test: align sqlite rebase tooling assertions

* fix(agents): route media task hints below the system-prompt cache boundary

Per-turn image/video/music generation task hints were injected into the
static prependSystemContext slot, landing above the cache boundary inside the
cacheable prefix. The hints are present only on user/manual turns and vary
with active media tasks, so the cacheable prefix shifted turn-to-turn and
defeated Anthropic/OpenAI prompt caching (#85203).

Split the per-turn media hints out of the prepend resolver into
resolveAttemptMediaTaskSystemPromptAddition and route them below the boundary
via the existing prependSystemPromptAddition helper, matching how subagent and
context-engine system-prompt additions are already routed. The static plugin
prependSystemContext / appendSystemContext hook fields are unchanged and
remain in the cacheable prefix. Applied at both consumers (embedded agent
runner and CLI runner).

* fix(agents): keep media task hints below the cache boundary for hook systemPrompt overrides

A before_prompt_build hook that returns a full systemPrompt override replaces
the base prompt with marker-free text. Per-turn media-generation task hints
were then front-prepended into that marker-free prompt, which providers cache
as a single block, so the cached prefix still shifted turn-to-turn on the
override path (#85203).

Wrap the base with ensureSystemPromptCacheBoundary at both media-routing sites
(embedded agent runner and CLI runner) so a marker-free override gets an
appended boundary and the hint routes into the uncached suffix. The helper is
idempotent, so marker-bearing prompts are unchanged. The shared
prependSystemPromptAddition wrapper and the static prependSystemContext /
appendSystemContext hook fields are untouched.

* fix(agents): keep marker-free idle prompts cacheable below the boundary

A marker-free hook systemPrompt override only had the cache boundary
ensured on turns with an active media task. On idle turns the later
appendModelIdentitySystemPrompt landed above the absent boundary, so the
idle cached system prefix diverged from active turns and prompt caching
broke across active/idle transitions. Ensure the boundary regardless of
media state in both the embedded and CLI runners, and extend the
regression to cover the model-identity append across active->idle.

* fix(agents): scope cache-boundary ensure to the model-identity append

Ensuring the boundary unconditionally on media-idle turns appended a
boundary marker to empty raw/gateway system prompts (turning "" into a
marker-only prompt) and to prompts with nothing below the boundary.
Instead ensure the boundary only when a model identity line is actually
appended to a non-empty prompt, in both the embedded and CLI runners.
This still keeps the identity below the boundary for marker-free hook
systemPrompt overrides (the #85203 idle-cache regression) while leaving
empty and identity-less prompts untouched.

* test: refresh stale type and lint expectations

* test: stabilize CI timeout checks

* test: satisfy channel entry lint

* fix(agents): skip cache boundary for blank prompts

* fix(channels): keep draft flush timer referenced

* test(agents): tolerate failed exec timeout setup

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>

.agents/skills/crabbox/SKILL.md

@@ -223,6 +223,21 @@ Read the JSON summary and the Testbox line. Useful fields:
 - Actions run URL/id from the Testbox output
 - `exitCode`
 
+Use provider-backed cache volumes only for rebuildable caches, not secrets or
+checkout state. On Blacksmith, Crabbox forwards them as sticky disks:
+
+```sh
+node scripts/crabbox-wrapper.mjs run \
+  --provider blacksmith-testbox \
+  --cache-volume pnpm-store=openclaw-node24-pnpm-lock:/tmp/openclaw-pnpm-store \
+  --timing-json \
+  -- \
+  corepack pnpm check:changed
+```
+
+The selected provider must advertise cache-volume support. If not, omit
+`--cache-volume` and rely on kept-lease caches.
+
 `blacksmith testbox list` may hide hydrating or ready boxes. Use:
 
 ```sh
@@ -292,7 +307,8 @@ Live-provider debug template for direct AWS/Hetzner leases:
 
 ```sh
 mkdir -p .crabbox/logs
-pnpm crabbox:run -- --provider aws \
+CRABBOX_ENV_ALLOW=OPENAI_API_KEY,OPENAI_BASE_URL \
+  pnpm crabbox:run -- --provider aws \
   --preflight \
   --allow-env OPENAI_API_KEY,OPENAI_BASE_URL \
   --timing-json \
@@ -304,10 +320,8 @@ pnpm crabbox:run -- --provider aws \
 ```
 
 Do not pass `--capture-*`, `--download`, `--checksum`, `--force-sync-large`, or
-`--sync-only` to delegated providers. Also do not pass `--script*`,
-`--fresh-pr`, `--full-resync`, or `--env-helper` there. Crabbox rejects these
-because the provider owns sync or command transport. `--keep-on-failure` is OK
-for delegated one-shots when you need to inspect a failed lease.
+`--sync-only` to delegated providers. Crabbox rejects them because the provider
+owns sync or command transport.
 
 ## Efficient Bug E2E Verification
 
@@ -590,7 +604,8 @@ Crabbox Blacksmith backend delegates setup to:
 
 The hydration workflow owns checkout, Node/pnpm setup, dependency install,
 secrets, ready marker, and keepalive. Crabbox owns dispatch, sync, SSH command
-execution, timing, logs/results, and cleanup.
+execution, timing, logs/results, cleanup, and cache-volume requests. Blacksmith
+implements cache volumes as sticky disks.
 
 Minimal Blacksmith-backed Crabbox run, from repo root:
 
@@ -685,6 +700,7 @@ crabbox events <run_id> --json
 crabbox logs <run_id>
 crabbox results <run_id>
 crabbox cache stats --id <id-or-slug>
+crabbox cache volumes
 crabbox ssh --id <id-or-slug>
 blacksmith testbox list
 ```

.agents/skills/kysely-database-access/SKILL.md

@@ -0,0 +1,202 @@
+---
+name: kysely-database-access
+description: Use when adding, reviewing, or refactoring OpenClaw Kysely database access, native node:sqlite stores, generated DB types, SQLite schemas, migrations, raw SQL, transactions, or database access best practices.
+---
+
+# Kysely Database Access
+
+Use this skill for OpenClaw database code that touches Kysely, `node:sqlite`,
+generated DB types, SQLite schemas, migrations, or store/query design.
+
+## Read First
+
+- `docs/concepts/kysely.md` for the repo's Kysely rules and examples.
+- The owning subtree `AGENTS.md`, if present.
+- Relevant local Kysely source/types under `node_modules/kysely/dist/esm/...`
+  before assuming dialect behavior, result types, transactions, plugins, or raw
+  SQL semantics.
+- For codegen behavior, inspect `scripts/generate-kysely-types.mjs` and
+  `kysely-codegen --help` from the repo package manager.
+
+## Official Docs Cross-Check
+
+When the behavior matters, verify against current Kysely docs/source before
+patching:
+
+- Generating types: production apps should keep schema types aligned with the
+  database through code generation.
+- Data types: TypeScript types do not affect runtime values; the driver decides
+  runtime values, and Kysely returns what the driver returns unless a plugin
+  transforms results.
+- Raw SQL: the `sql` tag can execute full raw SQL and embed snippets into
+  builders. Prefer typed builders/helpers when they express the same thing.
+- Reusable helpers: take `Expression<T>` or an `ExpressionBuilder` when wrapping
+  SQL expressions; alias helper expressions explicitly in `select`. Extract a
+  helper only when it quarantines raw SQL, removes meaningful duplication, or
+  preserves a tricky inferred type.
+- Split build/execute only at deliberate boundaries. Compiled-query execution
+  is useful for native sync adapters, but keep plugin/result-transform behavior
+  in mind.
+- Migrations: Kysely migration files run without a schema type. In OpenClaw,
+  prefer the committed SQL-source-of-truth path unless a new owner explicitly
+  needs Kysely-managed migrations.
+- Plugins: plugins can transform queries and results. Any sync shortcut that
+  bypasses Kysely's async executor needs a documented invariant or tests.
+
+## Default Workflow
+
+1. Identify the owner boundary:
+   - Core state DB: `src/state/*`
+   - Per-agent DB: `src/state/openclaw-agent-*`
+   - Feature store: owning `*.sqlite.ts` module
+   - Plugin-owned state: plugin/module owner, not generic core
+2. Inspect the schema source first:
+   - `*.sql` is the source of truth when generated schema/types exist.
+   - Generated `*.generated.*` files are outputs, not hand-edit targets.
+3. Prefer Kysely builders for normal CRUD:
+   - `selectFrom`, `insertInto`, `updateTable`, `deleteFrom`
+   - `executeTakeFirst`, `executeTakeFirstOrThrow`, `execute`
+   - `eb.fn.countAll`, `eb.fn.count`, `eb.fn.coalesce` for common functions
+   - Keep compile-time Kysely reference literals such as `"host"` and
+     `"flow_id as flowId"` when they are clearer than constants; they are
+     type-checked by Kysely.
+   - Let Kysely infer selected row shapes. Do not pass broad row generics to
+     sync helpers for normal builder queries.
+   - Treat `executeSqliteQuerySync<Row>(db, builder)` and
+     `executeSqliteQueryTakeFirstSync<Row>(db, builder)` as a smell: the generic
+     can lie about selected columns. Use no generic for builders; use an exact
+     raw boundary helper for raw SQL.
+   - For finite public query presets, use a preset-to-row type map plus a union
+     boundary type instead of `Record<string, ...>`.
+   - After touching Kysely/native SQLite code, run `pnpm lint:kysely`. The AST
+     guard rejects raw identifier helpers, unreviewed typed `sql<T>` snippets,
+     `db.dynamic`, explicit sync-helper row generics for builders, and new raw
+     `node:sqlite` runtime access outside owner allowlists. It also rejects
+     persisted enum-like casts in SQLite stores; keep row fields as `string` and
+     parse through closed validators.
+4. Keep raw SQL deliberate:
+   - Good: pragmas, virtual tables, FTS, SQLite JSON functions, migrations,
+     `sqlite_master`, compact repeated expressions.
+   - Bad: raw `COUNT(*)` or dynamic SQL where Kysely has a typed builder shape.
+   - Use `${value}` parameters; use `sql.ref` / `sql.table` only for validated,
+     closed-set identifiers.
+   - Do not feed unconstrained runtime `string` values into table/column/group/
+     order/identifier positions. Narrow them to local unions or generated table
+     keys first.
+   - Prefer `eb.fn`, `eb.lit`, `eb.ref`, and expression callbacks for scalar
+     SQL such as `count`, `coalesce`, `max`, `exists`, and constant selections.
+5. Align TypeScript with real driver values:
+   - Kysely does not coerce runtime values.
+   - Native `node:sqlite` returns BLOB columns as `Uint8Array`; convert with
+     `Buffer.from(...)` only at API boundaries that need Buffer helpers.
+   - Keep JSON/text/timestamp parsing at module boundaries.
+   - Keep persisted enum-like strings as `string` in row types, then parse them
+     through closed validator helpers such as `parseTaskStatus(value)`. Do not
+     cast corrupt persisted data into exported unions.
+6. Decide migration need from shipped state:
+   - Unshipped schema/type cleanup: no SQLite migration.
+   - Shipped canonical schema change: add the appropriate migration or
+     doctor/fix repair path with tests.
+   - Legacy config repair belongs in doctor/fix paths, not startup surprises.
+
+## Codegen
+
+For committed SQL-backed generated types:
+
+```bash
+pnpm db:kysely:gen
+pnpm db:kysely:check
+```
+
+The repo maps SQLite `blob` to `Uint8Array` through `kysely-codegen`
+`--type-mapping`. Do not post-process generated files by hand; change the
+generator or SQL source and regenerate.
+
+## Native SQLite Guardrails
+
+- Use `getNodeSqliteKysely(db)` and sync helpers from `src/infra/kysely-sync.ts`
+  for `DatabaseSync` stores.
+- New direct `db.prepare(...)` / `db.exec(...)` runtime access should be rare.
+  Prefer Kysely or add an explicit `scripts/check-kysely-guardrails.mjs`
+  allowlist entry with a clear owner reason.
+- If raw SQLite is repeated or cast-heavy, extract a narrow boundary helper
+  such as `assertSqliteIntegrityOk(db, message)` and allowlist that helper
+  instead of each caller.
+- Keep sync helper result types derived from `CompiledQuery<Row>` / Kysely
+  builders. Explicit helper generics are for raw SQL or external boundaries,
+  not for widening a typed builder result into a generic record.
+- Keep the native dialect in `src/infra/kysely-node-sqlite.ts` aligned with
+  Kysely's SQLite driver structure: single connection, mutex, SQLite adapter,
+  SQLite query compiler, SQLite introspector.
+- Use `StatementSync.columns().length` behavior for row-returning statements;
+  do not parse SQL verbs.
+- Return `insertId` only for changed Kysely insert nodes. Raw insert SQL and
+  ignored inserts must not expose stale `lastInsertRowid`.
+- Remember that sync execution compiles through Kysely but bypasses async
+  `executeQuery` result plugins/logging. If plugins enter this path, add tests
+  or a documented invariant.
+
+## Tests
+
+Pick the smallest proof that covers the touched surface:
+
+```bash
+pnpm db:kysely:check
+pnpm lint:kysely
+pnpm test src/infra/kysely-node-sqlite.test.ts
+pnpm test <owning-store>.test.ts
+pnpm tsgo:core
+```
+
+Add or update focused tests for:
+
+- generated type/runtime mismatches
+- native dialect metadata (`insertId`, `numAffectedRows`, row-returning SQL)
+- transactions/savepoints
+- BLOB and JSON boundary conversions
+- schema/codegen drift
+- type inference contracts for sync helpers and public query result maps
+- negative type contracts with `@ts-expect-error` for important column/preset
+  mistakes
+- corruption-path tests that mutate SQLite directly and assert the public load
+  or read method rejects invalid persisted strings
+- public store behavior, not just private SQL shape
+
+## Helper Extraction
+
+Good helpers:
+
+- `readSqliteNumberPragma(db, pragma)` style helpers with a closed union for
+  PRAGMA names.
+- Raw-expression helpers that accept Kysely expressions/refs instead of raw
+  column strings.
+- Public query preset maps that preserve exact row types at the API boundary.
+
+Avoid helpers that:
+
+- Wrap obvious Kysely literals just to avoid strings.
+- Take generic `string` table/column/order names.
+- Return heavily generic query builders that are harder to type than the query
+  they hide.
+
+## Performance
+
+- Benchmark prepare/compile overhead before adding statement caches or compiled
+  query caches. Include the real public store method work: SQLite execution,
+  JSON/BLOB conversion, and result mapping.
+- Keep caches local, close/dispose them with the owning store, and test invalid
+  or stale behavior. Clear builders are the default until numbers prove a hot
+  path.
+
+## Avoid
+
+- Do not introduce ORM/repository layers or hidden relation loading.
+- Do not make root dependencies for plugin-only database needs.
+- Do not migrate everything to raw SQL or everything to builders for purity.
+- Do not hand-edit generated DB types.
+- Do not hide finite query result shapes behind `Record<string, ...>` just to
+  make JSON output convenient; use exact row unions or map at the boundary.
+- Do not replace every Kysely string literal with constants for aesthetics; fix
+  dynamic identifiers, raw SQL assertions, and public result boundaries instead.
+- Do not add broad cache layers to hide repeated query/discovery work; carry the
+  known runtime fact earlier when possible.

.agents/skills/openclaw-changelog-update/SKILL.md

@@ -52,17 +52,29 @@ attribution.
    - keep `#issue`, `(#PR)`, `Fixes #...`, and `Thanks @...`
    - every human-authored merged PR represented by a user-facing entry needs
      its PR ref and `Thanks @author`, even when the PR had no linked issue
+   - every human issue reporter for a `Fixes #...` or referenced bug issue
+     represented by a user-facing entry needs `Thanks @reporter` unless the
+     same handle is already thanked in that bullet
+   - every human `Co-authored-by` contributor on represented user-facing work
+     needs `Thanks @handle` when a GitHub handle is known
    - when grouping multiple PRs/issues in one bullet, include every relevant
      PR/issue ref and every human contributor handle in that same bullet
    - multiple `Thanks @...` handles in one bullet are expected; do not drop or
      collapse contributor credit just because the note is grouped
    - if one grouped bullet covers both direct commits and PRs, keep all PR refs
      and thanks, plus any issue refs from the direct commits
+   - before finalizing, audit the final release-note body:
+     - extract all `#NNN` refs from the notes
+     - resolve which refs are PRs and collect human PR authors
+     - resolve issue refs used as bug/report refs and collect human reporters
+     - scan represented commits for `Co-authored-by`
+     - compare those handles to the final `Thanks @...` set
+     - fix every missing human credit or explicitly record why it is omitted
    - do not add GHSA references, advisory IDs, or security advisory slugs to
      changelog entries or GitHub release-note text unless explicitly requested
    - never thank bots, `@openclaw`, `@clawsweeper`, or `@steipete`
-   - if grouping multiple entries, carry all relevant refs and thanks into the
-     grouped bullet
+   - do not use GitHub's release contributor count as the source of truth; the
+     changelog must carry the complete human credit set itself
 7. Sorting preference:
    - security/data-loss and content-boundary fixes
    - transcript/replay/reply delivery correctness

.crabbox.yaml

@@ -6,18 +6,10 @@ class: standard
 capacity:
   market: spot
   strategy: most-available
-  fallback: on-demand-after-120s
+  # Fail closed instead of silently falling back to on-demand while the
+  # Azure-backed billing account is the default runner path.
+  fallback: spot-only
   hints: true
-  availabilityZones:
-    - eu-west-1a
-    - eu-west-1b
-    - eu-west-1c
-  regions:
-    - eu-west-1
-    - eu-west-2
-    - eu-central-1
-    - us-east-1
-    - us-west-2
 actions:
   workflow: .github/workflows/crabbox-hydrate.yml
   # Default AWS hydration uses local Actions replay. Use
@@ -37,6 +29,8 @@ blacksmith:
   job: check
   ref: main
 aws:
+  # AWS-specific overrides still pin direct `--provider aws` runs without
+  # leaking AWS region names into the Azure default capacity fallback list.
   region: eu-west-1
   rootGB: 400
 sync:

.github/codeql/codeql-network-runtime-boundary-critical-quality.yml

@@ -7,8 +7,16 @@ queries:
   - uses: ./.github/codeql/openclaw-boundary/queries/managed-proxy-runtime-mutation.ql
 
 paths:
-  - src
-  - extensions
+  - src/cli/gateway-cli/run-loop.ts
+  - src/infra/gateway-lock.ts
+  - src/infra/jsonl-socket.ts
+  - src/infra/net
+  - src/infra/push-apns-http2.ts
+  - src/infra/ssh-tunnel.ts
+  - src/proxy-capture
+  - extensions/codex-supervisor/src/json-rpc-client.ts
+  - extensions/irc/src
+  - extensions/qa-lab/src
   - packages/net-policy/src
 
 paths-ignore:

.github/labeler.yml

@@ -132,6 +132,11 @@
       - any-glob-to-any-file:
           - "extensions/slack/**"
           - "docs/channels/slack.md"
+"channel: sms":
+  - changed-files:
+      - any-glob-to-any-file:
+          - "extensions/sms/**"
+          - "docs/channels/sms.md"
 "channel: synology-chat":
   - changed-files:
       - any-glob-to-any-file:

.github/workflows/ci-build-artifacts-testbox.yml

@@ -27,7 +27,7 @@ jobs:
     timeout-minutes: 35
     steps:
       - name: Begin Testbox
-        uses: useblacksmith/begin-testbox@d0e04585c26905fdd92c94a09c159544c7ee1b67
+        uses: useblacksmith/begin-testbox@233448af4bfdc6fca509a7f0974411ac6d8a8043
         with:
           testbox_id: ${{ inputs.testbox_id }}
 
@@ -231,7 +231,7 @@ jobs:
         run: bash scripts/ci-hydrate-testbox-env.sh
 
       - name: Run Testbox
-        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
+        uses: useblacksmith/run-testbox@3f60ff9ceb2c10c3feefa87dc0c6490cffae059d
         if: success()
         env:
           FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

.github/workflows/ci-check-testbox.yml

@@ -15,6 +15,9 @@ permissions:
 
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+  PNPM_CONFIG_MODULES_DIR: "/tmp/openclaw-pnpm-node-modules"
+  PNPM_CONFIG_STORE_DIR: "/tmp/openclaw-pnpm-store"
+  PNPM_CONFIG_VIRTUAL_STORE_DIR: "/tmp/openclaw-pnpm-virtual-store"
 
 jobs:
   check:
@@ -26,7 +29,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Begin Testbox
-        uses: useblacksmith/begin-testbox@d0e04585c26905fdd92c94a09c159544c7ee1b67
+        uses: useblacksmith/begin-testbox@233448af4bfdc6fca509a7f0974411ac6d8a8043
         with:
           testbox_id: ${{ inputs.testbox_id }}
       - name: Checkout
@@ -133,7 +136,7 @@ jobs:
         run: bash scripts/ci-hydrate-testbox-env.sh
 
       - name: Run Testbox
-        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
+        uses: useblacksmith/run-testbox@3f60ff9ceb2c10c3feefa87dc0c6490cffae059d
         if: success()
         env:
           FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

.github/workflows/ci.yml

@@ -601,7 +601,7 @@ jobs:
         uses: actions/cache@v5
         with:
           path: .artifacts/build-all-cache
-          key: ${{ runner.os }}-build-all-v3-${{ hashFiles('package.json', 'pnpm-lock.yaml', 'npm-shrinkwrap.json', 'packages/plugin-sdk/package.json', 'packages/llm-core/package.json', 'packages/memory-host-sdk/package.json', 'scripts/build-all.mjs', 'scripts/write-plugin-sdk-entry-dts.ts', 'scripts/lib/plugin-sdk-entries.mjs', 'tsconfig.json', 'tsconfig.plugin-sdk.dts.json', 'src/plugin-sdk/**', 'packages/llm-core/src/**', 'packages/memory-host-sdk/src/**', 'src/types/**', 'src/video-generation/dashscope-compatible.ts', 'src/video-generation/types.ts', 'scripts/copy-export-html-templates.ts', 'scripts/lib/copy-assets.ts', 'src/auto-reply/reply/export-html/**') }}
+          key: ${{ runner.os }}-build-all-v3-${{ hashFiles('package.json', 'pnpm-lock.yaml', 'npm-shrinkwrap.json', 'packages/plugin-sdk/package.json', 'packages/llm-core/package.json', 'packages/model-catalog-core/package.json', 'packages/memory-host-sdk/package.json', 'scripts/build-all.mjs', 'scripts/write-plugin-sdk-entry-dts.ts', 'scripts/lib/plugin-sdk-entries.mjs', 'tsconfig.json', 'tsconfig.plugin-sdk.dts.json', 'src/plugin-sdk/**', 'packages/llm-core/src/**', 'packages/model-catalog-core/src/**', 'packages/memory-host-sdk/src/**', 'src/types/**', 'src/video-generation/dashscope-compatible.ts', 'src/video-generation/types.ts', 'scripts/copy-export-html-templates.ts', 'scripts/lib/copy-assets.ts', 'src/auto-reply/reply/export-html/**') }}
           restore-keys: |
             ${{ runner.os }}-build-all-v3-
 
@@ -834,10 +834,10 @@ jobs:
               ;;
             contracts-plugins-ci-routing)
               pnpm test:contracts:plugins
-              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/test-projects.test.ts
+              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/changed-lanes.test.ts test/scripts/run-vitest.test.ts test/scripts/test-projects.test.ts
               ;;
             ci-routing)
-              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/test-projects.test.ts
+              pnpm test src/commands/status.scan-result.test.ts src/scripts/ci-changed-scope.test.ts test/scripts/changed-lanes.test.ts test/scripts/run-vitest.test.ts test/scripts/test-projects.test.ts
               ;;
             bun-launcher)
               OPENCLAW_TEST_BUN_LAUNCHER=1 pnpm test test/openclaw-launcher.e2e.test.ts
@@ -1079,7 +1079,6 @@ jobs:
           node openclaw.mjs --help
           node openclaw.mjs status --json --timeout 1
           pnpm test:build:singleton
-
   checks-node-core-test-nondist-shard:
     permissions:
       contents: read
@@ -1151,6 +1150,7 @@ jobs:
           OPENCLAW_NODE_TEST_CONFIGS_JSON: ${{ toJson(matrix.configs) }}
           OPENCLAW_NODE_TEST_INCLUDE_PATTERNS_JSON: ${{ toJson(matrix.includePatterns) }}
           OPENCLAW_VITEST_SHARD_NAME: ${{ matrix.shard_name }}
+          OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS: "900000"
           OPENCLAW_TEST_PROJECTS_PARALLEL: "2"
         shell: bash
         run: |
@@ -1403,7 +1403,7 @@ jobs:
             packages/plugin-sdk/dist
             extensions/*/dist/.boundary-tsc.tsbuildinfo
             extensions/*/dist/.boundary-tsc.stamp
-          key: ${{ runner.os }}-extension-package-boundary-v1-${{ hashFiles('tsconfig.json', 'tsconfig.plugin-sdk.dts.json', 'packages/plugin-sdk/tsconfig.json', 'packages/llm-core/package.json', 'scripts/check-extension-package-tsc-boundary.mjs', 'scripts/prepare-extension-package-boundary-artifacts.mjs', 'scripts/write-plugin-sdk-entry-dts.ts', 'scripts/lib/plugin-sdk-entrypoints.json', 'scripts/lib/plugin-sdk-entries.mjs', 'src/plugin-sdk/**', 'src/auto-reply/**', 'packages/llm-core/src/**', 'src/video-generation/dashscope-compatible.ts', 'src/video-generation/types.ts', 'src/types/**', 'extensions/**', 'extensions/tsconfig.package-boundary*.json', 'package.json', 'pnpm-lock.yaml') }}
+          key: ${{ runner.os }}-extension-package-boundary-v1-${{ hashFiles('tsconfig.json', 'tsconfig.plugin-sdk.dts.json', 'packages/plugin-sdk/tsconfig.json', 'packages/llm-core/package.json', 'packages/model-catalog-core/package.json', 'scripts/check-extension-package-tsc-boundary.mjs', 'scripts/prepare-extension-package-boundary-artifacts.mjs', 'scripts/write-plugin-sdk-entry-dts.ts', 'scripts/lib/plugin-sdk-entrypoints.json', 'scripts/lib/plugin-sdk-entries.mjs', 'src/plugin-sdk/**', 'src/auto-reply/**', 'packages/llm-core/src/**', 'packages/model-catalog-core/src/**', 'src/video-generation/dashscope-compatible.ts', 'src/video-generation/types.ts', 'src/types/**', 'extensions/**', 'extensions/tsconfig.package-boundary*.json', 'package.json', 'pnpm-lock.yaml') }}
           restore-keys: |
             ${{ runner.os }}-extension-package-boundary-v1-
 
@@ -1420,14 +1420,22 @@ jobs:
           find src \
             -type f \( -name '*.ts' -o -name '*.tsx' -o -name '*.mts' -o -name '*.cts' -o -name '*.js' -o -name '*.mjs' -o -name '*.json' \) \
             -exec touch -t 200001010000 {} +
-          find packages/llm-core/src \
-            -type f \( -name '*.ts' -o -name '*.tsx' -o -name '*.mts' -o -name '*.cts' -o -name '*.js' -o -name '*.mjs' -o -name '*.json' \) \
-            -exec touch -t 200001010000 {} +
-          touch -t 200001010000 \
+          if [ -d packages/llm-core/src ]; then
+            find packages/llm-core/src \
+              -type f \( -name '*.ts' -o -name '*.tsx' -o -name '*.mts' -o -name '*.cts' -o -name '*.js' -o -name '*.mjs' -o -name '*.json' \) \
+              -exec touch -t 200001010000 {} +
+          fi
+          if [ -d packages/model-catalog-core/src ]; then
+            find packages/model-catalog-core/src \
+              -type f \( -name '*.ts' -o -name '*.tsx' -o -name '*.mts' -o -name '*.cts' -o -name '*.js' -o -name '*.mjs' -o -name '*.json' \) \
+              -exec touch -t 200001010000 {} +
+          fi
+          cache_inputs=(
             tsconfig.json \
             tsconfig.plugin-sdk.dts.json \
             packages/plugin-sdk/tsconfig.json \
             packages/llm-core/package.json \
+            packages/model-catalog-core/package.json \
             scripts/check-extension-package-tsc-boundary.mjs \
             scripts/prepare-extension-package-boundary-artifacts.mjs \
             scripts/write-plugin-sdk-entry-dts.ts \
@@ -1435,6 +1443,12 @@ jobs:
             scripts/lib/plugin-sdk-entries.mjs \
             package.json \
             pnpm-lock.yaml
+          )
+          for cache_input in "${cache_inputs[@]}"; do
+            if [ -e "$cache_input" ]; then
+              touch -t 200001010000 "$cache_input"
+            fi
+          done
 
       - name: Run additional check shard
         env:
@@ -1957,6 +1971,21 @@ jobs:
           done
           exit 1
 
+      - name: OpenClawKit Talk-trait opt-out (no ElevenLabsKit when default traits disabled)
+        run: |
+          set -euo pipefail
+          # Guard: chat-only consumers build OpenClawKit with the Talk trait
+          # disabled and must NOT link ElevenLabsKit. Assert that future sources
+          # under OpenClawKit cannot silently reintroduce an unconditional
+          # ElevenLabsKit dependency while the manifest still looks correct.
+          deps="$(swift package --package-path apps/shared/OpenClawKit show-dependencies --disable-default-traits)"
+          echo "$deps"
+          if grep -qi 'elevenlabs' <<<"$deps"; then
+            echo "::error::ElevenLabsKit resolved with the Talk trait disabled; keep it gated behind the Talk trait."
+            exit 1
+          fi
+          swift build --package-path apps/shared/OpenClawKit --target OpenClawKit --disable-default-traits
+
       - name: Swift test
         run: |
           set -euo pipefail

.github/workflows/codeql-critical-quality.yml

@@ -210,6 +210,9 @@ jobs:
           else
             while IFS= read -r file; do
               case "${file}" in
+                .github/codeql/codeql-network-runtime-boundary-critical-quality.yml|.github/codeql/openclaw-boundary/queries/raw-socket-callsite-classification.ql|.github/codeql/openclaw-boundary/queries/managed-proxy-runtime-mutation.ql)
+                  network_runtime=true
+                  ;;
                 .github/codeql/*|.github/workflows/codeql-critical-quality.yml)
                   agent=true
                   channel=true
@@ -222,7 +225,6 @@ jobs:
                   plugin_sdk_package=true
                   plugin_sdk_reply=true
                   provider=true
-                  network_runtime=true
                   session_diagnostics=true
                   ;;
                 src/agents/sessions/tools/*)
@@ -302,7 +304,9 @@ jobs:
               esac
 
               case "${file}" in
-                src/*.ts|src/**/*.ts|extensions/*.ts|extensions/**/*.ts|packages/net-policy/src/*|packages/net-policy/src/**/*)
+                src/**/*.test.ts|src/**/*.test.tsx|extensions/**/*.test.ts|extensions/**/*.test.tsx)
+                  ;;
+                packages/net-policy/src/*|packages/net-policy/src/**/*|src/cli/gateway-cli/run-loop.ts|src/infra/net/*|src/infra/net/**/*|src/infra/ssh-tunnel.ts|src/infra/gateway-lock.ts|src/infra/jsonl-socket.ts|src/infra/push-apns-http2.ts|src/proxy-capture/*|src/proxy-capture/**/*|extensions/codex-supervisor/src/json-rpc-client.ts|extensions/irc/src/*|extensions/qa-lab/src/*)
                   network_runtime=true
                   ;;
               esac
@@ -429,7 +433,33 @@ jobs:
         with:
           submodules: false
 
+      - name: Fast PR network boundary diff scan
+        if: ${{ github.event_name == 'pull_request' }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPOSITORY: ${{ github.repository }}
+        run: |
+          set -euo pipefail
+
+          added_lines="$(mktemp)"
+          gh api --paginate "repos/${REPOSITORY}/pulls/${PR_NUMBER}/files" --jq '
+            .[]
+            | select(.filename | test("^(src/cli/gateway-cli/run-loop\\.ts|src/infra/(gateway-lock|jsonl-socket|push-apns-http2|ssh-tunnel)\\.ts|src/infra/net/|src/proxy-capture/|extensions/codex-supervisor/src/json-rpc-client\\.ts|extensions/irc/src/|extensions/qa-lab/src/|packages/net-policy/src/)"))
+            | .filename as $file
+            | (.patch // "")
+            | split("\n")[]
+            | select(startswith("+") and (startswith("+++") | not))
+            | "\($file): \(.)"
+          ' > "$added_lines"
+
+          if grep -En '(from|require\().*["'\''](node:)?(net|tls|http2)["'\'']|\b(net|tls|http2)\.(connect|createConnection)\b|new Socket\(|HTTP_PROXY|HTTPS_PROXY|NO_PROXY|GLOBAL_AGENT_|OPENCLAW_PROXY_' "$added_lines"; then
+            echo "Network runtime boundary-sensitive added lines require full CodeQL review." >&2
+            exit 1
+          fi
+
       - name: Initialize CodeQL
+        if: ${{ github.event_name != 'pull_request' }}
         uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
         with:
           languages: javascript-typescript
@@ -437,12 +467,14 @@ jobs:
 
       - name: Analyze
         id: analyze
+        if: ${{ github.event_name != 'pull_request' }}
         uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
         with:
           output: sarif-results
           category: "/codeql-critical-quality/network-runtime-boundary"
 
       - name: Fail on network runtime boundary findings
+        if: ${{ github.event_name != 'pull_request' }}
         env:
           SARIF_OUTPUT: sarif-results
         run: |

.github/workflows/docs-sync-publish.yml

@@ -43,7 +43,7 @@ jobs:
         if: env.OPENCLAW_DOCS_SYNC_TOKEN != ''
         uses: actions/setup-node@v6
         with:
-          node-version: "24.x"
+          node-version: "22.19.0"
 
       - name: Clone publish repo
         if: env.OPENCLAW_DOCS_SYNC_TOKEN != ''

.github/workflows/labeler.yml

@@ -115,6 +115,7 @@ jobs:
               issue_number: pullRequest.number,
               per_page: 100,
             });
+            const labelNames = new Set(currentLabels.map((label) => label.name ?? ""));
 
             for (const label of currentLabels) {
               const name = label.name ?? "";
@@ -130,14 +131,17 @@ jobs:
                 issue_number: pullRequest.number,
                 name,
               });
+              labelNames.delete(name);
             }
 
-            await github.rest.issues.addLabels({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: pullRequest.number,
-              labels: [targetSizeLabel],
-            });
+            if (!labelNames.has(targetSizeLabel)) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: pullRequest.number,
+                labels: [targetSizeLabel],
+              });
+            }
       - name: Apply maintainer or trusted-contributor label
         uses: actions/github-script@v9
         with:

.github/workflows/openclaw-npm-release.yml

@@ -372,6 +372,11 @@ jobs:
       actions: read
       contents: read
     steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
       - name: Require trusted workflow ref for publish
         env:
           RELEASE_TAG: ${{ inputs.tag }}
@@ -429,12 +434,13 @@ jobs:
             echo "Direct OpenClaw npm publish; relying on this workflow's npm-release environment approval."
             exit 0
           fi
+          direct_recovery=false
           if [[ "${GITHUB_ACTOR}" != "github-actions[bot]" ]]; then
-            echo "OpenClaw npm publish must be dispatched by the OpenClaw Release Publish workflow, not directly by ${GITHUB_ACTOR}." >&2
-            exit 1
+            direct_recovery=true
+            echo "Direct OpenClaw npm recovery with release_publish_run_id; relying on this workflow's npm-release environment approval."
           fi
           RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"
-          printf '%s' "$RUN_JSON" | node -e 'const fs = require("node:fs"); const run = JSON.parse(fs.readFileSync(0, "utf8")); const checks = [["workflowName", "OpenClaw Release Publish"], ["headBranch", process.env.EXPECTED_WORKFLOW_BRANCH], ["event", "workflow_dispatch"]]; for (const [key, expected] of checks) { if (run[key] !== expected) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`); process.exit(1); } } if (run.status !== "in_progress") { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must still be in_progress, got ${run.status ?? "<missing>"}.`); process.exit(1); } if (run.conclusion) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} already concluded ${run.conclusion}.`); process.exit(1); } console.log(`Using release publish approval run ${process.env.RELEASE_PUBLISH_RUN_ID}: ${run.url}`);'
+          printf '%s' "$RUN_JSON" | DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs
 
   publish_openclaw_npm:
     # KEEP THE REAL RELEASE/PUBLISH PATH ON A GITHUB-HOSTED RUNNER.

.github/workflows/plugin-clawhub-release.yml

@@ -207,6 +207,11 @@ jobs:
       actions: read
       contents: read
     steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
       - name: Validate release publish approval run
         env:
           GH_TOKEN: ${{ github.token }}
@@ -222,12 +227,13 @@ jobs:
             echo "Direct Plugin ClawHub Release dispatch; relying on this workflow's clawhub-plugin-release environment approval."
             exit 0
           fi
+          direct_recovery=false
           if [[ "${GITHUB_ACTOR}" != "github-actions[bot]" ]]; then
-            echo "Plugin ClawHub publish must be dispatched by the OpenClaw Release Publish workflow, not directly by ${GITHUB_ACTOR}." >&2
-            exit 1
+            direct_recovery=true
+            echo "Direct Plugin ClawHub Release recovery with release_publish_run_id; relying on this workflow's clawhub-plugin-release environment approval."
           fi
           RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"
-          printf '%s' "$RUN_JSON" | node -e 'const fs = require("node:fs"); const run = JSON.parse(fs.readFileSync(0, "utf8")); const checks = [["workflowName", "OpenClaw Release Publish"], ["headBranch", process.env.EXPECTED_WORKFLOW_BRANCH], ["event", "workflow_dispatch"]]; for (const [key, expected] of checks) { if (run[key] !== expected) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`); process.exit(1); } } if (run.status !== "in_progress") { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must still be in_progress, got ${run.status ?? "<missing>"}.`); process.exit(1); } if (run.conclusion) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} already concluded ${run.conclusion}.`); process.exit(1); } console.log(`Using release publish approval run ${process.env.RELEASE_PUBLISH_RUN_ID}: ${run.url}`);'
+          printf '%s' "$RUN_JSON" | DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs
 
   preview_plugin_pack:
     needs: preview_plugins_clawhub

.github/workflows/plugin-npm-release.yml

@@ -184,6 +184,11 @@ jobs:
       actions: read
       contents: read
     steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
       - name: Validate release publish approval run
         env:
           GH_TOKEN: ${{ github.token }}
@@ -199,12 +204,13 @@ jobs:
             echo "Direct Plugin NPM Release dispatch; relying on this workflow's npm-release environment approval."
             exit 0
           fi
+          direct_recovery=false
           if [[ "${GITHUB_ACTOR}" != "github-actions[bot]" ]]; then
-            echo "Plugin npm publish must be dispatched by the OpenClaw Release Publish workflow, not directly by ${GITHUB_ACTOR}." >&2
-            exit 1
+            direct_recovery=true
+            echo "Direct Plugin NPM Release recovery with release_publish_run_id; relying on this workflow's npm-release environment approval."
           fi
           RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"
-          printf '%s' "$RUN_JSON" | node -e 'const fs = require("node:fs"); const run = JSON.parse(fs.readFileSync(0, "utf8")); const checks = [["workflowName", "OpenClaw Release Publish"], ["headBranch", process.env.EXPECTED_WORKFLOW_BRANCH], ["event", "workflow_dispatch"]]; for (const [key, expected] of checks) { if (run[key] !== expected) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`); process.exit(1); } } if (run.status !== "in_progress") { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must still be in_progress, got ${run.status ?? "<missing>"}.`); process.exit(1); } if (run.conclusion) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} already concluded ${run.conclusion}.`); process.exit(1); } console.log(`Using release publish approval run ${process.env.RELEASE_PUBLISH_RUN_ID}: ${run.url}`);'
+          printf '%s' "$RUN_JSON" | DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs
 
   preview_plugin_pack:
     needs: preview_plugins_npm

.github/workflows/windows-blacksmith-testbox.yml

@@ -197,4 +197,4 @@ jobs:
 
       - name: Testbox action marker
         if: ${{ false }}
-        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
+        uses: useblacksmith/run-testbox@3f60ff9ceb2c10c3feefa87dc0c6490cffae059d

.gitignore

@@ -59,6 +59,8 @@ apps/ios/.swiftpm/
 apps/ios/.derivedData/
 apps/ios/.local-signing.xcconfig
 vendor/
+!src/auto-reply/reply/export-html/vendor/
+!src/auto-reply/reply/export-html/vendor/**
 apps/ios/Clawdbot.xcodeproj/
 apps/ios/Clawdbot.xcodeproj/**
 apps/macos/.build/**
@@ -101,9 +103,13 @@ USER.md
 # though the bare names match the local-untracked rule above.
 !extensions/oc-path/src/oc-path/tests/fixtures/real/IDENTITY.md
 !extensions/oc-path/src/oc-path/tests/fixtures/real/USER.md
+!docs/reference/templates/IDENTITY.md
+!docs/reference/templates/USER.md
 *.tgz
 *.tar.gz
 *.zip
+!test/fixtures/plugins-install/*.tgz
+!test/fixtures/plugins-install/*.zip
 .idea
 .vscode/
 
@@ -128,10 +134,7 @@ mantis/
 !.agents/skills/control-ui-e2e/**
 !.agents/skills/gitcrawl/
 !.agents/skills/gitcrawl/**
-!.agents/skills/technical-documentation/
-!.agents/skills/technical-documentation/**
-!.agents/skills/openclaw-refactor-docs/
-!.agents/skills/openclaw-refactor-docs/**
+!.agents/skills/openclaw-docs/**
 !.agents/skills/openclaw-debugging/
 !.agents/skills/openclaw-debugging/**
 !.agents/skills/openclaw-ghsa-maintainer/

.oxlintrc.json

@@ -20,34 +20,44 @@
     "eslint/no-multi-str": "error",
     "eslint/no-new": "error",
     "eslint/no-object-constructor": "error",
+    "eslint/no-param-reassign": "error",
     "eslint/no-proto": "error",
     "eslint/no-regex-spaces": "error",
     "eslint/no-return-assign": "error",
     "eslint/no-sequences": "error",
     "eslint/no-self-compare": "error",
     "eslint/no-shadow": "off",
+    "eslint/no-implicit-coercion": "error",
     "eslint/no-var": "error",
     "eslint/no-useless-call": "error",
     "eslint/no-useless-computed-key": "error",
     "eslint/no-useless-concat": "error",
     "eslint/no-useless-constructor": "error",
+    "eslint/no-useless-rename": "error",
+    "eslint/no-useless-return": "error",
     "eslint/no-unused-vars": "off",
     "eslint/no-warning-comments": "error",
     "eslint/no-unmodified-loop-condition": "error",
     "eslint/no-new-wrappers": "error",
     "eslint/no-else-return": "error",
+    "eslint/no-lonely-if": "error",
     "eslint/no-case-declarations": "error",
     "eslint/default-case-last": "error",
     "eslint/default-param-last": "error",
     "eslint/prefer-exponentiation-operator": "error",
+    "eslint/prefer-const": "error",
     "eslint/prefer-numeric-literals": "error",
+    "eslint/prefer-object-has-own": "error",
+    "eslint/object-shorthand": "error",
     "eslint/prefer-rest-params": "error",
     "eslint/prefer-spread": "error",
     "eslint/radix": "error",
     "eslint/unicode-bom": "error",
     "eslint/yoda": "error",
     "import/no-absolute-path": "error",
+    "import/first": "error",
     "import/no-empty-named-blocks": "error",
+    "import/no-duplicates": "error",
     "import/no-self-import": "error",
     "node/no-exports-assign": "error",
     "eslint-plugin-unicorn/prefer-set-size": "error",
@@ -66,7 +76,9 @@
     "typescript/no-empty-object-type": ["error", { "allowInterfaces": "with-single-extends" }],
     "typescript/no-explicit-any": "error",
     "typescript/no-extraneous-class": "error",
+    "typescript/no-import-type-side-effects": "error",
     "typescript/no-meaningless-void-operator": "error",
+    "typescript/no-inferrable-types": "error",
     "typescript/no-non-null-asserted-nullish-coalescing": "error",
     "typescript/no-unnecessary-qualifier": "error",
     "typescript/no-unnecessary-type-assertion": "error",
@@ -86,6 +98,7 @@
     "typescript/prefer-namespace-keyword": "error",
     "typescript/prefer-return-this-type": "error",
     "typescript/prefer-find": "error",
+    "typescript/prefer-for-of": "error",
     "typescript/prefer-function-type": "error",
     "typescript/prefer-includes": "error",
     "typescript/prefer-reduce-type-parameter": "error",
@@ -106,14 +119,17 @@
     "unicorn/no-new-buffer": "error",
     "unicorn/no-thenable": "error",
     "unicorn/no-typeof-undefined": "error",
+    "unicorn/no-unreadable-array-destructuring": "error",
     "unicorn/no-unnecessary-array-flat-depth": "error",
     "unicorn/no-unnecessary-array-splice-count": "error",
     "unicorn/no-unnecessary-slice-end": "error",
     "unicorn/no-useless-error-capture-stack-trace": "error",
     "unicorn/no-useless-promise-resolve-reject": "error",
+    "unicorn/no-zero-fractions": "error",
     "unicorn/prefer-date-now": "error",
     "unicorn/prefer-dom-node-text-content": "error",
     "unicorn/prefer-keyboard-event-key": "error",
+    "unicorn/prefer-array-flat": "error",
     "unicorn/prefer-array-some": "error",
     "unicorn/prefer-math-min-max": "error",
     "unicorn/prefer-node-protocol": "error",
@@ -123,6 +139,8 @@
     "unicorn/prefer-prototype-methods": "error",
     "unicorn/prefer-regexp-test": "error",
     "unicorn/prefer-set-size": "error",
+    "unicorn/prefer-set-has": "error",
+    "unicorn/prefer-structured-clone": "error",
     "unicorn/prefer-string-starts-ends-with": "error",
     "unicorn/prefer-string-slice": "error",
     "unicorn/require-array-join-separator": "error",
@@ -183,6 +201,7 @@
     "docs/_layouts/",
     "extensions/diffs/assets/viewer-runtime.js",
     "extensions/diffs-language-pack/assets/viewer-runtime.js",
+    "extensions/canvas/src/host/a2ui/a2ui.bundle.js",
     "node_modules/",
     "patches/",
     "pnpm-lock.yaml",

AGENTS.md

@@ -78,7 +78,7 @@ Skills own workflows; root owns hard policy and routing.
 - Gateway/plugin metadata is process-stable: installs, manifests, catalogs, generated paths, bundled metadata. Changes require restart or explicit owner reload/install/doctor flow.
 - Runtime hot paths: no freshness polling (`stat`/`realpath`/JSON reread/hash). Reuse current snapshots, install records, discovery, lookup tables, root scopes, resolved paths.
 - Process-local metadata caches ok when lifecycle-owned and bounded/single-slot. Freshness exceptions need named owner + tests.
-- Inline comments: preserve reviewer context at the code site. Use for cross-path/state invariants, platform/dependency caps, deterministic ordering, compact encoded state, lifecycle ordering, ownership boundaries, session/id adoption, queue-depth symmetry, fallbacks, or intentional caller differences.
+- Inline comments: preserve reviewer context at the code site. Required for non-obvious cross-path/state invariants, lifecycle ordering, ownership boundaries, queue/dedupe symmetry, TTL/cache expiry, cleanup/release coupling, session/id adoption, fallback behavior, platform/dependency caps, deterministic ordering, compact encoded state, or intentional caller differences.
 - Comment shape: 1-3 short lines; state why the branch/helper exists, what contract it protects, and the bad outcome if removed. Cite nearby constants/helpers when useful. No syntax narration, PR/user-specific lore, or obvious mechanics.
 - Gateway protocol changes: additive first; incompatible needs versioning/docs/client follow-through.
 - Protocol version bumps: explicit owner confirmation only; never automatic/generated.
@@ -154,19 +154,9 @@ Skills own workflows; root owns hard policy and routing.
 - Calls should be boring: complex decisions happen above; call args/object fields are names, literals, or simple property reads.
 - Prefer early returns over nested condition pyramids. Split code into gather -> normalize -> decide -> act.
 - Use named intermediates only for domain meaning or readability; avoid temp-variable soup.
-- Code size matters. Prefer small clear code; maintainability includes not growing LOC without payoff.
-- Refactors should delete about as much local complexity as they add. If LOC grows, the new ownership/API needs to clearly pay for it.
-- Before adding helpers/files, check whether existing code can absorb the behavior with less new surface.
-- Keep APIs narrow: export only current caller needs; keep types/helpers local by default.
-- Return the smallest useful shape. Avoid broad result objects, flags, metadata unless callers use them.
-- Avoid adapter layers that only rename fields. Move real responsibility or leave code local.
-- Inline simple one-use objects/spreads when clearer. Extract only when it removes duplication or hard logic.
-- Tests prove behavior/regressions, not every internal branch.
-- For non-trivial refactors, check `git diff --numstat` before closeout. If LOC grew, trim or explain why.
-- Prefer existing narrow helpers over repeated casts/guards. Add local helpers when 2+ nearby call sites share real boundary logic.
-- Prefer ctor parameter properties for injected deps/config. Do not ban them for erasable-syntax purity.
-- Prefer `satisfies` for registries/config maps; derive types from schemas when a runtime schema already exists.
-- Table-drive repetitive tests when it reduces code and keeps failure names clear.
+- Storage adapters: quarantine schema/nullability mess at the boundary. Use one named mapper from domain object to DB row, one mapper from DB row to domain object, and keep read/write paths boring.
+- Discriminated unions: use exhaustive `switch` mappers instead of repeated inline conditionals. If insert/update share shape, build the row once and reuse it; split primary keys once for update sets.
+- Kysely rows: prefer generated `Insertable`/`Selectable` types for mapper contracts. Do not duplicate nullable-column logic inside `values(...)` and `doUpdateSet(...)`.
 - Dynamic import: no static+dynamic import for same prod module. Use `*.runtime.ts` lazy boundary. After edits: `pnpm build`; check `[INEFFECTIVE_DYNAMIC_IMPORT]`.
 - Cycles: keep `pnpm check:import-cycles` + architecture/madge green.
 - Classes: no prototype mixins/mutations. Prefer inheritance/composition. Tests prefer per-instance stubs.
@@ -230,6 +220,7 @@ Skills own workflows; root owns hard policy and routing.
 - Crabbox/WebVNC human demos: keep remote desktop visible/windowed; no fullscreen remote browser unless video/capture-style output.
 - ClawSweeper ops: `$clawsweeper`. Deployed hook sessions may post one concise `#clawsweeper` note only when surprising/actionable/risky; if using message tool, reply exactly `NO_REPLY`.
 - Generated-media completions wake the requester agent first. Requester visible-reply config decides final text vs message tool; direct media send is fallback/recovery only.
+- `message_tool_only`: visible source reply = current-source `message(action=send)` only. No `NO_REPLY` prompt/contract; no message call = no source reply. Never auto-publish private final.
 - Memory wiki prompt digest stays tiny; prefer `wiki_search` / `wiki_get`; verify contact data before use; source-class provenance for generated people facts.
 - Rebrand/migration/config warnings: run `openclaw doctor`.
 - Never edit `node_modules`.

