabbox webvnc reset --provider hetzner --id <cbx_id-or-slug> --open
-../crabbox/bin/crabbox desktop doctor --provider hetzner --id <cbx_id-or-slug>
-../crabbox/bin/crabbox desktop click --provider hetzner --id <cbx_id-or-slug> --x 640 --y 420
-../crabbox/bin/crabbox desktop paste --provider hetzner --id <cbx_id-or-slug> --text "user@example.com"
-../crabbox/bin/crabbox desktop key --provider hetzner --id <cbx_id-or-slug> ctrl+l
-../crabbox/bin/crabbox artifacts collect --id <cbx_id-or-slug> --all --output artifacts/<slug>
-../crabbox/bin/crabbox artifacts publish --dir artifacts/<slug> --pr <number>
+../crabbox/bin/crabbox webvnc --provider hetzner --id <cbx_id-or-slug> --daemon --open
+../crabbox/bin/crabbox webvnc --provider hetzner --id <cbx_id-or-slug> --status
+../crabbox/bin/crabbox webvnc --provider hetzner --id <cbx_id-or-slug> --stop
+../crabbox/bin/crabbox screenshot --provider hetzner --id <cbx_id-or-slug> --output desktop.png
 ```
 
 `desktop launch --webvnc --open` is usually the nicest one-shot: it starts the
@@ -410,9 +374,7 @@ Common Crabbox-only failures:
 - Sync/timing bug: add `--debug --timing-json`; capture the final JSON and the
   printed Actions URL. Large sync warnings now include top source directories
   by file count and a hint to update `.crabboxignore` / `sync.exclude`; inspect
-  those before reaching for `--force-sync-large`. Quiet rsync watchdogs and SSH
-  timeouts now print `next_action=` hints; follow them, usually `--full-resync`
-  first and a fresh lease second.
+  those before reaching for `--force-sync-large`.
 - Cleanup uncertainty: run `blacksmith testbox list` and stop only boxes you
   created.
 - Testbox queued/capacity pressure: do not convert a broad changed gate or full
@@ -554,10 +516,7 @@ crabbox run --id <lease> --shell -- 'DISPLAY=:99 xdotool search --onlyvisible --
 crabbox status --id <id-or-slug> --wait
 crabbox inspect --id <id-or-slug> --json
 crabbox sync-plan
-crabbox history --limit 20
 crabbox history --lease <id-or-slug>
-crabbox attach <run_id>
-crabbox events <run_id> --json
 crabbox logs <run_id>
 crabbox results <run_id>
 crabbox cache stats --id <id-or-slug>

.agents/skills/openclaw-debugging/SKILL.md

@@ -73,9 +73,8 @@ openclaw logs --follow
   tool execution.
 - **Worker/dist:** run `pnpm build` when touching workers, dynamic imports,
   package exports, lazy runtime boundaries, or published paths.
-- **Live keys:** use the configured secret workflow for missing provider keys
-  before saying live proof is blocked. Env checks are presence-only; never print
-  secrets.
+- **Live keys:** check local `~/.profile` for key presence/length before saying
+  live proof is blocked. Never print secrets.
 
 ## Code Pointers
 

.agents/skills/openclaw-docs/SKILL.md

@@ -42,20 +42,16 @@ Choose the page type before writing:
 Use this default topic page structure:
 
 1. Title: name the major entity or surface.
-2. Opening overview: start with a few unheaded sentences that explain what it
-   is, what it owns, and what it does not own. Do not add a `## Overview`
-   heading unless the page is itself an overview index.
+2. Overview: explain what it is, what it owns, and what it does not own.
 3. Requirements: include only when setup needs specific accounts, versions,
    permissions, plugins, operating systems, or credentials.
 4. Quickstart: show the recommended setup path and smallest reliable verification.
 5. Configuration: show the minimum configuration needed to use the surface,
    common variants users must choose between, and where each option is set:
    CLI, config file, environment variable, plugin manifest, dashboard, or API.
-6. Major subtopics: organize the entity's major concepts, workflows, and
-   decisions by reader intent. Put each major subtopic under its own heading;
-   do not wrap them in a generic `## Subtopics` section.
-7. Troubleshooting: diagnose common observable failures under an explicit
-   `## Troubleshooting` heading.
+6. Subtopics: organize the entity's major concepts, workflows, and decisions by
+   reader intent.
+7. Troubleshooting: diagnose common observable failures.
 8. Related: link to guides, references, commands, concepts, and adjacent topics.
 
 Topic pages may be longer than quickstarts, but they should not become exhaustive

.agents/skills/openclaw-parallels-smoke/SKILL.md

@@ -56,7 +56,7 @@ Use this skill for Parallels guest workflows and smoke interpretation. Do not lo
 - For unpublished targets, pack the candidate on the host, serve the `.tgz` over the harness HTTP server, and point the guest updater at that served package. Prefer `openclaw update --tag http://<host-ip>:<port>/openclaw-<version>.tgz --yes --json`; when channel persistence also matters, pass `--channel <stable|beta>` and set `OPENCLAW_UPDATE_PACKAGE_SPEC` to the same served URL in the guest update environment. The command under test must still be `openclaw update`, not direct npm.
 - For unpublished local-fix validation, remember the old baseline updater code still controls the first hop. A fix that lives only in the new updater code cannot change that already-running old process; the served candidate must either keep package/plugin metadata compatible with the baseline host or the baseline itself must include the updater fix.
 - For beta/stable verification, resolve the tag immediately before the run (`npm view openclaw@beta version dist.tarball` or `npm view openclaw@latest ...`). Tags can move while a long VM matrix is already running; restart the matrix when the intended prerelease appears after an earlier registry 404/tag-lag check.
-- Use the configured secret workflow to inject only the provider keys needed by OpenAI/Anthropic lanes. Do not print secrets or env dumps; pass provider secrets through the guest exec environment.
+- Source Peter's profile in the host shell (`set -a; source "$HOME/.profile"; set +a`) before OpenAI/Anthropic lanes. Do not print profile contents or env dumps; pass provider secrets through the guest exec environment.
 - Same-guest update verification should set the default model explicitly to `openai/gpt-5.4` before the agent turn and use a fresh explicit `--session-id` so old session model state does not leak into the check.
 - The aggregate npm-update wrapper must resolve the Linux VM with the same Ubuntu fallback policy as `parallels-linux-smoke.sh` before both fresh and update lanes. Treat any Ubuntu guest with major version `>= 24` as acceptable when the exact default VM is missing, preferring the closest version match. On Peter's current host today, missing `Ubuntu 24.04.3 ARM64` should fall back to `Ubuntu 25.10`.
 - On macOS same-guest update checks, restart the gateway after the npm upgrade before `gateway status` / `agent`; launchd can otherwise report a loaded service while the old process has exited and the fresh process is not RPC-ready yet.

.agents/skills/openclaw-qa-testing/SKILL.md

@@ -227,9 +227,7 @@ pnpm openclaw qa manual \
 - Treat the concrete Codex model name as user/config input; do not hardcode it in source, docs examples, or scenarios.
 - Live QA preserves `CODEX_HOME` so Codex CLI auth/config works while keeping `HOME` and `OPENCLAW_HOME` sandboxed.
 - Mock QA should scrub `CODEX_HOME`.
-- If Codex returns fallback/auth text every turn, first check `CODEX_HOME`,
-  relevant secret-backed auth, and gateway child logs before changing
-  scenario assertions.
+- If Codex returns fallback/auth text every turn, first check `CODEX_HOME`, `~/.profile`, and gateway child logs before changing scenario assertions.
 - For model comparison, include `codex-cli/<codex-model>` as another candidate in `qa character-eval`; the report should label it as an opaque model name.
 
 ## Repo facts

.agents/skills/openclaw-release-maintainer/SKILL.md

@@ -65,8 +65,8 @@ Use this skill for release and publish-time workflow. Keep ordinary development
   stable base version section, for example `v2026.4.20-beta.1` uses
   `## 2026.4.20` release notes.
 - When any beta or stable release is live, make a best-effort Discord
-  announcement using the configured secret workflow; do not block or roll back
-  the release if the announcement fails.
+  announcement using Peter's bot token from `.profile`; do not block or roll
+  back the release if the announcement fails.
 - When asked to announce on X, use `~/Projects/bird/bird` and follow the
   release tweet style below.
 
@@ -288,11 +288,13 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
 ## Check all relevant release builds
 
 - Always validate the OpenClaw npm release path before creating the tag.
-- Use the configured secret workflow before live release validation so OpenAI
-  and Anthropic credentials are available without printing secrets.
+- Source Peter's profile before live release validation so OpenAI and Anthropic
+  credentials are available without printing secrets:
+  `set -a; source "$HOME/.profile"; set +a`.
 - Parallels validation and any local live model QA for this train must use both
-  `OPENAI_API_KEY` and `ANTHROPIC_API_KEY`. If either cannot be injected, stop
-  before starting those local long lanes and report the missing key.
+  `OPENAI_API_KEY` and `ANTHROPIC_API_KEY`. If either is missing after sourcing
+  `.profile`, stop before starting those local long lanes and report the
+  missing key.
 - Live credentialed channel QA is the GitHub Actions workflow
   `QA-Lab - All Lanes` (`.github/workflows/qa-live-telegram-convex.yml`), not a
   local substitute. Dispatch it from Actions against the release tag and wait
@@ -590,7 +592,8 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
     If a pre-npm lane fails before any tag/package leaves the machine, fix and
     rerun the same intended beta attempt. Repeat up to the operator's
     authorized beta-attempt limit, normally 4.
-24. Announce the beta/stable release on Discord best-effort using the configured secret workflow.
+24. Announce the beta/stable release on Discord best-effort using Peter's bot
+    token from `.profile`.
 25. If the operator requested beta only, stop after beta verification and the
     announcement.
 26. If the stable release was published to `beta`, use the light stable

.agents/skills/openclaw-testing/SKILL.md

@@ -19,11 +19,9 @@ or validating a change without wasting hours.
 Prove the touched surface first. Do not reflexively run the whole suite.
 
 1. Inspect the diff and classify the touched surface:
-   - normal source checkout, source change: `pnpm changed:lanes --json`, then `pnpm check:changed`
-   - normal source checkout, tests only: `pnpm test:changed`
-   - normal source checkout, one failing file: `pnpm test <path-or-filter> -- --reporter=verbose`
-   - Codex worktree or linked/sparse checkout, one/few explicit files: `node scripts/run-vitest.mjs <path-or-filter>`
-   - Codex worktree or linked/sparse checkout, changed gates or anything broad: `node scripts/crabbox-wrapper.mjs run --provider blacksmith-testbox ... --shell -- "pnpm check:changed"`
+   - source: `pnpm changed:lanes --json`, then `pnpm check:changed`
+   - tests only: `pnpm test:changed`
+   - one failing file: `pnpm test <path-or-filter> -- --reporter=verbose`
    - workflow-only: `git diff --check`, workflow syntax/lint (`actionlint` when available)
    - docs-only: `pnpm docs:list`, docs formatter/lint only if docs tooling changed or requested
 2. Reproduce narrowly before fixing.
@@ -38,12 +36,6 @@ Prove the touched surface first. Do not reflexively run the whole suite.
 - Prefer GitHub Actions for release/Docker proof when the workflow already has the prepared image and secrets.
 - Use `scripts/committer "<msg>" <paths...>` when committing; stage only your files.
 - If deps are missing, run `pnpm install`, retry once, then report the first actionable error.
-- In a Codex worktree or linked/sparse checkout, do not run direct local
-  `pnpm test*`, `pnpm check*`, `pnpm crabbox:run`, or `scripts/committer` until
-  you have verified pnpm will not reconcile or reinstall dependencies. Use
-  `node scripts/run-vitest.mjs` for tiny local proof, `node
-  scripts/crabbox-wrapper.mjs` for Testbox, and `git commit --no-verify` only
-  after the relevant remote or node-wrapper proof is already clean.
 - For Blacksmith Testbox proof, use Crabbox first. `pnpm crabbox:run -- --provider
 blacksmith-testbox --timing-json -- <command...>` warms, claims, syncs, runs,
   reports, and cleans up one-shot boxes. Reuse only an id/slug created in this
@@ -63,14 +55,6 @@ OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test <path-or-filter>
 
 Use targeted file paths whenever possible. Avoid raw `vitest`; use the repo
 `pnpm test` wrapper so project routing, workers, and setup stay correct.
-When the checkout is a Codex worktree, prefer the direct node harness instead:
-
-```bash
-node scripts/run-vitest.mjs <path-or-filter>
-```
-
-That keeps the test scoped without giving pnpm a chance to run dependency
-status checks or install reconciliation in a linked worktree.
 
 ## Command Semantics
 

.github/CODEOWNERS

@@ -11,8 +11,6 @@
 /.github/workflows/codeql.yml @openclaw/openclaw-secops
 /.github/workflows/codeql-android-critical-security.yml @openclaw/openclaw-secops
 /.github/workflows/codeql-critical-quality.yml @openclaw/openclaw-secops
-/.github/workflows/dependency-change-awareness.yml @openclaw/openclaw-secops
-/test/scripts/dependency-change-awareness-workflow.test.ts @openclaw/openclaw-secops
 /src/security/ @openclaw/openclaw-secops
 /src/secrets/ @openclaw/openclaw-secops
 /src/config/*secret*.ts @openclaw/openclaw-secops

.github/workflows/ci-check-testbox.yml

@@ -124,6 +124,5 @@ jobs:
       - name: Run Testbox
         uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
         if: always()
-        continue-on-error: true
         env:
           FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

.github/workflows/dependency-change-awareness.yml

@@ -1,171 +0,0 @@
-name: Dependency Change Awareness
-
-on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] metadata-only workflow; no checkout or untrusted code execution
-    types: [opened, reopened, synchronize, ready_for_review]
-
-permissions:
-  pull-requests: write
-  issues: write
-
-concurrency:
-  group: dependency-change-awareness-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  dependency-change-awareness:
-    if: ${{ !github.event.pull_request.draft }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Label and comment on dependency changes
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
-        with:
-          script: |
-            const marker = "<!-- openclaw:dependency-change-awareness -->";
-            const labelName = "dependencies-changed";
-            const maxListedFiles = 25;
-            const pullRequest = context.payload.pull_request;
-
-            if (!pullRequest) {
-              core.info("No pull_request payload found; skipping.");
-              return;
-            }
-
-            const isDependencyFile = (filename) =>
-              filename === "package.json" ||
-              filename === "pnpm-lock.yaml" ||
-              filename === "pnpm-workspace.yaml" ||
-              filename === "ui/package.json" ||
-              filename.startsWith("patches/") ||
-              /^packages\/[^/]+\/package\.json$/u.test(filename) ||
-              /^extensions\/[^/]+\/package\.json$/u.test(filename);
-
-            const sanitizeDisplayValue = (value) =>
-              String(value)
-                .replace(/[\u0000-\u001f\u007f]/gu, "?")
-                .slice(0, 240);
-            const markdownCode = (value) =>
-              `\`${sanitizeDisplayValue(value).replaceAll("`", "\\`")}\``;
-            const ignoreUnavailableWritePermission = (action) => (error) => {
-              if (error?.status === 403) {
-                core.warning(
-                  `Skipping dependency change ${action}; token does not have issue write permission.`,
-                );
-                return;
-              }
-              if (error?.status === 404 || error?.status === 422) {
-                core.warning(`Dependency change ${action} is unavailable.`);
-                return;
-              }
-              throw error;
-            };
-
-            const files = await github.paginate(github.rest.pulls.listFiles, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: pullRequest.number,
-              per_page: 100,
-            });
-            const dependencyFiles = files
-              .map((file) => file.filename)
-              .filter((filename) => typeof filename === "string" && isDependencyFile(filename))
-              .sort((left, right) => left.localeCompare(right));
-
-            const comments = await github.paginate(github.rest.issues.listComments, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: pullRequest.number,
-              per_page: 100,
-            });
-            const existingComment = comments.find(
-              (comment) =>
-                comment.user?.login === "github-actions[bot]" && comment.body?.includes(marker),
-            );
-
-            const labels = await github.paginate(github.rest.issues.listLabelsOnIssue, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: pullRequest.number,
-              per_page: 100,
-            });
-            const hasLabel = labels.some((label) => label.name === labelName);
-
-            if (dependencyFiles.length === 0) {
-              if (hasLabel) {
-                await github.rest.issues.removeLabel({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: pullRequest.number,
-                  name: labelName,
-                }).catch(ignoreUnavailableWritePermission("label removal"));
-              }
-              if (existingComment) {
-                await github.rest.issues.deleteComment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  comment_id: existingComment.id,
-                }).catch(ignoreUnavailableWritePermission("comment deletion"));
-              }
-              await core.summary
-                .addHeading("Dependency Change Awareness")
-                .addRaw("No dependency-related file changes detected.")
-                .write();
-              core.info("No dependency-related file changes detected.");
-              return;
-            }
-
-            if (!hasLabel) {
-              await github.rest.issues.addLabels({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: pullRequest.number,
-                labels: [labelName],
-              }).catch(ignoreUnavailableWritePermission(`label "${labelName}" update`));
-            }
-
-            const listedFiles = dependencyFiles.slice(0, maxListedFiles);
-            const omittedCount = dependencyFiles.length - listedFiles.length;
-            const fileLines = listedFiles.map((filename) => `- ${markdownCode(filename)}`);
-            if (omittedCount > 0) {
-              fileLines.push(`- ${omittedCount} additional dependency-related files not shown`);
-            }
-
-            const body = [
-              marker,
-              "",
-              "### Dependency Changes Detected",
-              "",
-              "This PR changes dependency-related files. Maintainers should confirm these changes are intentional.",
-              "",
-              "Changed files:",
-              ...fileLines,
-              "",
-              "Maintainer follow-up:",
-              "- Review whether the dependency changes are intentional.",
-              "- Inspect resolved package deltas when lockfile or workspace dependency policy changes are present.",
-              "- Run `pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes.md --json /tmp/dependency-changes.json` locally for detailed release-style evidence.",
-            ].join("\n");
-
-            if (existingComment) {
-              await github.rest.issues.updateComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                comment_id: existingComment.id,
-                body,
-              }).catch(ignoreUnavailableWritePermission("comment update"));
-            } else {
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: pullRequest.number,
-                body,
-              }).catch(ignoreUnavailableWritePermission("comment creation"));
-            }
-
-            await core.summary
-              .addHeading("Dependency Change Awareness")
-              .addRaw(`Detected ${dependencyFiles.length} dependency-related file change(s).`)
-              .addList(dependencyFiles.map((filename) => markdownCode(filename)))
-              .write();
-            core.notice(`Detected ${dependencyFiles.length} dependency-related file change(s).`);

.github/workflows/full-release-validation.yml

@@ -297,7 +297,6 @@ jobs:
             echo "conclusion=${conclusion}" >> "$GITHUB_OUTPUT"
             if [[ "$conclusion" != "success" ]]; then
               gh run view "$run_id" --json jobs --jq '.jobs[] | select(.conclusion != "success" and .conclusion != "skipped") | {name, conclusion, url}' || true
-              exit 1
             fi
           }
 
@@ -397,7 +396,6 @@ jobs:
             echo "conclusion=${conclusion}" >> "$GITHUB_OUTPUT"
             if [[ "$conclusion" != "success" ]]; then
               gh run view "$run_id" --json jobs --jq '.jobs[] | select(.conclusion != "success" and .conclusion != "skipped") | {name, conclusion, url}' || true
-              exit 1
             fi
           }
 
@@ -506,7 +504,6 @@ jobs:
             echo "conclusion=${conclusion}" >> "$GITHUB_OUTPUT"
             if [[ "$conclusion" != "success" ]]; then
               gh run view "$run_id" --json jobs --jq '.jobs[] | select(.conclusion != "success" and .conclusion != "skipped") | {name, conclusion, url}' || true
-              exit 1
             fi
           }
 
@@ -729,7 +726,6 @@ jobs:
           echo "conclusion=${conclusion}" >> "$GITHUB_OUTPUT"
           if [[ "$conclusion" != "success" ]]; then
             gh run view "$run_id" --json jobs --jq '.jobs[] | select(.conclusion != "success" and .conclusion != "skipped") | {name, conclusion, url}' || true
-            exit 1
           fi
 
   summary:
@@ -739,6 +735,62 @@ jobs:
     runs-on: ubuntu-24.04
     timeout-minutes: 5
     steps:
+      - name: Request private evidence update
+        env:
+          RELEASE_PRIVATE_DISPATCH_TOKEN: ${{ secrets.OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN }}
+          TARGET_REF: ${{ inputs.ref }}
+          PACKAGE_SPEC: ${{ inputs.evidence_package_spec || inputs.npm_telegram_package_spec }}
+          GITHUB_RUN_ID_VALUE: ${{ github.run_id }}
+          RELEASE_CHECKS_RESULT: ${{ needs.release_checks.result }}
+        run: |
+          set -euo pipefail
+          if [[ "$RELEASE_CHECKS_RESULT" == "skipped" ]]; then
+            echo "Release checks were skipped by rerun group; skipping automatic private evidence update."
+            exit 0
+          fi
+          if [[ -z "${RELEASE_PRIVATE_DISPATCH_TOKEN// }" ]]; then
+            echo "OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN is not configured; skipping automatic private evidence update."
+            exit 0
+          fi
+
+          release_id="${TARGET_REF#refs/tags/}"
+          release_id="${release_id#v}"
+          if [[ "$PACKAGE_SPEC" =~ ^openclaw@(.+)$ ]]; then
+            release_id="${BASH_REMATCH[1]}"
+          fi
+          release_id="$(printf '%s' "$release_id" | tr '/:@ ' '----' | tr -cd 'A-Za-z0-9._-')"
+          if [[ -z "$release_id" ]]; then
+            echo "::error::Could not derive release evidence id from target ref '${TARGET_REF}'."
+            exit 1
+          fi
+
+          payload="$(
+            jq -cn \
+              --arg full_validation_run_id "$GITHUB_RUN_ID_VALUE" \
+              --arg release_id "$release_id" \
+              --arg release_ref "$TARGET_REF" \
+              --arg package_spec "$PACKAGE_SPEC" \
+              --arg notes "Automatically requested by Full Release Validation ${GITHUB_RUN_ID_VALUE} after child workflows completed; the parent summary re-checks current child run conclusions." \
+              '{
+                event_type: "openclaw_full_release_validation_completed",
+                client_payload: {
+                  full_validation_run_id: $full_validation_run_id,
+                  release_id: $release_id,
+                  release_ref: $release_ref,
+                  package_spec: $package_spec,
+                  notes: $notes
+                }
+              }'
+          )"
+
+          curl --fail-with-body \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${RELEASE_PRIVATE_DISPATCH_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/openclaw/releases-private/dispatches \
+            -d "$payload"
+
       - name: Verify child workflow results
         env:
           GH_TOKEN: ${{ github.token }}
@@ -917,61 +969,3 @@ jobs:
           summarize_child_timing "npm_telegram" "$NPM_TELEGRAM_RUN_ID"
 
           exit "$failed"
-
-      - name: Request private evidence update
-        env:
-          RELEASE_PRIVATE_DISPATCH_TOKEN: ${{ secrets.OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN }}
-          TARGET_REF: ${{ inputs.ref }}
-          PACKAGE_SPEC: ${{ inputs.evidence_package_spec || inputs.npm_telegram_package_spec }}
-          GITHUB_RUN_ID_VALUE: ${{ github.run_id }}
-          RELEASE_CHECKS_RESULT: ${{ needs.release_checks.result }}
-        run: |
-          set -euo pipefail
-          if [[ "$RELEASE_CHECKS_RESULT" == "skipped" ]]; then
-            echo "Release checks were skipped by rerun group; skipping automatic private evidence update."
-            exit 0
-          fi
-          if [[ -z "${RELEASE_PRIVATE_DISPATCH_TOKEN// }" ]]; then
-            echo "OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN is not configured; skipping automatic private evidence update."
-            exit 0
-          fi
-
-          release_id="${TARGET_REF#refs/tags/}"
-          release_id="${release_id#v}"
-          if [[ "$PACKAGE_SPEC" =~ ^openclaw@(.+)$ ]]; then
-            release_id="${BASH_REMATCH[1]}"
-          fi
-          release_id="$(printf '%s' "$release_id" | tr '/:@ ' '----' | tr -cd 'A-Za-z0-9._-')"
-          if [[ -z "$release_id" ]]; then
-            echo "::warning::Could not derive release evidence id from target ref '${TARGET_REF}'; skipping automatic private evidence update."
-            exit 0
-          fi
-
-          payload="$(
-            jq -cn \
-              --arg full_validation_run_id "$GITHUB_RUN_ID_VALUE" \
-              --arg release_id "$release_id" \
-              --arg release_ref "$TARGET_REF" \
-              --arg package_spec "$PACKAGE_SPEC" \
-              --arg notes "Automatically requested by Full Release Validation ${GITHUB_RUN_ID_VALUE} after child workflows completed; the parent summary re-checks current child run conclusions." \
-              '{
-                event_type: "openclaw_full_release_validation_completed",
-                client_payload: {
-                  full_validation_run_id: $full_validation_run_id,
-                  release_id: $release_id,
-                  release_ref: $release_ref,
-                  package_spec: $package_spec,
-                  notes: $notes
-                }
-              }'
-          )"
-
-          if ! curl --fail-with-body \
-            -X POST \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${RELEASE_PRIVATE_DISPATCH_TOKEN}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/repos/openclaw/releases-private/dispatches \
-            -d "$payload"; then
-            echo "::warning::Automatic private release evidence dispatch failed; child workflow validation remains authoritative."
-          fi

.github/workflows/openclaw-live-and-e2e-checks-reusable.yml

@@ -427,7 +427,6 @@ jobs:
               add_profile_suite live-cli-backend-docker "stable full"
               add_profile_suite live-acp-bind-docker "stable full"
               add_profile_suite live-codex-harness-docker "stable full"
-              add_profile_suite live-subagent-announce-docker "stable full"
 
               add_profile_suite native-live-extensions-a-k "full"
               add_profile_suite native-live-extensions-media-audio "full"
@@ -2292,12 +2291,6 @@ jobs:
             timeout_minutes: 40
             profile_env_only: false
             profiles: stable full
-          - suite_id: live-subagent-announce-docker
-            label: Docker live subagent announce
-            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" timeout --foreground --kill-after=30s 20m bash .release-harness/scripts/test-live-subagent-announce-docker.sh
-            timeout_minutes: 25
-            profile_env_only: false
-            profiles: stable full
     env:
       OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
       OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}

.github/workflows/openclaw-npm-release.yml

@@ -169,27 +169,12 @@ jobs:
       - name: Verify release contents
         run: pnpm release:check
 
-      - name: Generate dependency release evidence
-        id: dependency_evidence
-        env:
-          RELEASE_REF: ${{ inputs.tag }}
-          RELEASE_NPM_DIST_TAG: ${{ inputs.npm_dist_tag }}
-        run: |
-          set -euo pipefail
-          node scripts/generate-dependency-release-evidence.mjs \
-            --release-ref "$RELEASE_REF" \
-            --npm-dist-tag "$RELEASE_NPM_DIST_TAG" \
-            --output-dir "$RUNNER_TEMP/openclaw-release-dependency-evidence" \
-            --github-output "$GITHUB_OUTPUT" \
-            --github-step-summary "$GITHUB_STEP_SUMMARY"
-
       - name: Pack prepared npm tarball
         id: packed_tarball
         env:
           OPENCLAW_PREPACK_PREPARED: "1"
           RELEASE_TAG: ${{ inputs.tag }}
           RELEASE_NPM_DIST_TAG: ${{ inputs.npm_dist_tag }}
-          DEPENDENCY_EVIDENCE_DIR: ${{ steps.dependency_evidence.outputs.dir }}
         run: |
           set -euo pipefail
           PACK_OUTPUT="$RUNNER_TEMP/npm-pack-output.txt"
@@ -261,7 +246,6 @@ jobs:
           rm -rf "$ARTIFACT_DIR"
           mkdir -p "$ARTIFACT_DIR"
           cp "$PACK_PATH" "$ARTIFACT_DIR/"
-          cp -R "$DEPENDENCY_EVIDENCE_DIR" "$ARTIFACT_DIR/dependency-evidence"
           printf '%s\n' "$RELEASE_TAG" > "$ARTIFACT_DIR/release-tag.txt"
           printf '%s\n' "$RELEASE_SHA" > "$ARTIFACT_DIR/release-sha.txt"
           printf '%s\n' "$RELEASE_NPM_DIST_TAG" > "$ARTIFACT_DIR/release-npm-dist-tag.txt"
@@ -277,8 +261,6 @@ jobs:
             packageVersion: process.env.PACKAGE_VERSION,
             tarballName: process.env.TARBALL_NAME,
             tarballSha256: process.env.TARBALL_SHA256,
-            dependencyEvidenceDir: "dependency-evidence",
-            dependencyEvidenceManifest: "dependency-evidence/dependency-evidence-manifest.json",
           };
           fs.writeFileSync(
             path.join(process.env.ARTIFACT_DIR, "preflight-manifest.json"),
@@ -287,13 +269,6 @@ jobs:
           NODE
           echo "dir=$ARTIFACT_DIR" >> "$GITHUB_OUTPUT"
 
-      - name: Upload dependency release evidence
-        uses: actions/upload-artifact@v7
-        with:
-          name: openclaw-release-dependency-evidence-${{ inputs.tag }}
-          path: ${{ steps.dependency_evidence.outputs.dir }}
-          if-no-files-found: error
-
       - name: Upload prepared npm publish bundle
         uses: actions/upload-artifact@v7
         with:

.github/workflows/openclaw-release-checks.yml

@@ -626,7 +626,7 @@ jobs:
       artifact_name: ${{ needs.prepare_release_package.outputs.artifact_name }}
       package_sha256: ${{ (needs.resolve_target.outputs.package_acceptance_package_spec == '' && needs.resolve_target.outputs.release_package_spec == '') && needs.prepare_release_package.outputs.package_sha256 || '' }}
       suite_profile: custom
-      docker_lanes: doctor-switch update-channel-switch skill-install update-corrupt-plugin upgrade-survivor published-upgrade-survivor root-managed-vps-upgrade update-restart-auth plugins-offline plugin-update
+      docker_lanes: doctor-switch update-channel-switch skill-install update-corrupt-plugin upgrade-survivor published-upgrade-survivor update-restart-auth plugins-offline plugin-update
       published_upgrade_survivor_baselines: ${{ needs.resolve_target.outputs.run_release_soak == 'true' && 'last-stable-4 2026.4.23 2026.5.2 2026.4.15' || '' }}
       published_upgrade_survivor_scenarios: ${{ needs.resolve_target.outputs.run_release_soak == 'true' && 'reported-issues' || '' }}
       telegram_mode: mock-openai

.github/workflows/openclaw-release-publish.yml

@@ -401,33 +401,6 @@ jobs:
             echo "- GitHub release: https://github.com/${GITHUB_REPOSITORY}/releases/tag/${RELEASE_TAG}" >> "$GITHUB_STEP_SUMMARY"
           }
 
-          upload_dependency_evidence_release_asset() {
-            local release_version download_dir asset_path asset_name
-            release_version="${RELEASE_TAG#v}"
-            download_dir="${RUNNER_TEMP}/openclaw-release-dependency-evidence-asset"
-            asset_name="openclaw-${release_version}-dependency-evidence.zip"
-            asset_path="${RUNNER_TEMP}/${asset_name}"
-
-            rm -rf "${download_dir}" "${asset_path}"
-            mkdir -p "${download_dir}"
-            gh run download "${PREFLIGHT_RUN_ID}" \
-              --repo "${GITHUB_REPOSITORY}" \
-              --name "openclaw-npm-preflight-${RELEASE_TAG}" \
-              --dir "${download_dir}"
-
-            if [[ ! -d "${download_dir}/dependency-evidence" ]]; then
-              echo "Dependency evidence is missing from OpenClaw npm preflight artifact." >&2
-              find "${download_dir}" -maxdepth 2 -type f -print >&2 || true
-              exit 1
-            fi
-
-            (cd "${download_dir}" && zip -qr "${asset_path}" dependency-evidence)
-            gh release upload "${RELEASE_TAG}" "${asset_path}#${asset_name}" \
-              --repo "${GITHUB_REPOSITORY}" \
-              --clobber
-            echo "- Dependency evidence asset: \`${asset_name}\`" >> "$GITHUB_STEP_SUMMARY"
-          }
-
           {
             echo "### Publish sequence"
             echo
@@ -518,5 +491,4 @@ jobs:
 
           if [[ -n "${openclaw_npm_run_id}" ]]; then
             create_or_update_github_release
-            upload_dependency_evidence_release_asset
           fi

.github/workflows/package-acceptance.yml

@@ -386,10 +386,10 @@ jobs:
               docker_lanes="npm-onboard-channel-agent gateway-network config-reload"
               ;;
             package)
-              docker_lanes="npm-onboard-channel-agent doctor-switch update-channel-switch skill-install update-corrupt-plugin upgrade-survivor published-upgrade-survivor root-managed-vps-upgrade update-restart-auth plugins-offline plugin-update"
+              docker_lanes="npm-onboard-channel-agent doctor-switch update-channel-switch skill-install update-corrupt-plugin upgrade-survivor published-upgrade-survivor update-restart-auth plugins-offline plugin-update"
               ;;
             product)
-              docker_lanes="npm-onboard-channel-agent doctor-switch update-channel-switch skill-install update-corrupt-plugin upgrade-survivor published-upgrade-survivor root-managed-vps-upgrade update-restart-auth plugins plugin-update mcp-channels cron-mcp-cleanup openai-web-search-minimal openwebui"
+              docker_lanes="npm-onboard-channel-agent doctor-switch update-channel-switch skill-install update-corrupt-plugin upgrade-survivor published-upgrade-survivor update-restart-auth plugins plugin-update mcp-channels cron-mcp-cleanup openai-web-search-minimal openwebui"
               include_openwebui=true
               ;;
             full)

.github/workflows/website-installer-sync.yml

@@ -196,10 +196,7 @@ jobs:
         run: |
           git config user.name "openclaw-installer-sync[bot]"
           git config user.email "openclaw-installer-sync[bot]@users.noreply.github.com"
-          git add public/install.sh public/install-cli.sh public/install.ps1
-          if git ls-files --error-unmatch public/install.cmd >/dev/null 2>&1; then
-            git add -u -- public/install.cmd
-          fi
+          git add public/install.sh public/install-cli.sh public/install.ps1 public/install.cmd
           git commit -m "chore: sync installers from openclaw ${GITHUB_SHA::12}"
           git pull --rebase origin main
           git push origin HEAD:main

.gitignore

@@ -115,8 +115,6 @@ USER.md
 !.agents/skills/blacksmith-testbox/**
 !.agents/skills/crabbox/
 !.agents/skills/crabbox/**
-!.agents/skills/clawdtributor/
-!.agents/skills/clawdtributor/**
 !.agents/skills/gitcrawl/
 !.agents/skills/gitcrawl/**
 !.agents/skills/openclaw-docs/**

AGENTS.md

@@ -10,12 +10,12 @@ Skills own workflows; root owns hard policy and routing.
 - Docs/user-visible work: `pnpm docs:list`, then read relevant docs only.
 - Fix/triage answers need source, tests, current/shipped behavior, and dependency contract proof.
 - Dependency-backed behavior: read upstream docs/source/types first. No API/default/error/timing guesses.
-- Live-verify when feasible. Never print secrets.
+- Live-verify when feasible. Check env/`~/.profile` for keys before saying blocked; never print secrets.
 - Missing deps: `pnpm install`, retry once, then report first actionable error.
 - CODEOWNERS: maint/refactor/tests ok. Larger behavior/product/security/ownership: owner ask/review.
 - Product/docs/UI/changelog wording: "plugin/plugins"; `extensions/` is internal.
 - New channel/plugin/app/doc surface: update `.github/labeler.yml` + GH labels.
-- New `AGENTS.md`: add sibling `CLAUDE.md` symlink; edit `AGENTS.md` only.
+- New `AGENTS.md`: add sibling `CLAUDE.md` symlink.
 
 ## Map
 
@@ -36,7 +36,6 @@ Skills own workflows; root owns hard policy and routing.