CHANGELOG.md

@@ -15,35 +15,70 @@ Docs: https://docs.openclaw.ai
 
 ### Changes
 
+- Docs: add a dedicated Skill Workshop guide covering governed skill creation, reviewable proposals, CLI, Gateway, agent tool behavior, approval policy, support files, and recovery. Thanks @shakkernerd.
+- Skills: let the `skill_workshop` agent tool apply, reject, and quarantine explicit proposals through the guarded review flow. Thanks @shakkernerd.
+- Skills: let proposals carry approved support files under standard skill folders, with scanner, hash, and rollback safeguards. Thanks @shakkernerd.
+- Skills: let pending proposals be revised in place with versioned, dated proposal frontmatter before approval. Thanks @shakkernerd.
+- Skills: add Skill Workshop with pending proposals, CLI/Gateway review actions, rollback metadata, and the `skill_workshop` agent tool. Thanks @shakkernerd.
 - Plugins: externalize Tokenjuice as the official `@openclaw/tokenjuice` plugin with npm and ClawHub publish metadata.
 - Plugins: externalize the GitHub Copilot agent runtime as the official `@openclaw/copilot` plugin with npm and ClawHub publish metadata.
 - iOS: add hosted push relay defaults, realtime Talk playback, and a guarded WebSocket ping path for more reliable mobile sessions. (#88096, #88105, #88231)
 - Workboard: add orchestration primitives and agent coordination tools for multi-agent planning and run tracking. (#87469)
+- Code mode: add internal namespaces for scoped agent/global sessions and exact namespace tool dispatch. (#88043)
+- Control UI: add a Dreaming-tab agent selector and propagate the selected agent through Dreaming status, diary, and diary actions. (#78748) Thanks @stevenepalmer.
 - Plugins: add a SecretRef provider integration manifest contract and extract shared LLM core packages for provider/plugin reuse. (#82326, #88117)
 - Skills: add the core skills index and centralize skills runtime loading, status, filtering, and prompt formatting.
 
 ### Fixes
 
+- Agents/Codex: keep public OpenAI API-key profiles from being treated as native Codex app-server auth while preserving persisted Codex OAuth sessions.
+- Control UI: keep collapsed tool cards labeled with the tool name and action instead of generic output text. Thanks @shakkernerd.
+- Agents/Codex: surface Skill Workshop guidance in Codex app-server prompts when `skill_workshop` is available. Thanks @shakkernerd.
+- CLI: keep `plugins list --json` on the snapshot-only path so plugin sweeps avoid loading the full runtime status graph.
 - Plugins: make PixVerse external-plugin ClawHub metadata explicit and keep it out of bundled dist builds.
+- Cron: keep SQLite cron migrations compatible with legacy run-log tables, archived job stores, diagnostic cron names, and legacy one-shot delete-after-run behavior. (#88285)
 - Providers: bound generated media downloads from OpenAI, Runway, xAI, MiniMax, BytePlus, DashScope-compatible, FAL, OpenRouter, Google, Vydra, and Comfy providers.
 - Providers: cap GitHub Copilot OAuth request timeouts before creating abort signals.
 - Cron: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot.
 - Agents/Codex: keep live session locks during cleanup, recover interrupted CLI tool transcripts, preserve Codex auth and compaction session identity, clear orphan tool state, cap app-server idle timers, and keep media completion delivery retryable. (#88129, #88136, #88141, #88162, #88182)
+- Chat/UI: show Gateway chat failures as visible assistant messages in the Control UI instead of only setting an invisible error state.
 - Channels: cap Telegram, Discord, WhatsApp, Signal, Feishu, Google Chat, Microsoft Teams, QQBot, Nostr, Zalo, Zalouser, and Nextcloud-style request/retry timers; preserve SMS approval reply routes; and retry WhatsApp QR login 408 timeouts. (#88183)
 - Security/config parsing: reject unsafe OAuth/token lifetimes, retry-after delays, inbound timestamps, response body sizes, command timeout config, sandbox observer token TTLs, and gateway WebSocket calls after close.
 - Providers/media: cap local service, model, usage, queue, generated media, TTS, music, workflow polling, and provider OAuth request timers across hosted and local providers.
 - Release/CI/E2E: bound release candidate reads, beta smoke REST calls, changelog restore, kitchen-sink and bundled plugin readiness probes, secret-provider probes, Vitest routing, and mainline test flakes. (#88127, #88137, #88155, #88160)
-- Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, and single-entry store writes.
+- Release/CI/E2E: run the secret-provider integration proof through the repo pnpm runner so native macOS and Windows validation use the hydrated package-manager shim.
+- Release/CI/E2E: run the Telegram desktop proof gateway through the repo pnpm runner so native macOS proof uses the hydrated package-manager shim.
+- Docs/CI: run Mintlify anchor checks through the repo pnpm runner so docs link validation works when pnpm is only available through the hydrated package-manager shim.
+- Agents: keep configured fallback model metadata typed so provider params, context-token caps, and media input limits do not break changed-gate typechecks.
+- Agents: accept hidden `sessions_send` body aliases before validation while keeping the model-facing `message` schema canonical. (#88229) Thanks @zhangguiping-xydt.
+- CI/Crabbox: keep default runner capacity spot-only and provider-neutral so OpenClaw remote validation does not silently fall back to on-demand leases or stale AWS region hints.
+- CI/Crabbox: route Crabbox wrapper and Testbox workflow edits to their regression tests so changed-test gates do not silently run zero specs.
+- CI/workflows: route workflow sanity helper edits to their guard tests and cover composite-action input interpolation checks.
+- CI/tooling: route CI scope, dependency, changelog, and docs helper edits to their owner tests instead of silently skipping changed-test coverage.
+- CI/tooling: route package, release, and install helper edits to their owner tests so changed-test gates cover publish and installer script changes.
+- CI/tooling: route shared script library edits through their owner tests so lock, process, safety, and scan helpers do not skip changed-test coverage.
+- CI/tooling: skip expensive import-graph scans once a changed diff already requires broad fallback, keeping local changed-test planning fast while still collecting explicit owner tests.
+- CI/tooling: route script edits through conventional owner tests when matching `test/scripts` or `src/scripts` coverage already exists.
+- CI/tooling: honor option terminators in the memory FD repro script so follow-on arguments are not reparsed.
+- Release/CI/E2E: assert plugin lifecycle runtime inspect output instead of only capturing it.
+- Release/CI/E2E: make gateway-network prove the advertised health RPC and retry early WebSocket closes without burning full open timeouts.
+- Release/CI/E2E: honor option terminators across release, Parallels smoke, plugin gauntlet, and extension-memory scripts.
+- Release/CI/E2E: fail plugin gateway gauntlet QA chunks when the requested suite summary is missing or invalid.
+- Performance: prebuild QA runtime probes with generated plugin assets but without CLI startup metadata.
+- Performance: skip declaration bundling for runtime-only CLI startup and gateway watch build profiles.
+- Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, single-entry store writes, and validated/serialized session prompt blobs.
 
 ## 2026.5.28
 
 ### Highlights
 
-- Agent and Codex runtime recovery is steadier: subagents keep cwd/workspace separation, hook context stays prompt-local, session locks release on timeout abort, stale restart continuations are avoided, and Codex app-server/helper failures no longer tear down shared runtime state. (#87218, #86875, #87409, #87399, #87375)
-- Channel delivery and session identity got safer across outbound plugin hooks, Matrix room ids, iMessage reactions/approvals, Slack final replies, Discord recovered tool warnings, and Microsoft Teams service URL trust checks. (#73706, #75670, #87366, #87451, #87334)
-- Mobile and chat surfaces got a broader refresh: the iOS Pro UI, Gateway chat transport, onboarding, Talk permissions, WebChat reconnect delivery, and session picker behavior now preserve more state across reconnects and empty searches. (#87367, #87531, #87682)
-- CLI, auth, doctor, and provider paths fail faster and recover more clearly: malformed numeric/version options are rejected, OAuth and local service startup requests are bounded, legacy `api_key` auth profiles migrate to canonical form, and restart guidance is actionable. (#87398, #86281, #87361)
-- Plugin and Gateway hot paths do less repeated work while preserving cache correctness for install records, config JSON parsing, tool search catalogs, session stores, manifest model rows, auto-enabled plugin config, browser tokens, and viewer assets. (#86699)
+- Agent and Codex runtime recovery is steadier: subagents keep cwd/workspace separation, hook context stays prompt-local, session locks release on timeout abort while live OpenClaw locks survive cleanup, stale restart continuations are avoided, and Codex app-server/helper failures no longer tear down shared runtime state. (#87218, #86875, #87409, #87399, #87375, #88129)
+- Channel delivery and session identity got safer across outbound plugin hooks, Matrix room ids, iMessage reactions/approvals, Slack final replies, Discord recovered tool warnings, runtime-config message actions, WhatsApp profile auth roots, Telegram polling, and Microsoft Teams service URL trust checks. (#73706, #75670, #87366, #87451, #87334, #84535, #82492, #83304, #87160)
+- Mobile and chat surfaces got a broader refresh: the iOS Pro UI, hosted push relay default, realtime Talk tab playback, Gateway chat transport, onboarding, Talk permissions, WebChat reconnect delivery, and session picker behavior now preserve more state across reconnects and empty searches. (#87367, #87531, #87682, #88096, #88105) Thanks @ngutman and @BunsDev.
+- Browser, channel, and automation inputs are stricter: Browser tool timeouts, viewport/tab indices, Gateway ports, cron retry handling, Discord component ids, schema array refs, Telegram callback pages, and channel progress callbacks now reject malformed values earlier and preserve the intended delivery context. (#82887)
+- Provider, media, and document coverage expands with Claude Opus 4.8, Fal Krea image schemas, NVIDIA featured models, MiniMax streaming music responses, encrypted PDF extraction, voice model catalogs, GitHub Copilot agent runtime support, and a Codex Supervisor plugin path for delegated Codex workflows. (#87845, #87890, #80775, #84764, #87751, #87794)
+- CLI, auth, doctor, and provider paths fail faster and recover more clearly: malformed numeric/version options are rejected, workspace dotenv provider credentials are ignored, heartbeat defaults, OAuth/token lifetimes, and local service startup requests are bounded, agent auth health labels are clearer, legacy `api_key` auth profiles migrate to canonical form, and restart guidance is actionable. (#87398, #86281, #87361, #88133, #83655, #87559, #88088, #85924) Thanks @vincentkoc and @giodl73-repo.
+- Plugin and Gateway hot paths do less repeated work while preserving cache correctness for install records, config JSON parsing, tool search catalogs, session stores, manifest model rows, auto-enabled plugin config, browser tokens, viewer assets, and release-split external plugin packages. (#86699)
 - Release, QA, and E2E validation now bound more log, artifact, harness, and cross-OS waits so failing lanes produce proof instead of hanging or false-greening.
 
 ### Changes
@@ -51,25 +86,41 @@ Docs: https://docs.openclaw.ai
 - Status: show active subagent details in status output.
 - Diffs: split the default language pack and expand default Diffs language coverage while keeping the host floor aligned. (#87370, #87372) Thanks @RomneyDa.
 - ClawHub: add plugin display names plus skill verification and trust surfaces. (#87354, #86699) Thanks @thewilloftheshadow and @Patrick-Erichsen.
-- iOS: refresh the dev app with Pro Command, Chat, Agents, and Settings tabs wired to gateway sessions, diagnostics, chat, and realtime Talk. (#87367) Thanks @Solvely-Colin.
-- Docs: clarify Codex computer-use setup, paste-token stdin auth setup, macOS gateway sleep troubleshooting, native Codex hook relay recovery, container model auth, install deployment cards, device-token admin gating, and backport targets. (#87313, #63050) Thanks @bdjben, @liaoandi, and @thewilloftheshadow.
-- PDF/tools: use ClawPDF for PDF extraction and surface MCP structured content in agent tool results. (#87670)
+- iOS: refresh the dev app with Pro Command, Chat, Agents, Settings, hosted push relay defaults, and realtime Talk playback wired to gateway sessions, diagnostics, chat, and realtime Talk. (#87367, #88096, #88105) Thanks @Solvely-Colin and @ngutman.
+- Docs: clarify Codex computer-use setup, paste-token stdin auth setup, macOS gateway sleep troubleshooting, native Codex hook relay recovery, container model auth, install deployment cards, device-token admin gating, CLI setup flow compatibility, Notte cloud browser CDP setup, and backport targets. (#87313, #63050, #87685) Thanks @bdjben, @liaoandi, and @thewilloftheshadow.
+- PDF/tools: use ClawPDF for PDF extraction, support encrypted PDF extraction, and surface MCP structured content in agent tool results. (#87670, #87751)
+- Providers: add Claude Opus 4.8 support, Fal Krea image model schemas, NVIDIA featured model catalogs, MiniMax streaming music responses, and provider-backed voice model catalogs. (#87845, #87890, #80775, #84764, #87794) Thanks @eleqtrizit and @vincentkoc.
+- Codex/GitHub: add the GitHub Copilot agent runtime and the Codex Supervisor plugin package.
+- Plugins: externalize GitHub Copilot and Tokenjuice as official install-on-demand plugins with npm and ClawHub publish metadata.
+- Workboard: add agent coordination tools for tracking and handing off active agent work.
+- Discord: show commentary in progress drafts so live Discord runs expose useful in-progress context. (#85200)
+- Plugin SDK: add a reply payload sending hook for plugins that need to deliver channel-owned replies and flatten package types for SDK declarations. (#82823, #87165) Thanks @piersonr and @RomneyDa.
+- Policy: add policy comparison, ingress-channel conformance, and sandbox-posture conformance checks. (#85572, #85744, #86768)
 
 ### Fixes
 
 - Agents: fall back to local config pruning when the optional `agents delete` Gateway probe cannot authenticate, so offline installs can still delete agents without removing shared workspaces.
 - Tighten phone-control mutation authorization [AI]. (#87150) Thanks @pgondhi987.
 - Clarify directive persistence authorization policy [AI]. (#86369) Thanks @pgondhi987.
-- Agents/Codex: keep spawned agent cwd/workspace state separated, keep hook context prompt-local, release session locks on timeout abort, avoid session event queue self-wait, preserve shared app-server state across startup or helper failures, keep native hook relay alive across restarts, route workspace memory through tools, resolve Codex runtime models first, report quarantined dynamic tools, format `skills` command output, and bound compaction/steering retries. (#87218, #86875, #86123, #87399, #87375, #87383, #87400) Thanks @mbelinky, @Alix-007, @luoyanglang, @yetval, and @sjf.
-- Codex Supervisor: keep real-home app-server MCP session listing on the loaded/state-DB path, bound stored history scans, and close WebSocket probes cleanly.
-- Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, preserve Telegram SecretRef prompt config, suppress Discord recovered tool warnings, and block untrusted Teams service URLs. (#73706, #75670, #87366, #87451, #87334) Thanks @zeroaltitude, @lukeboyett, @xiaotian, and @eleqtrizit.
-- CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, wait for respawn child shutdown, bound Codex and GitHub Copilot OAuth/token requests, warm provider auth off the main thread, honor Codex response timeouts, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical `api_key` auth profiles, and make doctor restart follow-ups actionable. (#87398, #86281, #87361) Thanks @Patrick-Erichsen, @samzong, @giodl73-repo, and @alkor2000.
-- Gateway/security/session state: expire browser tokens after auth rotation, scope assistant idempotency dedupe, drain probe client closes, avoid stale restart continuation reuse, preserve retry-after fallbacks, bound webchat image and artifact transcript scans, include seconds in inbound metadata timestamps, and evict current plugin-state namespaces at row caps.
-- Config/parsing/network: reject partial numeric parsing, parse provider/Discord retry headers and dates strictly, honor IPv6 and bare IPv6 `no_proxy` entries, canonicalize secret target array indexes, and reject malformed media content lengths, inspected TCP ports, marketplace content lengths, cron epochs, and sandbox stat fields.
-- Providers/agents: preserve seeded Anthropic signatures, concatenate signature-delta chunks, preserve DeepSeek `reasoning_content` replay across tier suffixes, apply OpenRouter strict9 ids to Mistral routes, promote Ollama plain-text tool calls, and recover empty preflight compaction. (#87593)
+- Agents/Codex: keep spawned agent cwd/workspace state separated, forward ACP spawn attachments, keep hook context prompt-local, release session locks on timeout abort and runtime teardown without deleting live OpenClaw-owned locks during cleanup, avoid session event queue self-wait, clean up exec abort listeners, stream assistant deltas incrementally, recover raw missing-thread compaction failures, preserve rotated compaction session identity, keep compaction-timeout snapshots continuable, preserve shared app-server state across startup or helper failures, keep native hook relay alive across restarts and prune stale bridge files, close native hook relay replacement races, keep Claude live tool progress visible for watchdog recovery, suppress abandoned requester completion handoff, route workspace memory through tools, resolve Codex runtime models first, report quarantined dynamic tools, format `skills` command output, bind node auto-review to prepared plans, retry Claude CLI transcript probes, and bound compaction/steering retries. (#87218, #86875, #86123, #88129, #87399, #87375, #72574, #87383, #87400, #83022, #87671, #87738, #87747, #87706, #87546, #87541, #81048) Thanks @mbelinky, @Alix-007, @luoyanglang, @yetval, @sjf, @joshavant, @benjamin1492, @c19354837, @fuller-stack-dev, @pfrederiksen, and @dodge1218.
+- Codex Supervisor: keep real-home app-server MCP session listing on the loaded state path, bound stored history scans, and close WebSocket probes cleanly.
+- Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, resolve Gateway message actions against the active runtime config, preserve Telegram SecretRef prompt config and polling keepalives, preserve WhatsApp profile auth roots, QR display, document filenames, and plugin hook config, suppress Discord recovered tool warnings, preserve the Discord voice outbound helper, cap Discord/Signal/Zalo channel request and container timeouts, and block untrusted Teams service URLs while keeping TeamsSDK patterns aligned. (#73706, #75670, #87366, #87451, #87465, #87334, #84535, #76262, #83304, #82492, #87581, #77114, #86426, #85529, #87160) Thanks @zeroaltitude, @lukeboyett, @jarvis-mns1, @xiaotian, @funmerlin, @joshavant, @eleqtrizit, @heyitsaamir, @amittell, @lidge-jun, @liorb-mountapps, @masatohoshino, @bladin, and @giodl73-repo.
+- CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, ignore workspace dotenv provider credentials, wait for respawn child shutdown, bound heartbeat defaults plus Codex, GitHub Copilot, OpenAI, Anthropic, Google, Feishu, LM Studio, MiniMax, Xiaomi TTS, and local-provider OAuth/token/model requests, harden Codex auth probes, label auth health by agent, preserve explicit agentRuntime pins during Codex model migration, warm provider auth off the main thread, honor Codex response timeouts, stop migrating current Claude Haiku 4.5 profiles to Sonnet, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical `api_key` auth profiles, and make doctor restart follow-ups actionable. (#87398, #86281, #87361, #88133, #83655, #87559, #87719, #88088, #85924, #84362) Thanks @Patrick-Erichsen, @samzong, @giodl73-repo, @alkor2000, @mmaps, @nxmxbbd, and @vincentkoc.
+- Gateway/security/session state: expire browser tokens after auth rotation, scope assistant idempotency dedupe, drain probe client closes, avoid stale restart continuation reuse, preserve retry-after fallbacks and stale rate-limit cooldown probes, bound webchat image and artifact transcript scans, include seconds in inbound metadata timestamps, clear completed session active runs, clear stale chat stream buffers, and evict current plugin-state namespaces at row caps. (#87810, #87833, #75089) Thanks @joshavant and @litang9.
+- Config/parsing/network: reject partial numeric parsing, parse provider/Discord retry headers and dates strictly, honor IPv6 and bare IPv6 `no_proxy` entries, preserve empty plugin allowlists, canonicalize secret target array indexes, and reject malformed media content lengths, inspected TCP ports, marketplace content lengths, cron epochs, sandbox stat fields, unsafe duration values, empty config path segments, noncanonical schema array refs, unsafe Telegram callback pages, and invalid Teams attachment-fetch DNS targets. (#87883) Thanks @zhangguiping-xydt.
+- Browser/input hardening: reject invalid tab indexes, excessive viewport resizes, explicit zero CDP ports, malformed geolocation options, unsafe screenshot or permission-grant timeouts, loose response-body limits, invalid cookie expiries, and non-finite Browser tool delays/timeouts.
+- Cron/automation: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot, and preflight model fallbacks before skipping scheduled work. (#82887) Thanks @chen-zhang-cs-code.
+- Auto-reply/directives: respect provider and relayed channel metadata during directive persistence so channel-originated decisions keep their intended context. (#87683)
+- WhatsApp: resolve the auth directory from the active profile so profile-scoped WhatsApp installs do not drift to the wrong credential root. (#82492) Thanks @lidge-jun.
+- Gateway/session state: clear completed session active runs, avoid cold-loading providers for MCP inventory, cache single-session child indexes, cap handshake timers, and bound preauth, auth-guard, media, transcript, readiness, and port options.
+- Channels/replies: preserve channel-owned progress callbacks when verbose output is off, keep group-room progress suppression intact, prefer external session delivery context, escape Discord component id delimiters, force final TUI chat repaints, show Slack reasoning previews, and normalize Discord/Matrix/Mattermost channel numeric options. (#87476, #87423)
+- Agents/tool args: harden smart-quoted argument repair for edit arrays and exact escaped arguments so model-produced tool calls recover without corrupting valid input. (#86611) Thanks @ferminquant.
+- Providers/agents: preserve seeded Anthropic signatures, preserve signed thinking payloads, concatenate signature-delta chunks, preserve DeepSeek `reasoning_content` replay across tier suffixes, apply OpenRouter strict9 ids to Mistral routes, promote Ollama plain-text tool calls, load NVIDIA featured model catalogs, stream MiniMax music generation responses, and recover empty preflight compaction. (#87593, #87493, #80775, #84764) Thanks @Pluviobyte and @eleqtrizit.
+- Media/images: skip CLI image cache refs when resolving generated images, allow trusted generated HTML attachments, and bound generated video downloads so stale refs and slow providers fail cleanly. (#87523, #87982)
 - File transfer: handle late tar stdin pipe errors after archive validation or unpacking has already settled.
-- Performance: trust install-record caches between reloads, prefer native JSON parsing, reuse unchanged tool-search catalogs, skip unchanged store serialization, add precomputed session patch writers, reduce store clone allocations, cache manifest model catalog rows and auto-enabled plugin config, and slim current metadata identity caches.
-- Docker/release/QA: package runtime workspace templates, stream cross-OS served artifacts, preserve sparse Crabbox run artifacts, bound OpenClaw instance logs, plugin gauntlet relay logs, MCP channel buffers, kitchen-sink scans, agent-turn assertions, and release scenario logs, and keep release/google live guards current.
+- Performance: trust install-record caches between reloads, prefer native JSON parsing, reuse unchanged tool-search catalogs, reuse gateway session and plugin metadata paths, skip unchanged store serialization, patch single-entry session writes, add precomputed session patch writers, reduce store clone allocations, cache manifest model catalog rows and auto-enabled plugin config, avoid full session snapshots for entry reads, defer configured Slack full startup, prefer bundled plugin dist entries, and slim current metadata identity caches. (#87760)
+- Docker/release/QA: package runtime workspace templates, stream cross-OS served artifacts, preserve sparse Crabbox run artifacts, isolate npm plugin installs per package, reject incompatible package plugin API installs, drop the leftover root Sharp dependency from package manifests after the Rastermill migration, bound OpenClaw instance logs, plugin gauntlet relay logs, MCP channel buffers, kitchen-sink scans, agent-turn assertions, QA-Lab credential broker calls, QA Matrix substrate requests, and release scenario logs, and keep release/google live guards current. (#87647, #87477) Thanks @rohitjavvadi and @vincentkoc.
+- Release/CI: bound manual git fetches, ClawHub verifier responses, ClawHub owner metadata, dependency-guard error bodies, Parallels limits, startup/test/memory budget parsing, and diffs viewer build warnings so release lanes fail with useful proof instead of hanging. (#87839)
 
 ## 2026.5.27
 

appcast.xml

@@ -2,6 +2,70 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>OpenClaw</title>
+        <item>
+            <title>2026.5.28</title>
+            <pubDate>Sat, 30 May 2026 21:21:09 +0000</pubDate>
+            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
+            <sparkle:version>2026052890</sparkle:version>
+            <sparkle:shortVersionString>2026.5.28</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>OpenClaw 2026.5.28</h2>
+<h3>Highlights</h3>
+<ul>
+<li>Agent and Codex runtime recovery is steadier: subagents keep cwd/workspace separation, hook context stays prompt-local, session locks release on timeout abort while live OpenClaw locks survive cleanup, stale restart continuations are avoided, and Codex app-server/helper failures no longer tear down shared runtime state. (#87218, #86875, #87409, #87399, #87375, #88129)</li>
+<li>Channel delivery and session identity got safer across outbound plugin hooks, Matrix room ids, iMessage reactions/approvals, Slack final replies, Discord recovered tool warnings, runtime-config message actions, WhatsApp profile auth roots, Telegram polling, and Microsoft Teams service URL trust checks. (#73706, #75670, #87366, #87451, #87334, #84535, #82492, #83304, #87160)</li>
+<li>Mobile and chat surfaces got a broader refresh: the iOS Pro UI, hosted push relay default, realtime Talk tab playback, Gateway chat transport, onboarding, Talk permissions, WebChat reconnect delivery, and session picker behavior now preserve more state across reconnects and empty searches. (#87367, #87531, #87682, #88096, #88105) Thanks @ngutman.</li>
+<li>Browser, channel, and automation inputs are stricter: Browser tool timeouts, viewport/tab indices, Gateway ports, cron retry handling, Discord component ids, schema array refs, Telegram callback pages, and channel progress callbacks now reject malformed values earlier and preserve the intended delivery context. (#82887)</li>
+<li>Provider, media, and document coverage expands with Claude Opus 4.8, Fal Krea image schemas, NVIDIA featured models, MiniMax streaming music responses, encrypted PDF extraction, voice model catalogs, GitHub Copilot agent runtime support, and a Codex Supervisor plugin path for delegated Codex workflows. (#87845, #87890, #80775, #84764, #87751, #87794)</li>
+<li>CLI, auth, doctor, and provider paths fail faster and recover more clearly: malformed numeric/version options are rejected, workspace dotenv provider credentials are ignored, heartbeat defaults, OAuth/token lifetimes, and local service startup requests are bounded, agent auth health labels are clearer, legacy <code>api_key</code> auth profiles migrate to canonical form, and restart guidance is actionable. (#87398, #86281, #87361, #88133, #83655, #87559, #88088, #85924) Thanks @vincentkoc and @giodl73-repo.</li>
+<li>Plugin and Gateway hot paths do less repeated work while preserving cache correctness for install records, config JSON parsing, tool search catalogs, session stores, manifest model rows, auto-enabled plugin config, browser tokens, viewer assets, and release-split external plugin packages. (#86699)</li>
+<li>Release, QA, and E2E validation now bound more log, artifact, harness, and cross-OS waits so failing lanes produce proof instead of hanging or false-greening.</li>
+</ul>
+<h3>Changes</h3>
+<ul>
+<li>Status: show active subagent details in status output.</li>
+<li>Diffs: split the default language pack and expand default Diffs language coverage while keeping the host floor aligned. (#87370, #87372) Thanks @RomneyDa.</li>
+<li>ClawHub: add plugin display names plus skill verification and trust surfaces. (#87354, #86699) Thanks @thewilloftheshadow and @Patrick-Erichsen.</li>
+<li>iOS: refresh the dev app with Pro Command, Chat, Agents, Settings, hosted push relay defaults, and realtime Talk playback wired to gateway sessions, diagnostics, chat, and realtime Talk. (#87367, #88096, #88105) Thanks @Solvely-Colin and @ngutman.</li>
+<li>Docs: clarify Codex computer-use setup, paste-token stdin auth setup, macOS gateway sleep troubleshooting, native Codex hook relay recovery, container model auth, install deployment cards, device-token admin gating, CLI setup flow compatibility, Notte cloud browser CDP setup, and backport targets. (#87313, #63050, #87685) Thanks @bdjben, @liaoandi, and @thewilloftheshadow.</li>
+<li>PDF/tools: use ClawPDF for PDF extraction, support encrypted PDF extraction, and surface MCP structured content in agent tool results. (#87670, #87751)</li>
+<li>Providers: add Claude Opus 4.8 support, Fal Krea image model schemas, NVIDIA featured model catalogs, MiniMax streaming music responses, and provider-backed voice model catalogs. (#87845, #87890, #80775, #84764, #87794) Thanks @eleqtrizit and @vincentkoc.</li>
+<li>Codex/GitHub: add the GitHub Copilot agent runtime and the Codex Supervisor plugin package.</li>
+<li>Plugins: externalize GitHub Copilot and Tokenjuice as official install-on-demand plugins with npm and ClawHub publish metadata.</li>
+<li>Workboard: add agent coordination tools for tracking and handing off active agent work.</li>
+<li>Discord: show commentary in progress drafts so live Discord runs expose useful in-progress context. (#85200)</li>
+<li>Plugin SDK: add a reply payload sending hook for plugins that need to deliver channel-owned replies and flatten package types for SDK declarations. (#82823, #87165) Thanks @RomneyDa.</li>
+<li>Policy: add policy comparison, ingress-channel conformance, and sandbox-posture conformance checks. (#85572, #85744, #86768)</li>
+</ul>
+<h3>Fixes</h3>
+<ul>
+<li>Agents: fall back to local config pruning when the optional <code>agents delete</code> Gateway probe cannot authenticate, so offline installs can still delete agents without removing shared workspaces.</li>
+<li>Tighten phone-control mutation authorization [AI]. (#87150) Thanks @pgondhi987.</li>
+<li>Clarify directive persistence authorization policy [AI]. (#86369) Thanks @pgondhi987.</li>
+<li>Agents/Codex: keep spawned agent cwd/workspace state separated, forward ACP spawn attachments, keep hook context prompt-local, release session locks on timeout abort and runtime teardown without deleting live OpenClaw-owned locks during cleanup, avoid session event queue self-wait, clean up exec abort listeners, stream assistant deltas incrementally, recover raw missing-thread compaction failures, preserve rotated compaction session identity, keep compaction-timeout snapshots continuable, preserve shared app-server state across startup or helper failures, keep native hook relay alive across restarts and prune stale bridge files, close native hook relay replacement races, keep Claude live tool progress visible for watchdog recovery, suppress abandoned requester completion handoff, route workspace memory through tools, resolve Codex runtime models first, report quarantined dynamic tools, format <code>skills</code> command output, bind node auto-review to prepared plans, retry Claude CLI transcript probes, and bound compaction/steering retries. (#87218, #86875, #86123, #88129, #87399, #87375, #72574, #87383, #87400, #83022, #87671, #87738, #87747, #87706, #87546, #87541, #81048) Thanks @mbelinky, @Alix-007, @luoyanglang, @yetval, @sjf, @joshavant, and @benjamin1492.</li>
+<li>Codex Supervisor: keep real-home app-server MCP session listing on the loaded state path, bound stored history scans, and close WebSocket probes cleanly.</li>
+<li>Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, resolve Gateway message actions against the active runtime config, preserve Telegram SecretRef prompt config and polling keepalives, preserve WhatsApp profile auth roots, QR display, document filenames, and plugin hook config, suppress Discord recovered tool warnings, preserve the Discord voice outbound helper, cap Discord/Signal/Zalo channel request and container timeouts, and block untrusted Teams service URLs while keeping TeamsSDK patterns aligned. (#73706, #75670, #87366, #87451, #87465, #87334, #84535, #76262, #83304, #82492, #87581, #77114, #86426, #85529, #87160) Thanks @zeroaltitude, @lukeboyett, @xiaotian, @funmerlin, @joshavant, @eleqtrizit, @heyitsaamir, @amittell, @liorb-mountapps, @masatohoshino, @bladin, and @giodl73-repo.</li>
+<li>CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, ignore workspace dotenv provider credentials, wait for respawn child shutdown, bound heartbeat defaults plus Codex, GitHub Copilot, OpenAI, Anthropic, Google, Feishu, LM Studio, MiniMax, Xiaomi TTS, and local-provider OAuth/token/model requests, harden Codex auth probes, label auth health by agent, preserve explicit agentRuntime pins during Codex model migration, warm provider auth off the main thread, honor Codex response timeouts, stop migrating current Claude Haiku 4.5 profiles to Sonnet, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical <code>api_key</code> auth profiles, and make doctor restart follow-ups actionable. (#87398, #86281, #87361, #88133, #83655, #87559, #87719, #88088, #85924, #84362) Thanks @Patrick-Erichsen, @samzong, @giodl73-repo, @alkor2000, @mmaps, @nxmxbbd, and @vincentkoc.</li>
+<li>Gateway/security/session state: expire browser tokens after auth rotation, scope assistant idempotency dedupe, drain probe client closes, avoid stale restart continuation reuse, preserve retry-after fallbacks and stale rate-limit cooldown probes, bound webchat image and artifact transcript scans, include seconds in inbound metadata timestamps, clear completed session active runs, clear stale chat stream buffers, and evict current plugin-state namespaces at row caps. (#87810, #87833, #75089) Thanks @joshavant and @litang9.</li>
+<li>Config/parsing/network: reject partial numeric parsing, parse provider/Discord retry headers and dates strictly, honor IPv6 and bare IPv6 <code>no_proxy</code> entries, preserve empty plugin allowlists, canonicalize secret target array indexes, and reject malformed media content lengths, inspected TCP ports, marketplace content lengths, cron epochs, sandbox stat fields, unsafe duration values, empty config path segments, noncanonical schema array refs, unsafe Telegram callback pages, and invalid Teams attachment-fetch DNS targets. (#87883) Thanks @zhangguiping-xydt.</li>
+<li>Browser/input hardening: reject invalid tab indexes, excessive viewport resizes, explicit zero CDP ports, malformed geolocation options, unsafe screenshot or permission-grant timeouts, loose response-body limits, invalid cookie expiries, and non-finite Browser tool delays/timeouts.</li>
+<li>Cron/automation: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot, and preflight model fallbacks before skipping scheduled work. (#82887)</li>
+<li>Auto-reply/directives: respect provider and relayed channel metadata during directive persistence so channel-originated decisions keep their intended context. (#87683)</li>
+<li>WhatsApp: resolve the auth directory from the active profile so profile-scoped WhatsApp installs do not drift to the wrong credential root. (#82492)</li>
+<li>Gateway/session state: clear completed session active runs, avoid cold-loading providers for MCP inventory, cache single-session child indexes, cap handshake timers, and bound preauth, auth-guard, media, transcript, readiness, and port options.</li>
+<li>Channels/replies: preserve channel-owned progress callbacks when verbose output is off, keep group-room progress suppression intact, prefer external session delivery context, escape Discord component id delimiters, force final TUI chat repaints, show Slack reasoning previews, and normalize Discord/Matrix/Mattermost channel numeric options. (#87476, #87423)</li>
+<li>Agents/tool args: harden smart-quoted argument repair for edit arrays and exact escaped arguments so model-produced tool calls recover without corrupting valid input. (#86611)</li>
+<li>Providers/agents: preserve seeded Anthropic signatures, preserve signed thinking payloads, concatenate signature-delta chunks, preserve DeepSeek <code>reasoning_content</code> replay across tier suffixes, apply OpenRouter strict9 ids to Mistral routes, promote Ollama plain-text tool calls, load NVIDIA featured model catalogs, stream MiniMax music generation responses, and recover empty preflight compaction. (#87593, #87493, #80775, #84764) Thanks @eleqtrizit.</li>
+<li>Media/images: skip CLI image cache refs when resolving generated images, allow trusted generated HTML attachments, and bound generated video downloads so stale refs and slow providers fail cleanly. (#87523, #87982)</li>
+<li>File transfer: handle late tar stdin pipe errors after archive validation or unpacking has already settled.</li>
+<li>Performance: trust install-record caches between reloads, prefer native JSON parsing, reuse unchanged tool-search catalogs, reuse gateway session and plugin metadata paths, skip unchanged store serialization, patch single-entry session writes, add precomputed session patch writers, reduce store clone allocations, cache manifest model catalog rows and auto-enabled plugin config, avoid full session snapshots for entry reads, defer configured Slack full startup, prefer bundled plugin dist entries, and slim current metadata identity caches. (#87760)</li>
+<li>Docker/release/QA: package runtime workspace templates, stream cross-OS served artifacts, preserve sparse Crabbox run artifacts, isolate npm plugin installs per package, reject incompatible package plugin API installs, drop the leftover root Sharp dependency from package manifests after the Rastermill migration, bound OpenClaw instance logs, plugin gauntlet relay logs, MCP channel buffers, kitchen-sink scans, agent-turn assertions, QA-Lab credential broker calls, QA Matrix substrate requests, and release scenario logs, and keep release/google live guards current. (#87647, #87477) Thanks @rohitjavvadi and @vincentkoc.</li>
+<li>Release/CI: bound manual git fetches, ClawHub verifier responses, ClawHub owner metadata, dependency-guard error bodies, Parallels limits, startup/test/memory budget parsing, and diffs viewer build warnings so release lanes fail with useful proof instead of hanging. (#87839)</li>
+</ul>
+<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.5.28/OpenClaw-2026.5.28.zip" length="54750142" type="application/octet-stream" sparkle:edSignature="U4O55uMdPU+OqSx9QR1ApUJ8wg65wxTydzD7iyCn1GHtm1MBK9noEeiA/yoUKkqb/bx0hzi1gNhn+ye19RXnCA=="/>
+        </item>
         <item>
             <title>2026.5.27</title>
             <pubDate>Thu, 28 May 2026 12:12:19 +0000</pubDate>
@@ -258,284 +322,5 @@
 ]]></description>
             <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.5.26/OpenClaw-2026.5.26.zip" length="54484748" type="application/octet-stream" sparkle:edSignature="y4WXG7JT8ktJ+K7YDgllY7u5Z9BSKR/SwGiwEh0gikOJ/SWqwcQd+z2tWa2zgwvCJKWsAUFwJs1ATor880SUBg=="/>
         </item>
-        <item>
-            <title>2026.5.22</title>
-            <pubDate>Sun, 24 May 2026 01:41:27 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
-            <sparkle:version>2026052290</sparkle:version>
-            <sparkle:shortVersionString>2026.5.22</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>OpenClaw 2026.5.22</h2>
-<h3>Changes</h3>
-<ul>
-<li>Gateway/perf: reuse process-stable channel catalog reads, avoid repeated bundled-channel boundary checks, and rotate gateway watch CPU profiles so benchmark runs do not accumulate unbounded artifacts.</li>
-<li>Gateway/perf: reuse immutable plugin metadata snapshots across startup, config, model, channel, setup, and secret metadata readers so hot paths avoid repeated plugin file stats and manifest registry reloads.</li>
-<li>Gateway/perf: lazy-load startup-idle plugin work, core gateway method handlers, and the embedded ACPX runtime so Gateway health and ready signals no longer wait on unused handler trees or ACPX probes.</li>
-<li>Gateway/perf: cache plugin SDK public-surface alias maps and skip irrelevant macOS Linuxbrew PATH probes so Gateway startup avoids repeated filesystem walks and slow missing-directory stats.</li>
-<li>Meeting Notes: add a source-only external meeting-notes plugin and SDK source-provider contract outside the core npm package, with auto-start capture config, manual transcript imports, read-only <code>openclaw meeting-notes</code> CLI access, and Discord voice as the first live source.</li>
-<li>Docs/channels/config: add Signal <code>configPath</code>, Telegram wildcard topic defaults, local-time backup archive names, Termux home fallback, include-path validation, secret-scanner-safe placeholder guidance, Gemini CLI/Antigravity media guidance, and macOS VM auto-login guidance. Thanks @NorseGaud, @yudistiraashadi, @huangqian8, @VibhorGautam, @maweibin, @tianxingleo, @IgnacioPro, and @xzcxzcyy-claw.</li>
-<li>Docs: clarify model-usage portability, Codex migration prerequisites, status bootstrap wording, thread-bound subagent limits, hook ownership, and config-preserving safety guidance. Thanks @aniruddhaadak80, @leno23, @TomDjerry, @matthewxmurphy, @vincentkoc, and @stablegenius49.</li>
-<li>Docs: clarify README onboarding and Gateway startup paths, WhatsApp QR/408 recovery, cron output language prompts, skill advanced features, gateway upstream 403 troubleshooting, and plugin fallback override guidance. Thanks @deepujain, @Zacxxx, @Jah-yee, @neyric, @usimic, @Renu-Cybe, @BigUncle, and @SeashoreShi.</li>
-<li>Docs: clarify context-pruning ratio bounds, local dashboard recovery, CLI env markers, remote onboarding token behavior, and Peekaboo Bridge permissions for subprocess agents. Thanks @ayesha-aziz123, @dishraters, @hougangdev, and @brandonlipman.</li>
-<li>Docs: clarify browser CDP diagnostics, Plugin SDK allowlist imports, status-reaction timing defaults, queue steering behavior, limited-tool troubleshooting, cron HEARTBEAT handling, Telegram multi-agent groups, Bitwarden SecretRef setup, and EasyRunner deployments. Thanks @Quratulain-bilal, @mbelinky, @Mickey-, @vancece, @xenouzik, @posigit, @surlymochan, @janaka, and @choiking.</li>
-<li>Crabbox/Testbox: run clean sparse-checkout Testbox syncs from a temporary full checkout and route remote changed gates through Corepack pnpm.</li>
-<li>Docs: clarify IPv4-only Gateway BYOH binding, trusted-proxy scope clearing, Android pairing approval, macOS Accessibility grants, Zalo profile env vars, password-store SecretRef setup, and Chinese memory navigation. Thanks @itskai-dev, @gwh7078, @longstoryscott, @MoeJaberr, and @yuaiccc.</li>
-<li>Docs: consolidate GLM under Z.AI, add the Upstash Box install guide and Gateway exposure runbook, clarify MEDIA directives, Copilot and Voyage setup, config path quoting, real behavior proof, and memory-file write guidance. Thanks @BobDu, @alitariksahin, @Jefsky, @musaabhasan, @OmerZeyveli, @leno23, @WuKongAI-CMU, @luoyanglang, and @majin1102.</li>
-<li>Docs: clarify media provider credentials, Codex/OpenClaw code-mode boundaries, Slack and Telegram ack reactions, Feishu dynamic agents, secrets plaintext boundaries, memory guidance, and Chinese glossary terms. Thanks @nielskaspers, @cosmopolitan033, @drclaw-iq, @alexgduarte, @zccyman, @chengoak, and @cassthebandit.</li>
-<li>Packaging: exclude documentation images and assets from the npm tarball, reducing published package size without affecting runtime docs search or CLI behavior. Thanks @SebTardif.</li>
-<li>Media understanding: stop auto-probing Gemini CLI and use Antigravity CLI only as a lower-priority image/video fallback after configured provider APIs.</li>
-<li>Agents/subagents: limit default sub-agent bootstrap context to <code>AGENTS.md</code> and <code>TOOLS.md</code>, keeping persona, identity, user, memory, heartbeat, and setup files out of delegated workers by default. (#85283) Thanks @100yenadmin.</li>
-<li>Maintainer skills: exclude plugin SDK/API boundary work from <code>openclaw-landable-bug-sweep</code> so bugbash sweeps stay focused on small paper-cut fixes.</li>
-<li>QA-Lab/diagnostics: extend the OpenTelemetry smoke harness to prove trace, metric, and log export, and add first-class Prometheus and observability smoke aliases.</li>
-<li>Plugin SDK: add a generic channel-message poll sender so channel plugins can expose poll delivery without depending on channel-specific SDK facades.</li>
-<li>Crabbox: keep the local wrapper's provider validation synced with the installed Crabbox binary while preserving supported aliases such as <code>docker</code> and <code>blacksmith</code>. (#85302) Thanks @hxy91819.</li>
-<li>Maintainer skills: add <code>openclaw-landable-bug-sweep</code> for producing five small, reviewed, CI-green OpenClaw bugfix PRs from issue/PR sweeps.</li>
-<li>Control UI/chat: add search and Load More pagination to the chat session picker, keeping initial session loads bounded while making older conversations reachable. (#85237) Thanks @amknight.</li>
-<li>CLI/onboarding: start classic onboarding when bare <code>openclaw</code> runs before an authored config exists, while keeping configured installs on Crestodian. (#72343) Thanks @fuller-stack-dev.</li>
-<li>Discord: allow configuring a bounded <code>agentComponents.ttlMs</code> callback registry lifetime for long-running component workflows, with per-account overrides and a 24-hour cap. (#84189) Thanks @100menotu001.</li>
-<li>xAI/Grok: reuse xAI OAuth auth profiles for Grok <code>web_search</code>, thread active-agent auth through web search, add Grok model aliases, and let media providers declare default operation timeouts. (#85182) Thanks @fuller-stack-dev.</li>
-<li>Plugin SDK: add row-level session workflow helpers and deprecate <code>loadSessionStore</code> so plugins can read and patch sessions without depending on the legacy whole-store shape. (#84693) Thanks @efpiva.</li>
-<li>Gateway/plugins: reuse a compatible Gateway startup plugin registry during dispatch so safe plugin dispatches avoid redundant registry loading. (#84324) Thanks @ai-hpc.</li>
-<li>Plugins/SDK: add a general <code>embeddingProviders</code> capability contract and registration API so embeddings can become a reusable provider surface outside memory-specific adapters.</li>
-<li>Dependencies: refresh provider, plugin, UI, and tooling packages, update <code>protobufjs</code> to 8.4.0 to clear the current npm advisory, and carry the Claude ACP completion patch forward to <code>@agentclientprotocol/claude-agent-acp</code> 0.36.1.</li>
-<li>Agents/tools: remove the old sender-owner tool gating path so configured tools stay visible for trusted sessions while command and channel-action auth still carry real sender identity.</li>
-<li>QA-Lab: add curated mock JSONL replay fixtures and first-drift reporting for runtime-parity audits. (#80323, refs #80176) Thanks @100yenadmin.</li>
-<li>QA-Lab: add a QA bus tool-trace visibility scenario for sanitized tool-call assertions.</li>
-<li>QA-Lab: replace generic evidence framing in seeded scenario prompts with concrete observed QA behavior.</li>
-<li>QA-Lab: list named scenario packs in the coverage report so personal-agent privacy coverage stays visible in audits.</li>
-<li>QA-Lab: list live transport lane membership in the coverage report so real transport checks stay separate from seeded qa-channel scenarios.</li>
-<li>Release/package: run package integrity checks before package acceptance lanes so public install/update validation fails before private QA assets can leak into the package.</li>
-<li>QA-Lab: include the optional 100-turn runtime parity soak in release-soak artifacts so long-run Codex/Pi transcript drift stays visible outside the default gate. (#80395) Thanks @100yenadmin.</li>
-<li>QA-Lab: add a live-only long-context progress watchdog scenario for Codex app-server timeout and stalled-run sentinels. (#80323) Thanks @100yenadmin.</li>
-<li>QA-Lab: tag gateway restart recovery and streaming final-integrity scenarios as live-only runtime parity lanes. (#80323) Thanks @100yenadmin.</li>
-<li>QA-Lab: add a personal-agent failure recovery scenario that checks honest partial status, retry boundaries, and local recovery artifacts. (#83872) Thanks @iFiras-Max1.</li>
-<li>QA-Lab: include an opt-in <code>update.run</code> package self-upgrade sentinel for destructive latest-package recovery checks.</li>
-<li>QA-Lab: add Codex plugin lifecycle and auth-profile fixture coverage for missing installs, pinned-version drift, first-turn install ordering, and doctor migration safety. (#80323, refs #80174) Thanks @100yenadmin.</li>
-<li>Models/perf: pre-warm the provider auth-state map at gateway startup so <code>/models</code> and every model-listing call short-circuits the per-provider plugin / external-CLI discovery on the hot path. Per-call cost drops from ~20 s to ~5 ms (~4,100×); the one-time startup warm resets and re-warms after hot reloads. (#84816) Thanks @sjf.</li>
-<li>Release/security: ship the root npm package and OpenClaw-owned npm plugins with generated shrinkwrap, support bundled plugin runtime dependencies for suitable plugin tarballs, and require review for lockfile/shrinkwrap changes so published installs use locked dependency graphs.</li>
-<li>Tests/perf: isolate doctor core health check unit coverage from real skills/workspace discovery so <code>doctor-core-checks</code> no longer dominates unit perf while keeping one real skills-readiness smoke. (#84493) Thanks @frankekn.</li>
-</ul>
-<h3>Fixes</h3>
-<ul>
-<li>WebChat: summarize internal message-tool source replies so tool cards no longer duplicate the visible reply body. (#84773) Thanks @jason-allen-oneal.</li>
-<li>Gateway: preserve deferred lifecycle-error cleanup across later non-terminal events so provider timeouts can persist failed session state instead of leaving sessions stuck running. (#85256, fixes #63819) Thanks @samzong.</li>
-<li>Agents/subagents: report tool-only child progress during timeout summaries instead of showing no visible output.</li>
-<li>Telegram/ACP: preserve explicit <code>:topic:</code> conversation suffixes when inbound ACP targets do not carry a separate thread id.</li>
-<li>Browser/proxy: bypass the managed proxy for the exact local managed Chrome CDP readiness and DevTools WebSocket endpoints, so <code>openclaw browser start</code> works when the operator proxy blocks loopback egress. (#83255) Thanks @lightcap.</li>
-<li>Ollama: bypass the managed proxy for configured local embedding origins while keeping SSRF guardrails on unconfigured targets. Thanks @Kaspre.</li>
-<li>OpenAI/images: route Codex API-key image generation through the native OpenAI Images API instead of the Codex OAuth streaming backend, avoiding 401s from valid API keys.</li>
-<li>Agents/OpenAI completions: omit empty tool payload fields for proxy-like OpenAI-compatible endpoints so strict vLLM-style servers accept tool-free turns. (#85835) Thanks @rendrag-git.</li>
-<li>Checks/Windows: route full <code>pnpm check</code> stage commands through the managed child runner so Windows avoids Node shell-argv deprecation warnings there too.</li>
-<li>Checks/Windows: run managed child commands through explicit <code>cmd.exe</code> wrapping instead of Node shell mode with argv, avoiding Node 24 subprocess deprecation warnings during changed checks.</li>
-<li>Gateway: omit internal stream-error placeholder entries from agent prompt history so failed assistant turns are not replayed as model-authored text. (#85652) Thanks @anyech.</li>
-<li>Sessions: enforce the session write-lock max-hold policy during lock acquisition so long-held locks can be reclaimed before the stale-lock window. (#85764) Thanks @njuboy11.</li>
-<li>Models: prune retired Groq, GitHub Copilot, OpenAI, xAI, and old Claude catalog entries, with doctor migration to upgrade existing configs to current provider refs.</li>
-<li>Doctor/update: recognize junction-backed source checkouts as git installs by comparing canonical paths before showing package-manager update guidance. Fixes #82215. Thanks @igormf.</li>
-<li>Channels: honor <code>/verbose on</code> for tool/progress summaries across direct chats, groups, channels, and forum topics while preserving quiet default behavior. (#85488) Thanks @kurplunkin.</li>
-<li>CLI/skills: show an all-ready note with next-step commands when skill setup has no missing dependencies to install. (#85032) Thanks @aniruddhaadak80.</li>
-<li>Microsoft Foundry: route DeepSeek V4 Pro and Flash models through the Foundry Responses API while keeping older DeepSeek models on their existing path. (#85549) Thanks @roslinmahmud.</li>
-<li>Status/usage: show configured cost estimates for AWS SDK models in full usage output while keeping token-only usage replies cost-free. (#85619) Thanks @ItsOtherMauridian.</li>
-<li>Agents/OpenAI Responses: retry non-visible reasoning-only turns for OpenAI Responses API families instead of treating them as empty failed turns. (#85603) Thanks @SebTardif.</li>
-<li>Directive tags: preserve message and content-part object identity when display stripping makes no directive-tag changes. (#85682) Thanks @willamhou.</li>
-<li>Telegram: send local <code>path</code>/<code>filePath</code> and structured attachment media from <code>sendMessage</code> actions instead of dropping them or sending text-only messages. (#85219) Thanks @keshavbotagent.</li>
-<li>Sessions/status: show the estimated context budget when fresh provider usage is unavailable and clear stale estimates across session resets and compaction boundaries. (#84830) Thanks @giodl73-repo.</li>
-<li>Gateway/config: pin relative <code>OPENCLAW_STATE_DIR</code> overrides to an absolute path at startup so later working-directory changes cannot retarget gateway state. (#52264) Thanks @PerfectPan.</li>
-<li>Release/package: run npm release, prepublish, and postpublish verification through Windows-safe npm command shims so native Windows checks can execute <code>npm.cmd</code> instead of treating it as a binary.</li>
-<li>Agents/harness: pass CLI runtime aliases through harness selection so provider-owned CLI aliases no longer get rejected before reaching the right runtime. (#85631) Thanks @potterdigital.</li>
-<li>Secrets: show the irreversible apply warning after interactive <code>secrets configure</code> confirmation so confirmed migrations still get the final safety prompt. (#85638) Thanks @alkor2000.</li>
-<li>Agents/CLI output: ignore cumulative Claude <code>stream-json</code> result usage when assistant usage events are present, preventing inflated cache-read accounting. (#85625) Thanks @zhouhe-xydt.</li>
-<li>CLI: keep <code>waitForever()</code> alive by leaving its keep-alive interval ref'd so the public helper no longer exits immediately with Node's unsettled-await code. (#85694) Thanks @m1qaweb.</li>
-<li>Agents/bootstrap: guard bootstrap name checks against missing file names so malformed bootstrap entries warn and truncate instead of crashing. Fixes #85523. (#85615) Thanks @zhouhe-xydt.</li>
-<li>CLI/tasks: reject partially numeric <code>openclaw tasks audit --limit</code> values so audit limits must be real positive integers instead of accepting strings like <code>5abc</code>. (#84901) Thanks @jbetala7.</li>
-<li>Status/diagnostics: bound deep Docker audit probes so <code>openclaw status --deep</code> reports slow container checks instead of hanging behind unbounded inspection. (#85476) Thanks @giodl73-repo.</li>
-<li>Providers/Anthropic: migrate 1M context handling to GA-capable Claude 4.x models by sizing eligible models at 1M without the retired <code>context-1m-2025-08-07</code> beta, ignoring that retired beta in older configs, and preserving OAuth-required Anthropic beta headers. (#45613) Thanks @haoyu-haoyu.</li>
-<li>Cron/Telegram: parse forum-topic delivery targets through the Telegram plugin instead of cron core, including <code>:topic:</code> and <code>:topicId</code> forms for announce delivery. Thanks @etticat.</li>
-<li>Twitch: keep stale message-handler cleanup callbacks from removing newer handler registrations for the same account, preserving inbound message delivery after reconnects. Fixes #83888. (#85425) Thanks @alkor2000.</li>
-<li>Memory/LanceDB: expose public memory artifacts through the active memory provider bridge so memory-wiki imports durable memory files, daily notes, dream reports, and event logs without depending on memory-core internals. Fixes #83604. (#85060) Thanks @brokemac79.</li>
-<li>Crabbox: keep AWS hydration compatible with local Actions replay by inlining the hydrate workflow's Node/pnpm setup instead of invoking repo-local composite actions.</li>
-<li>Agents/subagents: simplify native sub-agent completion handoff so children report their latest visible assistant result to the requester without using <code>message</code>, while keeping parent-owned message-tool delivery policy intact. Fixes #85070. (#85089) Thanks @brokemac79.</li>
-<li>Docker setup: stop printing the Gateway bearer token in setup logs and printed follow-up commands.</li>
-<li>Agents: let embedded compaction fallback retries proceed when PI-compatible candidates do not need agent harness plugin preparation.</li>
-<li>Agents/tools: honor configured custom provider API keys when deciding whether media, image-generation, video-generation, music-generation, and PDF tools are available. (#85570)</li>
-<li>StepFun: stop advertising stale generic API key auth choices so onboarding only offers runtime-backed Standard and Step Plan choices.</li>
-<li>Diagnostics: keep OpenTelemetry log bodies behind explicit content capture and scrub scoped agent-session keys from OpenTelemetry and Prometheus labels while preserving bounded queue-lane prefixes.</li>
-<li>Windows installer: fail Git checkout installs when <code>pnpm install</code> or <code>pnpm build</code> fails instead of writing a wrapper to a missing CLI build.</li>
-<li>Sessions: surface previous-transcript archive failures during <code>/new</code> rotation so disk rename errors are logged instead of silently hiding stranded transcript files. Fixes #81984. (#85586, from #82081) Thanks @0xghost42.</li>
-<li>TUI/agents: mirror internal-ui message-tool replies into final chat output so message-tool-only agents remain visible in <code>openclaw tui</code>. Fixes #85538. Thanks @danpolasek.</li>
-<li>Agents: keep parallel OpenAI-compatible tool-call deltas in separate argument buffers so interleaved tool calls no longer corrupt streamed arguments. (#82263) Thanks @luna-system.</li>
-<li>Memory/doctor: report missing or unusable QMD workspace directories as workspace failures instead of generic binary failures. (#63167) Thanks @sercada.</li>
-<li>Debug proxy: record CONNECT client-socket errors and destroy the paired upstream socket so abrupt client disconnects no longer leak tunnel resources. (#82444) Thanks @SebTardif.</li>
-<li>Diffs: continue hydrating later diff cards when one card fails so a single broken card no longer blanks the whole diff viewer. (#84775) Thanks @cosmopolitan033.</li>
-<li>Mac app: use the native settings sidebar window chrome so the sidebar toggle stays on the left and content no longer clips under oversized titlebar padding.</li>
-<li>QA-Lab/Codex: bundle auth/plugin fixture imports for flow scenarios and let terminal async media tools end Codex app-server turns without timing out. (#80397, refs #80323) Thanks @100yenadmin.</li>
-<li>Gateway/agents: preserve fresh session overrides and metadata when stale cached agent-session entries race with store updates, so subagent model/provider overrides and routing policy survive concurrent writes. (#19328) Thanks @CodeReclaimers.</li>
-<li>Control UI/chat: keep chat session search inline with the session selector so the header no longer shows a duplicate standalone search row.</li>
-<li>Control UI/chat: collapse focused-mode header chrome and suppress hidden-header scroll updates so focus mode no longer jumps while scrolling. Thanks @amknight.</li>
-<li>Codex app-server: restart the native app-server and retry once when server-side compaction times out, so preflight compaction stalls recover instead of failing every dispatch. (#85500)</li>
-<li>Restore Control UI gateway token pairing [AI]. (#85459) Thanks @pgondhi987.</li>
-<li>OpenAI video: honor configured provider request private-network opt-in for local/custom video endpoints so explicitly trusted mock and self-hosted providers are not blocked. Thanks @shakkernerd.</li>
-<li>OpenAI video: send uploaded video edit requests to the documented <code>/videos/edits</code> endpoint with a <code>video</code> file instead of posting MP4 references to <code>/videos</code>. Thanks @shakkernerd.</li>
-<li>Agents/channels: preserve message-tool delivery evidence through gateway agent completion handoffs so successful generated media sends are not followed by false failure messages. Thanks @shakkernerd.</li>
-<li>CLI/update: repair managed npm plugin <code>openclaw</code> peer links during post-core convergence and reject stale or wrong-target peer links before restart. (#83794) Thanks @fuller-stack-dev.</li>
-<li>CLI/agents: default new omitted-account bindings to all accounts when the channel has multiple configured accounts, and clarify account-scope docs. (#49769) Thanks @Gcaufy.</li>
-<li>Codex app-server: let authorized <code>/codex</code> control commands such as <code>/codex detach</code> escape plugin-owned conversation bindings while keeping unknown or unauthorized slash text routed to the bound plugin. Fixes #85157. (#85188) Thanks @TurboTheTurtle.</li>
-<li>Auto-reply/models: keep <code>/models</code> browse replies fast by sharing the bounded read-only catalog path with Gateway model listing. (#84735) Thanks @safrano9999.</li>
-<li>Codex app-server: disable native Code Mode when the effective exec host is <code>node</code> and keep OpenClaw <code>exec</code>/<code>process</code> available, so <code>/exec host=node</code> routes shell commands through the selected node instead of the gateway. Fixes #85012. (#85090) Thanks @sahilsatralkar.</li>
-<li>Agents: bound embedded auto-compaction session write-lock watchdogs to the compaction timeout instead of the full run timeout, so stuck compaction cannot hold the live session lock for the whole run window. (#84949) Thanks @luoyanglang.</li>
-<li>Gateway/agents: return phase-aware <code>agent.wait</code> timeout attribution and only cool auth profiles on provider-started timeouts. Refs #65504. Thanks @100yenadmin.</li>
-<li>Gateway: defer provider auth-state prewarm until after startup readiness so early gateway tool/session requests are not blocked by provider auth discovery. (#85272) Thanks @dutifulbob.</li>
-<li>Gateway/models: coalesce provider auth-state rewarms after auth-profile failures and log event-loop delay for warm/rewarm work, so provider auth bursts no longer stack full auth sweeps behind channel replies.</li>
-<li>Gateway/models: stop cancelled provider auth-state prewarms from continuing full provider sweeps, so reload and auth-failure bursts no longer keep startup busy.</li>
-<li>Agents/Codex: show the first plan update as a transient chat status notice without counting it as final assistant content.</li>
-<li>CLI/update: walk the macOS process ancestry and honor the inherited Gateway runtime PID before package updates stop the managed Gateway service, so nested in-band updater children can refuse instead of killing the LaunchAgent-supervised Gateway that owns them. Fixes #85120.</li>
-<li>Gateway/LaunchAgent: wait for launchd reload bootout to finish and fall back to kickstart when bootstrap races, so reload handoff does not leave the service deregistered. Fixes #84630. (#84641) Thanks @NianJiuZst.</li>
-<li>Gateway/LaunchAgent: treat a concurrent launchd bootstrap as a successful restart when the service is already loaded, avoiding false macOS Gateway restart failures. Fixes #84721. (#84722) Thanks @googlerest.</li>
-<li>Gateway/service: include the active <code>openclaw</code> command bin directory in managed service PATH generation and doctor audit expectations for npm-global macOS installs. Fixes #84201. (#84475) Thanks @jbetala7.</li>
-<li>Control UI/chat: disable the thinking selector for known non-reasoning models instead of showing duplicate Off choices. Fixes #84069. Thanks @DrippingMellow.</li>
-<li>Memory: expand <code>~</code> in configured extra memory paths before resolving them, so home-relative folders are not treated as workspace-relative. Fixes #58026. Thanks @stadman.</li>
-<li>Skills: treat <code>openclaw.os: macos</code> as Darwin when checking skill requirements, so macOS-only skills no longer report as missing on macOS hosts. Fixes #61338. Thanks @Jessecq1995.</li>
-<li>Control UI/logs: strip ANSI escape sequences from displayed Gateway log messages so color codes no longer appear as raw text. Fixes #64399. Thanks @guguangxin-eng.</li>
-<li>Docker: pre-create the workspace and auth-profile config mount points with <code>node</code> ownership so first-run named volumes do not start root-owned. Fixes #85076. Thanks @Noerr.</li>
-<li>Telegram: pass configured markdown table mode through outbound markdown chunking so chunked sends render tables consistently. Fixes #85085. Thanks @ShuaiHui.</li>
-<li>CLI/update: preserve managed Gateway service environment during package cutovers so macOS LaunchAgent repair/restart reads the pre-update service state instead of caller shell state. (#83026)</li>
-<li>Agents/providers: honor per-model <code>api</code> and <code>baseUrl</code> overrides in custom provider auth hooks and transport selection. Fixes #80487. (#80488) Thanks @huveewomg.</li>
-<li>Gateway/restart: eager-load the lifecycle runtime before in-place upgrade signal handling so package replacement does not deadlock restart imports. (#84890) Thanks @myps6415.</li>
-<li>CLI/update: start managed Gateway update handoff helpers from a stable existing directory and tolerate deleted cwd/package roots during macOS LaunchAgent handoff. Fixes #83808. (#83875) Thanks @jason-allen-oneal.</li>
-<li>Skills: watch each shared skill directory once across agent workspaces instead of once per agent, preventing file-descriptor exhaustion (<code>EMFILE</code>) that disposed bundle-mcp processes and stalled sessions on multi-agent gateways. Fixes #84968. (#85130) Thanks @openperf.</li>
-<li>Release/security: keep generated npm shrinkwrap package versions inside the pnpm lock graph so published package locks cannot bypass pnpm dependency age and override policy.</li>
-<li>Cron: honor <code>cron.retry.retryOn: ["network"]</code> for common network error codes such as <code>EAI_AGAIN</code>, <code>EHOSTUNREACH</code>, and <code>ENETUNREACH</code>.</li>
-<li>Gateway chat: broadcast returned agent-run error payloads after an agent starts so ACP/WebChat clients receive terminal idle-timeout errors. Fixes #84945.</li>
-<li>Gateway chat display: preserve OpenAI-compatible <code>prompt_tokens</code>, <code>completion_tokens</code>, and <code>total_tokens</code> usage fields in sanitized chat history so llama.cpp sessions keep context counts. Fixes #77992. Thanks @MarTT79.</li>
-<li>Dashboard/CLI: allow macOS browser launching through <code>open</code> even when SSH environment variables are present, while preserving Linux SSH no-display protection. Fixes #67088. Thanks @theglove44.</li>
-<li>Codex app-server: keep native web search observations out of mirrored chat transcripts while preserving tool progress telemetry. Fixes #85109. Thanks @ugitmebaby.</li>
-<li>OpenCode Go: strip unsupported Kimi reasoning replay fields before provider requests so repeated <code>kimi-k2.6</code> turns do not fail schema validation. Fixes #83812. Thanks @Sleeck.</li>
-<li>Browser/CDP: add a WSL2 portproxy self-loop hint when Chrome DevTools endpoints accept connections but return an empty HTTP reply. Fixes #59209. Thanks @Owlock.</li>
-<li>Agents/OpenAI: preserve structured provider error code, type, and redacted body metadata on boundary-aware transport failures.</li>
-<li>Doctor/Codex: point native Codex asset warnings at the canonical <code>openclaw migrate plan codex</code> preview command. Fixes #84948. Thanks @markoa.</li>
-<li>CLI/models: make <code>capability model auth logout --agent</code> remove auth profiles from the selected non-default agent store. Fixes #85092. Thanks @islandpreneur007.</li>
-<li>Gateway/models: reuse prepared provider auth metadata during model-listing auth checks so repeated lookups avoid broad plugin discovery while preserving synthetic local auth.</li>
-<li>CLI/status: suppress systemd user-service setup hints when <code>openclaw status --deep</code> can already reach a running Gateway RPC service. Fixes #85094. Thanks @islandpreneur007.</li>
-<li>CLI/devices: recover local approval when a same-device repair request replaces the request ID being approved.</li>
-<li>CLI/agents: retry transient normal-close Gateway handshakes before falling back to embedded <code>openclaw agent</code> execution.</li>
-<li>CLI/update: keep managed Gateway service stop/restart status lines out of <code>openclaw update --json</code> stdout so package-update automation can parse the JSON payload.</li>
-<li>Plugins: resolve OpenClaw plugin SDK subpaths for native external plugin runtimes without mutating package installs or broadening process-wide module resolution.</li>
-<li>Agents/OpenAI: preserve Responses and Chat Completions <code>reasoning_tokens</code> usage metadata without double-counting it in aggregate output tokens. (#85319)</li>
-<li>Control UI/chat: convert pasted <code>data:image/...;base64,...</code> clipboard text into an image attachment instead of dumping the payload into the composer. Fixes #62604. Thanks @cpwilhelmi.</li>
-<li>Providers/Gemini: strip fractional seconds from web-search time range filters so Gemini accepts freshness-bound search requests. (#85071) Thanks @Noerr.</li>
-<li>OpenAI Codex: preserve image input support for sparse <code>openai-codex/gpt-5.5</code> catalog rows. (#85095) Thanks @sercada.</li>
-<li>CLI/models: add a piped or pasted API-key path for OpenAI Codex auth and warn when API keys are pasted into token-mode auth. (#85533) Thanks @joshavant.</li>
-<li>Telegram: dead-letter missing-harness isolated ingress failures so a poisoned spooled update no longer blocks later same-lane messages. Fixes #85470. (#85605) Thanks @joshavant.</li>
-<li>Plugins/discovery: strip <code>-plugin</code> package suffixes when deriving plugin id hints so package names line up with manifest ids. (#85170) Thanks @JulyanXu.</li>
-<li>Tlon: stop advertising a non-existent agent tool contract in the plugin manifest.</li>
-<li>Telegram: preserve fenced code block languages through Markdown rendering so Telegram receives <code>language-*</code> code classes. (#85209) Thanks @leno23.</li>
-<li>Windows installer: run npm and Corepack command shims from a Windows-local directory so installs launched from WSL2 UNC paths do not fail before OpenClaw is installed.</li>
-<li>Windows updates: roll back git-backed updates to the previous checkout when dependency install, build, UI build, or doctor repair fails.</li>
-<li>Windows installer: persist user-local portable Git on PATH and activate the repo-pinned pnpm version for git-backed installs and updates.</li>
-<li>Windows installer: bootstrap a user-local portable Node.js when native Windows has no Node and no winget, Chocolatey, or Scoop, so first-run installs can continue on raw hosts.</li>
-<li>Windows installer: extract the downloaded portable Node.js directory with native <code>tar</code> before falling back to .NET zip extraction, avoiding PowerShell 5.1 archive and path-length failures.</li>
-<li>fix(integrations): enforce channel read target allowlists [AI]. (#84982) Thanks @pgondhi987.</li>
-<li>Agents/heartbeat: route single-owner <code>session.dmScope=main</code> direct-message exec and cron event wakes back to the agent main session so async completions no longer strand context in orphan direct-DM queues. Fixes #71581. (#83743) Thanks @Kaspre.</li>
-<li>Agents/code-mode: expose outer code-mode <code>exec</code> source through the <code>command</code> hook alias with <code>toolKind</code>/<code>toolInputKind</code> discriminators so exec-shaped policies can distinguish code-mode cells. (#83483) Thanks @Kaspre.</li>
-<li>Agents/code mode: return structured timeout and runtime-unavailable error codes for known worker failures. Fixes #83389. (#83444) Thanks @Kaspre.</li>
-<li>QA-Lab: isolate multi-scenario suite workers when scenarios need startup config patches, preventing message-routing config from leaking into unrelated scenarios.</li>
-<li>QA-Lab: make the commitments heartbeat-target-none scenario request an immediate heartbeat instead of waiting for the next scheduled heartbeat.</li>
-<li>Codex/Plugin SDK: deliver Codex-native subagent completions through a generic harness task runtime so harness-backed plugins can mirror durable task lifecycle and completion delivery without Codex-specific SDK imports. (#83445) Thanks @bryanpearson.</li>
-<li>Gateway CLI: surface local post-challenge connect assembly failures immediately instead of waiting for the wrapper timeout. Fixes #68944. (#85253) Thanks @samzong.</li>
-<li>Messages: strip unsupported web-search citation control markers from outbound replies before they reach WebChat or external channels. Fixes #85193. (#85204) Thanks @neeravmakwana.</li>
-<li>Agents/exec: treat denied exec approvals as terminal instead of feeding them back into agent follow-up work, and recognize Chinese stop phrases in abort handling. Fixes #69386. (#85194) Thanks @samzong.</li>
-<li>CLI/agents: abort accepted Gateway-backed <code>openclaw agent</code> runs on SIGINT/SIGTERM so cron and supervisor timeouts do not leave remote agent work alive. Fixes #71710. (#84381) Thanks @Kaspre.</li>
-<li>Codex app-server: retry replay-safe stdio client-close turns once using structured failure metadata, while surfacing idle <code>turn/completed</code> timeouts instead of blindly replaying active shared-server turns. Thanks @VACInc.</li>
-<li>Codex app-server: reject command overrides that embed Node or package-manager arguments and point users to <code>appServer.args</code>, so Windows startup avoids shell parsing failures. (#84417) Thanks @TurboTheTurtle.</li>
-<li>Agents/Copilot: drop unsafe GitHub Copilot Responses reasoning replay items before send so Telegram direct sessions no longer fail on overlong replay IDs. Fixes #85197. (#85198) Thanks @galiniliev.</li>
-<li>UI: add accessible tooltips to the topbar color-mode buttons so System, Light, and Dark choices are labeled on hover and focus. (#85227) Thanks @amknight.</li>
-<li>fix: constrain Windows task script names [AI]. (#85064) Thanks @pgondhi987.</li>
-<li>Control UI: keep the chat session picker from hiding older or cross-agent configured conversations while preserving the bounded configured-agent refresh. (#85211) Thanks @amknight.</li>
-<li>Agents/Anthropic: preserve unsafe integer tool-call input values in streamed Anthropic tool-use JSON, preventing Discord-style IDs from being rounded before dispatch. Fixes #47229. (#83063) Thanks @leno23.</li>
-<li>Agents/Codex: estimate tool-heavy prompt pressure at the LLM boundary before provider submission, so persistent sessions compact before overflowing context windows. (#85541) Thanks @fuller-stack-dev and @joshavant.</li>
-<li>Agents/hooks: wait for local one-shot CLI and Codex <code>agent_end</code> plugin hooks before process cleanup so terminal observability flushes reliably. (#85007)</li>
-<li>Providers/Google: preserve Gemini 3 cron <code>thinkingDefault: "low"</code> when stale catalog metadata says <code>reasoning:false</code>, so scheduled runs keep provider-supported thinking instead of downgrading to off. (#85185) Thanks @neeravmakwana.</li>
-<li>CLI/agents: allow <code>openclaw agent --session-key</code> to target explicit session keys, including agent-scoped legacy keys. (#85121) Thanks @Kaspre.</li>
-<li>Auto-reply/ACP: wait for same-channel block reply delivery before starting tool work, while still honoring ACP dispatch aborts so stopped turns do not wait on slow channel sends. (#83722) Thanks @IWhatsskill.</li>
-<li>Codex/ACP: mark required child-run completions that only report progress, omit a final deliverable, or fail requester delivery as blocked while preserving real final reports. (#85110) Thanks @IWhatsskill.</li>
-<li>Channels: treat bare abort messages such as <code>stop</code>, <code>abort</code>, and <code>wait</code> as immediate control commands in inbound debounce paths so stop requests are not delayed behind pending message coalescing. (#83348) Thanks @IWhatsskill.</li>
-<li>Channels/message tool: resolve configured external channel plugins during in-agent channel selection, so <code>openclaw agent --local</code> message-tool sends no longer report an available channel as unavailable. (#85022) Thanks @Kaspre.</li>
-<li>Agents/heartbeat: honor group/channel <code>message_tool</code> visible-reply policy and model-specific Codex runtime config for scheduled heartbeat runs, so failed internal tool output stays private. Fixes #85310. (#85357) Thanks @neeravmakwana.</li>
-<li>Gateway/ACP: close child ACP sessions spawned via <code>sessions_spawn</code> when their parent session is reset or deleted, instead of leaving orphaned <code>claude-agent-acp</code> processes that accumulate and exhaust memory. Fixes #68916. (#85190) Thanks @openperf.</li>
-<li>Codex app-server: block native execution paths when OpenClaw exec resolves to a node host while preserving the first-party CLI node binding path. Fixes #85012. (#85534) Thanks @joshavant.</li>
-<li>Diagnostics: bound cleanup timeout detail logs, emit drop summaries when async diagnostic bursts exceed the queue cap, and surface async queue drops through diagnostic telemetry.</li>
-<li>Agents/subagents: surface blocked child-run completions as errors instead of successful subagent finishes. (#80886) Thanks @TurboTheTurtle.</li>
-<li>Context engines: fail closed with a descriptive error when the selected agent runtime cannot satisfy declared context-engine host requirements.</li>
-<li>Agents/Pi: treat accepted embedded <code>sessions_spawn</code> child-session handoffs as terminal progress so parent turns no longer report false non-deliverable failures. (#85054) Thanks @samzong.</li>
-<li>CLI/models: resolve <code>openclaw models set</code> aliases from the runtime config while keeping authored aliases ahead of runtime-only defaults. (#83262) Thanks @IWhatsskill.</li>
-<li>Doctor: show personal Codex CLI asset notices as info instead of warnings. Fixes #84859.</li>
-<li>WhatsApp: update Baileys to <code>7.0.0-rc13</code> and drop the obsolete logger type patch.</li>
-<li>CLI/update: pre-pack GitHub/git package update targets before the staged npm install, restoring <code>openclaw update --tag main</code> for one-off package updates. (#81296) Thanks @fuller-stack-dev.</li>
-<li>Gateway: mirror successful same-source message-tool sends into session transcripts so delivered replies stay in later history/context. (#84837) Thanks @iFiras-Max1.</li>
-<li>Media generation: keep image, music, and video completion delivery from duplicating or losing task ownership when generated media finishes through active session replies. (#84006) Thanks @fuller-stack-dev.</li>
-<li>Infra/json: retry transient <code>File changed during read</code> races while loading JSON state so config and state reads recover instead of failing the turn. (#84285)</li>
-<li>Plugins/providers: fail closed for workspace provider plugins during setup-mode discovery unless explicitly trusted, preventing untrusted workspace plugin code from running during provider setup. (#81069) Thanks @mmaps.</li>
-<li>Providers/Ollama: resolve configured Ollama Cloud <code>OLLAMA_API_KEY</code> markers to the real discovery key so cloud provider entries keep authenticated model catalog access. (#85037)</li>
-<li>Discord: keep persistent component registry fallback warnings actionable by forwarding structured error and cause metadata through the runtime logger. Fixes #84185. (#84190) Thanks @100menotu001.</li>
-<li>Gateway/sessions: preserve compatible session auth profile overrides when switching models within the same provider, including provider-auth aliases. Fixes #81837. (#81886) Thanks @TurboTheTurtle.</li>
-<li>Gateway/status: surface inbound delivery telemetry counters and transport-liveness warnings in <code>openclaw status --all</code>. Fixes #49577. (#72724)</li>
-<li>Docker: prune package-excluded plugin source workspaces and dependency closures so runtime images do not keep packages for plugins that were not opted in.</li>
-<li>Providers/Ollama: treat Docker/OrbStack host aliases as local Ollama endpoints so <code>ollama-local</code> marker auth works when OpenClaw runs inside a VM/container and Ollama runs on the host. Fixes #84875.</li>
-<li>QA-Lab: keep explicitly searchable/deferred OpenClaw dynamic tool rows report-only by default so tool-coverage gates do not treat mock discovery gaps as hard product failures. (#80319) Thanks @100yenadmin.</li>
-<li>Agents/config: keep non-Google provider model refs from being rewritten by Google Gemini preview-id normalization. (#84762) Thanks @zhangguiping-xydt.</li>
-<li>Installer: require a real controlling terminal before launching onboarding so headless <code>curl | bash</code> installs finish cleanly after installing the CLI.</li>
-<li>Agents/Codex: promote a completed final assistant response when a prompt timeout races Codex app-server completion instead of returning an empty timeout envelope. Refs #84516.</li>
-<li>Codex app-server: keep interrupted turn statuses from being treated as OpenClaw aborts by themselves, so tool-only turns remain eligible for no-visible-answer recovery. Fixes #84492.</li>
-<li>Agents: cap heartbeat model bleed context hints by the stored session window when runtime model metadata is unavailable, so overflow recovery advice does not suggest a larger window than the active session actually has.</li>
-<li>Control UI/Web Push: use <code>https://openclaw.ai</code> as the generated default VAPID subject instead of the old localhost mailbox so iOS PWA push setup uses an Apple-acceptable subject when <code>OPENCLAW_VAPID_SUBJECT</code> is unset. Fixes #83134. (#83317) Thanks @IWhatsskill.</li>
-<li>Control UI: distinguish inherited thinking-off settings from explicit Off selections so the thinking selector no longer shows two identical Off rows. (#85223) Thanks @amknight.</li>
-<li>Agents/Pi: keep embedded session transcript writes from tripping false takeover detection after packaged npm onboarding agent turns.</li>
-<li>Codex/TUI: surface Codex-native post-turn compaction failures instead of continuing uncompacted, and keep successful native compaction serialized before local idle/next-turn handling. Fixes #84305. (#85160) Thanks @joshavant.</li>
-<li>Memory/search: stop recall tracking from writing dreaming side-effect artifacts when <code>dreaming.enabled=false</code>, while preserving normal search results. Fixes #84436. (#84444) Thanks @NianJiuZst.</li>
-<li>Diffs: render viewer toolbar icons from a closed icon-name map instead of HTML strings, removing the toolbar icon XSS sink. (#83955) Thanks @tanshanshan.</li>
-<li>QA: keep <code>pnpm qa:e2e</code> self-check runs inside the private QA runtime envelope even when inherited shell env disables bundled plugins.</li>
-<li>fix(config): validate browser sandbox bind sources [AI]. (#84799) Thanks @pgondhi987.</li>
-<li>doctor: constrain legacy plugin cleanup paths [AI]. (#84801) Thanks @pgondhi987.</li>
-<li>Update/doctor: prune stale local bundled plugin install records that point at old compiled bundled output so current bundled plugin schemas win after upgrade. (#84863) Thanks @fuller-stack-dev.</li>
-<li>Providers/Ollama: preserve native Ollama tool-call IDs across assistant replay so Gemini over Ollama Cloud can keep its hidden function-call thought-signature handle.</li>
-<li>Discord: keep session recovery and <code>/stop</code> abort ownership on the source dispatch lane while bound ACP turns continue routing to their target session, so stalled pre-run work and late replies are cleared instead of leaking after stop. Fixes #84477. (#85100) Thanks @joshavant.</li>
-<li>Codex app-server: mark missing turn completion after observed execution as replay-unsafe and release the session so follow-up turns can run. Fixes #84076. (#85107) Thanks @joshavant.</li>
-<li>Codex app-server: give visible <code>message</code> dynamic tool sends a longer timeout budget so slow channel delivery can return its own result or error instead of hitting the 30-second Codex wrapper. (#85216) Thanks @amknight.</li>
-<li>Codex app-server: add a dedicated post-tool raw assistant completion idle timeout config so trusted heavy turns can wait longer after tool handoff without weakening final assistant release.</li>
-<li>Matrix: keep explicitly configured two-person rooms on the room route before stale <code>m.direct</code> or strict two-member DM fallback can bypass mention gating. Fixes #85017. (#85137) Thanks @joshavant.</li>
-<li>Agents/subagents: require explicit subagent allowlist targets to be configured agents so stale deleted-agent ids are omitted from <code>agents_list</code> and rejected by <code>sessions_spawn</code>. Fixes #84811. (#85154) Thanks @joshavant.</li>
-<li>PDF tool: time out idle remote PDF body reads after 120 seconds so stalled remote documents return an error instead of wedging the session. Fixes #68649. (#84768) Thanks @luoyanglang.</li>
-<li>Diagnostics/OpenTelemetry plugin: suppress handled OTLP exporter promise rejections so collector shutdowns no longer crash the Gateway. (#81085) Thanks @luoyanglang.</li>
-<li>Agents/exec: omit raw command text and env values from denied exec failure logs while keeping safe correlation metadata. Fixes #85049. (#85140) Thanks @joshavant.</li>
-<li>Media/audio: skip empty structured sherpa-onnx transcripts instead of treating the raw JSON payload as spoken text. (#84667) Thanks @TurboTheTurtle.</li>
-<li>Agents/exec: preserve inherited XDG base-directory environment values for subprocesses while still rejecting agent-supplied XDG overrides. Fixes #84854. (#85139) Thanks @joshavant.</li>
-<li>Node/Linux: keep <code>OPENCLAW_GATEWAY_TOKEN</code> out of generated systemd unit files by writing node service token values to a node-specific env file. (#84408)</li>
-<li>Memory-core/dreaming: reuse stable narrative subagent session keys per workspace and phase while keeping per-run idempotency and bounded cleanup, so stale <code>dreaming-narrative-*</code> sessions do not accumulate. Fixes #68252, #69187, and #70402. (#70464) Thanks @chiyouYCH.</li>
-<li>Trajectory/support: tolerate partial skill snapshot entries when building support metadata so rejected skill path scans no longer abort trajectory capture. (#71185) Thanks @lukeboyett.</li>
-<li>TUI: coalesce repeated idle Esc abort notices into a single <code>no active run xN</code> system row instead of appending duplicate rows.</li>
-<li>Telegram: honor <code>channels.telegram.pollingStallThresholdMs</code> in the default isolated polling path, restarting silent workers instead of leaving inbound updates wedged. Fixes #83950. (#84861) Thanks @joshavant.</li>
-<li>Telegram: dedupe replayed message dispatches by Telegram chat/message identity so isolated-ingress replays do not trigger duplicate model dispatches. Fixes #84886. (#85208) Thanks @joshavant.</li>
-<li>Slack: suppress reasoning payloads before reply delivery and dispatch accounting, so Slack monitor, slash-command, fallback, and direct reply paths do not leak model reasoning. Fixes #84319. (#84322) Thanks @ffluk3 and @joshavant.</li>
-<li>Slack: deliver native plugin approval prompts and updates when Slack native approvals are enabled, while keeping plugin approval authorization separate from exec approvers.</li>
-<li>Slack: keep native plugin approval prompts in the originating app conversation thread when the live Slack turn source is a <code>D...</code> conversation.</li>
-<li>Agents/Pi: disable the embedded pi-coding-agent runtime auto-retry so OpenClaw's own retry and failover loop does not replay failed tool calls through a nested SDK retry. Fixes #73781. (#74434) Thanks @yelog.</li>
-<li>CLI/perf: keep <code>setup --help</code>, <code>onboard --help</code>, and <code>configure --help</code> out of the full wizard runtime while preserving the existing help output. (#84488) Thanks @frankekn.</li>
-<li>CLI/perf: keep <code>agents --help</code> out of agents action/runtime imports so help, completion, and command discovery paths avoid loading the full agents runtime. (#84483) Thanks @frankekn.</li>
-<li>CLI/perf: keep <code>secrets --help</code> and <code>nodes --help</code> on the precomputed help path so parent help avoids loading action-heavy command runtime modules. (#84818) Thanks @frankekn.</li>
-<li>CLI/perf: serve <code>doctor</code>, <code>gateway</code>, <code>models</code>, and <code>plugins</code> parent help from startup metadata so common subcommand help avoids full CLI program construction. (#84786) Thanks @frankekn.</li>
-<li>Codex/Lossless: keep context-engine history on the canonical run session when Telegram DMs use per-peer runtime policy keys. Fixes #84936. (#84954) Thanks @neeravmakwana.</li>
-<li>Codex: keep heartbeat response tool schemas durable without exposing dynamic tools disabled by turn policy, so heartbeat wakeups can reuse threads while scoped tool allowlists stay enforced. (#84681) Thanks @jalehman.</li>
-<li>Auth/OAuth: skip the refresh adapter when a stored OAuth credential has no refresh token so agent turns fail fast on missing-key instead of waiting on the 120s refresh timeout. Thanks @romneyda.</li>
-<li>Auth/Codex: load legacy OAuth sidecar credentials in the embedded runner's secrets-runtime auth loaders so Telegram replies, cron-triggered turns, and other isolated sub-agent lanes can reach the existing #83312 refresh-and-rewrite migration instead of failing with <code>No API key found for provider "openai-codex"</code> until the user runs <code>openclaw doctor</code>. Thanks @Totalsolutionsync and @romneyda.</li>
-<li>Codex/failover: classify <code>deactivated_workspace</code> as a permanent auth failure so configured fallback models can advance when a Codex workspace is deactivated. (#55893) Thanks @litang9.</li>
-<li>Exec: keep configured <code>tools.exec.pathPrepend</code> entries ahead of user shell startup PATH changes on POSIX gateway runs. (#81403) Thanks @medns.</li>
-<li>Gateway/sessions: allow shared-secret bearer callers to read and stream session history without an explicit scope header. (#81815) Thanks @medns.</li>
-<li>Agents/embedded runner: classify HTML auth provider responses as <code>auth_html</code> and return a re-authentication hint instead of the CDN-blocked copy that <code>upstream_html</code> returns. Cloudflare Access login pages, nginx basic-auth challenges, and gateway login walls all produce HTML auth bodies that were previously misdiagnosed as transient CDN blocks. (#79900) Thanks @martingarramon.</li>
-<li>TUI/streaming watchdog: dismiss the <code>This response is taking longer than expected</code> notice as soon as a chat event for the same run arrives, so the message no longer sits next to the recovered response when the run was only briefly silent. Refs #67052, #69081 (closed), prior attempt #69026. Thanks @jpruit20 and @romneyda.</li>
-<li>Agents/Pi: tolerate OpenClaw-owned transcript writes while embedded prompts are released for model I/O, keeping long-running Feishu, Slack, Telegram, and cron turns from failing with false session-takeover errors. Fixes #84059. (#84250) Thanks @tianxiaochannel-oss88.</li>
-</ul>
-<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.5.22/OpenClaw-2026.5.22.zip" length="54409357" type="application/octet-stream" sparkle:edSignature="am1mwLOmUHor9QuQWtxSsKoBOCySUBo4fB+0Qdcrz0E3wf6ESIMTfOC0k+dKJSh9gtLZw5jzpWVqTBzEdU36Aw=="/>
-        </item>
     </channel>
 </rss>

apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt

@@ -6,6 +6,7 @@ import ai.openclaw.app.chat.ChatPendingToolCall
 import ai.openclaw.app.chat.ChatSessionEntry
 import ai.openclaw.app.chat.OutgoingAttachment
 import ai.openclaw.app.gateway.DeviceAuthStore
+import ai.openclaw.app.gateway.DeviceAuthTokenStore
 import ai.openclaw.app.gateway.DeviceIdentityStore
 import ai.openclaw.app.gateway.GatewayDiscovery
 import ai.openclaw.app.gateway.GatewayEndpoint
@@ -79,6 +80,7 @@ class NodeRuntime(
   context: Context,
   val prefs: SecurePrefs = SecurePrefs(context.applicationContext),
   private val tlsFingerprintProbe: suspend (String, Int) -> GatewayTlsProbeResult = ::probeGatewayTlsFingerprint,
+  private val deviceAuthStore: DeviceAuthTokenStore = DeviceAuthStore(context.applicationContext),
 ) {
   data class GatewayConnectAuth(
     val token: String?,
@@ -88,7 +90,6 @@ class NodeRuntime(
 
   private val appContext = context.applicationContext
   private val scope = CoroutineScope(SupervisorJob() + Dispatchers.IO)
-  private val deviceAuthStore = DeviceAuthStore(prefs)
   val canvas = CanvasController()
   val camera = CameraCaptureManager(appContext)
   val location = LocationCaptureManager(appContext)
@@ -109,7 +110,6 @@ class NodeRuntime(
 
   private val cameraHandler: CameraHandler =
     CameraHandler(
-      appContext = appContext,
       camera = camera,
       externalAudioCaptureActive = externalAudioCaptureActive,
       showCameraHud = ::showCameraHud,
@@ -119,7 +119,6 @@ class NodeRuntime(
 
   private val debugHandler: DebugHandler =
     DebugHandler(
-      appContext = appContext,
       identityStore = identityStore,
     )
 
@@ -2871,7 +2870,7 @@ fun providerDisplayName(provider: String): String =
   when (provider.trim().lowercase()) {
     "openai" -> "OpenAI"
     "openrouter" -> "OpenRouter"
-    "openai-codex", "codex" -> "Codex"
+    "codex" -> "Codex"
     "ollama", "ollama-local" -> "Ollama Local"
     else ->
       provider

apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt

@@ -442,6 +442,23 @@ class SecurePrefs(
     securePrefs.edit { remove(key) }
   }
 
+  fun keysWithPrefix(prefix: String): Set<String> =
+    securePrefs
+      .all
+      .keys
+      .filter { it.startsWith(prefix) }
+      .toSet()
+
+  fun removeKeysWithPrefix(prefix: String) {
+    val keys = keysWithPrefix(prefix)
+    if (keys.isEmpty()) return
+    securePrefs.edit {
+      for (key in keys) {
+        remove(key)
+      }
+    }
+  }
+
   private fun createSecurePrefs(
     context: Context,
     name: String,

apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthStore.kt

@@ -1,7 +1,9 @@
 package ai.openclaw.app.gateway
 
 import ai.openclaw.app.SecurePrefs
+import android.content.Context
 import kotlinx.serialization.Serializable
+import kotlinx.serialization.decodeFromString
 import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
 
@@ -18,6 +20,10 @@ private data class PersistedDeviceAuthMetadata(
   val updatedAtMs: Long = 0L,
 )
 
+private const val deviceAuthTokenPrefix = "gateway.deviceToken."
+private const val deviceAuthMetadataPrefix = "gateway.deviceTokenMeta."
+private const val sqliteSecurePrefsTokenMarker = "__openclaw_secure_prefs__"
+
 interface DeviceAuthTokenStore {
   fun loadEntry(
     deviceId: String,
@@ -42,29 +48,104 @@ interface DeviceAuthTokenStore {
   )
 }
 
-class DeviceAuthStore(
-  private val prefs: SecurePrefs,
+internal interface DeviceAuthStateStore {
+  fun readDeviceAuthToken(
+    deviceId: String,
+    role: String,
+  ): OpenClawSQLiteDeviceAuthTokenRow?
+
+  fun readLatestDeviceAuthDeviceId(): String?
+
+  fun upsertDeviceAuthToken(row: OpenClawSQLiteDeviceAuthTokenRow)
+
+  fun deleteDeviceAuthToken(
+    deviceId: String,
+    role: String,
+  )
+
+  fun deleteAllDeviceAuthTokens()
+}
+
+private class OpenClawSQLiteDeviceAuthStateStore(
+  private val store: OpenClawSQLiteStateStore,
+) : DeviceAuthStateStore {
+  override fun readDeviceAuthToken(
+    deviceId: String,
+    role: String,
+  ): OpenClawSQLiteDeviceAuthTokenRow? = store.readDeviceAuthToken(deviceId, role)
+
+  override fun readLatestDeviceAuthDeviceId(): String? = store.readLatestDeviceAuthDeviceId()
+
+  override fun upsertDeviceAuthToken(row: OpenClawSQLiteDeviceAuthTokenRow) {
+    store.upsertDeviceAuthToken(row)
+  }
+
+  override fun deleteDeviceAuthToken(
+    deviceId: String,
+    role: String,
+  ) {
+    store.deleteDeviceAuthToken(deviceId, role)
+  }
+
+  override fun deleteAllDeviceAuthTokens() {
+    store.deleteAllDeviceAuthTokens()
+  }
+}
+
+class DeviceAuthStore private constructor(
+  private val context: Context,
+  private val legacyPrefsOverride: SecurePrefs? = null,
+  private val stateStore: DeviceAuthStateStore,
 ) : DeviceAuthTokenStore {
+  constructor(
+    context: Context,
+    legacyPrefsOverride: SecurePrefs? = null,
+  ) : this(
+    context = context,
+    legacyPrefsOverride = legacyPrefsOverride,
+    stateStore = OpenClawSQLiteDeviceAuthStateStore(OpenClawSQLiteStateStore(context)),
+  )
+
+  internal companion object {
+    fun createForTesting(
+      context: Context,
+      legacyPrefsOverride: SecurePrefs? = null,
+      stateStoreOverride: DeviceAuthStateStore,
+    ): DeviceAuthStore =
+      DeviceAuthStore(
+        context = context,
+        legacyPrefsOverride = legacyPrefsOverride,
+        stateStore = stateStoreOverride,
+      )
+  }
+
   private val json = Json { ignoreUnknownKeys = true }
+  private val legacyPrefs by lazy { legacyPrefsOverride ?: SecurePrefs(context) }
 
   override fun loadEntry(
     deviceId: String,
     role: String,
   ): DeviceAuthEntry? {
-    val key = tokenKey(deviceId, role)
-    val token = prefs.getString(key)?.trim()?.takeIf { it.isNotEmpty() } ?: return null
+    val normalizedDevice = normalizeDeviceId(deviceId)
     val normalizedRole = normalizeRole(role)
-    val metadata =
-      prefs
-        .getString(metadataKey(deviceId, role))
-        ?.let { raw ->
-          runCatching { json.decodeFromString<PersistedDeviceAuthMetadata>(raw) }.getOrNull()
+    val row =
+      stateStore.readDeviceAuthToken(normalizedDevice, normalizedRole)
+        ?: return migrateLegacyEntryIfNoSqliteAuthRows(normalizedDevice, normalizedRole)
+    val token =
+      legacyPrefs
+        .getString(tokenKey(normalizedDevice, normalizedRole))
+        ?.trim()
+        ?.takeIf { it.isNotEmpty() }
+        ?: row.token.trim().takeIf { it.isNotEmpty() && it != sqliteSecurePrefsTokenMarker }?.also {
+          legacyPrefs.putString(tokenKey(normalizedDevice, normalizedRole), it)
+          stateStore.upsertDeviceAuthToken(row.copy(token = sqliteSecurePrefsTokenMarker))
         }
+        ?: return null
     return DeviceAuthEntry(
       token = token,
       role = normalizedRole,
-      scopes = metadata?.scopes ?: emptyList(),
-      updatedAtMs = metadata?.updatedAtMs ?: 0L,
+      scopes = decodeScopes(row.scopesJson),
+      updatedAtMs = row.updatedAtMs,
     )
   }
 
@@ -74,16 +155,35 @@ class DeviceAuthStore(
     token: String,
     scopes: List<String>,
   ) {
+    val normalizedDevice = normalizeDeviceId(deviceId)
+    val normalizedRole = normalizeRole(role)
     val normalizedScopes = normalizeScopes(scopes)
-    val key = tokenKey(deviceId, role)
-    prefs.putString(key, token.trim())
-    prefs.putString(
-      metadataKey(deviceId, role),
-      json.encodeToString(
-        PersistedDeviceAuthMetadata(
-          scopes = normalizedScopes,
-          updatedAtMs = System.currentTimeMillis(),
-        ),
+    val latestDeviceId = stateStore.readLatestDeviceAuthDeviceId()
+    val shouldSeedSameDeviceLegacyRoles = latestDeviceId == null
+    val sqliteDeviceChanged = latestDeviceId != null && latestDeviceId != normalizedDevice
+    val shouldDropLegacyAuth =
+      sqliteDeviceChanged ||
+        legacyPrefs.keysWithPrefix(deviceAuthTokenPrefix).any {
+          !it.startsWith(tokenKeyPrefix(normalizedDevice))
+        }
+    if (sqliteDeviceChanged) {
+      stateStore.deleteAllDeviceAuthTokens()
+    }
+    if (shouldDropLegacyAuth) {
+      removeForeignLegacyEntries(normalizedDevice)
+    }
+    if (shouldSeedSameDeviceLegacyRoles) {
+      migrateLegacyEntriesForDevice(normalizedDevice)
+    }
+    legacyPrefs.putString(tokenKey(normalizedDevice, normalizedRole), token.trim())
+    removeLegacyMetadata(normalizedDevice, normalizedRole)
+    stateStore.upsertDeviceAuthToken(
+      OpenClawSQLiteDeviceAuthTokenRow(
+        deviceId = normalizedDevice,
+        role = normalizedRole,
+        token = sqliteSecurePrefsTokenMarker,
+        scopesJson = json.encodeToString(normalizedScopes),
+        updatedAtMs = System.currentTimeMillis(),
       ),
     )
   }
@@ -92,28 +192,124 @@ class DeviceAuthStore(
     deviceId: String,
     role: String,
   ) {
-    val key = tokenKey(deviceId, role)
-    prefs.remove(key)
-    prefs.remove(metadataKey(deviceId, role))
+    val normalizedDevice = normalizeDeviceId(deviceId)
+    val normalizedRole = normalizeRole(role)
+    removeLegacyEntry(normalizedDevice, normalizedRole)
+    stateStore.deleteDeviceAuthToken(
+      deviceId = normalizedDevice,
+      role = normalizedRole,
+    )
   }
 
+  private fun migrateLegacyEntryIfNoSqliteAuthRows(
+    normalizedDevice: String,
+    normalizedRole: String,
+  ): DeviceAuthEntry? {
+    if (stateStore.readLatestDeviceAuthDeviceId() != null) {
+      removeLegacyEntry(normalizedDevice, normalizedRole)
+      return null
+    }
+    return migrateLegacyEntriesForDevice(normalizedDevice)[normalizedRole]
+  }
+
+  private fun migrateLegacyEntriesForDevice(normalizedDevice: String): Map<String, DeviceAuthEntry> {
+    val prefix = tokenKeyPrefix(normalizedDevice)
+    return legacyPrefs
+      .keysWithPrefix(prefix)
+      .mapNotNull { key ->
+        val role = normalizeRole(key.removePrefix(prefix))
+        if (role.isEmpty()) {
+          null
+        } else {
+          migrateLegacyEntry(normalizedDevice, role)?.let { role to it }
+        }
+      }.toMap()
+  }
+
+  private fun migrateLegacyEntry(
+    normalizedDevice: String,
+    normalizedRole: String,
+  ): DeviceAuthEntry? {
+    val token =
+      legacyPrefs
+        .getString(tokenKey(normalizedDevice, normalizedRole))
+        ?.trim()
+        ?.takeIf { it.isNotEmpty() }
+        ?: return null
+    val metadata =
+      legacyPrefs
+        .getString(metadataKey(normalizedDevice, normalizedRole))
+        ?.let { raw -> runCatching { json.decodeFromString<PersistedDeviceAuthMetadata>(raw) }.getOrNull() }
+    val entry =
+      DeviceAuthEntry(
+        token = token,
+        role = normalizedRole,
+        scopes = normalizeScopes(metadata?.scopes ?: emptyList()),
+        updatedAtMs = metadata?.updatedAtMs?.takeIf { it > 0L } ?: System.currentTimeMillis(),
+      )
+    val migrated =
+      runCatching {
+        stateStore.upsertDeviceAuthToken(
+          OpenClawSQLiteDeviceAuthTokenRow(
+            deviceId = normalizedDevice,
+            role = normalizedRole,
+            token = sqliteSecurePrefsTokenMarker,
+            scopesJson = json.encodeToString(entry.scopes),
+            updatedAtMs = entry.updatedAtMs,
+          ),
+        )
+      }.isSuccess
+    if (migrated) {
+      legacyPrefs.putString(tokenKey(normalizedDevice, normalizedRole), entry.token)
+      removeLegacyMetadata(normalizedDevice, normalizedRole)
+    }
+    return entry
+  }
+
+  private fun removeLegacyMetadata(
+    normalizedDevice: String,
+    normalizedRole: String,
+  ) {
+    legacyPrefs.remove(metadataKey(normalizedDevice, normalizedRole))
+  }
+
+  private fun removeLegacyEntry(
+    normalizedDevice: String,
+    normalizedRole: String,
+  ) {
+    legacyPrefs.remove(tokenKey(normalizedDevice, normalizedRole))
+    legacyPrefs.remove(metadataKey(normalizedDevice, normalizedRole))
+  }
+
+  private fun removeForeignLegacyEntries(normalizedDevice: String) {
+    val currentTokenPrefix = tokenKeyPrefix(normalizedDevice)
+    legacyPrefs
+      .keysWithPrefix(deviceAuthTokenPrefix)
+      .filterNot { it.startsWith(currentTokenPrefix) }
+      .forEach { legacyPrefs.remove(it) }
+    val currentMetadataPrefix = "$deviceAuthMetadataPrefix$normalizedDevice."
+    legacyPrefs
+      .keysWithPrefix(deviceAuthMetadataPrefix)
+      .filterNot { it.startsWith(currentMetadataPrefix) }
+      .forEach { legacyPrefs.remove(it) }
+  }
+
+  private fun tokenKeyPrefix(normalizedDevice: String): String = "$deviceAuthTokenPrefix$normalizedDevice."
+
   private fun tokenKey(
-    deviceId: String,
-    role: String,
-  ): String {
-    val normalizedDevice = normalizeDeviceId(deviceId)
-    val normalizedRole = normalizeRole(role)
-    return "gateway.deviceToken.$normalizedDevice.$normalizedRole"
-  }
+    normalizedDevice: String,
+    normalizedRole: String,
+  ): String = "${tokenKeyPrefix(normalizedDevice)}$normalizedRole"
 
   private fun metadataKey(
-    deviceId: String,
-    role: String,
-  ): String {
-    val normalizedDevice = normalizeDeviceId(deviceId)
-    val normalizedRole = normalizeRole(role)
-    return "gateway.deviceTokenMeta.$normalizedDevice.$normalizedRole"
-  }
+    normalizedDevice: String,
+    normalizedRole: String,
+  ): String = "$deviceAuthMetadataPrefix$normalizedDevice.$normalizedRole"
+
+  private fun decodeScopes(raw: String): List<String> =
+    runCatching { json.decodeFromString<List<String>>(raw) }
+      .getOrDefault(emptyList())
+      .let(::normalizeScopes)
 
   private fun normalizeDeviceId(deviceId: String): String = deviceId.trim().lowercase()
 

apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceIdentityStore.kt

@@ -19,7 +19,8 @@ class DeviceIdentityStore(
   context: Context,
 ) {
   private val json = Json { ignoreUnknownKeys = true }
-  private val identityFile = File(context.filesDir, "openclaw/identity/device.json")
+  private val stateStore = OpenClawSQLiteStateStore(context)
+  private val legacyIdentityFile = File(context.filesDir, "openclaw/identity/device.json")
 