 - Channels are implementation under `src/channels/**`; plugin authors get SDK seams. Providers own auth/catalog/runtime hooks; core owns generic loop.
 - Hot paths should carry prepared facts forward: provider id, model ref, channel id, target, capability family, attachment class. Do not rediscover with broad plugin/provider/channel/capability loaders.
 - Do not fix repeated request-time discovery with scattered caches. Move the canonical fact earlier; reuse prepared runtime objects; delete duplicate lookup branches.
-- Inline code comments: brief notes for tricky, bug-prone, or previously buggy logic.
 - Gateway protocol changes: additive first; incompatible needs versioning/docs/client follow-through.
 - Config contract: exported types, schema/help, metadata, baselines, docs aligned. Retired public keys stay retired; compat in raw migration/doctor only.
 - Prompt cache: deterministic ordering for maps/sets/registries/plugin lists/files/network results before model/tool payloads. Preserve old transcript bytes when possible.
@@ -47,10 +46,8 @@ Skills own workflows; root owns hard policy and routing.
 - Package manager/runtime: repo defaults only. No swaps without approval.
 - Install: `pnpm install` (keep Bun lock/patches aligned if touched).
 - CLI: `pnpm openclaw ...` or `pnpm dev`; build: `pnpm build`.
-- Tests in a normal source checkout: `pnpm test <path-or-filter> [vitest args...]`, `pnpm test:changed`, `pnpm test:serial`, `pnpm test:coverage`; never raw `vitest`.
-- Tests in a Codex worktree or linked/sparse checkout: avoid direct local `pnpm test*`; use `node scripts/run-vitest.mjs <path-or-filter>` for tiny explicit-file proof, or Crabbox/Testbox for anything broader.
-- Checks in a normal source checkout: `pnpm check:changed`; lanes: `pnpm changed:lanes --json`; staged: `pnpm check:changed --staged`; full: `pnpm check`.
-- Checks in a Codex worktree or linked/sparse checkout: avoid direct local `pnpm check*`; use `node scripts/crabbox-wrapper.mjs run ... --shell -- "pnpm check:changed"` so pnpm runs inside Testbox, not locally.
+- Tests: `pnpm test <path-or-filter> [vitest args...]`, `pnpm test:changed`, `pnpm test:serial`, `pnpm test:coverage`; never raw `vitest`.
+- Checks: `pnpm check:changed`; lanes: `pnpm changed:lanes --json`; staged: `pnpm check:changed --staged`; full: `pnpm check`.
 - Extension tests: `pnpm test:extensions`, `pnpm test extensions`, `pnpm test extensions/<id>`.
 - Typecheck: `tsgo` lanes only (`pnpm tsgo*`, `pnpm check:test-types`); never add `tsc --noEmit`, `typecheck`, `check:types`.
 - Formatting: `oxfmt`, not Prettier. Use repo wrappers (`pnpm format:*`, `pnpm lint:*`, `scripts/run-oxlint.mjs`).
@@ -59,8 +56,7 @@ Skills own workflows; root owns hard policy and routing.
 ## Validation
 
 - Use `$openclaw-testing` for test/CI choice and `$crabbox` for remote/full/E2E proof.
-- Small/narrow tests, lints, format checks, and type probes are fine locally only in a healthy normal checkout.
-- In Codex worktrees, direct local `pnpm test*`, `pnpm check*`, `pnpm crabbox:run`, and `scripts/committer` can trigger pnpm dependency reconciliation or install prompts. Prefer `node` wrappers locally and Crabbox/Testbox for pnpm-gated proof.
+- Small/narrow tests, lints, format checks, and type probes are fine locally.
 - Full suites, broad changed gates, Docker/package/E2E/live/cross-OS proof, or anything that bogs down the Mac: Crabbox/Testbox.
 - One/few files local. If a local command fans out, stop and move broad proof to Crabbox/Testbox.
 - Before handoff/push: prove touched surface. Before landing to `main`: issue proof plus appropriate full/broad proof unless scope is clearly narrow.
@@ -74,8 +70,6 @@ Skills own workflows; root owns hard policy and routing.
 - PR refs: `gh pr view/diff` or `gh api`, not web search. Prefer `gitcrawl` for maintainer discovery; missing/stale `gitcrawl` falls through to live `gh`, not contributor setup. Verify live with `gh` before mutation.
 - Bare issue/PR URL/number means review/report in chat. Suggest comment/close/merge when appropriate; mutate only when asked.
 - No unsolicited PR comments/reviews/labels/retitles/rebases/fixups/landing. Exception: close/duplicate action that needs a reason comment after explicit close/sweep/landing request.
-- Maintainer decision closes the cluster: if deciding reported behavior/proposed fix is not planned, comment+close all directly associated open issues/PRs unless explicitly told to keep one open. Associated means linked PRs/issues, duplicates, companion workaround PRs, and the canonical issue for the rejected behavior.
-- Do not leave associated issues open for hypothetical future repros. Close with rationale; ask for a new issue or reopen only if concrete new evidence appears. Close comment states: decision, why, supported alternative, and what evidence would change the decision.
 - PR review answer: bug/behavior, URL(s), affected surface, best-fix judgment, evidence from code/tests/CI/current or shipped behavior.
 - Issue/PR final answer: last line is the full GitHub URL.
 - Changelog: PR landings/fixes need one unless pure test/internal. Do not mention missing changelog as a review finding; Codex handles it during fix/landing.
@@ -85,7 +79,6 @@ Skills own workflows; root owns hard policy and routing.
 - `ship` that fixes an issue: after push, comment proof + commit link, then close the issue.
 - GH comments with backticks, `$`, or shell snippets: use heredoc/body file, not inline double-quoted `--body`.
 - PR create: real body required. Include Summary + Verification; mention refs, behavior, and proof.
-- Real behavior proof section is parsed. Use exact `field: value` labels: `Behavior addressed`, `Real environment tested`, `Exact steps or command run after this patch`, `Evidence after fix`, `Observed result after fix`, `What was not tested`.
 - PR artifacts/screenshots: attach to PR/comment/external artifact store. Do not commit `.github/pr-assets`.
 - CI polling: exact SHA, relevant checks only, minimal fields. Skip routine noise (`Auto response`, `Labeler`, docs agents, performance/stale). Logs only after failure/completion or concrete need.
 - Maintainers: ignore `Real behavior proof` failures that only say PR body lacks real after-fix evidence.
@@ -141,6 +134,7 @@ Skills own workflows; root owns hard policy and routing.
 
 - Never commit real phone numbers, videos, credentials, live config.
 - Secrets: channel/provider creds in `~/.openclaw/credentials/`; model auth profiles in `~/.openclaw/agents/<agentId>/agent/auth-profiles.json`.
+- Env keys: check `~/.profile`; redact output.
 - Dependency patches/overrides/vendor changes need explicit approval. `pnpm-workspace.yaml` patched dependencies use exact versions only.
 - Carbon pins owner-only: do not change `@buape/carbon` unless Shadow (`@thewilloftheshadow`, verified by `gh`) asks.
 - Releases/publish/version bumps need explicit approval. Use `$openclaw-release-maintainer`.

CHANGELOG.md

@@ -4,110 +4,10 @@ Docs: https://docs.openclaw.ai
 
 ## Unreleased
 
-### Changes
-
-- Control UI/WebChat: add a persisted auto-scroll mode selector so users can keep the current near-bottom behavior, always follow streaming output, or turn automatic streaming scroll off and use the New messages button manually. Fixes #7648 and #81287. Thanks @BunsDev.
-- ACP: add `acp.fallbacks` so ACP turns can try configured backup runtime backends when the primary backend is unavailable before any output is emitted. (#69542) Thanks @kaseonedge.
-
 ### Fixes
 
-- CLI tables: preserve muted/color styling on wrapped continuation lines after multiline cells, keeping `openclaw plugins list` descriptions readable.
-- Web: honor explicitly configured global `web_search` providers during provider ownership resolution while keeping sandboxed `web_fetch` limited to bundled providers.
-- iOS: restore first-use Contacts, Calendar, and Reminders permission prompts and add Privacy & Access status/actions in Settings. Thanks @BunsDev.
-- Canvas: return not found for malformed percent-encoded Canvas/A2UI/document asset paths and keep decoded parent traversal blocked before path normalization.
-- Telegram: allow trusted local Bot API media files whose filenames start with dots instead of falling back to remote download.
-- Agents: remap injected context files under dot-dot-prefixed workspace directories when a run switches to an effective sandbox workspace.
-- Agents: allow dot-dot-prefixed filenames such as `..note.txt` through sandbox FS bridge, remote sandbox reads, and apply_patch summaries without mistaking the name for parent traversal.
-- CLI/migrate: hide per-item source/plugin hints on non-conflicting Codex skill and plugin selection prompts, keeping the hint text reserved for rows that actually need attention. Thanks @sjf.
-- Codex harness: treat high-confidence app-server OAuth refresh invalidation as a terminal auth-profile failure, stopping repeated raw token-refresh errors without turning entitlement or usage-limit payloads into re-auth prompts.
-- CLI/migrate: humanize Codex conflict-status messaging across the migrate UI so selection prompts and plan/result rows say "Codex skill already installed in workspace" instead of surfacing internal `MIGRATION_REASON_*` codes. Thanks @sjf.
-- CLI/migrate: render migrate result rows with distinct glyphs for manual-review (🔍) and archive (📖) items instead of the misleading "skipped" and "migrated" checkmarks, so users can see which entries still need attention versus which were filed away. Thanks @sjf.
-- CLI/migrate: split Codex migrate output into separate preview and result phases so the Before plan and After result render through clack with independently tunable copy. Thanks @sjf.
-- Codex app-server: project bundle and user MCP servers into Codex threads, rotate threads when an MCP server is disabled, scope bundle MCP injection to bundled servers, and resend user MCP config on resume so MCP changes take effect mid-session without restarting the agent. (#81551) Thanks @jalehman.
-- Codex migration: invoke the managed Codex binary instead of a stale system `codex` for source-config migration plans, so users running the bundled Codex runtime get plan output that matches the binary the gateway will actually use. (#81582) Thanks @fuller-stack-dev.
-- Subagents/maintenance: preserve pending subagent registry sessions during session-store cleanup, pruning, and disk-budget enforcement so in-flight subagent runs are not deleted by background maintenance before they complete. (#81498) Thanks @ai-hpc.
-- Plugin SDK: restore the deprecated `openclaw/plugin-sdk/memory-core` package subpath as an alias of `memory-host-core`, so published memory companion plugins that still import it resolve on current hosts.
-- Control UI/chat: reconcile terminal and reconnect run cleanup with cached session activity, stale compaction/fallback indicators, and a compact composer run-status chip so completed or interrupted turns do not leave Stop active. Fixes #76874 and #64220; refs #71630. Thanks @BunsDev.
-- Maintainer tooling: clarify which pnpm test/check commands are safe locally versus inside Codex worktrees, routing linked-worktree gates through node wrappers and Crabbox/Testbox.
-- Auto-reply: preserve same-key ordering when debounced inbound work falls back to immediate flushes, so follow-up turns cannot overtake an active buffered flush.
-- Telegram/WhatsApp: keep Telegram same-chat replies ordered behind active no-delay turns without blocking WhatsApp follow-up message dispatch.
-- Codex migration: avoid duplicate cached plugin bundle warnings when app-server plugin inventory is available.
-- Agents: suppress aborted embedded assistant partials, reasoning text, reply directives, and stale prior replies before user-facing delivery while preserving clean timeout/error payloads. Fixes #48241. Thanks @BunsDev, @andyliu, and @yassinebkr.
-- Agents: allow dot-dot-prefixed filenames such as `..file.txt` inside workspace and sandbox path policy while still rejecting real parent traversal.
-- Native image input: detect Windows drive image paths in plain prompts so `C:\...\screenshot.png` references are not missed.
-- Media: normalize Windows-style filename hints before staging attachments, remote media, audio transcodes, and saved-media display names, so POSIX hosts do not preserve drive or directory text in generated filenames.
-- Media references: resolve first-level inbound media files whose IDs start with dots instead of treating names like `..photo.png` as parent traversal.
-- iOS/chat: resize PhotosPicker image attachments to capped JPEGs before staging and sending, stripping source metadata and keeping oversized camera photos under the chat upload budget. Fixes #68524. Thanks @BunsDev.
-- Control UI: keep shared form, config, and usage text-entry controls at 16px on touch-primary devices while preserving chat composer input sizing, so iOS Safari no longer auto-zooms focused fields. Fixes #64651; carries forward #64673. Thanks @NianJiuZst and @BunsDev.
-- Codex harness: classify native app-server token-refresh logout and relogin failures as authentication refresh errors, so users get re-authentication guidance instead of a raw runtime failure.
-- Agents/trajectory: make the trajectory flush cleanup timeout configurable with `OPENCLAW_TRAJECTORY_FLUSH_TIMEOUT_MS`, preserving the 10s default while slower stores drain. Refs #75839. Thanks @BunsDev.
-- Codex startup: treat selectable configured OpenAI agent models as Codex runtime requirements during plugin auto-enable, startup planning, and doctor install repair, so Anthropic-primary configs can still switch to OpenAI/Codex cleanly.
-- Agents: preserve source-reply delivery metadata when merging tool-returned media into the final reply, keeping message-tool-only replies deliverable and mirrored. Thanks @pashpashpash and @vincentkoc.
-- Replies: treat rich presentation, interactive controls, and channel-native payload data as outbound content across follow-up, heartbeat, cron, ACP, and block-streaming delivery paths, preventing card/button-only replies from being dropped as empty.
-- macOS/companion: require system TLS trust before pinning a first-use direct `wss://` gateway certificate and honor `gateway.remote.tlsFingerprint` as the explicit pin for remote node-mode sessions, so fresh endpoints fail closed when macOS cannot trust the certificate unless configured out of band. Fixes #50642. Thanks @BunsDev.
-- Update: snapshot config before update-time repair and restart writes, preserve plugin install records through doctor cleanup, and keep update-time config size drops from blocking the update while pointing users to the pre-update backup. Fixes #80077. (#80257) Thanks @Jerry-Xin and @vincentkoc.
-- WebChat/TUI: route Codex `tools.message` source replies to the active internal UI turn and mirror them to session history, so message-tool-only harness replies, including rich presentation and button-only replies, no longer disappear while WebChat and TUI remain non-targetable outbound channels. (#81586) Thanks @pashpashpash.
-- Codex auth: accept OAuth profiles backed by `oauthRef` during runtime auth selection, so official Codex OAuth logins are used by app-server agent runs. (#81633) Thanks @obviyus.
-- Sessions/status: classify ACP spawn-child sessions as `kind: "spawn-child"` instead of `"direct"` in `openclaw sessions` and status output; extract the duplicated session-kind classifier into a shared helper (`src/sessions/classify-session-kind.ts`) so both surfaces stay in sync. Fixes catalog #19. (#79544)
-- Sessions/Gateway: report `agentRuntime.id: "acpx"` (or stored backend id) with `source: "session-key"` for ACP control-plane session rows in `openclaw sessions --json`, `openclaw status`, and Gateway session RPC responses instead of the incorrect `"auto"` / `"pi"` implicit fallback. Fixes catalog #18. (#79550)
-- Telegram: delete tool-progress-only draft bubbles before rotating to the real answer, preventing orphaned progress messages in streamed replies.
-- Codex app-server: keep per-agent `CODEX_HOME` isolation without rewriting `HOME` by default, so Codex-run subprocesses can still find normal user-home config, tokens, and CLI state unless the launch explicitly overrides `HOME`. Thanks @pashpashpash.
-- ACP: preserve redacted numeric JSON-RPC `RequestError` details in runtime failure text, so backend diagnostics are visible instead of only `Internal error`. Fixes #81126. (#81188) Thanks @vyctorbrzezowski.
-- Agents: cache unchanged PI model discovery stores and model lookups, reducing repeated model-resolution startup latency under large model configs. Fixes #78851.
-- Onboarding: carry returned Codex plugin migration config through the OpenAI model wizard so accepted plugin migrations are saved with the final config write.
-- Security/Windows ACL audit: classify Anonymous Logon, Guests, Interactive, Local, and Network SIDs as world-equivalent principals so broadly writable paths stay critical instead of being downgraded to group-writable. Fixes #74350. (#74383) Thanks @dwc1997.
-- Media-understanding: retry transient remote attachment fetch failures before audio or vision processing, so Discord voice notes are not lost after one network/CDN blip. Fixes #74316. Thanks @vyctorbrzezowski and @gabrielexito-stack.
-- Control UI: order timestamped live stream and tool items before untimestamped history fallbacks, keeping chat history in visible time order. Fixes #80759. (#81016) Thanks @akrimm702.
-- iMessage: stop sending visible `<media:image>` placeholder text for media-only native image sends while preserving the internal echo key that prevents self-echo duplicate replies. (#81209) Thanks @homer-byte.
-- Agents/sessions: create configured agent main sessions before first `sessions_send` or gateway send, so agent-to-agent messages no longer fail when the target agent has not started yet.
-- gateway: pass Talk session scope to resolver [AI]. (#81379) Thanks @pgondhi987.
-- Gateway protocol: require v4 clients and stream explicit chat `deltaText`/`replace` frames so SDK clients can consume assistant updates without local diffing. (#80725) Thanks @samzong.
-- OpenAI plugin: clarify remote Codex OAuth login copy so tunneled users know sign-in may finish automatically before they paste the redirect URL. (#81301) Thanks @rubencu.
-- GitHub Copilot: exchange OAuth tokens for Copilot API tokens on image understanding requests and route Gemini image payloads through Chat Completions, fixing Copilot Gemini image descriptions. (#80393, #80442) Thanks @afunnyhy.
-- Gateway: hide pending Node pairing commands, capabilities, and permissions until approval, and refresh the live approved surface when pairings change. (#80741) Thanks @samzong.
-- SGLang: preserve replayed reasoning history for OpenAI-compatible chat completions, keeping thinking-capable local models from losing prior reasoning turns. (#81091) Thanks @akrimm702.
-- Plugins/Feishu/WhatsApp/Line: enforce inbound media size caps while reading download streams, avoiding full buffering of oversized attachments. (#81044, #81050) Thanks @samzong.
-- Plugins/install: limit install-time code safety scans to plugin-owned runtime entrypoints while keeping dependency manifest denylist checks, so trusted packages with large dependency trees no longer get blocked or warned on third-party runtime internals.
-- Config: serialize and retry semantic config mutations centrally, so concurrent commands can rebase safe changes instead of clobbering or hand-rolling command-local retry loops. (#76601)
-- Require approval for setup-code device pairing [AI]. (#81292) Thanks @pgondhi987.
-- Plugins/install: preserve third-party peer dependencies in the managed npm root when later plugin installs or updates recalculate the shared dependency tree. Thanks @shakkernerd.
-- Plugins/uninstall: prune managed third-party peer dependencies after their owning npm plugin is removed, without blocking plugin cleanup on peer-prune failures.
-- Docker: pin setup-time container paths so stale host `.env` OpenClaw paths cannot leak into Linux containers. Fixes #80381. (#81105) Thanks @brokemac79.
-- Channels/WeCom: refresh the official onboarding install to `@wecom/wecom-openclaw-plugin@2026.5.7` and update existing managed npm installs instead of failing on the package directory. Fixes #79884. (#80390) Thanks @brokemac79.
-- Control UI/WebChat: keep short assistant replies clear of in-bubble copy/open action buttons by applying the existing reserved action spacing in the grouped chat renderer. Fixes #79509. (#81244) Thanks @JARVIS-Glasses.
-- Anthropic: reseed Claude CLI fresh-session retries from bounded OpenClaw transcript history after session rotation, preventing conversation amnesia. Fixes #80905. (#80934) Thanks @bitloi.
-- Require explicit browser device pairing [AI]. (#81289) Thanks @pgondhi987.
-- Require Control UI pairing before proxy-scoped access [AI]. (#81288) Thanks @pgondhi987.
-- Installer: honor `--version` for git installs and install from the checked-in lockfile, preventing recent dependency pins from tripping pnpm's minimum-release-age gate during tag installs.
-- Agents: deliver same-process subagent completion handoffs through the in-process agent dispatcher instead of opening a Gateway RPC loopback.
-- Harden trusted-proxy source validation [AI]. (#81290) Thanks @pgondhi987.
-- Agents: add permissive item schemas to array tool parameters before provider submission, preventing OpenAI-compatible schema validation from rejecting plugin tools that omit `items`. Fixes #81175. (#81217) Thanks @JARVIS-Glasses.
-- Agents: escalate LLM idle watchdog timeouts through profile rotation and configured model fallback instead of leaving agent turns stuck after a silent model stream. Fixes #76877. (#80449) Thanks @jimdawdy-hub.
-- Discord voice: treat OpenAI Realtime startup auth failures as fatal, suppress duplicate realtime error logs, and stop autoJoin from retrying the same broken voice channel until credentials are fixed.
-- ACPX: stop forwarding unsupported timeout config options to Claude ACP while preserving OpenClaw's own turn timeout. (#80812) Thanks @sxxtony.
-- Session transcripts: redact sensitive message content in the centralized JSONL append path so CLI turns, gateway transcript injection, transcript mirrors, and guarded tool results use the same configured redaction behavior. Fixes #73565. Refs #73563. (#79645) Thanks @Ziy1-Tan.
-- Channels/iMessage: ignore Apple link-preview plugin payload attachments when users paste URLs, keeping the URL text while avoiding phantom media context. (#79374) Thanks @homer-byte.
-- Telegram: detect polling stalls from `getUpdates` liveness only, so outbound API calls no longer mask dead inbound polling; log polling-cycle starts after transport rebuilds. Fixes #78473.
-- fix(plugins): scan installed dependency runtime code [AI]. (#81066) Thanks @pgondhi987.
-- Inherit tool restrictions for delegated sessions [AI]. (#80979) Thanks @pgondhi987.
-- Codex harness: make the live test wrapper portable to Windows and defer locked temp cleanup so native Windows and WSL2 live runs complete.
-- Telegram: discard legacy long-poll update offsets that cannot be tied to the current bot token, so token rotation no longer leaves bots silently skipping new messages. (#80671) Thanks @sxxtony.
-- browser: enforce navigation checks for act interactions [AI]. (#81070) Thanks @pgondhi987.
-- Validate node exec event provenance [AI]. (#81071) Thanks @pgondhi987.
-- Gateway: keep active reply runs visible to stuck-session diagnostics and clear no-active-work recovery state, preventing stale queued lanes after compaction or tool failures. Fixes #80677. (#81302)
-- Codex app-server: rotate incompatible context-engine-managed native threads so Lossless-managed sessions do not resume stale hidden Codex history. (#81223) Thanks @jalehman.
-- Codex cron: execute scheduled command-style automation payloads before workspace bootstrap or memory review, preserving existing isolated cron jobs after Codex harness migration. (#81510) Thanks @jalehman.
-- Plugin LLM completions: honor Codex agent-runtime policy for canonical OpenAI model refs, so context-engine summarizers can use Codex OAuth instead of requiring direct `OPENAI_API_KEY` auth. (#81511) Thanks @jalehman.
-- Gateway/OpenAI HTTP: return OpenAI-compatible 400 errors for invalid sampling params and provider validation failures instead of collapsing them to 500s. (#81275) Thanks @Lellansin.
-- Telegram: publish plugin and skill command description localizations to native command menus while filtering unsupported locale codes and preserving Telegram command limits. (#81351) Thanks @jzakirov.
-- Limit hook CLI tool authority [AI]. (#81065) Thanks @pgondhi987.
-- Require admin scope for node device token management [AI]. (#81067) Thanks @pgondhi987.
-- Restrict chat sender allowlist matching [AI]. (#80898) Thanks @pgondhi987.
-- Update: suppress the false newer-config warning during restart health probing after an update handoff, while keeping future-version mutation guards intact. (#78652)
 - Sessions: redact persisted tool result detail metadata before writing transcripts so diagnostic secrets do not survive tool output redaction. (#80444) Thanks @nimbleenigma.
-- Codex runtime: allow the official installed `@openclaw/codex` package to use its private task-runtime and MCP projection SDK helpers, fixing `MODULE_NOT_FOUND` during migrated OpenAI/Codex beta runs.
 - Codex migration: make Enter activate the highlighted checkbox row before continuing, so `Skip for now` and bulk-selection rows work even when planned items start preselected.
-- Link understanding: fetch page content through the SSRF guard before running configured CLI summarizers, preventing curl/wget-style link fetchers from reaching private redirect or DNS-rebound targets.
 - fix: harden safe-bin argument validation [AI]. (#80999) Thanks @pgondhi987.
 - fix: scan plugin runtime entries during install [AI]. (#80998) Thanks @pgondhi987.
 - Codex harness: keep auth-profile-backed media tools such as `image_generate` available when OpenAI auth lives in the agent's auth-profile store instead of environment variables.
@@ -126,8 +26,6 @@ Docs: https://docs.openclaw.ai
 - fix(gateway): honor minimal discovery mode for wide-area DNS-SD [AI]. (#80903) Thanks @pgondhi987.
 - slack: enforce reaction notification policy [AI]. (#80907) Thanks @pgondhi987.
 - Enforce gateway command scopes by caller context [AI]. (#80891) Thanks @pgondhi987.
-- Telegram/groups: in single-account setups, treat an explicit empty `accounts.<id>.groups: {}` map the same as undefined so the root `channels.telegram.groups` allowlist still applies, instead of silently dropping every group update under the default `groupPolicy: "allowlist"`. Multi-account semantics are unchanged so per-account explicit-empty groups still scope-disable a single account without affecting siblings; the explicit way to block all groups for any account remains `groupPolicy: "disabled"`. Fixes #79427. (#81030) Thanks @kinjitakabe.
-- Codex (app-server): project user-configured `mcp.servers` into new Codex thread configs, matching the codex-cli runtime's existing `-c mcp_servers=...` behavior so app-server-runtime agents see the same user MCP servers the CLI runtime already exposes. Plugin-curated apps remain attached via the separate `apps` config patch. Fixes #80814. Thanks @kinjitakabe.
 - Enforce Slack plugin approval button authorization [AI]. (#80899) Thanks @pgondhi987.
 - Recognize PowerShell -ec inline commands [AI]. (#80893) Thanks @pgondhi987.
 - fix(qqbot): authorize approval button callbacks [AI]. (#80892) Thanks @pgondhi987.
@@ -135,52 +33,24 @@ Docs: https://docs.openclaw.ai
 - Scrub streamable MCP redirect headers [AI]. (#80906) Thanks @pgondhi987.
 - fix(memory-wiki): require admin scope for ingest [AI]. (#80897) Thanks @pgondhi987.
 - memory-wiki: require write scope for Obsidian search [AI]. (#80904) Thanks @pgondhi987.
-- WhatsApp: externalize the channel as a ClawHub/npm plugin outside the core npm runtime bundle, and bump Baileys to `7.0.0-rc11` so libsignal resolves from the registry instead of a GitHub tarball.
-- WhatsApp: keep optional audio decoding dependencies local to the external plugin so the core npm install no longer pulls WhatsApp-only media helpers.
 - Build: skip copied metadata for bundled plugins that are excluded from build entries, preventing update/status rebuilds from advertising missing QQ Bot runtime files. (#80925)
 - Control UI/sessions: nest subagent sessions under their parent session in the session picker dropdown using a visual `└─ ` prefix, making the parent-child relationship clear. Fixes #77628. (#78623) Thanks @chinar-amrutkar.
-- Telegram: limit concurrent startup `getMe` probes across multi-account bots so large Telegram configs do not fan out all account probes at once during gateway startup. Refs #80695. (#80986) Thanks @stainlu.
-- fix(config): reject auto-managed meta.lastTouched\* paths in config set/unset (#80856). Thanks @ai-hpc
 - Auto-reply: surface a visible error when the configured model backend fails and fallback produces no visible reply, while preserving intentional silent turns and side-effect-only deliveries. (#80917) Thanks @dutifulbob.
 - Agents/exec: skip redundant heartbeat wake-ups for subagent session exec completions, preventing spurious LLM invocations on parent sessions. Fixes #66748. (#66749) Thanks @ggzeng.
 - Provider streams: keep OpenAI-compatible SSE and JSON fallback streams draining across split chunks and fail Azure Responses streams with a bounded first-event diagnostic instead of stalling. Refs #80926. (#80927) Thanks @galiniliev and @CaptainTimon.
 - Agents: rewrite generic provider internal errors with support request IDs into user-friendly transient error copy. (#49401) Thanks @y471823206.
-- WhatsApp: finish handling pending debounced inbound messages before closing the socket. (#81246) Thanks @mcaxtr.
-- CLI/commitments: write `--json` output to stdout instead of diagnostic logs so automation can parse commitment list and dismiss results. (#81215) Thanks @giodl73-repo.
-- Update: allow pnpm GitHub-source OpenClaw updates to approve the OpenClaw package build, so source installs complete their prepare/prepack lifecycle. (#81294) Thanks @fuller-stack-dev.
-- Test state: seed isolated auth-profile secret keys for generated homes, preventing helper-backed proof runs from falling back to host Keychain secrets. (#81393) Thanks @altaywtf.
-- Plugins/runtime: attribute deprecated runtime config load/write warnings to the plugin id and source that triggered them so logs and plugin doctor runs are actionable. Refs #81394. (#81425) Thanks @BKF-Gitty.
-- Plugins/update: clear stale allow/deny entries and selected plugin slots when disabling a plugin after update failure, keeping failed external plugin updates from leaving half-disabled config. (#81512) Thanks @JARVIS-Glasses.
-- Memory/LanceDB: make auto-capture recognize short CJK memory phrases and configurable literal triggers, so Chinese, Japanese, and Korean users can capture memories without regex or LLM intent detection. Fixes #75680. Thanks @vyctorbrzezowski and @guokewuming.
-- Plugins doctor: report stale plugin config warnings and avoid claiming full plugin health when config warnings remain. (#81515) Thanks @BKF-Gitty.
-- Sessions: display `model: "<agentId>-acp"` / `modelProvider: "acpx"` (ACP-runtime sentinel) for ACP control-plane sessions in `openclaw sessions` output, instead of the agent's configured model which was misleading. Catalog finding 20. (#79543)
-- Slack: normalize message read `before` and `after` timestamp bounds before calling Slack history or thread reply APIs. Fixes #80835. (#81338) Thanks @honor2030.
-- Gateway: throttle assistant/thinking agent event fanout during streaming bursts without dropping buffered deltas. (#80335) Thanks @samzong.
 
 ### Changes
 
-- Control UI: add a browser-local Text size setting in Appearance and Quick Settings, scaling chat and dense UI text while keeping inputs above the mobile Safari focus-zoom threshold. Fixes #8547. Thanks @BunsDev.
-- Docs: add a dedicated ds4 provider page with local DeepSeek V4 Flash config, on-demand startup, context sizing, and live verification steps.
-- Release validation: add a package-installed Docker user-journey lane that verifies onboarding, mocked model setup, external plugin install/uninstall, ClickClack outbound/inbound messaging, Gateway restart survival, and doctor.
-- Release validation: add package-installed Docker lanes for real TTY onboarding, media and memory persistence, published-package upgrade journeys, and local marketplace plugin install/update/uninstall coverage.
-- Maintainers: add a Clawdtributor skill for Discrawl-backed contributor PR triage, live status checks, and compact review formatting.
-- Telegram: support Mini App `web_app` buttons in generic message presentation payloads, allowing `openclaw message send --presentation` to render Telegram Web App inline buttons for private chats. (#81356) Thanks @jzakirov.
-- Scripts: add `OPENCLAW_HEAVY_CHECK_LOCK_SCOPE=worktree` so high-capacity local worktrees can use independent heavy-check locks while shared locks remain the default. Fixes #80729. (#80734) Thanks @samzong.
-- Agents/subagents: deliver native `sessions_spawn` tasks in the child session's first visible `[Subagent Task]` message instead of hiding the task in the sub-agent system prompt, keeping delegation auditable without duplicating tokens. Fixes #78592. Thanks @bradestes and @stainlu.
-- Messages/queue: make mid-turn prompts steer active runs by default via `/queue steer`, preserve `/queue followup` and `/queue collect` for users who want messages to queue by default, and make `/steer` continue as a normal prompt when steering is unavailable. (#77023) Thanks @fuller-stack-dev.
 - Voice Call/Telnyx: add realtime media-streaming call support for conversational voice calls. (#81024) Thanks @dynamite-bud.
 - Gateway/OpenAI HTTP: honor `max_completion_tokens` and `max_tokens` on inbound `/v1/chat/completions` requests so client-provided token caps reach the upstream provider via `streamParams.maxTokens`, with `max_completion_tokens` taking precedence when both are sent. Thanks @Lellansin.
 - Models/OpenAI CLI auth: make `openclaw models auth login --provider openai` start the ChatGPT/Codex account login by default, while `--method api-key` remains the explicit OpenAI API-key setup path.
 - Google/Gemini: normalize retired Gemini 3 Pro Preview ids inside explicit SDK OAuth auth-result config patches, so provider helpers emit `google/gemini-3.1-pro-preview` for Gemini 3.1 testing.
 - Google/Gemini: normalize retired Gemini 3 Pro Preview ids inside SDK OAuth auth-result default config patches, so helper-built provider auth flows emit `google/gemini-3.1-pro-preview` for Gemini 3.1 testing.
 - Google/Gemini: normalize retired Gemini 3 Pro Preview ids returned by direct `openclaw models auth login --set-default` provider auth flows before writing config, so Gemini testing targets `google/gemini-3.1-pro-preview`.
-- Google/Gemini: normalize retired Gemini 3 Pro Preview ids in per-agent config defaults and auth patches, so agent-specific emitted config keeps targeting `google/gemini-3.1-pro-preview`.
 - Google/Gemini: normalize retired Gemini 3 Pro Preview ids in provider catalog rows when API-key onboarding only reapplies the agent default, so emitted config keeps testing `google/gemini-3.1-pro-preview`.
-- Google/Gemini: normalize retired Gemini 3 Pro Preview ids in `config set` mutation output for agent overrides and provider catalog rows, so current config emits `google/gemini-3.1-pro-preview`.
 - Google/Gemini: canonicalize provider-qualified retired Gemini 3 Pro Preview refs during Google forward-compatible model resolution, so emitted config uses `google/gemini-3.1-pro-preview` for Gemini 3.1 testing.
 - Google/Gemini: normalize proxy-prefixed retired Gemini 3 Pro Preview catalog rows, so emitted configs use `google/gemini-3.1-pro-preview` for Gemini 3.1 testing.
-- Google/Gemini: normalize retired Gemini 3 Pro Preview ids inside per-agent model overrides before writing config, so agent-specific config emits `google/gemini-3.1-pro-preview` for Gemini 3.1 testing.
-- Google/Gemini: normalize retired Gemini 3 Pro Preview ids in subagent, heartbeat, compaction, and subagent-tool model config during writes, so current config keeps emitting `google/gemini-3.1-pro-preview`.
 - Docs/subagents: document `agents.defaults.subagents.announceTimeoutMs` in the sub-agent and configuration references. (#75509) Thanks @akrimm702.
 - Cron: add direct `cron.get`, `openclaw cron get <id>`, and agent-tool `get` support for inspecting one stored cron job by id. (#75117) Thanks @samzong.
 - Agents/tools: add per-sender tool policies with canonical channel-scoped sender keys, so operators can restrict dangerous tools by requester identity across global, agent, group, core, bundled, and plugin tool surfaces. (#66933) Thanks @JerranC.
@@ -230,7 +100,6 @@ Docs: https://docs.openclaw.ai
 - Dependencies: refresh workspace pins and patch targets, including ACPX `@agentclientprotocol/claude-agent-acp` `0.33.1`, Codex ACP `0.14.0`, Baileys `7.0.0-rc10`, Google GenAI `2.0.1`, OpenAI `6.37.0`, AWS SDK `3.1045.0`, Kysely `0.29.0`, Tlon skill `0.3.6`, Aimock `1.19.5`, and tsdown `0.22.0`.
 - Dependencies: refresh workspace pins for Anthropic SDK, Smithy shared ini loading, Playwright, YAML, Aimock, TypeScript native preview, Vitest, Oxlint/Oxfmt, Vite, and pnpm 11.1.0.
 - Dependencies: hard-pin non-peer direct dependency specs across bundled packages and add a changed-check guard so runtime installs resolve the exact versions tested by maintainers.
-- Dependencies: add release dependency evidence reports, npm advisory gating, and PR dependency-change awareness so maintainers can review dependency risk before and during releases. Thanks @joshavant.
 - Dependencies: move embedded Pi packages to the `@earendil-works` namespace, refresh Twitch Twurple packages, and move `@openclaw/fs-safe` from the GitHub release pin to the published npm package.
 - Build: route Testbox changed-check delegation through Crabbox and remove the OpenClaw-specific Blacksmith Testbox helper scripts.
 - Agents/compaction: preserve scoped background exec/process session references across embedded compaction and after-turn runtime contexts without exposing sessions from unrelated scopes. Fixes #79284. (#79307) Thanks @TurboTheTurtle.
@@ -253,14 +122,12 @@ Docs: https://docs.openclaw.ai
 - CLI/media: render terminal QR codes with full-block characters by default so the bundled `qrcode` terminal renderer does not emit a pathologically dense ANSI final row in compact half-block mode that breaks scanning in some terminals. Fixes #77820. Thanks @KrasimirKralev.
 - Agents/compaction: read post-compaction AGENTS.md refresh context from the queued run workspace instead of the runner process cwd, so CLI-backed follow-up turns re-inject the correct workspace startup rules after compaction. Fixes #70541. (#75532) Thanks @vyctorbrzezowski.
 - Agents/read tool: treat positive offsets beyond EOF as empty ranges instead of surfacing the upstream read error, so stale pagination cursors no longer crash tool calls while unrelated read failures still fail loud. Fixes #62466. (#75536) Thanks @vyctorbrzezowski.
-- Agents/memory-flush: surface non-abort memory-flush failures (provider timeout, transport error, generic agent failure) as visible reply payloads so the outer reply loop short-circuits and isolated cron runs propagate the error into `meta.error` instead of completing silently with `status: "ok"` and an empty payload. Previously only the specific "Memory flush writes are restricted to ..." message was surfaced. Fixes #80755. Thanks @nailujac.
 - Google/Gemini: normalize retired Gemini 3 Pro Preview refs left in Google API-key onboarding model allowlists and fallbacks, so setup-emitted config keeps testing `google/gemini-3.1-pro-preview` instead of `google/gemini-3-pro-preview`.
 - Telegram/context: bound selected topic context to the active session so messages from before `/new` or `/reset` are not replayed into later turns. (#80848) Thanks @VACInc.
 - Google/Gemini: normalize retired nested Gemini 3 Pro Preview ids when resolving exact configured proxy-provider refs, so `kilocode/google/gemini-3-pro-preview` resolves to `kilocode/google/gemini-3.1-pro-preview` for Gemini 3.1 testing.
 - CLI: strip generic OSC terminal escape payloads from sanitized output fields, preventing clipboard/title escape bodies from leaking into commitment tables and other terminal-safe text. Thanks @shakkernerd.
 - Codex app-server: match connector-backed plugin approval elicitations by stable connector id so enabled destructive actions no longer fall through to display-name-only rejection.
 - Build: replace selected build utility `tsx` preloads with Node native type stripping so Node 26 build paths no longer emit `DEP0205` module loader deprecation warnings. (#78584) Thanks @keshavbotagent.
-- Channels/loop-guard: enforce shared per-pair bot loop protection in the core channel-turn kernel, with Discord, Slack, Matrix, and Google Chat supplying bot-pair facts where they can reliably identify accepted bot-authored messages. The generic guard keys on `(scope, conversation, participant pair)`, suppresses every additional bot-to-bot event in either direction once a pair crosses the configured budget, and lifts suppression after `cooldownSeconds`. Defaults are `maxEventsPerWindow: 20`, `windowSeconds: 60`, and `cooldownSeconds: 60` whenever a channel lets bot-authored messages reach dispatch; they can be set globally via `channels.defaults.botLoopProtection` and overridden per channel/account or supported per-conversation config. Fixes #58789. Thanks @pandadev66.
 - Media generation: honor configured music and video generation timeouts when tool calls omit `timeoutMs`, matching image generation behavior. (#80687)
 - CLI/update/status: label beta-channel plugin fallback and model-pricing refresh failures as warnings, keeping mixed beta/latest plugin cohorts visible without making core update or Gateway reachability look failed. Fixes #80689. Thanks @BKF-Gitty.
 - Doctor/plugins: relink managed npm plugin `openclaw` peer dependencies during `doctor --fix`, while refusing to follow package-local `node_modules` symlinks outside the plugin package. (#77412) Thanks @TheCrazyLex.
@@ -375,7 +242,6 @@ Docs: https://docs.openclaw.ai
 - System events: dedupe keyed events across the queue while preserving unkeyed, delivery-route, and trust-boundary event identity. (#73040) Thanks @statxc.
 - Agents/UI: compact exec and tool progress rows by hiding redundant shell tool names, replacing known workspace paths with short context markers, and preserving Discord trace scrubbing for compact command lines.
 - ACPX: run and await the embedded ACP backend startup probe by default so the gateway `ready` signal no longer fires before the acpx runtime has either become usable or reported a probe failure; set `OPENCLAW_ACPX_RUNTIME_STARTUP_PROBE=0` to restore lazy startup. Fixes #79596. Thanks @bzelones.
-- Agents/memory-flush: surface non-abort memory-flush failures (provider timeout, transport error, generic agent failure) as visible reply payloads so the outer reply loop short-circuits and isolated cron runs propagate the error into `meta.error` instead of completing silently with `status: "ok"` and an empty payload. Previously only the specific "Memory flush writes are restricted to ..." message was surfaced. Refs #80755. Thanks @kinjitakabe and @nailujac.
 - Gateway/status: surface model-pricing bootstrap and refresh failures as degraded health/status warnings while keeping Gateway liveness healthy. Fixes #79599. Thanks @bzelones.
 - OpenAI-compatible models: strip prior assistant reasoning fields from replayed Chat Completions history by default, preventing oMLX/vLLM Qwen follow-up turns from rejecting or stalling on stale `reasoning` payloads. Fixes #46637. Thanks @zipzagster and @lexhoefsloot.
 - CLI/onboarding: give non-Azure custom providers a safe generated context window and heal legacy 4k wizard entries without overwriting explicit valid small model limits, preventing first-turn compaction loops. Fixes #79428. (#79911) Thanks @Jefsky.
@@ -394,7 +260,6 @@ Docs: https://docs.openclaw.ai
 - Control UI/config: remove plugin allowlist entries that the form auto-added when a plugin enable toggle is reverted before saving, so reverting the visible toggle clears dirty state without persisting unintended allowlist changes. (#78329) Thanks @samzong.
 - Gateway/mobile: reuse bootstrap-issued device-token scopes on handoff reconnects and surface device-token scope mismatches separately from token mismatches while preserving full shared-token dashboard/native sessions. Fixes #79292. Thanks @BunsDev.
 - Media/host-read: allow buffer-verified gzip, tar, and 7z archives in the shared host-local media validator alongside ZIP and document attachments.
-- Plugins/install: retry managed npm plugin installs without npm alias overrides after npm's `Invalid comparator: npm:` failure, so older npm versions can install official plugins instead of aborting. (#80539) Thanks @rubencu.
 - Plugins/doctor: invalidate persisted plugin registry snapshots when plugin diagnostics point at deleted source paths, so `openclaw doctor` stops repeating stale warnings after a local extension is replaced by a managed npm plugin. Fixes #80087. (#80134) Thanks @hclsys.
 - Doctor/OpenAI Codex: preserve Codex auth intent when auto-repairing legacy `openai-codex/*` model refs to canonical `openai/*` by adding provider/model-scoped Codex runtime policy, preventing repaired configs from falling through to direct OpenAI API-key auth. Fixes #78533 and #78570. Thanks @superck110 and @Azmodump.
 - CLI/agents: surface durable message delivery status from `sendDurableMessageBatch` in `deliverAgentCommandResult` and `openclaw agent --json --deliver`, preserving suppressed hook outcomes as terminal no-retry results while exposing partial and failed sends for automation. Supersedes #53961 and #57755. Thanks @Kaspre.
@@ -615,7 +480,6 @@ Docs: https://docs.openclaw.ai
 - CLI/migrate: show native Codex plugin names before truncated plan items and prompt for plugin activation explicitly during interactive Codex migration instead of silently keeping every planned plugin. Thanks @kevinslin.
 - CLI/migrate: leave already configured target Codex plugins unchecked in the interactive plugin selector and show a `plugin exists` conflict hint while keeping new plugin activations selected by default. Thanks @kevinslin.
 - CLI/migrate: return cleanly without apply confirmation when interactive Codex migration leaves both skill copies and native plugin activations unselected. Thanks @kevinslin.
-- Gateway/sessions: extend the per-call sessions-list `rowContext` cache with memoization for `resolveSessionDisplayModelIdentityRef`, thinking metadata, and `resolveModelCostConfig` so deterministic per-row resolvers run once per unique `(provider, model[, agentId])` tuple instead of once per session. Cuts CPU on `sessions.list` for stores with many sessions sharing a small set of model tuples; behavior is unchanged for callers that pass no `rowContext`. Thanks @rolandrscheel.
 - Cron CLI: add `openclaw cron list --agent <id>`, normalize the requested agent id, and include jobs without a stored agent id under the configured default agent while keeping `cron list` unfiltered when no agent is supplied. Fixes #77118. Thanks @zhanggttry.
 - Slack/performance: reduce message preparation, stream recipient lookup, and thread-context allocation overhead on Slack reply hot paths. Thanks @vincentkoc.
 - Control UI/chat: strip untrusted sender metadata from live streams and transcript display, preserve canvas preview anchors, and stop operator UI clients from injecting their internal client id as sender identity. Fixes #78739. Thanks @tmimmanuel, @guguangxin-eng, @hclsys, and @BunsDev.
@@ -756,7 +620,7 @@ Docs: https://docs.openclaw.ai
 - Control UI/chat: hide retired and non-public Google Gemini model IDs from chat model catalogs and route the bare `gemini-3-pro` alias to Gemini 3.1 Pro Preview instead of the shut-down Gemini 3 Pro Preview. Thanks @BunsDev.
 - CLI/infer: canonicalize case-only catalog model refs in `infer model run --model` so mixed-case provider/model strings resolve to the canonical catalog entry instead of failing with `Unknown model`. (#78940) Thanks @ai-hpc.
 - CLI/infer: allow explicit local `infer model run --model <provider/model>` probes to use exact bundled static catalog rows before the provider is written to config, surfacing missing credentials as auth errors instead of `Unknown model`.
-- CLI/install: revert the beta-only global root-refusal guard so existing root-managed VPS installs keep working; the DigitalOcean split-brain protection will move to a narrower image/install-specific path. Refs #67478 and #67509. Thanks @vincentkoc.
+- CLI/install: refuse state-mutating OpenClaw CLI runs as root by default, keep an explicit `OPENCLAW_ALLOW_ROOT=1` escape hatch for intentional root/container use, and update DigitalOcean setup guidance to run OpenClaw as a non-root user. Fixes #67478. Thanks @Jerry-Xin and @natechicago.
 - Auto-reply/media: resolve `scp` from `PATH` when staging sandbox media so nonstandard OpenSSH installs can copy remote attachments.
 - Agents/PI: route PI-native OpenAI-compatible default streams through OpenClaw boundary-aware transports so local-compatible model runs keep API-key injection and transport policy.
 - Gateway/media: require authenticated owner or admin context for managed outgoing image bytes instead of trusting requester-session headers.
@@ -836,7 +700,6 @@ Docs: https://docs.openclaw.ai
 - Discord/groups: tell Discord-channel agents to wrap bare URLs as `<https://example.com>` so link previews do not expand into uninvited embeds. (#78614)
 - Agents/fallback: fail fast on session write-lock timeouts instead of trying fallback models for local file contention. Fixes #66646. Thanks @sallyom.
 - Browser/SSRF: stop closing user-owned Chrome tabs when a read-only operation (snapshot/screenshot/interactions) is rejected by the SSRF guard — only OpenClaw-initiated navigations now close on policy denial. Thanks @scotthuang.
-- iMessage: stage native inbound attachments into OpenClaw-managed media and convert HEIC/HEIF images to JPEG before dispatch, so image tools can read photos sent over native iMessage without requiring BlueBubbles.
 - Agents/Gateway: throttle and cap live exec command-output events so noisy tool runs cannot flood Gateway WebSocket clients or starve RPC handling. (#78645) Thanks @joshavant.
 - Memory Wiki: skip empty and whitespace-only source pages when refreshing generated Related blocks, preventing blank pages from being rewritten into Related-only stubs. Fixes #78121. Thanks @amknight.
 - Telegram: keep duplicate message-tool-only Codex turns from posting generic silent-reply fallback text, so private finals stay private after inbound dedupe. Thanks @rubencu.
@@ -2243,7 +2106,6 @@ Docs: https://docs.openclaw.ai
 - QQBot: unify slash command auth and c2cOnly gating in the command registry, pass `allowQQBotDataDownloads` when sending slash command file attachments, align clear-storage with actual downloads directory, and add `/bot-me` to display sender user ID. (#73616) Thanks @cxyhhhhh.
 - CLI/agents/status: keep `openclaw agents`, text `agents list`, and plain text `status` on read-only metadata paths so human output no longer preloads plugin runtimes or live channel scans before printing. Fixes #74195. Thanks @NianJiuZst.
 - Agents/local models: derive context-window guard thresholds from the effective model window with 4k/8k safety floors, so small local models are no longer rejected by fixed 16k/32k preflight cutoffs. Fixes #42999. Thanks @chengjialu8888.
-- Providers/media: retry transient provider 5xx, timeout, and selected network failures on the same API key for opted-in media and Google embedding calls while preserving 429 key rotation. Fixes #60422. Thanks @sqsge.
 - PDF extraction: resolve PDF.js standard fonts from the installed package root and pass a filesystem path to the Node fallback extractor, so built-in font PDFs render without `file://` URL lookup failures. Fixes #51455; carries forward #70936, #54447, and #62175. Thanks @anyech, @JuanRdBO, and @solomonneas.
 - Media: treat legacy Word/OLE attachments with `application/msword` or `application/x-cfb` MIME as binary so printable-looking `.doc` files are not embedded into prompts as text. Fixes #54176; carries forward #54380. Thanks @andyliu.
 - Config: accept documented `browser.tabCleanup` keys in strict root config validation, so configured tab cleanup no longer fails before runtime reads it. Fixes #74577. Thanks @lonexreb and @ezdlp.

apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt

@@ -1612,6 +1612,15 @@ internal fun resolveOperatorSessionConnectAuth(
     )
   }
 
+  val explicitBootstrapToken = auth.bootstrapToken?.trim()?.takeIf { it.isNotEmpty() }
+  if (explicitBootstrapToken != null) {
+    return NodeRuntime.GatewayConnectAuth(
+      token = null,
+      bootstrapToken = explicitBootstrapToken,
+      password = null,
+    )
+  }
+
   return null
 }
 

apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayProtocol.kt

@@ -1,4 +1,4 @@
 package ai.openclaw.app.gateway
 
 const val GATEWAY_PROTOCOL_VERSION = 4
-const val GATEWAY_MIN_PROTOCOL_VERSION = 4
+const val GATEWAY_MIN_PROTOCOL_VERSION = 3

apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt

@@ -64,7 +64,6 @@ data class GatewayConnectErrorDetails(
   val code: String?,
   val canRetryWithDeviceToken: Boolean,
   val recommendedNextStep: String?,
-  val pauseReconnect: Boolean? = null,
   val reason: String? = null,
 )
 
@@ -737,7 +736,6 @@ class GatewaySession(
                 code = it["code"].asStringOrNull(),
                 canRetryWithDeviceToken = it["canRetryWithDeviceToken"].asBooleanOrNull() == true,
                 recommendedNextStep = it["recommendedNextStep"].asStringOrNull(),
-                pauseReconnect = it["pauseReconnect"].asBooleanOrNull(),
                 reason = it["reason"].asStringOrNull(),
               )
             }
@@ -1042,17 +1040,20 @@ class GatewaySession(
       detailCode == "AUTH_TOKEN_MISMATCH"
   }
 
-  private fun shouldPauseReconnectAfterAuthFailure(error: ErrorShape): Boolean {
-    val target = desired
-    return shouldPauseGatewayReconnectAfterAuthFailure(
-      error = error,
-      hasBootstrapToken = target?.bootstrapToken?.trim()?.isNotEmpty() == true,
-      role = target?.options?.role,
-      scopes = target?.options?.scopes ?: emptyList(),
-      deviceTokenRetryBudgetUsed = deviceTokenRetryBudgetUsed,
-      pendingDeviceTokenRetry = pendingDeviceTokenRetry,
-    )
-  }
+  private fun shouldPauseReconnectAfterAuthFailure(error: ErrorShape): Boolean =
+    when (error.details?.code) {
+      "AUTH_TOKEN_MISSING",
+      "AUTH_BOOTSTRAP_TOKEN_INVALID",
+      "AUTH_PASSWORD_MISSING",
+      "AUTH_PASSWORD_MISMATCH",
+      "AUTH_RATE_LIMITED",
+      "PAIRING_REQUIRED",
+      "CONTROL_UI_DEVICE_IDENTITY_REQUIRED",
+      "DEVICE_IDENTITY_REQUIRED",
+      -> true
+      "AUTH_TOKEN_MISMATCH" -> deviceTokenRetryBudgetUsed && !pendingDeviceTokenRetry
+      else -> false
+    }
 
   private fun shouldClearStoredDeviceTokenAfterRetry(error: ErrorShape): Boolean = error.details?.code == "AUTH_DEVICE_TOKEN_MISMATCH"
 
@@ -1067,36 +1068,6 @@ class GatewaySession(
   }
 }
 
-internal fun shouldPauseGatewayReconnectAfterAuthFailure(
-  error: GatewaySession.ErrorShape,
-  hasBootstrapToken: Boolean,
-  role: String?,
-  scopes: List<String>,
-  deviceTokenRetryBudgetUsed: Boolean,
-  pendingDeviceTokenRetry: Boolean,
-): Boolean =
-  when (error.details?.code) {
-    "AUTH_TOKEN_MISSING",
-    "AUTH_BOOTSTRAP_TOKEN_INVALID",
-    "AUTH_PASSWORD_MISSING",
-    "AUTH_PASSWORD_MISMATCH",
-    "AUTH_RATE_LIMITED",
-    "CONTROL_UI_DEVICE_IDENTITY_REQUIRED",
-    "DEVICE_IDENTITY_REQUIRED",
-    -> true
-    "PAIRING_REQUIRED" ->
-      !(
-        hasBootstrapToken &&
-          role?.trim() == "node" &&
-          scopes.isEmpty() &&
-          error.details.reason == "not-paired" &&
-          (error.details.pauseReconnect == false ||
-            error.details.recommendedNextStep == "wait_then_retry")
-      )
-    "AUTH_TOKEN_MISMATCH" -> deviceTokenRetryBudgetUsed && !pendingDeviceTokenRetry
-    else -> false
-  }
-
 internal fun buildGatewayWebSocketUrl(
   host: String,
   port: Int,

apps/android/app/src/test/java/ai/openclaw/app/GatewayBootstrapAuthTest.kt

@@ -29,14 +29,14 @@ import java.util.UUID
 @Config(sdk = [34])
 class GatewayBootstrapAuthTest {
   @Test
-  fun doesNotConnectOperatorSessionWhenOnlyBootstrapAuthExists() {
-    assertFalse(
+  fun connectsOperatorSessionWhenOnlyBootstrapAuthExists() {
+    assertTrue(
       shouldConnectOperatorSession(
         NodeRuntime.GatewayConnectAuth(token = "", bootstrapToken = "bootstrap-1", password = ""),
         storedOperatorToken = "",
       ),
     )
-    assertFalse(
+    assertTrue(
       shouldConnectOperatorSession(
         NodeRuntime.GatewayConnectAuth(token = null, bootstrapToken = "bootstrap-1", password = null),
         storedOperatorToken = null,
@@ -84,14 +84,17 @@ class GatewayBootstrapAuthTest {
   }
 
   @Test
-  fun resolveOperatorSessionConnectAuthIgnoresBootstrapWhenNoStoredOperatorTokenExists() {
+  fun resolveOperatorSessionConnectAuthUsesBootstrapWhenNoStoredOperatorTokenExists() {
     val resolved =
       resolveOperatorSessionConnectAuth(
         auth = NodeRuntime.GatewayConnectAuth(token = null, bootstrapToken = "bootstrap-1", password = null),
         storedOperatorToken = null,
       )
 
-    assertNull(resolved)
+    assertEquals(
+      NodeRuntime.GatewayConnectAuth(token = null, bootstrapToken = "bootstrap-1", password = null),
+      resolved,
+    )
   }
 
   @Test
@@ -171,7 +174,7 @@ class GatewayBootstrapAuthTest {
 
       assertEquals("fp-1", prefs.loadGatewayTlsFingerprint(endpoint.stableId))
       assertEquals("setup-bootstrap-token", desiredBootstrapToken(runtime, "nodeSession"))
-      assertNull(desiredBootstrapToken(runtime, "operatorSession"))
+      assertEquals("setup-bootstrap-token", desiredBootstrapToken(runtime, "operatorSession"))
     }
 
   @Test

apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionReconnectTest.kt

@@ -1,116 +0,0 @@
-package ai.openclaw.app.gateway
-
-import org.junit.Assert.assertFalse
-import org.junit.Assert.assertTrue
-import org.junit.Test
-
-class GatewaySessionReconnectTest {
-  @Test
-  fun bootstrapNodePairingRequiredKeepsReconnectActive() {
-    val error =
-      GatewaySession.ErrorShape(
-        code = "NOT_PAIRED",
-        message = "pairing required",
-        details =
-          GatewayConnectErrorDetails(
-            code = "PAIRING_REQUIRED",
-            canRetryWithDeviceToken = false,
-            recommendedNextStep = "wait_then_retry",
-            pauseReconnect = false,
-            reason = "not-paired",
-          ),
-      )
-
-    assertFalse(
-      shouldPauseGatewayReconnectAfterAuthFailure(
-        error = error,
-        hasBootstrapToken = true,
-        role = "node",
-        scopes = emptyList(),
-        deviceTokenRetryBudgetUsed = false,
-        pendingDeviceTokenRetry = false,
-      ),
-    )
-  }
-
-  @Test
-  fun bootstrapNodePairingRequiredWithoutRetryHintPausesReconnect() {
-    val error =
-      GatewaySession.ErrorShape(
-        code = "NOT_PAIRED",
-        message = "pairing required",
-        details =
-          GatewayConnectErrorDetails(
-            code = "PAIRING_REQUIRED",
-            canRetryWithDeviceToken = false,
-            recommendedNextStep = null,
-            reason = "not-paired",
-          ),
-      )
-
-    assertTrue(
-      shouldPauseGatewayReconnectAfterAuthFailure(
-        error = error,
-        hasBootstrapToken = true,
-        role = "node",
-        scopes = emptyList(),
-        deviceTokenRetryBudgetUsed = false,
-        pendingDeviceTokenRetry = false,
-      ),
-    )
-  }
-
-  @Test
-  fun nonBootstrapPairingRequiredStillPausesReconnect() {
-    val error =
-      GatewaySession.ErrorShape(
-        code = "NOT_PAIRED",
-        message = "pairing required",
-        details =
-          GatewayConnectErrorDetails(
-            code = "PAIRING_REQUIRED",
-            canRetryWithDeviceToken = false,
-            recommendedNextStep = "wait_then_retry",
-            reason = "not-paired",
-          ),
-      )
-
-    assertTrue(
-      shouldPauseGatewayReconnectAfterAuthFailure(
-        error = error,
-        hasBootstrapToken = false,
-        role = "node",
-        scopes = emptyList(),
-        deviceTokenRetryBudgetUsed = false,
-        pendingDeviceTokenRetry = false,
-      ),
-    )
-  }
-
-  @Test
-  fun bootstrapRoleUpgradeStillPausesReconnect() {
-    val error =
-      GatewaySession.ErrorShape(
-        code = "NOT_PAIRED",
-        message = "pairing required",
-        details =
-          GatewayConnectErrorDetails(
-            code = "PAIRING_REQUIRED",
-            canRetryWithDeviceToken = false,
-            recommendedNextStep = null,
-            reason = "role-upgrade",
-          ),
-      )
-
-    assertTrue(
-      shouldPauseGatewayReconnectAfterAuthFailure(
-        error = error,
-        hasBootstrapToken = true,
-        role = "node",
-        scopes = emptyList(),
-        deviceTokenRetryBudgetUsed = false,
-        pendingDeviceTokenRetry = false,
-      ),
-    )
-  }
-}

apps/ios/Sources/Calendar/CalendarService.swift

@@ -4,19 +4,15 @@ import OpenClawKit
 
 final class CalendarService: CalendarServicing {
     func events(params: OpenClawCalendarEventsParams) async throws -> OpenClawCalendarEventsPayload {
+        let store = EKEventStore()
         let status = EKEventStore.authorizationStatus(for: .event)
-        let authorized: Bool = if status == .notDetermined || status == .writeOnly {
-            await Self.requestFullEventAccess()
-        } else {
-            EventKitAuthorization.allowsRead(status: status)
-        }
+        let authorized = EventKitAuthorization.allowsRead(status: status)
         guard authorized else {
             throw NSError(domain: "Calendar", code: 1, userInfo: [
                 NSLocalizedDescriptionKey: "CALENDAR_PERMISSION_REQUIRED: grant Calendar permission",
             ])
         }
 
-        let store = EKEventStore()
         let (start, end) = Self.resolveRange(
             startISO: params.startISO,
             endISO: params.endISO)
@@ -41,19 +37,15 @@ final class CalendarService: CalendarServicing {
     }
 
     func add(params: OpenClawCalendarAddParams) async throws -> OpenClawCalendarAddPayload {
+        let store = EKEventStore()
         let status = EKEventStore.authorizationStatus(for: .event)
-        let authorized: Bool = if status == .notDetermined {
-            await Self.requestWriteOnlyEventAccess()
-        } else {
-            EventKitAuthorization.allowsWrite(status: status)
-        }
+        let authorized = EventKitAuthorization.allowsWrite(status: status)
         guard authorized else {
             throw NSError(domain: "Calendar", code: 2, userInfo: [
                 NSLocalizedDescriptionKey: "CALENDAR_PERMISSION_REQUIRED: grant Calendar permission",
             ])
         }
 
-        let store = EKEventStore()
         let title = params.title.trimmingCharacters(in: .whitespacesAndNewlines)
         guard !title.isEmpty else {
             throw NSError(domain: "Calendar", code: 3, userInfo: [
@@ -103,24 +95,6 @@ final class CalendarService: CalendarServicing {
         return OpenClawCalendarAddPayload(event: payload)
     }
 
-    private static func requestFullEventAccess() async -> Bool {
-        await PermissionRequestBridge.awaitRequest { completion in
-            let store = EKEventStore()
-            store.requestFullAccessToEvents { granted, _ in
-                completion(granted)
-            }
-        }
-    }
-
-    private static func requestWriteOnlyEventAccess() async -> Bool {
-        await PermissionRequestBridge.awaitRequest { completion in
-            let store = EKEventStore()
-            store.requestWriteOnlyAccessToEvents { granted, _ in
-                completion(granted)
-            }
-        }
-    }
-
     private static func resolveCalendar(
         store: EKEventStore,
         calendarId: String?,

apps/ios/Sources/Contacts/ContactsService.swift

@@ -97,17 +97,14 @@ final class ContactsService: ContactsServicing {
         return OpenClawContactsAddPayload(contact: Self.payload(from: persisted))
     }
 
-    private static func ensureAuthorization(status: CNAuthorizationStatus) async -> Bool {
+    private static func ensureAuthorization(store: CNContactStore, status: CNAuthorizationStatus) async -> Bool {
         switch status {
         case .authorized, .limited:
             return true
         case .notDetermined:
-            return await PermissionRequestBridge.awaitRequest { completion in
-                let store = CNContactStore()
-                store.requestAccess(for: .contacts) { granted, _ in
-                    completion(granted)
-                }
-            }
+            // Don’t prompt during node.invoke; the caller should instruct the user to grant permission.
+            // Prompts block the invoke and lead to timeouts in headless flows.
+            return false
         case .restricted, .denied:
             return false
         @unknown default:
@@ -116,14 +113,15 @@ final class ContactsService: ContactsServicing {
     }
 
     private static func authorizedStore() async throws -> CNContactStore {
+        let store = CNContactStore()
         let status = CNContactStore.authorizationStatus(for: .contacts)
-        let authorized = await Self.ensureAuthorization(status: status)
+        let authorized = await Self.ensureAuthorization(store: store, status: status)
         guard authorized else {
             throw NSError(domain: "Contacts", code: 1, userInfo: [
                 NSLocalizedDescriptionKey: "CONTACTS_PERMISSION_REQUIRED: grant Contacts permission",
             ])
         }
-        return CNContactStore()
+        return store
     }
 
     private static func normalizeStrings(_ values: [String]?, lowercased: Bool = false) -> [String] {

apps/ios/Sources/Info.plist

@@ -52,14 +52,6 @@
 	</array>
 	<key>NSCameraUsageDescription</key>
 	<string>OpenClaw can capture photos or short video clips when requested via the gateway.</string>
-	<key>NSCalendarsUsageDescription</key>
-	<string>OpenClaw uses your calendars to show events and scheduling context when you enable calendar access.</string>
-	<key>NSCalendarsFullAccessUsageDescription</key>
-	<string>OpenClaw uses your calendars to show events and scheduling context when you enable calendar access.</string>
-	<key>NSCalendarsWriteOnlyAccessUsageDescription</key>
-	<string>OpenClaw uses your calendars to add events when you enable calendar access.</string>
-	<key>NSContactsUsageDescription</key>
-	<string>OpenClaw uses your contacts so you can search and reference people while using the assistant.</string>
 	<key>NSLocalNetworkUsageDescription</key>
 	<string>OpenClaw discovers and connects to your OpenClaw gateway on the local network.</string>
 	<key>NSLocationAlwaysAndWhenInUseUsageDescription</key>
@@ -72,8 +64,6 @@
 	<string>OpenClaw may use motion data to support device-aware interactions and automations.</string>
 	<key>NSPhotoLibraryUsageDescription</key>
 	<string>OpenClaw needs photo library access when you choose existing photos to share with your assistant.</string>
-	<key>NSRemindersFullAccessUsageDescription</key>
-	<string>OpenClaw uses your reminders to list, add, and complete tasks when you enable reminders access.</string>
 	<key>NSSpeechRecognitionUsageDescription</key>
 	<string>OpenClaw uses on-device speech recognition for voice wake.</string>
 	<key>NSSupportsLiveActivities</key>

apps/ios/Sources/Onboarding/GatewayOnboardingView.swift

@@ -1,5 +1,4 @@
 import Foundation
-import OpenClawKit
 import SwiftUI
 
 struct GatewayOnboardingView: View {

apps/ios/Sources/Permissions/PermissionRequestBridge.swift

@@ -1,64 +0,0 @@
-import Foundation
-
-enum PermissionRequestBridge {
-    final class Box: @unchecked Sendable {
-        private let lock = NSLock()
-        private var continuation: CheckedContinuation<Bool, Never>?
-        private var hasResumed = false
-
-        func install(_ continuation: CheckedContinuation<Bool, Never>) -> Bool {
-            self.lock.lock()
-            if self.hasResumed {
-                self.lock.unlock()
-                continuation.resume(returning: false)
-                return false
-            }
-            self.continuation = continuation
-            self.lock.unlock()
-            return true
-        }
-
-        func resume(_ value: Bool) {
-            self.lock.lock()
-            guard !self.hasResumed else {
-                self.lock.unlock()
-                return
-            }
-            self.hasResumed = true
-            let continuation = self.continuation
-            self.continuation = nil
-            self.lock.unlock()
-            continuation?.resume(returning: value)
-        }
-
-        func canStartRequest() -> Bool {
-            self.lock.lock()
-            let canStart = !self.hasResumed
-            self.lock.unlock()
-            return canStart
-        }
-    }
-
-    static func awaitRequest(
-        _ start: @escaping @Sendable (@escaping @Sendable (Bool) -> Void) -> Void) async -> Bool
-    {
-        let box = Box()
-        return await withTaskCancellationHandler {
-            await withCheckedContinuation(isolation: nil) { continuation in
-                guard !Task.isCancelled else {
-                    continuation.resume(returning: false)
-                    return
-                }
-                guard box.install(continuation) else { return }
-                Task { @MainActor in
-                    guard box.canStartRequest() else { return }
-                    start { granted in
-                        box.resume(granted)
-                    }
-                }
-            }
-        } onCancel: {
-            box.resume(false)
-        }
-    }
-}

apps/ios/Sources/Reminders/RemindersService.swift

@@ -4,19 +4,15 @@ import OpenClawKit
 
 final class RemindersService: RemindersServicing {
     func list(params: OpenClawRemindersListParams) async throws -> OpenClawRemindersListPayload {
+        let store = EKEventStore()
         let status = EKEventStore.authorizationStatus(for: .reminder)
-        let authorized: Bool = if status == .notDetermined || status == .writeOnly {
-            await Self.requestFullReminderAccess()
-        } else {
-            EventKitAuthorization.allowsRead(status: status)
-        }
+        let authorized = EventKitAuthorization.allowsRead(status: status)
         guard authorized else {
             throw NSError(domain: "Reminders", code: 1, userInfo: [
                 NSLocalizedDescriptionKey: "REMINDERS_PERMISSION_REQUIRED: grant Reminders permission",
             ])
         }
 
-        let store = EKEventStore()
         let limit = max(1, min(params.limit ?? 50, 500))
         let statusFilter = params.status ?? .incomplete
 
@@ -52,19 +48,15 @@ final class RemindersService: RemindersServicing {
     }
 
     func add(params: OpenClawRemindersAddParams) async throws -> OpenClawRemindersAddPayload {
+        let store = EKEventStore()
         let status = EKEventStore.authorizationStatus(for: .reminder)
-        let authorized: Bool = if status == .notDetermined {
-            await Self.requestFullReminderAccess()
-        } else {
-            EventKitAuthorization.allowsWrite(status: status)
-        }
+        let authorized = EventKitAuthorization.allowsWrite(status: status)
         guard authorized else {
             throw NSError(domain: "Reminders", code: 2, userInfo: [
                 NSLocalizedDescriptionKey: "REMINDERS_PERMISSION_REQUIRED: grant Reminders permission",
             ])
         }
 
-        let store = EKEventStore()
         let title = params.title.trimmingCharacters(in: .whitespacesAndNewlines)
         guard !title.isEmpty else {
             throw NSError(domain: "Reminders", code: 3, userInfo: [
@@ -108,15 +100,6 @@ final class RemindersService: RemindersServicing {
         return OpenClawRemindersAddPayload(reminder: payload)
     }
 
-    private static func requestFullReminderAccess() async -> Bool {
-        await PermissionRequestBridge.awaitRequest { completion in
-            let store = EKEventStore()
-            store.requestFullAccessToReminders { granted, _ in
-                completion(granted)
-            }
-        }
-    }
-
     private static func resolveList(
         store: EKEventStore,
         listId: String?,

apps/ios/Sources/Settings/PrivacyAccessSectionView.swift

@@ -1,298 +0,0 @@
-import Contacts
-import EventKit
-import SwiftUI
-import UIKit
-
-struct PrivacyAccessSectionView: View {
-    @State private var contactsStatus: CNAuthorizationStatus = CNContactStore.authorizationStatus(for: .contacts)
-    @State private var calendarStatus: EKAuthorizationStatus = EKEventStore.authorizationStatus(for: .event)
-    @State private var remindersStatus: EKAuthorizationStatus = EKEventStore.authorizationStatus(for: .reminder)
-
-    @Environment(\.scenePhase) private var scenePhase
-
-    var body: some View {
-        DisclosureGroup("Privacy & Access") {
-            self.permissionRow(
-                title: "Contacts",
-                icon: "person.crop.circle",
-                status: self.statusText(for: self.contactsStatus),
-                detail: "Search and add contacts from the assistant.",
-                actionTitle: self.actionTitle(for: self.contactsStatus),
-                action: self.handleContactsAction)
-
-            self.permissionRow(
-                title: "Calendar (Add Events)",
-                icon: "calendar.badge.plus",
-                status: self.calendarWriteStatusText,
-                detail: "Add events with least privilege.",
-                actionTitle: self.calendarWriteActionTitle,
-                action: self.handleCalendarWriteAction)
-
-            self.permissionRow(
-                title: "Calendar (View Events)",
-                icon: "calendar",
-                status: self.calendarReadStatusText,
-                detail: "List and read calendar events.",
-                actionTitle: self.calendarReadActionTitle,
-                action: self.handleCalendarReadAction)
-
-            self.permissionRow(
-                title: "Reminders",
-                icon: "checklist",
-                status: self.remindersStatusText,
-                detail: "List, add, and complete reminders.",
-                actionTitle: self.remindersActionTitle,
-                action: self.handleRemindersAction)
-        }
-        .onAppear { self.refreshAll() }
-        .onChange(of: self.scenePhase) { _, phase in
-            if phase == .active {
-                self.refreshAll()
-            }
-        }
-    }
-
-    private func permissionRow(
-        title: String,
-        icon: String,
-        status: String,
-        detail: String,
-        actionTitle: String?,
-        action: (() -> Void)?) -> some View