   @Volatile private var cachedIdentity: DeviceIdentity? = null
 
@@ -28,16 +29,14 @@ class DeviceIdentityStore(
     cachedIdentity?.let { return it }
     val existing = load()
     if (existing != null) {
-      val derived = deriveDeviceId(existing.publicKeyRawBase64)
-      if (derived != null && derived != existing.deviceId) {
-        val updated = existing.copy(deviceId = derived)
-        save(updated)
-        cachedIdentity = updated
-        return updated
-      }
       cachedIdentity = existing
       return existing
     }
+    if (legacyIdentityFile.exists()) {
+      val migrated = migrateLegacyIdentity()
+      cachedIdentity = migrated
+      return migrated
+    }
     val fresh = generate()
     save(fresh)
     cachedIdentity = fresh
@@ -111,34 +110,76 @@ class DeviceIdentityStore(
       null
     }
 
-  private fun load(): DeviceIdentity? = readIdentity(identityFile)
+  private fun load(): DeviceIdentity? {
+    val row = stateStore.readDeviceIdentity(IDENTITY_KEY) ?: return null
+    return readIdentity(row)
+      ?: throw IllegalStateException(
+        "Stored OpenClaw device identity is invalid. Run openclaw doctor --fix.",
+      )
+  }
 
-  private fun readIdentity(file: File): DeviceIdentity? {
-    return try {
-      if (!file.exists()) return null
-      val raw = file.readText(Charsets.UTF_8)
-      val decoded = json.decodeFromString(DeviceIdentity.serializer(), raw)
-      if (decoded.deviceId.isBlank() ||
-        decoded.publicKeyRawBase64.isBlank() ||
-        decoded.privateKeyPkcs8Base64.isBlank()
-      ) {
-        null
-      } else {
-        decoded
+  private fun migrateLegacyIdentity(): DeviceIdentity {
+    val raw =
+      try {
+        legacyIdentityFile.readText(Charsets.UTF_8)
+      } catch (error: Throwable) {
+        throw IllegalStateException("Failed to read legacy OpenClaw device identity.", error)
       }
+    val identity =
+      runCatching { json.decodeFromString(DeviceIdentity.serializer(), raw) }
+        .getOrNull()
+        ?.let(::normalizeRawIdentity)
+        ?: throw IllegalStateException(
+          "Legacy OpenClaw device identity is invalid. Run openclaw doctor --fix.",
+        )
+    save(identity)
+    legacyIdentityFile.delete()
+    return identity
+  }
+
+  private fun normalizeRawIdentity(identity: DeviceIdentity): DeviceIdentity? =
+    try {
+      if (identity.publicKeyRawBase64.isBlank() || identity.privateKeyPkcs8Base64.isBlank()) {
+        return null
+      }
+      val publicRaw = Base64.decode(identity.publicKeyRawBase64, Base64.DEFAULT)
+      val privateDer = Base64.decode(identity.privateKeyPkcs8Base64, Base64.DEFAULT)
+      if (publicRaw.size != ED25519_KEY_SIZE || privateDer.isEmpty()) {
+        return null
+      }
+      val normalized = identity.copy(deviceId = sha256Hex(publicRaw))
+      if (!hasMatchingKeyPair(normalized)) {
+        return null
+      }
+      normalized
     } catch (_: Throwable) {
       null
     }
+
+  private fun readIdentity(row: OpenClawSQLiteDeviceIdentityRow): DeviceIdentity? =
+    PersistedDeviceIdentity(
+      deviceId = row.deviceId,
+      publicKeyPem = row.publicKeyPem,
+      privateKeyPem = row.privateKeyPem,
+      createdAtMs = row.createdAtMs,
+    ).toRuntimeIdentity()?.takeIf(::hasMatchingKeyPair)
+
+  private fun hasMatchingKeyPair(identity: DeviceIdentity): Boolean {
+    val signature = signPayload(KEYPAIR_VALIDATION_PAYLOAD, identity) ?: return false
+    return verifySelfSignature(KEYPAIR_VALIDATION_PAYLOAD, signature, identity)
   }
 
   private fun save(identity: DeviceIdentity) {
-    try {
-      identityFile.parentFile?.mkdirs()
-      val encoded = json.encodeToString(DeviceIdentity.serializer(), identity)
-      identityFile.writeText(encoded, Charsets.UTF_8)
-    } catch (_: Throwable) {
-      // best-effort only
-    }
+    val persisted = PersistedDeviceIdentity.fromRuntimeIdentity(identity)
+    stateStore.writeDeviceIdentity(
+      OpenClawSQLiteDeviceIdentityRow(
+        deviceId = persisted.deviceId,
+        publicKeyPem = persisted.publicKeyPem,
+        privateKeyPem = persisted.privateKeyPem,
+        createdAtMs = persisted.createdAtMs,
+      ),
+      identityKey = IDENTITY_KEY,
+    )
   }
 
   private fun generate(): DeviceIdentity {
@@ -168,14 +209,6 @@ class DeviceIdentityStore(
     )
   }
 
-  private fun deriveDeviceId(publicKeyRawBase64: String): String? =
-    try {
-      val raw = Base64.decode(publicKeyRawBase64, Base64.DEFAULT)
-      sha256Hex(raw)
-    } catch (_: Throwable) {
-      null
-    }
-
   private fun sha256Hex(data: ByteArray): String {
     val digest = MessageDigest.getInstance("SHA-256").digest(data)
     val out = CharArray(digest.size * 2)
@@ -194,7 +227,92 @@ class DeviceIdentityStore(
       Base64.URL_SAFE or Base64.NO_WRAP or Base64.NO_PADDING,
     )
 
+  @Serializable
+  private data class PersistedDeviceIdentity(
+    val version: Int = 1,
+    val deviceId: String,
+    val publicKeyPem: String,
+    val privateKeyPem: String,
+    val createdAtMs: Long,
+  ) {
+    fun toRuntimeIdentity(): DeviceIdentity? {
+      if (version != 1 || deviceId.isBlank() || publicKeyPem.isBlank() || privateKeyPem.isBlank()) {
+        return null
+      }
+      val publicDer = decodePem(publicKeyPem, "PUBLIC KEY") ?: return null
+      if (!publicDer.startsWith(PUBLIC_KEY_INFO_PREFIX)) return null
+      val publicRaw = publicDer.copyOfRange(PUBLIC_KEY_INFO_PREFIX.size, publicDer.size)
+      if (publicRaw.size != ED25519_KEY_SIZE) return null
+      val derivedDeviceId = sha256HexStatic(publicRaw)
+      if (derivedDeviceId != deviceId.lowercase()) return null
+      val privateDer = decodePem(privateKeyPem, "PRIVATE KEY") ?: return null
+      return DeviceIdentity(
+        deviceId = derivedDeviceId,
+        publicKeyRawBase64 = Base64.encodeToString(publicRaw, Base64.NO_WRAP),
+        privateKeyPkcs8Base64 = Base64.encodeToString(privateDer, Base64.NO_WRAP),
+        createdAtMs = createdAtMs,
+      )
+    }
+
+    companion object {
+      fun fromRuntimeIdentity(identity: DeviceIdentity): PersistedDeviceIdentity {
+        val publicRaw = Base64.decode(identity.publicKeyRawBase64, Base64.DEFAULT)
+        val privateDer = Base64.decode(identity.privateKeyPkcs8Base64, Base64.DEFAULT)
+        return PersistedDeviceIdentity(
+          deviceId = identity.deviceId,
+          publicKeyPem = encodePem("PUBLIC KEY", PUBLIC_KEY_INFO_PREFIX + publicRaw),
+          privateKeyPem = encodePem("PRIVATE KEY", privateDer),
+          createdAtMs = identity.createdAtMs,
+        )
+      }
+    }
+  }
+
   companion object {
+    private const val IDENTITY_KEY = "default"
+    private const val KEYPAIR_VALIDATION_PAYLOAD = "openclaw-device-identity-keypair-validation"
+    private const val ED25519_KEY_SIZE = 32
     private val HEX = "0123456789abcdef".toCharArray()
+    private val PUBLIC_KEY_INFO_PREFIX =
+      byteArrayOf(0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00)
+
+    private fun ByteArray.startsWith(prefix: ByteArray): Boolean = size >= prefix.size && prefix.indices.all { this[it] == prefix[it] }
+
+    private fun encodePem(
+      label: String,
+      bytes: ByteArray,
+    ): String {
+      val body = Base64.encodeToString(bytes, Base64.NO_WRAP)
+      val wrapped = body.chunked(64).joinToString("\n")
+      return "-----BEGIN $label-----\n$wrapped\n-----END $label-----\n"
+    }
+
+    private fun decodePem(
+      pem: String,
+      label: String,
+    ): ByteArray? {
+      val header = "-----BEGIN $label-----"
+      val footer = "-----END $label-----"
+      val trimmed = pem.trim()
+      if (!trimmed.startsWith(header) || !trimmed.endsWith(footer)) return null
+      val body =
+        trimmed
+          .removePrefix(header)
+          .removeSuffix(footer)
+          .replace("\\s".toRegex(), "")
+      return runCatching { Base64.decode(body, Base64.DEFAULT) }.getOrNull()
+    }
+
+    private fun sha256HexStatic(data: ByteArray): String {
+      val digest = MessageDigest.getInstance("SHA-256").digest(data)
+      val out = CharArray(digest.size * 2)
+      var i = 0
+      for (byte in digest) {
+        val v = byte.toInt() and 0xff
+        out[i++] = HEX[v ushr 4]
+        out[i++] = HEX[v and 0x0f]
+      }
+      return String(out)
+    }
   }
 }

apps/android/app/src/main/java/ai/openclaw/app/gateway/OpenClawSQLiteStateStore.kt

@@ -0,0 +1,310 @@
+package ai.openclaw.app.gateway
+
+import android.content.ContentValues
+import android.content.Context
+import android.database.sqlite.SQLiteDatabase
+import java.io.File
+
+data class OpenClawSQLiteDeviceIdentityRow(
+  val deviceId: String,
+  val publicKeyPem: String,
+  val privateKeyPem: String,
+  val createdAtMs: Long,
+)
+
+data class OpenClawSQLiteDeviceAuthTokenRow(
+  val deviceId: String,
+  val role: String,
+  val token: String,
+  val scopesJson: String,
+  val updatedAtMs: Long,
+)
+
+class OpenClawSQLiteStateStore(
+  context: Context,
+) {
+  private val appContext = context.applicationContext
+  private val databaseFile = File(appContext.filesDir, "openclaw/state/openclaw.sqlite")
+
+  fun databaseFile(): File = databaseFile
+
+  @Synchronized
+  fun readDeviceIdentity(identityKey: String = "default"): OpenClawSQLiteDeviceIdentityRow? {
+    if (!databaseFile.exists()) return null
+    return openDatabase().use { db ->
+      db
+        .rawQuery(
+          """
+          SELECT device_id, public_key_pem, private_key_pem, created_at_ms
+          FROM device_identities
+          WHERE identity_key = ?
+          """.trimIndent(),
+          arrayOf(identityKey),
+        ).use { cursor ->
+          if (!cursor.moveToFirst()) return@use null
+          OpenClawSQLiteDeviceIdentityRow(
+            deviceId = cursor.getString(0),
+            publicKeyPem = cursor.getString(1),
+            privateKeyPem = cursor.getString(2),
+            createdAtMs = cursor.getLong(3),
+          )
+        }
+    }
+  }
+
+  @Synchronized
+  fun writeDeviceIdentity(
+    identity: OpenClawSQLiteDeviceIdentityRow,
+    identityKey: String = "default",
+    updatedAtMs: Long = System.currentTimeMillis(),
+  ) {
+    openDatabase().use { db ->
+      db.inWriteTransaction {
+        val values =
+          ContentValues().apply {
+            put("identity_key", identityKey)
+            put("device_id", identity.deviceId)
+            put("public_key_pem", identity.publicKeyPem)
+            put("private_key_pem", identity.privateKeyPem)
+            put("created_at_ms", identity.createdAtMs)
+            put("updated_at_ms", updatedAtMs)
+          }
+        db.insertWithOnConflict("device_identities", null, values, SQLiteDatabase.CONFLICT_REPLACE)
+      }
+    }
+  }
+
+  @Synchronized
+  fun readDeviceAuthToken(
+    deviceId: String,
+    role: String,
+  ): OpenClawSQLiteDeviceAuthTokenRow? {
+    if (!databaseFile.exists()) return null
+    return openDatabase().use { db ->
+      db
+        .rawQuery(
+          """
+          SELECT device_id, role, token, scopes_json, updated_at_ms
+          FROM device_auth_tokens
+          WHERE device_id = ? AND role = ?
+          """.trimIndent(),
+          arrayOf(deviceId, role),
+        ).use { cursor ->
+          if (!cursor.moveToFirst()) return@use null
+          OpenClawSQLiteDeviceAuthTokenRow(
+            deviceId = cursor.getString(0),
+            role = cursor.getString(1),
+            token = cursor.getString(2),
+            scopesJson = cursor.getString(3),
+            updatedAtMs = cursor.getLong(4),
+          )
+        }
+    }
+  }
+
+  @Synchronized
+  fun readLatestDeviceAuthDeviceId(): String? {
+    if (!databaseFile.exists()) return null
+    return openDatabase().use { db ->
+      db
+        .rawQuery(
+          """
+          SELECT device_id
+          FROM device_auth_tokens
+          ORDER BY updated_at_ms DESC, device_id ASC
+          LIMIT 1
+          """.trimIndent(),
+          emptyArray(),
+        ).use { cursor ->
+          if (cursor.moveToFirst()) cursor.getString(0) else null
+        }
+    }
+  }
+
+  @Synchronized
+  fun upsertDeviceAuthToken(row: OpenClawSQLiteDeviceAuthTokenRow) {
+    openDatabase().use { db ->
+      db.inWriteTransaction {
+        val values =
+          ContentValues().apply {
+            put("device_id", row.deviceId)
+            put("role", row.role)
+            put("token", row.token)
+            put("scopes_json", row.scopesJson)
+            put("updated_at_ms", row.updatedAtMs)
+          }
+        db.insertWithOnConflict("device_auth_tokens", null, values, SQLiteDatabase.CONFLICT_REPLACE)
+      }
+    }
+  }
+
+  @Synchronized
+  fun deleteDeviceAuthToken(
+    deviceId: String,
+    role: String,
+  ) {
+    openDatabase().use { db ->
+      db.inWriteTransaction {
+        db.delete("device_auth_tokens", "device_id = ? AND role = ?", arrayOf(deviceId, role))
+      }
+    }
+  }
+
+  @Synchronized
+  fun deleteAllDeviceAuthTokens() {
+    openDatabase().use { db ->
+      db.inWriteTransaction {
+        db.delete("device_auth_tokens", null, null)
+      }
+    }
+  }
+
+  @Synchronized
+  fun readRecentNotificationPackages(limit: Int = 64): List<String> {
+    if (!databaseFile.exists()) return emptyList()
+    return openDatabase().use { db ->
+      db
+        .rawQuery(
+          """
+          SELECT package_name
+          FROM android_notification_recent_packages
+          ORDER BY sort_order ASC, package_name ASC
+          LIMIT ?
+          """.trimIndent(),
+          arrayOf(limit.coerceAtLeast(0).toString()),
+        ).use { cursor ->
+          val packages = mutableListOf<String>()
+          while (cursor.moveToNext()) {
+            packages += cursor.getString(0)
+          }
+          packages
+        }
+    }
+  }
+
+  @Synchronized
+  fun replaceRecentNotificationPackages(
+    packageNames: List<String>,
+    limit: Int = 64,
+    updatedAtMs: Long = System.currentTimeMillis(),
+  ) {
+    val normalized =
+      packageNames
+        .asSequence()
+        .map { it.trim() }
+        .filter { it.isNotEmpty() }
+        .distinct()
+        .take(limit.coerceAtLeast(0))
+        .toList()
+    openDatabase().use { db ->
+      db.inWriteTransaction {
+        db.delete("android_notification_recent_packages", null, null)
+        normalized.forEachIndexed { index, packageName ->
+          val values =
+            ContentValues().apply {
+              put("package_name", packageName)
+              put("sort_order", index)
+              put("updated_at_ms", updatedAtMs)
+            }
+          db.insertWithOnConflict(
+            "android_notification_recent_packages",
+            null,
+            values,
+            SQLiteDatabase.CONFLICT_REPLACE,
+          )
+        }
+      }
+    }
+  }
+
+  private fun openDatabase(): SQLiteDatabase {
+    databaseFile.parentFile?.mkdirs()
+    val db =
+      SQLiteDatabase.openDatabase(
+        databaseFile.absolutePath,
+        null,
+        SQLiteDatabase.OPEN_READWRITE or SQLiteDatabase.CREATE_IF_NECESSARY,
+      )
+    configure(db)
+    return db
+  }
+
+  private fun configure(db: SQLiteDatabase) {
+    db.enableWriteAheadLogging()
+    executePragma(db, "PRAGMA synchronous = NORMAL")
+    executePragma(db, "PRAGMA busy_timeout = 30000")
+    executePragma(db, "PRAGMA foreign_keys = ON")
+    db.execSQL(
+      """
+      CREATE TABLE IF NOT EXISTS device_identities (
+        identity_key TEXT NOT NULL PRIMARY KEY,
+        device_id TEXT NOT NULL,
+        public_key_pem TEXT NOT NULL,
+        private_key_pem TEXT NOT NULL,
+        created_at_ms INTEGER NOT NULL,
+        updated_at_ms INTEGER NOT NULL
+      )
+      """.trimIndent(),
+    )
+    db.execSQL(
+      """
+      CREATE INDEX IF NOT EXISTS idx_device_identities_device
+      ON device_identities(device_id, updated_at_ms DESC)
+      """.trimIndent(),
+    )
+    db.execSQL(
+      """
+      CREATE TABLE IF NOT EXISTS device_auth_tokens (
+        device_id TEXT NOT NULL,
+        role TEXT NOT NULL,
+        token TEXT NOT NULL,
+        scopes_json TEXT NOT NULL,
+        updated_at_ms INTEGER NOT NULL,
+        PRIMARY KEY (device_id, role)
+      )
+      """.trimIndent(),
+    )
+    db.execSQL(
+      """
+      CREATE INDEX IF NOT EXISTS idx_device_auth_tokens_updated
+      ON device_auth_tokens(updated_at_ms DESC, device_id, role)
+      """.trimIndent(),
+    )
+    db.execSQL(
+      """
+      CREATE TABLE IF NOT EXISTS android_notification_recent_packages (
+        package_name TEXT NOT NULL PRIMARY KEY,
+        sort_order INTEGER NOT NULL,
+        updated_at_ms INTEGER NOT NULL
+      )
+      """.trimIndent(),
+    )
+    db.execSQL(
+      """
+      CREATE INDEX IF NOT EXISTS idx_android_notification_recent_packages_order
+      ON android_notification_recent_packages(sort_order, package_name)
+      """.trimIndent(),
+    )
+  }
+
+  private fun executePragma(
+    db: SQLiteDatabase,
+    sql: String,
+  ) {
+    db.rawQuery(sql, null).use { cursor ->
+      if (cursor.moveToFirst()) {
+        // Some PRAGMA assignments return their new value; reading it closes the cursor cleanly.
+      }
+    }
+  }
+
+  private inline fun SQLiteDatabase.inWriteTransaction(body: () -> Unit) {
+    beginTransaction()
+    try {
+      body()
+      setTransactionSuccessful()
+    } finally {
+      endTransaction()
+    }
+  }
+}

apps/android/app/src/main/java/ai/openclaw/app/node/CameraHandler.kt

@@ -3,7 +3,6 @@ package ai.openclaw.app.node
 import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.CameraHudKind
 import ai.openclaw.app.gateway.GatewaySession
-import android.content.Context
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.withContext
@@ -19,7 +18,6 @@ internal const val CAMERA_CLIP_MAX_RAW_BYTES: Long = 18L * 1024L * 1024L
 internal fun isCameraClipWithinPayloadLimit(rawBytes: Long): Boolean = rawBytes in 0L..CAMERA_CLIP_MAX_RAW_BYTES
 
 class CameraHandler(
-  private val appContext: Context,
   private val camera: CameraCaptureManager,
   private val externalAudioCaptureActive: MutableStateFlow<Boolean>,
   private val showCameraHud: (message: String, kind: CameraHudKind, autoHideMs: Long?) -> Unit,
@@ -54,16 +52,12 @@ class CameraHandler(
     }
 
   suspend fun handleSnap(paramsJson: String?): GatewaySession.InvokeResult {
-    val logFile = if (BuildConfig.DEBUG) java.io.File(appContext.cacheDir, "camera_debug.log") else null
-
     fun camLog(msg: String) {
       if (!BuildConfig.DEBUG) return
       val ts = java.text.SimpleDateFormat("HH:mm:ss.SSS", java.util.Locale.US).format(java.util.Date())
-      logFile?.appendText("[$ts] $msg\n")
-      android.util.Log.w("openclaw", "camera.snap: $msg")
+      android.util.Log.w("openclaw", "camera.snap[$ts]: $msg")
     }
     try {
-      logFile?.writeText("") // clear
       camLog("starting, params=$paramsJson")
       camLog("calling showCameraHud")
       showCameraHud("Taking photo…", CameraHudKind.Photo, null)
@@ -93,18 +87,14 @@ class CameraHandler(
   }
 
   suspend fun handleClip(paramsJson: String?): GatewaySession.InvokeResult {
-    val clipLogFile = if (BuildConfig.DEBUG) java.io.File(appContext.cacheDir, "camera_debug.log") else null
-
     fun clipLog(msg: String) {
       if (!BuildConfig.DEBUG) return
       val ts = java.text.SimpleDateFormat("HH:mm:ss.SSS", java.util.Locale.US).format(java.util.Date())
-      clipLogFile?.appendText("[CLIP $ts] $msg\n")
-      android.util.Log.w("openclaw", "camera.clip: $msg")
+      android.util.Log.w("openclaw", "camera.clip[$ts]: $msg")
     }
     val includeAudio = parseIncludeAudio(paramsJson) ?: true
     if (includeAudio) externalAudioCaptureActive.value = true
     try {
-      clipLogFile?.writeText("") // clear
       clipLog("starting, params=$paramsJson includeAudio=$includeAudio")
       clipLog("calling showCameraHud")
       showCameraHud("Recording…", CameraHudKind.Recording, null)

apps/android/app/src/main/java/ai/openclaw/app/node/DebugHandler.kt

@@ -3,13 +3,16 @@ package ai.openclaw.app.node
 import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.gateway.DeviceIdentityStore
 import ai.openclaw.app.gateway.GatewaySession
-import android.content.Context
 import kotlinx.serialization.json.JsonPrimitive
+import java.io.InputStream
+import java.util.concurrent.TimeUnit
+import java.util.concurrent.atomic.AtomicReference
 
 private const val LOGCAT_PATH = "/system/bin/logcat"
+private const val LOGCAT_TIMEOUT_MS = 4_000L
+private const val LOGCAT_MAX_CHARS = 128_000
 
 class DebugHandler(
-  private val appContext: Context,
   private val identityStore: DeviceIdentityStore,
 ) {
   fun handleEd25519(): GatewaySession.InvokeResult {
@@ -81,24 +84,14 @@ class DebugHandler(
     val pid = android.os.Process.myPid()
     val rt = Runtime.getRuntime()
     val info = "v6 pid=$pid thread=${Thread.currentThread().name} free=${rt.freeMemory() / 1024}K total=${rt.totalMemory() / 1024}K max=${rt.maxMemory() / 1024}K uptime=${android.os.SystemClock.elapsedRealtime() / 1000}s sdk=${android.os.Build.VERSION.SDK_INT} device=${android.os.Build.MODEL}\n"
-    // Run logcat on current dispatcher thread (no withContext) with file redirect
+    // Run logcat on current dispatcher thread; output is bounded by -t and never staged to disk.
     val logResult =
       try {
-        val tmpFile = java.io.File(appContext.cacheDir, "debug_logs.txt")
-        if (tmpFile.exists()) tmpFile.delete()
         val pb = ProcessBuilder(LOGCAT_PATH, "-d", "-t", "200", "--pid=$pid")
-        pb.redirectOutput(tmpFile)
         pb.redirectErrorStream(true)
         val proc = pb.start()
-        val finished = proc.waitFor(4, java.util.concurrent.TimeUnit.SECONDS)
-        if (!finished) proc.destroyForcibly()
-        val raw =
-          if (tmpFile.exists() && tmpFile.length() > 0) {
-            tmpFile.readText().take(128000)
-          } else {
-            "(no output, finished=$finished, exists=${tmpFile.exists()})"
-          }
-        tmpFile.delete()
+        val (finished, raw) = collectProcessOutput(proc, LOGCAT_TIMEOUT_MS, LOGCAT_MAX_CHARS)
+        val normalizedRaw = raw.ifBlank { "(no output, finished=$finished)" }
         val spamPatterns =
           listOf(
             "setRequestedFrameRate",
@@ -119,7 +112,7 @@ class DebugHandler(
             "IncorrectContextUseViolation",
           )
         val sb = StringBuilder()
-        for (line in raw.lineSequence()) {
+        for (line in normalizedRaw.lineSequence()) {
           if (line.isBlank()) continue
           if (spamPatterns.any { line.contains(it) }) continue
           if (sb.length + line.length > 16000) {
@@ -129,18 +122,55 @@ class DebugHandler(
           if (sb.isNotEmpty()) sb.append('\n')
           sb.append(line)
         }
-        sb.toString().ifEmpty { "(all ${raw.lines().size} lines filtered as spam)" }
+        sb.toString().ifEmpty { "(all ${normalizedRaw.lines().size} lines filtered as spam)" }
       } catch (e: Throwable) {
         "(logcat error: ${e::class.java.simpleName}: ${e.message})"
       }
-    // Also include camera debug log if it exists
-    val camLogFile = java.io.File(appContext.cacheDir, "camera_debug.log")
-    val camLog =
-      if (camLogFile.exists() && camLogFile.length() > 0) {
-        "\n--- camera_debug.log ---\n" + camLogFile.readText().take(4000)
-      } else {
-        ""
-      }
-    return GatewaySession.InvokeResult.ok("""{"logs":${JsonPrimitive(info + logResult + camLog)}}""")
+    return GatewaySession.InvokeResult.ok("""{"logs":${JsonPrimitive(info + logResult)}}""")
   }
 }
+
+internal fun collectProcessOutput(
+  process: Process,
+  timeoutMs: Long,
+  maxChars: Int,
+): Pair<Boolean, String> {
+  val output = AtomicReference("")
+  val failure = AtomicReference<Throwable?>(null)
+  val reader =
+    Thread({
+      try {
+        output.set(readBoundedText(process.inputStream, maxChars))
+      } catch (error: Throwable) {
+        failure.set(error)
+      }
+    }, "openclaw-debug-output-reader")
+  reader.isDaemon = true
+  reader.start()
+
+  val finished = process.waitFor(timeoutMs, TimeUnit.MILLISECONDS)
+  if (!finished) {
+    process.destroyForcibly()
+  }
+  reader.join(1_000)
+  failure.get()?.let { throw it }
+  return finished to output.get()
+}
+
+private fun readBoundedText(
+  stream: InputStream,
+  maxChars: Int,
+): String =
+  stream.bufferedReader().use { reader ->
+    val out = StringBuilder(minOf(maxChars, 8192))
+    val buffer = CharArray(4096)
+    while (true) {
+      val read = reader.read(buffer)
+      if (read < 0) break
+      val remaining = maxChars - out.length
+      if (remaining > 0) {
+        out.append(buffer, 0, minOf(read, remaining))
+      }
+    }
+    out.toString()
+  }

apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt

@@ -3,6 +3,7 @@ package ai.openclaw.app.node
 import ai.openclaw.app.NotificationBurstLimiter
 import ai.openclaw.app.SecurePrefs
 import ai.openclaw.app.allowsPackage
+import ai.openclaw.app.gateway.OpenClawSQLiteStateStore
 import ai.openclaw.app.isWithinQuietHours
 import android.app.Notification
 import android.app.NotificationManager
@@ -12,7 +13,6 @@ import android.content.Context
 import android.content.Intent
 import android.service.notification.NotificationListenerService
 import android.service.notification.StatusBarNotification
-import androidx.core.content.edit
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonObject
@@ -278,8 +278,9 @@ class DeviceNotificationListenerService : NotificationListenerService() {
   }
 
   companion object {
-    private const val recentPackagesPref = "notifications.forwarding.recentPackages"
-    private const val legacyRecentPackagesPref = "notifications.recentPackages"
+    private const val notificationsPrefsPrefix = "notifications."
+    private const val recentPackagesPref = notificationsPrefsPrefix + "forwarding.recentPackages"
+    private const val legacyRecentPackagesPref = notificationsPrefsPrefix + "recentPackages"
     private const val recentPackagesLimit = 64
 
     @Volatile private var activeService: DeviceNotificationListenerService? = null
@@ -292,31 +293,45 @@ class DeviceNotificationListenerService : NotificationListenerService() {
       nodeEventSink = sink
     }
 
-    private fun recentPackagesPrefs(context: Context) = context.applicationContext.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
+    private fun recentPackagesPrefs(context: Context) =
+      context.applicationContext
+        .getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
 
-    private fun migrateLegacyRecentPackagesIfNeeded(context: Context) {
+    private fun migrateLegacyRecentPackagesIfNeeded(
+      context: Context,
+      stateStore: OpenClawSQLiteStateStore,
+    ): List<String> {
       val prefs = recentPackagesPrefs(context)
-      val hasNew = prefs.contains(recentPackagesPref)
-      val legacy = prefs.getString(legacyRecentPackagesPref, null)?.trim().orEmpty()
-      if (!hasNew && legacy.isNotEmpty()) {
-        prefs.edit {
-          putString(recentPackagesPref, legacy)
-          remove(legacyRecentPackagesPref)
-        }
-      } else if (hasNew && prefs.contains(legacyRecentPackagesPref)) {
-        prefs.edit { remove(legacyRecentPackagesPref) }
+      val raw =
+        prefs.getString(recentPackagesPref, null)?.trim()?.takeIf { it.isNotEmpty() }
+          ?: prefs.getString(legacyRecentPackagesPref, null)?.trim().orEmpty()
+      val packages =
+        raw
+          .split(',')
+          .map { it.trim() }
+          .filter { it.isNotEmpty() }
+          .distinct()
+          .take(recentPackagesLimit)
+      if (packages.isNotEmpty()) {
+        stateStore.replaceRecentNotificationPackages(packages, recentPackagesLimit)
       }
+      if (prefs.contains(recentPackagesPref) || prefs.contains(legacyRecentPackagesPref)) {
+        prefs
+          .edit()
+          .remove(recentPackagesPref)
+          .remove(legacyRecentPackagesPref)
+          .apply()
+      }
+      return packages
     }
 
     fun recentPackages(context: Context): List<String> {
-      migrateLegacyRecentPackagesIfNeeded(context)
-      val prefs = recentPackagesPrefs(context)
-      val stored = prefs.getString(recentPackagesPref, null).orEmpty()
-      return stored
-        .split(',')
-        .map { it.trim() }
-        .filter { it.isNotEmpty() }
-        .distinct()
+      val stateStore = OpenClawSQLiteStateStore(context)
+      val stored = stateStore.readRecentNotificationPackages(recentPackagesLimit)
+      if (stored.isNotEmpty()) {
+        return stored
+      }
+      return migrateLegacyRecentPackagesIfNeeded(context, stateStore)
     }
 
     fun isAccessEnabled(context: Context): Boolean {
@@ -366,18 +381,13 @@ class DeviceNotificationListenerService : NotificationListenerService() {
       val service = activeService ?: return
       val normalized = packageName?.trim().orEmpty()
       if (normalized.isEmpty() || normalized == service.packageName) return
-      migrateLegacyRecentPackagesIfNeeded(service.applicationContext)
-      val prefs = recentPackagesPrefs(service.applicationContext)
       val existing =
-        prefs
-          .getString(recentPackagesPref, null)
-          .orEmpty()
-          .split(',')
-          .map { it.trim() }
-          .filter { it.isNotEmpty() && it != normalized }
+        recentPackages(service.applicationContext)
+          .filter { it != normalized }
           .take(recentPackagesLimit - 1)
       val updated = listOf(normalized) + existing
-      prefs.edit { putString(recentPackagesPref, updated.joinToString(",")) }
+      OpenClawSQLiteStateStore(service.applicationContext)
+        .replaceRecentNotificationPackages(updated, recentPackagesLimit)
     }
   }
 

apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt

@@ -11,10 +11,6 @@ import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.unit.sp
 
-// ---------------------------------------------------------------------------
-// MobileColors – semantic color tokens with light + dark variants
-// ---------------------------------------------------------------------------
-
 internal data class MobileColors(
   val surface: Color,
   val surfaceStrong: Color,
@@ -108,9 +104,6 @@ internal object MobileColorsAccessor {
     @Composable get() = LocalMobileColors.current
 }
 
-// ---------------------------------------------------------------------------
-// Backward-compatible top-level accessors (composable getters)
-// ---------------------------------------------------------------------------
 // These allow existing call sites to keep using `mobileSurface`, `mobileText`, etc.
 // without converting every file at once. Each resolves to the themed value.
 
@@ -149,10 +142,6 @@ internal val mobileBackgroundGradient: Brush
     )
   }
 
-// ---------------------------------------------------------------------------
-// Typography tokens (theme-independent)
-// ---------------------------------------------------------------------------
-
 internal val mobileFontFamily =
   FontFamily(
     Font(resId = R.font.manrope_400_regular, weight = FontWeight.Normal),

apps/android/app/src/main/java/ai/openclaw/app/ui/ProvidersModelsScreen.kt

@@ -270,7 +270,7 @@ private fun providerPriority(provider: String): Int =
     "google" -> 2
     "openrouter" -> 3
     "ollama", "ollama-local" -> 4
-    "codex", "openai-codex" -> 5
+    "codex" -> 5
     else -> 100
   }
 

apps/android/app/src/test/java/ai/openclaw/app/GatewayBootstrapAuthTest.kt

@@ -130,9 +130,10 @@ class GatewayBootstrapAuthTest {
         android.content.Context.MODE_PRIVATE,
       )
     val prefs = SecurePrefs(app, securePrefsOverride = securePrefs)
-    val runtime = NodeRuntime(app, prefs)
+    val authStore = DeviceAuthStore(app, legacyPrefsOverride = prefs)
+    val runtime = NodeRuntime(app, prefs, deviceAuthStore = authStore)
     val deviceId = DeviceIdentityStore(app).loadOrCreate().deviceId
-    DeviceAuthStore(prefs).saveToken(deviceId, "operator", "bootstrap-operator-token")
+    authStore.saveToken(deviceId, "operator", "bootstrap-operator-token")
 
     writeField(runtime, "operatorStatusText", "Connecting…")
     invokeMaybeStartOperatorSessionAfterNodeConnect(
@@ -192,6 +193,7 @@ class GatewayBootstrapAuthTest {
           app,
           prefs,
           tlsFingerprintProbe = { _, _ -> GatewayTlsProbeResult(fingerprintSha256 = "fp:1") },
+          deviceAuthStore = DeviceAuthStore(app, legacyPrefsOverride = prefs),
         )
       val endpoint = GatewayEndpoint.manual(host = "gateway.example", port = 18789)
       val explicitAuth =
@@ -326,9 +328,9 @@ class GatewayBootstrapAuthTest {
         android.content.Context.MODE_PRIVATE,
       )
     val prefs = SecurePrefs(app, securePrefsOverride = securePrefs)
-    val runtime = NodeRuntime(app, prefs)
+    val authStore = DeviceAuthStore(app, legacyPrefsOverride = prefs)
+    val runtime = NodeRuntime(app, prefs, deviceAuthStore = authStore)
     val deviceId = DeviceIdentityStore(app).loadOrCreate().deviceId
-    val authStore = DeviceAuthStore(prefs)
     prefs.setGatewayToken("stale-shared-token")
     prefs.setGatewayBootstrapToken("stale-bootstrap-token")
     prefs.setGatewayPassword("stale-password")

apps/android/app/src/test/java/ai/openclaw/app/gateway/DeviceAuthStoreTest.kt

@@ -4,27 +4,28 @@ import ai.openclaw.app.SecurePrefs
 import android.content.Context
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertNotNull
+import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
+import org.junit.Before
 import org.junit.Test
 import org.junit.runner.RunWith
 import org.robolectric.RobolectricTestRunner
 import org.robolectric.RuntimeEnvironment
 import org.robolectric.annotation.Config
-import java.util.UUID
+import java.io.File
 
 @RunWith(RobolectricTestRunner::class)
 @Config(sdk = [34])
 class DeviceAuthStoreTest {
+  @Before
+  fun resetState() {
+    File(RuntimeEnvironment.getApplication().filesDir, "openclaw").deleteRecursively()
+  }
+
   @Test
-  fun saveTokenPersistsNormalizedScopesMetadata() {
+  fun saveTokenPersistsNormalizedScopesMetadataInSQLite() {
     val app = RuntimeEnvironment.getApplication()
-    val securePrefs =
-      app.getSharedPreferences(
-        "openclaw.node.secure.test.${UUID.randomUUID()}",
-        Context.MODE_PRIVATE,
-      )
-    val prefs = SecurePrefs(app, securePrefsOverride = securePrefs)
-    val store = DeviceAuthStore(prefs)
+    val store = DeviceAuthStore(app, legacyPrefsOverride = legacyPrefs(app))
 
     store.saveToken(
       deviceId = " Device-1 ",
@@ -39,25 +40,255 @@ class DeviceAuthStoreTest {
     assertEquals("operator", entry?.role)
     assertEquals(listOf("operator.read", "operator.write"), entry?.scopes)
     assertTrue((entry?.updatedAtMs ?: 0L) > 0L)
+    val row = OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "operator")
+    assertNotNull(row)
+    assertEquals("__openclaw_secure_prefs__", row?.token)
+    assertEquals("""["operator.read","operator.write"]""", row?.scopesJson)
   }
 
   @Test
-  fun loadEntryReadsLegacyTokenWithoutMetadata() {
+  fun clearTokenUpdatesSQLiteStore() {
     val app = RuntimeEnvironment.getApplication()
-    val securePrefs =
-      app.getSharedPreferences(
-        "openclaw.node.secure.test.${UUID.randomUUID()}",
-        Context.MODE_PRIVATE,
-      )
-    val prefs = SecurePrefs(app, securePrefsOverride = securePrefs)
-    prefs.putString("gateway.deviceToken.device-1.operator", "legacy-token")
-    val store = DeviceAuthStore(prefs)
+    val store = DeviceAuthStore(app, legacyPrefsOverride = legacyPrefs(app))
+    store.saveToken("device-1", "operator", "operator-token", scopes = listOf("operator.read"))
+
+    store.clearToken("device-1", "operator")
+
+    assertNull(store.loadEntry("device-1", "operator"))
+    assertNull(OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "operator"))
+  }
+
+  @Test
+  fun loadEntryMigratesLegacySecurePrefsToken() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    prefs.putString("gateway.deviceToken.device-1.operator", " operator-token ")
+    prefs.putString(
+      "gateway.deviceTokenMeta.device-1.operator",
+      """{"scopes":["operator.write"," operator.read ","operator.write"],"updatedAtMs":1700000000000}""",
+    )
+
+    val entry = DeviceAuthStore(app, legacyPrefsOverride = prefs).loadEntry(" Device-1 ", " Operator ")
 
-    val entry = store.loadEntry("device-1", "operator")
     assertNotNull(entry)
-    assertEquals("legacy-token", entry?.token)
+    assertEquals("operator-token", entry?.token)
     assertEquals("operator", entry?.role)
-    assertEquals(emptyList<String>(), entry?.scopes)
-    assertEquals(0L, entry?.updatedAtMs)
+    assertEquals(listOf("operator.read", "operator.write"), entry?.scopes)
+    assertEquals(1700000000000L, entry?.updatedAtMs)
+    assertEquals("operator-token", prefs.getString("gateway.deviceToken.device-1.operator"))
+    assertNull(prefs.getString("gateway.deviceTokenMeta.device-1.operator"))
+    assertEquals(
+      "__openclaw_secure_prefs__",
+      OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "operator")?.token,
+    )
+  }
+
+  @Test
+  fun loadEntryMigratesAllLegacyRolesBeforeSQLiteRowsExist() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    prefs.putString("gateway.deviceToken.device-1.operator", " operator-token ")
+    prefs.putString(
+      "gateway.deviceTokenMeta.device-1.operator",
+      """{"scopes":["operator.write"],"updatedAtMs":1700000000000}""",
+    )
+    prefs.putString("gateway.deviceToken.device-1.node", " node-token ")
+    prefs.putString(
+      "gateway.deviceTokenMeta.device-1.node",
+      """{"scopes":["node.connect"],"updatedAtMs":1700000000001}""",
+    )
+    val store = DeviceAuthStore(app, legacyPrefsOverride = prefs)
+
+    val operator = store.loadEntry("device-1", "operator")
+    val node = store.loadEntry("device-1", "node")
+
+    assertEquals("operator-token", operator?.token)
+    assertEquals(listOf("operator.write"), operator?.scopes)
+    assertEquals("node-token", node?.token)
+    assertEquals(listOf("node.connect"), node?.scopes)
+    assertEquals(
+      "__openclaw_secure_prefs__",
+      OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "operator")?.token,
+    )
+    assertEquals(
+      "__openclaw_secure_prefs__",
+      OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "node")?.token,
+    )
+  }
+
+  @Test
+  fun loadEntryDoesNotResurrectLegacyRoleAfterSQLiteRowsExist() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    val store = DeviceAuthStore(app, legacyPrefsOverride = prefs)
+
+    store.saveToken("device-1", "operator", "operator-token", scopes = listOf("operator.write"))
+    prefs.putString("gateway.deviceToken.device-1.admin", " stale-admin-token ")
+    prefs.putString(
+      "gateway.deviceTokenMeta.device-1.admin",
+      """{"scopes":["admin"],"updatedAtMs":1700000000000}""",
+    )
+
+    store.saveToken("device-1", "operator", "operator-token-2", scopes = listOf("operator.write"))
+
+    assertNull(store.loadEntry("device-1", "admin"))
+    assertNull(OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "admin"))
+    assertNull(prefs.getString("gateway.deviceToken.device-1.admin"))
+    assertNull(prefs.getString("gateway.deviceTokenMeta.device-1.admin"))
+  }
+
+  @Test
+  fun saveTokenMigratesSameDeviceLegacyRolesBeforeFirstSqliteWrite() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    prefs.putString("gateway.deviceToken.device-1.operator", " old-operator-token ")
+    prefs.putString("gateway.deviceToken.device-1.node", " node-token ")
+    prefs.putString(
+      "gateway.deviceTokenMeta.device-1.node",
+      """{"scopes":["node.connect"],"updatedAtMs":1700000000001}""",
+    )
+    val store = DeviceAuthStore(app, legacyPrefsOverride = prefs)
+
+    store.saveToken("device-1", "operator", "operator-token", scopes = listOf("operator.write"))
+
+    assertEquals("operator-token", store.loadEntry("device-1", "operator")?.token)
+    assertEquals("node-token", store.loadEntry("device-1", "node")?.token)
+    assertEquals(
+      "__openclaw_secure_prefs__",
+      OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "node")?.token,
+    )
+    assertNull(prefs.getString("gateway.deviceTokenMeta.device-1.node"))
+  }
+
+  @Test
+  fun loadEntryReturnsLegacySecurePrefsTokenWhenSQLiteMigrationFails() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    val metadata = """{"scopes":["operator.read"],"updatedAtMs":1700000000000}"""
+    prefs.putString("gateway.deviceToken.device-1.operator", " operator-token ")
+    prefs.putString("gateway.deviceTokenMeta.device-1.operator", metadata)
+
+    val store =
+      DeviceAuthStore.createForTesting(
+        context = app,
+        legacyPrefsOverride = prefs,
+        stateStoreOverride = ThrowingDeviceAuthStateStore(),
+      )
+    val entry = store.loadEntry("device-1", "operator")
+
+    assertEquals("operator-token", entry?.token)
+    assertEquals(listOf("operator.read"), entry?.scopes)
+    assertEquals(1700000000000L, entry?.updatedAtMs)
+    assertEquals(" operator-token ", prefs.getString("gateway.deviceToken.device-1.operator"))
+    assertEquals(metadata, prefs.getString("gateway.deviceTokenMeta.device-1.operator"))
+  }
+
+  @Test
+  fun loadEntryMovesPlaintextSqliteTokenBackToSecurePrefs() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    OpenClawSQLiteStateStore(app).upsertDeviceAuthToken(
+      OpenClawSQLiteDeviceAuthTokenRow(
+        deviceId = "device-1",
+        role = "operator",
+        token = "operator-token",
+        scopesJson = """["operator.read"]""",
+        updatedAtMs = 1700000000000,
+      ),
+    )
+
+    val entry = DeviceAuthStore(app, legacyPrefsOverride = prefs).loadEntry("device-1", "operator")
+
+    assertEquals("operator-token", entry?.token)
+    assertEquals("operator-token", prefs.getString("gateway.deviceToken.device-1.operator"))
+    assertEquals(
+      "__openclaw_secure_prefs__",
+      OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-1", "operator")?.token,
+    )
+  }
+
+  @Test
+  fun saveTokenForDifferentDevicePurgesStaleLegacySecurePrefsTokens() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    prefs.putString("gateway.deviceToken.device-1.operator", " stale-token ")
+    prefs.putString(
+      "gateway.deviceTokenMeta.device-1.operator",
+      """{"scopes":["operator.read"],"updatedAtMs":1700000000000}""",
+    )
+    val store = DeviceAuthStore(app, legacyPrefsOverride = prefs)
+
+    store.saveToken("device-2", "operator", "fresh-token", scopes = listOf("operator.write"))
+
+    assertNull(store.loadEntry("device-1", "operator"))
+    assertNull(prefs.getString("gateway.deviceToken.device-1.operator"))
+    assertNull(prefs.getString("gateway.deviceTokenMeta.device-1.operator"))
+    assertEquals("fresh-token", store.loadEntry("device-2", "operator")?.token)
+    assertEquals("fresh-token", prefs.getString("gateway.deviceToken.device-2.operator"))
+    assertEquals(
+      "__openclaw_secure_prefs__",
+      OpenClawSQLiteStateStore(app).readDeviceAuthToken("device-2", "operator")?.token,
+    )
+  }
+
+  @Test
+  fun saveTokenPrunesForeignLegacyTokensWithoutOrphaningCurrentSqliteRows() {
+    val app = RuntimeEnvironment.getApplication()
+    val prefs = legacyPrefs(app)
+    prefs.putString("gateway.deviceToken.device-1.operator", " operator-token ")
+    prefs.putString("gateway.deviceToken.device-1.node", " node-token ")
+    prefs.putString("gateway.deviceToken.device-2.operator", " stale-token ")
+    val sqlite = OpenClawSQLiteStateStore(app)
+    sqlite.upsertDeviceAuthToken(
+      OpenClawSQLiteDeviceAuthTokenRow(
+        deviceId = "device-1",
+        role = "operator",
+        token = "__openclaw_secure_prefs__",
+        scopesJson = """["operator.read"]""",
+        updatedAtMs = 1700000000000,
+      ),
+    )
+    sqlite.upsertDeviceAuthToken(
+      OpenClawSQLiteDeviceAuthTokenRow(
+        deviceId = "device-1",
+        role = "node",
+        token = "__openclaw_secure_prefs__",
+        scopesJson = """["node.connect"]""",
+        updatedAtMs = 1700000000001,
+      ),
+    )
+    val store = DeviceAuthStore(app, legacyPrefsOverride = prefs)
+
+    store.saveToken("device-1", "operator", "operator-token-2", scopes = listOf("operator.write"))
+
+    assertEquals("operator-token-2", store.loadEntry("device-1", "operator")?.token)
+    assertEquals("node-token", store.loadEntry("device-1", "node")?.token)
+    assertNull(prefs.getString("gateway.deviceToken.device-2.operator"))
+  }
+
+  private fun legacyPrefs(context: Context): SecurePrefs {
+    val prefs = context.getSharedPreferences("openclaw.node.secure.test", Context.MODE_PRIVATE)
+    prefs.edit().clear().commit()
+    return SecurePrefs(context, securePrefsOverride = prefs)
+  }
+
+  private class ThrowingDeviceAuthStateStore : DeviceAuthStateStore {
+    override fun readDeviceAuthToken(
+      deviceId: String,
+      role: String,
+    ): OpenClawSQLiteDeviceAuthTokenRow? = null
+
+    override fun readLatestDeviceAuthDeviceId(): String? = null
+
+    override fun upsertDeviceAuthToken(row: OpenClawSQLiteDeviceAuthTokenRow) {
+      error("sqlite unavailable")
+    }
+
+    override fun deleteDeviceAuthToken(
+      deviceId: String,
+      role: String,
+    ) = Unit
+
+    override fun deleteAllDeviceAuthTokens() = Unit
   }
 }

apps/android/app/src/test/java/ai/openclaw/app/gateway/DeviceIdentityStoreTest.kt