-    {
-        VStack(alignment: .leading, spacing: 6) {
-            HStack {
-                Label(title, systemImage: icon)
-                Spacer()
-                Text(status)
-                    .font(.footnote.weight(.medium))
-                    .foregroundStyle(self.statusColor(for: status))
-            }
-            Text(detail)
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-            if let actionTitle, let action {
-                Button(actionTitle, action: action)
-                    .font(.footnote)
-                    .buttonStyle(.bordered)
-            }
-        }
-        .padding(.vertical, 2)
-    }
-
-    private func statusColor(for status: String) -> Color {
-        switch status {
-        case "Allowed":
-            .green
-        case "Not Set":
-            .orange
-        case "Add-Only":
-            .yellow
-        default:
-            .red
-        }
-    }
-
-    private func statusText(for cnStatus: CNAuthorizationStatus) -> String {
-        switch cnStatus {
-        case .authorized, .limited:
-            "Allowed"
-        case .notDetermined:
-            "Not Set"
-        case .denied, .restricted:
-            "Not Allowed"
-        @unknown default:
-            "Unknown"
-        }
-    }
-
-    private func actionTitle(for cnStatus: CNAuthorizationStatus) -> String? {
-        switch cnStatus {
-        case .notDetermined:
-            "Request Access"
-        case .denied, .restricted:
-            "Open Settings"
-        default:
-            nil
-        }
-    }
-
-    private func handleContactsAction() {
-        switch self.contactsStatus {
-        case .notDetermined:
-            Task {
-                _ = await PermissionRequestBridge.awaitRequest { completion in
-                    let store = CNContactStore()
-                    store.requestAccess(for: .contacts) { granted, _ in
-                        completion(granted)
-                    }
-                }
-                await MainActor.run { self.refreshAll() }
-            }
-        case .denied, .restricted:
-            self.openSettings()
-        default:
-            break
-        }
-    }
-
-    private var calendarWriteStatusText: String {
-        switch self.calendarStatus {
-        case .authorized, .fullAccess, .writeOnly:
-            "Allowed"
-        case .notDetermined:
-            "Not Set"
-        case .denied, .restricted:
-            "Not Allowed"
-        @unknown default:
-            "Unknown"
-        }
-    }
-
-    private var calendarWriteActionTitle: String? {
-        switch self.calendarStatus {
-        case .notDetermined:
-            "Request Access"
-        case .denied, .restricted:
-            "Open Settings"
-        default:
-            nil
-        }
-    }
-
-    private func handleCalendarWriteAction() {
-        switch self.calendarStatus {
-        case .notDetermined:
-            Task {
-                _ = await self.requestCalendarWriteOnly()
-                await MainActor.run { self.refreshAll() }
-            }
-        case .denied, .restricted:
-            self.openSettings()
-        default:
-            break
-        }
-    }
-
-    private var calendarReadStatusText: String {
-        switch self.calendarStatus {
-        case .authorized, .fullAccess:
-            "Allowed"
-        case .writeOnly:
-            "Add-Only"
-        case .notDetermined:
-            "Not Set"
-        case .denied, .restricted:
-            "Not Allowed"
-        @unknown default:
-            "Unknown"
-        }
-    }
-
-    private var calendarReadActionTitle: String? {
-        switch self.calendarStatus {
-        case .notDetermined:
-            "Request Full Access"
-        case .writeOnly:
-            "Upgrade to Full Access"
-        case .denied, .restricted:
-            "Open Settings"
-        default:
-            nil
-        }
-    }
-
-    private func handleCalendarReadAction() {
-        switch self.calendarStatus {
-        case .notDetermined, .writeOnly:
-            Task {
-                _ = await self.requestCalendarFull()
-                await MainActor.run { self.refreshAll() }
-            }
-        case .denied, .restricted:
-            self.openSettings()
-        default:
-            break
-        }
-    }
-
-    private var remindersStatusText: String {
-        switch self.remindersStatus {
-        case .authorized, .fullAccess:
-            "Allowed"
-        case .writeOnly:
-            "Add-Only"
-        case .notDetermined:
-            "Not Set"
-        case .denied, .restricted:
-            "Not Allowed"
-        @unknown default:
-            "Unknown"
-        }
-    }
-
-    private var remindersActionTitle: String? {
-        switch self.remindersStatus {
-        case .notDetermined:
-            "Request Access"
-        case .writeOnly:
-            "Upgrade to Full Access"
-        case .denied, .restricted:
-            "Open Settings"
-        default:
-            nil
-        }
-    }
-
-    private func handleRemindersAction() {
-        switch self.remindersStatus {
-        case .notDetermined, .writeOnly:
-            Task {
-                _ = await self.requestRemindersFull()
-                await MainActor.run { self.refreshAll() }
-            }
-        case .denied, .restricted:
-            self.openSettings()
-        default:
-            break
-        }
-    }
-
-    private func refreshAll() {
-        self.contactsStatus = CNContactStore.authorizationStatus(for: .contacts)
-        self.calendarStatus = EKEventStore.authorizationStatus(for: .event)
-        self.remindersStatus = EKEventStore.authorizationStatus(for: .reminder)
-    }
-
-    private func requestCalendarWriteOnly() async -> Bool {
-        await PermissionRequestBridge.awaitRequest { completion in
-            let store = EKEventStore()
-            store.requestWriteOnlyAccessToEvents { granted, _ in
-                completion(granted)
-            }
-        }
-    }
-
-    private func requestCalendarFull() async -> Bool {
-        await PermissionRequestBridge.awaitRequest { completion in
-            let store = EKEventStore()
-            store.requestFullAccessToEvents { granted, _ in
-                completion(granted)
-            }
-        }
-    }
-
-    private func requestRemindersFull() async -> Bool {
-        await PermissionRequestBridge.awaitRequest { completion in
-            let store = EKEventStore()
-            store.requestFullAccessToReminders { granted, _ in
-                completion(granted)
-            }
-        }
-    }
-
-    private func openSettings() {
-        guard let url = URL(string: UIApplication.openSettingsURLString) else { return }
-        UIApplication.shared.open(url)
-    }
-}

apps/ios/Sources/Settings/SettingsTab.swift

@@ -405,8 +405,6 @@ struct SettingsTab: View {
                         }
                     }
 
-                    AnyView(PrivacyAccessSectionView())
-
                     DisclosureGroup("Device Info") {
                         TextField("Name", text: self.$displayName)
                         Text(self.instanceId)
@@ -421,7 +419,16 @@ struct SettingsTab: View {
                 }
             }
             .navigationTitle("Settings")
-            .modifier(SettingsCloseToolbar())
+            .toolbar {
+                ToolbarItem(placement: .topBarTrailing) {
+                    Button {
+                        self.dismiss()
+                    } label: {
+                        Image(systemName: "xmark")
+                    }
+                    .accessibilityLabel("Close")
+                }
+            }
             .sheet(isPresented: self.$showGatewayProblemDetails) {
                 if let gatewayProblem = self.appModel.lastGatewayProblem {
                     GatewayProblemDetailsSheet(
@@ -481,91 +488,90 @@ struct SettingsTab: View {
                 Text(self.scannerError ?? "")
             }
             .onAppear {
-                    self.lastLocationModeRaw = self.locationEnabledModeRaw
-                    self.syncManualPortText()
-                    let trimmedInstanceId = self.instanceId.trimmingCharacters(in: .whitespacesAndNewlines)
-                    if !trimmedInstanceId.isEmpty {
-                        self.gatewayToken = GatewaySettingsStore.loadGatewayToken(instanceId: trimmedInstanceId) ?? ""
-                        self.gatewayPassword = GatewaySettingsStore
-                            .loadGatewayPassword(instanceId: trimmedInstanceId) ?? ""
-                    }
-                    self.defaultShareInstruction = ShareToAgentSettings.loadDefaultInstruction()
-                    self.appModel.refreshLastShareEventFromRelay()
-                    // Keep setup front-and-center when disconnected; keep things compact once connected.
-                    self.gatewayExpanded = !self.isGatewayConnected
-                    self.selectedAgentPickerId = self.appModel.selectedAgentId ?? ""
-                    if self.isGatewayConnected {
-                        self.appModel.reloadTalkConfig()
-                    }
+                self.lastLocationModeRaw = self.locationEnabledModeRaw
+                self.syncManualPortText()
+                let trimmedInstanceId = self.instanceId.trimmingCharacters(in: .whitespacesAndNewlines)
+                if !trimmedInstanceId.isEmpty {
+                    self.gatewayToken = GatewaySettingsStore.loadGatewayToken(instanceId: trimmedInstanceId) ?? ""
+                    self.gatewayPassword = GatewaySettingsStore.loadGatewayPassword(instanceId: trimmedInstanceId) ?? ""
                 }
-                .onChange(of: self.selectedAgentPickerId) { _, newValue in
-                    let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
-                    self.appModel.setSelectedAgentId(trimmed.isEmpty ? nil : trimmed)
+                self.defaultShareInstruction = ShareToAgentSettings.loadDefaultInstruction()
+                self.appModel.refreshLastShareEventFromRelay()
+                // Keep setup front-and-center when disconnected; keep things compact once connected.
+                self.gatewayExpanded = !self.isGatewayConnected
+                self.selectedAgentPickerId = self.appModel.selectedAgentId ?? ""
+                if self.isGatewayConnected {
+                    self.appModel.reloadTalkConfig()
                 }
-                .onChange(of: self.appModel.selectedAgentId ?? "") { _, newValue in
-                    if newValue != self.selectedAgentPickerId {
-                        self.selectedAgentPickerId = newValue
-                    }
+            }
+            .onChange(of: self.selectedAgentPickerId) { _, newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                self.appModel.setSelectedAgentId(trimmed.isEmpty ? nil : trimmed)
+            }
+            .onChange(of: self.appModel.selectedAgentId ?? "") { _, newValue in
+                if newValue != self.selectedAgentPickerId {
+                    self.selectedAgentPickerId = newValue
                 }
-                .onChange(of: self.preferredGatewayStableID) { _, newValue in
-                    let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
-                    guard !trimmed.isEmpty else { return }
-                    GatewaySettingsStore.savePreferredGatewayStableID(trimmed)
+            }
+            .onChange(of: self.preferredGatewayStableID) { _, newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                guard !trimmed.isEmpty else { return }
+                GatewaySettingsStore.savePreferredGatewayStableID(trimmed)
+            }
+            .onChange(of: self.gatewayToken) { _, newValue in
+                guard !self.suppressCredentialPersist else { return }
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                let instanceId = self.instanceId.trimmingCharacters(in: .whitespacesAndNewlines)
+                guard !instanceId.isEmpty else { return }
+                GatewaySettingsStore.saveGatewayToken(trimmed, instanceId: instanceId)
+            }
+            .onChange(of: self.gatewayPassword) { _, newValue in
+                guard !self.suppressCredentialPersist else { return }
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                let instanceId = self.instanceId.trimmingCharacters(in: .whitespacesAndNewlines)
+                guard !instanceId.isEmpty else { return }
+                GatewaySettingsStore.saveGatewayPassword(trimmed, instanceId: instanceId)
+            }
+            .onChange(of: self.defaultShareInstruction) { _, newValue in
+                ShareToAgentSettings.saveDefaultInstruction(newValue)
+            }
+            .onChange(of: self.manualGatewayPort) { _, _ in
+                self.syncManualPortText()
+            }
+            .onChange(of: self.appModel.gatewayServerName) { _, newValue in
+                if newValue != nil {
+                    self.setupCode = ""
+                    self.setupStatusText = nil
+                    return
                 }
-                .onChange(of: self.gatewayToken) { _, newValue in
-                    guard !self.suppressCredentialPersist else { return }
-                    let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
-                    let instanceId = self.instanceId.trimmingCharacters(in: .whitespacesAndNewlines)
-                    guard !instanceId.isEmpty else { return }
-                    GatewaySettingsStore.saveGatewayToken(trimmed, instanceId: instanceId)
+                if self.manualGatewayEnabled {
+                    self.setupStatusText = self.appModel.gatewayStatusText
                 }
-                .onChange(of: self.gatewayPassword) { _, newValue in
-                    guard !self.suppressCredentialPersist else { return }
-                    let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
-                    let instanceId = self.instanceId.trimmingCharacters(in: .whitespacesAndNewlines)
-                    guard !instanceId.isEmpty else { return }
-                    GatewaySettingsStore.saveGatewayPassword(trimmed, instanceId: instanceId)
-                }
-                .onChange(of: self.defaultShareInstruction) { _, newValue in
-                    ShareToAgentSettings.saveDefaultInstruction(newValue)
-                }
-                .onChange(of: self.manualGatewayPort) { _, _ in
-                    self.syncManualPortText()
-                }
-                .onChange(of: self.appModel.gatewayServerName) { _, newValue in
-                    if newValue != nil {
-                        self.setupCode = ""
-                        self.setupStatusText = nil
+            }
+            .onChange(of: self.appModel.gatewayStatusText) { _, newValue in
+                guard self.manualGatewayEnabled || self.connectingGatewayID == "manual" else { return }
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                guard !trimmed.isEmpty else { return }
+                self.setupStatusText = trimmed
+            }
+            .onChange(of: self.locationEnabledModeRaw) { _, newValue in
+                let previous = self.lastLocationModeRaw
+                self.lastLocationModeRaw = newValue
+                guard let mode = OpenClawLocationMode(rawValue: newValue) else { return }
+                Task {
+                    let granted = await self.appModel.requestLocationPermissions(mode: mode)
+                    if !granted {
+                        await MainActor.run {
+                            self.locationEnabledModeRaw = previous
+                            self.lastLocationModeRaw = previous
+                        }
                         return
                     }
-                    if self.manualGatewayEnabled {
-                        self.setupStatusText = self.appModel.gatewayStatusText
-                    }
-                }
-                .onChange(of: self.appModel.gatewayStatusText) { _, newValue in
-                    guard self.manualGatewayEnabled || self.connectingGatewayID == "manual" else { return }
-                    let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
-                    guard !trimmed.isEmpty else { return }
-                    self.setupStatusText = trimmed
-                }
-                .onChange(of: self.locationEnabledModeRaw) { _, newValue in
-                    let previous = self.lastLocationModeRaw
-                    self.lastLocationModeRaw = newValue
-                    guard let mode = OpenClawLocationMode(rawValue: newValue) else { return }
-                    Task {
-                        let granted = await self.appModel.requestLocationPermissions(mode: mode)
-                        if !granted {
-                            await MainActor.run {
-                                self.locationEnabledModeRaw = previous
-                                self.lastLocationModeRaw = previous
-                            }
-                            return
-                        }
-                        await MainActor.run {
-                            self.gatewayController.refreshActiveGatewayRegistrationFromSettings()
-                        }
+                    await MainActor.run {
+                        self.gatewayController.refreshActiveGatewayRegistrationFromSettings()
                     }
                 }
+            }
         }
         .gatewayTrustPromptAlert()
     }
@@ -1132,21 +1138,4 @@ struct SettingsTab: View {
     }
 }
 
-private struct SettingsCloseToolbar: ViewModifier {
-    @Environment(\.dismiss) private var dismiss
-
-    func body(content: Content) -> some View {
-        content.toolbar {
-            ToolbarItem(placement: .topBarTrailing) {
-                Button {
-                    self.dismiss()
-                } label: {
-                    Image(systemName: "xmark")
-                }
-                .accessibilityLabel("Close")
-            }
-        }
-    }
-}
-
 // swiftlint:enable type_body_length

apps/ios/SwiftSources.input.xcfilelist

@@ -40,7 +40,6 @@ Sources/Onboarding/OnboardingStateStore.swift
 Sources/Onboarding/OnboardingWizardView.swift
 Sources/Onboarding/QRScannerView.swift
 Sources/OpenClawApp.swift
-Sources/Permissions/PermissionRequestBridge.swift
 Sources/Push/ExecApprovalNotificationBridge.swift
 Sources/Push/BackgroundAliveBeacon.swift
 Sources/Push/PushBuildConfig.swift
@@ -61,7 +60,6 @@ Sources/Services/WatchConnectivityTransport.swift
 Sources/Services/WatchMessagingPayloadCodec.swift
 Sources/Services/WatchMessagingService.swift
 Sources/SessionKey.swift
-Sources/Settings/PrivacyAccessSectionView.swift
 Sources/Settings/SettingsNetworkingHelpers.swift
 Sources/Settings/SettingsTab.swift
 Sources/Settings/VoiceWakeWordsSettingsView.swift

apps/ios/Tests/PermissionRequestBridgeTests.swift

@@ -1,26 +0,0 @@
-import Testing
-@testable import OpenClaw
-
-@Suite(.serialized) struct PermissionRequestBridgeTests {
-    @Test func `box resumes immediately when cancelled before install`() async {
-        let box = PermissionRequestBridge.Box()
-        box.resume(false)
-        let granted: Bool = await withCheckedContinuation { continuation in
-            _ = box.install(continuation)
-        }
-        #expect(granted == false)
-        #expect(box.canStartRequest() == false)
-    }
-
-    @Test func `box resumes installed continuation once`() async {
-        let box = PermissionRequestBridge.Box()
-
-        let granted: Bool = await withCheckedContinuation { continuation in
-            _ = box.install(continuation)
-            box.resume(true)
-            box.resume(false)
-        }
-
-        #expect(granted == true)
-    }
-}

apps/ios/project.yml

@@ -136,16 +136,11 @@ targets:
         NSBonjourServices:
           - _openclaw-gw._tcp
         NSCameraUsageDescription: OpenClaw can capture photos or short video clips when requested via the gateway.
-        NSCalendarsUsageDescription: OpenClaw uses your calendars to show events and scheduling context when you enable calendar access.
-        NSCalendarsFullAccessUsageDescription: OpenClaw uses your calendars to show events and scheduling context when you enable calendar access.
-        NSCalendarsWriteOnlyAccessUsageDescription: OpenClaw uses your calendars to add events when you enable calendar access.
-        NSContactsUsageDescription: OpenClaw uses your contacts so you can search and reference people while using the assistant.
         NSLocationWhenInUseUsageDescription: OpenClaw uses your location when you allow location sharing.
         NSLocationAlwaysAndWhenInUseUsageDescription: OpenClaw can share your location in the background when you enable Always.
         NSMicrophoneUsageDescription: OpenClaw needs microphone access for voice wake.
         NSMotionUsageDescription: OpenClaw may use motion data to support device-aware interactions and automations.
         NSPhotoLibraryUsageDescription: OpenClaw needs photo library access when you choose existing photos to share with your assistant.
-        NSRemindersFullAccessUsageDescription: OpenClaw uses your reminders to list, add, and complete tasks when you enable reminders access.
         NSSpeechRecognitionUsageDescription: OpenClaw uses on-device speech recognition for voice wake.
         NSSupportsLiveActivities: true
         ITSAppUsesNonExemptEncryption: false

apps/macos/Sources/OpenClaw/GatewayRemoteConfig.swift

@@ -69,17 +69,6 @@ enum GatewayRemoteConfig {
         }
     }
 
-    static func resolveTLSFingerprint(root: [String: Any]) -> String? {
-        guard let gateway = root["gateway"] as? [String: Any],
-              let remote = gateway["remote"] as? [String: Any],
-              let raw = remote["tlsFingerprint"] as? String
-        else {
-            return nil
-        }
-        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
-        return trimmed.isEmpty ? nil : trimmed
-    }
-
     static func resolveGatewayUrl(root: [String: Any]) -> URL? {
         guard let raw = self.resolveUrlString(root: root) else { return nil }
         return self.normalizeGatewayUrl(raw)

apps/macos/Sources/OpenClaw/NodeMode/MacNodeModeCoordinator.swift

@@ -83,9 +83,7 @@ final class MacNodeModeCoordinator {
                     clientId: "openclaw-macos",
                     clientMode: "node",
                     clientDisplayName: InstanceIdentity.displayName)
-                let sessionBox = self.buildSessionBox(
-                    url: config.url,
-                    connectionMode: AppStateStore.shared.connectionMode)
+                let sessionBox = self.buildSessionBox(url: config.url)
 
                 try await self.session.connect(
                     url: config.url,
@@ -245,35 +243,15 @@ final class MacNodeModeCoordinator {
         return true
     }
 
-    nonisolated static func tlsParams(
-        for url: URL,
-        connectionMode: AppState.ConnectionMode,
-        root: [String: Any],
-        storedFingerprint: String?) -> GatewayTLSParams?
-    {
-        guard url.scheme?.lowercased() == "wss" else { return nil }
-        let stableID = Self.tlsPinStoreKey(for: url)
-        let configuredFingerprint = connectionMode == .remote
-            ? GatewayRemoteConfig.resolveTLSFingerprint(root: root)
-            : nil
-        let expectedFingerprint = configuredFingerprint ?? storedFingerprint
-        return GatewayTLSParams(
-            required: true,
-            expectedFingerprint: expectedFingerprint,
-            allowTOFU: expectedFingerprint == nil,
-            storeKey: stableID)
-    }
-
-    private func buildSessionBox(url: URL, connectionMode: AppState.ConnectionMode) -> WebSocketSessionBox? {
+    private func buildSessionBox(url: URL) -> WebSocketSessionBox? {
         guard url.scheme?.lowercased() == "wss" else { return nil }
         let stableID = Self.tlsPinStoreKey(for: url)
         let stored = GatewayTLSStore.loadFingerprint(stableID: stableID)
-        guard let params = Self.tlsParams(
-            for: url,
-            connectionMode: connectionMode,
-            root: OpenClawConfigFile.loadDict(),
-            storedFingerprint: stored)
-        else { return nil }
+        let params = GatewayTLSParams(
+            required: true,
+            expectedFingerprint: stored,
+            allowTOFU: stored == nil,
+            storeKey: stableID)
         let session = GatewayTLSPinningSession(params: params)
         return WebSocketSessionBox(session: session)
     }

apps/macos/Sources/OpenClaw/NodeMode/MacNodeRuntime.swift

@@ -521,8 +521,7 @@ actor MacNodeRuntime {
         let sessionKey = (params.sessionKey?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false)
             ? params.sessionKey!.trimmingCharacters(in: .whitespacesAndNewlines)
             : self.mainSessionKey
-        let providedRunId = params.runId?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-        let runId = providedRunId.isEmpty ? UUID().uuidString : providedRunId
+        let runId = UUID().uuidString
         let envOverrideDiagnostics = HostEnvSanitizer.inspectOverrides(
             overrides: params.env,
             blockPathOverrides: true)

apps/macos/Tests/OpenClawIPCTests/GatewayEndpointStoreTests.swift

@@ -287,36 +287,4 @@ struct GatewayEndpointStoreTests {
         let url = GatewayRemoteConfig.normalizeGatewayUrl("ws://127.attacker.example")
         #expect(url == nil)
     }
-
-    @Test func `resolve tls fingerprint trims remote config value`() {
-        let root: [String: Any] = [
-            "gateway": [
-                "remote": [
-                    "tlsFingerprint": " sha256:ABC123 ",
-                ],
-            ],
-        ]
-
-        #expect(GatewayRemoteConfig.resolveTLSFingerprint(root: root) == "sha256:ABC123")
-    }
-
-    @Test func `resolve tls fingerprint ignores blank or non string values`() {
-        let blank: [String: Any] = [
-            "gateway": [
-                "remote": [
-                    "tlsFingerprint": "   ",
-                ],
-            ],
-        ]
-        let nonString: [String: Any] = [
-            "gateway": [
-                "remote": [
-                    "tlsFingerprint": 123,
-                ],
-            ],
-        ]
-
-        #expect(GatewayRemoteConfig.resolveTLSFingerprint(root: blank) == nil)
-        #expect(GatewayRemoteConfig.resolveTLSFingerprint(root: nonString) == nil)
-    }
 }

apps/macos/Tests/OpenClawIPCTests/MacNodeModeCoordinatorTests.swift

@@ -35,60 +35,6 @@ struct MacNodeModeCoordinatorTests {
         #expect(MacNodeModeCoordinator.tlsPinStoreKey(for: url) == "gateway.example.ts.net:443")
     }
 
-    @Test func `remote tls params prefer configured fingerprint over stored pin`() throws {
-        let url = try #require(URL(string: "wss://gateway.example.com"))
-        let root: [String: Any] = [
-            "gateway": [
-                "remote": [
-                    "tlsFingerprint": "sha256:configured",
-                ],
-            ],
-        ]
-
-        let params = try #require(MacNodeModeCoordinator.tlsParams(
-            for: url,
-            connectionMode: .remote,
-            root: root,
-            storedFingerprint: "stored"))
-
-        #expect(params.expectedFingerprint == "sha256:configured")
-        #expect(params.allowTOFU == false)
-        #expect(params.storeKey == "gateway.example.com:443")
-    }
-
-    @Test func `remote tls params allow first use only when no configured or stored pin exists`() throws {
-        let url = try #require(URL(string: "wss://gateway.example.com"))
-
-        let params = try #require(MacNodeModeCoordinator.tlsParams(
-            for: url,
-            connectionMode: .remote,
-            root: [:],
-            storedFingerprint: nil))
-
-        #expect(params.expectedFingerprint == nil)
-        #expect(params.allowTOFU == true)
-    }
-
-    @Test func `local tls params ignore remote configured fingerprint`() throws {
-        let url = try #require(URL(string: "wss://127.0.0.1:18789"))
-        let root: [String: Any] = [
-            "gateway": [
-                "remote": [
-                    "tlsFingerprint": "sha256:remote",
-                ],
-            ],
-        ]
-
-        let params = try #require(MacNodeModeCoordinator.tlsParams(
-            for: url,
-            connectionMode: .local,
-            root: root,
-            storedFingerprint: "stored-local"))
-
-        #expect(params.expectedFingerprint == "stored-local")
-        #expect(params.allowTOFU == false)
-    }
-
     @Test func `auto repairs trusted tailscale serve pin mismatch`() throws {
         let url = try #require(URL(string: "wss://gateway.example.ts.net"))
         let failure = GatewayTLSValidationFailure(

apps/macos/Tests/OpenClawIPCTests/MacNodeRuntimeTests.swift

@@ -14,18 +14,6 @@ struct MacNodeRuntimeTests {
         }
     }
 
-    actor ExecEventProbe {
-        private var captured: [(event: String, json: String)] = []
-
-        func append(event: String, json: String?) {
-            self.captured.append((event: event, json: json ?? ""))
-        }
-
-        func events() -> [(event: String, json: String)] {
-            self.captured
-        }
-    }
-
     @Test func `handle invoke rejects unknown command`() async {
         let runtime = MacNodeRuntime()
         let response = await runtime.handleInvoke(
@@ -57,40 +45,6 @@ struct MacNodeRuntimeTests {
         #expect(response.ok == false)
     }
 
-    @Test func `system run denied event preserves gateway run id`() async throws {
-        let stateDir = FileManager().temporaryDirectory
-            .appendingPathComponent("openclaw-state-\(UUID().uuidString)", isDirectory: true)
-        defer { try? FileManager().removeItem(at: stateDir) }
-
-        try await TestIsolation.withEnvValues(["OPENCLAW_STATE_DIR": stateDir.path]) {
-            let probe = ExecEventProbe()
-            let runtime = MacNodeRuntime()
-            await runtime.setEventSender { event, json in
-                await probe.append(event: event, json: json)
-            }
-            let params = OpenClawSystemRunParams(
-                command: ["/bin/sh", "-lc", "printf ok"],
-                sessionKey: "agent:main:main",
-                runId: "gateway-run-1")
-            let json = try String(data: JSONEncoder().encode(params), encoding: .utf8)
-            let response = await runtime.handleInvoke(
-                BridgeInvokeRequest(
-                    id: "req-run-id",
-                    command: OpenClawSystemCommand.run.rawValue,
-                    paramsJSON: json))
-
-            #expect(response.ok == false)
-            let denied = try #require((await probe.events()).first { $0.event == "exec.denied" })
-            struct Payload: Decodable {
-                var sessionKey: String
-                var runId: String
-            }
-            let payload = try JSONDecoder().decode(Payload.self, from: Data(denied.json.utf8))
-            #expect(payload.sessionKey == "agent:main:main")
-            #expect(payload.runId == "gateway-run-1")
-        }
-    }
-
     @Test func `handle invoke rejects blocked system run env override before execution`() async throws {
         let runtime = MacNodeRuntime()
         let params = OpenClawSystemRunParams(

apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatViewModel.swift

@@ -17,7 +17,6 @@ private let chatUILogger = Logger(subsystem: "ai.openclaw", category: "OpenClawC
 // swiftlint:disable:next type_body_length
 public final class OpenClawChatViewModel {
     public static let defaultModelSelectionID = "__default__"
-    private static let maxAttachmentBytes = 5_000_000
 
     public private(set) var messages: [OpenClawChatMessage] = []
     public var input: String = ""
@@ -1299,6 +1298,11 @@ public final class OpenClawChatViewModel {
     }
 
     private func addImageAttachment(url: URL?, data: Data, fileName: String, mimeType: String) async {
+        if data.count > 5_000_000 {
+            self.errorText = "Attachment \(fileName) exceeds 5 MB limit"
+            return
+        }
+
         let uti: UTType = {
             if let url {
                 return UTType(filenameExtension: url.pathExtension) ?? .data
@@ -1310,33 +1314,13 @@ public final class OpenClawChatViewModel {
             return
         }
 
-        let processed: Data
-        do {
-            processed = try await Task.detached(priority: .userInitiated) {
-                try ChatImageProcessor.processForUpload(data: data)
-            }.value
-        } catch {
-            self.errorText = "Could not process \(fileName): \(error.localizedDescription)"
-            return
-        }
-
-        if processed.count > Self.maxAttachmentBytes {
-            self.errorText = "Attachment \(fileName) exceeds 5 MB limit after resizing"
-            return
-        }
-
-        let outputFileName: String = {
-            let baseName = (fileName as NSString).deletingPathExtension
-            return baseName.isEmpty ? "image.jpg" : "\(baseName).jpg"
-        }()
-
-        let preview = Self.previewImage(data: processed)
+        let preview = Self.previewImage(data: data)
         self.attachments.append(
             OpenClawPendingAttachment(
                 url: url,
-                data: processed,
-                fileName: outputFileName,
-                mimeType: "image/jpeg",
+                data: data,
+                fileName: fileName,
+                mimeType: mimeType,
                 preview: preview))
     }
 

apps/shared/OpenClawKit/Sources/OpenClawKit/ChatImageProcessor.swift

@@ -1,44 +0,0 @@
-import Foundation
-
-/// Chat-specific image upload policy built on the shared JPEG transcoder.
-public enum ChatImageProcessor {
-    public static let maxLongEdgePx = 1600
-    public static let jpegQuality = 0.8
-    public static let maxPayloadBytes = 3_500_000
-
-    public enum ProcessError: Error, LocalizedError, Sendable {
-        case notAnImage
-        case decodeFailed
-        case encodeFailed
-
-        public var errorDescription: String? {
-            switch self {
-            case .notAnImage:
-                "The data is not a recognizable image."
-            case .decodeFailed:
-                "The image could not be decoded."
-            case .encodeFailed:
-                "The image could not be resized to fit the chat upload limit."
-            }
-        }
-    }
-
-    public static func processForUpload(data: Data) throws -> Data {
-        do {
-            let result = try JPEGTranscoder.transcodeToJPEG(
-                imageData: data,
-                maxLongEdgePx: self.maxLongEdgePx,
-                quality: self.jpegQuality,
-                maxBytes: self.maxPayloadBytes)
-            return result.data
-        } catch JPEGTranscodeError.decodeFailed {
-            throw ProcessError.notAnImage
-        } catch JPEGTranscodeError.propertiesMissing {
-            throw ProcessError.decodeFailed
-        } catch JPEGTranscodeError.sizeLimitExceeded {
-            throw ProcessError.encodeFailed
-        } catch {
-            throw ProcessError.encodeFailed
-        }
-    }
-}

apps/shared/OpenClawKit/Sources/OpenClawKit/DeepLinks.swift

@@ -57,7 +57,7 @@ public struct GatewayConnectDeepLink: Codable, Sendable, Equatable {
         {
             return link
         }
-        return self.fromGatewayURLString(
+        return fromGatewayURLString(
             trimmed,
             bootstrapToken: nil,
             token: nil,
@@ -89,7 +89,7 @@ public struct GatewayConnectDeepLink: Codable, Sendable, Equatable {
         {
             return link
         }
-        for candidate in self.setupCodeCandidates(in: trimmed) where candidate != trimmed {
+        for candidate in setupCodeCandidates(in: trimmed) where candidate != trimmed {
             if let data = decodeBase64Url(candidate),
                let link = decodeSetupPayload(from: data)
             {
@@ -104,7 +104,7 @@ public struct GatewayConnectDeepLink: Codable, Sendable, Equatable {
         if let urlString = payload.url?.trimmingCharacters(in: .whitespacesAndNewlines),
            !urlString.isEmpty
         {
-            return self.fromGatewayURLString(
+            return fromGatewayURLString(
                 urlString,
                 bootstrapToken: payload.bootstrapToken,
                 token: payload.token,

apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayTLSPinning.swift

@@ -79,12 +79,6 @@ public protocol GatewayDeviceTokenRetryTrustProviding: AnyObject {
     var allowsDeviceTokenRetryAuth: Bool { get }
 }
 
-enum GatewayTLSFirstUsePolicy {
-    static func allowsFirstUsePin(systemTrustOk: Bool) -> Bool {
-        systemTrustOk
-    }
-}
-
 public enum GatewayTLSStore {
     private static let keychainService = "ai.openclaw.tls-pinning"
 
@@ -165,8 +159,7 @@ public enum GatewayTLSStore {
     }
 }
 
-public final class GatewayTLSPinningSession: NSObject, WebSocketSessioning, URLSessionDelegate,
-GatewayTLSFailureProviding, GatewayDeviceTokenRetryTrustProviding, @unchecked Sendable {
+public final class GatewayTLSPinningSession: NSObject, WebSocketSessioning, URLSessionDelegate, GatewayTLSFailureProviding, GatewayDeviceTokenRetryTrustProviding, @unchecked Sendable {
     private let params: GatewayTLSParams
     private let failureLock = NSLock()
     private var lastTLSFailure: GatewayTLSValidationFailure?
@@ -245,14 +238,12 @@ GatewayTLSFailureProviding, GatewayDeviceTokenRetryTrustProviding, @unchecked Se
                 return
             }
             if self.params.allowTOFU {
-                if GatewayTLSFirstUsePolicy.allowsFirstUsePin(systemTrustOk: systemTrustOk) {