@@ -0,0 +1,169 @@
+package ai.openclaw.app.gateway
+
+import android.database.sqlite.SQLiteDatabase
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertNotNull
+import org.junit.Assert.assertTrue
+import org.junit.Assert.fail
+import org.junit.Before
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.RuntimeEnvironment
+import org.robolectric.annotation.Config
+import java.io.File
+
+@RunWith(RobolectricTestRunner::class)
+@Config(sdk = [34])
+class DeviceIdentityStoreTest {
+  @Before
+  fun resetState() {
+    File(RuntimeEnvironment.getApplication().filesDir, "openclaw").deleteRecursively()
+  }
+
+  @Test
+  fun loadOrCreatePersistsIdentityInSQLiteWithoutJsonSidecars() {
+    val app = RuntimeEnvironment.getApplication()
+    val store = DeviceIdentityStore(app)
+
+    val first = store.loadOrCreate()
+    val roundTripStore = DeviceIdentityStore(app)
+    val second = roundTripStore.loadOrCreate()
+
+    assertEquals(first.deviceId, second.deviceId)
+    assertEquals(first.publicKeyRawBase64, second.publicKeyRawBase64)
+    val signature = roundTripStore.signPayload("payload", second)
+    assertNotNull(signature)
+    assertTrue(roundTripStore.verifySelfSignature("payload", signature ?: "", second))
+    assertFalse(File(app.filesDir, "openclaw/identity/device.json").exists())
+    assertTrue(File(app.filesDir, "openclaw/state/openclaw.sqlite").exists())
+    val persisted = readIdentityRow()
+    assertNotNull(persisted)
+    assertTrue(persisted?.contains("-----BEGIN PUBLIC KEY-----") == true)
+    assertTrue(persisted?.contains(privateKeyMarker("BEGIN")) == true)
+  }
+
+  @Test
+  fun loadOrCreateReadsTypeScriptPemIdentitySchemaFromSQLite() {
+    val app = RuntimeEnvironment.getApplication()
+    val publicKeyPem =
+      """
+      -----BEGIN PUBLIC KEY-----
+      MCowBQYDK2VwAyEAA6EHv/POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg=
+      -----END PUBLIC KEY-----
+      """.trimIndent()
+    val privateKeyPem =
+      pemBlock(
+        "PRIVATE" + " KEY",
+        "MC4CAQAwBQYDK2VwBCIEIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4f",
+      )
+    OpenClawSQLiteStateStore(app).writeDeviceIdentity(
+      OpenClawSQLiteDeviceIdentityRow(
+        deviceId = "56475aa75463474c0285df5dbf2bcab73da651358839e9b77481b2eab107708c",
+        publicKeyPem = publicKeyPem,
+        privateKeyPem = privateKeyPem,
+        createdAtMs = 1_700_000_000_000L,
+      ),
+    )
+
+    val identity = DeviceIdentityStore(app).loadOrCreate()
+
+    assertEquals("56475aa75463474c0285df5dbf2bcab73da651358839e9b77481b2eab107708c", identity.deviceId)
+    assertEquals("A6EHv/POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg=", identity.publicKeyRawBase64)
+    assertEquals("MC4CAQAwBQYDK2VwBCIEIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4f", identity.privateKeyPkcs8Base64)
+    assertEquals(1_700_000_000_000L, identity.createdAtMs)
+  }
+
+  @Test
+  fun loadOrCreateRejectsSQLiteIdentityWhenPrivateKeyDoesNotMatchPublicKey() {
+    val app = RuntimeEnvironment.getApplication()
+    val mismatchedPrivate = DeviceIdentityStore(app).loadOrCreate().privateKeyPkcs8Base64
+    File(app.filesDir, "openclaw").deleteRecursively()
+
+    OpenClawSQLiteStateStore(app).writeDeviceIdentity(
+      OpenClawSQLiteDeviceIdentityRow(
+        deviceId = "56475aa75463474c0285df5dbf2bcab73da651358839e9b77481b2eab107708c",
+        publicKeyPem =
+          """
+          -----BEGIN PUBLIC KEY-----
+          MCowBQYDK2VwAyEAA6EHv/POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg=
+          -----END PUBLIC KEY-----
+          """.trimIndent(),
+        privateKeyPem = pemBlock("PRIVATE" + " KEY", mismatchedPrivate),
+        createdAtMs = 1_700_000_000_000L,
+      ),
+    )
+
+    try {
+      DeviceIdentityStore(app).loadOrCreate()
+      fail("Expected mismatched SQLite identity keypair to block startup")
+    } catch (error: IllegalStateException) {
+      assertTrue(error.message?.contains("Run openclaw doctor --fix") == true)
+    }
+  }
+
+  @Test
+  fun loadOrCreateMigratesLegacyJsonIdentityInApp() {
+    val app = RuntimeEnvironment.getApplication()
+    val seed = DeviceIdentityStore(app).loadOrCreate()
+    File(app.filesDir, "openclaw").deleteRecursively()
+    val legacy = File(app.filesDir, "openclaw/identity/device.json")
+    legacy.parentFile?.mkdirs()
+    legacy.writeText(
+      """
+      {
+        "deviceId": "stale",
+        "publicKeyRawBase64": "${seed.publicKeyRawBase64}",
+        "privateKeyPkcs8Base64": "${seed.privateKeyPkcs8Base64}",
+        "createdAtMs": ${seed.createdAtMs}
+      }
+      """.trimIndent(),
+      Charsets.UTF_8,
+    )
+
+    val migrated = DeviceIdentityStore(app).loadOrCreate()
+
+    assertEquals(seed.deviceId, migrated.deviceId)
+    assertEquals(seed.publicKeyRawBase64, migrated.publicKeyRawBase64)
+    assertFalse(legacy.exists())
+    assertTrue(File(app.filesDir, "openclaw/state/openclaw.sqlite").exists())
+  }
+
+  @Test
+  fun invalidLegacyJsonIdentityFailsClosedInsteadOfRotatingIdentity() {
+    val app = RuntimeEnvironment.getApplication()
+    val legacy = File(app.filesDir, "openclaw/identity/device.json")
+    legacy.parentFile?.mkdirs()
+    legacy.writeText("""{"deviceId":"legacy"}""", Charsets.UTF_8)
+
+    try {
+      DeviceIdentityStore(app).loadOrCreate()
+      fail("Expected invalid legacy JSON identity to block startup")
+    } catch (error: IllegalStateException) {
+      assertTrue(error.message?.contains("Run openclaw doctor --fix") == true)
+    }
+  }
+
+  private fun readIdentityRow(): String? {
+    val dbFile = File(RuntimeEnvironment.getApplication().filesDir, "openclaw/state/openclaw.sqlite")
+    return SQLiteDatabase
+      .openDatabase(dbFile.absolutePath, null, SQLiteDatabase.OPEN_READONLY)
+      .use { db ->
+        db
+          .rawQuery(
+            "SELECT public_key_pem, private_key_pem FROM device_identities WHERE identity_key = ?",
+            arrayOf("default"),
+          ).use { cursor ->
+            if (cursor.moveToFirst()) "${cursor.getString(0)}\n${cursor.getString(1)}" else null
+          }
+      }
+  }
+
+  private fun privateKeyMarker(boundary: String): String = "-----$boundary ${"PRIVATE" + " KEY"}-----"
+
+  private fun pemBlock(
+    label: String,
+    body: String,
+  ) = "-----BEGIN $label-----\n$body\n-----END $label-----"
+}

apps/android/app/src/test/java/ai/openclaw/app/node/DebugHandlerTest.kt

@@ -0,0 +1,21 @@
+package ai.openclaw.app.node
+
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class DebugHandlerTest {
+  @Test
+  fun collectProcessOutputDrainsLargeStdoutBeforeWaiting() {
+    val process =
+      ProcessBuilder("sh", "-c", "yes openclaw-log-line | head -n 20000")
+        .redirectErrorStream(true)
+        .start()
+
+    val (finished, output) = collectProcessOutput(process, timeoutMs = 4_000, maxChars = 128_000)
+
+    assertTrue("expected process to finish without timing out", finished)
+    assertEquals(128_000, output.length)
+    assertTrue(output.startsWith("openclaw-log-line"))
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/node/DeviceNotificationListenerServiceTest.kt

@@ -3,74 +3,66 @@ package ai.openclaw.app.node
 import ai.openclaw.app.NotificationBurstLimiter
 import ai.openclaw.app.NotificationForwardingPolicy
 import ai.openclaw.app.NotificationPackageFilterMode
+import ai.openclaw.app.gateway.OpenClawSQLiteStateStore
 import ai.openclaw.app.isWithinQuietHours
-import android.content.Context
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
-import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
+import org.junit.Before
 import org.junit.Test
 import org.junit.runner.RunWith
 import org.robolectric.RobolectricTestRunner
 import org.robolectric.RuntimeEnvironment
+import java.io.File
 
 @RunWith(RobolectricTestRunner::class)
 class DeviceNotificationListenerServiceTest {
-  @Test
-  fun recentPackages_migratesLegacyPreferenceKey() {
+  @Before
+  fun resetState() {
     val context = RuntimeEnvironment.getApplication()
-    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
-    prefs
-      .edit()
-      .clear()
-      .putString("notifications.recentPackages", "com.example.one, com.example.two")
-      .commit()
+    File(context.filesDir, "openclaw").deleteRecursively()
+  }
+
+  @Test
+  fun recentPackages_readsSqliteRows() {
+    val context = RuntimeEnvironment.getApplication()
+    OpenClawSQLiteStateStore(context).replaceRecentNotificationPackages(
+      listOf("com.example.one", "com.example.two"),
+    )
 
     val packages = DeviceNotificationListenerService.recentPackages(context)
 
     assertEquals(listOf("com.example.one", "com.example.two"), packages)
-    assertEquals(
-      "com.example.one, com.example.two",
-      prefs.getString("notifications.forwarding.recentPackages", null),
-    )
-    assertFalse(prefs.contains("notifications.recentPackages"))
   }
 
   @Test
-  fun recentPackages_cleansUpLegacyKeyWhenNewKeyAlreadyExists() {
+  fun recentPackages_migratesLegacySecurePrefsRows() {
     val context = RuntimeEnvironment.getApplication()
-    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
-    prefs
+    context
+      .getSharedPreferences("openclaw.secure", android.content.Context.MODE_PRIVATE)
       .edit()
-      .clear()
-      .putString("notifications.forwarding.recentPackages", "com.example.new")
-      .putString("notifications.recentPackages", "com.example.legacy")
-      .commit()
+      .putString("notifications." + "recentPackages", " com.example.legacy,com.example.other,com.example.legacy ")
+      .apply()
 
     val packages = DeviceNotificationListenerService.recentPackages(context)
 
-    assertEquals(listOf("com.example.new"), packages)
-    assertNull(prefs.getString("notifications.recentPackages", null))
+    assertEquals(listOf("com.example.legacy", "com.example.other"), packages)
+    assertEquals(
+      listOf("com.example.legacy", "com.example.other"),
+      OpenClawSQLiteStateStore(context).readRecentNotificationPackages(),
+    )
   }
 
   @Test
   fun recentPackages_trimsDedupesAndPreservesRecencyOrder() {
     val context = RuntimeEnvironment.getApplication()
-    val prefs = context.getSharedPreferences("openclaw.secure", Context.MODE_PRIVATE)
-    prefs
-      .edit()
-      .clear()
-      .putString(
-        "notifications.forwarding.recentPackages",
-        " com.example.recent , ,com.example.other,com.example.recent, com.example.third ",
-      ).commit()
+    OpenClawSQLiteStateStore(context).replaceRecentNotificationPackages(
+      listOf(" com.example.recent ", "", "com.example.other", "com.example.recent", "com.example.third"),
+    )
 
     val packages = DeviceNotificationListenerService.recentPackages(context)
 
-    assertEquals(
-      listOf("com.example.recent", "com.example.other", "com.example.third"),
-      packages,
-    )
+    assertEquals(listOf("com.example.recent", "com.example.other", "com.example.third"), packages)
   }
 
   @Test

apps/android/app/src/test/java/ai/openclaw/app/node/InvokeDispatcherTest.kt

@@ -286,7 +286,7 @@ class InvokeDispatcherTest {
           getNodeCanvasHostUrl = { null },
           getOperatorCanvasHostUrl = { null },
         ),
-      debugHandler = DebugHandler(appContext, DeviceIdentityStore(appContext)),
+      debugHandler = DebugHandler(DeviceIdentityStore(appContext)),
       callLogHandler = CallLogHandler.forTesting(appContext, InvokeDispatcherFakeCallLogDataSource()),
       isForeground = { true },
       cameraEnabled = { cameraEnabled },
@@ -308,7 +308,6 @@ class InvokeDispatcherTest {
 
   private fun newCameraHandler(appContext: Context): CameraHandler =
     CameraHandler(
-      appContext = appContext,
       camera = CameraCaptureManager(appContext),
       externalAudioCaptureActive = MutableStateFlow(false),
       showCameraHud = { _, _, _ -> },

apps/ios/CHANGELOG.md

@@ -5,6 +5,8 @@
 Maintenance update for the current OpenClaw release.
 
 - Added hosted push relay defaults, realtime Talk playback, and safer WebSocket ping handling for mobile sessions.
+- Updated App Store screenshots to cover Gateway pairing, Command, Chat, Talk, Agent, and Settings flows.
+- Highlighted realtime Talk relay, Gateway connection status, node capabilities, push wake, and privacy controls.
 
 ## 2026.5.28 - 2026-05-28
 

apps/ios/Sources/Model/NodeAppModel.swift

@@ -2635,8 +2635,21 @@ extension NodeAppModel {
         struct SessionRow: Decodable {
             var key: String
             var updatedAt: Double?
+            var deliveryContext: DeliveryContext?
             var lastChannel: String?
             var lastTo: String?
+
+            var deliveryChannel: String? {
+                self.deliveryContext?.channel ?? self.lastChannel
+            }
+
+            var deliveryTo: String? {
+                self.deliveryContext?.to ?? self.lastTo
+            }
+        }
+        struct DeliveryContext: Decodable {
+            var channel: String?
+            var to: String?
         }
         struct SessionsListResult: Decodable {
             var sessions: [SessionRow]
@@ -2659,11 +2672,13 @@ extension NodeAppModel {
             let currentKey = self.mainSessionKey
             let sorted = decoded.sessions.sorted { ($0.updatedAt ?? 0) > ($1.updatedAt ?? 0) }
             let exactMatch = sorted.first { row in
-                row.key == currentKey && normalize(row.lastChannel) != nil && normalize(row.lastTo) != nil
+                row.key == currentKey
+                    && normalize(row.deliveryChannel) != nil
+                    && normalize(row.deliveryTo) != nil
             }
             let selected = exactMatch
-            let channel = normalize(selected?.lastChannel)
-            let to = normalize(selected?.lastTo)
+            let channel = normalize(selected?.deliveryChannel)
+            let to = normalize(selected?.deliveryTo)
 
             await MainActor.run {
                 self.shareDeliveryChannel = channel

apps/ios/fastlane/Fastfile

@@ -29,6 +29,14 @@ def clear_empty_env_var(key)
   ENV.delete(key) unless env_present?(ENV[key])
 end
 
+def screenshot_upload_requested?
+  ENV["DELIVER_SCREENSHOTS"] == "1"
+end
+
+def screenshot_paths
+  Dir[File.join(__dir__, "screenshots", "**", "*.png")]
+end
+
 def maybe_decode_hex_keychain_secret(value)
   return value unless env_present?(value)
 
@@ -314,6 +322,7 @@ platform :ios do
   desc "Upload App Store metadata (and optionally screenshots)"
   lane :metadata do
     sync_ios_versioning!
+    version_metadata = read_ios_version_metadata
     api_key = asc_api_key
     clear_empty_env_var("APP_STORE_CONNECT_API_KEY_PATH")
     app_identifier = ENV["ASC_APP_IDENTIFIER"]
@@ -321,11 +330,21 @@ platform :ios do
     app_identifier = nil unless env_present?(app_identifier)
     app_id = nil unless env_present?(app_id)
 
+    if screenshot_upload_requested? && screenshot_paths.empty?
+      UI.user_error!("DELIVER_SCREENSHOTS=1 but no PNG screenshots were found under apps/ios/fastlane/screenshots.")
+    end
+
     deliver_options = {
       api_key: api_key,
       force: true,
-      skip_screenshots: ENV["DELIVER_SCREENSHOTS"] != "1",
+      app_version: version_metadata[:short_version],
+      copyright: "2026 OpenClaw",
+      primary_category: "PRODUCTIVITY",
+      secondary_category: "UTILITIES",
+      skip_screenshots: !screenshot_upload_requested?,
       skip_metadata: ENV["DELIVER_METADATA"] != "1",
+      skip_binary_upload: true,
+      overwrite_screenshots: screenshot_upload_requested?,
       run_precheck_before_submit: false
     }
     deliver_options[:app_identifier] = app_identifier if app_identifier

apps/ios/fastlane/metadata/en-US/description.txt

@@ -1,18 +1,19 @@
 OpenClaw is a personal AI assistant you run on your own devices.
 
-Pair this iPhone app with your OpenClaw Gateway to connect your phone as a secure node for voice, camera, and device automation.
+Pair this iPhone app with your OpenClaw Gateway to use your phone as a secure node for chat, voice, approvals, sharing, and device-aware automation.
 
 What you can do:
+- Pair with your private OpenClaw Gateway by QR code or setup code
 - Chat with your assistant from iPhone
-- Use voice wake and push-to-talk
-- Capture photos and short clips on request
-- Record screen snippets for troubleshooting and workflows
+- Use realtime Talk mode and push-to-talk
+- Review Gateway action approvals from your phone
 - Share text, links, and media directly from iOS into OpenClaw
-- Run location-aware and device-aware automations
+- Enable device capabilities such as camera, screen, location, photos, contacts, calendar, and reminders when you choose
+- Receive push wakes and node status updates for connected workflows
 
-OpenClaw is local-first: you control your gateway, keys, and configuration.
+OpenClaw is local-first: you control your gateway, keys, configuration, and permissions. Device access is managed by iOS permissions and can be enabled only for the capabilities you want to use.
 
 Getting started:
 1) Set up your OpenClaw Gateway
 2) Open the iOS app and pair with your gateway
-3) Start using commands and automations from your phone
+3) Start using chat, Talk mode, approvals, and automations from your phone

apps/ios/fastlane/metadata/en-US/keywords.txt

@@ -1 +1 @@
-openclaw,ai assistant,local ai,voice assistant,automation,gateway,chat,agent,node
+openclaw,ai assistant,local ai,iphone ai,voice assistant,automation,gateway,chat,agent

apps/ios/fastlane/metadata/en-US/promotional_text.txt

@@ -1 +1 @@
-Run OpenClaw from your iPhone: pair with your own gateway, trigger automations, and use voice, camera, and share actions.
+Pair your iPhone with your OpenClaw Gateway for chat, realtime voice, approvals, device capabilities, and private automation.

apps/ios/fastlane/metadata/en-US/release_notes.txt

@@ -1,3 +1,5 @@
 Maintenance update for the current OpenClaw release.
 
 - Added hosted push relay defaults, realtime Talk playback, and safer WebSocket ping handling for mobile sessions.
+- Updated App Store screenshots to cover Gateway pairing, Command, Chat, Talk, Agent, and Settings flows.
+- Highlighted realtime Talk relay, Gateway connection status, node capabilities, push wake, and privacy controls.

apps/macos/Sources/OpenClaw/Constants.swift

@@ -44,6 +44,5 @@ let deepLinkKeyKey = "openclaw.deepLinkKey"
 let cliInstallPromptedVersionKey = "openclaw.cliInstallPromptedVersion"
 let heartbeatsEnabledKey = "openclaw.heartbeatsEnabled"
 let debugPaneEnabledKey = "openclaw.debugPaneEnabled"
-let debugFileLogEnabledKey = "openclaw.debug.fileLogEnabled"
 let appLogLevelKey = "openclaw.debug.appLogLevel"
 let voiceWakeSupported: Bool = ProcessInfo.processInfo.operatingSystemVersion.majorVersion >= 26

apps/macos/Sources/OpenClaw/CronJobsStore.swift

@@ -14,7 +14,7 @@ final class CronJobsStore {
     var runEntries: [CronRunLogEntry] = []
 
     var schedulerEnabled: Bool?
-    var schedulerStorePath: String?
+    var schedulerStoreKey: String?
     var schedulerNextWakeAtMs: Int?
 
     var isLoadingJobs = false
@@ -72,7 +72,7 @@ final class CronJobsStore {
         do {
             if let status = try? await GatewayConnection.shared.cronStatus() {
                 self.schedulerEnabled = status.enabled
-                self.schedulerStorePath = status.storePath
+                self.schedulerStoreKey = status.storeKey
                 self.schedulerNextWakeAtMs = status.nextWakeAtMs
             }
             self.jobs = try await GatewayConnection.shared.cronList(includeDisabled: true)

apps/macos/Sources/OpenClaw/CronSettings+Layout.swift

@@ -81,8 +81,8 @@ extension CronSettings {
                         .font(.footnote)
                         .foregroundStyle(.secondary)
                         .fixedSize(horizontal: false, vertical: true)
-                    if let storePath = self.store.schedulerStorePath, !storePath.isEmpty {
-                        Text(storePath)
+                    if let storeKey = self.store.schedulerStoreKey, !storeKey.isEmpty {
+                        Text(storeKey)
                             .font(.caption.monospaced())
                             .foregroundStyle(.secondary)
                             .textSelection(.enabled)

apps/macos/Sources/OpenClaw/CronSettings+Testing.swift

@@ -57,7 +57,7 @@ extension CronSettings {
     static func exerciseForTesting() {
         let store = CronJobsStore(isPreview: true)
         store.schedulerEnabled = false
-        store.schedulerStorePath = "/tmp/openclaw-cron-store.json"
+        store.schedulerStoreKey = "default"
 
         let job = CronJob(
             id: "job-1",

apps/macos/Sources/OpenClaw/DebugActions.swift

@@ -43,15 +43,15 @@ enum DebugActions {
     }
 
     @MainActor
-    static func openSessionStore() {
+    static func openSessionDatabase() {
         if AppStateStore.shared.connectionMode == .remote {
             let alert = NSAlert()
             alert.messageText = "Remote mode"
-            alert.informativeText = "Session store lives on the gateway host in remote mode."
+            alert.informativeText = "Session database lives on the gateway host in remote mode."
             alert.runModal()
             return
         }
-        let path = self.resolveSessionStorePath()
+        let path = self.resolveSessionDatabasePath()
         let url = URL(fileURLWithPath: path)
         if FileManager().fileExists(atPath: path) {
             NSWorkspace.shared.activateFileViewerSelecting([url])
@@ -191,19 +191,8 @@ enum DebugActions {
     }
 
     @MainActor
-    private static func resolveSessionStorePath() -> String {
-        let defaultPath = SessionLoader.defaultStorePath
-        let configURL = OpenClawPaths.configURL
-        guard
-            let data = try? Data(contentsOf: configURL),
-            let parsed = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
-            let session = parsed["session"] as? [String: Any],
-            let path = session["store"] as? String,
-            !path.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-        else {
-            return defaultPath
-        }
-        return path
+    private static func resolveSessionDatabasePath() -> String {
+        SessionLoader.defaultDatabasePath
     }
 
     // MARK: - Sessions (thinking / verbose)
@@ -244,8 +233,8 @@ enum DebugActions {
     }
 
     @MainActor
-    static func openSessionStoreInCode() {
-        let path = SessionLoader.defaultStorePath
+    static func openSessionDatabaseInCode() {
+        let path = SessionLoader.defaultDatabasePath
         let proc = Process()
         proc.launchPath = "/usr/bin/env"
         proc.arguments = ["code", path]

apps/macos/Sources/OpenClaw/DebugSettings.swift

@@ -13,8 +13,7 @@ struct DebugSettings: View {
     @State private var launchAgentWriteDisabled = GatewayLaunchAgentManager.isLaunchAgentWriteDisabled()
     @State private var launchAgentWriteError: String?
     @State private var gatewayRootInput: String = GatewayProcessManager.shared.projectRootPath()
-    @State private var sessionStorePath: String = SessionLoader.defaultStorePath
-    @State private var sessionStoreSaveError: String?
+    @State private var sessionDatabasePath: String = SessionLoader.defaultDatabasePath
     @State private var debugSendInFlight = false
     @State private var debugSendStatus: String?
     @State private var debugSendError: String?
@@ -24,7 +23,6 @@ struct DebugSettings: View {
     @State private var tunnelResetInFlight = false
     @State private var tunnelResetStatus: String?
     @State private var pendingKill: DebugActions.PortListener?
-    @AppStorage(debugFileLogEnabledKey) private var diagnosticsFileLogEnabled: Bool = false
     @AppStorage(appLogLevelKey) private var appLogLevelRaw: String = AppLogLevel.default.rawValue
 
     @State private var canvasSessionKey: String = "main"
@@ -61,7 +59,7 @@ struct DebugSettings: View {
         }
         .task {
             guard !self.isPreview else { return }
-            self.loadSessionStorePath()
+            self.refreshSessionDatabasePath()
         }
         .alert(item: self.$pendingKill) { listener in
             Alert(
@@ -284,28 +282,10 @@ struct DebugSettings: View {
                         .labelsHidden()
                         .help("Controls the macOS app log verbosity.")
 
-                        Toggle("Write rolling diagnostics log (JSONL)", isOn: self.$diagnosticsFileLogEnabled)
-                            .toggleStyle(.checkbox)
-                            .help(
-                                "Writes a rotating, local-only log under ~/Library/Logs/OpenClaw/. " +
-                                    "Enable only while actively debugging.")
-
-                        HStack(spacing: 8) {
-                            Button("Open folder") {
-                                NSWorkspace.shared.open(DiagnosticsFileLog.logDirectoryURL())
-                            }
-                            .buttonStyle(.bordered)
-                            Button("Clear") {
-                                Task { try? await DiagnosticsFileLog.shared.clear() }
-                            }
-                            .buttonStyle(.bordered)
-                        }
-                        Text(DiagnosticsFileLog.logFileURL().path)
+                        Text("Use Console.app or `log stream` for macOS app logs.")
                             .font(.caption2.monospaced())
                             .foregroundStyle(.secondary)
                             .textSelection(.enabled)
-                            .lineLimit(1)
-                            .truncationMode(.middle)
                     }
                 }
             }
@@ -421,25 +401,17 @@ struct DebugSettings: View {
 
                 Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
                     GridRow {
-                        self.gridLabel("Session store")
+                        self.gridLabel("Session database")
                         VStack(alignment: .leading, spacing: 6) {
-                            HStack(spacing: 8) {
-                                TextField("Path", text: self.$sessionStorePath)
-                                    .textFieldStyle(.roundedBorder)
-                                    .font(.caption.monospaced())
-                                    .frame(width: 360)
-                                Button("Save") { self.saveSessionStorePath() }
-                                    .buttonStyle(.borderedProminent)
-                            }
-                            if let sessionStoreSaveError {
-                                Text(sessionStoreSaveError)
-                                    .font(.footnote)
-                                    .foregroundStyle(.secondary)
-                            } else {
-                                Text("Used by the CLI session loader; stored in ~/.openclaw/openclaw.json.")
-                                    .font(.footnote)
-                                    .foregroundStyle(.secondary)
-                            }
+                            Text(self.sessionDatabasePath)
+                                .font(.caption.monospaced())
+                                .foregroundStyle(.secondary)
+                                .lineLimit(2)
+                                .truncationMode(.middle)
+                                .textSelection(.enabled)
+                            Text("Runtime session state is stored in the per-agent SQLite database.")
+                                .font(.footnote)
+                                .foregroundStyle(.secondary)
                         }
                     }
                 }
@@ -710,31 +682,8 @@ struct DebugSettings: View {
         GatewayProcessManager.shared.setProjectRoot(path: self.gatewayRootInput)
     }
 
-    private func loadSessionStorePath() {
-        let parsed = OpenClawConfigFile.loadDict()
-        guard
-            let session = parsed["session"] as? [String: Any],
-            let path = session["store"] as? String
-        else {
-            self.sessionStorePath = SessionLoader.defaultStorePath
-            return
-        }
-        self.sessionStorePath = path
-    }
-
-    private func saveSessionStorePath() {
-        let trimmed = self.sessionStorePath.trimmingCharacters(in: .whitespacesAndNewlines)
-        var root = OpenClawConfigFile.loadDict()
-
-        var session = root["session"] as? [String: Any] ?? [:]
-        session["store"] = trimmed.isEmpty ? SessionLoader.defaultStorePath : trimmed
-        root["session"] = session
-
-        guard OpenClawConfigFile.saveDict(root) else {
-            self.sessionStoreSaveError = "Config write rejected to protect gateway auth/mode."
-            return
-        }
-        self.sessionStoreSaveError = nil
+    private func refreshSessionDatabasePath() {
+        self.sessionDatabasePath = SessionLoader.defaultDatabasePath
     }
 
     private var bindingOverride: Binding<String> {
@@ -971,8 +920,7 @@ extension DebugSettings {
     static func exerciseForTesting() async {
         let view = DebugSettings(state: .preview)
         view.gatewayRootInput = "/tmp/openclaw"
-        view.sessionStorePath = "/tmp/sessions.json"
-        view.sessionStoreSaveError = "Save failed"
+        view.sessionDatabasePath = "/tmp/openclaw-agent.sqlite"
         view.debugSendInFlight = true
         view.debugSendStatus = "Sent"
         view.debugSendError = "Failed"
@@ -1011,7 +959,7 @@ extension DebugSettings {
         _ = view.experimentsSection
         _ = view.gridLabel("Test")
 
-        view.loadSessionStorePath()
+        view.refreshSessionDatabasePath()
     }
 }
 #endif

apps/macos/Sources/OpenClaw/DiagnosticsFileLog.swift

@@ -1,133 +0,0 @@
-import Foundation
-
-actor DiagnosticsFileLog {
-    static let shared = DiagnosticsFileLog()
-
-    private let fileName = "diagnostics.jsonl"
-    private let maxBytes: Int64 = 5 * 1024 * 1024
-    private let maxBackups = 5
-
-    struct Record: Codable {
-        let ts: String
-        let pid: Int32
-        let category: String
-        let event: String
-        let fields: [String: String]?
-    }
-
-    nonisolated static func isEnabled() -> Bool {
-        UserDefaults.standard.bool(forKey: debugFileLogEnabledKey)
-    }
-
-    nonisolated static func logDirectoryURL() -> URL {
-        let library = FileManager().urls(for: .libraryDirectory, in: .userDomainMask).first
-            ?? FileManager().homeDirectoryForCurrentUser.appendingPathComponent("Library", isDirectory: true)
-        return library
-            .appendingPathComponent("Logs", isDirectory: true)
-            .appendingPathComponent("OpenClaw", isDirectory: true)
-    }
-
-    nonisolated static func logFileURL() -> URL {
-        self.logDirectoryURL().appendingPathComponent("diagnostics.jsonl", isDirectory: false)
-    }
-
-    nonisolated func log(category: String, event: String, fields: [String: String]? = nil) {
-        guard Self.isEnabled() else { return }
-        let record = Record(
-            ts: ISO8601DateFormatter().string(from: Date()),
-            pid: ProcessInfo.processInfo.processIdentifier,
-            category: category,
-            event: event,
-            fields: fields)
-        Task { await self.write(record: record) }
-    }
-
-    func clear() throws {
-        let fm = FileManager()
-        let base = Self.logFileURL()
-        if fm.fileExists(atPath: base.path) {
-            try fm.removeItem(at: base)
-        }
-        for idx in 1...self.maxBackups {
-            let url = self.rotatedURL(index: idx)
-            if fm.fileExists(atPath: url.path) {
-                try fm.removeItem(at: url)
-            }
-        }
-    }
-
-    private func write(record: Record) {
-        do {
-            try self.ensureDirectory()
-            try self.rotateIfNeeded()
-            try self.append(record: record)
-        } catch {
-            // Best-effort only: never crash or block the app on logging.
-        }
-    }
-
-    private func ensureDirectory() throws {
-        try FileManager().createDirectory(
-            at: Self.logDirectoryURL(),
-            withIntermediateDirectories: true)
-    }
-
-    private func append(record: Record) throws {
-        let url = Self.logFileURL()
-        let data = try JSONEncoder().encode(record)
-        var line = Data()
-        line.append(data)
-        line.append(0x0A) // newline
-
-        let fm = FileManager()
-        if !fm.fileExists(atPath: url.path) {
-            fm.createFile(atPath: url.path, contents: nil)
-        }
-
-        let handle = try FileHandle(forWritingTo: url)
-        defer { try? handle.close() }
-        try handle.seekToEnd()
-        try handle.write(contentsOf: line)
-    }
-
-    private func rotateIfNeeded() throws {
-        let url = Self.logFileURL()
-        guard let attrs = try? FileManager().attributesOfItem(atPath: url.path),
-              let size = attrs[.size] as? NSNumber
-        else { return }
-
-        if size.int64Value < self.maxBytes { return }
-
-        let fm = FileManager()
-
-        let oldest = self.rotatedURL(index: self.maxBackups)
-        if fm.fileExists(atPath: oldest.path) {
-            try fm.removeItem(at: oldest)
-        }
-
-        if self.maxBackups > 1 {
-            for idx in stride(from: self.maxBackups - 1, through: 1, by: -1) {
-                let src = self.rotatedURL(index: idx)
-                let dst = self.rotatedURL(index: idx + 1)
-                if fm.fileExists(atPath: src.path) {
-                    if fm.fileExists(atPath: dst.path) {
-                        try fm.removeItem(at: dst)
-                    }
-                    try fm.moveItem(at: src, to: dst)
-                }
-            }
-        }
-
-        let first = self.rotatedURL(index: 1)
-        if fm.fileExists(atPath: first.path) {
-            try fm.removeItem(at: first)
-        }
-        if fm.fileExists(atPath: url.path) {
-            try fm.moveItem(at: url, to: first)
-        }
-    }
-
-    private func rotatedURL(index: Int) -> URL {
-        Self.logDirectoryURL().appendingPathComponent("\(self.fileName).\(index)", isDirectory: false)
-    }
-}

apps/macos/Sources/OpenClaw/ExecApprovals.swift

@@ -226,17 +226,20 @@ enum ExecApprovalsStore {
     private static let defaultAsk: ExecAsk = .onMiss
     private static let defaultAskFallback: ExecSecurity = .deny
     private static let defaultAutoAllowSkills = false
-    private static let secureStateDirPermissions = 0o700
-    private static let fileLock = NSRecursiveLock()
+    private static let storeLock = NSRecursiveLock()
 
-    private static func withFileLock<T>(_ body: () throws -> T) rethrows -> T {
-        self.fileLock.lock()
-        defer { self.fileLock.unlock() }
+    private static func withStoreLock<T>(_ body: () throws -> T) rethrows -> T {
+        self.storeLock.lock()
+        defer { self.storeLock.unlock() }
         return try body()
     }
 
-    static func fileURL() -> URL {
-        OpenClawPaths.stateDirURL.appendingPathComponent("exec-approvals.json")
+    static func databaseURL() -> URL {
+        ExecApprovalsSQLiteStateStore.databaseURL()
+    }
+
+    static func storeLocationForDisplay() -> String {
+        ExecApprovalsSQLiteStateStore.storeLocationForDisplay()
     }
 
     static func socketPath() -> String {
@@ -277,30 +280,13 @@ enum ExecApprovalsStore {
     }
 
     static func readSnapshot() -> ExecApprovalsSnapshot {
-        self.withFileLock {
-            let url = self.fileURL()
-            guard FileManager().fileExists(atPath: url.path) else {
-                return ExecApprovalsSnapshot(
-                    path: url.path,
-                    exists: false,
-                    hash: self.hashRaw(nil),
-                    file: ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:]))
-            }
-            let raw = try? String(contentsOf: url, encoding: .utf8)
-            let data = raw.flatMap { $0.data(using: .utf8) }
-            let decoded: ExecApprovalsFile = {
-                if let data, let file = try? JSONDecoder().decode(ExecApprovalsFile.self, from: data),
-                   file.version == 1
-                {
-                    return file
-                }
-                return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
-            }()
+        self.withStoreLock {
+            let raw = ExecApprovalsSQLiteStateStore.readRawState()
             return ExecApprovalsSnapshot(
-                path: url.path,
-                exists: true,
+                path: self.storeLocationForDisplay(),
+                exists: raw != nil,
                 hash: self.hashRaw(raw),
-                file: decoded)
+                file: self.parseRawState(raw))
         }
     }
 
@@ -320,54 +306,26 @@ enum ExecApprovalsStore {
             agents: file.agents)
     }
 
-    static func loadFile() -> ExecApprovalsFile {
-        self.withFileLock {
-            let url = self.fileURL()
-            guard FileManager().fileExists(atPath: url.path) else {
-                return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
-            }
-            do {
-                let data = try Data(contentsOf: url)
-                let decoded = try JSONDecoder().decode(ExecApprovalsFile.self, from: data)
-                if decoded.version != 1 {
-                    return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
-                }
-                return decoded
-            } catch {
-                self.logger.warning("exec approvals load failed: \(error.localizedDescription, privacy: .public)")
-                return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
-            }
+    static func loadState() -> ExecApprovalsFile {
+        self.withStoreLock {
+            self.parseRawState(ExecApprovalsSQLiteStateStore.readRawState())
         }
     }
 
-    static func saveFile(_ file: ExecApprovalsFile) {
-        self.withFileLock {
+    static func saveState(_ file: ExecApprovalsFile) {
+        self.withStoreLock {
             do {
-                let encoder = JSONEncoder()
-                encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
-                let data = try encoder.encode(file)
-                let url = self.fileURL()
-                self.ensureSecureStateDirectory()
-                try FileManager().createDirectory(
-                    at: url.deletingLastPathComponent(),
-                    withIntermediateDirectories: true)
-                try data.write(to: url, options: [.atomic])
-                try? FileManager().setAttributes([.posixPermissions: 0o600], ofItemAtPath: url.path)
+                try ExecApprovalsSQLiteStateStore.writeRawState(self.encodeRawState(file))
             } catch {
                 self.logger.error("exec approvals save failed: \(error.localizedDescription, privacy: .public)")
             }
         }
     }
 
-    static func ensureFile() -> ExecApprovalsFile {
-        self.withFileLock {
-            self.ensureSecureStateDirectory()
-            let url = self.fileURL()
-            let existed = FileManager().fileExists(atPath: url.path)
-            let loaded = self.loadFile()
-            let loadedHash = self.hashFile(loaded)
-
-            var file = self.normalizeIncoming(loaded)
+    static func ensureState() -> ExecApprovalsFile {
+        self.withStoreLock {
+            let snapshot = self.readSnapshot()
+            var file = self.normalizeIncoming(snapshot.file)
             if file.socket == nil { file.socket = ExecApprovalsSocketConfig(path: nil, token: nil) }
             let path = file.socket?.path?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
             if path.isEmpty {
@@ -378,26 +336,26 @@ enum ExecApprovalsStore {
                 file.socket?.token = self.generateToken()
             }
             if file.agents == nil { file.agents = [:] }
-            if !existed || loadedHash != self.hashFile(file) {
-                self.saveFile(file)
+            if !snapshot.exists || snapshot.hash != self.hashRaw(self.encodeRawState(file)) {
+                self.saveState(file)
             }
             return file
         }
     }
 
     static func resolve(agentId: String?) -> ExecApprovalsResolved {
-        let file = self.ensureFile()
-        return self.resolveFromFile(file, agentId: agentId)
+        let file = self.ensureState()
+        return self.resolveFromState(file, agentId: agentId)
     }
 
-    /// Read-only resolve: loads file without writing (no ensureFile side effects).
+    /// Read-only resolve: loads SQLite state without writing missing defaults.
     /// Safe to call from background threads / off MainActor.
     static func resolveReadOnly(agentId: String?) -> ExecApprovalsResolved {
-        let file = self.loadFile()
-        return self.resolveFromFile(file, agentId: agentId)
+        let file = self.loadState()
+        return self.resolveFromState(file, agentId: agentId)
     }
 
-    private static func resolveFromFile(_ file: ExecApprovalsFile, agentId: String?) -> ExecApprovalsResolved {
+    private static func resolveFromState(_ file: ExecApprovalsFile, agentId: String?) -> ExecApprovalsResolved {
         let defaults = file.defaults ?? ExecApprovalsDefaults()
         let resolvedDefaults = ExecApprovalsResolvedDefaults(
             security: defaults.security ?? self.defaultSecurity,
@@ -420,7 +378,7 @@ enum ExecApprovalsStore {
         let socketPath = self.expandPath(file.socket?.path ?? self.socketPath())
         let token = file.socket?.token ?? ""
         return ExecApprovalsResolved(
-            url: self.fileURL(),
+            url: self.databaseURL(),
             socketPath: socketPath,
             token: token,
             defaults: resolvedDefaults,
@@ -430,7 +388,7 @@ enum ExecApprovalsStore {
     }
 
     static func resolveDefaults() -> ExecApprovalsResolvedDefaults {
-        let file = self.ensureFile()
+        let file = self.ensureState()
         let defaults = file.defaults ?? ExecApprovalsDefaults()
         return ExecApprovalsResolvedDefaults(
             security: defaults.security ?? self.defaultSecurity,
@@ -440,13 +398,13 @@ enum ExecApprovalsStore {
     }
 
     static func saveDefaults(_ defaults: ExecApprovalsDefaults) {
-        self.updateFile { file in
+        self.updateState { file in
             file.defaults = defaults
         }
     }
 
     static func updateDefaults(_ mutate: (inout ExecApprovalsDefaults) -> Void) {
-        self.updateFile { file in
+        self.updateState { file in
             var defaults = file.defaults ?? ExecApprovalsDefaults()
             mutate(&defaults)
             file.defaults = defaults
@@ -454,7 +412,7 @@ enum ExecApprovalsStore {
     }
 
     static func saveAgent(_ agent: ExecApprovalsAgent, agentId: String?) {
-        self.updateFile { file in
+        self.updateState { file in
             var agents = file.agents ?? [:]
             let key = self.agentKey(agentId)
             if agent.isEmpty {
@@ -476,7 +434,7 @@ enum ExecApprovalsStore {
             return reason
         }
 
-        self.updateFile { file in
+        self.updateState { file in
             let key = self.agentKey(agentId)
             var agents = file.agents ?? [:]
             var entry = agents[key] ?? ExecApprovalsAgent()
@@ -498,7 +456,7 @@ enum ExecApprovalsStore {
         command: String,
         resolvedPath: String?)
     {
-        self.updateFile { file in
+        self.updateState { file in
             let key = self.agentKey(agentId)
             var agents = file.agents ?? [:]
             var entry = agents[key] ?? ExecApprovalsAgent()
@@ -520,7 +478,7 @@ enum ExecApprovalsStore {
     @discardableResult
     static func updateAllowlist(agentId: String?, allowlist: [ExecAllowlistEntry]) -> [ExecAllowlistRejectedEntry] {
         var rejected: [ExecAllowlistRejectedEntry] = []
-        self.updateFile { file in
+        self.updateState { file in
             let key = self.agentKey(agentId)
             var agents = file.agents ?? [:]
             var entry = agents[key] ?? ExecApprovalsAgent()
@@ -535,7 +493,7 @@ enum ExecApprovalsStore {
     }
 
     static func updateAgentSettings(agentId: String?, mutate: (inout ExecApprovalsAgent) -> Void) {
-        self.updateFile { file in
+        self.updateState { file in
             let key = self.agentKey(agentId)
             var agents = file.agents ?? [:]
             var entry = agents[key] ?? ExecApprovalsAgent()
@@ -549,28 +507,35 @@ enum ExecApprovalsStore {
         }
     }
 
-    private static func updateFile(_ mutate: (inout ExecApprovalsFile) -> Void) {
-        self.withFileLock {
-            var file = self.ensureFile()
+    private static func updateState(_ mutate: (inout ExecApprovalsFile) -> Void) {
+        self.withStoreLock {
+            var file = self.ensureState()
             mutate(&file)
-            self.saveFile(file)
+            self.saveState(file)
         }
     }
 
-    private static func ensureSecureStateDirectory() {
-        let url = OpenClawPaths.stateDirURL
-        do {
-            try FileManager().createDirectory(at: url, withIntermediateDirectories: true)
-            try FileManager().setAttributes(
-                [.posixPermissions: self.secureStateDirPermissions],
-                ofItemAtPath: url.path)
-        } catch {
-            let message =
-                "exec approvals state dir permission hardening failed: \(error.localizedDescription)"
-            self.logger
-                .warning(
-                    "\(message, privacy: .public)")
+    private static func parseRawState(_ raw: String?) -> ExecApprovalsFile {
+        guard let data = raw?.data(using: .utf8) else {
+            return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
         }
+        do {
+            let decoded = try JSONDecoder().decode(ExecApprovalsFile.self, from: data)
+            guard decoded.version == 1 else {
+                return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
+            }
+            return decoded
+        } catch {
+            self.logger.warning("exec approvals load failed: \(error.localizedDescription, privacy: .public)")
+            return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
+        }
+    }
+
+    private static func encodeRawState(_ file: ExecApprovalsFile) -> String {
+        let encoder = JSONEncoder()
+        encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
+        let data = (try? encoder.encode(file)) ?? Data()
+        return (String(data: data, encoding: .utf8) ?? "{}") + "\n"
     }
 
     private static func generateToken() -> String {
@@ -592,14 +557,6 @@ enum ExecApprovalsStore {
         return digest.map { String(format: "%02x", $0) }.joined()
     }
 
-    private static func hashFile(_ file: ExecApprovalsFile) -> String {
-        let encoder = JSONEncoder()
-        encoder.outputFormatting = [.sortedKeys]
-        let data = (try? encoder.encode(file)) ?? Data()
-        let digest = SHA256.hash(data: data)
-        return digest.map { String(format: "%02x", $0) }.joined()
-    }
-
     private static func expandPath(_ raw: String) -> String {
         let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
         if trimmed == "~" {

apps/macos/Sources/OpenClaw/ExecApprovalsSQLiteStateStore.swift

@@ -0,0 +1,62 @@
+import Foundation
+import OpenClawKit
+
+enum ExecApprovalsSQLiteStateStore {
+    private static let configKey = "current"
+
+    static func databaseURL() -> URL {
+        OpenClawSQLiteStateStore.databaseURL()
+    }
+
+    static func storeLocationForDisplay() -> String {
+        OpenClawSQLiteStateStore.execApprovalsLocationForDisplay(configKey: self.configKey)
+    }
+
+    static func readRawState() -> String? {
+        if let raw = OpenClawSQLiteStateStore.readExecApprovalsRaw(configKey: self.configKey) {
+            return raw
+        }
+        guard let raw = try? String(contentsOf: self.legacyURL(), encoding: .utf8) else {
+            return nil
+        }
+        do {
+            try self.writeRawState(raw)
+            try? FileManager.default.removeItem(at: self.legacyURL())
+        } catch {
+            return raw
+        }
+        return raw
+    }
+
+    static func writeRawState(_ raw: String) throws {
+        let file = self.parse(raw)
+        let agents = file.agents.map { Array($0.values) } ?? []
+        let allowlistCount = agents.reduce(0) { count, agent in
+            count + (agent.allowlist?.count ?? 0)
+        }
+        try OpenClawSQLiteStateStore.writeExecApprovalsConfig(
+            configKey: self.configKey,
+            rawJSON: raw,
+            socketPath: file.socket?.path,
+            hasSocketToken: !(file.socket?.token?.isEmpty ?? true),
+            defaultSecurity: file.defaults?.security?.rawValue,
+            defaultAsk: file.defaults?.ask?.rawValue,
+            defaultAskFallback: file.defaults?.askFallback?.rawValue,
+            autoAllowSkills: file.defaults?.autoAllowSkills,
+            agentCount: agents.count,
+            allowlistCount: allowlistCount)
+    }
+
+    private static func parse(_ raw: String) -> ExecApprovalsFile {
+        guard let data = raw.data(using: .utf8),
+              let file = try? JSONDecoder().decode(ExecApprovalsFile.self, from: data)
+        else {
+            return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: nil)
+        }
+        return file
+    }
+
+    private static func legacyURL() -> URL {
+        OpenClawPaths.stateDirURL.appendingPathComponent("exec-approvals.json", isDirectory: false)
+    }
+}

apps/macos/Sources/OpenClaw/GatewayConnection.swift

@@ -766,7 +766,7 @@ extension GatewayConnection {
 
     struct CronSchedulerStatus: Decodable {
         let enabled: Bool
-        let storePath: String
+        let storeKey: String
         let jobs: Int
         let nextWakeAtMs: Int?
     }

apps/macos/Sources/OpenClaw/GeneralSettings.swift

@@ -708,7 +708,7 @@ struct GeneralSettings: View {
                 Text("\(linkLabel) auth age: \(healthAgeString(linkAge))")
                     .font(.caption)
                     .foregroundStyle(.secondary)
-                Text("Session store: \(snap.sessions.path) (\(snap.sessions.count) entries)")
+                Text("Session database: \(snap.sessions.databasePath) (\(snap.sessions.count) entries)")
                     .font(.caption)
                     .foregroundStyle(.secondary)
                 if let recent = snap.sessions.recent.first {

apps/macos/Sources/OpenClaw/HealthStore.swift

@@ -36,9 +36,37 @@ struct HealthSnapshot: Codable {
     }
 
     struct Sessions: Codable {
-        let path: String
+        let databasePath: String
         let count: Int
         let recent: [SessionInfo]
+
+        private enum CodingKeys: String, CodingKey {
+            case databasePath
+            case path
+            case count
+            case recent
+        }
+
+        init(databasePath: String, count: Int, recent: [SessionInfo]) {
+            self.databasePath = databasePath
+            self.count = count
+            self.recent = recent
+        }
+
+        init(from decoder: Decoder) throws {
+            let container = try decoder.container(keyedBy: CodingKeys.self)
+            self.databasePath = try container.decodeIfPresent(String.self, forKey: .databasePath)
+                ?? container.decode(String.self, forKey: .path)
+            self.count = try container.decode(Int.self, forKey: .count)
+            self.recent = try container.decode([SessionInfo].self, forKey: .recent)
+        }
+
+        func encode(to encoder: Encoder) throws {
+            var container = encoder.container(keyedBy: CodingKeys.self)
+            try container.encode(self.databasePath, forKey: .databasePath)
+            try container.encode(self.count, forKey: .count)
+            try container.encode(self.recent, forKey: .recent)
+        }
     }
 
     let ok: Bool?

apps/macos/Sources/OpenClaw/Logging/OpenClawLogging.swift

@@ -20,10 +20,6 @@ enum AppLogSettings {
     static func setLogLevel(_ level: Logger.Level) {
         UserDefaults.standard.set(level.rawValue, forKey: self.logLevelKey)
     }
-
-    static func fileLoggingEnabled() -> Bool {
-        UserDefaults.standard.bool(forKey: debugFileLogEnabledKey)
-    }
 }
 
 enum AppLogLevel: String, CaseIterable, Identifiable {
@@ -60,9 +56,7 @@ enum OpenClawLogging {
     private static let didBootstrap: Void = {
         LoggingSystem.bootstrap { label in
             let (subsystem, category) = Self.parseLabel(label)
-            let osHandler = OpenClawOSLogHandler(subsystem: subsystem, category: category)
-            let fileHandler = OpenClawFileLogHandler(label: label)
-            return MultiplexLogHandler([osHandler, fileHandler])
+            return OpenClawOSLogHandler(subsystem: subsystem, category: category)
         }
     }()
 