-                    if let storeKey = params.storeKey {
-                        GatewayTLSStore.saveFingerprint(fingerprint, stableID: storeKey)
-                    }
-                    self.clearTLSFailure()
-                    completionHandler(.useCredential, URLCredential(trust: trust))
-                    return
+                if let storeKey = params.storeKey {
+                    GatewayTLSStore.saveFingerprint(fingerprint, stableID: storeKey)
                 }
+                self.clearTLSFailure()
+                completionHandler(.useCredential, URLCredential(trust: trust))
+                return
             }
         }
 

apps/shared/OpenClawKit/Sources/OpenClawKit/JPEGTranscoder.swift

@@ -37,26 +37,6 @@ public struct JPEGTranscoder: Sendable {
         maxWidthPx: Int?,
         quality: Double,
         maxBytes: Int? = nil) throws -> (data: Data, widthPx: Int, heightPx: Int)
-    {
-        try self.transcodeToJPEG(
-            imageData: imageData,
-            maxWidthPx: maxWidthPx,
-            maxLongEdgePx: nil,
-            quality: quality,
-            maxBytes: maxBytes)
-    }
-
-    /// Re-encodes image data to JPEG, optionally downscaling so the *oriented* longest edge is <= `maxLongEdgePx`.
-    ///
-    /// When `maxLongEdgePx` is provided it takes precedence over `maxWidthPx`.
-    /// - Important: This normalizes EXIF orientation (the output pixels are rotated if needed; orientation tag is not
-    ///   relied on).
-    public static func transcodeToJPEG(
-        imageData: Data,
-        maxWidthPx: Int? = nil,
-        maxLongEdgePx: Int?,
-        quality: Double,
-        maxBytes: Int? = nil) throws -> (data: Data, widthPx: Int, heightPx: Int)
     {
         guard let src = CGImageSourceCreateWithData(imageData as CFData, nil) else {
             throw JPEGTranscodeError.decodeFailed
@@ -83,10 +63,6 @@ public struct JPEGTranscoder: Sendable {
 
         let maxDim = max(orientedWidth, orientedHeight)
         var targetMaxPixelSize: Int = {
-            if let maxLongEdgePx, maxLongEdgePx > 0 {
-                guard maxDim > maxLongEdgePx else { return maxDim } // never upscale
-                return maxLongEdgePx
-            }
             guard let maxWidthPx, maxWidthPx > 0 else { return maxDim }
             guard orientedWidth > maxWidthPx else { return maxDim } // never upscale
 
@@ -105,7 +81,6 @@ public struct JPEGTranscoder: Sendable {
             guard let img = CGImageSourceCreateThumbnailAtIndex(src, 0, thumbOpts as CFDictionary) else {
                 throw JPEGTranscodeError.decodeFailed
             }
-            let opaqueImage = Self.flattenAlphaIfNeeded(img)
 
             let out = NSMutableData()
             guard let dest = CGImageDestinationCreateWithData(out, UTType.jpeg.identifier as CFString, 1, nil) else {
@@ -113,12 +88,12 @@ public struct JPEGTranscoder: Sendable {
             }
             let q = self.clampQuality(quality)
             let encodeProps = [kCGImageDestinationLossyCompressionQuality: q] as CFDictionary
-            CGImageDestinationAddImage(dest, opaqueImage, encodeProps)
+            CGImageDestinationAddImage(dest, img, encodeProps)
             guard CGImageDestinationFinalize(dest) else {
                 throw JPEGTranscodeError.encodeFailed
             }
 
-            return (out as Data, opaqueImage.width, opaqueImage.height)
+            return (out as Data, img.width, img.height)
         }
 
         guard let maxBytes, maxBytes > 0 else {
@@ -157,34 +132,4 @@ public struct JPEGTranscoder: Sendable {
 
         return best
     }
-
-    /// JPEG cannot store alpha. Flatten transparent sources over white before encoding so ImageIO does not composite
-    /// transparent pixels onto black by default.
-    private static func flattenAlphaIfNeeded(_ image: CGImage) -> CGImage {
-        switch image.alphaInfo {
-        case .none, .noneSkipFirst, .noneSkipLast:
-            return image
-        default:
-            break
-        }
-
-        guard
-            let context = CGContext(
-                data: nil,
-                width: image.width,
-                height: image.height,
-                bitsPerComponent: 8,
-                bytesPerRow: 0,
-                space: CGColorSpaceCreateDeviceRGB(),
-                bitmapInfo: CGImageAlphaInfo.noneSkipLast.rawValue)
-        else {
-            return image
-        }
-
-        let rect = CGRect(x: 0, y: 0, width: image.width, height: image.height)
-        context.setFillColor(CGColor(red: 1, green: 1, blue: 1, alpha: 1))
-        context.fill(rect)
-        context.draw(image, in: rect)
-        return context.makeImage() ?? image
-    }
 }

apps/shared/OpenClawKit/Sources/OpenClawKit/SystemCommands.swift

@@ -29,7 +29,6 @@ public struct OpenClawSystemRunParams: Codable, Sendable, Equatable {
     public var needsScreenRecording: Bool?
     public var agentId: String?
     public var sessionKey: String?
-    public var runId: String?
     public var approved: Bool?
     public var approvalDecision: String?
 
@@ -42,7 +41,6 @@ public struct OpenClawSystemRunParams: Codable, Sendable, Equatable {
         needsScreenRecording: Bool? = nil,
         agentId: String? = nil,
         sessionKey: String? = nil,
-        runId: String? = nil,
         approved: Bool? = nil,
         approvalDecision: String? = nil)
     {
@@ -54,7 +52,6 @@ public struct OpenClawSystemRunParams: Codable, Sendable, Equatable {
         self.needsScreenRecording = needsScreenRecording
         self.agentId = agentId
         self.sessionKey = sessionKey
-        self.runId = runId
         self.approved = approved
         self.approvalDecision = approvalDecision
     }

apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift

@@ -3,7 +3,7 @@
 import Foundation
 
 public let GATEWAY_PROTOCOL_VERSION = 4
-public let GATEWAY_MIN_PROTOCOL_VERSION = 4
+public let GATEWAY_MIN_PROTOCOL_VERSION = 3
 
 private struct GatewayAnyCodingKey: CodingKey, Hashable {
     let stringValue: String
@@ -2098,8 +2098,6 @@ public struct SessionsPatchParams: Codable, Sendable {
     public let spawndepth: AnyCodable?
     public let subagentrole: AnyCodable?
     public let subagentcontrolscope: AnyCodable?
-    public let inheritedtoolallow: AnyCodable?
-    public let inheritedtooldeny: AnyCodable?
     public let sendpolicy: AnyCodable?
     public let groupactivation: AnyCodable?
 
@@ -2123,8 +2121,6 @@ public struct SessionsPatchParams: Codable, Sendable {
         spawndepth: AnyCodable?,
         subagentrole: AnyCodable?,
         subagentcontrolscope: AnyCodable?,
-        inheritedtoolallow: AnyCodable?,
-        inheritedtooldeny: AnyCodable?,
         sendpolicy: AnyCodable?,
         groupactivation: AnyCodable?)
     {
@@ -2147,8 +2143,6 @@ public struct SessionsPatchParams: Codable, Sendable {
         self.spawndepth = spawndepth
         self.subagentrole = subagentrole
         self.subagentcontrolscope = subagentcontrolscope
-        self.inheritedtoolallow = inheritedtoolallow
-        self.inheritedtooldeny = inheritedtooldeny
         self.sendpolicy = sendpolicy
         self.groupactivation = groupactivation
     }
@@ -2173,8 +2167,6 @@ public struct SessionsPatchParams: Codable, Sendable {
         case spawndepth = "spawnDepth"
         case subagentrole = "subagentRole"
         case subagentcontrolscope = "subagentControlScope"
-        case inheritedtoolallow = "inheritedToolAllow"
-        case inheritedtooldeny = "inheritedToolDeny"
         case sendpolicy = "sendPolicy"
         case groupactivation = "groupActivation"
     }
@@ -3228,7 +3220,6 @@ public struct TalkSessionCancelTurnParams: Codable, Sendable {
 
 public struct TalkSessionCreateParams: Codable, Sendable {
     public let sessionkey: String?
-    public let spawnedby: String?
     public let provider: String?
     public let model: String?
     public let voice: String?
@@ -3243,7 +3234,6 @@ public struct TalkSessionCreateParams: Codable, Sendable {
 
     public init(
         sessionkey: String?,
-        spawnedby: String?,
         provider: String?,
         model: String?,
         voice: String?,
@@ -3257,7 +3247,6 @@ public struct TalkSessionCreateParams: Codable, Sendable {
         ttlms: Int?)
     {
         self.sessionkey = sessionkey
-        self.spawnedby = spawnedby
         self.provider = provider
         self.model = model
         self.voice = voice
@@ -3273,7 +3262,6 @@ public struct TalkSessionCreateParams: Codable, Sendable {
 
     private enum CodingKeys: String, CodingKey {
         case sessionkey = "sessionKey"
-        case spawnedby = "spawnedBy"
         case provider
         case model
         case voice
@@ -6244,138 +6232,12 @@ public struct ChatInjectParams: Codable, Sendable {
     }
 }
 
-public struct ChatDeltaEvent: Codable, Sendable {
+public struct ChatEvent: Codable, Sendable {
     public let runid: String
     public let sessionkey: String
     public let spawnedby: String?
     public let seq: Int
-    public let state: String
-    public let message: AnyCodable?
-    public let deltatext: String
-    public let replace: Bool?
-    public let usage: AnyCodable?
-
-    public init(
-        runid: String,
-        sessionkey: String,
-        spawnedby: String?,
-        seq: Int,
-        state: String,
-        message: AnyCodable?,
-        deltatext: String,
-        replace: Bool?,
-        usage: AnyCodable?)
-    {
-        self.runid = runid
-        self.sessionkey = sessionkey
-        self.spawnedby = spawnedby
-        self.seq = seq
-        self.state = state
-        self.message = message
-        self.deltatext = deltatext
-        self.replace = replace
-        self.usage = usage
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case runid = "runId"
-        case sessionkey = "sessionKey"
-        case spawnedby = "spawnedBy"
-        case seq
-        case state
-        case message
-        case deltatext = "deltaText"
-        case replace
-        case usage
-    }
-}
-
-public struct ChatFinalEvent: Codable, Sendable {
-    public let runid: String
-    public let sessionkey: String
-    public let spawnedby: String?
-    public let seq: Int
-    public let state: String
-    public let message: AnyCodable?
-    public let usage: AnyCodable?
-    public let stopreason: String?
-
-    public init(
-        runid: String,
-        sessionkey: String,
-        spawnedby: String?,
-        seq: Int,
-        state: String,
-        message: AnyCodable?,
-        usage: AnyCodable?,
-        stopreason: String?)
-    {
-        self.runid = runid
-        self.sessionkey = sessionkey
-        self.spawnedby = spawnedby
-        self.seq = seq
-        self.state = state
-        self.message = message
-        self.usage = usage
-        self.stopreason = stopreason
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case runid = "runId"
-        case sessionkey = "sessionKey"
-        case spawnedby = "spawnedBy"
-        case seq
-        case state
-        case message
-        case usage
-        case stopreason = "stopReason"
-    }
-}
-
-public struct ChatAbortedEvent: Codable, Sendable {
-    public let runid: String
-    public let sessionkey: String
-    public let spawnedby: String?
-    public let seq: Int
-    public let state: String
-    public let message: AnyCodable?
-    public let stopreason: String?
-
-    public init(
-        runid: String,
-        sessionkey: String,
-        spawnedby: String?,
-        seq: Int,
-        state: String,
-        message: AnyCodable?,
-        stopreason: String?)
-    {
-        self.runid = runid
-        self.sessionkey = sessionkey
-        self.spawnedby = spawnedby
-        self.seq = seq
-        self.state = state
-        self.message = message
-        self.stopreason = stopreason
-    }
-
-    private enum CodingKeys: String, CodingKey {
-        case runid = "runId"
-        case sessionkey = "sessionKey"
-        case spawnedby = "spawnedBy"
-        case seq
-        case state
-        case message
-        case stopreason = "stopReason"
-    }
-}
-
-public struct ChatErrorEvent: Codable, Sendable {
-    public let runid: String
-    public let sessionkey: String
-    public let spawnedby: String?
-    public let seq: Int
-    public let state: String
+    public let state: AnyCodable
     public let message: AnyCodable?
     public let errormessage: String?
     public let errorkind: AnyCodable?
@@ -6387,7 +6249,7 @@ public struct ChatErrorEvent: Codable, Sendable {
         sessionkey: String,
         spawnedby: String?,
         seq: Int,
-        state: String,
+        state: AnyCodable,
         message: AnyCodable?,
         errormessage: String?,
         errorkind: AnyCodable?,
@@ -6519,43 +6381,6 @@ public enum PluginsSessionActionResult: Codable, Sendable {
     }
 }
 
-public enum ChatEvent: Codable, Sendable {
-    case delta(ChatDeltaEvent)
-    case final(ChatFinalEvent)
-    case aborted(ChatAbortedEvent)
-    case error(ChatErrorEvent)
-
-    private enum CodingKeys: String, CodingKey {
-        case discriminator = "state"
-    }
-
-    public init(from decoder: Decoder) throws {
-        let container = try decoder.container(keyedBy: CodingKeys.self)
-        let discriminator = try container.decode(String.self, forKey: .discriminator)
-        switch discriminator {
-        case "delta": self = try .delta(ChatDeltaEvent(from: decoder))
-        case "final": self = try .final(ChatFinalEvent(from: decoder))
-        case "aborted": self = try .aborted(ChatAbortedEvent(from: decoder))
-        case "error": self = try .error(ChatErrorEvent(from: decoder))
-        default:
-            throw DecodingError.dataCorruptedError(
-                forKey: .discriminator,
-                in: container,
-                debugDescription: "Unknown ChatEvent discriminator value"
-            )
-        }
-    }
-
-    public func encode(to encoder: Encoder) throws {
-        switch self {
-        case .delta(let value): try value.encode(to: encoder)
-        case .final(let value): try value.encode(to: encoder)
-        case .aborted(let value): try value.encode(to: encoder)
-        case .error(let value): try value.encode(to: encoder)
-        }
-    }
-}
-
 public enum GatewayFrame: Codable, Sendable {
     case req(RequestFrame)
     case res(ResponseFrame)

apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatImageProcessorTests.swift

@@ -1,187 +0,0 @@
-import CoreGraphics
-import Foundation
-import ImageIO
-import Testing
-import UniformTypeIdentifiers
-@testable import OpenClawKit
-
-struct ChatImageProcessorTests {
-    private func syntheticJPEG(width: Int, height: Int) throws -> Data {
-        guard
-            let context = CGContext(
-                data: nil,
-                width: width,
-                height: height,
-                bitsPerComponent: 8,
-                bytesPerRow: width * 4,
-                space: CGColorSpaceCreateDeviceRGB(),
-                bitmapInfo: CGImageAlphaInfo.premultipliedLast.rawValue)
-        else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 1)
-        }
-
-        context.setFillColor(CGColor(red: 0.8, green: 0.2, blue: 0.4, alpha: 1))
-        context.fill(CGRect(x: 0, y: 0, width: width, height: height))
-        context.setFillColor(CGColor(red: 0.1, green: 0.7, blue: 0.3, alpha: 1))
-        context.fill(CGRect(x: 0, y: 0, width: width / 2, height: height / 2))
-
-        guard let image = context.makeImage() else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 2)
-        }
-
-        let data = NSMutableData()
-        guard let destination = CGImageDestinationCreateWithData(data, UTType.jpeg.identifier as CFString, 1, nil)
-        else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 3)
-        }
-
-        let properties: [CFString: Any] = [
-            kCGImageDestinationLossyCompressionQuality: 0.95,
-            kCGImagePropertyExifDictionary: [
-                kCGImagePropertyExifDateTimeOriginal: "2026:04:20 16:30:00",
-                kCGImagePropertyExifLensModel: "Leaky Lens 50mm f/1.4",
-            ] as CFDictionary,
-            kCGImagePropertyGPSDictionary: [
-                kCGImagePropertyGPSLatitude: 60.02,
-                kCGImagePropertyGPSLatitudeRef: "N",
-                kCGImagePropertyGPSLongitude: 10.95,
-                kCGImagePropertyGPSLongitudeRef: "E",
-            ] as CFDictionary,
-            kCGImagePropertyTIFFDictionary: [
-                kCGImagePropertyTIFFMake: "LeakCorp",
-                kCGImagePropertyTIFFModel: "Privacy-Leaker-1",
-            ] as CFDictionary,
-        ]
-        CGImageDestinationAddImage(destination, image, properties as CFDictionary)
-        guard CGImageDestinationFinalize(destination) else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 4)
-        }
-        return data as Data
-    }
-
-    private func syntheticPNGWithAlpha(width: Int, height: Int) throws -> Data {
-        guard
-            let context = CGContext(
-                data: nil,
-                width: width,
-                height: height,
-                bitsPerComponent: 8,
-                bytesPerRow: width * 4,
-                space: CGColorSpaceCreateDeviceRGB(),
-                bitmapInfo: CGImageAlphaInfo.premultipliedLast.rawValue)
-        else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 5)
-        }
-
-        context.clear(CGRect(x: 0, y: 0, width: width, height: height))
-        context.setFillColor(CGColor(red: 1, green: 0, blue: 0, alpha: 1))
-        context.fill(CGRect(x: width / 4, y: height / 4, width: width / 2, height: height / 2))
-
-        guard let image = context.makeImage() else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 6)
-        }
-
-        let data = NSMutableData()
-        guard let destination = CGImageDestinationCreateWithData(data, UTType.png.identifier as CFString, 1, nil)
-        else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 7)
-        }
-        CGImageDestinationAddImage(destination, image, nil)
-        guard CGImageDestinationFinalize(destination) else {
-            throw NSError(domain: "ChatImageProcessorTests", code: 8)
-        }
-        return data as Data
-    }
-
-    private func properties(for data: Data) -> [CFString: Any] {
-        guard
-            let source = CGImageSourceCreateWithData(data as CFData, nil),
-            let properties = CGImageSourceCopyPropertiesAtIndex(source, 0, nil) as? [CFString: Any]
-        else {
-            return [:]
-        }
-        return properties
-    }
-
-    private func dimensions(for data: Data) -> (width: Int, height: Int)? {
-        let properties = self.properties(for: data)
-        guard
-            let width = properties[kCGImagePropertyPixelWidth] as? NSNumber,
-            let height = properties[kCGImagePropertyPixelHeight] as? NSNumber
-        else {
-            return nil
-        }
-        return (width.intValue, height.intValue)
-    }
-
-    @Test func `resizes landscape long edge to upload limit`() throws {
-        let source = try self.syntheticJPEG(width: 4000, height: 3000)
-        let output = try ChatImageProcessor.processForUpload(data: source)
-        let dimensions = try #require(self.dimensions(for: output))
-
-        #expect(max(dimensions.width, dimensions.height) <= ChatImageProcessor.maxLongEdgePx)
-        #expect(abs((Double(dimensions.width) / Double(dimensions.height)) - (4000.0 / 3000.0)) <= 0.02)
-    }
-
-    @Test func `resizes portrait long edge to upload limit`() throws {
-        let source = try self.syntheticJPEG(width: 3000, height: 4000)
-        let output = try ChatImageProcessor.processForUpload(data: source)
-        let dimensions = try #require(self.dimensions(for: output))
-
-        #expect(max(dimensions.width, dimensions.height) <= ChatImageProcessor.maxLongEdgePx)
-        #expect(abs((Double(dimensions.width) / Double(dimensions.height)) - (3000.0 / 4000.0)) <= 0.02)
-    }
-
-    @Test func `resizes narrow tall long edge to upload limit`() throws {
-        let source = try self.syntheticJPEG(width: 1080, height: 2400)
-        let output = try ChatImageProcessor.processForUpload(data: source)
-        let dimensions = try #require(self.dimensions(for: output))
-
-        #expect(max(dimensions.width, dimensions.height) <= ChatImageProcessor.maxLongEdgePx)
-        #expect(abs((Double(dimensions.width) / Double(dimensions.height)) - (1080.0 / 2400.0)) <= 0.02)
-    }
-
-    @Test func `small image is not upscaled`() throws {
-        let source = try self.syntheticJPEG(width: 400, height: 300)
-        let output = try ChatImageProcessor.processForUpload(data: source)
-        let dimensions = try #require(self.dimensions(for: output))
-
-        #expect(max(dimensions.width, dimensions.height) <= 400)
-    }
-
-    @Test func `output fits payload budget`() throws {
-        let source = try self.syntheticJPEG(width: 4000, height: 3000)
-        let output = try ChatImageProcessor.processForUpload(data: source)
-
-        #expect(output.count <= ChatImageProcessor.maxPayloadBytes)
-    }
-
-    @Test func `rejects non image data`() {
-        let garbage = Data("not an image".utf8)
-
-        #expect(throws: ChatImageProcessor.ProcessError.self) {
-            _ = try ChatImageProcessor.processForUpload(data: garbage)
-        }
-    }
-
-    @Test func `strips source metadata from output`() throws {
-        let source = try self.syntheticJPEG(width: 3000, height: 2000)
-        let output = try ChatImageProcessor.processForUpload(data: source)
-        let properties = self.properties(for: output)
-        let gps = properties[kCGImagePropertyGPSDictionary] as? [CFString: Any] ?? [:]
-
-        #expect(gps.isEmpty)
-        for needle in ["Leaky Lens", "LeakCorp", "Privacy-Leaker", "2026:04:20"] {
-            #expect(output.range(of: Data(needle.utf8)) == nil)
-        }
-    }
-
-    @Test func `flattens transparent sources to opaque JPEG`() throws {
-        let source = try self.syntheticPNGWithAlpha(width: 800, height: 600)
-        let output = try ChatImageProcessor.processForUpload(data: source)
-        let imageSource = try #require(CGImageSourceCreateWithData(output as CFData, nil))
-        let image = try #require(CGImageSourceCreateImageAtIndex(imageSource, 0, nil))
-
-        #expect([.none, .noneSkipFirst, .noneSkipLast].contains(image.alphaInfo))
-    }
-}

apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatViewModelAttachmentTests.swift

@@ -1,109 +0,0 @@
-import CoreGraphics
-import Foundation
-import ImageIO
-import OpenClawKit
-import UniformTypeIdentifiers
-import XCTest
-@testable import OpenClawChatUI
-
-private struct AttachmentProcessingTransport: OpenClawChatTransport {
-    func requestHistory(sessionKey _: String) async throws -> OpenClawChatHistoryPayload {
-        throw NSError(domain: "ChatViewModelAttachmentTests", code: 1)
-    }
-
-    func sendMessage(
-        sessionKey _: String,
-        message _: String,
-        thinking _: String,
-        idempotencyKey _: String,
-        attachments _: [OpenClawChatAttachmentPayload]) async throws -> OpenClawChatSendResponse
-    {
-        throw NSError(domain: "ChatViewModelAttachmentTests", code: 2)
-    }
-
-    func requestHealth(timeoutMs _: Int) async throws -> Bool {
-        true
-    }
-
-    func events() -> AsyncStream<OpenClawChatTransportEvent> {
-        AsyncStream { _ in }
-    }
-}
-
-private func makeChatAttachmentJPEG(width: Int, height: Int) throws -> Data {
-    guard
-        let context = CGContext(
-            data: nil,
-            width: width,
-            height: height,
-            bitsPerComponent: 8,
-            bytesPerRow: width * 4,
-            space: CGColorSpaceCreateDeviceRGB(),
-            bitmapInfo: CGImageAlphaInfo.premultipliedLast.rawValue)
-    else {
-        throw NSError(domain: "ChatViewModelAttachmentTests", code: 3)
-    }
-
-    context.setFillColor(CGColor(red: 0.2, green: 0.4, blue: 0.8, alpha: 1))
-    context.fill(CGRect(x: 0, y: 0, width: width, height: height))
-    context.setFillColor(CGColor(red: 0.9, green: 0.5, blue: 0.1, alpha: 1))
-    context.fill(CGRect(x: 0, y: 0, width: width / 2, height: height / 2))
-
-    guard let image = context.makeImage() else {
-        throw NSError(domain: "ChatViewModelAttachmentTests", code: 4)
-    }
-
-    let data = NSMutableData()
-    guard let destination = CGImageDestinationCreateWithData(data, UTType.jpeg.identifier as CFString, 1, nil) else {
-        throw NSError(domain: "ChatViewModelAttachmentTests", code: 5)
-    }
-    CGImageDestinationAddImage(destination, image, [kCGImageDestinationLossyCompressionQuality: 0.95] as CFDictionary)
-    guard CGImageDestinationFinalize(destination) else {
-        throw NSError(domain: "ChatViewModelAttachmentTests", code: 6)
-    }
-    return data as Data
-}
-
-private func chatAttachmentDimensions(for data: Data) -> (width: Int, height: Int)? {
-    guard
-        let source = CGImageSourceCreateWithData(data as CFData, nil),
-        let properties = CGImageSourceCopyPropertiesAtIndex(source, 0, nil) as? [CFString: Any],
-        let width = properties[kCGImagePropertyPixelWidth] as? NSNumber,
-        let height = properties[kCGImagePropertyPixelHeight] as? NSNumber
-    else {
-        return nil
-    }
-    return (width.intValue, height.intValue)
-}
-
-final class ChatViewModelAttachmentTests: XCTestCase {
-    func testImageAttachmentsAreProcessedBeforeStaging() async throws {
-        let imageData = try makeChatAttachmentJPEG(width: 3000, height: 4000)
-        let viewModel = await MainActor.run {
-            OpenClawChatViewModel(sessionKey: "main", transport: AttachmentProcessingTransport())
-        }
-
-        await MainActor.run {
-            viewModel.addImageAttachment(data: imageData, fileName: "camera.heic", mimeType: "image/jpeg")
-        }
-
-        try await waitUntil("attachment processed") {
-            await MainActor.run { !viewModel.attachments.isEmpty || viewModel.errorText != nil }
-        }
-
-        let attachment = try await MainActor.run {
-            guard let attachment = viewModel.attachments.first else {
-                throw NSError(domain: "ChatViewModelAttachmentTests", code: 7)
-            }
-            return (attachment.fileName, attachment.mimeType, attachment.data)
-        }
-        let dimensions = try XCTUnwrap(chatAttachmentDimensions(for: attachment.2))
-
-        XCTAssertEqual(attachment.0, "camera.jpg")
-        XCTAssertEqual(attachment.1, "image/jpeg")
-        XCTAssertLessThanOrEqual(attachment.2.count, ChatImageProcessor.maxPayloadBytes)
-        XCTAssertLessThanOrEqual(max(dimensions.width, dimensions.height), ChatImageProcessor.maxLongEdgePx)
-        let errorText = await MainActor.run { viewModel.errorText }
-        XCTAssertNil(errorText)
-    }
-}

apps/shared/OpenClawKit/Tests/OpenClawKitTests/GatewayTLSPinningTests.swift

@@ -1,9 +0,0 @@
-import Testing
-@testable import OpenClawKit
-
-struct GatewayTLSPinningTests {
-    @Test func `first use pinning requires system trust`() {
-        #expect(GatewayTLSFirstUsePolicy.allowsFirstUsePin(systemTrustOk: true))
-        #expect(!GatewayTLSFirstUsePolicy.allowsFirstUsePin(systemTrustOk: false))
-    }
-}

config/knip.config.ts

@@ -66,6 +66,7 @@ const rootBundledPluginRuntimeDependencies = [
   "@slack/bolt",
   "@slack/types",
   "@slack/web-api",
+  "audio-decode",
   "grammy",
   "linkedom",
   "minimatch",

docker-compose.yml

@@ -7,16 +7,13 @@ services:
         required: false
     environment:
       HOME: /home/node
-      OPENCLAW_HOME: /home/node
       TERM: xterm-256color
-      # Pin container-side state, workspace, and config paths so host values written to
+      # Pin container-side workspace and config paths so host values written to
       # `.env` (used by Compose for the bind-mount source below) cannot leak
       # into runtime code that resolves these env vars inside the container.
       # Without this override, a macOS host path like /Users/<you>/.openclaw/...
       # imported from .env caused first-reply `mkdir '/Users'` EACCES failures
       # in Linux Docker (#77436).
-      OPENCLAW_STATE_DIR: /home/node/.openclaw
-      OPENCLAW_CONFIG_PATH: /home/node/.openclaw/openclaw.json
       OPENCLAW_CONFIG_DIR: /home/node/.openclaw
       OPENCLAW_WORKSPACE_DIR: /home/node/.openclaw/workspace
       OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN:-}
@@ -101,12 +98,9 @@ services:
       - no-new-privileges:true
     environment:
       HOME: /home/node
-      OPENCLAW_HOME: /home/node
       TERM: xterm-256color
-      # Pin container-side state, workspace, and config paths so host values written to
+      # Pin container-side workspace and config paths so host values written to
       # `.env` cannot leak into runtime code via the env_file import (#77436).
-      OPENCLAW_STATE_DIR: /home/node/.openclaw
-      OPENCLAW_CONFIG_PATH: /home/node/.openclaw/openclaw.json
       OPENCLAW_CONFIG_DIR: /home/node/.openclaw
       OPENCLAW_WORKSPACE_DIR: /home/node/.openclaw/workspace
       OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN:-}

docs/.generated/config-baseline.sha256

@@ -1,4 +1,4 @@
-c311205806d0eaa3631788dc2c489ece999b70430021ff91b365ce7ccfcba23c  config-baseline.json
-2e27b71c9ed109767a227f5163917a4468a1969079fc3457a3df7fe74c1fa2b7  config-baseline.core.json
-2aa997d48549bd321a478485126a4bd5065ba47333a80e7eb07a0ef6ad75b0a6  config-baseline.channel.json
+f95819d93e9bec5d059440ab54fb4ccb487425cb91d647c8688cd18ef1d4d848  config-baseline.json
+3325af3a6292959bb38166e9136c638dce5d2093d2339076742890848088a972  config-baseline.core.json
+ad1d3cb596115d66c21e93de95e229c14c585f0dd4799b4ae3cc29b84761adc6  config-baseline.channel.json
 0dac8944a0d51ae96f97e3809907f8a04d08413434a1a1190240f7e13bb11c4d  config-baseline.plugin.json

docs/.generated/plugin-sdk-api-baseline.sha256

@@ -1,2 +1,2 @@
-1cf7ca2ee1db3bf44682c487c780c6b1c47bbce27e74fb6f455cef445544c84f  plugin-sdk-api-baseline.json
-24b8e3e4773579e5a184dd5f91a5ad2f8e92519b6fe314820a94d7a64bd1141e  plugin-sdk-api-baseline.jsonl
+981f125194293842b7a45b1de0ae2ec134f037f63a6cc672ee2a28648251b4c9  plugin-sdk-api-baseline.json
+4c56ce2cb5bfae526557479a6cc19f8b0042d14f6c717996f8f86da5d5b159df  plugin-sdk-api-baseline.jsonl

docs/.i18n/glossary.zh-CN.json

@@ -651,26 +651,6 @@
     "source": "Manage plugins",
     "target": "管理插件"
   },
-  {
-    "source": "Plugin inventory",
-    "target": "插件清单"
-  },
-  {
-    "source": "Plugin reference",
-    "target": "插件参考"
-  },
-  {
-    "source": "Community plugins",
-    "target": "社区插件"
-  },
-  {
-    "source": "ClawHub publishing",
-    "target": "ClawHub 发布"
-  },
-  {
-    "source": "Plugin dependency resolution",
-    "target": "插件依赖解析"
-  },
   {
     "source": "Plugin path ownership",
     "target": "插件路径所有权"
@@ -970,9 +950,5 @@
   {
     "source": "ACP agents setup",
     "target": "ACP Agents 设置"
-  },
-  {
-    "source": "ds4 (local DeepSeek V4)",
-    "target": "ds4（本地 DeepSeek V4）"
   }
 ]

docs/channels/bot-loop-protection.md

@@ -1,131 +0,0 @@
----
-summary: "Bot-to-bot loop protection defaults and channel overrides"
-read_when:
-  - Configuring bot-authored channel messages
-  - Tuning bot-to-bot loop protection
-title: "Bot loop protection"
-sidebarTitle: "Bot loop protection"
----
-
-# Bot loop protection
-
-OpenClaw can accept messages written by other bots on channels that support `allowBots`.
-When that path is enabled, pair loop protection prevents two bot identities from
-replying to each other indefinitely.
-
-The guard is enforced by the core channel-turn kernel. Each supporting channel
-maps its own inbound event into generic facts: account or scope, conversation id,
-sender bot id, and receiver bot id. Core then tracks the participant pair in both
-directions, applies a sliding-window budget, and suppresses the pair during a
-cooldown after the budget is exceeded.
-
-## Defaults
-
-Pair loop protection is active when a channel lets bot-authored messages reach
-dispatch. Built-in defaults are:
-
-- `maxEventsPerWindow: 20` - a bot pair can exchange 20 events within the window
-- `windowSeconds: 60` - sliding window length
-- `cooldownSeconds: 60` - suppression time after the pair exceeds the budget
-
-The guard does not affect normal human-authored messages, single-bot deployments,
-self-message filtering, or one-shot bot replies that stay under the budget.
-
-## Configure shared defaults
-
-Set `channels.defaults.botLoopProtection` once to give every supporting channel
-the same baseline. Channel and account overrides can still tune individual
-surfaces.
-
-```json5
-{
-  channels: {
-    defaults: {
-      botLoopProtection: {
-        maxEventsPerWindow: 20,
-        windowSeconds: 60,
-        cooldownSeconds: 60,
-      },
-    },
-  },
-}
-```
-
-Set `enabled: false` only when your channel policy intentionally allows
-bot-to-bot conversations without automatic suppression.
-
-## Override per channel or account
-
-Supporting channels layer their own config over the shared default. Precedence is:
-
-- `channels.<channel>.<room-or-space>.botLoopProtection`, when the channel supports per-conversation overrides
-- `channels.<channel>.accounts.<account>.botLoopProtection`, when the channel supports accounts
-- `channels.<channel>.botLoopProtection`, when the channel supports top-level defaults
-- `channels.defaults.botLoopProtection`
-- built-in defaults
-
-```json5
-{
-  channels: {
-    defaults: {
-      botLoopProtection: {
-        maxEventsPerWindow: 20,
-      },
-    },
-    discord: {
-      botLoopProtection: {
-        maxEventsPerWindow: 8,
-      },
-      accounts: {
-        molty: {
-          allowBots: "mentions",
-          botLoopProtection: {
-            maxEventsPerWindow: 5,
-            cooldownSeconds: 90,
-          },
-        },
-      },
-    },
-    slack: {
-      allowBots: "mentions",
-      botLoopProtection: {
-        maxEventsPerWindow: 8,
-      },
-    },
-    matrix: {
-      allowBots: "mentions",
-      groups: {
-        "!roomid:example.org": {
-          botLoopProtection: {
-            maxEventsPerWindow: 5,
-          },
-        },
-      },
-    },
-    googlechat: {
-      allowBots: true,
-      groups: {
-        "spaces/AAAA": {
-          botLoopProtection: {
-            maxEventsPerWindow: 5,
-          },
-        },
-      },
-    },
-  },
-}
-```
-
-## Channel support
-
-- Discord: native `author.bot` facts, keyed by Discord account, channel, and bot pair.
-- Slack: native `bot_id` facts for accepted bot-authored messages, keyed by Slack account, channel, and bot pair.
-- Matrix: configured Matrix bot accounts, keyed by Matrix account, room, and configured bot pair.
-- Google Chat: native `sender.type=BOT` facts for accepted bot-authored messages, keyed by account, space, and bot pair.
-
-Channels that do not expose a reliable inbound bot identity keep using their
-normal self-message and access-policy filters. They should not opt into this
-guard until they can identify both participants in the bot pair.
-
-See [SDK runtime](/plugins/sdk-runtime#reusable-runtime-utilities) for plugin
-implementation details.

docs/channels/discord.md

@@ -1569,39 +1569,10 @@ openclaw logs --follow
     If you set `channels.discord.allowBots=true`, use strict mention and allowlist rules to avoid loop behavior.
     Prefer `channels.discord.allowBots="mentions"` to only accept bot messages that mention the bot.
 
-    OpenClaw also ships shared [bot loop protection](/channels/bot-loop-protection). Whenever `allowBots` lets bot-authored messages reach dispatch, Discord maps the inbound event to `(account, channel, bot pair)` facts and the generic pair guard suppresses the pair after it crosses the configured event budget. The guard prevents runaway two-bot loops that previously had to be stopped by Discord rate limits; it does not affect single-bot deployments or one-shot bot replies that stay under the budget.
-
-    Default settings (active when `allowBots` is set):
-
-    - `maxEventsPerWindow: 20` -- bot pair can exchange 20 messages within the sliding window
-    - `windowSeconds: 60` -- sliding window length
-    - `cooldownSeconds: 60` -- once the budget trips, every additional bot-to-bot message in either direction is dropped for one minute
-
-    Configure the shared default once under `channels.defaults.botLoopProtection`, then override Discord when a legitimate workflow needs more headroom. Precedence is:
-
-    - `channels.discord.accounts.<account>.botLoopProtection`
-    - `channels.discord.botLoopProtection`
-    - `channels.defaults.botLoopProtection`
-    - built-in defaults
-
-    Discord uses the generic `maxEventsPerWindow`, `windowSeconds`, and `cooldownSeconds` keys.
-
 ```json5
 {
   channels: {
-    defaults: {
-      botLoopProtection: {
-        maxEventsPerWindow: 20,
-        windowSeconds: 60,
-        cooldownSeconds: 60,
-      },
-    },
     discord: {
-      // Optional Discord-wide override. Account blocks override individual
-      // fields and inherit omitted fields from here.
-      botLoopProtection: {
-        maxEventsPerWindow: 4,
-      },
       accounts: {
         mantis: {
           // Mantis listens to other bots only when they mention her.
@@ -1614,12 +1585,6 @@ openclaw logs --follow
             // Lets Molty write "@Mantis" and send a real Discord mention.
             Mantis: "MANTIS_DISCORD_USER_ID",
           },
-          botLoopProtection: {
-            // Allow up to five messages per minute before suppressing the pair.
-            maxEventsPerWindow: 5,
-            windowSeconds: 60,
-            cooldownSeconds: 90,
-          },
         },
       },
     },