@@ -193,65 +187,3 @@ struct OpenClawOSLogHandler: AppLogLevelBackedHandler {
         return "\(message.description) [\(meta)]"
     }
 }
-
-struct OpenClawFileLogHandler: AppLogLevelBackedHandler {
-    let label: String
-    var metadata: Logger.Metadata = [:]
-
-    func log(event: LogEvent) {
-        self.writeLog(
-            level: event.level,
-            message: event.message,
-            metadata: event.metadata,
-            source: event.source,
-            file: event.file,
-            function: event.function,
-            line: event.line)
-    }
-
-    func log(
-        level: Logger.Level,
-        message: Logger.Message,
-        metadata: Logger.Metadata?,
-        source: String,
-        file: String,
-        function: String,
-        line: UInt)
-    {
-        self.writeLog(
-            level: level,
-            message: message,
-            metadata: metadata,
-            source: source,
-            file: file,
-            function: function,
-            line: line)
-    }
-
-    private func writeLog(
-        level: Logger.Level,
-        message: Logger.Message,
-        metadata: Logger.Metadata?,
-        source: String,
-        file: String,
-        function: String,
-        line: UInt)
-    {
-        guard AppLogSettings.fileLoggingEnabled() else { return }
-        let (subsystem, category) = OpenClawLogging.parseLabel(self.label)
-        var fields: [String: String] = [
-            "subsystem": subsystem,
-            "category": category,
-            "level": level.rawValue,
-            "source": source,
-            "file": file,
-            "function": function,
-            "line": "\(line)",
-        ]
-        let merged = self.metadata.merging(metadata ?? [:], uniquingKeysWith: { _, new in new })
-        for (key, value) in merged {
-            fields["meta.\(key)"] = stringifyLogMetadataValue(value)
-        }
-        DiagnosticsFileLog.shared.log(category: category, event: message.description, fields: fields)
-    }
-}

apps/macos/Sources/OpenClaw/MenuContentView.swift

@@ -25,7 +25,6 @@ struct MenuContent: View {
     @State private var browserControlEnabled = true
     @AppStorage(cameraEnabledKey) private var cameraEnabled: Bool = false
     @AppStorage(appLogLevelKey) private var appLogLevelRaw: String = AppLogLevel.default.rawValue
-    @AppStorage(debugFileLogEnabledKey) private var appFileLoggingEnabled: Bool = false
 
     init(state: AppState, updater: UpdaterProviding?) {
         self._state = Bindable(wrappedValue: state)
@@ -258,20 +257,13 @@ struct MenuContent: View {
                             Text(level.title).tag(level.rawValue)
                         }
                     }
-                    Toggle(isOn: self.$appFileLoggingEnabled) {
-                        Label(
-                            self.appFileLoggingEnabled
-                                ? "File Logging: On"
-                                : "File Logging: Off",
-                            systemImage: "doc.text.magnifyingglass")
-                    }
                 } label: {
                     Label("App Logging", systemImage: "doc.text")
                 }
                 Button {
-                    DebugActions.openSessionStore()
+                    DebugActions.openSessionDatabase()
                 } label: {
-                    Label("Open Session Store", systemImage: "externaldrive")
+                    Label("Open Session Database", systemImage: "externaldrive")
                 }
                 Divider()
                 Button {

apps/macos/Sources/OpenClaw/MenuSessionsInjector.swift

@@ -335,7 +335,7 @@ extension MenuSessionsInjector {
                     item.tag = self.tag
                     item.isEnabled = true
                     item.representedObject = row.key
-                    item.submenu = self.buildSubmenu(for: row, storePath: snapshot.storePath)
+                    item.submenu = self.buildSubmenu(for: row)
                     item.view = self.makeHostedView(
                         rootView: AnyView(SessionMenuLabelView(row: row, width: width)),
                         width: width,
@@ -841,7 +841,7 @@ extension MenuSessionsInjector {
 extension MenuSessionsInjector {
     // MARK: - Submenus
 
-    private func buildSubmenu(for row: SessionRow, storePath: String) -> NSMenu {
+    private func buildSubmenu(for row: SessionRow) -> NSMenu {
         let menu = NSMenu()
         let width = self.submenuWidth()
 
@@ -865,24 +865,6 @@ extension MenuSessionsInjector {
         verbose.submenu = self.buildVerboseMenu(for: row)
         menu.addItem(verbose)
 
-        if AppStateStore.shared.debugPaneEnabled,
-           AppStateStore.shared.connectionMode == .local,
-           let sessionId = row.sessionId,
-           !sessionId.isEmpty
-        {
-            menu.addItem(NSMenuItem.separator())
-            let openLog = NSMenuItem(
-                title: "Open Session Log",
-                action: #selector(self.openSessionLog(_:)),
-                keyEquivalent: "")
-            openLog.target = self
-            openLog.representedObject = [
-                "sessionId": sessionId,
-                "storePath": storePath,
-            ]
-            menu.addItem(openLog)
-        }
-
         menu.addItem(NSMenuItem.separator())
 
         let reset = NSMenuItem(title: "Reset Session", action: #selector(self.resetSession(_:)), keyEquivalent: "")
@@ -1091,15 +1073,6 @@ extension MenuSessionsInjector {
         }
     }
 
-    @objc
-    private func openSessionLog(_ sender: NSMenuItem) {
-        guard let dict = sender.representedObject as? [String: String],
-              let sessionId = dict["sessionId"],
-              let storePath = dict["storePath"]
-        else { return }
-        SessionActions.openSessionLogInCode(sessionId: sessionId, storePath: storePath)
-    }
-
     @objc
     private func resetSession(_ sender: NSMenuItem) {
         guard let key = sender.representedObject as? String else { return }

apps/macos/Sources/OpenClaw/NodeMode/MacNodeRuntime.swift

@@ -817,7 +817,7 @@ actor MacNodeRuntime {
     }
 
     private func handleSystemExecApprovalsGet(_ req: BridgeInvokeRequest) async throws -> BridgeInvokeResponse {
-        _ = ExecApprovalsStore.ensureFile()
+        _ = ExecApprovalsStore.ensureState()
         let snapshot = ExecApprovalsStore.readSnapshot()
         let redacted = ExecApprovalsSnapshot(
             path: snapshot.path,
@@ -835,7 +835,7 @@ actor MacNodeRuntime {
         }
 
         let params = try Self.decodeParams(SetParams.self, from: req.paramsJSON)
-        let current = ExecApprovalsStore.ensureFile()
+        let current = ExecApprovalsStore.ensureState()
         let snapshot = ExecApprovalsStore.readSnapshot()
         if snapshot.exists {
             if snapshot.hash.isEmpty {
@@ -871,7 +871,7 @@ actor MacNodeRuntime {
             : current.socket?.token?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
         normalized.socket = ExecApprovalsSocketConfig(path: resolvedPath, token: resolvedToken)
 
-        ExecApprovalsStore.saveFile(normalized)
+        ExecApprovalsStore.saveState(normalized)
         let nextSnapshot = ExecApprovalsStore.readSnapshot()
         let redacted = ExecApprovalsSnapshot(
             path: nextSnapshot.path,

apps/macos/Sources/OpenClaw/OnboardingView+Pages.swift

@@ -819,8 +819,8 @@ extension OnboardingView {
                     self.featureRow(
                         title: "Remote gateway checklist",
                         subtitle: """
-                        On your gateway host: install/update the `openclaw` package and make sure credentials exist
-                        (typically `~/.openclaw/credentials/oauth.json`). Then connect again if needed.
+                        On your gateway host: install/update the `openclaw` package and make sure credentials are present
+                        in the OpenClaw SQLite state database. Then connect again if needed.
                         """,
                         systemImage: "network")
                     Divider()

apps/macos/Sources/OpenClaw/OpenClawConfigFile.swift

@@ -1,12 +1,13 @@
 import CryptoKit
 import Foundation
+import OpenClawKit
 import OpenClawProtocol
 
 enum OpenClawConfigFile {
     private static let logger = Logger(subsystem: "ai.openclaw", category: "config")
-    private static let configAuditFileName = "config-audit.jsonl"
-    private static let configHealthFileName = "config-health.json"
+    private static let legacyConfigHealthFileName = "config-health.json"
     private static let fileLock = NSRecursiveLock()
+    private nonisolated(unsafe) static var configHealthState: [String: Any] = [:]
 
     private static func withFileLock<T>(_ body: () throws -> T) rethrows -> T {
         self.fileLock.lock()
@@ -66,7 +67,6 @@ enum OpenClawConfigFile {
             let previousData = try? Data(contentsOf: url)
             let previousRoot = previousData.flatMap { self.parseConfigData($0) }
             let previousBytes = previousData?.count
-            let previousAttributes = try? FileManager().attributesOfItem(atPath: url.path)
             let hadMetaBefore = self.hasMeta(previousRoot)
             let gatewayModeBefore = self.gatewayMode(previousRoot)
 
@@ -97,88 +97,21 @@ enum OpenClawConfigFile {
                 }
                 let blocking = self.configWriteBlockingReasons(suspicious)
                 if !blocking.isEmpty {
-                    let rejectedPath = self.persistRejectedConfigWrite(data: data, configURL: url)
+                    _ = self.persistRejectedConfigWrite(data: data, configURL: url)
                     self.logger.warning("config write rejected (\(blocking.joined(separator: ", "))) at \(url.path)")
-                    self.appendConfigWriteAudit([
-                        "result": "rejected",
-                        "configPath": url.path,
-                        "existsBefore": previousData != nil,
-                        "previousBytes": previousBytes ?? NSNull(),
-                        "nextBytes": nextBytes,
-                        "previousDev": self.fileSystemNumber(previousAttributes?[.systemNumber]) ?? NSNull(),
-                        "nextDev": NSNull(),
-                        "previousIno": self.fileSystemNumber(previousAttributes?[.systemFileNumber]) ?? NSNull(),
-                        "nextIno": NSNull(),
-                        "previousMode": self.posixMode(previousAttributes?[.posixPermissions]) ?? NSNull(),
-                        "nextMode": NSNull(),
-                        "previousNlink": self.fileAttributeInt(previousAttributes?[.referenceCount]) ?? NSNull(),
-                        "nextNlink": NSNull(),
-                        "previousUid": self.fileAttributeInt(previousAttributes?[.ownerAccountID]) ?? NSNull(),
-                        "nextUid": NSNull(),
-                        "previousGid": self.fileAttributeInt(previousAttributes?[.groupOwnerAccountID]) ?? NSNull(),
-                        "nextGid": NSNull(),
-                        "hasMetaBefore": hadMetaBefore,
-                        "hasMetaAfter": self.hasMeta(output),
-                        "gatewayModeBefore": gatewayModeBefore ?? NSNull(),
-                        "gatewayModeAfter": gatewayModeAfter ?? NSNull(),
-                        "preservedGatewayAuth": preservedGatewayAuth,
-                        "suspicious": suspicious,
-                        "blocking": blocking,
-                        "rejectedPath": rejectedPath ?? NSNull(),
-                    ])
                     return false
                 }
                 try FileManager().createDirectory(
                     at: url.deletingLastPathComponent(),
                     withIntermediateDirectories: true)
                 try data.write(to: url, options: [.atomic])
-                let nextAttributes = try? FileManager().attributesOfItem(atPath: url.path)
                 if !suspicious.isEmpty {
                     self.logger.warning("config write anomaly (\(suspicious.joined(separator: ", "))) at \(url.path)")
                 }
-                self.appendConfigWriteAudit([
-                    "result": "success",
-                    "configPath": url.path,
-                    "existsBefore": previousData != nil,
-                    "previousBytes": previousBytes ?? NSNull(),
-                    "nextBytes": nextBytes,
-                    "previousDev": self.fileSystemNumber(previousAttributes?[.systemNumber]) ?? NSNull(),
-                    "nextDev": self.fileSystemNumber(nextAttributes?[.systemNumber]) ?? NSNull(),
-                    "previousIno": self.fileSystemNumber(previousAttributes?[.systemFileNumber]) ?? NSNull(),
-                    "nextIno": self.fileSystemNumber(nextAttributes?[.systemFileNumber]) ?? NSNull(),
-                    "previousMode": self.posixMode(previousAttributes?[.posixPermissions]) ?? NSNull(),
-                    "nextMode": self.posixMode(nextAttributes?[.posixPermissions]) ?? NSNull(),
-                    "previousNlink": self.fileAttributeInt(previousAttributes?[.referenceCount]) ?? NSNull(),
-                    "nextNlink": self.fileAttributeInt(nextAttributes?[.referenceCount]) ?? NSNull(),
-                    "previousUid": self.fileAttributeInt(previousAttributes?[.ownerAccountID]) ?? NSNull(),
-                    "nextUid": self.fileAttributeInt(nextAttributes?[.ownerAccountID]) ?? NSNull(),
-                    "previousGid": self.fileAttributeInt(previousAttributes?[.groupOwnerAccountID]) ?? NSNull(),
-                    "nextGid": self.fileAttributeInt(nextAttributes?[.groupOwnerAccountID]) ?? NSNull(),
-                    "hasMetaBefore": hadMetaBefore,
-                    "hasMetaAfter": self.hasMeta(output),
-                    "gatewayModeBefore": gatewayModeBefore ?? NSNull(),
-                    "gatewayModeAfter": gatewayModeAfter ?? NSNull(),
-                    "preservedGatewayAuth": preservedGatewayAuth,
-                    "suspicious": suspicious,
-                ])
                 self.observeConfigRead(data: data, root: output, configURL: url, valid: true)
                 return true
             } catch {
                 self.logger.error("config save failed: \(error.localizedDescription)")
-                self.appendConfigWriteAudit([
-                    "result": "failed",
-                    "configPath": url.path,
-                    "existsBefore": previousData != nil,
-                    "previousBytes": previousBytes ?? NSNull(),
-                    "nextBytes": NSNull(),
-                    "hasMetaBefore": hadMetaBefore,
-                    "hasMetaAfter": self.hasMeta(output),
-                    "gatewayModeBefore": gatewayModeBefore ?? NSNull(),
-                    "gatewayModeAfter": self.gatewayMode(output) ?? NSNull(),
-                    "preservedGatewayAuth": preservedGatewayAuth,
-                    "suspicious": preservedGatewayAuth ? ["gateway-auth-preserved"] : [],
-                    "error": error.localizedDescription,
-                ])
                 return false
             }
         }
@@ -471,43 +404,36 @@ enum OpenClawConfigFile {
         }
     }
 
-    private static func configAuditLogURL() -> URL {
-        self.stateDirURL()
-            .appendingPathComponent("logs", isDirectory: true)
-            .appendingPathComponent(self.configAuditFileName, isDirectory: false)
-    }
-
-    private static func configHealthStateURL() -> URL {
-        self.stateDirURL()
-            .appendingPathComponent("logs", isDirectory: true)
-            .appendingPathComponent(self.configHealthFileName, isDirectory: false)
-    }
-
     private static func readConfigHealthState() -> [String: Any] {
-        let url = self.configHealthStateURL()
-        guard let data = try? Data(contentsOf: url),
+        let persisted = OpenClawSQLiteStateStore.readConfigHealthState()
+        if !persisted.isEmpty {
+            self.configHealthState = persisted
+            return persisted
+        }
+        if let legacy = self.readLegacyConfigHealthState(), !legacy.isEmpty {
+            self.configHealthState = legacy
+            try? OpenClawSQLiteStateStore.writeConfigHealthState(legacy)
+            return legacy
+        }
+        return self.configHealthState
+    }
+
+    private static func readLegacyConfigHealthState() -> [String: Any]? {
+        let url = self.stateDirURL()
+            .appendingPathComponent("logs", isDirectory: true)
+            .appendingPathComponent(self.legacyConfigHealthFileName)
+        guard FileManager().fileExists(atPath: url.path),
+              let data = try? Data(contentsOf: url),
               let root = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
         else {
-            return [:]
+            return nil
         }
         return root
     }
 
     private static func writeConfigHealthState(_ root: [String: Any]) {
-        guard JSONSerialization.isValidJSONObject(root),
-              let data = try? JSONSerialization.data(withJSONObject: root, options: [.prettyPrinted, .sortedKeys])
-        else {
-            return
-        }
-        let url = self.configHealthStateURL()
-        do {
-            try FileManager().createDirectory(
-                at: url.deletingLastPathComponent(),
-                withIntermediateDirectories: true)
-            try data.write(to: url, options: [.atomic])
-        } catch {
-            // best-effort
-        }
+        self.configHealthState = root
+        try? OpenClawSQLiteStateStore.writeConfigHealthState(root)
     }
 
     private static func configHealthEntry(state: [String: Any], configPath: String) -> [String: Any] {
@@ -622,16 +548,6 @@ enum OpenClawConfigFile {
         return reasons
     }
 
-    private static func readConfigFingerprint(at url: URL) -> [String: Any]? {
-        guard let data = try? Data(contentsOf: url) else { return nil }
-        let root = self.parseConfigData(data)
-        return self.configFingerprint(
-            data: data,
-            root: root,
-            configURL: url,
-            observedAt: ISO8601DateFormatter().string(from: Date()))
-    }
-
     private static func configTimestampToken(_ timestamp: String) -> String {
         timestamp.replacingOccurrences(of: ":", with: "-")
             .replacingOccurrences(of: ".", with: "-")
@@ -698,130 +614,14 @@ enum OpenClawConfigFile {
             return
         }
 
-        let backup = self.readConfigFingerprint(
-            at: configURL.deletingLastPathComponent().appendingPathComponent("\(configURL.lastPathComponent).bak"))
-        let clobberedPath = self.persistClobberedSnapshot(
+        _ = self.persistClobberedSnapshot(
             data: data,
             configURL: configURL,
             observedAt: observedAt)
         self.logger.warning("config observe anomaly (\(suspicious.joined(separator: ", "))) at \(configURL.path)")
-        self.appendConfigObserveAudit([
-            "phase": "read",
-            "configPath": configURL.path,
-            "exists": true,
-            "valid": valid,
-            "hash": current["hash"] ?? NSNull(),
-            "bytes": current["bytes"] ?? NSNull(),
-            "mtimeMs": current["mtimeMs"] ?? NSNull(),
-            "ctimeMs": current["ctimeMs"] ?? NSNull(),
-            "dev": current["dev"] ?? NSNull(),
-            "ino": current["ino"] ?? NSNull(),
-            "mode": current["mode"] ?? NSNull(),
-            "nlink": current["nlink"] ?? NSNull(),
-            "uid": current["uid"] ?? NSNull(),
-            "gid": current["gid"] ?? NSNull(),
-            "hasMeta": current["hasMeta"] ?? false,
-            "gatewayMode": current["gatewayMode"] ?? NSNull(),
-            "suspicious": suspicious,
-            "lastKnownGoodHash": lastKnownGood?["hash"] ?? NSNull(),
-            "lastKnownGoodBytes": lastKnownGood?["bytes"] ?? NSNull(),
-            "lastKnownGoodMtimeMs": lastKnownGood?["mtimeMs"] ?? NSNull(),
-            "lastKnownGoodCtimeMs": lastKnownGood?["ctimeMs"] ?? NSNull(),
-            "lastKnownGoodDev": lastKnownGood?["dev"] ?? NSNull(),
-            "lastKnownGoodIno": lastKnownGood?["ino"] ?? NSNull(),
-            "lastKnownGoodMode": lastKnownGood?["mode"] ?? NSNull(),
-            "lastKnownGoodNlink": lastKnownGood?["nlink"] ?? NSNull(),
-            "lastKnownGoodUid": lastKnownGood?["uid"] ?? NSNull(),
-            "lastKnownGoodGid": lastKnownGood?["gid"] ?? NSNull(),
-            "lastKnownGoodGatewayMode": lastKnownGood?["gatewayMode"] ?? NSNull(),
-            "backupHash": backup?["hash"] ?? NSNull(),
-            "backupBytes": backup?["bytes"] ?? NSNull(),
-            "backupMtimeMs": backup?["mtimeMs"] ?? NSNull(),
-            "backupCtimeMs": backup?["ctimeMs"] ?? NSNull(),
-            "backupDev": backup?["dev"] ?? NSNull(),
-            "backupIno": backup?["ino"] ?? NSNull(),
-            "backupMode": backup?["mode"] ?? NSNull(),
-            "backupNlink": backup?["nlink"] ?? NSNull(),
-            "backupUid": backup?["uid"] ?? NSNull(),
-            "backupGid": backup?["gid"] ?? NSNull(),
-            "backupGatewayMode": backup?["gatewayMode"] ?? NSNull(),
-            "clobberedPath": clobberedPath ?? NSNull(),
-        ])
         var nextEntry = entry
         nextEntry["lastObservedSuspiciousSignature"] = signature
         state = self.setConfigHealthEntry(state: state, configPath: configURL.path, entry: nextEntry)
         self.writeConfigHealthState(state)
     }
-
-    private static func appendConfigWriteAudit(_ fields: [String: Any]) {
-        var record: [String: Any] = [
-            "ts": ISO8601DateFormatter().string(from: Date()),
-            "source": "macos-openclaw-config-file",
-            "event": "config.write",
-            "pid": ProcessInfo.processInfo.processIdentifier,
-            "argv": Array(ProcessInfo.processInfo.arguments.prefix(8)),
-        ]
-        for (key, value) in fields {
-            record[key] = value is NSNull ? NSNull() : value
-        }
-        guard JSONSerialization.isValidJSONObject(record),
-              let data = try? JSONSerialization.data(withJSONObject: record)
-        else {
-            return
-        }
-        var line = Data()
-        line.append(data)
-        line.append(0x0A)
-        let logURL = self.configAuditLogURL()
-        do {
-            try FileManager().createDirectory(
-                at: logURL.deletingLastPathComponent(),
-                withIntermediateDirectories: true)
-            if !FileManager().fileExists(atPath: logURL.path) {
-                FileManager().createFile(atPath: logURL.path, contents: nil)
-            }
-            let handle = try FileHandle(forWritingTo: logURL)
-            defer { try? handle.close() }
-            try handle.seekToEnd()
-            try handle.write(contentsOf: line)
-        } catch {
-            // best-effort
-        }
-    }
-
-    private static func appendConfigObserveAudit(_ fields: [String: Any]) {
-        var record: [String: Any] = [
-            "ts": ISO8601DateFormatter().string(from: Date()),
-            "source": "macos-openclaw-config-file",
-            "event": "config.observe",
-            "pid": ProcessInfo.processInfo.processIdentifier,
-            "argv": Array(ProcessInfo.processInfo.arguments.prefix(8)),
-        ]
-        for (key, value) in fields {
-            record[key] = value is NSNull ? NSNull() : value
-        }
-        guard JSONSerialization.isValidJSONObject(record),
-              let data = try? JSONSerialization.data(withJSONObject: record)
-        else {
-            return
-        }
-        var line = Data()
-        line.append(data)
-        line.append(0x0A)
-        let logURL = self.configAuditLogURL()
-        do {
-            try FileManager().createDirectory(
-                at: logURL.deletingLastPathComponent(),
-                withIntermediateDirectories: true)
-            if !FileManager().fileExists(atPath: logURL.path) {
-                FileManager().createFile(atPath: logURL.path, contents: nil)
-            }
-            let handle = try FileHandle(forWritingTo: logURL)
-            defer { try? handle.close() }
-            try handle.seekToEnd()
-            try handle.write(contentsOf: line)
-        } catch {
-            // best-effort
-        }
-    }
 }

apps/macos/Sources/OpenClaw/PortGuardian.swift

@@ -1,4 +1,5 @@
 import Foundation
+import OpenClawKit
 import OSLog
 #if canImport(Darwin)
 import Darwin
@@ -26,17 +27,9 @@ actor PortGuardian {
     #if DEBUG
     private var testingDescriptors: [Int: Descriptor] = [:]
     #endif
-    private nonisolated static let appSupportDir: URL = {
-        let base = FileManager().urls(for: .applicationSupportDirectory, in: .userDomainMask).first!
-        return base.appendingPathComponent("OpenClaw", isDirectory: true)
-    }()
-
-    private nonisolated static var recordPath: URL {
-        self.appSupportDir.appendingPathComponent("port-guard.json", isDirectory: false)
-    }
 
     init() {
-        self.records = Self.loadRecords(from: Self.recordPath)
+        self.records = Self.loadRecords()
     }
 
     func sweep(mode: AppState.ConnectionMode) async {
@@ -82,7 +75,6 @@ actor PortGuardian {
     }
 
     func record(port: Int, pid: Int32, command: String, mode: AppState.ConnectionMode) async {
-        try? FileManager().createDirectory(at: Self.appSupportDir, withIntermediateDirectories: true)
         self.records.removeAll { $0.pid == pid }
         self.records.append(
             Record(
@@ -401,16 +393,27 @@ actor PortGuardian {
         return await self.probeGatewayHealth(port: port)
     }
 
-    private static func loadRecords(from url: URL) -> [Record] {
-        guard let data = try? Data(contentsOf: url),
-              let decoded = try? JSONDecoder().decode([Record].self, from: data)
-        else { return [] }
-        return decoded
+    private static func loadRecords() -> [Record] {
+        OpenClawSQLiteStateStore.readPortGuardianRecords().map { row in
+            Record(
+                port: row.port,
+                pid: row.pid,
+                command: row.command,
+                mode: row.mode,
+                timestamp: row.timestamp)
+        }
     }
 
     private func save() {
-        guard let data = try? JSONEncoder().encode(self.records) else { return }
-        try? data.write(to: Self.recordPath, options: [.atomic])
+        try? OpenClawSQLiteStateStore.replacePortGuardianRecords(
+            self.records.map { record in
+                OpenClawSQLitePortGuardianRecord(
+                    port: record.port,
+                    pid: record.pid,
+                    command: record.command,
+                    mode: record.mode,
+                    timestamp: record.timestamp)
+            })
     }
 }
 

apps/macos/Sources/OpenClaw/SessionActions.swift

@@ -28,7 +28,7 @@ enum SessionActions {
     static func deleteSession(key: String) async throws {
         _ = try await ControlChannel.shared.request(
             method: "sessions.delete",
-            params: ["key": AnyHashable(key), "deleteTranscript": AnyHashable(true)])
+            params: ["key": AnyHashable(key)])
     }
 
     static func compactSession(key: String, maxLines: Int = 400) async throws {
@@ -57,35 +57,4 @@ enum SessionActions {
         alert.alertStyle = .warning
         alert.runModal()
     }
-
-    @MainActor
-    static func openSessionLogInCode(sessionId: String, storePath: String?) {
-        let candidates: [URL] = {
-            var urls: [URL] = []
-            if let storePath, !storePath.isEmpty {
-                let dir = URL(fileURLWithPath: storePath).deletingLastPathComponent()
-                urls.append(dir.appendingPathComponent("\(sessionId).jsonl"))
-            }
-            urls.append(OpenClawPaths.stateDirURL.appendingPathComponent("sessions/\(sessionId).jsonl"))
-            return urls
-        }()
-
-        let existing = candidates.first(where: { FileManager().fileExists(atPath: $0.path) })
-        guard let url = existing else {
-            let alert = NSAlert()
-            alert.messageText = "Session log not found"
-            alert.informativeText = sessionId
-            alert.runModal()
-            return
-        }
-
-        let proc = Process()
-        proc.launchPath = "/usr/bin/env"
-        proc.arguments = ["code", url.path]
-        if (try? proc.run()) != nil {
-            return
-        }
-
-        NSWorkspace.shared.activateFileViewerSelecting([url])
-    }
 }

apps/macos/Sources/OpenClaw/SessionData.swift

@@ -28,10 +28,38 @@ struct GatewaySessionEntryRecord: Codable {
 
 struct GatewaySessionsListResponse: Codable {
     let ts: Double?
-    let path: String
+    let databasePath: String
     let count: Int
     let defaults: GatewaySessionDefaultsRecord?
     let sessions: [GatewaySessionEntryRecord]
+
+    private enum CodingKeys: String, CodingKey {
+        case ts
+        case databasePath
+        case path
+        case count
+        case defaults
+        case sessions
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.ts = try container.decodeIfPresent(Double.self, forKey: .ts)
+        self.databasePath = try container.decodeIfPresent(String.self, forKey: .databasePath)
+            ?? container.decode(String.self, forKey: .path)
+        self.count = try container.decode(Int.self, forKey: .count)
+        self.defaults = try container.decodeIfPresent(GatewaySessionDefaultsRecord.self, forKey: .defaults)
+        self.sessions = try container.decode([GatewaySessionEntryRecord].self, forKey: .sessions)
+    }
+
+    func encode(to encoder: Encoder) throws {
+        var container = encoder.container(keyedBy: CodingKeys.self)
+        try container.encodeIfPresent(self.ts, forKey: .ts)
+        try container.encode(self.databasePath, forKey: .databasePath)
+        try container.encode(self.count, forKey: .count)
+        try container.encodeIfPresent(self.defaults, forKey: .defaults)
+        try container.encode(self.sessions, forKey: .sessions)
+    }
 }
 
 struct SessionTokenStats {
@@ -245,7 +273,7 @@ enum SessionLoadError: LocalizedError {
 }
 
 struct SessionStoreSnapshot {
-    let storePath: String
+    let databasePath: String
     let defaults: SessionDefaults
     let rows: [SessionRow]
 }
@@ -255,9 +283,9 @@ enum SessionLoader {
     static let fallbackModel = "claude-opus-4-6"
     static let fallbackContextTokens = 200_000
 
-    static let defaultStorePath = standardize(
+    static let defaultDatabasePath = standardize(
         OpenClawPaths.stateDirURL
-            .appendingPathComponent("sessions/sessions.json").path)
+            .appendingPathComponent("agents/main/agent/openclaw-agent.sqlite").path)
 
     static func loadSnapshot(
         activeMinutes: Int? = nil,
@@ -326,7 +354,7 @@ enum SessionLoader {
                 model: model)
         }.sorted { ($0.updatedAt ?? .distantPast) > ($1.updatedAt ?? .distantPast) }
 
-        return SessionStoreSnapshot(storePath: decoded.path, defaults: defaults, rows: rows)
+        return SessionStoreSnapshot(databasePath: decoded.databasePath, defaults: defaults, rows: rows)
     }
 
     static func loadRows() async throws -> [SessionRow] {

apps/macos/Sources/OpenClaw/VoiceWakeChime.swift

@@ -53,11 +53,6 @@ enum VoiceWakeChimePlayer {
         } else {
             self.logger.log(level: .info, "chime play")
         }
-        DiagnosticsFileLog.shared.log(category: "voicewake.chime", event: "play", fields: [
-            "reason": reason ?? "",
-            "chime": chime.displayLabel,
-            "systemName": chime.systemName ?? "",
-        ])
         SoundEffectPlayer.play(sound)
     }
 

apps/macos/Sources/OpenClaw/VoiceWakeRuntime.swift

@@ -225,10 +225,6 @@ actor VoiceWakeRuntime {
                 "voicewake runtime input preferred=\(preferred, privacy: .public) " +
                     "\(AudioInputDeviceObserver.defaultInputDeviceSummary(), privacy: .public)")
             self.logger.info("voicewake runtime started")
-            DiagnosticsFileLog.shared.log(category: "voicewake.runtime", event: "started", fields: [
-                "locale": config.localeID ?? "",
-                "micID": config.micID ?? "",
-            ])
         } catch {
             self.logger.error("voicewake runtime failed to start: \(error.localizedDescription, privacy: .public)")
             self.stop()
@@ -259,7 +255,6 @@ actor VoiceWakeRuntime {
         self.activeTriggerEndTime = nil
         self.activeTriggerWord = nil
         self.logger.debug("voicewake runtime stopped")
-        DiagnosticsFileLog.shared.log(category: "voicewake.runtime", event: "stopped")
 
         let token = self.overlayToken
         self.overlayToken = nil
@@ -567,7 +562,6 @@ actor VoiceWakeRuntime {
         // (mirrors the push-to-talk coordination pattern).
         if config.triggersTalkMode {
             self.logger.info("voicewake trigger -> activating Talk Mode (skipping capture)")
-            DiagnosticsFileLog.shared.log(category: "voicewake.runtime", event: "triggerTalkMode")
             if config.triggerChime != .none {
                 await MainActor.run { VoiceWakeChimePlayer.play(config.triggerChime, reason: "voicewake.trigger") }
             }
@@ -577,7 +571,6 @@ actor VoiceWakeRuntime {
         }
         self.listeningState = .voiceWake
         self.isCapturing = true
-        DiagnosticsFileLog.shared.log(category: "voicewake.runtime", event: "beginCapture")
         self.capturedTranscript = command
         self.committedTranscript = ""
         self.volatileTranscript = command
@@ -653,9 +646,7 @@ actor VoiceWakeRuntime {
         self.captureTask = nil
 
         let finalTranscript = self.capturedTranscript.trimmingCharacters(in: .whitespacesAndNewlines)
-        DiagnosticsFileLog.shared.log(category: "voicewake.runtime", event: "finalizeCapture", fields: [
-            "finalLen": "\(finalTranscript.count)",
-        ])
+        self.logger.info("voicewake capture finalized len=\(finalTranscript.count)")
         // Stop further recognition events so we don't retrigger immediately with buffered audio.
         self.haltRecognitionPipeline()
         self.capturedTranscript = ""

apps/macos/Sources/OpenClaw/WebChatSwiftUI.swift

@@ -76,7 +76,7 @@ struct MacGatewayChatTransport: OpenClawChatTransport {
             mainSessionKey: mainSessionKey)
         return OpenClawChatSessionsListResponse(
             ts: decoded.ts,
-            path: decoded.path,
+            databasePath: decoded.databasePath,
             count: decoded.count,
             defaults: defaults,
             sessions: decoded.sessions)

apps/macos/Tests/OpenClawIPCTests/CommandResolverTests.swift

@@ -48,7 +48,7 @@ import Testing
         let nodePath = tmp.appendingPathComponent("node_modules/.bin/node")
         let scriptPath = tmp.appendingPathComponent("bin/openclaw.js")
         try makeExecutableForTests(at: nodePath)
-        try "#!/bin/sh\necho v22.19.0\n".write(to: nodePath, atomically: true, encoding: .utf8)
+        try "#!/bin/sh\necho v24.0.0\n".write(to: nodePath, atomically: true, encoding: .utf8)
         try FileManager().setAttributes([.posixPermissions: 0o755], ofItemAtPath: nodePath.path)
         try makeExecutableForTests(at: scriptPath)
 

apps/macos/Tests/OpenClawIPCTests/ExecApprovalsStoreRefactorTests.swift

@@ -1,4 +1,5 @@
 import Foundation
+import SQLite3
 import Testing
 @testable import OpenClaw
 
@@ -17,16 +18,54 @@ struct ExecApprovalsStoreRefactorTests {
     }
 
     @Test
-    func `ensure file skips rewrite when unchanged`() async throws {
-        try await self.withTempStateDir { _ in
-            _ = ExecApprovalsStore.ensureFile()
-            let url = ExecApprovalsStore.fileURL()
-            let firstIdentity = try Self.fileIdentity(at: url)
+    func `ensure state stores approvals in sqlite without json sidecar`() async throws {
+        try await self.withTempStateDir { stateDir in
+            _ = ExecApprovalsStore.ensureState()
+            let firstSnapshot = ExecApprovalsStore.readSnapshot()
 
-            _ = ExecApprovalsStore.ensureFile()
-            let secondIdentity = try Self.fileIdentity(at: url)
+            _ = ExecApprovalsStore.ensureState()
+            let secondSnapshot = ExecApprovalsStore.readSnapshot()
 
-            #expect(firstIdentity == secondIdentity)
+            #expect(firstSnapshot.hash == secondSnapshot.hash)
+            #expect(firstSnapshot.path.contains("openclaw.sqlite#table/exec_approvals_config/current"))
+            #expect(FileManager().fileExists(atPath: ExecApprovalsStore.databaseURL().path))
+            #expect(!FileManager().fileExists(atPath: stateDir.appendingPathComponent("exec-approvals.json").path))
+            let storedRaw = try Self.readStoredApprovalsRaw()
+            #expect(storedRaw?.contains("\"version\" : 1") == true)
+        }
+    }
+
+    @Test
+    func `ensure state imports legacy json approvals before sqlite defaults`() async throws {
+        try await self.withTempStateDir { stateDir in
+            try FileManager().createDirectory(at: stateDir, withIntermediateDirectories: true)
+            let legacyURL = stateDir.appendingPathComponent("exec-approvals.json")
+            try """
+                {
+                  "version": 1,
+                  "socket": { "path": "/tmp/legacy.sock", "token": "legacy-token" },
+                  "defaults": { "security": "allowlist", "ask": "on-miss" },
+                  "agents": {
+                    "main": {
+                      "allowlist": [
+                        { "id": "00000000-0000-0000-0000-000000000001", "pattern": "/usr/bin/rg" }
+                      ]
+                    }
+                  }
+                }
+
+                """.write(to: legacyURL, atomically: true, encoding: .utf8)
+
+            let ensured = ExecApprovalsStore.ensureState()
+
+            #expect(ensured.socket?.path == "/tmp/legacy.sock")
+            #expect(ensured.socket?.token == "legacy-token")
+            #expect(ensured.defaults?.security == .allowlist)
+            #expect(ensured.defaults?.ask == .onMiss)
+            #expect(ensured.agents?["main"]?.allowlist?.map(\.pattern) == ["/usr/bin/rg"])
+            #expect(!FileManager().fileExists(atPath: legacyURL.path))
+            let storedRaw = try Self.readStoredApprovalsRaw()
+            #expect(storedRaw?.contains("legacy-token") == true)
         }
     }
 
@@ -66,24 +105,38 @@ struct ExecApprovalsStoreRefactorTests {
     }
 
     @Test
-    func `ensure file hardens state directory permissions`() async throws {
+    func `ensure state hardens state directory permissions`() async throws {
         try await self.withTempStateDir { stateDir in
             try FileManager().createDirectory(at: stateDir, withIntermediateDirectories: true)
             try FileManager().setAttributes([.posixPermissions: 0o755], ofItemAtPath: stateDir.path)
 
-            _ = ExecApprovalsStore.ensureFile()
+            _ = ExecApprovalsStore.ensureState()
             let attrs = try FileManager().attributesOfItem(atPath: stateDir.path)
             let permissions = (attrs[.posixPermissions] as? NSNumber)?.intValue ?? -1
             #expect(permissions & 0o777 == 0o700)
         }
     }
 
-    private static func fileIdentity(at url: URL) throws -> Int {
-        let attributes = try FileManager().attributesOfItem(atPath: url.path)
-        guard let identifier = (attributes[.systemFileNumber] as? NSNumber)?.intValue else {
-            struct MissingIdentifierError: Error {}
-            throw MissingIdentifierError()
+    private static func readStoredApprovalsRaw() throws -> String? {
+        var db: OpaquePointer?
+        guard sqlite3_open_v2(ExecApprovalsStore.databaseURL().path, &db, SQLITE_OPEN_READONLY, nil) == SQLITE_OK
+        else {
+            defer { sqlite3_close(db) }
+            throw NSError(domain: "ExecApprovalsStoreRefactorTests", code: 1)
         }
-        return identifier
+        defer { sqlite3_close(db) }
+
+        let sql = "SELECT raw_json FROM exec_approvals_config WHERE config_key = 'current'"
+        var statement: OpaquePointer?
+        guard sqlite3_prepare_v2(db, sql, -1, &statement, nil) == SQLITE_OK else {
+            defer { sqlite3_finalize(statement) }
+            throw NSError(domain: "ExecApprovalsStoreRefactorTests", code: 2)
+        }
+        defer { sqlite3_finalize(statement) }
+
+        guard sqlite3_step(statement) == SQLITE_ROW, let rawText = sqlite3_column_text(statement, 0) else {
+            return nil
+        }
+        return String(cString: UnsafeRawPointer(rawText).assumingMemoryBound(to: CChar.self))
     }
 }

apps/macos/Tests/OpenClawIPCTests/HealthDecodeTests.swift

@@ -5,7 +5,7 @@ import Testing
 struct HealthDecodeTests {
     private let sampleJSON: String = // minimal but complete payload
         """
-        {"ts":1733622000,"durationMs":420,"channels":{"whatsapp":{"linked":true,"authAgeMs":120000},"telegram":{"configured":true,"probe":{"ok":true,"elapsedMs":800}}},"channelOrder":["whatsapp","telegram"],"heartbeatSeconds":60,"sessions":{"path":"/tmp/sessions.json","count":1,"recent":[{"key":"abc","updatedAt":1733621900,"age":120000}]}}
+        {"ts":1733622000,"durationMs":420,"channels":{"whatsapp":{"linked":true,"authAgeMs":120000},"telegram":{"configured":true,"probe":{"ok":true,"elapsedMs":800}}},"channelOrder":["whatsapp","telegram"],"heartbeatSeconds":60,"sessions":{"databasePath":"/tmp/openclaw-agent.sqlite","count":1,"recent":[{"key":"abc","updatedAt":1733621900,"age":120000}]}}
         """
 
     @Test func `decodes clean JSON`() {
@@ -29,4 +29,22 @@ struct HealthDecodeTests {
 
         #expect(snap == nil)
     }
+
+    @Test func `sessions list decodes legacy path field`() throws {
+        let data = Data(
+            #"{"ts":1733622000,"path":"/tmp/sessions.json","count":0,"sessions":[]}"#.utf8)
+        let decoded = try JSONDecoder().decode(GatewaySessionsListResponse.self, from: data)
+
+        #expect(decoded.databasePath == "/tmp/sessions.json")
+    }
+
+    @Test func `health sessions decode legacy path field`() {
+        let data = Data(
+            """
+            {"ts":1733622000,"durationMs":420,"channels":{},"channelOrder":[],"heartbeatSeconds":60,"sessions":{"path":"/tmp/sessions.json","count":0,"recent":[]}}
+            """.utf8)
+        let snap = decodeHealthSnapshot(from: data)
+
+        #expect(snap?.sessions.databasePath == "/tmp/sessions.json")
+    }
 }

apps/macos/Tests/OpenClawIPCTests/HealthStoreStateTests.swift

@@ -25,7 +25,7 @@ struct HealthStoreStateTests {
             channelOrder: ["whatsapp"],
             channelLabels: ["whatsapp": "WhatsApp"],
             heartbeatSeconds: 60,
-            sessions: .init(path: "/tmp/sessions.json", count: 0, recent: []))
+            sessions: .init(databasePath: "/tmp/openclaw-agent.sqlite", count: 0, recent: []))
 
         let store = HealthStore.shared
         store.__setSnapshotForTest(snap, lastError: nil)

apps/macos/Tests/OpenClawIPCTests/MenuSessionsInjectorTests.swift

@@ -82,7 +82,7 @@ struct MenuSessionsInjectorTests {
                 model: "claude-opus-4-6"),
         ]
         let snapshot = SessionStoreSnapshot(
-            storePath: "/tmp/sessions.json",
+            databasePath: "/tmp/openclaw-agent.sqlite",
             defaults: defaults,
             rows: rows)
         injector.setTestingSnapshot(snapshot, errorText: nil)
@@ -97,7 +97,7 @@ struct MenuSessionsInjectorTests {
                     plan: "Pro",
                     error: nil),
                 GatewayUsageProvider(
-                    provider: "openai-codex",
+                    provider: "openai",
                     displayName: "Codex",
                     windows: [GatewayUsageWindow(label: "day", usedPercent: 3, resetAt: nil)],
                     plan: nil,

apps/macos/Tests/OpenClawIPCTests/OpenClawConfigFileTests.swift

@@ -11,6 +11,23 @@ struct OpenClawConfigFileTests {
             .path
     }
 
+    private func legacyConfigSidecarURLs(in stateDir: URL) -> (audit: URL, health: URL) {
+        let logsDir = stateDir.appendingPathComponent("logs", isDirectory: true)
+        return (
+            logsDir.appendingPathComponent("config-audit.jsonl"),
+            logsDir.appendingPathComponent("config-health.json")
+        )
+    }
+
+    private func configRecoveryFile(
+        in directory: URL,
+        configName: String,
+        marker: String) throws -> URL?
+    {
+        try FileManager().contentsOfDirectory(at: directory, includingPropertiesForKeys: nil)
+            .first { $0.lastPathComponent.hasPrefix("\(configName).\(marker).") }
+    }
+
     @Test
     func `config path respects env override`() async {
         let override = self.makeConfigOverridePath()
@@ -121,11 +138,11 @@ struct OpenClawConfigFileTests {
 
     @MainActor
     @Test
-    func `save dict appends config audit log`() async throws {
+    func `save dict does not write config state sidecars`() async throws {
         let stateDir = FileManager().temporaryDirectory
             .appendingPathComponent("openclaw-state-\(UUID().uuidString)", isDirectory: true)
         let configPath = stateDir.appendingPathComponent("openclaw.json")
-        let auditPath = stateDir.appendingPathComponent("logs/config-audit.jsonl")
+        let sidecars = self.legacyConfigSidecarURLs(in: stateDir)
 
         defer { try? FileManager().removeItem(at: stateDir) }
 
@@ -140,25 +157,8 @@ struct OpenClawConfigFileTests {
             let configData = try Data(contentsOf: configPath)
             let configRoot = try JSONSerialization.jsonObject(with: configData) as? [String: Any]
             #expect((configRoot?["meta"] as? [String: Any]) != nil)
-
-            let rawAudit = try String(contentsOf: auditPath, encoding: .utf8)
-            let lines = rawAudit
-                .split(whereSeparator: \.isNewline)
-                .map(String.init)
-            #expect(!lines.isEmpty)
-            guard let last = lines.last else {
-                Issue.record("Missing config audit line")
-                return
-            }
-            let auditRoot = try JSONSerialization.jsonObject(with: Data(last.utf8)) as? [String: Any]
-            #expect(auditRoot?["source"] as? String == "macos-openclaw-config-file")
-            #expect(auditRoot?["event"] as? String == "config.write")
-            #expect(auditRoot?["result"] as? String == "success")
-            #expect(auditRoot?["configPath"] as? String == configPath.path)
-            #expect(auditRoot?["previousMode"] is NSNull)
-            #expect(auditRoot?["nextMode"] is NSNumber)
-            #expect(auditRoot?["previousIno"] is NSNull)
-            #expect(auditRoot?["nextIno"] as? String != nil)
+            #expect(!FileManager().fileExists(atPath: sidecars.audit.path))
+            #expect(!FileManager().fileExists(atPath: sidecars.health.path))
         }
     }
 
@@ -268,11 +268,11 @@ struct OpenClawConfigFileTests {
 
     @MainActor
     @Test
-    func `load dict audits suspicious out-of-band clobbers`() async throws {
+    func `load dict preserves suspicious out-of-band clobbers without state sidecars`() async throws {
         let stateDir = FileManager().temporaryDirectory
             .appendingPathComponent("openclaw-state-\(UUID().uuidString)", isDirectory: true)
         let configPath = stateDir.appendingPathComponent("openclaw.json")
-        let auditPath = stateDir.appendingPathComponent("logs/config-audit.jsonl")
+        let sidecars = self.legacyConfigSidecarURLs(in: stateDir)
 
         defer { try? FileManager().removeItem(at: stateDir) }
 
@@ -306,31 +306,16 @@ struct OpenClawConfigFileTests {
                 let loaded = OpenClawConfigFile.loadDict()
                 #expect((loaded["gateway"] as? [String: Any]) == nil)
 
-                let rawAudit = try String(contentsOf: auditPath, encoding: .utf8)
-                let lines = rawAudit
-                    .split(whereSeparator: \.isNewline)
-                    .map(String.init)
-                let observeLine = lines.reversed().first { $0.contains("\"event\":\"config.observe\"") }
-                #expect(observeLine != nil)
-                guard let observeLine else {
-                    Issue.record("Missing config.observe audit line")
-                    return
-                }
-                let auditRoot = try JSONSerialization.jsonObject(with: Data(observeLine.utf8)) as? [String: Any]
-                #expect(auditRoot?["source"] as? String == "macos-openclaw-config-file")
-                #expect(auditRoot?["configPath"] as? String == configPath.path)
-                #expect(auditRoot?["mode"] is NSNumber)
-                #expect(auditRoot?["ino"] as? String != nil)
-                #expect(auditRoot?["lastKnownGoodMode"] is NSNumber)
-                #expect(auditRoot?["backupMode"] is NSNull)
-                let suspicious = auditRoot?["suspicious"] as? [String] ?? []
-                #expect(suspicious.contains("gateway-mode-missing-vs-last-good"))
-                #expect(suspicious.contains("update-channel-only-root"))
+                #expect(!FileManager().fileExists(atPath: sidecars.audit.path))
+                #expect(!FileManager().fileExists(atPath: sidecars.health.path))
 
-                let clobberedPath = auditRoot?["clobberedPath"] as? String
-                #expect(clobberedPath != nil)
-                if let clobberedPath {
-                    let preserved = try String(contentsOfFile: clobberedPath, encoding: .utf8)
+                let clobberedURL = try self.configRecoveryFile(
+                    in: configPath.deletingLastPathComponent(),
+                    configName: configPath.lastPathComponent,
+                    marker: "clobbered")
+                #expect(clobberedURL != nil)
+                if let clobberedURL {
+                    let preserved = try String(contentsOf: clobberedURL, encoding: .utf8)
                     #expect(preserved == clobbered)
                 }
             }
@@ -339,11 +324,61 @@ struct OpenClawConfigFileTests {
 
     @MainActor
     @Test
-    func `save dict records preserved gateway auth in audit`() async throws {
+    func `load dict imports legacy config health baseline`() async throws {
         let stateDir = FileManager().temporaryDirectory
             .appendingPathComponent("openclaw-state-\(UUID().uuidString)", isDirectory: true)
         let configPath = stateDir.appendingPathComponent("openclaw.json")
-        let auditPath = stateDir.appendingPathComponent("logs/config-audit.jsonl")
+        let sidecars = self.legacyConfigSidecarURLs(in: stateDir)
+
+        defer { try? FileManager().removeItem(at: stateDir) }
+
+        try FileManager().createDirectory(
+            at: sidecars.health.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        let legacyHealth: [String: Any] = [
+            "entries": [
+                configPath.path: [
+                    "lastKnownGood": [
+                        "hash": "previous-good",
+                        "bytes": 1024,
+                        "hasMeta": true,
+                        "gatewayMode": "local",
+                    ],
+                ],
+            ],
+        ]
+        let legacyData = try JSONSerialization.data(withJSONObject: legacyHealth, options: [.prettyPrinted])
+        try legacyData.write(to: sidecars.health)
+        try """
+        {
+          "update": {
+            "channel": "beta"
+          }
+        }
+        """.write(to: configPath, atomically: true, encoding: .utf8)
+
+        try await TestIsolation.withEnvValues([
+            "OPENCLAW_STATE_DIR": stateDir.path,
+            "OPENCLAW_CONFIG_PATH": configPath.path,
+        ]) {
+            let loaded = OpenClawConfigFile.loadDict()
+            #expect(((loaded["update"] as? [String: Any])?["channel"] as? String) == "beta")
+
+            let clobberedURL = try self.configRecoveryFile(
+                in: configPath.deletingLastPathComponent(),
+                configName: configPath.lastPathComponent,
+                marker: "clobbered")
+            #expect(clobberedURL != nil)
+        }
+    }
+
+    @MainActor
+    @Test
+    func `save dict preserves gateway auth without audit sidecar`() async throws {
+        let stateDir = FileManager().temporaryDirectory
+            .appendingPathComponent("openclaw-state-\(UUID().uuidString)", isDirectory: true)
+        let configPath = stateDir.appendingPathComponent("openclaw.json")
+        let sidecars = self.legacyConfigSidecarURLs(in: stateDir)
 
         defer { try? FileManager().removeItem(at: stateDir) }
 
@@ -379,14 +414,8 @@ struct OpenClawConfigFileTests {
             #expect(auth?["mode"] as? String == "token")
             #expect(auth?["token"] as? String == "test-token") // pragma: allowlist secret
             #expect((root?["meta"] as? [String: Any]) != nil)
-
-            let rawAudit = try String(contentsOf: auditPath, encoding: .utf8)
-            let last = rawAudit.split(whereSeparator: \.isNewline).map(String.init).last
-            let auditRoot = try JSONSerialization.jsonObject(with: Data((last ?? "{}").utf8)) as? [String: Any]
-            #expect(auditRoot?["result"] as? String == "success")
-            #expect(auditRoot?["preservedGatewayAuth"] as? Bool == true)
-            let suspicious = auditRoot?["suspicious"] as? [String] ?? []
-            #expect(suspicious.contains("gateway-auth-preserved"))
+            #expect(!FileManager().fileExists(atPath: sidecars.audit.path))
+            #expect(!FileManager().fileExists(atPath: sidecars.health.path))
         }
     }
 
@@ -396,7 +425,7 @@ struct OpenClawConfigFileTests {
         let stateDir = FileManager().temporaryDirectory
             .appendingPathComponent("openclaw-state-\(UUID().uuidString)", isDirectory: true)
         let configPath = stateDir.appendingPathComponent("openclaw.json")
-        let auditPath = stateDir.appendingPathComponent("logs/config-audit.jsonl")
+        let sidecars = self.legacyConfigSidecarURLs(in: stateDir)
 
         defer { try? FileManager().removeItem(at: stateDir) }
 
@@ -428,21 +457,16 @@ struct OpenClawConfigFileTests {
             let after = try String(contentsOf: configPath, encoding: .utf8)
             #expect(after == before)
 
-            let rawAudit = try String(contentsOf: auditPath, encoding: .utf8)
-            let lines = rawAudit.split(whereSeparator: \.isNewline).map(String.init)
-            guard let last = lines.last else {
-                Issue.record("Missing rejected config audit line")
-                return
-            }
-            let auditRoot = try JSONSerialization.jsonObject(with: Data(last.utf8)) as? [String: Any]
-            #expect(auditRoot?["result"] as? String == "rejected")
-            let suspicious = auditRoot?["suspicious"] as? [String] ?? []
-            let blocking = auditRoot?["blocking"] as? [String] ?? []
-            #expect(suspicious.contains("gateway-mode-removed"))
-            #expect(blocking.contains("gateway-mode-removed"))
-            if let rejectedPath = auditRoot?["rejectedPath"] as? String {
-                #expect(FileManager().fileExists(atPath: rejectedPath))
-                let attributes = try FileManager().attributesOfItem(atPath: rejectedPath)
+            #expect(!FileManager().fileExists(atPath: sidecars.audit.path))
+            #expect(!FileManager().fileExists(atPath: sidecars.health.path))
+
+            let rejectedURL = try self.configRecoveryFile(
+                in: configPath.deletingLastPathComponent(),
+                configName: configPath.lastPathComponent,
+                marker: "rejected")
+            if let rejectedURL {
+                #expect(FileManager().fileExists(atPath: rejectedURL.path))
+                let attributes = try FileManager().attributesOfItem(atPath: rejectedURL.path)
                 let mode = attributes[.posixPermissions] as? NSNumber
                 #expect(mode?.intValue == 0o600)
             } else {

apps/macos/Tests/OpenClawIPCTests/SettingsViewSmokeTests.swift

@@ -9,7 +9,7 @@ struct SettingsViewSmokeTests {
     @Test func `cron settings builds body`() {
         let store = CronJobsStore(isPreview: true)
         store.schedulerEnabled = false
-        store.schedulerStorePath = "/tmp/openclaw-cron-store.json"
+        store.schedulerStoreKey = "default"
 
         let job1 = CronJob(
             id: "job-1",

apps/macos/Tests/OpenClawIPCTests/VoiceWakeForwarderTests.swift

@@ -25,8 +25,8 @@ import Testing
         let entry = VoiceWakeForwarder.SessionRouteEntry(
             key: "agent:main:telegram:group:6812765697",
             channel: "telegram",
-            lastChannel: "telegram",
-            lastTo: "telegram:6812765697",
+            lastChannel: nil,
+            lastTo: nil,
             deliveryContext: .init(channel: "telegram", to: "telegram:6812765697"))
 
         let opts = VoiceWakeForwarder.forwardOptions(
@@ -41,6 +41,23 @@ import Testing
         #expect(opts.channel.shouldDeliver(opts.deliver) == true)
     }
 
+    @Test func `selected forward options keep legacy session route fallback`() {
+        let entry = VoiceWakeForwarder.SessionRouteEntry(
+            key: "legacy-session",
+            channel: nil,
+            lastChannel: "telegram",
+            lastTo: "telegram:6812765697",
+            deliveryContext: nil)
+
+        let opts = VoiceWakeForwarder.forwardOptions(
+            sessionKey: entry.key,
+            routeEntry: entry)
+
+        #expect(opts.channel == .telegram)
+        #expect(opts.to == "telegram:6812765697")
+        #expect(opts.channel.shouldDeliver(opts.deliver) == true)
+    }
+
     @Test func `selected forward options parse channel scoped session fallback`() {
         let opts = VoiceWakeForwarder.forwardOptions(
             sessionKey: "agent:main:discord:channel:123:456",

apps/shared/OpenClawKit/Package.swift

@@ -13,6 +13,10 @@ let package = Package(
         .library(name: "OpenClawKit", targets: ["OpenClawKit"]),
         .library(name: "OpenClawChatUI", targets: ["OpenClawChatUI"]),
     ],
+    traits: [
+        .trait(name: "Talk", description: "ElevenLabs cloud TTS / talk support"),
+        .default(enabledTraits: ["Talk"]),
+    ],
     dependencies: [
         .package(url: "https://github.com/steipete/ElevenLabsKit", exact: "0.1.1"),
         .package(url: "https://github.com/gonzalezreal/textual", exact: "0.3.1"),
@@ -28,7 +32,7 @@ let package = Package(
             name: "OpenClawKit",
             dependencies: [
                 "OpenClawProtocol",
-                .product(name: "ElevenLabsKit", package: "ElevenLabsKit"),
+                .product(name: "ElevenLabsKit", package: "ElevenLabsKit", condition: .when(traits: ["Talk"])),
             ],
             path: "Sources/OpenClawKit",
             resources: [

apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatSessions.swift

@@ -153,20 +153,20 @@ public struct OpenClawChatSessionEntry: Codable, Identifiable, Sendable, Hashabl
 
 public struct OpenClawChatSessionsListResponse: Codable, Sendable {
     public let ts: Double?
-    public let path: String?
+    public let databasePath: String?
     public let count: Int?
     public let defaults: OpenClawChatSessionsDefaults?
     public let sessions: [OpenClawChatSessionEntry]
 
     public init(
         ts: Double?,
-        path: String?,
+        databasePath: String?,
         count: Int?,
         defaults: OpenClawChatSessionsDefaults?,
         sessions: [OpenClawChatSessionEntry])
     {
         self.ts = ts
-        self.path = path
+        self.databasePath = databasePath
         self.count = count
         self.defaults = defaults
         self.sessions = sessions

apps/shared/OpenClawKit/Sources/OpenClawKit/AudioStreamingProtocols.swift

@@ -1,3 +1,4 @@
+#if Talk
 import Foundation
 
 @MainActor
@@ -14,3 +15,4 @@ public protocol PCMStreamingAudioPlaying {
 
 extension StreamingAudioPlayer: StreamingAudioPlaying {}
 extension PCMStreamingAudioPlayer: PCMStreamingAudioPlaying {}
+#endif

apps/shared/OpenClawKit/Sources/OpenClawKit/DeviceAuthStore.swift

@@ -21,12 +21,14 @@ private struct DeviceAuthStoreFile: Codable {
 }
 
 public enum DeviceAuthStore {
-    private static let fileName = "device-auth.json"
+    private static let legacyFileName = "device-auth.json"
+    private static let androidSecurePrefsTokenMarker = "__openclaw_secure_prefs__"
 
     public static func loadToken(deviceId: String, role: String) -> DeviceAuthEntry? {
-        guard let store = readStore(), store.deviceId == deviceId else { return nil }
         let role = self.normalizeRole(role)
-        return store.tokens[role]
+        guard let row = OpenClawSQLiteStateStore.readDeviceAuthToken(deviceId: deviceId, role: role)
+        else { return self.loadLegacyTokenIfNoSQLiteAuthRows(deviceId: deviceId, role: role) }
+        return self.entry(from: row)
     }
 
     public static func storeToken(
@@ -36,31 +38,48 @@ public enum DeviceAuthStore {
         scopes: [String] = []) -> DeviceAuthEntry
     {
         let normalizedRole = self.normalizeRole(role)
-        var next = self.readStore()
-        if next?.deviceId != deviceId {
-            next = DeviceAuthStoreFile(version: 1, deviceId: deviceId, tokens: [:])
-        }
         let entry = DeviceAuthEntry(
             token: token,
             role: normalizedRole,
             scopes: normalizeScopes(scopes),
             updatedAtMs: Int(Date().timeIntervalSince1970 * 1000))
-        if next == nil {
-            next = DeviceAuthStoreFile(version: 1, deviceId: deviceId, tokens: [:])
-        }
-        next?.tokens[normalizedRole] = entry
-        if let store = next {
-            self.writeStore(store)
+        let currentDeviceId = OpenClawSQLiteStateStore.readLatestDeviceAuthDeviceId()
+        let legacyStoreToImport =
+            currentDeviceId == nil ? self.readLegacyStore().flatMap { $0.deviceId == deviceId ? $0 : nil } : nil
+        let sqliteDeviceChanged = currentDeviceId != nil && currentDeviceId != deviceId
+        let shouldDropLegacyStore =
+            sqliteDeviceChanged || self.readLegacyStore().map { $0.deviceId != deviceId } == true
+        do {
+            if sqliteDeviceChanged {
+                try OpenClawSQLiteStateStore.deleteAllDeviceAuthTokens()
+            }
+            if let legacyStoreToImport {
+                for legacyEntry in legacyStoreToImport.tokens.values {
+                    let normalized = self.normalizedLegacyEntry(legacyEntry)
+                    try OpenClawSQLiteStateStore.upsertDeviceAuthToken(
+                        self.row(deviceId: deviceId, entry: normalized))
+                }
+            }
+            try OpenClawSQLiteStateStore.upsertDeviceAuthToken(self.row(deviceId: deviceId, entry: entry))
+            if shouldDropLegacyStore || legacyStoreToImport != nil {
+                self.removeLegacyStore()
+            } else {
+                self.removeLegacyToken(deviceId: deviceId, role: normalizedRole)
+            }
+        } catch {
+            var fallback =
+                self.readLegacyStore().flatMap { $0.deviceId == deviceId ? $0 : nil }
+                    ?? DeviceAuthStoreFile(version: 1, deviceId: deviceId, tokens: [:])
+            fallback.tokens[normalizedRole] = entry
+            self.writeLegacyStore(fallback)
         }
         return entry
     }
 
     public static func clearToken(deviceId: String, role: String) {
-        guard var store = readStore(), store.deviceId == deviceId else { return }
         let normalizedRole = self.normalizeRole(role)
-        guard store.tokens[normalizedRole] != nil else { return }
-        store.tokens.removeValue(forKey: normalizedRole)
-        self.writeStore(store)
+        try? OpenClawSQLiteStateStore.deleteDeviceAuthToken(deviceId: deviceId, role: normalizedRole)
+        self.removeLegacyToken(deviceId: deviceId, role: normalizedRole)
     }
 
     private static func normalizeRole(_ role: String) -> String {
@@ -74,24 +93,71 @@ public enum DeviceAuthStore {
         return Array(Set(trimmed)).sorted()
     }
 
-    private static func fileURL() -> URL {
-        DeviceIdentityPaths.stateDirURL()
-            .appendingPathComponent("identity", isDirectory: true)
-            .appendingPathComponent(self.fileName, isDirectory: false)
+    private static func entry(from row: OpenClawSQLiteDeviceAuthTokenRow) -> DeviceAuthEntry? {
+        guard row.token != self.androidSecurePrefsTokenMarker else { return nil }
+        return DeviceAuthEntry(
+            token: row.token,
+            role: row.role,
+            scopes: self.decodeScopes(row.scopesJSON),
+            updatedAtMs: row.updatedAtMs)
     }
 
-    private static func readStore() -> DeviceAuthStoreFile? {
-        let url = self.fileURL()
-        guard let data = try? Data(contentsOf: url) else { return nil }
-        guard let decoded = try? JSONDecoder().decode(DeviceAuthStoreFile.self, from: data) else {
-            return nil
-        }
-        guard decoded.version == 1 else { return nil }
+    private static func normalizedLegacyEntry(_ entry: DeviceAuthEntry) -> DeviceAuthEntry {
+        DeviceAuthEntry(
+            token: entry.token,
+            role: self.normalizeRole(entry.role),
+            scopes: self.normalizeScopes(entry.scopes),
+            updatedAtMs: entry.updatedAtMs)
+    }
+
+    private static func row(deviceId: String, entry: DeviceAuthEntry) -> OpenClawSQLiteDeviceAuthTokenRow {
+        OpenClawSQLiteDeviceAuthTokenRow(
+            deviceId: deviceId,
+            role: entry.role,
+            token: entry.token,
+            scopesJSON: self.encodeScopes(entry.scopes),
+            updatedAtMs: entry.updatedAtMs)
+    }
+
+    private static func encodeScopes(_ scopes: [String]) -> String {
+        guard let data = try? JSONEncoder().encode(scopes),
+              let raw = String(data: data, encoding: .utf8)
+        else { return "[]" }
+        return raw
+    }
+
+    private static func decodeScopes(_ raw: String) -> [String] {
+        guard let data = raw.data(using: .utf8),
+              let decoded = try? JSONDecoder().decode([String].self, from: data)
+        else { return [] }
         return decoded
     }
 
-    private static func writeStore(_ store: DeviceAuthStoreFile) {
-        let url = self.fileURL()
+    private static func loadLegacyTokenIfNoSQLiteAuthRows(deviceId: String, role: String) -> DeviceAuthEntry? {
+        guard OpenClawSQLiteStateStore.readLatestDeviceAuthDeviceId() == nil else {
+            self.removeLegacyToken(deviceId: deviceId, role: role)
+            return nil
+        }
+        return self.importLegacyTokenIfNeeded(deviceId: deviceId, role: role)
+    }
+
+    private static func legacyFileURL() -> URL {
+        DeviceIdentityPaths.legacyStateDirURL()
+            .appendingPathComponent("identity", isDirectory: true)
+            .appendingPathComponent(self.legacyFileName, isDirectory: false)
+    }
+
+    private static func readLegacyStore() -> DeviceAuthStoreFile? {
+        let url = self.legacyFileURL()
+        guard let data = try? Data(contentsOf: url),
+              let decoded = try? JSONDecoder().decode(DeviceAuthStoreFile.self, from: data),
+              decoded.version == 1
+        else { return nil }
+        return decoded
+    }
+
+    private static func writeLegacyStore(_ store: DeviceAuthStoreFile) {
+        let url = self.legacyFileURL()
         do {
             try FileManager.default.createDirectory(
                 at: url.deletingLastPathComponent(),
@@ -103,4 +169,35 @@ public enum DeviceAuthStore {
             // best-effort only
         }
     }
+
+    private static func importLegacyTokenIfNeeded(deviceId: String, role: String) -> DeviceAuthEntry? {
+        guard let store = self.readLegacyStore(), store.deviceId == deviceId else { return nil }
+        do {
+            for entry in store.tokens.values {
+                let normalized = self.normalizedLegacyEntry(entry)
+                try OpenClawSQLiteStateStore.upsertDeviceAuthToken(self.row(deviceId: deviceId, entry: normalized))
+            }
+            try FileManager.default.removeItem(at: self.legacyFileURL())
+        } catch {
+            return store.tokens[role].map(self.normalizedLegacyEntry)
+        }
+        guard let row = OpenClawSQLiteStateStore.readDeviceAuthToken(deviceId: deviceId, role: role) else {
+            return nil
+        }
+        return self.entry(from: row)
+    }
+
+    private static func removeLegacyToken(deviceId: String, role: String) {
+        guard var store = self.readLegacyStore(), store.deviceId == deviceId else { return }
+        store.tokens.removeValue(forKey: role)
+        if store.tokens.isEmpty {
+            self.removeLegacyStore()
+        } else {
+            self.writeLegacyStore(store)
+        }
+    }
+
+    private static func removeLegacyStore() {
+        try? FileManager.default.removeItem(at: self.legacyFileURL())
+    }
 }

apps/shared/OpenClawKit/Sources/OpenClawKit/DeviceIdentity.swift

@@ -1,5 +1,6 @@
 import CryptoKit
 import Foundation
+import SQLite3
 
 public struct DeviceIdentity: Codable, Sendable {
     public var deviceId: String
@@ -17,8 +18,17 @@ public struct DeviceIdentity: Codable, Sendable {
 
 enum DeviceIdentityPaths {
     private static let stateDirEnv = ["OPENCLAW_STATE_DIR"]
+    #if DEBUG
+    nonisolated(unsafe) static var testingStateDirURL: URL?
+    #endif
 
     static func stateDirURL() -> URL {
+        #if DEBUG
+        if let testingStateDirURL {
+            return testingStateDirURL
+        }
+        #endif
+
         for key in self.stateDirEnv {
             if let raw = getenv(key) {
                 let value = String(cString: raw).trimmingCharacters(in: .whitespacesAndNewlines)
@@ -28,7 +38,30 @@ enum DeviceIdentityPaths {
             }
         }
 
-        if let appSupport = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first {
+        return FileManager.default.homeDirectoryForCurrentUser
+            .appendingPathComponent(".openclaw", isDirectory: true)
+    }
+
+    static func legacyStateDirURL() -> URL {
+        #if DEBUG
+        if let testingStateDirURL {
+            return testingStateDirURL
+        }
+        #endif
+
+        for key in self.stateDirEnv {
+            if let raw = getenv(key) {
+                let value = String(cString: raw).trimmingCharacters(in: .whitespacesAndNewlines)
+                if !value.isEmpty {
+                    return URL(fileURLWithPath: value, isDirectory: true)
+                }
+            }
+        }
+
+        if let appSupport = FileManager.default.urls(
+            for: .applicationSupportDirectory,
+            in: .userDomainMask).first
+        {
             return appSupport.appendingPathComponent("OpenClaw", isDirectory: true)
         }
 
@@ -37,7 +70,7 @@ enum DeviceIdentityPaths {
 }
 
 public enum DeviceIdentityStore {
-    private static let fileName = "device.json"
+    private static let identityKey = "default"
     private static let ed25519SPKIPrefix = Data([
         0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
         0x70, 0x03, 0x21, 0x00,
@@ -48,56 +81,140 @@ public enum DeviceIdentityStore {
     ])
 
     public static func loadOrCreate() -> DeviceIdentity {
-        self.loadOrCreate(fileURL: self.fileURL())
-    }
-
-    static func loadOrCreate(fileURL url: URL) -> DeviceIdentity {
-        if let data = try? Data(contentsOf: url) {
-            switch self.decodeStoredIdentity(data) {
+        let row: OpenClawSQLiteDeviceIdentityRow?
+        do {
+            row = try self.readStoredIdentityRow()
+        } catch {
+            preconditionFailure(
+                "OpenClaw device identity SQLite read failed: \(error.localizedDescription). " +
+                    "Run openclaw doctor --fix before starting runtime.")
+        }
+        if let row {
+            switch self.decodeStoredIdentity(self.storedIdentity(from: row)) {
             case .identity(let decoded):
                 return decoded
             case .recognizedInvalid:
-                return self.generate()
-            case .unknown:
-                break
+                preconditionFailure("Stored OpenClaw device identity is invalid. Run openclaw doctor --fix.")
             }
         }
+        switch self.loadLegacyIdentity() {
+        case .some(.identity(let identity)):
+            if self.save(identity) {
+                try? FileManager.default.removeItem(at: self.legacyIdentityURL())
+            }
+            return identity
+        case .some(.recognizedInvalid):
+            preconditionFailure(
+                "Legacy OpenClaw device identity exists at \(self.legacyIdentityURL().path). " +
+                    "Run openclaw doctor --fix before starting runtime.")
+        case nil:
+            break
+        }
         let identity = self.generate()
-        self.save(identity, to: url)
+        _ = self.save(identity)
         return identity
     }
 
+    static func legacyIdentityMigrationRequired() -> Bool {
+        FileManager.default.fileExists(atPath: self.legacyIdentityURL().path)
+    }
+
+    private static func legacyIdentityURL() -> URL {
+        DeviceIdentityPaths.legacyStateDirURL()
+            .appendingPathComponent("identity", isDirectory: true)
+            .appendingPathComponent("device.json", isDirectory: false)
+    }
+
     private enum DecodeResult {
         case identity(DeviceIdentity)
         case recognizedInvalid
-        case unknown
     }
 
-    private static func decodeStoredIdentity(_ data: Data) -> DecodeResult {
+    private static func readStoredIdentityRow() throws -> OpenClawSQLiteDeviceIdentityRow? {
+        try self.withSQLiteRetry {
+            try OpenClawSQLiteStateStore.readDeviceIdentityChecked(key: self.identityKey)
+        }
+    }
+
+    private static func withSQLiteRetry<T>(_ operation: () throws -> T) throws -> T {
+        var lastError: Error?
+        for attempt in 0..<3 {
+            do {
+                return try operation()
+            } catch {
+                lastError = error
+                guard attempt < 2, self.isTransientSQLiteError(error) else {
+                    throw error
+                }
+                Thread.sleep(forTimeInterval: 0.05 * Double(attempt + 1))
+            }
+        }
+        throw lastError ?? NSError(
+            domain: "OpenClawSQLiteStateStore",
+            code: Int(SQLITE_ERROR),
+            userInfo: [NSLocalizedDescriptionKey: "SQLite operation failed"])
+    }
+
+    private static func isTransientSQLiteError(_ error: Error) -> Bool {
+        let nsError = error as NSError
+        guard nsError.domain == "OpenClawSQLiteStateStore" else { return false }
+        return nsError.code == Int(SQLITE_BUSY) || nsError.code == Int(SQLITE_LOCKED)
+    }
+
+    private static func storedIdentity(from row: OpenClawSQLiteDeviceIdentityRow) -> StoredDeviceIdentity {
+        StoredDeviceIdentity(
+            version: 1,
+            deviceId: row.deviceId,
+            publicKeyPem: row.publicKeyPem,
+            privateKeyPem: row.privateKeyPem,
+            createdAtMs: row.createdAtMs)
+    }
+
+    private static func decodeStoredIdentity(_ decoded: StoredDeviceIdentity) -> DecodeResult {
+        guard decoded.version == 1,
+              let publicKeyData = self.rawPublicKey(fromPEM: decoded.publicKeyPem),
+              let privateKeyData = self.rawPrivateKey(fromPEM: decoded.privateKeyPem),
+              self.keyPairMatches(publicKeyData: publicKeyData, privateKeyData: privateKeyData)
+        else {
+            return .recognizedInvalid
+        }
+        return .identity(DeviceIdentity(
+            deviceId: self.deviceId(publicKeyData: publicKeyData),
+            publicKey: publicKeyData.base64EncodedString(),
+            privateKey: privateKeyData.base64EncodedString(),
+            createdAtMs: decoded.createdAtMs))
+    }
+
+    private static func loadLegacyIdentity() -> DecodeResult? {
+        let url = self.legacyIdentityURL()
+        guard FileManager.default.fileExists(atPath: url.path) else {
+            return nil
+        }
+        guard let data = try? Data(contentsOf: url) else {
+            return .recognizedInvalid
+        }
+        return self.decodeLegacyIdentity(data)
+    }
+
+    private static func decodeLegacyIdentity(_ data: Data) -> DecodeResult {
         let decoder = JSONDecoder()
-        if let decoded = try? decoder.decode(DeviceIdentity.self, from: data) {
-            guard let identity = self.normalizedRawIdentity(decoded) else {
-                return .recognizedInvalid
-            }
-            return .identity(identity)
+        if let stored = try? decoder.decode(StoredDeviceIdentity.self, from: data) {
+            return self.decodeStoredIdentity(stored)
         }
-
-        if let decoded = try? decoder.decode(PemDeviceIdentity.self, from: data) {
-            guard decoded.version == 1,
-                  let publicKeyData = self.rawPublicKey(fromPEM: decoded.publicKeyPem),
-                  let privateKeyData = self.rawPrivateKey(fromPEM: decoded.privateKeyPem),
-                  self.keyPairMatches(publicKeyData: publicKeyData, privateKeyData: privateKeyData)
-            else {
-                return .recognizedInvalid
-            }
-            return .identity(DeviceIdentity(
-                deviceId: self.deviceId(publicKeyData: publicKeyData),
-                publicKey: publicKeyData.base64EncodedString(),
-                privateKey: privateKeyData.base64EncodedString(),
-                createdAtMs: decoded.createdAtMs))
+        guard let decoded = try? decoder.decode(DeviceIdentity.self, from: data),
+              let publicKeyData = Data(base64Encoded: decoded.publicKey),
+              let privateKeyData = Data(base64Encoded: decoded.privateKey),
+              publicKeyData.count == 32,
+              privateKeyData.count == 32,
+              self.keyPairMatches(publicKeyData: publicKeyData, privateKeyData: privateKeyData)
+        else {
+            return .recognizedInvalid
         }
-
-        return self.hasRecognizedIdentityShape(data) ? .recognizedInvalid : .unknown
+        return .identity(DeviceIdentity(
+            deviceId: self.deviceId(publicKeyData: publicKeyData),
+            publicKey: publicKeyData.base64EncodedString(),
+            privateKey: privateKeyData.base64EncodedString(),
+            createdAtMs: decoded.createdAtMs))
     }
 
     public static func signPayload(_ payload: String, identity: DeviceIdentity) -> String? {
@@ -137,22 +254,6 @@ public enum DeviceIdentityStore {
         return self.base64UrlEncode(data)
     }
 
-    private static func normalizedRawIdentity(_ identity: DeviceIdentity) -> DeviceIdentity? {
-        guard !identity.deviceId.isEmpty,
-              let publicKeyData = Data(base64Encoded: identity.publicKey),
-              let privateKeyData = Data(base64Encoded: identity.privateKey)
-        else { return nil }
-
-        guard publicKeyData.count == 32 && privateKeyData.count == 32,
-              self.keyPairMatches(publicKeyData: publicKeyData, privateKeyData: privateKeyData)
-        else { return nil }
-        return DeviceIdentity(
-            deviceId: self.deviceId(publicKeyData: publicKeyData),
-            publicKey: identity.publicKey,
-            privateKey: identity.privateKey,
-            createdAtMs: identity.createdAtMs)
-    }
-
     private static func rawPublicKey(fromPEM pem: String) -> Data? {
         guard let der = self.derData(fromPEM: pem),
               der.count == self.ed25519SPKIPrefix.count + 32,
@@ -185,41 +286,55 @@ public enum DeviceIdentityStore {
         return Data(base64Encoded: body)
     }
 
-    private static func hasRecognizedIdentityShape(_ data: Data) -> Bool {
-        guard let object = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
-            return false
-        }
-        return object.keys.contains("publicKeyPem")
-            || object.keys.contains("privateKeyPem")
-            || object.keys.contains("publicKey")
-            || object.keys.contains("privateKey")
+    private static func pem(label: String, der: Data) -> String {
+        let chunks = stride(from: 0, to: der.count, by: 48)
+            .map { offset -> String in
+                let end = min(offset + 48, der.count)
+                return der.subdata(in: offset..<end).base64EncodedString()
+            }
+            .joined(separator: "\n")
+        return "-----BEGIN \(label)-----\n\(chunks)\n-----END \(label)-----\n"
     }
 
     private static func deviceId(publicKeyData: Data) -> String {
         SHA256.hash(data: publicKeyData).compactMap { String(format: "%02x", $0) }.joined()
     }
 
-    private static func save(_ identity: DeviceIdentity, to url: URL) {
+    @discardableResult
+    private static func save(_ identity: DeviceIdentity) -> Bool {
         do {
-            try FileManager.default.createDirectory(
-                at: url.deletingLastPathComponent(),
-                withIntermediateDirectories: true)
-            let data = try JSONEncoder().encode(identity)
-            try data.write(to: url, options: [.atomic])
+            let stored = self.storedIdentity(from: identity)
+            try self.withSQLiteRetry {
+                try OpenClawSQLiteStateStore.writeDeviceIdentity(
+                    key: self.identityKey,
+                    identity: OpenClawSQLiteDeviceIdentityRow(
+                        deviceId: stored.deviceId,
+                        publicKeyPem: stored.publicKeyPem,
+                        privateKeyPem: stored.privateKeyPem,
+                        createdAtMs: stored.createdAtMs))
+            }
+            return true
         } catch {
-            // best-effort only
+            return false
         }
     }
 
-    private static func fileURL() -> URL {
-        let base = DeviceIdentityPaths.stateDirURL()
-        return base
-            .appendingPathComponent("identity", isDirectory: true)
-            .appendingPathComponent(self.fileName, isDirectory: false)
+    private static func storedIdentity(from identity: DeviceIdentity) -> StoredDeviceIdentity {
+        guard let publicKeyData = Data(base64Encoded: identity.publicKey),
+              let privateKeyData = Data(base64Encoded: identity.privateKey)
+        else {
+            preconditionFailure("Generated OpenClaw device identity contains invalid base64")
+        }
+        return StoredDeviceIdentity(
+            version: 1,
+            deviceId: self.deviceId(publicKeyData: publicKeyData),
+            publicKeyPem: self.pem(label: "PUBLIC KEY", der: self.ed25519SPKIPrefix + publicKeyData),
+            privateKeyPem: self.pem(label: "PRIVATE KEY", der: self.ed25519PKCS8PrivatePrefix + privateKeyData),
+            createdAtMs: identity.createdAtMs)
     }
 }
 
-private struct PemDeviceIdentity: Codable {
+private struct StoredDeviceIdentity: Codable {
     var version: Int
     var deviceId: String
     var publicKeyPem: String

apps/shared/OpenClawKit/Sources/OpenClawKit/ElevenLabsKitShim.swift

@@ -1,3 +1,4 @@
+#if Talk
 @_exported import ElevenLabsKit
 
 public typealias ElevenLabsVoice = ElevenLabsKit.ElevenLabsVoice
@@ -7,3 +8,4 @@ public typealias TalkTTSValidation = ElevenLabsKit.TalkTTSValidation
 public typealias StreamingAudioPlayer = ElevenLabsKit.StreamingAudioPlayer
 public typealias PCMStreamingAudioPlayer = ElevenLabsKit.PCMStreamingAudioPlayer
 public typealias StreamingPlaybackResult = ElevenLabsKit.StreamingPlaybackResult
+#endif

apps/shared/OpenClawKit/Sources/OpenClawKit/OpenClawSQLiteStateStore.swift

@@ -0,0 +1,678 @@
+import Foundation
+import OSLog
+import SQLite3
+
+public struct OpenClawSQLiteDeviceIdentityRow: Sendable {
+    public let deviceId: String
+    public let publicKeyPem: String
+    public let privateKeyPem: String
+    public let createdAtMs: Int
+
+    public init(deviceId: String, publicKeyPem: String, privateKeyPem: String, createdAtMs: Int) {
+        self.deviceId = deviceId
+        self.publicKeyPem = publicKeyPem
+        self.privateKeyPem = privateKeyPem
+        self.createdAtMs = createdAtMs
+    }
+}
+
+public struct OpenClawSQLiteDeviceAuthTokenRow: Sendable {
+    public let deviceId: String
+    public let role: String
+    public let token: String
+    public let scopesJSON: String
+    public let updatedAtMs: Int
+
+    public init(deviceId: String, role: String, token: String, scopesJSON: String, updatedAtMs: Int) {
+        self.deviceId = deviceId
+        self.role = role
+        self.token = token
+        self.scopesJSON = scopesJSON
+        self.updatedAtMs = updatedAtMs
+    }
+}
+
+public struct OpenClawSQLitePortGuardianRecord: Sendable {
+    public let port: Int
+    public let pid: Int32
+    public let command: String
+    public let mode: String
+    public let timestamp: TimeInterval
+
+    public init(port: Int, pid: Int32, command: String, mode: String, timestamp: TimeInterval) {
+        self.port = port
+        self.pid = pid
+        self.command = command
+        self.mode = mode
+        self.timestamp = timestamp
+    }
+}
+
+public enum OpenClawSQLiteStateStore {
+    private static let logger = Logger(subsystem: "ai.openclaw", category: "sqlite-state")
+    private static let secureStateDirPermissions = 0o700
+
+    public static func databaseURL() -> URL {
+        DeviceIdentityPaths.stateDirURL()
+            .appendingPathComponent("state", isDirectory: true)
+            .appendingPathComponent("openclaw.sqlite")
+    }
+
+    public static func tableLocationForDisplay(table: String, key: String) -> String {
+        "\(self.databaseURL().path)#table/\(table)/\(key)"
+    }
+
+    public static func readDeviceIdentity(key: String = "default") -> OpenClawSQLiteDeviceIdentityRow? {
+        do {
+            return try self.readDeviceIdentityChecked(key: key)
+        } catch {
+            self.logger.warning("SQLite device identity read failed: \(error.localizedDescription, privacy: .public)")
+            return nil
+        }
+    }
+
+    static func readDeviceIdentityChecked(key: String = "default") throws -> OpenClawSQLiteDeviceIdentityRow? {
+        let db = try self.openStateDatabase()
+        defer { sqlite3_close(db) }
+
+        let sql = """
+            SELECT device_id, public_key_pem, private_key_pem, created_at_ms
+            FROM device_identities
+            WHERE identity_key = ?
+            """
+        var statement: OpaquePointer?
+        try self.prepare(db, sql, &statement)
+        defer { sqlite3_finalize(statement) }
+        self.bindText(statement, index: 1, value: key)
+
+        let status = sqlite3_step(statement)
+        if status == SQLITE_ROW,
+           let deviceId = self.columnString(statement, index: 0),
+           let publicKeyPem = self.columnString(statement, index: 1),
+           let privateKeyPem = self.columnString(statement, index: 2)
+        {
+            return OpenClawSQLiteDeviceIdentityRow(
+                deviceId: deviceId,
+                publicKeyPem: publicKeyPem,
+                privateKeyPem: privateKeyPem,
+                createdAtMs: Int(sqlite3_column_int64(statement, 3)))
+        }
+        if status == SQLITE_DONE { return nil }
+        throw self.sqliteError(db, context: "SQLite device identity read failed")
+    }
+
+    public static func writeDeviceIdentity(
+        key: String = "default",
+        identity: OpenClawSQLiteDeviceIdentityRow,
+        updatedAtMs: Int = Int(Date().timeIntervalSince1970 * 1000)) throws
+    {
+        try self.withWriteTransaction { db in
+            let sql = """
+                INSERT INTO device_identities (
+                  identity_key, device_id, public_key_pem, private_key_pem, created_at_ms, updated_at_ms
+                )
+                VALUES (?, ?, ?, ?, ?, ?)
+                ON CONFLICT(identity_key) DO UPDATE SET
+                  device_id = excluded.device_id,
+                  public_key_pem = excluded.public_key_pem,
+                  private_key_pem = excluded.private_key_pem,
+                  created_at_ms = excluded.created_at_ms,
+                  updated_at_ms = excluded.updated_at_ms
+                """
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            self.bindText(statement, index: 1, value: key)
+            self.bindText(statement, index: 2, value: identity.deviceId)
+            self.bindText(statement, index: 3, value: identity.publicKeyPem)
+            self.bindText(statement, index: 4, value: identity.privateKeyPem)
+            sqlite3_bind_int64(statement, 5, Int64(identity.createdAtMs))
+            sqlite3_bind_int64(statement, 6, Int64(updatedAtMs))
+            guard sqlite3_step(statement) == SQLITE_DONE else {
+                throw self.sqliteError(db, context: "SQLite device identity write failed")
+            }
+        }
+    }
+
+    public static func readDeviceAuthToken(deviceId: String, role: String) -> OpenClawSQLiteDeviceAuthTokenRow? {
+        do {
+            let db = try self.openStateDatabase()
+            defer { sqlite3_close(db) }
+
+            let sql = """
+                SELECT device_id, role, token, scopes_json, updated_at_ms
+                FROM device_auth_tokens
+                WHERE device_id = ? AND role = ?
+                """
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            self.bindText(statement, index: 1, value: deviceId)
+            self.bindText(statement, index: 2, value: role)
+            let status = sqlite3_step(statement)
+            if status == SQLITE_ROW,
+               let rowDeviceId = self.columnString(statement, index: 0),
+               let rowRole = self.columnString(statement, index: 1),
+               let token = self.columnString(statement, index: 2),
+               let scopesJSON = self.columnString(statement, index: 3)
+            {
+                return OpenClawSQLiteDeviceAuthTokenRow(
+                    deviceId: rowDeviceId,
+                    role: rowRole,
+                    token: token,
+                    scopesJSON: scopesJSON,
+                    updatedAtMs: Int(sqlite3_column_int64(statement, 4)))
+            }
+            if status == SQLITE_DONE { return nil }
+            throw self.sqliteError(db, context: "SQLite device auth read failed")
+        } catch {
+            self.logger.warning("SQLite device auth read failed: \(error.localizedDescription, privacy: .public)")
+            return nil
+        }
+    }
+
+    public static func readLatestDeviceAuthDeviceId() -> String? {
+        do {
+            let db = try self.openStateDatabase()
+            defer { sqlite3_close(db) }
+            let sql = """
+                SELECT device_id
+                FROM device_auth_tokens
+                ORDER BY updated_at_ms DESC, device_id ASC
+                LIMIT 1
+                """
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            let status = sqlite3_step(statement)
+            if status == SQLITE_ROW { return self.columnString(statement, index: 0) }
+            if status == SQLITE_DONE { return nil }
+            throw self.sqliteError(db, context: "SQLite device auth latest-device read failed")
+        } catch {
+            self.logger.warning(
+                "SQLite device auth latest-device read failed: \(error.localizedDescription, privacy: .public)")
+            return nil
+        }
+    }
+
+    public static func upsertDeviceAuthToken(_ row: OpenClawSQLiteDeviceAuthTokenRow) throws {
+        try self.withWriteTransaction { db in
+            let sql = """
+                INSERT INTO device_auth_tokens (device_id, role, token, scopes_json, updated_at_ms)
+                VALUES (?, ?, ?, ?, ?)
+                ON CONFLICT(device_id, role) DO UPDATE SET
+                  token = excluded.token,
+                  scopes_json = excluded.scopes_json,
+                  updated_at_ms = excluded.updated_at_ms
+                """
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            self.bindText(statement, index: 1, value: row.deviceId)
+            self.bindText(statement, index: 2, value: row.role)
+            self.bindText(statement, index: 3, value: row.token)
+            self.bindText(statement, index: 4, value: row.scopesJSON)
+            sqlite3_bind_int64(statement, 5, Int64(row.updatedAtMs))
+            guard sqlite3_step(statement) == SQLITE_DONE else {
+                throw self.sqliteError(db, context: "SQLite device auth write failed")
+            }
+        }
+    }
+
+    public static func deleteDeviceAuthToken(deviceId: String, role: String) throws {
+        try self.withWriteTransaction { db in
+            let sql = "DELETE FROM device_auth_tokens WHERE device_id = ? AND role = ?"
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            self.bindText(statement, index: 1, value: deviceId)
+            self.bindText(statement, index: 2, value: role)
+            guard sqlite3_step(statement) == SQLITE_DONE else {
+                throw self.sqliteError(db, context: "SQLite device auth delete failed")
+            }
+        }
+    }
+
+    public static func deleteAllDeviceAuthTokens() throws {
+        try self.withWriteTransaction { db in
+            try self.exec(db, "DELETE FROM device_auth_tokens")
+        }
+    }
+
+    public static func execApprovalsLocationForDisplay(configKey: String = "current") -> String {
+        self.tableLocationForDisplay(table: "exec_approvals_config", key: configKey)
+    }
+
+    public static func readExecApprovalsRaw(configKey: String = "current") -> String? {
+        do {
+            let db = try self.openStateDatabase()
+            defer { sqlite3_close(db) }
+            let sql = "SELECT raw_json FROM exec_approvals_config WHERE config_key = ?"
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            self.bindText(statement, index: 1, value: configKey)
+            let status = sqlite3_step(statement)
+            if status == SQLITE_ROW { return self.columnString(statement, index: 0) }
+            if status == SQLITE_DONE { return nil }
+            throw self.sqliteError(db, context: "SQLite exec approvals read failed")
+        } catch {
+            self.logger.warning("SQLite exec approvals read failed: \(error.localizedDescription, privacy: .public)")
+            return nil
+        }
+    }
+
+    public static func writeExecApprovalsConfig(
+        configKey: String = "current",
+        rawJSON: String,
+        socketPath: String?,
+        hasSocketToken: Bool,
+        defaultSecurity: String?,
+        defaultAsk: String?,
+        defaultAskFallback: String?,
+        autoAllowSkills: Bool?,
+        agentCount: Int,
+        allowlistCount: Int,
+        updatedAtMs: Int = Int(Date().timeIntervalSince1970 * 1000)) throws
+    {
+        try self.withWriteTransaction { db in
+            let sql = """
+                INSERT INTO exec_approvals_config (
+                  config_key, raw_json, socket_path, has_socket_token, default_security,
+                  default_ask, default_ask_fallback, auto_allow_skills,
+                  agent_count, allowlist_count, updated_at_ms
+                )
+                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+                ON CONFLICT(config_key) DO UPDATE SET
+                  raw_json = excluded.raw_json,
+                  socket_path = excluded.socket_path,
+                  has_socket_token = excluded.has_socket_token,
+                  default_security = excluded.default_security,
+                  default_ask = excluded.default_ask,
+                  default_ask_fallback = excluded.default_ask_fallback,
+                  auto_allow_skills = excluded.auto_allow_skills,
+                  agent_count = excluded.agent_count,
+                  allowlist_count = excluded.allowlist_count,
+                  updated_at_ms = excluded.updated_at_ms
+                """
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            self.bindText(statement, index: 1, value: configKey)
+            self.bindText(statement, index: 2, value: rawJSON)
+            self.bindNullableText(statement, index: 3, value: socketPath)
+            sqlite3_bind_int(statement, 4, hasSocketToken ? 1 : 0)
+            self.bindNullableText(statement, index: 5, value: defaultSecurity)
+            self.bindNullableText(statement, index: 6, value: defaultAsk)
+            self.bindNullableText(statement, index: 7, value: defaultAskFallback)
+            if let autoAllowSkills {
+                sqlite3_bind_int(statement, 8, autoAllowSkills ? 1 : 0)
+            } else {
+                sqlite3_bind_null(statement, 8)
+            }
+            sqlite3_bind_int(statement, 9, Int32(agentCount))
+            sqlite3_bind_int(statement, 10, Int32(allowlistCount))
+            sqlite3_bind_int64(statement, 11, Int64(updatedAtMs))
+            guard sqlite3_step(statement) == SQLITE_DONE else {
+                throw self.sqliteError(db, context: "SQLite exec approvals write failed")
+            }
+        }
+    }
+
+    public static func readConfigHealthState() -> [String: Any] {
+        do {
+            let db = try self.openStateDatabase()
+            defer { sqlite3_close(db) }
+            let sql = """
+                SELECT config_path, last_known_good_json, last_promoted_good_json, last_observed_suspicious_signature
+                FROM config_health_entries
+                ORDER BY config_path ASC
+                """
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            var entries: [String: Any] = [:]
+            while true {
+                let status = sqlite3_step(statement)
+                if status == SQLITE_DONE { break }
+                guard status == SQLITE_ROW, let configPath = self.columnString(statement, index: 0) else {
+                    throw self.sqliteError(db, context: "SQLite config health read failed")
+                }
+                var entry: [String: Any] = [:]
+                if let lastKnownGood = self.columnJSONDictionary(statement, index: 1) {
+                    entry["lastKnownGood"] = lastKnownGood
+                }
+                if let lastPromotedGood = self.columnJSONDictionary(statement, index: 2) {
+                    entry["lastPromotedGood"] = lastPromotedGood
+                }
+                if let signature = self.columnString(statement, index: 3) {
+                    entry["lastObservedSuspiciousSignature"] = signature
+                }
+                entries[configPath] = entry
+            }
+            return entries.isEmpty ? [:] : ["entries": entries]
+        } catch {
+            self.logger.warning("SQLite config health read failed: \(error.localizedDescription, privacy: .public)")
+            return [:]
+        }
+    }
+
+    public static func writeConfigHealthState(_ state: [String: Any]) throws {
+        let entries = state["entries"] as? [String: Any] ?? [:]
+        let updatedAtMs = Int(Date().timeIntervalSince1970 * 1000)
+        try self.withWriteTransaction { db in
+            try self.exec(db, "DELETE FROM config_health_entries")
+            for (configPath, rawEntry) in entries {
+                guard let entry = rawEntry as? [String: Any] else { continue }
+                try self.insertConfigHealthEntry(
+                    db,
+                    configPath: configPath,
+                    entry: entry,
+                    updatedAtMs: updatedAtMs)
+            }
+        }
+    }
+
+    public static func readPortGuardianRecords() -> [OpenClawSQLitePortGuardianRecord] {
+        do {
+            let db = try self.openStateDatabase()
+            defer { sqlite3_close(db) }
+            let sql = """
+                SELECT port, pid, command, mode, timestamp
+                FROM macos_port_guardian_records
+                ORDER BY timestamp ASC, pid ASC
+                """
+            var statement: OpaquePointer?
+            try self.prepare(db, sql, &statement)
+            defer { sqlite3_finalize(statement) }
+            var rows: [OpenClawSQLitePortGuardianRecord] = []
+            while true {
+                let status = sqlite3_step(statement)
+                if status == SQLITE_DONE { break }
+                guard status == SQLITE_ROW else {
+                    throw self.sqliteError(db, context: "SQLite port guardian read failed")
+                }
+                guard let command = self.columnString(statement, index: 2),
+                      let mode = self.columnString(statement, index: 3)
+                else { continue }
+                rows.append(OpenClawSQLitePortGuardianRecord(
+                    port: Int(sqlite3_column_int(statement, 0)),
+                    pid: sqlite3_column_int(statement, 1),
+                    command: command,
+                    mode: mode,
+                    timestamp: sqlite3_column_double(statement, 4)))
+            }
+            return rows
+        } catch {
+            self.logger.warning("SQLite port guardian read failed: \(error.localizedDescription, privacy: .public)")
+            return []
+        }
+    }
+
+    public static func replacePortGuardianRecords(_ records: [OpenClawSQLitePortGuardianRecord]) throws {
+        try self.withWriteTransaction { db in
+            try self.exec(db, "DELETE FROM macos_port_guardian_records")
+            for record in records {
+                try self.insertPortGuardianRecord(db, record)
+            }
+        }
+    }
+
+    private static func openStateDatabase() throws -> OpaquePointer? {
+        self.ensureSecureStateDirectory()
+        let url = self.databaseURL()
+        try FileManager().createDirectory(
+            at: url.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        try? FileManager().setAttributes(
+            [.posixPermissions: self.secureStateDirPermissions],
+            ofItemAtPath: url.deletingLastPathComponent().path)
+
+        var db: OpaquePointer?
+        guard sqlite3_open_v2(url.path, &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, nil) == SQLITE_OK
+        else {
+            defer { sqlite3_close(db) }
+            throw self.sqliteError(db, context: "SQLite state open failed")
+        }
+        sqlite3_busy_timeout(db, 30_000)
+        try self.configureStateDatabase(db)
+        self.hardenStateDatabaseFiles()
+        return db
+    }
+
+    private static func configureStateDatabase(_ db: OpaquePointer?) throws {
+        try self.exec(db, "PRAGMA journal_mode = WAL")
+        try self.exec(db, "PRAGMA synchronous = NORMAL")
+        try self.exec(db, "PRAGMA busy_timeout = 30000")
+        try self.exec(db, "PRAGMA foreign_keys = ON")
+        try self.exec(
+            db,
+            """
+            CREATE TABLE IF NOT EXISTS device_identities (
+              identity_key TEXT NOT NULL PRIMARY KEY,
+              device_id TEXT NOT NULL,
+              public_key_pem TEXT NOT NULL,
+              private_key_pem TEXT NOT NULL,
+              created_at_ms INTEGER NOT NULL,
+              updated_at_ms INTEGER NOT NULL
+            )
+            """)
+        try self.exec(
+            db,
+            "CREATE INDEX IF NOT EXISTS idx_device_identities_device ON device_identities(device_id, updated_at_ms DESC)")
+        try self.exec(
+            db,
+            """
+            CREATE TABLE IF NOT EXISTS device_auth_tokens (
+              device_id TEXT NOT NULL,
+              role TEXT NOT NULL,
+              token TEXT NOT NULL,
+              scopes_json TEXT NOT NULL,
+              updated_at_ms INTEGER NOT NULL,
+              PRIMARY KEY (device_id, role)
+            )
+            """)
+        try self.exec(
+            db,
+            "CREATE INDEX IF NOT EXISTS idx_device_auth_tokens_updated ON device_auth_tokens(updated_at_ms DESC, device_id, role)")
+        try self.exec(
+            db,
+            """
+            CREATE TABLE IF NOT EXISTS exec_approvals_config (
+              config_key TEXT NOT NULL PRIMARY KEY,
+              raw_json TEXT NOT NULL,
+              socket_path TEXT,
+              has_socket_token INTEGER NOT NULL,
+              default_security TEXT,
+              default_ask TEXT,
+              default_ask_fallback TEXT,
+              auto_allow_skills INTEGER,
+              agent_count INTEGER NOT NULL,
+              allowlist_count INTEGER NOT NULL,
+              updated_at_ms INTEGER NOT NULL
+            )
+            """)
+        try self.exec(
+            db,
+            """
+            CREATE TABLE IF NOT EXISTS macos_port_guardian_records (
+              pid INTEGER NOT NULL PRIMARY KEY,
+              port INTEGER NOT NULL,
+              command TEXT NOT NULL,
+              mode TEXT NOT NULL,
+              timestamp REAL NOT NULL
+            )
+            """)
+        try self.exec(
+            db,
+            "CREATE INDEX IF NOT EXISTS idx_macos_port_guardian_records_port ON macos_port_guardian_records(port, timestamp DESC)")
+        try self.exec(
+            db,
+            """
+            CREATE TABLE IF NOT EXISTS config_health_entries (
+              config_path TEXT NOT NULL PRIMARY KEY,
+              last_known_good_json TEXT,
+              last_promoted_good_json TEXT,
+              last_observed_suspicious_signature TEXT,
+              updated_at_ms INTEGER NOT NULL
+            )
+            """)
+    }
+
+    private static func prepare(_ db: OpaquePointer?, _ sql: String, _ statement: inout OpaquePointer?) throws {
+        guard sqlite3_prepare_v2(db, sql, -1, &statement, nil) == SQLITE_OK else {
+            throw self.sqliteError(db, context: "SQLite state prepare failed")
+        }
+    }
+
+    private static func insertPortGuardianRecord(
+        _ db: OpaquePointer?,
+        _ record: OpenClawSQLitePortGuardianRecord) throws
+    {
+        let sql = """
+            INSERT INTO macos_port_guardian_records (pid, port, command, mode, timestamp)
+            VALUES (?, ?, ?, ?, ?)
+            """
+        var statement: OpaquePointer?
+        try self.prepare(db, sql, &statement)
+        defer { sqlite3_finalize(statement) }
+        sqlite3_bind_int(statement, 1, record.pid)
+        sqlite3_bind_int(statement, 2, Int32(record.port))
+        self.bindText(statement, index: 3, value: record.command)
+        self.bindText(statement, index: 4, value: record.mode)
+        sqlite3_bind_double(statement, 5, record.timestamp)
+        guard sqlite3_step(statement) == SQLITE_DONE else {
+            throw self.sqliteError(db, context: "SQLite port guardian write failed")
+        }
+    }
+
+    private static func exec(_ db: OpaquePointer?, _ sql: String) throws {
+        var errorMessage: UnsafeMutablePointer<CChar>?
+        if sqlite3_exec(db, sql, nil, nil, &errorMessage) != SQLITE_OK {
+            let message = errorMessage.map { String(cString: $0) }
+            sqlite3_free(errorMessage)
+            throw NSError(
+                domain: "OpenClawSQLiteStateStore",
+                code: Int(sqlite3_errcode(db)),
+                userInfo: [
+                    NSLocalizedDescriptionKey: message ?? sqlite3ErrorMessage(db),
+                ])
+        }
+    }
+
+    private static func bindText(_ statement: OpaquePointer?, index: Int32, value: String) {
+        let transient = unsafeBitCast(-1, to: sqlite3_destructor_type.self)
+        sqlite3_bind_text(statement, index, value, -1, transient)
+    }
+
+    private static func bindNullableText(_ statement: OpaquePointer?, index: Int32, value: String?) {
+        guard let value else {
+            sqlite3_bind_null(statement, index)
+            return
+        }
+        self.bindText(statement, index: index, value: value)
+    }
+
+    private static func columnString(_ statement: OpaquePointer?, index: Int32) -> String? {
+        guard let raw = sqlite3_column_text(statement, index) else { return nil }
+        return String(cString: UnsafeRawPointer(raw).assumingMemoryBound(to: CChar.self))
+    }
+
+    private static func columnJSONDictionary(_ statement: OpaquePointer?, index: Int32) -> [String: Any]? {
+        guard let raw = self.columnString(statement, index: index),
+              let data = raw.data(using: .utf8),
+              let object = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
+        else { return nil }
+        return object
+    }
+
+    private static func jsonString(_ value: Any?) -> String? {
+        guard let value, !(value is NSNull), JSONSerialization.isValidJSONObject(value),
+              let data = try? JSONSerialization.data(withJSONObject: value, options: [.sortedKeys])
+        else { return nil }
+        return String(data: data, encoding: .utf8)
+    }
+
+    private static func insertConfigHealthEntry(
+        _ db: OpaquePointer?,
+        configPath: String,
+        entry: [String: Any],
+        updatedAtMs: Int) throws
+    {
+        let sql = """
+            INSERT INTO config_health_entries (
+              config_path, last_known_good_json, last_promoted_good_json,
+              last_observed_suspicious_signature, updated_at_ms
+            )
+            VALUES (?, ?, ?, ?, ?)
+            """
+        var statement: OpaquePointer?
+        try self.prepare(db, sql, &statement)
+        defer { sqlite3_finalize(statement) }
+        self.bindText(statement, index: 1, value: configPath)
+        self.bindNullableText(statement, index: 2, value: self.jsonString(entry["lastKnownGood"]))
+        self.bindNullableText(statement, index: 3, value: self.jsonString(entry["lastPromotedGood"]))
+        self.bindNullableText(
+            statement,
+            index: 4,
+            value: entry["lastObservedSuspiciousSignature"] as? String)
+        sqlite3_bind_int64(statement, 5, Int64(updatedAtMs))
+        guard sqlite3_step(statement) == SQLITE_DONE else {
+            throw self.sqliteError(db, context: "SQLite config health write failed")
+        }
+    }
+
+    private static func withWriteTransaction(_ body: (OpaquePointer?) throws -> Void) throws {
+        let db = try self.openStateDatabase()
+        defer { sqlite3_close(db) }
+
+        try self.exec(db, "BEGIN IMMEDIATE")
+        do {
+            try body(db)
+            try self.exec(db, "COMMIT")
+        } catch {
+            try? self.exec(db, "ROLLBACK")
+            throw error
+        }
+        self.hardenStateDatabaseFiles()
+    }
+
+    private static func sqliteError(_ db: OpaquePointer?, context: String) -> NSError {
+        NSError(
+            domain: "OpenClawSQLiteStateStore",
+            code: Int(sqlite3_errcode(db)),
+            userInfo: [
+                NSLocalizedDescriptionKey: "\(context): \(self.sqlite3ErrorMessage(db))",
+            ])
+    }
+
+    private static func sqlite3ErrorMessage(_ db: OpaquePointer?) -> String {
+        guard let message = sqlite3_errmsg(db) else {
+            return "unknown SQLite error"
+        }
+        return String(cString: message)
+    }
+
+    private static func hardenStateDatabaseFiles() {
+        let path = self.databaseURL().path
+        for suffix in ["", "-wal", "-shm"] {
+            let candidate = "\(path)\(suffix)"
+            if FileManager().fileExists(atPath: candidate) {
+                try? FileManager().setAttributes([.posixPermissions: 0o600], ofItemAtPath: candidate)
+            }
+        }
+    }
+
+    private static func ensureSecureStateDirectory() {
+        let url = DeviceIdentityPaths.stateDirURL()
+        do {
+            try FileManager().createDirectory(at: url, withIntermediateDirectories: true)
+            try FileManager().setAttributes(
+                [.posixPermissions: self.secureStateDirPermissions],
+                ofItemAtPath: url.path)
+        } catch {
+            self.logger.warning(
+                "SQLite state dir permission hardening failed: \(error.localizedDescription, privacy: .public)")
+        }
+    }
+}

apps/shared/OpenClawKit/Sources/OpenClawKit/Resources/tool-display.json

@@ -389,6 +389,15 @@
         "plan.0.step"
       ]
     },
+    "skill_workshop": {
+      "emoji": "🧰",
+      "title": "Skill Workshop",
+      "detailKeys": [
+        "action",
+        "name",
+        "proposal_id"
+      ]
+    },
     "gateway": {
       "emoji": "🔌",
       "title": "Gateway",

apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift

@@ -5276,6 +5276,334 @@ public struct SkillsDetailResult: Codable, Sendable {
     }
 }
 