docs/channels/googlechat.md

@@ -185,7 +185,6 @@ Use these identifiers for delivery and allowlists:
       audience: "https://gateway.example.com/googlechat",
       webhookPath: "/googlechat",
       botUser: "users/1234567890", // optional; helps mention detection
-      allowBots: false,
       dm: {
         policy: "pairing",
         allowFrom: ["users/1234567890"],
@@ -217,7 +216,6 @@ Notes:
 - Message actions expose `send` for text and `upload-file` for explicit attachment sends. `upload-file` accepts `media` / `filePath` / `path` plus optional `message`, `filename`, and thread targeting.
 - `typingIndicator` supports `none`, `message` (default), and `reaction` (reaction requires user OAuth).
 - Attachments are downloaded through the Chat API and stored in the media pipeline (size capped by `mediaMaxMb`).
-- Bot-authored Google Chat messages are ignored by default. If you intentionally set `allowBots: true`, accepted bot-authored messages use shared [bot loop protection](/channels/bot-loop-protection). Configure `channels.defaults.botLoopProtection`, then override with `channels.googlechat.botLoopProtection` or `channels.googlechat.groups.<space>.botLoopProtection` when one space needs a different budget.
 
 Secrets reference details: [Secrets Management](/gateway/secrets).
 

docs/channels/imessage.md

@@ -217,7 +217,7 @@ If SIP-disabled isn't acceptable for your threat model:
 
     Allowlist field: `channels.imessage.allowFrom`.
 
-    Allowlist entries must identify senders: handles or static sender access groups (`accessGroup:<name>`). Use `channels.imessage.groupAllowFrom` for chat targets such as `chat_id:*`, `chat_guid:*`, or `chat_identifier:*`; use `channels.imessage.groups` for numeric `chat_id` registry keys.
+    Allowlist entries can be handles, static sender access groups (`accessGroup:<name>`), or chat targets (`chat_id:*`, `chat_guid:*`, `chat_identifier:*`).
 
   </Tab>
 
@@ -232,7 +232,7 @@ If SIP-disabled isn't acceptable for your threat model:
 
     `groupAllowFrom` entries can also reference static sender access groups (`accessGroup:<name>`).
 
-    Runtime fallback: if `groupAllowFrom` is unset, iMessage group sender checks use `allowFrom`; set `groupAllowFrom` when DM and group admission should differ.
+    Runtime fallback: if `groupAllowFrom` is unset, iMessage group sender checks fall back to `allowFrom` when available.
     Runtime note: if `channels.imessage` is completely missing, runtime falls back to `groupPolicy="allowlist"` and logs a warning (even if `channels.defaults.groupPolicy` is set).
 
     <Warning>

docs/channels/index.md

@@ -16,11 +16,8 @@ Text is supported everywhere; media and reactions vary by channel.
 - Slack multi-person DMs route as group chats, so group policy, mention
   behavior, and group-session rules apply to MPIM conversations.
 - WhatsApp setup is install-on-demand: onboarding can show the setup flow before
-  the plugin package is installed, and the Gateway loads the external
-  ClawHub/npm plugin only when the channel is actually active.
-- Channels that accept bot-authored inbound messages can use shared
-  [bot loop protection](/channels/bot-loop-protection) to prevent bot pairs from
-  replying to each other indefinitely.
+  the plugin package is installed, and the Gateway loads the WhatsApp runtime
+  only when the channel is actually active.
 
 ## Supported channels
 

docs/channels/matrix.md

@@ -266,7 +266,6 @@ Use `allowBots` when you intentionally want inter-agent Matrix traffic:
 - `allowBots: true` accepts messages from other configured Matrix bot accounts in allowed rooms and DMs.
 - `allowBots: "mentions"` accepts those messages only when they visibly mention this bot in rooms. DMs are still allowed.
 - `groups.<room>.allowBots` overrides the account-level setting for one room.
-- Accepted configured-bot messages use shared [bot loop protection](/channels/bot-loop-protection). Configure `channels.defaults.botLoopProtection`, then override with `channels.matrix.botLoopProtection` or `channels.matrix.groups.<room>.botLoopProtection` when one room needs a different budget.
 - OpenClaw still ignores messages from the same Matrix user ID to avoid self-reply loops.
 - Matrix does not expose a native bot flag here; OpenClaw treats "bot-authored" as "sent by another configured Matrix account on this OpenClaw gateway".
 

docs/channels/pairing.md

@@ -123,10 +123,12 @@ The setup code is a base64-encoded JSON payload that contains:
 
 That bootstrap token carries the built-in pairing bootstrap profile:
 
-- the built-in setup profile allows only the `node` role
-- after approval, the handed-off `node` token stays `scopes: []`
-- the built-in setup-code flow does not hand off an `operator` token
-- operator access requires a separate approved operator pairing or token flow
+- primary handed-off `node` token stays `scopes: []`
+- any handed-off `operator` token stays bounded to the bootstrap allowlist:
+  `operator.approvals`, `operator.read`, `operator.talk.secrets`, `operator.write`
+- bootstrap scope checks are role-prefixed, not one flat scope pool:
+  operator scope entries only satisfy operator requests, and non-operator roles
+  must still request scopes under their own role prefix
 - later token rotation/revocation remains bounded by both the device's approved
   role contract and the caller session's operator scopes
 

docs/channels/slack.md

@@ -23,17 +23,17 @@ Production-ready for DMs and channels via Slack app integrations. Default mode i
 
 Both transports are production-ready and reach feature parity for messaging, slash commands, App Home, and interactivity. Pick by deployment shape, not features.
 
-| Concern                      | Socket Mode (default)                                                                                                                                | HTTP Request URLs                                                                                              |
-| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
-| Public Gateway URL           | Not required                                                                                                                                         | Required (DNS, TLS, reverse proxy or tunnel)                                                                   |
-| Outbound network             | Outbound WSS to `wss-primary.slack.com` must be reachable                                                                                            | No outbound WS; inbound HTTPS only                                                                             |
-| Tokens needed                | Bot token (`xoxb-...`) + App-Level Token (`xapp-...`) with `connections:write`                                                                       | Bot token (`xoxb-...`) + Signing Secret                                                                        |
-| Dev laptop / behind firewall | Works as-is                                                                                                                                          | Needs a public tunnel (ngrok, Cloudflare Tunnel, Tailscale Funnel) or staging Gateway                          |
-| Horizontal scaling           | One Socket Mode session per app per host; multiple Gateways need separate Slack apps                                                                 | Stateless POST handler; multiple Gateway replicas can share one app behind a load balancer                     |
-| Multi-account on one Gateway | Supported; each account opens its own WS                                                                                                             | Supported; each account needs a unique `webhookPath` (default `/slack/events`) so registrations do not collide |
-| Slash command transport      | Delivered over the WS connection; `slash_commands[].url` is ignored                                                                                  | Slack POSTs to `slash_commands[].url`; field is required for the command to dispatch                           |
-| Request signing              | Not used (auth is the App-Level Token)                                                                                                               | Slack signs every request; OpenClaw verifies with `signingSecret`                                              |
-| Recovery on connection drop  | Slack SDK auto-reconnect is enabled; OpenClaw also restarts failed Socket Mode sessions with bounded backoff. Pong-timeout transport tuning applies. | No persistent connection to drop; retries are per-request from Slack                                           |
+| Concern                      | Socket Mode (default)                                                                | HTTP Request URLs                                                                                              |
+| ---------------------------- | ------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------- |
+| Public Gateway URL           | Not required                                                                         | Required (DNS, TLS, reverse proxy or tunnel)                                                                   |
+| Outbound network             | Outbound WSS to `wss-primary.slack.com` must be reachable                            | No outbound WS; inbound HTTPS only                                                                             |
+| Tokens needed                | Bot token (`xoxb-...`) + App-Level Token (`xapp-...`) with `connections:write`       | Bot token (`xoxb-...`) + Signing Secret                                                                        |
+| Dev laptop / behind firewall | Works as-is                                                                          | Needs a public tunnel (ngrok, Cloudflare Tunnel, Tailscale Funnel) or staging Gateway                          |
+| Horizontal scaling           | One Socket Mode session per app per host; multiple Gateways need separate Slack apps | Stateless POST handler; multiple Gateway replicas can share one app behind a load balancer                     |
+| Multi-account on one Gateway | Supported; each account opens its own WS                                             | Supported; each account needs a unique `webhookPath` (default `/slack/events`) so registrations do not collide |
+| Slash command transport      | Delivered over the WS connection; `slash_commands[].url` is ignored                  | Slack POSTs to `slash_commands[].url`; field is required for the command to dispatch                           |
+| Request signing              | Not used (auth is the App-Level Token)                                               | Slack signs every request; OpenClaw verifies with `signingSecret`                                              |
+| Recovery on connection drop  | Slack SDK auto-reconnects; the gateway's pong-timeout transport tuning applies       | No persistent connection to drop; retries are per-request from Slack                                           |
 
 <Note>
   **Pick Socket Mode** for single-Gateway hosts, dev laptops, and on-prem networks that can reach `*.slack.com` outbound but cannot accept inbound HTTPS.
@@ -462,13 +462,6 @@ OpenClaw sets the Slack SDK client pong timeout to 15 seconds by default for Soc
 
 Use this only for Socket Mode workspaces that log Slack websocket pong/server-ping timeouts or run on hosts with known event-loop starvation. `clientPingTimeout` is the pong wait after the SDK sends a client ping; `serverPingTimeout` is the wait for Slack server pings. App messages and events remain application state, not transport liveness signals.
 
-Notes:
-
-- `socketMode` is ignored in HTTP Request URL mode.
-- Base `channels.slack.socketMode` settings apply to all Slack accounts unless overridden. Per-account overrides use `channels.slack.accounts.<accountId>.socketMode`; because this is an object override, include every socket tuning field you want for that account.
-- Only `clientPingTimeout` has an OpenClaw default (`15000`). `serverPingTimeout` and `pingPongLoggingEnabled` are passed to the Slack SDK only when configured.
-- Socket Mode restart backoff starts around 2 seconds and caps around 30 seconds. Consecutive recoverable start/start-wait failures stop after 12 attempts; after a successful connection, later recoverable disconnects start a fresh retry cycle. Non-recoverable Slack auth errors such as `invalid_auth`, revoked tokens, or missing scopes fail fast instead of retrying forever.
-
 ## Manifest and scope checklist
 
 The base Slack app manifest is the same for Socket Mode and HTTP Request URLs. Only the `settings` block (and the slash command `url`) differs.
@@ -927,8 +920,6 @@ Current Slack message actions include `send`, `upload-file`, `download-file`, `r
 
     `allowBots` is conservative for channels and private channels: bot-authored room messages are accepted only when the sending bot is explicitly listed in that room's `users` allowlist, or when at least one explicit Slack owner ID from `channels.slack.allowFrom` is currently a room member. Wildcards and display-name owner entries do not satisfy owner presence. Owner presence uses Slack `conversations.members`; make sure the app has the matching read scope for the room type (`channels:read` for public channels, `groups:read` for private channels). If the member lookup fails, OpenClaw drops the bot-authored room message.
 
-    Accepted bot-authored Slack messages use shared [bot loop protection](/channels/bot-loop-protection). Configure `channels.defaults.botLoopProtection` for the default budget, then override with `channels.slack.botLoopProtection` or `channels.slack.channels.<id>.botLoopProtection` when a workspace or channel needs a different limit.
-
   </Tab>
 </Tabs>
 
@@ -938,9 +929,8 @@ Current Slack message actions include `send`, `upload-file`, `download-file`, `r
 - Slack route bindings accept raw peer IDs plus Slack target forms such as `channel:C12345678`, `user:U12345678`, and `<@U12345678>`.
 - With default `session.dmScope=main`, Slack DMs collapse to agent main session.
 - Channel sessions: `agent:<agentId>:slack:channel:<channelId>`.
-- Ordinary top-level channel messages stay on the per-channel session, even when `replyToMode` is non-`off`.
-- Slack thread replies use the parent Slack `thread_ts` for session suffixes (`:thread:<threadTs>`), even when outbound reply threading is disabled with `replyToMode="off"`.
-- OpenClaw seeds an eligible top-level channel root into `agent:<agentId>:slack:channel:<channelId>:thread:<rootTs>` when that root is expected to start a visible Slack thread, so the root and later thread replies share one OpenClaw session. This applies to `app_mention` events, explicit bot or configured mention-pattern matches, and `requireMention: false` channels with non-`off` `replyToMode`.
+- Thread replies can create thread session suffixes (`:thread:<threadTs>`) when applicable.
+- In channels where OpenClaw handles top-level messages without requiring an explicit mention, non-`off` `replyToMode` routes each handled root into `agent:<agentId>:slack:channel:<channelId>:thread:<rootTs>` so the visible Slack thread maps to one OpenClaw session from the first turn.
 - `channels.slack.thread.historyScope` default is `thread`; `thread.inheritParent` default is `false`.
 - `channels.slack.thread.initialHistoryLimit` controls how many existing thread messages are fetched when a new thread session starts (default `20`; set `0` to disable).
 - `channels.slack.thread.requireExplicitMention` (default `false`): when `true`, suppress implicit thread mentions so the bot only responds to explicit `@bot` mentions inside threads, even when the bot already participated in the thread. Without this, replies in a bot-participated thread bypass `requireMention` gating.
@@ -961,7 +951,7 @@ For explicit Slack thread replies from the `message` tool, set `replyBroadcast:
 When a `message` tool call runs inside a Slack thread and targets the same channel, OpenClaw normally inherits the current Slack thread according to `replyToMode`. Set `topLevel: true` on `action: "send"` or `action: "upload-file"` to force a new parent-channel message instead. `threadId: null` is accepted as the same top-level opt-out.
 
 <Note>
-`replyToMode="off"` disables outbound Slack reply threading, including explicit `[[reply_to_*]]` tags. It does not flatten inbound Slack thread sessions: messages already posted inside a Slack thread still route to the `:thread:<threadTs>` session. This differs from Telegram, where explicit tags are still honored in `"off"` mode. Slack threads hide messages from the channel while Telegram replies stay visible inline.
+`replyToMode="off"` disables **all** reply threading in Slack, including explicit `[[reply_to_*]]` tags. This differs from Telegram, where explicit tags are still honored in `"off"` mode. Slack threads hide messages from the channel while Telegram replies stay visible inline.
 </Note>
 
 ## Ack reactions
@@ -1266,17 +1256,6 @@ Primary reference: [Configuration reference - Slack](/gateway/config-channels#sl
     - channel allowlist (`channels.slack.channels`) — **keys must be channel IDs** (`C12345678`), not names (`#channel-name`). Name-based keys silently fail under `groupPolicy: "allowlist"` because channel routing is ID-first by default. To find an ID: right-click the channel in Slack → **Copy link** — the `C...` value at the end of the URL is the channel ID.
     - `requireMention`
     - per-channel `users` allowlist
-    - `messages.groupChat.visibleReplies`: if it is `"message_tool"` and logs show assistant text with no `message(action=send)` call, the turn was processed but the final answer was kept private. Set it to `"automatic"` if you want normal assistant final replies posted back to Slack channels.
-
-```json5
-{
-  messages: {
-    groupChat: {
-      visibleReplies: "automatic",
-    },
-  },
-}
-```
 
     Useful commands:
 
@@ -1293,8 +1272,7 @@ openclaw doctor
 
     - `channels.slack.dm.enabled`
     - `channels.slack.dmPolicy` (or legacy `channels.slack.dm.policy`)
-    - pairing approvals / allowlist entries (`dmPolicy: "open"` still requires `channels.slack.allowFrom: ["*"]`)
-    - group DMs use MPIM handling; enable `channels.slack.dm.groupEnabled` and, if configured, include the MPIM in `channels.slack.dm.groupChannels`
+    - pairing approvals / allowlist entries
     - Slack Assistant DM events: verbose logs mentioning `drop message_changed`
       usually mean Slack sent an edited Assistant-thread event without a
       recoverable human sender in message metadata
@@ -1307,19 +1285,12 @@ openclaw pairing list slack
 
   <Accordion title="Socket mode not connecting">
     Validate bot + app tokens and Socket Mode enablement in Slack app settings.
-    The `xapp-...` App-Level Token needs `connections:write`, and the `xoxb-...`
-    bot token must belong to the same Slack app/workspace as the app token.
 
     If `openclaw channels status --probe --json` shows `botTokenStatus` or
     `appTokenStatus: "configured_unavailable"`, the Slack account is
     configured but the current runtime could not resolve the SecretRef-backed
     value.
 
-    Logs such as `slack socket mode failed to start; retry ...` are recoverable
-    start failures. Missing scopes, revoked tokens, and invalid auth fail fast
-    instead. A `slack token mismatch ...` log means the bot token and app token
-    appear to belong to different Slack apps; fix the Slack app credentials.
-
   </Accordion>
 
   <Accordion title="HTTP mode not receiving events">
@@ -1329,16 +1300,11 @@ openclaw pairing list slack
     - webhook path
     - Slack Request URLs (Events + Interactivity + Slash Commands)
     - unique `webhookPath` per HTTP account
-    - the public URL terminates TLS and forwards requests to the Gateway path
-    - the Slack app `request_url` path exactly matches `channels.slack.webhookPath` (default `/slack/events`)
 
     If `signingSecretStatus: "configured_unavailable"` appears in account
     snapshots, the HTTP account is configured but the current runtime could not
     resolve the SecretRef-backed signing secret.
 
-    A repeated `slack: webhook path ... already registered` log means two HTTP
-    accounts are using the same `webhookPath`; give each account a distinct path.
-
   </Accordion>
 
   <Accordion title="Native/slash commands not firing">
@@ -1347,14 +1313,7 @@ openclaw pairing list slack
     - native command mode (`channels.slack.commands.native: true`) with matching slash commands registered in Slack
     - or single slash command mode (`channels.slack.slashCommand.enabled: true`)
 
-    Slack does not create or remove slash commands automatically. `commands.native: "auto"` does not enable Slack native commands; use `true` and create the matching commands in the Slack app. In HTTP mode, every Slack slash command must include the Gateway URL. In Socket Mode, command payloads arrive over the websocket and Slack ignores `slash_commands[].url`.
-
-    Also check `commands.useAccessGroups`, DM authorization, channel allowlists,
-    and per-channel `users` allowlists. Slack returns ephemeral errors for
-    blocked slash-command senders, including:
-
-    - `This channel is not allowed.`
-    - `You are not authorized to use this command here.`
+    Also check `commands.useAccessGroups` and channel/user allowlists.
 
   </Accordion>
 </AccordionGroup>

docs/channels/telegram.md

@@ -293,7 +293,6 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
 - Group sessions are isolated by group ID. Forum topics append `:topic:<threadId>` to keep topics isolated.
 - DM messages can carry `message_thread_id`; OpenClaw preserves the thread ID for replies but keeps DMs on the flat session by default. Configure `channels.telegram.dm.threadReplies: "inbound"`, `channels.telegram.direct.<chatId>.threadReplies: "inbound"`, `requireTopic: true`, or a matching topic config when you intentionally want DM topic session isolation.
 - Long polling uses grammY runner with per-chat/per-thread sequencing. Overall runner sink concurrency uses `agents.defaults.maxConcurrent`.
-- Multi-account startup bounds concurrent Telegram `getMe` probes so large bot fleets do not fan out every account probe at once.
 - Long polling is guarded inside each gateway process so only one active poller can use a bot token at a time. If you still see `getUpdates` 409 conflicts, another OpenClaw gateway, script, or external poller is likely using the same token.
 - Long-polling watchdog restarts trigger after 120 seconds without completed `getUpdates` liveness by default. Increase `channels.telegram.pollingStallThresholdMs` only if your deployment still sees false polling-stall restarts during long-running work. The value is in milliseconds and is allowed from `30000` to `600000`; per-account overrides are supported.
 - Telegram Bot API has no read-receipt support (`sendReadReceipts` does not apply).
@@ -458,7 +457,7 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
        - `/pair approve` when there is only one pending request
        - `/pair approve latest` for most recent
 
-    The setup code carries a short-lived bootstrap token. Built-in setup-code bootstrap is node-only: the first connect creates a pending node request, and after approval the Gateway returns a durable node token with `scopes: []`. It does not return a handed-off operator token; operator access requires a separate approved operator pairing or token flow.
+    The setup code carries a short-lived bootstrap token. Built-in bootstrap handoff keeps the primary node token at `scopes: []`; any handed-off operator token stays bounded to `operator.approvals`, `operator.read`, `operator.talk.secrets`, and `operator.write`. Bootstrap scope checks are role-prefixed, so that operator allowlist only satisfies operator requests; non-operator roles still need scopes under their own role prefix.
 
     If a device retries with changed auth details (for example role/scopes/public key), the previous pending request is superseded and the new request uses a different `requestId`. Re-run `/pair pending` before approving.
 
@@ -527,28 +526,6 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
 }
 ```
 
-    Mini App button example:
-
-```json5
-{
-  action: "send",
-  channel: "telegram",
-  to: "123456789",
-  message: "Open app:",
-  presentation: {
-    blocks: [
-      {
-        type: "buttons",
-        buttons: [{ label: "Launch", web_app: { url: "https://example.com/app" } }],
-      },
-    ],
-  },
-}
-```
-
-    Telegram `web_app` buttons work only in private chats between a user and the
-    bot.
-
     Callback clicks are passed to the agent as text:
     `callback_data: <value>`
 

docs/channels/whatsapp.md

@@ -14,19 +14,27 @@ Status: production-ready via WhatsApp Web (Baileys). Gateway owns linked session
 - `openclaw channels login --channel whatsapp` also offers the install flow when
   the plugin is not present yet.
 - Dev channel + git checkout: defaults to the local plugin path.
-- Stable/Beta: installs the official `@openclaw/whatsapp` plugin from ClawHub
-  first, with npm as the fallback.
-- The WhatsApp runtime is distributed outside the core OpenClaw npm package so
-  WhatsApp-specific runtime dependencies stay with the external plugin.
+- Stable/Beta: uses the npm package `@openclaw/whatsapp` on the current official
+  release tag.
 
 Manual install stays available:
 
 ```bash
-openclaw plugins install clawhub:@openclaw/whatsapp
+openclaw plugins install @openclaw/whatsapp
 ```
 
-Use the bare npm package (`@openclaw/whatsapp`) only when you need the registry
-fallback. Pin an exact version only when you need a reproducible install.
+Use the bare package to follow the current official release tag. Pin an exact
+version only when you need a reproducible install.
+
+On Windows, the WhatsApp plugin needs Git on `PATH` during npm install because
+one of its Baileys/libsignal dependencies is fetched from a git URL. Install
+Git for Windows, then restart the shell and rerun the install:
+
+```powershell
+winget install --id Git.Git -e
+```
+
+Portable Git also works if its `bin` directory is on `PATH`.
 
 <CardGroup cols={3}>
   <Card title="Pairing" icon="link" href="/channels/pairing">

docs/ci.md

@@ -517,11 +517,7 @@ Before a first run, check the wrapper from the repo root:
 pnpm crabbox:run -- --help | sed -n '1,120p'
 ```
 
-The repo wrapper refuses a stale Crabbox binary that does not advertise `blacksmith-testbox`. Pass the provider explicitly even though `.crabbox.yaml` has owned-cloud defaults. In Codex worktrees or linked/sparse checkouts, avoid the local `pnpm crabbox:run` script because pnpm may reconcile dependencies before Crabbox starts; invoke the node wrapper directly instead:
-
-```bash
-node scripts/crabbox-wrapper.mjs run --provider blacksmith-testbox --timing-json --shell -- "pnpm test <path-or-filter>"
-```
+The repo wrapper refuses a stale Crabbox binary that does not advertise `blacksmith-testbox`. Pass the provider explicitly even though `.crabbox.yaml` has owned-cloud defaults.
 
 Changed gate:
 

docs/cli/message.md

@@ -284,16 +284,6 @@ openclaw message send --channel telegram --target @mychat --message "Choose:" \
   --presentation '{"blocks":[{"type":"buttons","buttons":[{"label":"Yes","value":"cmd:yes"},{"label":"No","value":"cmd:no"}]}]}'
 ```
 
-Send a Telegram Mini App button through generic presentation:
-
-```
-openclaw message send --channel telegram --target 123456789 --message "Open app:" \
-  --presentation '{"blocks":[{"type":"buttons","buttons":[{"label":"Launch","web_app":{"url":"https://example.com/app"}}]}]}'
-```
-
-Telegram `web_app` buttons are supported only in private chats between a user
-and the bot.
-
 Send a Teams card through generic presentation:
 
 ```bash

docs/cli/migrate.md

@@ -123,9 +123,8 @@ inventory a specific Codex home.
 
 Use this provider when moving to the OpenClaw Codex harness and you want to
 promote useful personal Codex CLI assets deliberately. Local Codex app-server
-launches use a per-agent `CODEX_HOME`, so they do not read your personal Codex
-CLI state by default, while subprocesses still inherit the normal process
-`HOME` unless the app-server launch explicitly overrides it.
+launches use per-agent `CODEX_HOME` and `HOME` directories, so they do not read
+your personal Codex CLI state by default.
 
 Running `openclaw migrate codex` in an interactive terminal previews the full
 plan, then opens checkbox selectors before the final apply confirmation. Skill

docs/cli/plugins.md

@@ -131,11 +131,9 @@ is available, then fall back to `latest`.
   <Accordion title="--dangerously-force-unsafe-install">
     `--dangerously-force-unsafe-install` is a break-glass option for false positives in the built-in dangerous-code scanner. It allows the install to continue even when the built-in scanner reports `critical` findings, but it does **not** bypass plugin `before_install` hook policy blocks and does **not** bypass scan failures.
 
-    Install scans ignore common test files and directories such as `tests/`, `__tests__/`, `*.test.*`, and `*.spec.*` to avoid blocking packaged test mocks; declared plugin runtime entrypoints are still scanned even if they use one of those names.
-
     This CLI flag applies to plugin install/update flows. Gateway-backed skill dependency installs use the matching `dangerouslyForceUnsafeInstall` request override, while `openclaw skills install` remains a separate ClawHub skill download/install flow.
 
-    If a plugin you published on ClawHub is hidden or blocked by a registry scan, use the publisher steps in [ClawHub publishing](/clawhub/publishing). `--dangerously-force-unsafe-install` only affects installs on your own machine; it does not ask ClawHub to rescan the plugin or make a blocked release public.
+    If a plugin you published on ClawHub is blocked by a registry scan, use the publisher steps in [ClawHub](/clawhub/security).
 
   </Accordion>
   <Accordion title="Hook packs and npm specs">
@@ -284,7 +282,7 @@ directory remains inert so normal packaged installs still use compiled dist.
 For runtime hook debugging:
 
 - `openclaw plugins inspect <id> --runtime --json` shows registered hooks and diagnostics from a module-loaded inspection pass. Runtime inspection never installs dependencies; use `openclaw doctor --fix` to clean legacy dependency state or recover missing downloadable plugins that are referenced by config.
-- `openclaw gateway status --deep --require-rpc` confirms the reachable Gateway URL/profile, service/process hints, config path, and RPC health.
+- `openclaw gateway status --deep --require-rpc` confirms the reachable Gateway, service/process hints, config path, and RPC health.
 - Non-bundled conversation hooks (`llm_input`, `llm_output`, `before_model_resolve`, `before_agent_reply`, `before_agent_run`, `before_agent_finalize`, `agent_end`) require `plugins.entries.<id>.hooks.allowConversationAccess=true`.
 
 Use `--link` to avoid copying a local directory (adds to `plugins.load.paths`):
@@ -386,7 +384,7 @@ The `--json` flag outputs a machine-readable report suitable for scripting and a
 openclaw plugins doctor
 ```
 
-`doctor` reports plugin load errors, manifest/discovery diagnostics, compatibility notices, and stale plugin config references such as missing plugin slots. When the install tree and plugin config are clean it prints `No plugin issues detected.` If stale config remains but the install tree is otherwise healthy, the summary says so instead of implying full plugin health.
+`doctor` reports plugin load errors, manifest/discovery diagnostics, and compatibility notices. When everything is clean it prints `No plugin issues detected.`
 
 If a configured plugin is present on disk but blocked by the loader's path-safety checks, config validation keeps the plugin entry and reports it as `present but blocked`. Fix the preceding blocked-plugin diagnostic, such as path ownership or world-writable permissions, instead of removing the `plugins.entries.<id>` or `plugins.allow` config.
 

docs/cli/qr.md

@@ -35,8 +35,9 @@ openclaw qr --url wss://gateway.example/ws
 
 - `--token` and `--password` are mutually exclusive.
 - The setup code itself now carries an opaque short-lived `bootstrapToken`, not the shared gateway token/password.
-- Built-in setup-code bootstrap is node-only. After approval, the primary node token lands with `scopes: []`.
-- The built-in setup-code flow does not return a handed-off operator token; operator access requires a separate approved operator pairing or token flow.
+- In the built-in node/operator bootstrap flow, the primary node token still lands with `scopes: []`.
+- If bootstrap handoff also issues an operator token, it stays bounded to the bootstrap allowlist: `operator.approvals`, `operator.read`, `operator.talk.secrets`, `operator.write`.
+- Bootstrap scope checks are role-prefixed. That operator allowlist only satisfies operator requests; non-operator roles still need scopes under their own role prefix.
 - Mobile pairing fails closed for Tailscale/public `ws://` gateway URLs. Private LAN addresses and `.local` Bonjour hosts remain supported over `ws://`, but Tailscale/public mobile routes should use Tailscale Serve/Funnel or a `wss://` gateway URL.
 - With `--remote`, OpenClaw requires either `gateway.remote.url` or
   `gateway.tailscale.mode=serve|funnel`.

docs/concepts/agent-loop.md

@@ -46,7 +46,7 @@ wired end-to-end.
 
 - Runs are serialized per session key (session lane) and optionally through a global lane.
 - This prevents tool/session races and keeps session history consistent.
-- Messaging channels can choose queue modes (steer/followup/collect/interrupt) that feed this lane system.
+- Messaging channels can choose queue modes (collect/steer/followup) that feed this lane system.
   See [Command Queue](/concepts/queue).
 - Transcript writes are also protected by a session write lock on the session file. The lock is
   process-aware and file-based, so it catches writers that bypass the in-process queue or come from

docs/concepts/agent.md

@@ -84,15 +84,17 @@ Legacy session folders from other tools are not read.
 
 ## Steering while streaming
 
-Inbound prompts that arrive mid-run are steered into the current run by default.
-Steering is delivered **after the current assistant turn finishes executing its
-tool calls**, before the next LLM call, and no longer skips remaining tool calls
-from the current assistant message.
+When queue mode is `steer`, inbound messages are injected into the current run.
+Queued steering is delivered **after the current assistant turn finishes
+executing its tool calls**, before the next LLM call. Pi drains all pending
+steering messages together for `steer`; legacy `queue` drains one message per
+model boundary. Steering no longer skips remaining tool calls from the current
+assistant message.
 
-`/queue steer` is the default active-run behavior. `/queue followup` and
-`/queue collect` make messages wait for a later turn instead of steering.
-`/queue interrupt` aborts the active run instead. See [Queue](/concepts/queue)
-and [Steering queue](/concepts/queue-steering) for queue and boundary behavior.
+When queue mode is `followup` or `collect`, inbound messages are held until the
+current turn ends, then a new agent turn starts with the queued payloads. See
+[Queue](/concepts/queue) and [Steering queue](/concepts/queue-steering) for mode
+and boundary behavior.
 
 Block streaming sends completed assistant blocks as soon as they finish; it is
 **off by default** (`agents.defaults.blockStreamingDefault: "off"`).

docs/concepts/messages.md

@@ -125,14 +125,14 @@ default) and per-channel overrides like `channels.slack.historyLimit` or
 
 ## Queueing and followups
 
-If a run is already active, inbound messages are steered into the current run by
-default. `messages.queue` selects whether active-run messages steer, queue for
-later, collect into one later turn, or interrupt the active run.
+If a run is already active, inbound messages can be queued, steered into the
+current run, or collected for a followup turn.
 
 - Configure via `messages.queue` (and `messages.queue.byChannel`).
-- Default mode is `steer`, with a 500ms debounce for Codex steering batches and
-  followup/collect queues.
-- Modes: `steer`, `followup`, `collect`, and `interrupt`.
+- Default mode is `steer`, with a 500ms followup debounce when steering falls
+  back to queued followup delivery.
+- Modes: `steer`, `followup`, `collect`, `steer-backlog`, `interrupt`, and the
+  legacy one-at-a-time `queue` mode.
 
 Details: [Command queue](/concepts/queue) and [Steering queue](/concepts/queue-steering).
 

docs/concepts/queue-steering.md

@@ -3,15 +3,14 @@ summary: "How active-run steering queues messages at runtime boundaries"
 read_when:
   - Explaining how steer behaves while an agent is using tools
   - Changing active-run queue behavior or runtime steering integration
-  - Comparing steering with followup, collect, and interrupt queue modes
+  - Comparing steer, queue, collect, and followup modes
 title: "Steering queue"
 ---
 
-When a normal prompt arrives while a session run is already streaming, OpenClaw
-tries to send that prompt into the active runtime by default when the queue mode
-is `steer`. No config entry and no queue directive are required for that default
-behavior. Pi and the native Codex app-server harness implement the delivery
-details differently.
+When a message arrives while a session run is already streaming, OpenClaw can
+send that message into the active runtime instead of starting another run for
+the same session. The public modes are runtime-neutral; Pi and the native Codex
+app-server harness implement the delivery details differently.
 
 ## Runtime boundary
 
@@ -28,40 +27,44 @@ This keeps tool results paired with the assistant message that requested them,
 then lets the next model call see the latest user input.
 
 The native Codex app-server harness exposes `turn/steer` instead of Pi's
-internal steering queue. OpenClaw batches queued prompts for the configured
-quiet window, then sends a single `turn/steer` request with all collected user
-input in arrival order.
+internal steering queue. OpenClaw adapts the same modes there:
+
+- `steer` batches queued messages for the configured quiet window, then sends a
+  single `turn/steer` request with all collected user input in arrival order.
+- `queue` keeps the legacy serialized shape by sending separate `turn/steer`
+  requests.
+- `followup`, `collect`, `steer-backlog`, and `interrupt` stay OpenClaw-owned
+  queue behavior around the active Codex turn.
 
 Codex review and manual compaction turns reject same-turn steering. When a
-runtime cannot accept steering in `steer` mode, OpenClaw waits for the active
-run to finish before starting the prompt.
+runtime cannot accept steering, OpenClaw falls back to the followup queue where
+that mode allows it.
 
-This page explains queue-mode steering for normal inbound messages when the mode
-is `steer`. If the mode is `followup` or `collect`, normal messages do not enter
-this steering path; they wait until the active run finishes. For the explicit
-`/steer <message>` command, see [Steer](/tools/steer).
+This page explains queue-mode steering for normal inbound messages. For the
+explicit `/steer <message>` command, see [Steer](/tools/steer).
 
 ## Modes
 
-| Mode        | Active-run behavior                                    | Later behavior                                                                      |
-| ----------- | ------------------------------------------------------ | ----------------------------------------------------------------------------------- |
-| `steer`     | Steers the prompt into the active runtime when it can. | Waits for the active run to finish if steering is unavailable.                      |
-| `followup`  | Does not steer.                                        | Runs queued messages later after the active run ends.                               |
-| `collect`   | Does not steer.                                        | Coalesces compatible queued messages into one later turn after the debounce window. |
-| `interrupt` | Aborts the active run instead of steering it.          | Starts the newest message after aborting.                                           |
+| Mode            | Active-run behavior                                                                                                          | Later followup behavior                                                             |
+| --------------- | ---------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
+| `steer`         | Injects all queued steering messages together at the next runtime boundary. This is the default.                             | Falls back to followup only when steering is unavailable.                           |
+| `queue`         | Legacy one-at-a-time steering. Pi injects one queued message per model boundary; Codex sends separate `turn/steer` requests. | Falls back to followup only when steering is unavailable.                           |
+| `steer-backlog` | Same active-run steering behavior as `steer`.                                                                                | Also keeps the same message for a later followup turn.                              |
+| `followup`      | Does not steer the current run.                                                                                              | Runs queued messages later.                                                         |
+| `collect`       | Does not steer the current run.                                                                                              | Coalesces compatible queued messages into one later turn after the debounce window. |
+| `interrupt`     | Aborts the active run, then starts the newest message.                                                                       | None.                                                                               |
 
 ## Burst example
 
 If four users send messages while the agent is executing a tool call:
 
-- With default behavior, the active runtime receives all four messages in
-  arrival order before its next model decision. Pi drains them at the next model
-  boundary; Codex receives them as one batched `turn/steer`.
-- With `/queue collect`, OpenClaw does not steer. It waits until the active run
-  ends, then creates a followup turn with compatible queued messages after the
-  debounce window.
-- With `/queue interrupt`, OpenClaw aborts the active run and starts the newest
-  message instead of steering.
+- `steer`: the active runtime receives all four messages in arrival order before
+  its next model decision. Pi drains them at the next model boundary; Codex
+  receives them as one batched `turn/steer`.
+- `queue`: legacy serialized steering. Pi injects one queued message at a time;
+  Codex receives separate `turn/steer` requests.
+- `collect`: OpenClaw waits until the active run ends, then creates a followup
+  turn with compatible queued messages after the debounce window.
 
 ## Scope
 
@@ -70,17 +73,18 @@ session, change the active run's tool policy, or split messages by sender. In
 multi-user channels, inbound prompts already include sender and route context, so
 the next model call can see who sent each message.
 
-Use `followup` or `collect` when you want messages to queue by default instead
-of steering the active run. Use `interrupt` when the newest prompt should
-replace the active run.
+Use `collect` when you want OpenClaw to build a later followup turn that can
+coalesce compatible messages and preserve followup queue drop policy. Use
+`queue` only when you need the older one-at-a-time steering behavior.
 
 ## Debounce
 
-`messages.queue.debounceMs` applies to queued `followup` and `collect` delivery.
-In `steer` mode with the native Codex harness, it also sets the quiet window
-before sending batched `turn/steer`. For Pi, active steering itself does not use
-the debounce timer because Pi naturally batches messages until the next model
-boundary.
+`messages.queue.debounceMs` applies to followup delivery, including `collect`,
+`followup`, `steer-backlog`, and `steer` fallback when active-run steering is not
+available. For Pi, active `steer` itself does not use the debounce timer because
+Pi naturally batches messages until the next model boundary. For the native
+Codex harness, OpenClaw uses the same debounce value as the quiet window before
+sending the batched `turn/steer`.
 
 ## Related
 

docs/concepts/queue.md

@@ -30,20 +30,25 @@ When unset, all inbound channel surfaces use:
 - `cap: 20`
 - `drop: "summarize"`
 
-Same-turn steering is the default. A prompt that arrives mid-run is injected
-into the active runtime when the run can accept steering, so no second session
-run is started. If the active run cannot accept steering, OpenClaw waits for the
-active run to finish before starting the prompt.
+`steer` is the default because it keeps the active model turn responsive without
+starting a second session run. It drains all steering messages that arrived
+before the next model boundary. If the current run cannot accept steering,
+OpenClaw falls back to a followup queue entry.
 
 ## Queue modes
 
-`/queue` controls what normal inbound messages do while a session already has
-an active run:
+Inbound messages can steer the current run, wait for a followup turn, or do both:
 
-- `steer`: inject messages into the active runtime. Pi delivers all pending steering messages **after the current assistant turn finishes executing its tool calls**, before the next LLM call; Codex app-server receives one batched `turn/steer`. If the run is not actively streaming or steering is unavailable, OpenClaw waits until the active run ends before starting the prompt.
-- `followup`: do not steer. Enqueue each message for a later agent turn after the current run ends.
-- `collect`: do not steer. Coalesce queued messages into a **single** followup turn after the quiet window. If messages target different channels/threads, they drain individually to preserve routing.
-- `interrupt`: abort the active run for that session, then run the newest message.
+- `steer`: queue steering messages into the active runtime. Pi delivers all pending steering messages **after the current assistant turn finishes executing its tool calls**, before the next LLM call; Codex app-server receives one batched `turn/steer`. If the run is not actively streaming or steering is unavailable, OpenClaw falls back to a followup queue entry.
+- `queue` (legacy): old one-at-a-time steering. Pi delivers one queued steering message at each model boundary; Codex app-server receives separate `turn/steer` requests. Prefer `steer` unless you need the previous serialized behavior.
+- `followup`: enqueue each message for a later agent turn after the current run ends.
+- `collect`: coalesce queued messages into a **single** followup turn after the quiet window. If messages target different channels/threads, they drain individually to preserve routing.
+- `steer-backlog` (aka `steer+backlog`): steer now **and** preserve the same message for a followup turn.
+- `interrupt` (legacy): abort the active run for that session, then run the newest message.
+
+Steer-backlog means you can get a followup response after the steered run, so
+streaming surfaces can look like duplicates. Prefer `collect`/`steer` if you want
+one response per inbound message.
 
 For runtime-specific timing and dependency behavior, see
 [Steering queue](/concepts/queue-steering). For the explicit `/steer <message>`
@@ -67,10 +72,9 @@ Configure globally or per channel via `messages.queue`:
 
 ## Queue options
 
-Options apply to queued delivery. `debounceMs` also sets the Codex steering
-quiet window in `steer` mode:
+Options apply to `followup`, `collect`, and `steer-backlog` (and to `steer` or legacy `queue` when steering falls back to followup):
 
-- `debounceMs`: quiet window before draining queued followups or collect batches; in Codex `steer` mode, quiet window before sending batched `turn/steer`. Bare numbers are milliseconds; units `ms`, `s`, `m`, `h`, and `d` are accepted by `/queue` options.
+- `debounceMs`: quiet window before draining queued followups. Bare numbers are milliseconds; units `ms`, `s`, `m`, `h`, and `d` are accepted by `/queue` options.
 - `cap`: max queued messages per session. Values below `1` are ignored.
 - `drop: "summarize"`: default. Drop the oldest queued entries as needed, keep compact summaries, and inject them as a synthetic followup prompt.
 - `drop: "old"`: drop the oldest queued entries as needed, without preserving summaries.
@@ -95,7 +99,7 @@ keys.
 
 ## Per-session overrides
 
-- Send `/queue <steer|followup|collect|interrupt>` as a standalone command to store the queue mode for the current session.
+- Send `/queue <mode>` as a standalone command to store the mode for the current session.
 - Options can be combined: `/queue collect debounce:0.5s cap:25 drop:summarize`
 - `/queue default` or `/queue reset` clears the session override.
 

docs/concepts/session-tool.md

@@ -134,9 +134,7 @@ sub-agents. It supports:
 
 `sessions_spawn` creates an isolated session for a background task by default.
 It is always non-blocking -- it returns immediately with a `runId` and
-`childSessionKey`. Native sub-agent runs receive the delegated task in the
-child session's first visible `[Subagent Task]` message, while the system
-prompt carries only sub-agent runtime rules and routing context.
+`childSessionKey`.
 
 Key options:
 

docs/docs.json

@@ -1334,6 +1334,7 @@
                 "pages": [
                   "clawhub/api",
                   "clawhub/http-api",
+                  "clawhub/security",
                   "clawhub/acceptable-usage"
                 ]
               }
@@ -1367,7 +1368,6 @@
                   "providers/deepgram",
                   "providers/deepinfra",
                   "providers/deepseek",
-                  "providers/ds4",
                   "providers/elevenlabs",
                   "providers/fal",
                   "providers/fireworks",

docs/gateway/config-agents.md

@@ -1280,13 +1280,13 @@ See [Multi-Agent Sandbox & Tools](/tools/multi-agent-sandbox-tools) for preceden
     ackReactionScope: "group-mentions", // group-mentions | group-all | direct | all
     removeAckAfterReply: false,
     queue: {
-      mode: "followup", // steer | followup | collect | interrupt
+      mode: "steer", // steer | queue (legacy one-at-a-time) | followup | collect | steer-backlog | steer+backlog | interrupt
       debounceMs: 500,
       cap: 20,
       drop: "summarize", // old | new | summarize
       byChannel: {
-        whatsapp: "followup",
-        telegram: "followup",
+        whatsapp: "steer",
+        telegram: "steer",
       },
     },
     inbound: {

docs/gateway/config-channels.md

@@ -335,7 +335,6 @@ WhatsApp runs through the gateway's web channel (Baileys Web). It starts automat
 - Use `user:<id>` (DM) or `channel:<id>` (guild channel) for delivery targets; bare numeric IDs are rejected.
 - Guild slugs are lowercase with spaces replaced by `-`; channel keys use the slugged name (no `#`). Prefer guild IDs.
 - Bot-authored messages are ignored by default. `allowBots: true` enables them; use `allowBots: "mentions"` to only accept bot messages that mention the bot (own messages still filtered).
-- Channels that support bot-authored inbound messages can use shared [bot loop protection](/channels/bot-loop-protection). Set `channels.defaults.botLoopProtection` for baseline pair budgets, then override the channel or account only when one surface needs different limits.
 - `channels.discord.guilds.<id>.ignoreOtherMentions` (and channel overrides) drops messages that mention another user or role but not the bot (excluding @everyone/@here).
 - `channels.discord.mentionAliases` maps stable outbound `@handle` text to Discord user IDs before sending, so known teammates can be mentioned deterministically even when the transient directory cache is empty. Per-account overrides live under `channels.discord.accounts.<accountId>.mentionAliases`.
 - `maxLinesPerMessage` (default 17) splits tall messages even when under 2000 chars.
@@ -476,7 +475,7 @@ WhatsApp runs through the gateway's web channel (Baileys Web). It starts automat
 
 - **Socket mode** requires both `botToken` and `appToken` (`SLACK_BOT_TOKEN` + `SLACK_APP_TOKEN` for default account env fallback).
 - **HTTP mode** requires `botToken` plus `signingSecret` (at root or per-account).
-- `socketMode` passes Slack SDK Socket Mode transport tuning through to the public Bolt receiver API. Use it only when investigating ping/pong timeout or stale websocket behavior. `clientPingTimeout` defaults to `15000`; `serverPingTimeout` and `pingPongLoggingEnabled` are passed only when configured.
+- `socketMode` passes Slack SDK Socket Mode transport tuning through to the public Bolt receiver API. Use it only when investigating ping/pong timeout or stale websocket behavior.
 - `botToken`, `appToken`, `signingSecret`, and `userToken` accept plaintext
   strings or SecretRef objects.
 - Slack account snapshots expose per-credential source/status fields such as

docs/gateway/configuration-examples.md

@@ -113,18 +113,18 @@ Save to `~/.openclaw/openclaw.json` and you can DM the bot from that number.
       visibleReplies: "message_tool", // normal final replies stay private in groups/channels
     },
     queue: {
-      mode: "followup",
+      mode: "steer",
       debounceMs: 500,
       cap: 20,
       drop: "summarize",
       byChannel: {
-        whatsapp: "followup",
-        telegram: "followup",
-        discord: "collect",
-        slack: "collect",
-        signal: "followup",
-        imessage: "followup",
-        webchat: "followup",
+        whatsapp: "steer",
+        telegram: "steer",
+        discord: "steer",
+        slack: "steer",
+        signal: "steer",
+        imessage: "steer",
+        webchat: "steer",
       },
     },
   },

docs/gateway/local-model-services.md

@@ -142,9 +142,6 @@ OpenClaw.
 
 ## ds4 example
 
-For the full setup, context sizing guidance, and verification commands, see
-[ds4](/providers/ds4).
-
 ```json5
 {
   models: {
@@ -155,20 +152,18 @@ For the full setup, context sizing guidance, and verification commands, see
         api: "openai-completions",
         timeoutSeconds: 300,
         localService: {
-          command: "<DS4_DIR>/ds4-server",
+          command: "/Users/you/Projects/oss/ds4/ds4-server",
           args: [
             "--model",
-            "<DS4_DIR>/ds4flash.gguf",
+            "/Users/you/Projects/oss/ds4/ds4flash.gguf",
             "--host",
             "127.0.0.1",
             "--port",
             "18000",
             "--ctx",
-            "32768",
-            "--tokens",
-            "128",
+            "393216",
           ],
-          cwd: "<DS4_DIR>",
+          cwd: "/Users/you/Projects/oss/ds4",
           healthUrl: "http://127.0.0.1:18000/v1/models",
           readyTimeoutMs: 300000,
           idleStopMs: 0,

docs/gateway/local-models.md

@@ -20,11 +20,10 @@ Aim high: **≥2 maxed-out Mac Studios or an equivalent GPU rig (~$30k+)** for a
 
 | Backend                                              | Use when                                                                    |
 | ---------------------------------------------------- | --------------------------------------------------------------------------- |
-| [ds4](/providers/ds4)                                | Local DeepSeek V4 Flash on macOS Metal with OpenAI-compatible tool calls    |
 | [LM Studio](/providers/lmstudio)                     | First-time local setup, GUI loader, native Responses API                    |
-| LiteLLM / OAI-proxy / custom OpenAI-compatible proxy | You front another model API and need OpenClaw to treat it as OpenAI         |
-| MLX / vLLM / SGLang                                  | High-throughput self-hosted serving with an OpenAI-compatible HTTP endpoint |
 | [Ollama](/providers/ollama)                          | CLI workflow, model library, hands-off systemd service                      |
+| MLX / vLLM / SGLang                                  | High-throughput self-hosted serving with an OpenAI-compatible HTTP endpoint |
+| LiteLLM / OAI-proxy / custom OpenAI-compatible proxy | You front another model API and need OpenClaw to treat it as OpenAI         |
 
 Use Responses API (`api: "openai-responses"`) when the backend supports it (LM Studio does). Otherwise stick to Chat Completions (`api: "openai-completions"`).
 

docs/gateway/openai-http-api.md

@@ -203,10 +203,8 @@ Set `stream: true` to receive Server-Sent Events (SSE):
 - `messages[*].tool_call_id` for binding tool results back to a prior tool call
 - `max_completion_tokens`: number; per-call cap for total completion tokens (reasoning tokens included). Current OpenAI Chat Completions field name; preferred when both `max_completion_tokens` and `max_tokens` are sent.
 - `max_tokens`: number; legacy alias accepted for backwards compatibility. Ignored when `max_completion_tokens` is also present.
-- `temperature`: number; best-effort sampling temperature forwarded to the upstream provider via the agent stream-param channel.
-- `top_p`: number; best-effort nucleus sampling forwarded to the upstream provider via the agent stream-param channel.
 
-When either token-cap field is set, the value is forwarded to the upstream provider via the agent stream-param channel. The actual wire field name sent to the upstream provider is chosen by the provider transport: `max_completion_tokens` for OpenAI-family endpoints, and `max_tokens` for providers that only accept the legacy name (such as Mistral and Chutes). Sampling fields (`temperature`, `top_p`) follow the same stream-param channel; the ChatGPT-based Codex Responses backend strips them server-side since it uses fixed sampling.
+When either field is set, the value is forwarded to the upstream provider via the agent stream-param channel. The actual wire field name sent to the upstream provider is chosen by the provider transport: `max_completion_tokens` for OpenAI-family endpoints, and `max_tokens` for providers that only accept the legacy name (such as Mistral and Chutes).
 
 ### Unsupported variants
 

docs/gateway/openresponses-http-api.md

@@ -74,8 +74,6 @@ The request follows the OpenResponses API with item-based input. Current support
 - `tool_choice`: filter or require client tools.
 - `stream`: enables SSE streaming.
 - `max_output_tokens`: best-effort output limit (provider dependent).
-- `temperature`: best-effort sampling temperature forwarded to the provider. Ignored by the ChatGPT-based Codex Responses backend, which uses fixed server-side sampling.
-- `top_p`: best-effort nucleus sampling forwarded to the provider. Same Codex Responses caveat as `temperature`.
 - `user`: stable session routing.
 
 Accepted but **currently ignored**:

docs/gateway/protocol.md

@@ -147,24 +147,32 @@ When a device token is issued, `hello-ok` also includes:
 }
 ```
 
-Built-in QR/setup-code bootstrap is node-only. After the owner approves the
-pending node request, `hello-ok.auth` includes the primary node token:
+During trusted bootstrap handoff, `hello-ok.auth` may also include additional
+bounded role entries in `deviceTokens`:
 
 ```json
 {
   "auth": {
     "deviceToken": "…",
     "role": "node",
-    "scopes": []
+    "scopes": [],
+    "deviceTokens": [
+      {
+        "deviceToken": "…",
+        "role": "operator",
+        "scopes": ["operator.approvals", "operator.read", "operator.talk.secrets", "operator.write"]
+      }
+    ]
   }
 }
 ```
 
-The built-in setup-code flow does not include additional `deviceTokens` entries
-or hand off an operator token. Client authors should treat the optional
-`hello-ok.auth.deviceTokens` field as legacy/custom bootstrap extension data:
-persist it only when present on a trusted transport, and do not require it for
-built-in pairing.
+For the built-in node/operator bootstrap flow, the primary node token stays
+`scopes: []` and any handed-off operator token stays bounded to the bootstrap
+operator allowlist (`operator.approvals`, `operator.read`,
+`operator.talk.secrets`, `operator.write`). Bootstrap scope checks stay
+role-prefixed: operator entries only satisfy operator requests, and non-operator
+roles still need scopes under their own role prefix.
 
 ### Node example
 
@@ -364,7 +372,7 @@ enumeration of `src/gateway/server-methods/*.ts`.
   <Accordion title="Talk and TTS">
     - `talk.catalog` returns the read-only Talk provider catalog for speech, streaming transcription, and realtime voice. It includes provider ids, labels, configured state, exposed model/voice ids, canonical modes, transports, brain strategies, and realtime audio/capability flags without returning provider secrets or mutating global config.
     - `talk.config` returns the effective Talk config payload; `includeSecrets` requires `operator.talk.secrets` (or `operator.admin`).
-    - `talk.session.create` creates a Gateway-owned Talk session for `realtime/gateway-relay`, `transcription/gateway-relay`, or `stt-tts/managed-room`. For `stt-tts/managed-room`, `operator.write` callers that pass `sessionKey` must also pass `spawnedBy` for scoped session-key visibility; unscoped `sessionKey` creation and `brain: "direct-tools"` require `operator.admin`.
+    - `talk.session.create` creates a Gateway-owned Talk session for `realtime/gateway-relay`, `transcription/gateway-relay`, or `stt-tts/managed-room`. `brain: "direct-tools"` requires `operator.admin`.
     - `talk.session.join` validates a managed-room session token, emits `session.ready` or `session.replaced` events as needed, and returns room/session metadata plus recent Talk events without the plaintext token or stored token hash.
     - `talk.session.appendAudio` appends base64 PCM input audio to Gateway-owned realtime relay and transcription sessions.
     - `talk.session.startTurn`, `talk.session.endTurn`, and `talk.session.cancelTurn` drive managed-room turn lifecycle with stale-turn rejection before state is cleared.
@@ -468,9 +476,7 @@ enumeration of `src/gateway/server-methods/*.ts`.
 ### Common event families
 
 - `chat`: UI chat updates such as `chat.inject` and other transcript-only chat
-  events. In protocol v4, delta payloads carry `deltaText`; `message` remains
-  the cumulative assistant snapshot. Non-prefix replacements set `replace=true`
-  and use `deltaText` as the replacement text.
+  events.
 - `session.message` and `session.tool`: transcript/event-stream updates for a
   subscribed session.
 - `sessions.changed`: session index or metadata changed.
@@ -626,8 +632,8 @@ terminal summary, and sanitized error text.
 
 - `PROTOCOL_VERSION` lives in `src/gateway/protocol/version.ts`.
 - Clients send `minProtocol` + `maxProtocol`; the server rejects ranges that
-  do not include its current protocol. Current clients and servers require
-  protocol v4.
+  do not include its current protocol. Native clients use a v3 lower bound so
+  additive v4 clients can still reach v3 gateways.
 - Schemas + models are generated from TypeBox definitions:
   - `pnpm protocol:gen`
   - `pnpm protocol:gen:swift`
@@ -641,7 +647,7 @@ stable across protocol v4 and are the expected baseline for third-party clients.
 | Constant                                  | Default                                               | Source                                                                                     |
 | ----------------------------------------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------ |
 | `PROTOCOL_VERSION`                        | `4`                                                   | `src/gateway/protocol/version.ts`                                                          |
-| `MIN_CLIENT_PROTOCOL_VERSION`             | `4`                                                   | `src/gateway/protocol/version.ts`                                                          |
+| `MIN_CLIENT_PROTOCOL_VERSION`             | `3`                                                   | `src/gateway/protocol/version.ts`                                                          |
 | Request timeout (per RPC)                 | `30_000` ms                                           | `src/gateway/client.ts` (`requestTimeoutMs`)                                               |
 | Preauth / connect-challenge timeout       | `15_000` ms                                           | `src/gateway/handshake-timeouts.ts` (config/env can raise the paired server/client budget) |
 | Initial reconnect backoff                 | `1_000` ms                                            | `src/gateway/client.ts` (`backoffMs`)                                                      |
@@ -688,17 +694,9 @@ rather than the pre-handshake defaults.
     `AUTH_TOKEN_MISMATCH` retry is gated to **trusted endpoints only** —
     loopback, or `wss://` with a pinned `tlsFingerprint`. Public `wss://`
     without pinning does not qualify.
-- Built-in setup-code bootstrap returns only the primary node
-  `hello-ok.auth.deviceToken`; clients must not expect an additional operator
-  token in `hello-ok.auth.deviceTokens`.
-- While built-in setup-code bootstrap is waiting for approval, `PAIRING_REQUIRED`
-  details include `recommendedNextStep: "wait_then_retry"`, `retryable: true`,
-  and `pauseReconnect: false`. Clients should keep reconnecting with the same
-  bootstrap token until the request is approved or the token becomes invalid.
-- If an older or custom trusted bootstrap flow includes optional
-  `hello-ok.auth.deviceTokens` entries, persist them only when the connect used
-  bootstrap auth on a trusted transport such as `wss://` or loopback/local
-  pairing.
+- Additional `hello-ok.auth.deviceTokens` entries are bootstrap handoff tokens.
+  Persist them only when the connect used bootstrap auth on a trusted transport
+  such as `wss://` or loopback/local pairing.
 - If a client supplies an **explicit** `deviceToken` or explicit `scopes`, that
   caller-requested scope set remains authoritative; cached scopes are only
   reused when the client is reusing the stored per-device token.

docs/gateway/remote.md

@@ -148,7 +148,7 @@ Short version: **keep the Gateway loopback-only** unless you're sure you need a
 - `gateway.remote.token` / `.password` are client credential sources. They do **not** configure server auth by themselves.
 - Local call paths can use `gateway.remote.*` as fallback only when `gateway.auth.*` is unset.
 - If `gateway.auth.token` / `gateway.auth.password` is explicitly configured via SecretRef and unresolved, resolution fails closed (no remote fallback masking).
-- `gateway.remote.tlsFingerprint` pins the remote TLS cert when using `wss://`, including macOS direct mode. Without a configured or previously stored pin, macOS only pins a first-use certificate after normal system trust passes; self-signed or private-CA gateways that macOS does not already trust need an explicit fingerprint or Remote over SSH.
+- `gateway.remote.tlsFingerprint` pins the remote TLS cert when using `wss://`.
 - **Tailscale Serve** can authenticate Control UI/WebSocket traffic via identity
   headers when `gateway.auth.allowTailscale: true`; HTTP API endpoints do not
   use that Tailscale header auth and instead follow the gateway's normal HTTP

docs/help/faq.md

@@ -1459,7 +1459,7 @@ lives on the [Models FAQ](/help/faq-models).
     - On `AUTH_TOKEN_MISMATCH`, trusted clients can attempt one bounded retry with a cached device token when the gateway returns retry hints (`canRetryWithDeviceToken=true`, `recommendedNextStep=retry_with_device_token`).
     - That cached-token retry now reuses the cached approved scopes stored with the device token. Explicit `deviceToken` / explicit `scopes` callers still keep their requested scope set instead of inheriting cached scopes.
     - Outside that retry path, connect auth precedence is explicit shared token/password first, then explicit `deviceToken`, then stored device token, then bootstrap token.
-    - Built-in setup-code bootstrap is node-only. After approval, it returns a node device token with `scopes: []` and does not return a handed-off operator token.
+    - Bootstrap token scope checks are role-prefixed. The built-in bootstrap operator allowlist only satisfies operator requests; node or other non-operator roles still need scopes under their own role prefix.
 
     Fix:
 
@@ -1941,14 +1941,16 @@ lives on the [Models FAQ](/help/faq-models).
   </Accordion>
 
   <Accordion title='Why does it feel like the bot "ignores" rapid-fire messages?'>
-    Mid-run prompts are steered into the active run by default. Use `/queue` to choose active-run behavior:
+    Queue mode controls how new messages interact with an in-flight run. Use `/queue` to change modes:
 
-    - `steer` - guide the active run at the next model boundary
-    - `followup` - queue messages and run them one at a time after the current run ends
-    - `collect` - queue compatible messages and reply once after the current run ends
+    - `steer` - queue all pending steering for the next model boundary in the current run
+    - `queue` - legacy one-at-a-time steering
+    - `followup` - run messages one at a time
+    - `collect` - batch messages and reply once
+    - `steer-backlog` - steer now, then process backlog
     - `interrupt` - abort current run and start fresh
 
-    Default mode is `steer`. You can add options like `debounce:0.5s cap:25 drop:summarize` for queued modes. See [Command queue](/concepts/queue) and [Steering queue](/concepts/queue-steering).
+    Default mode is `steer`. You can add options like `debounce:0.5s cap:25 drop:summarize` for followup modes. See [Command queue](/concepts/queue) and [Steering queue](/concepts/queue-steering).
 
   </Accordion>
 </AccordionGroup>

docs/help/testing-live.md

@@ -13,10 +13,14 @@ For quick start, QA runners, unit/integration suites, and Docker flows, see
 suites: model matrix, CLI backends, ACP, and media-provider live tests, plus
 credential handling.
 
-## Live: local smoke commands
+## Live: local profile smoke commands
 
-Export the needed provider key in the process environment before ad hoc live
-checks.
+Source `~/.profile` before ad hoc live checks so provider keys and local tool
+paths match your shell:
+
+```bash
+source ~/.profile
+```
 
 Safe media smoke:
 
@@ -271,9 +275,9 @@ Docker notes:
 - The Docker runner lives at `scripts/test-live-acp-bind-docker.sh`.
 - By default, it runs the ACP bind smoke against the aggregate live CLI agents in sequence: `claude`, `codex`, then `gemini`.
 - Use `OPENCLAW_LIVE_ACP_BIND_AGENTS=claude`, `OPENCLAW_LIVE_ACP_BIND_AGENTS=codex`, `OPENCLAW_LIVE_ACP_BIND_AGENTS=droid`, `OPENCLAW_LIVE_ACP_BIND_AGENTS=gemini`, or `OPENCLAW_LIVE_ACP_BIND_AGENTS=opencode` to narrow the matrix.
-- It stages the matching CLI auth material into the container, then installs the requested live CLI (`@anthropic-ai/claude-code`, `@openai/codex`, Factory Droid via `https://app.factory.ai/cli`, `@google/gemini-cli`, or `opencode-ai`) if missing. The ACP backend itself is the embedded `acpx/runtime` package from the official `acpx` plugin.
+- It sources `~/.profile`, stages the matching CLI auth material into the container, then installs the requested live CLI (`@anthropic-ai/claude-code`, `@openai/codex`, Factory Droid via `https://app.factory.ai/cli`, `@google/gemini-cli`, or `opencode-ai`) if missing. The ACP backend itself is the embedded `acpx/runtime` package from the official `acpx` plugin.
 - The Droid Docker variant stages `~/.factory` for settings, forwards `FACTORY_API_KEY`, and requires that API key because local Factory OAuth/keyring auth is not portable into the container. It uses ACPX's built-in `droid exec --output-format acp` registry entry.
-- The OpenCode Docker variant is a strict single-agent regression lane. It writes a temporary `OPENCODE_CONFIG_CONTENT` default model from `OPENCLAW_LIVE_ACP_BIND_OPENCODE_MODEL` (default `opencode/kimi-k2.6`), and `pnpm test:docker:live-acp-bind:opencode` requires a bound assistant transcript instead of accepting the generic post-bind skip.
+- The OpenCode Docker variant is a strict single-agent regression lane. It writes a temporary `OPENCODE_CONFIG_CONTENT` default model from `OPENCLAW_LIVE_ACP_BIND_OPENCODE_MODEL` (default `opencode/kimi-k2.6`) after sourcing `~/.profile`, and `pnpm test:docker:live-acp-bind:opencode` requires a bound assistant transcript instead of accepting the generic post-bind skip.
 - Direct `acpx` CLI calls are only a manual/workaround path for comparing behavior outside the Gateway. The Docker ACP bind smoke exercises OpenClaw's embedded `acpx` runtime backend.
 
 ## Live: Codex app-server harness smoke
@@ -305,6 +309,7 @@ Docker notes:
 Local recipe:
 
 ```bash
+source ~/.profile
 OPENCLAW_LIVE_CODEX_HARNESS=1 \
   OPENCLAW_LIVE_CODEX_HARNESS_IMAGE_PROBE=1 \
   OPENCLAW_LIVE_CODEX_HARNESS_MCP_PROBE=1 \
@@ -316,14 +321,15 @@ OPENCLAW_LIVE_CODEX_HARNESS=1 \
 Docker recipe:
 
 ```bash
+source ~/.profile
 pnpm test:docker:live-codex-harness
 ```
 
 Docker notes:
 
 - The Docker runner lives at `scripts/test-live-codex-harness-docker.sh`.
-- It passes `OPENAI_API_KEY`, copies Codex CLI auth files when present, installs
-  `@openai/codex` into a writable mounted npm
+- It sources the mounted `~/.profile`, passes `OPENAI_API_KEY`, copies Codex CLI
+  auth files when present, installs `@openai/codex` into a writable mounted npm
   prefix, stages the source tree, then runs only the Codex-harness live test.
 - Docker enables the image, MCP/tool, and Guardian probes by default. Set
   `OPENCLAW_LIVE_CODEX_HARNESS_IMAGE_PROBE=0` or
@@ -351,6 +357,7 @@ Narrow, explicit allowlists are fastest and least flaky:
   - Antigravity (OAuth): `OPENCLAW_LIVE_GATEWAY_MODELS="google-antigravity/claude-opus-4-6-thinking,google-antigravity/gemini-3-pro-high" pnpm test:live src/gateway/gateway-models.profiles.live.test.ts`
 
 - Google adaptive thinking smoke:
+  - If local keys live in shell profile: `source ~/.profile`
   - Gemini 3 dynamic default: `pnpm openclaw qa manual --provider-mode live-frontier --model google/gemini-3.1-pro-preview --alt-model google/gemini-3.1-pro-preview --message '/think adaptive Reply exactly: GEMINI_ADAPTIVE_OK' --timeout-ms 180000`
   - Gemini 2.5 dynamic budget: `pnpm openclaw qa manual --provider-mode live-frontier --model google/gemini-2.5-flash --alt-model google/gemini-2.5-flash --message '/think adaptive Reply exactly: GEMINI25_ADAPTIVE_OK' --timeout-ms 180000`
 
@@ -433,8 +440,7 @@ Live tests discover credentials the same way the CLI does. Practical implication
 - Legacy state dir: `~/.openclaw/credentials/` (copied into the staged live home when present, but not the main profile-key store)
 - Live local runs copy the active config, per-agent `auth-profiles.json` files, legacy `credentials/`, and supported external CLI auth dirs into a temp test home by default; staged live homes skip `workspace/` and `sandboxes/`, and `agents.*.workspace` / `agentDir` path overrides are stripped so probes stay off your real host workspace.
 
-If you want to rely on env keys, export them before local tests or use the
-Docker runners below with an explicit `OPENCLAW_PROFILE_FILE`.
+If you want to rely on env keys (e.g. exported in your `~/.profile`), run local tests after `source ~/.profile`, or use the Docker runners below (they can mount `~/.profile` into the container).
 
 ## Deepgram live (audio transcription)
 
@@ -463,7 +469,7 @@ Docker runners below with an explicit `OPENCLAW_PROFILE_FILE`.
 - Harness: `pnpm test:live:media image`
 - Scope:
   - Enumerates every registered image-generation provider plugin
-  - Uses already-exported provider env vars before probing
+  - Loads missing provider env vars from your login shell (`~/.profile`) before probing
   - Uses live/env API keys ahead of stored auth profiles by default, so stale test keys in `auth-profiles.json` do not mask real shell credentials
   - Skips providers with no usable auth/profile/model
   - Runs each configured provider through the shared image-generation runtime:
@@ -511,7 +517,7 @@ request. Plugin dependencies are expected to be present before runtime load.
 - Scope:
   - Exercises the shared bundled music-generation provider path
   - Currently covers Google and MiniMax
-  - Uses already-exported provider env vars before probing
+  - Loads provider env vars from your login shell (`~/.profile`) before probing
   - Uses live/env API keys ahead of stored auth profiles by default, so stale test keys in `auth-profiles.json` do not mask real shell credentials
   - Skips providers with no usable auth/profile/model
   - Runs both declared runtime modes when available:
@@ -536,7 +542,7 @@ request. Plugin dependencies are expected to be present before runtime load.
   - Exercises the shared bundled video-generation provider path
   - Defaults to the release-safe smoke path: non-FAL providers, one text-to-video request per provider, one-second lobster prompt, and a per-provider operation cap from `OPENCLAW_LIVE_VIDEO_GENERATION_TIMEOUT_MS` (`180000` by default)
   - Skips FAL by default because provider-side queue latency can dominate release time; pass `--video-providers fal` or `OPENCLAW_LIVE_VIDEO_GENERATION_PROVIDERS="fal"` to run it explicitly
-  - Uses already-exported provider env vars before probing
+  - Loads provider env vars from your login shell (`~/.profile`) before probing
   - Uses live/env API keys ahead of stored auth profiles by default, so stale test keys in `auth-profiles.json` do not mask real shell credentials
   - Skips providers with no usable auth/profile/model
   - Runs only `generate` by default
@@ -567,7 +573,7 @@ request. Plugin dependencies are expected to be present before runtime load.
 - Command: `pnpm test:live:media`
 - Purpose:
   - Runs the shared image, music, and video live suites through one repo-native entrypoint
-  - Uses already-exported provider env vars
+  - Auto-loads missing provider env vars from `~/.profile`
   - Auto-narrows each suite to providers that currently have usable auth by default
   - Reuses `scripts/test-live.mjs`, so heartbeat and quiet-mode behavior stay consistent
 - Examples:

docs/help/testing.md

@@ -721,10 +721,10 @@ Native dependency policy:
   - Not CI-stable by design (real networks, real provider policies, quotas, outages)
   - Costs money / uses rate limits
   - Prefer running narrowed subsets instead of "everything"
-- Live runs use already-exported API keys and staged auth profiles.
+- Live runs source `~/.profile` to pick up missing API keys.
 - By default, live runs still isolate `HOME` and copy config/auth material into a temp test home so unit fixtures cannot mutate your real `~/.openclaw`.
 - Set `OPENCLAW_LIVE_USE_REAL_HOME=1` only when you intentionally need live tests to use your real home directory.
-- `pnpm test:live` defaults to a quieter mode: it keeps `[live] ...` progress output and mutes gateway bootstrap logs/Bonjour chatter. Set `OPENCLAW_LIVE_TEST_QUIET=0` if you want the full startup logs back.
+- `pnpm test:live` now defaults to a quieter mode: it keeps `[live] ...` progress output, but suppresses the extra `~/.profile` notice and mutes gateway bootstrap logs/Bonjour chatter. Set `OPENCLAW_LIVE_TEST_QUIET=0` if you want the full startup logs back.
 - API key rotation (provider-specific): set `*_API_KEYS` with comma/semicolon format or `*_API_KEY_1`, `*_API_KEY_2` (for example `OPENAI_API_KEYS`, `ANTHROPIC_API_KEYS`, `GEMINI_API_KEYS`) or per-live override via `OPENCLAW_LIVE_*_KEY`; tests retry on rate limit responses.
 - Progress/heartbeat output:
   - Live suites now emit progress lines to stderr so long provider calls are visibly active even when Vitest console capture is quiet.
@@ -753,7 +753,7 @@ plugin validation checklist, see
 
 These Docker runners split into two buckets:
 
-- Live-model runners: `test:docker:live-models` and `test:docker:live-gateway` run only their matching profile-key live file inside the repo Docker image (`src/agents/models.profiles.live.test.ts` and `src/gateway/gateway-models.profiles.live.test.ts`), mounting your local config dir, workspace, and optional profile env file. The matching local entrypoints are `test:live:models-profiles` and `test:live:gateway-profiles`.
+- Live-model runners: `test:docker:live-models` and `test:docker:live-gateway` run only their matching profile-key live file inside the repo Docker image (`src/agents/models.profiles.live.test.ts` and `src/gateway/gateway-models.profiles.live.test.ts`), mounting your local config dir and workspace (and sourcing `~/.profile` if mounted). The matching local entrypoints are `test:live:models-profiles` and `test:live:gateway-profiles`.
 - Docker live runners default to a smaller smoke cap so a full Docker sweep stays practical:
   `test:docker:live-models` defaults to `OPENCLAW_LIVE_MAX_MODELS=12`, and
   `test:docker:live-gateway` defaults to `OPENCLAW_LIVE_GATEWAY_SMOKE=1`,
@@ -765,7 +765,7 @@ These Docker runners split into two buckets:
 - `Package Acceptance` is the GitHub-native package gate for "does this installable tarball work as a product?" It resolves one candidate package from `source=npm`, `source=ref`, `source=url`, or `source=artifact`, uploads it as `package-under-test`, then runs the reusable Docker E2E lanes against that exact tarball instead of repacking the selected ref. Profiles are ordered by breadth: `smoke`, `package`, `product`, and `full`. See [Testing updates and plugins](/help/testing-updates-plugins) for the package/update/plugin contract, published-upgrade survivor matrix, release defaults, and failure triage.
 - Build and release checks run `scripts/check-cli-bootstrap-imports.mjs` after tsdown. The guard walks the static built graph from `dist/entry.js` and `dist/cli/run-main.js` and fails if pre-dispatch startup imports package dependencies such as Commander, prompt UI, undici, or logging before command dispatch; it also keeps the bundled gateway run chunk under budget and rejects static imports of known cold gateway paths. Packaged CLI smoke also covers root help, onboard help, doctor help, status, config schema, and a model-list command.
 - Package Acceptance legacy compatibility is capped at `2026.4.25` (`2026.4.25-beta.*` included). Through that cutoff, the harness tolerates only shipped-package metadata gaps: omitted private QA inventory entries, missing `gateway install --wrapper`, missing patch files in the tarball-derived git fixture, missing persisted `update.channel`, legacy plugin install-record locations, missing marketplace install-record persistence, and config metadata migration during `plugins update`. For packages after `2026.4.25`, those paths are strict failures.
-- Container smoke runners: `test:docker:openwebui`, `test:docker:onboard`, `test:docker:npm-onboard-channel-agent`, `test:docker:release-user-journey`, `test:docker:release-typed-onboarding`, `test:docker:release-media-memory`, `test:docker:release-upgrade-user-journey`, `test:docker:release-plugin-marketplace`, `test:docker:skill-install`, `test:docker:update-channel-switch`, `test:docker:upgrade-survivor`, `test:docker:published-upgrade-survivor`, `test:docker:session-runtime-context`, `test:docker:agents-delete-shared-workspace`, `test:docker:gateway-network`, `test:docker:browser-cdp-snapshot`, `test:docker:mcp-channels`, `test:docker:pi-bundle-mcp-tools`, `test:docker:cron-mcp-cleanup`, `test:docker:plugins`, `test:docker:plugin-update`, `test:docker:plugin-lifecycle-matrix`, and `test:docker:config-reload` boot one or more real containers and verify higher-level integration paths.
+- Container smoke runners: `test:docker:openwebui`, `test:docker:onboard`, `test:docker:npm-onboard-channel-agent`, `test:docker:skill-install`, `test:docker:update-channel-switch`, `test:docker:upgrade-survivor`, `test:docker:published-upgrade-survivor`, `test:docker:session-runtime-context`, `test:docker:agents-delete-shared-workspace`, `test:docker:gateway-network`, `test:docker:browser-cdp-snapshot`, `test:docker:mcp-channels`, `test:docker:pi-bundle-mcp-tools`, `test:docker:cron-mcp-cleanup`, `test:docker:plugins`, `test:docker:plugin-update`, `test:docker:plugin-lifecycle-matrix`, and `test:docker:config-reload` boot one or more real containers and verify higher-level integration paths.
 
 The live-model Docker runners also bind-mount only the needed CLI auth homes (or all supported ones when the run is not narrowed), then copy them into the container home before the run so external-CLI OAuth can refresh tokens without mutating the host auth store:
 
@@ -778,12 +778,6 @@ The live-model Docker runners also bind-mount only the needed CLI auth homes (or
 - Open WebUI live smoke: `pnpm test:docker:openwebui` (script: `scripts/e2e/openwebui-docker.sh`)
 - Onboarding wizard (TTY, full scaffolding): `pnpm test:docker:onboard` (script: `scripts/e2e/onboard-docker.sh`)
 - Npm tarball onboarding/channel/agent smoke: `pnpm test:docker:npm-onboard-channel-agent` installs the packed OpenClaw tarball globally in Docker, configures OpenAI via env-ref onboarding plus Telegram by default, runs doctor, and runs one mocked OpenAI agent turn. Reuse a prebuilt tarball with `OPENCLAW_CURRENT_PACKAGE_TGZ=/path/to/openclaw-*.tgz`, skip the host rebuild with `OPENCLAW_NPM_ONBOARD_HOST_BUILD=0`, or switch channel with `OPENCLAW_NPM_ONBOARD_CHANNEL=discord` or `OPENCLAW_NPM_ONBOARD_CHANNEL=slack`.
-
-- Release user journey smoke: `pnpm test:docker:release-user-journey` installs the packed OpenClaw tarball globally in a clean Docker home, runs onboarding, configures a mocked OpenAI provider, runs an agent turn, installs/uninstalls external plugins, configures ClickClack against a local fixture, verifies outbound/inbound messaging, restarts Gateway, and runs doctor.
-- Release typed onboarding smoke: `pnpm test:docker:release-typed-onboarding` installs the packed tarball, drives `openclaw onboard` through a real TTY, configures OpenAI as an env-ref provider, verifies no raw key persistence, and runs a mocked agent turn.
-- Release media/memory smoke: `pnpm test:docker:release-media-memory` installs the packed tarball, verifies image understanding from a PNG attachment, OpenAI-compatible image generation output, memory search recall, and recall survival across Gateway restart.
-- Release upgrade user journey smoke: `pnpm test:docker:release-upgrade-user-journey` installs `openclaw@latest` by default, configures provider/plugin/ClickClack state on the published package, upgrades to the candidate tarball, then reruns the core agent/plugin/channel journey. Override the baseline with `OPENCLAW_RELEASE_UPGRADE_BASELINE_SPEC=openclaw@<version>`.
-- Release plugin marketplace smoke: `pnpm test:docker:release-plugin-marketplace` installs from a local fixture marketplace, updates the installed plugin, uninstalls it, and verifies the plugin CLI disappears with install metadata pruned.
 - Skill install smoke: `pnpm test:docker:skill-install` installs the packed OpenClaw tarball globally in Docker, disables uploaded archive installs in config, resolves the current live ClawHub skill slug from search, installs it with `openclaw skills install`, and verifies the installed skill plus `.clawhub` origin/lock metadata.
 - Update channel switch smoke: `pnpm test:docker:update-channel-switch` installs the packed OpenClaw tarball globally in Docker, switches from package `stable` to git `dev`, verifies the persisted channel and plugin post-update work, then switches back to package `stable` and checks update status.
 - Upgrade survivor smoke: `pnpm test:docker:upgrade-survivor` installs the packed OpenClaw tarball over a dirty old-user fixture with agents, channel config, plugin allowlists, stale plugin dependency state, and existing workspace/session files. It runs package update plus non-interactive doctor without live provider or channel keys, then starts a loopback Gateway and checks config/state preservation plus startup/status budgets.
@@ -837,8 +831,8 @@ after Open WebUI sign-in and model discovery, without waiting on a live model
 completion.
 The first run can be noticeably slower because Docker may need to pull the
 Open WebUI image and Open WebUI may need to finish its own cold-start setup.
-This lane expects a usable live model key. Provide it through the process
-environment, staged auth profiles, or an explicit `OPENCLAW_PROFILE_FILE`.
+This lane expects a usable live model key, and `OPENCLAW_PROFILE_FILE`
+(`~/.profile` by default) is the primary way to provide it in Dockerized runs.
 Successful runs print a small JSON payload like `{ "ok": true, "model":
 "openclaw/default", ... }`.
 `test:docker:mcp-channels` is intentionally deterministic and does not need a
@@ -868,7 +862,7 @@ Useful env vars:
 
 - `OPENCLAW_CONFIG_DIR=...` (default: `~/.openclaw`) mounted to `/home/node/.openclaw`
 - `OPENCLAW_WORKSPACE_DIR=...` (default: `~/.openclaw/workspace`) mounted to `/home/node/.openclaw/workspace`
-- `OPENCLAW_PROFILE_FILE=...` mounted and sourced before running tests
+- `OPENCLAW_PROFILE_FILE=...` (default: `~/.profile`) mounted to `/home/node/.profile` and sourced before running tests
 - `OPENCLAW_DOCKER_PROFILE_ENV_ONLY=1` to verify only env vars sourced from `OPENCLAW_PROFILE_FILE`, using temporary config/workspace dirs and no external CLI auth mounts
 - `OPENCLAW_DOCKER_CLI_TOOLS_DIR=...` (default: `~/.cache/openclaw/docker-cli-tools`) mounted to `/home/node/.npm-global` for cached CLI installs inside Docker
 - External CLI auth dirs/files under `$HOME` are mounted read-only under `/host-auth...`, then copied into `/home/node/...` before tests start

docs/platforms/mac/remote.md

@@ -81,7 +81,7 @@ node.
 - **Health probe failed**: check SSH reachability, PATH, and that Baileys is logged in (`openclaw status --json`).
 - **Web Chat stuck**: confirm the gateway is running on the remote host and the forwarded port matches the gateway WS port; the UI requires a healthy WS connection.
 - **Node IP shows 127.0.0.1**: expected with the SSH tunnel. Switch **Transport** to **Direct (ws/wss)** if you want the gateway to see the real client IP.
-- **Dashboard works but Mac capabilities are offline**: this means the app's operator/control connection is healthy, but the companion node connection is not connected or is missing its command surface. Open the menu bar device section and check whether the Mac is `paired · disconnected`. For `wss://*.ts.net` Tailscale Serve endpoints, the app detects stale legacy TLS leaf pins after certificate rotation, clears the stale pin when macOS trusts the new certificate, and retries automatically. If the certificate is not system-trusted or the host is not a Tailscale Serve name, set `gateway.remote.tlsFingerprint` to the expected certificate fingerprint, review the certificate, or switch to **Remote over SSH**.
+- **Dashboard works but Mac capabilities are offline**: this means the app's operator/control connection is healthy, but the companion node connection is not connected or is missing its command surface. Open the menu bar device section and check whether the Mac is `paired · disconnected`. For `wss://*.ts.net` Tailscale Serve endpoints, the app detects stale legacy TLS leaf pins after certificate rotation, clears the stale pin when macOS trusts the new certificate, and retries automatically. If the certificate is not system-trusted or the host is not a Tailscale Serve name, review the certificate or switch to **Remote over SSH**.
 - **Voice Wake**: trigger phrases are forwarded automatically in remote mode; no separate forwarder is needed.
 
 ## Notification sounds

docs/plugins/codex-harness-runtime.md

@@ -150,14 +150,13 @@ requests fail closed.
 ## Queue steering
 
 Active-run queue steering maps onto Codex app-server `turn/steer`. With the
-default `messages.queue.mode: "steer"`, OpenClaw batches steer-mode chat
-messages for the configured quiet window and sends them as one `turn/steer`
-request in arrival order.
+default `messages.queue.mode: "steer"`, OpenClaw batches queued chat messages
+for the configured quiet window and sends them as one `turn/steer` request in
+arrival order. Legacy `queue` mode sends separate `turn/steer` requests.
 
 Codex review and manual compaction turns can reject same-turn steering. In that
-case, OpenClaw waits for the active run to finish before starting the prompt.
-Use `/queue followup` or `/queue collect` when messages should queue by default
-instead of steering. See [Steering queue](/concepts/queue-steering).
+case, OpenClaw uses the follow-up queue when the selected mode allows fallback.
+See [Steering queue](/concepts/queue-steering).
 
 ## Codex feedback upload
 

docs/plugins/hooks.md

@@ -148,18 +148,6 @@ observation-only.
 - `cron_changed` - observe gateway-owned cron lifecycle changes (added, updated, removed, started, finished, scheduled)
 - **`before_install`** - inspect skill or plugin install scans and optionally block
 
-## Debug runtime hooks
-
-Use `before_model_resolve` when a plugin needs to switch the provider or model
-for an agent turn. It runs before model resolution; `llm_output` only runs after
-a model attempt produces assistant output.
-
-For proof of the effective session model, inspect runtime registrations, then
-use `openclaw sessions` or the Gateway session/status surfaces. When debugging
-provider payloads, start the Gateway with `--raw-stream` and
-`--raw-stream-path <path>`; those flags write raw model stream events to a jsonl
-file.
-
 ## Tool call policy
 
 `before_tool_call` receives:
@@ -196,7 +184,7 @@ type BeforeToolCallResult = {
 };
 ```
 
-Hook guard behavior for typed lifecycle hooks:
+Rules:
 
 - `block: true` is terminal and skips lower-priority handlers.
 - `block: false` is treated as no decision.

docs/plugins/manifest.md

@@ -1266,11 +1266,7 @@ hook instead.
 
 ## Discovery precedence (duplicate plugin ids)
 
-OpenClaw discovers plugins from several roots. For the raw filesystem scan
-order, see [Plugin scan
-order](/gateway/configuration-reference#plugin-scan-order). If two discoveries
-share the same `id`, only the **highest-precedence** manifest is kept;
-lower-precedence duplicates are dropped instead of loading beside it.
+OpenClaw discovers plugins from several roots (bundled, global install, workspace, explicit config-selected paths). If two discoveries share the same `id`, only the **highest-precedence** manifest is kept; lower-precedence duplicates are dropped instead of loading beside it.
 
 Precedence, highest to lowest:
 

docs/plugins/memory-lancedb.md

@@ -196,11 +196,10 @@ in. For example, ZhiPu `embedding-3` uses `2048` dimensions:
 
 `memory-lancedb` has two separate text limits:
 
-| Setting           | Default | Range     | Applies to                                                |
-| ----------------- | ------- | --------- | --------------------------------------------------------- |
-| `recallMaxChars`  | `1000`  | 100-10000 | text sent to the embedding API for recall                 |
-| `captureMaxChars` | `500`   | 100-10000 | message length eligible for auto-capture                  |
-| `customTriggers`  | `[]`    | 0-50      | literal phrases that make auto-capture consider a message |
+| Setting           | Default | Range     | Applies to                                    |
+| ----------------- | ------- | --------- | --------------------------------------------- |
+| `recallMaxChars`  | `1000`  | 100-10000 | text sent to the embedding API for recall     |
+| `captureMaxChars` | `500`   | 100-10000 | assistant message length eligible for capture |
 
 `recallMaxChars` controls auto-recall, the `memory_recall` tool, the
 `memory_forget` query path, and `openclaw ltm search`. Auto-recall prefers the
@@ -211,10 +210,6 @@ out of the embedding request.
 `captureMaxChars` controls whether a response is short enough to be considered
 for automatic capture. It does not cap recall query embeddings.
 
-`customTriggers` lets you add literal auto-capture phrases without writing
-regular expressions. The built-in triggers include common English, Czech,
-Chinese, Japanese, and Korean memory phrases.
-
 ## Commands
 
 When `memory-lancedb` is the active memory plugin, it registers the `ltm` CLI

docs/plugins/message-presentation.md

@@ -56,8 +56,6 @@ type MessagePresentationButton = {
   label: string;
   value?: string;
   url?: string;
-  webApp?: { url: string };
-  web_app?: { url: string };
   style?: "primary" | "secondary" | "success" | "danger";
 };
 
@@ -82,8 +80,6 @@ Button semantics:
 - `value` is an application action value routed back through the channel's
   existing interaction path when the channel supports clickable controls.
 - `url` is a link button. It can exist without `value`.
-- `webApp` and `web_app` describe a channel-native web app button. Telegram
-  renders this as `web_app` and only supports it in private chats.
 - `label` is required and is also used in text fallback.
 - `style` is advisory. Renderers should map unsupported styles to a safe
   default, not fail the send.
@@ -131,19 +127,6 @@ URL-only link button:
 }
 ```
 
-Telegram Mini App button:
-
-```json
-{
-  "blocks": [
-    {
-      "type": "buttons",
-      "buttons": [{ "label": "Launch", "web_app": { "url": "https://example.com/app" } }]
-    }
-  ]
-}
-```
-
 Select menu:
 
 ```json

docs/plugins/plugin-inventory.md

@@ -40,12 +40,11 @@ openclaw gateway restart
 openclaw plugins inspect discord --runtime --json
 ```
 
-During the launch cutover, ordinary bare package specs still install from npm.
-Use `clawhub:@openclaw/discord` or `npm:@openclaw/discord` when you need an
-explicit source. After install, follow the plugin's setup doc, such as
-[Discord](/channels/discord), to add credentials and channel config. See
-[Manage plugins](/plugins/manage-plugins) for update, uninstall, and publishing
-commands.
+Bare package specs try ClawHub first, then npm fallback. To force a source, use
+`clawhub:@openclaw/discord` or `npm:@openclaw/discord`. After install, follow
+the plugin's setup doc, such as [Discord](/channels/discord), to add credentials
+and channel config. See [Manage plugins](/plugins/manage-plugins) for update,
+uninstall, and publishing commands.
 
 ## Core npm package
 
@@ -167,7 +166,7 @@ commands.
 | [tlon](/plugins/reference/tlon)                                     | Adds the Tlon channel surface for sending and receiving OpenClaw messages.            | `@openclaw/tlon`<br />npm; ClawHub                                                               | channels: tlon; contracts: tools; skills                                     |
 | [twitch](/plugins/reference/twitch)                                 | Adds the Twitch channel surface for sending and receiving OpenClaw messages.          | `@openclaw/twitch`<br />npm; ClawHub                                                             | channels: twitch                                                             |
 | [voice-call](/plugins/reference/voice-call)                         | Adds agent-callable tools.                                                            | `@openclaw/voice-call`<br />npm; ClawHub                                                         | contracts: tools                                                             |
-| [whatsapp](/plugins/reference/whatsapp)                             | Adds the WhatsApp channel surface for sending and receiving OpenClaw messages.        | `@openclaw/whatsapp`<br />ClawHub: `clawhub:@openclaw/whatsapp`; npm                             | channels: whatsapp                                                           |
+| [whatsapp](/plugins/reference/whatsapp)                             | Adds the WhatsApp channel surface for sending and receiving OpenClaw messages.        | `@openclaw/whatsapp`<br />npm; ClawHub                                                           | channels: whatsapp                                                           |
 | [zalo](/plugins/reference/zalo)                                     | Adds the Zalo channel surface for sending and receiving OpenClaw messages.            | `@openclaw/zalo`<br />npm; ClawHub                                                               | channels: zalo                                                               |
 | [zalouser](/plugins/reference/zalouser)                             | Adds the Zalo Personal channel surface for sending and receiving OpenClaw messages.   | `@openclaw/zalouser`<br />npm; ClawHub                                                           | channels: zalouser; contracts: tools                                         |
 

docs/plugins/reference.md

@@ -128,7 +128,7 @@ pnpm plugins:inventory:gen
 | [vydra](/plugins/reference/vydra)                                   | Adds Vydra model provider support to OpenClaw.                                                                                                                       | `@openclaw/vydra-provider`<br />included in OpenClaw                                             | providers: vydra; contracts: imageGenerationProviders, speechProviders, videoGenerationProviders                                                                                                                                                                 |
 | [web-readability](/plugins/reference/web-readability)               | Extract readable article content from local HTML web fetch responses.                                                                                                | `@openclaw/web-readability-plugin`<br />included in OpenClaw                                     | contracts: webContentExtractors                                                                                                                                                                                                                                  |
 | [webhooks](/plugins/reference/webhooks)                             | Authenticated inbound webhooks that bind external automation to OpenClaw TaskFlows.                                                                                  | `@openclaw/webhooks`<br />included in OpenClaw                                                   | plugin                                                                                                                                                                                                                                                           |
-| [whatsapp](/plugins/reference/whatsapp)                             | Adds the WhatsApp channel surface for sending and receiving OpenClaw messages.                                                                                       | `@openclaw/whatsapp`<br />ClawHub: `clawhub:@openclaw/whatsapp`; npm                             | channels: whatsapp                                                                                                                                                                                                                                               |
+| [whatsapp](/plugins/reference/whatsapp)                             | Adds the WhatsApp channel surface for sending and receiving OpenClaw messages.                                                                                       | `@openclaw/whatsapp`<br />npm; ClawHub                                                           | channels: whatsapp                                                                                                                                                                                                                                               |
 | [xai](/plugins/reference/xai)                                       | Adds xAI model provider support to OpenClaw.                                                                                                                         | `@openclaw/xai-plugin`<br />included in OpenClaw                                                 | providers: xai; contracts: imageGenerationProviders, mediaUnderstandingProviders, realtimeTranscriptionProviders, speechProviders, tools, videoGenerationProviders, webSearchProviders                                                                           |
 | [xiaomi](/plugins/reference/xiaomi)                                 | Adds Xiaomi model provider support to OpenClaw.                                                                                                                      | `@openclaw/xiaomi-provider`<br />included in OpenClaw                                            | providers: xiaomi; contracts: speechProviders                                                                                                                                                                                                                    |
 | [zai](/plugins/reference/zai)                                       | Adds Z.AI model provider support to OpenClaw.                                                                                                                        | `@openclaw/zai-provider`<br />included in OpenClaw                                               | providers: zai; contracts: mediaUnderstandingProviders                                                                                                                                                                                                           |