+public struct SkillsProposalsListParams: Codable, Sendable {
+    public let agentid: String?
+
+    public init(
+        agentid: String? = nil)
+    {
+        self.agentid = agentid
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case agentid = "agentId"
+    }
+}
+
+public struct SkillsProposalsListResult: Codable, Sendable {
+    public let schema: String
+    public let updatedat: String
+    public let proposals: [[String: AnyCodable]]
+
+    public init(
+        schema: String,
+        updatedat: String,
+        proposals: [[String: AnyCodable]])
+    {
+        self.schema = schema
+        self.updatedat = updatedat
+        self.proposals = proposals
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case schema
+        case updatedat = "updatedAt"
+        case proposals
+    }
+}
+
+public struct SkillsProposalInspectParams: Codable, Sendable {
+    public let agentid: String?
+    public let proposalid: String
+
+    public init(
+        agentid: String? = nil,
+        proposalid: String)
+    {
+        self.agentid = agentid
+        self.proposalid = proposalid
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case agentid = "agentId"
+        case proposalid = "proposalId"
+    }
+}
+
+public struct SkillsProposalInspectResult: Codable, Sendable {
+    public let record: SkillsProposalRecordResult
+    public let content: String
+    public let supportfiles: [[String: AnyCodable]]?
+
+    public init(
+        record: SkillsProposalRecordResult,
+        content: String,
+        supportfiles: [[String: AnyCodable]]?)
+    {
+        self.record = record
+        self.content = content
+        self.supportfiles = supportfiles
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case record
+        case content
+        case supportfiles = "supportFiles"
+    }
+}
+
+public struct SkillsProposalCreateParams: Codable, Sendable {
+    public let agentid: String?
+    public let name: String
+    public let description: String
+    public let content: String
+    public let supportfiles: [[String: AnyCodable]]?
+    public let goal: String?
+    public let evidence: String?
+
+    public init(
+        agentid: String? = nil,
+        name: String,
+        description: String,
+        content: String,
+        supportfiles: [[String: AnyCodable]]?,
+        goal: String?,
+        evidence: String?)
+    {
+        self.agentid = agentid
+        self.name = name
+        self.description = description
+        self.content = content
+        self.supportfiles = supportfiles
+        self.goal = goal
+        self.evidence = evidence
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case agentid = "agentId"
+        case name
+        case description
+        case content
+        case supportfiles = "supportFiles"
+        case goal
+        case evidence
+    }
+}
+
+public struct SkillsProposalUpdateParams: Codable, Sendable {
+    public let agentid: String?
+    public let skillname: String
+    public let description: String?
+    public let content: String
+    public let supportfiles: [[String: AnyCodable]]?
+    public let goal: String?
+    public let evidence: String?
+
+    public init(
+        agentid: String? = nil,
+        skillname: String,
+        description: String?,
+        content: String,
+        supportfiles: [[String: AnyCodable]]?,
+        goal: String?,
+        evidence: String?)
+    {
+        self.agentid = agentid
+        self.skillname = skillname
+        self.description = description
+        self.content = content
+        self.supportfiles = supportfiles
+        self.goal = goal
+        self.evidence = evidence
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case agentid = "agentId"
+        case skillname = "skillName"
+        case description
+        case content
+        case supportfiles = "supportFiles"
+        case goal
+        case evidence
+    }
+}
+
+public struct SkillsProposalReviseParams: Codable, Sendable {
+    public let agentid: String?
+    public let proposalid: String
+    public let content: String
+    public let supportfiles: [[String: AnyCodable]]?
+    public let description: String?
+    public let goal: String?
+    public let evidence: String?
+
+    public init(
+        agentid: String? = nil,
+        proposalid: String,
+        content: String,
+        supportfiles: [[String: AnyCodable]]?,
+        description: String?,
+        goal: String?,
+        evidence: String?)
+    {
+        self.agentid = agentid
+        self.proposalid = proposalid
+        self.content = content
+        self.supportfiles = supportfiles
+        self.description = description
+        self.goal = goal
+        self.evidence = evidence
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case agentid = "agentId"
+        case proposalid = "proposalId"
+        case content
+        case supportfiles = "supportFiles"
+        case description
+        case goal
+        case evidence
+    }
+}
+
+public struct SkillsProposalActionParams: Codable, Sendable {
+    public let agentid: String?
+    public let proposalid: String
+    public let reason: String?
+
+    public init(
+        agentid: String? = nil,
+        proposalid: String,
+        reason: String?)
+    {
+        self.agentid = agentid
+        self.proposalid = proposalid
+        self.reason = reason
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case agentid = "agentId"
+        case proposalid = "proposalId"
+        case reason
+    }
+}
+
+public struct SkillsProposalApplyResult: Codable, Sendable {
+    public let record: SkillsProposalRecordResult
+    public let targetskillfile: String
+
+    public init(
+        record: SkillsProposalRecordResult,
+        targetskillfile: String)
+    {
+        self.record = record
+        self.targetskillfile = targetskillfile
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case record
+        case targetskillfile = "targetSkillFile"
+    }
+}
+
+public struct SkillsProposalRecordResult: Codable, Sendable {
+    public let schema: String
+    public let id: String
+    public let kind: AnyCodable
+    public let status: AnyCodable
+    public let title: String
+    public let description: String
+    public let createdat: String
+    public let updatedat: String
+    public let createdby: AnyCodable
+    public let proposedversion: String
+    public let draftfile: String
+    public let drafthash: String
+    public let supportfiles: [[String: AnyCodable]]?
+    public let target: [String: AnyCodable]
+    public let scan: [String: AnyCodable]
+    public let goal: String?
+    public let evidence: String?
+    public let appliedat: String?
+    public let rejectedat: String?
+    public let quarantinedat: String?
+    public let staleat: String?
+    public let statusreason: String?
+
+    public init(
+        schema: String,
+        id: String,
+        kind: AnyCodable,
+        status: AnyCodable,
+        title: String,
+        description: String,
+        createdat: String,
+        updatedat: String,
+        createdby: AnyCodable,
+        proposedversion: String,
+        draftfile: String,
+        drafthash: String,
+        supportfiles: [[String: AnyCodable]]?,
+        target: [String: AnyCodable],
+        scan: [String: AnyCodable],
+        goal: String?,
+        evidence: String?,
+        appliedat: String?,
+        rejectedat: String?,
+        quarantinedat: String?,
+        staleat: String?,
+        statusreason: String?)
+    {
+        self.schema = schema
+        self.id = id
+        self.kind = kind
+        self.status = status
+        self.title = title
+        self.description = description
+        self.createdat = createdat
+        self.updatedat = updatedat
+        self.createdby = createdby
+        self.proposedversion = proposedversion
+        self.draftfile = draftfile
+        self.drafthash = drafthash
+        self.supportfiles = supportfiles
+        self.target = target
+        self.scan = scan
+        self.goal = goal
+        self.evidence = evidence
+        self.appliedat = appliedat
+        self.rejectedat = rejectedat
+        self.quarantinedat = quarantinedat
+        self.staleat = staleat
+        self.statusreason = statusreason
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case schema
+        case id
+        case kind
+        case status
+        case title
+        case description
+        case createdat = "createdAt"
+        case updatedat = "updatedAt"
+        case createdby = "createdBy"
+        case proposedversion = "proposedVersion"
+        case draftfile = "draftFile"
+        case drafthash = "draftHash"
+        case supportfiles = "supportFiles"
+        case target
+        case scan
+        case goal
+        case evidence
+        case appliedat = "appliedAt"
+        case rejectedat = "rejectedAt"
+        case quarantinedat = "quarantinedAt"
+        case staleat = "staleAt"
+        case statusreason = "statusReason"
+    }
+}
+
 public struct SkillsSecurityVerdictsParams: Codable, Sendable {
     public let agentid: String?
 
@@ -6552,6 +6880,54 @@ public struct ChatHistoryParams: Codable, Sendable {
     }
 }
 
+public struct ChatMessageGetParams: Codable, Sendable {
+    public let sessionkey: String
+    public let agentid: String?
+    public let messageid: String
+    public let maxchars: Int?
+
+    public init(
+        sessionkey: String,
+        agentid: String? = nil,
+        messageid: String,
+        maxchars: Int?)
+    {
+        self.sessionkey = sessionkey
+        self.agentid = agentid
+        self.messageid = messageid
+        self.maxchars = maxchars
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case sessionkey = "sessionKey"
+        case agentid = "agentId"
+        case messageid = "messageId"
+        case maxchars = "maxChars"
+    }
+}
+
+public struct ChatMessageGetResult: Codable, Sendable {
+    public let ok: Bool
+    public let message: AnyCodable?
+    public let unavailablereason: AnyCodable?
+
+    public init(
+        ok: Bool,
+        message: AnyCodable?,
+        unavailablereason: AnyCodable?)
+    {
+        self.ok = ok
+        self.message = message
+        self.unavailablereason = unavailablereason
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case ok
+        case message
+        case unavailablereason = "unavailableReason"
+    }
+}
+
 public struct ChatSendParams: Codable, Sendable {
     public let sessionkey: String
     public let agentid: String?

apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatViewModelTests.swift

@@ -396,7 +396,7 @@ private final class TestChatTransport: @unchecked Sendable, OpenClawChatTranspor
         }
         return self.sessionsResponses.last ?? OpenClawChatSessionsListResponse(
             ts: nil,
-            path: nil,
+            databasePath: nil,
             count: 0,
             defaults: nil,
             sessions: [])
@@ -1226,7 +1226,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 4,
             defaults: nil,
             sessions: [
@@ -1250,7 +1250,7 @@ extension TestChatTransportState {
         let history = historyPayload(sessionKey: "custom", sessionId: "sess-custom")
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: nil,
             sessions: [
@@ -1275,7 +1275,7 @@ extension TestChatTransportState {
         let history = historyPayload(sessionKey: "Luke’s MacBook Pro", sessionId: "sess-main")
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 2,
             defaults: OpenClawChatSessionsDefaults(
                 model: nil,
@@ -1323,7 +1323,7 @@ extension TestChatTransportState {
         let history = historyPayload(sessionKey: "agent:main:main", sessionId: "sess-main")
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 2,
             defaults: OpenClawChatSessionsDefaults(
                 model: nil,
@@ -1656,7 +1656,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: OpenClawChatSessionsDefaults(model: "openai/gpt-4.1-mini", contextTokens: nil),
             sessions: [
@@ -1684,7 +1684,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: OpenClawChatSessionsDefaults(model: "openai/gpt-4.1-mini", contextTokens: nil),
             sessions: [
@@ -1717,7 +1717,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: OpenClawChatSessionsDefaults(model: "openrouter/gpt-4.1-mini", contextTokens: nil),
             sessions: [
@@ -1750,7 +1750,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: nil,
             sessions: [
@@ -1783,7 +1783,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: nil,
             sessions: [
@@ -1826,7 +1826,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: nil,
             sessions: [
@@ -1879,7 +1879,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: nil,
             sessions: [
@@ -1929,7 +1929,7 @@ extension TestChatTransportState {
         let history = historyPayload()
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: nil,
             sessions: [
@@ -1977,7 +1977,7 @@ extension TestChatTransportState {
         let now = Date().timeIntervalSince1970 * 1000
         let sessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 2,
             defaults: nil,
             sessions: [
@@ -2022,7 +2022,7 @@ extension TestChatTransportState {
         let now = Date().timeIntervalSince1970 * 1000
         let initialSessions = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 2,
             defaults: nil,
             sessions: [
@@ -2031,7 +2031,7 @@ extension TestChatTransportState {
             ])
         let sessionsAfterOtherSelection = OpenClawChatSessionsListResponse(
             ts: now,
-            path: nil,
+            databasePath: nil,
             count: 2,
             defaults: nil,
             sessions: [
@@ -2189,10 +2189,10 @@ extension TestChatTransportState {
             thinkingLevel: "adaptive")
         let sessions = OpenClawChatSessionsListResponse(
             ts: 1,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: OpenClawChatSessionsDefaults(
-                modelProvider: "openai-codex",
+                modelProvider: "openai",
                 model: "gpt-5.5",
                 contextTokens: nil,
                 thinkingLevels: [
@@ -2252,7 +2252,7 @@ extension TestChatTransportState {
             thinkingLevel: "xhigh")
         let sessions = OpenClawChatSessionsListResponse(
             ts: 1,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: nil,
             sessions: [
@@ -2300,7 +2300,7 @@ extension TestChatTransportState {
             thinkingLevel: "adaptive")
         let sessions = OpenClawChatSessionsListResponse(
             ts: 1,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: OpenClawChatSessionsDefaults(
                 modelProvider: "anthropic",
@@ -2356,7 +2356,7 @@ extension TestChatTransportState {
             thinkingLevel: "max")
         let sessions = OpenClawChatSessionsListResponse(
             ts: 1,
-            path: nil,
+            databasePath: nil,
             count: 1,
             defaults: OpenClawChatSessionsDefaults(
                 modelProvider: "anthropic",

apps/shared/OpenClawKit/Tests/OpenClawKitTests/DeviceIdentityStoreTests.swift

@@ -5,68 +5,419 @@ import Testing
 
 @Suite(.serialized)
 struct DeviceIdentityStoreTests {
-    @Test("loads TypeScript PEM identity schema without rewriting or regenerating")
-    func loadsTypeScriptPEMIdentitySchema() throws {
-        let tempDir = FileManager.default.temporaryDirectory
-            .appendingPathComponent(UUID().uuidString, isDirectory: true)
-        let identityURL = tempDir
-            .appendingPathComponent("identity", isDirectory: true)
-            .appendingPathComponent("device.json", isDirectory: false)
-        defer { try? FileManager.default.removeItem(at: tempDir) }
-        try FileManager.default.createDirectory(
-            at: identityURL.deletingLastPathComponent(),
-            withIntermediateDirectories: true)
-        let stored = try Self.identityJSON(
-            publicKeyPem: Self.pem(
-                label: "PUBLIC KEY",
-                body: "MCowBQYDK2VwAyEAA6EHv/POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg="),
-            privateKeyPem: Self.pem(
-                label: "PRIVATE KEY",
-                body: "MC4CAQAwBQYDK2VwBCIEIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4f"))
-        try stored.write(to: identityURL, atomically: true, encoding: .utf8)
-        let before = try String(contentsOf: identityURL, encoding: .utf8)
+    @Test("persists generated device identity in SQLite without JSON sidecars")
+    func persistsGeneratedIdentityInSQLite() throws {
+        try Self.withTempStateDir { stateDir in
+            let identity = DeviceIdentityStore.loadOrCreate()
+            let loaded = DeviceIdentityStore.loadOrCreate()
 
-        let identity = DeviceIdentityStore.loadOrCreate(fileURL: identityURL)
+            #expect(loaded.deviceId == identity.deviceId)
+            #expect(loaded.publicKey == identity.publicKey)
+            #expect(FileManager.default.fileExists(atPath: Self.databaseURL(stateDir: stateDir).path))
+            #expect(!FileManager.default.fileExists(atPath: Self.legacyIdentityURL(stateDir: stateDir).path))
 
-        #expect(identity.deviceId == "56475aa75463474c0285df5dbf2bcab73da651358839e9b77481b2eab107708c")
-        #expect(identity.publicKey == "A6EHv/POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg=")
-        #expect(identity.privateKey == "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=")
-        #expect(DeviceIdentityStore.publicKeyBase64Url(identity) == "A6EHv_POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg")
-        let signature = try #require(DeviceIdentityStore.signPayload("hello", identity: identity))
-        let publicKeyData = try #require(Data(base64Encoded: identity.publicKey))
-        let signatureData = try #require(Self.base64UrlDecode(signature))
-        let publicKey = try Curve25519.Signing.PublicKey(rawRepresentation: publicKeyData)
-        #expect(publicKey.isValidSignature(signatureData, for: Data("hello".utf8)))
-        #expect(try String(contentsOf: identityURL, encoding: .utf8) == before)
+            let stored = try #require(OpenClawSQLiteStateStore.readDeviceIdentity())
+            #expect(stored.deviceId == identity.deviceId)
+            #expect(stored.publicKeyPem.contains("BEGIN PUBLIC KEY"))
+            #expect(stored.privateKeyPem.contains(Self.privateKeyMarker("BEGIN")))
+        }
     }
 
-    @Test("does not overwrite a recognized invalid TypeScript identity schema")
-    func preservesInvalidTypeScriptPEMIdentitySchema() throws {
+    @Test("surfaces SQLite identity read failures distinctly from missing rows")
+    func surfacesSQLiteIdentityReadFailures() throws {
+        try Self.withTempStateDir { stateDir in
+            try FileManager.default.createDirectory(
+                at: Self.databaseURL(stateDir: stateDir),
+                withIntermediateDirectories: true)
+
+            #expect(throws: Error.self) {
+                _ = try OpenClawSQLiteStateStore.readDeviceIdentityChecked()
+            }
+        }
+    }
+
+    @Test("loads TypeScript PEM identity schema from SQLite")
+    func loadsTypeScriptPEMIdentitySchema() throws {
+        try Self.withTempStateDir { stateDir in
+            let stored = try Self.identityJSON(
+                publicKeyPem: Self.pem(
+                    label: "PUBLIC KEY",
+                    body: "MCowBQYDK2VwAyEAA6EHv/POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg="),
+                privateKeyPem: Self.pem(
+                    label: "PRIVATE" + " KEY",
+                    body: "MC4CAQAwBQYDK2VwBCIEIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4f"))
+            let object = try #require(try JSONSerialization.jsonObject(with: stored) as? [String: Any])
+            try OpenClawSQLiteStateStore.writeDeviceIdentity(
+                identity: OpenClawSQLiteDeviceIdentityRow(
+                    deviceId: try #require(object["deviceId"] as? String),
+                    publicKeyPem: try #require(object["publicKeyPem"] as? String),
+                    privateKeyPem: try #require(object["privateKeyPem"] as? String),
+                    createdAtMs: try #require(object["createdAtMs"] as? Int)))
+
+            let identity = DeviceIdentityStore.loadOrCreate()
+
+            #expect(identity.deviceId == "56475aa75463474c0285df5dbf2bcab73da651358839e9b77481b2eab107708c")
+            #expect(identity.publicKey == "A6EHv/POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg=")
+            #expect(identity.privateKey == "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=")
+            #expect(DeviceIdentityStore.publicKeyBase64Url(identity) == "A6EHv_POEL4dcN0Y50vAmWfk1jCbpQ1fHdyGZBJVMbg")
+            #expect(!FileManager.default.fileExists(atPath: Self.legacyIdentityURL(stateDir: stateDir).path))
+
+            let signature = try #require(DeviceIdentityStore.signPayload("hello", identity: identity))
+            let publicKeyData = try #require(Data(base64Encoded: identity.publicKey))
+            let signatureData = try #require(Self.base64UrlDecode(signature))
+            let publicKey = try Curve25519.Signing.PublicKey(rawRepresentation: publicKeyData)
+            #expect(publicKey.isValidSignature(signatureData, for: Data("hello".utf8)))
+        }
+    }
+
+    @Test("migrates legacy raw device identity sidecar into SQLite")
+    func migratesLegacyRawIdentitySidecarIntoSQLite() throws {
+        try Self.withTempStateDir { stateDir in
+            let legacyURL = Self.legacyIdentityURL(stateDir: stateDir)
+            try FileManager.default.createDirectory(
+                at: legacyURL.deletingLastPathComponent(),
+                withIntermediateDirectories: true)
+            let legacy = Self.legacyRawIdentity()
+            let data = try JSONEncoder().encode(legacy)
+            try data.write(to: legacyURL)
+
+            #expect(DeviceIdentityStore.legacyIdentityMigrationRequired())
+            let identity = DeviceIdentityStore.loadOrCreate()
+
+            #expect(identity.deviceId == legacy.deviceId)
+            #expect(identity.publicKey == legacy.publicKey)
+            #expect(identity.privateKey == legacy.privateKey)
+            #expect(identity.createdAtMs == legacy.createdAtMs)
+            #expect(!FileManager.default.fileExists(atPath: legacyURL.path))
+
+            let stored = try #require(OpenClawSQLiteStateStore.readDeviceIdentity())
+            #expect(stored.deviceId == legacy.deviceId)
+            #expect(FileManager.default.fileExists(atPath: Self.databaseURL(stateDir: stateDir).path))
+        }
+    }
+
+    @Test("keeps default legacy device state under app support OpenClaw dir")
+    func keepsDefaultLegacyDeviceStateUnderAppSupportOpenClawDir() throws {
+        try Self.withDefaultStateEnvironment {
+            let appSupport = try #require(
+                FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first)
+            let expected = appSupport
+                .appendingPathComponent("OpenClaw", isDirectory: true)
+                .standardizedFileURL
+
+            #expect(DeviceIdentityPaths.legacyStateDirURL().standardizedFileURL == expected)
+        }
+    }
+
+    @Test("stores device auth tokens in SQLite without JSON sidecars")
+    func storesDeviceAuthTokensInSQLite() throws {
+        try Self.withTempStateDir { stateDir in
+            let entry = DeviceAuthStore.storeToken(
+                deviceId: "device-1",
+                role: " gateway ",
+                token: "token-1",
+                scopes: ["write", " read ", "write"])
+
+            #expect(entry.role == "gateway")
+            #expect(entry.scopes == ["read", "write"])
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway")?.token == "token-1")
+            #expect(!FileManager.default.fileExists(atPath: Self.legacyAuthURL(stateDir: stateDir).path))
+
+            let stored = try #require(OpenClawSQLiteStateStore.readDeviceAuthToken(
+                deviceId: "device-1",
+                role: "gateway"))
+            #expect(stored.token == "token-1")
+            #expect(stored.scopesJSON.contains("read"))
+
+            DeviceAuthStore.clearToken(deviceId: "device-1", role: "gateway")
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway") == nil)
+        }
+    }
+
+    @Test("migrates legacy device auth sidecar into SQLite")
+    func migratesLegacyDeviceAuthSidecarIntoSQLite() throws {
+        try Self.withTempStateDir { stateDir in
+            let legacyURL = Self.legacyAuthURL(stateDir: stateDir)
+            try Self.writeLegacyAuthSidecar(
+                legacyURL,
+                deviceId: "device-1",
+                token: "token-1",
+                scopes: ["write", " read ", "write"])
+
+            let entry = try #require(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway"))
+
+            #expect(entry.token == "token-1")
+            #expect(entry.role == "gateway")
+            #expect(entry.scopes == ["read", "write"])
+            #expect(entry.updatedAtMs == 1_700_000_000_000)
+            #expect(!FileManager.default.fileExists(atPath: legacyURL.path))
+            let stored = try #require(OpenClawSQLiteStateStore.readDeviceAuthToken(
+                deviceId: "device-1",
+                role: "gateway"))
+            #expect(stored.token == "token-1")
+        }
+    }
+
+    @Test("ignores Android SecurePrefs token markers in shared SQLite auth rows")
+    func ignoresAndroidSecurePrefsTokenMarkers() throws {
+        try Self.withTempStateDir { _ in
+            try OpenClawSQLiteStateStore.upsertDeviceAuthToken(
+                OpenClawSQLiteDeviceAuthTokenRow(
+                    deviceId: "device-1",
+                    role: "gateway",
+                    token: "__openclaw_secure_prefs__",
+                    scopesJSON: "[]",
+                    updatedAtMs: 1))
+
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway") == nil)
+        }
+    }
+
+    @Test("migrates same-device legacy auth roles before the first SQLite save")
+    func migratesSameDeviceLegacyAuthRolesBeforeFirstSQLiteSave() throws {
+        try Self.withTempStateDir { stateDir in
+            let legacyURL = Self.legacyAuthURL(stateDir: stateDir)
+            try Self.writeLegacyAuthSidecar(
+                legacyURL,
+                deviceId: "device-1",
+                tokens: [
+                    "gateway": ("gateway-token", ["read"]),
+                    "operator": ("old-operator-token", ["operator.read"]),
+                ])
+
+            _ = DeviceAuthStore.storeToken(
+                deviceId: "device-1",
+                role: "operator",
+                token: "operator-token",
+                scopes: ["operator.write"])
+
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway")?.token == "gateway-token")
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-1", role: "operator")?.token == "operator-token")
+            #expect(!FileManager.default.fileExists(atPath: legacyURL.path))
+        }
+    }
+
+    @Test("does not resurrect legacy device auth role after SQLite rows exist")
+    func doesNotResurrectLegacyDeviceAuthRoleAfterSQLiteRowsExist() throws {
+        try Self.withTempStateDir { stateDir in
+            let legacyURL = Self.legacyAuthURL(stateDir: stateDir)
+            _ = DeviceAuthStore.storeToken(
+                deviceId: "device-1",
+                role: "operator",
+                token: "operator-token",
+                scopes: ["operator"])
+
+            try Self.writeLegacyAuthSidecar(
+                legacyURL,
+                deviceId: "device-1",
+                role: "admin",
+                token: "stale-admin-token",
+                scopes: ["admin"])
+
+            _ = DeviceAuthStore.storeToken(
+                deviceId: "device-1",
+                role: "operator",
+                token: "operator-token-2",
+                scopes: ["operator"])
+
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-1", role: "admin") == nil)
+            #expect(OpenClawSQLiteStateStore.readDeviceAuthToken(deviceId: "device-1", role: "admin") == nil)
+            #expect(!FileManager.default.fileExists(atPath: legacyURL.path))
+        }
+    }
+
+    @Test("keeps legacy device auth sidecar when SQLite import fails")
+    func keepsLegacyDeviceAuthSidecarWhenSQLiteImportFails() throws {
+        try Self.withTempStateDir { stateDir in
+            let legacyURL = Self.legacyAuthURL(stateDir: stateDir)
+            try Self.writeLegacyAuthSidecar(
+                legacyURL,
+                deviceId: "device-1",
+                token: "token-1",
+                scopes: ["read"])
+            try FileManager.default.createDirectory(
+                at: Self.databaseURL(stateDir: stateDir),
+                withIntermediateDirectories: true)
+
+            let entry = try #require(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway"))
+            #expect(entry.token == "token-1")
+            #expect(entry.scopes == ["read"])
+            #expect(FileManager.default.fileExists(atPath: legacyURL.path))
+        }
+    }
+
+    @Test("falls back to legacy device auth sidecar when SQLite write fails")
+    func fallsBackToLegacyDeviceAuthSidecarWhenSQLiteWriteFails() throws {
+        try Self.withTempStateDir { stateDir in
+            try FileManager.default.createDirectory(
+                at: Self.databaseURL(stateDir: stateDir),
+                withIntermediateDirectories: true)
+
+            let entry = DeviceAuthStore.storeToken(
+                deviceId: "device-1",
+                role: " gateway ",
+                token: "token-fallback",
+                scopes: ["write"])
+
+            #expect(entry.token == "token-fallback")
+            #expect(entry.role == "gateway")
+            #expect(FileManager.default.fileExists(atPath: Self.legacyAuthURL(stateDir: stateDir).path))
+            let loaded = try #require(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway"))
+            #expect(loaded.token == "token-fallback")
+            #expect(loaded.scopes == ["write"])
+        }
+    }
+
+    @Test("merges legacy device auth sidecar when SQLite write fails")
+    func mergesLegacyDeviceAuthSidecarWhenSQLiteWriteFails() throws {
+        try Self.withTempStateDir { stateDir in
+            let legacyURL = Self.legacyAuthURL(stateDir: stateDir)
+            try Self.writeLegacyAuthSidecar(
+                legacyURL,
+                deviceId: "device-1",
+                token: "gateway-token",
+                scopes: ["read"])
+            try FileManager.default.createDirectory(
+                at: Self.databaseURL(stateDir: stateDir),
+                withIntermediateDirectories: true)
+
+            _ = DeviceAuthStore.storeToken(
+                deviceId: "device-1",
+                role: "operator",
+                token: "operator-token",
+                scopes: ["write"])
+
+            let data = try Data(contentsOf: legacyURL)
+            let root = try #require(JSONSerialization.jsonObject(with: data) as? [String: Any])
+            let tokens = try #require(root["tokens"] as? [String: Any])
+            #expect((tokens["gateway"] as? [String: Any])?["token"] as? String == "gateway-token")
+            #expect((tokens["operator"] as? [String: Any])?["token"] as? String == "operator-token")
+        }
+    }
+
+    @Test("drops stale legacy device auth sidecar when storing a different device")
+    func dropsStaleLegacyDeviceAuthSidecarWhenReplacingDevice() throws {
+        try Self.withTempStateDir { stateDir in
+            let legacyURL = Self.legacyAuthURL(stateDir: stateDir)
+            try Self.writeLegacyAuthSidecar(
+                legacyURL,
+                deviceId: "device-1",
+                token: "stale-token",
+                scopes: ["read"])
+
+            let entry = DeviceAuthStore.storeToken(
+                deviceId: "device-2",
+                role: "gateway",
+                token: "fresh-token",
+                scopes: ["write"])
+
+            #expect(entry.token == "fresh-token")
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-1", role: "gateway") == nil)
+            #expect(DeviceAuthStore.loadToken(deviceId: "device-2", role: "gateway")?.token == "fresh-token")
+            #expect(!FileManager.default.fileExists(atPath: legacyURL.path))
+        }
+    }
+
+    private static func withTempStateDir(_ body: (URL) throws -> Void) throws {
+        let previous = DeviceIdentityPaths.testingStateDirURL
         let tempDir = FileManager.default.temporaryDirectory
             .appendingPathComponent(UUID().uuidString, isDirectory: true)
-        let identityURL = tempDir
+        try FileManager.default.createDirectory(at: tempDir, withIntermediateDirectories: true)
+        DeviceIdentityPaths.testingStateDirURL = tempDir
+        defer {
+            DeviceIdentityPaths.testingStateDirURL = previous
+            try? FileManager.default.removeItem(at: tempDir)
+        }
+        try body(tempDir)
+    }
+
+    private static func withDefaultStateEnvironment(_ body: () throws -> Void) throws {
+        let previousTestingStateDir = DeviceIdentityPaths.testingStateDirURL
+        let previousStateDir = getenv("OPENCLAW_STATE_DIR").map { String(cString: $0) }
+        DeviceIdentityPaths.testingStateDirURL = nil
+        unsetenv("OPENCLAW_STATE_DIR")
+        defer {
+            DeviceIdentityPaths.testingStateDirURL = previousTestingStateDir
+            if let previousStateDir {
+                setenv("OPENCLAW_STATE_DIR", previousStateDir, 1)
+            } else {
+                unsetenv("OPENCLAW_STATE_DIR")
+            }
+        }
+        try body()
+    }
+
+    private static func databaseURL(stateDir: URL) -> URL {
+        stateDir
+            .appendingPathComponent("state", isDirectory: true)
+            .appendingPathComponent("openclaw.sqlite")
+    }
+
+    private static func legacyIdentityURL(stateDir: URL) -> URL {
+        stateDir
             .appendingPathComponent("identity", isDirectory: true)
             .appendingPathComponent("device.json", isDirectory: false)
-        defer { try? FileManager.default.removeItem(at: tempDir) }
+    }
+
+    private static func legacyAuthURL(stateDir: URL) -> URL {
+        stateDir
+            .appendingPathComponent("identity", isDirectory: true)
+            .appendingPathComponent("device-auth.json", isDirectory: false)
+    }
+
+    private static func writeLegacyAuthSidecar(
+        _ legacyURL: URL,
+        deviceId: String,
+        role: String = "gateway",
+        token: String,
+        scopes: [String]) throws
+    {
         try FileManager.default.createDirectory(
-            at: identityURL.deletingLastPathComponent(),
+            at: legacyURL.deletingLastPathComponent(),
             withIntermediateDirectories: true)
-        let stored = """
-            {
-              "version": 1,
-              "deviceId": "stale-device-id",
-              "publicKeyPem": "not-a-valid-public-key",
-              "privateKeyPem": "not-a-valid-private-key",
-              "createdAtMs": 1700000000000
-            }
-            """
-        try stored.write(to: identityURL, atomically: true, encoding: .utf8)
-        let before = try String(contentsOf: identityURL, encoding: .utf8)
+        let legacy = [
+            "version": 1,
+            "deviceId": deviceId,
+            "tokens": [
+                role: [
+                    "token": token,
+                    "role": role,
+                    "scopes": scopes,
+                    "updatedAtMs": 1_700_000_000_000,
+                ],
+            ],
+        ] as [String: Any]
+        let data = try JSONSerialization.data(withJSONObject: legacy, options: [.prettyPrinted, .sortedKeys])
+        try data.write(to: legacyURL)
+    }
 
-        let identity = DeviceIdentityStore.loadOrCreate(fileURL: identityURL)
-
-        #expect(identity.deviceId != "stale-device-id")
-        #expect(try String(contentsOf: identityURL, encoding: .utf8) == before)
+    private static func writeLegacyAuthSidecar(
+        _ legacyURL: URL,
+        deviceId: String,
+        tokens: [String: (token: String, scopes: [String])]) throws
+    {
+        try FileManager.default.createDirectory(
+            at: legacyURL.deletingLastPathComponent(),
+            withIntermediateDirectories: true)
+        let tokenEntries = tokens.map { role, value in
+            (
+                role,
+                [
+                    "token": value.token,
+                    "role": role,
+                    "scopes": value.scopes,
+                    "updatedAtMs": 1_700_000_000_000,
+                ] as [String: Any]
+            )
+        }
+        let tokenObject = Dictionary(uniqueKeysWithValues: tokenEntries)
+        let legacy = [
+            "version": 1,
+            "deviceId": deviceId,
+            "tokens": tokenObject,
+        ] as [String: Any]
+        let data = try JSONSerialization.data(withJSONObject: legacy, options: [.prettyPrinted, .sortedKeys])
+        try data.write(to: legacyURL)
     }
 
     private static func base64UrlDecode(_ value: String) -> Data? {
@@ -77,7 +428,21 @@ struct DeviceIdentityStoreTests {
         return Data(base64Encoded: padded)
     }
 
-    private static func identityJSON(publicKeyPem: String, privateKeyPem: String) throws -> String {
+    private static func legacyRawIdentity() -> DeviceIdentity {
+        let privateKey = Curve25519.Signing.PrivateKey()
+        let publicKeyData = privateKey.publicKey.rawRepresentation
+        let privateKeyData = privateKey.rawRepresentation
+        let deviceId = SHA256.hash(data: publicKeyData).compactMap {
+            String(format: "%02x", $0)
+        }.joined()
+        return DeviceIdentity(
+            deviceId: deviceId,
+            publicKey: publicKeyData.base64EncodedString(),
+            privateKey: privateKeyData.base64EncodedString(),
+            createdAtMs: 1_700_000_000_000)
+    }
+
+    private static func identityJSON(publicKeyPem: String, privateKeyPem: String) throws -> Data {
         let object: [String: Any] = [
             "version": 1,
             "deviceId": "stale-device-id",
@@ -85,11 +450,14 @@ struct DeviceIdentityStoreTests {
             "privateKeyPem": privateKeyPem,
             "createdAtMs": 1_700_000_000_000,
         ]
-        let data = try JSONSerialization.data(withJSONObject: object, options: [.prettyPrinted, .sortedKeys])
-        return String(decoding: data, as: UTF8.self) + "\n"
+        return try JSONSerialization.data(withJSONObject: object, options: [.prettyPrinted, .sortedKeys])
     }
 
     private static func pem(label: String, body: String) -> String {
         "-----BEGIN \(label)-----\n\(body)\n-----END \(label)-----\n"
     }
+
+    private static func privateKeyMarker(_ boundary: String) -> String {
+        "-----\(boundary) \("PRIVATE" + " KEY")-----"
+    }
 }

apps/shared/OpenClawKit/Tests/OpenClawKitTests/ElevenLabsTTSValidationTests.swift

@@ -1,3 +1,4 @@
+#if Talk
 import XCTest
 @testable import OpenClawKit
 
@@ -17,3 +18,4 @@ final class ElevenLabsTTSValidationTests: XCTestCase {
         XCTAssertNil(ElevenLabsTTSClient.validatedNormalize("maybe"))
     }
 }
+#endif

config/knip.config.ts

@@ -37,6 +37,9 @@ const bundledPluginIgnoredRuntimeDependencies = [
   "@azure/identity",
   "@clawdbot/lobster",
   "@discordjs/opus",
+  "@earendil-works/pi-agent-core",
+  "@earendil-works/pi-ai",
+  "@earendil-works/pi-coding-agent",
   "@homebridge/ciao",
   "@lit/context",
   "@matrix-org/matrix-sdk-crypto-wasm",
@@ -45,6 +48,7 @@ const bundledPluginIgnoredRuntimeDependencies = [
   "@pierre/theme",
   "@tloncorp/tlon-skill",
   "@zed-industries/codex-acp",
+  "audio-decode",
   "jiti",
   "json5",
   "lit",

docs/.generated/config-baseline.sha256

@@ -1,4 +1,4 @@
-289c1bae4b9574d219fe61931be6b3ce42d4efb37d0a2edc570a521016394db5  config-baseline.json
-5bcb22d1506d82e59caa3bbc97931213299e3a2c0d45dbc549386b254661094a  config-baseline.core.json
-a9102c0611b8170fac37853cc31771810f31757a9e3b2c6796bbd9625f9b9206  config-baseline.channel.json
-0a8e088f8dc7b12341075ce019281d5fe45827ae802f60c71a490022ba5867cf  config-baseline.plugin.json
+8162a661edc183008a336db265a092acc90762c6c547b1383ef14fd0d381dea5  config-baseline.json
+5ee177382cf32c2816dca0a4e67cd6c01df1045d600b21a6e9c11639ddb10ce8  config-baseline.core.json
+7a7aba829deb8b54047b5c9e7dd3f3c9eade721e2f728db339c4ea99b77a162e  config-baseline.channel.json
+e6a1d6f51f0d9c04bd92d51deebfaca8c7917dd28d7998d225c0074e0a095348  config-baseline.plugin.json

docs/.generated/plugin-sdk-api-baseline.sha256

@@ -1,2 +1,2 @@
-cf29066e9465cb5ac1387d1d482d0939b9176220ecc69964da9af1a471939269  plugin-sdk-api-baseline.json
-ab43993cf713a96b191c55cf89bb215c18ecdc2d8edf50f31369ce3b162c56e3  plugin-sdk-api-baseline.jsonl
+34d396bf8f1b2963884256e87c8879a378e2ce7c8064ae0c30d734085a305dd6  plugin-sdk-api-baseline.json
+bf3e94dcccaf169811990dfd058a16ace8ce2ab44ea9eac6042b525b6d8baf5f  plugin-sdk-api-baseline.jsonl

docs/.i18n/glossary.zh-CN.json

@@ -68,8 +68,8 @@
     "target": "消息生命周期重构"
   },
   {
-    "source": "ACP lifecycle refactor",
-    "target": "ACP 生命周期重构"
+    "source": "Refactoring",
+    "target": "重构"
   },
   {
     "source": "Channel message API",
@@ -135,6 +135,14 @@
     "source": "Pi",
     "target": "Pi"
   },
+  {
+    "source": "Embedded agent runtime architecture",
+    "target": "嵌入式 agent 运行时架构"
+  },
+  {
+    "source": "Embedded agent runtime development workflow",
+    "target": "嵌入式 agent 运行时开发工作流"
+  },
   {
     "source": "Agent runtimes",
     "target": "Agent Runtimes"
@@ -1118,5 +1126,13 @@
   {
     "source": "Z.AI (GLM)",
     "target": "Z.AI (GLM)"
+  },
+  {
+    "source": "Kysely best practices",
+    "target": "Kysely 最佳实践"
+  },
+  {
+    "source": "Database-first state refactor",
+    "target": "数据库优先状态重构"
   }
 ]

docs/auth-credential-semantics.md

@@ -48,7 +48,7 @@ Token credentials (`type: "token"`) support inline `token` and/or `tokenRef`.
 
 Agent auth inheritance is read-through. When an agent has no local profile, it
 can resolve profiles from the default/main agent store at runtime without
-copying secret material into its own `auth-profiles.json`.
+copying secret material into its own SQLite auth-profile row.
 
 Explicit copy flows, such as `openclaw agents add`, use this portability policy:
 
@@ -68,11 +68,11 @@ the target agent signs in separately and creates its own local profile.
 credentials. They are valid when the target provider uses
 `models.providers.<id>.auth: "aws-sdk"` or plugin-owned Amazon Bedrock setup
 AWS SDK route. These profile ids may appear in `auth.order` and session
-overrides even when no matching entry exists in `auth-profiles.json`.
+overrides even when no matching entry exists in the SQLite auth-profile row.
 
-Do not write `type: "aws-sdk"` into `auth-profiles.json`. If a legacy install
-has such a marker, `openclaw doctor --fix` moves it to `auth.profiles` and
-removes the marker from the credential store.
+Do not write `type: "aws-sdk"` into the SQLite auth-profile row. If a legacy
+install has such a marker, `openclaw doctor --fix` moves it to `auth.profiles`
+and removes the marker from the credential store.
 
 ## Explicit auth order filtering
 
@@ -86,8 +86,8 @@ removes the marker from the credential store.
 
 ## Probe target resolution
 
-- Probe targets can come from auth profiles, environment credentials, or
-  `models.json`.
+- Probe targets can come from auth profiles, environment credentials, or the
+  stored model catalog.
 - If a provider has credentials but OpenClaw cannot resolve a probeable model
   candidate for it, `models status --probe` reports `status: no_model` with
   `reasonCode: no_model`.

docs/automation/cron-jobs.md

@@ -40,11 +40,9 @@ Cron is the Gateway's built-in scheduler. It persists jobs, wakes the agent at t
 ## How cron works
 
 - Cron runs **inside the Gateway** process (not inside the model).
-- Job definitions persist at `~/.openclaw/cron/jobs.json` so restarts do not lose schedules.
-- Runtime execution state persists next to it in `~/.openclaw/cron/jobs-state.json`. If you track cron definitions in git, track `jobs.json` and gitignore `jobs-state.json`.
-- If `jobs.json` contains malformed rows, the Gateway keeps valid jobs running, removes the malformed rows from the active store, and saves the raw rows beside it in `jobs-quarantine.json` for later repair or review.
-- After the split, older OpenClaw versions can read `jobs.json` but may treat jobs as fresh because runtime fields now live in `jobs-state.json`.
-- When `jobs.json` is edited while the Gateway is running or stopped, OpenClaw compares the changed schedule fields with pending runtime slot metadata and clears stale `nextRunAtMs` values. Pure formatting or key-order-only rewrites preserve the pending slot.
+- Job definitions, runtime state, and run history persist in OpenClaw's shared SQLite state database so restarts do not lose schedules.
+- On upgrade, legacy `~/.openclaw/cron/jobs.json`, `jobs-state.json`, and `runs/*.jsonl` files are imported once and renamed with a `.migrated` suffix. Malformed job rows are skipped from runtime and copied to `jobs-quarantine.json` for later repair or review.
+- `cron.store` still names the logical cron store key and legacy import path. After import, editing that JSON file no longer changes active cron jobs; use `openclaw cron add|edit|remove` or the Gateway cron RPC methods instead.
 - All cron executions create [background task](/automation/tasks) records.
 - On Gateway startup, overdue isolated agent-turn jobs are rescheduled out of the channel-connect window instead of replaying immediately, so Discord/Telegram startup and native-command setup stay responsive after restarts.
 - One-shot jobs (`--at`) auto-delete after success by default.
@@ -60,7 +58,7 @@ Cron is the Gateway's built-in scheduler. It persists jobs, wakes the agent at t
 <a id="maintenance"></a>
 
 <Note>
-Task reconciliation for cron is runtime-owned first, durable-history-backed second: an active cron task stays live while the cron runtime still tracks that job as running, even if an old child session row still exists. Once the runtime stops owning the job and the 5-minute grace window expires, maintenance checks persisted run logs and job state for the matching `cron:<jobId>:<startedAt>` run. If that durable history shows a terminal result, the task ledger is finalized from it; otherwise Gateway-owned maintenance can mark the task `lost`. Offline CLI audit can recover from durable history, but it does not treat its own empty in-process active-job set as proof that a Gateway-owned cron run is gone.
+Task reconciliation for cron is runtime-owned first, durable-history-backed second: an active cron task stays live while the cron runtime still tracks that job as running, even if an old child session row still exists. Once the runtime stops owning the job and the 5-minute grace window expires, maintenance checks persisted SQLite run logs and job state for the matching `cron:<jobId>:<startedAt>` run. If that durable history shows a terminal result, the task ledger is finalized from it; otherwise Gateway-owned maintenance can mark the task `lost`. Offline CLI audit can recover from durable history, but it does not treat its own empty in-process active-job set as proof that a Gateway-owned cron run is gone.
 </Note>
 
 ## Schedule types
@@ -446,15 +444,14 @@ Model override note:
 {
   cron: {
     enabled: true,
-    store: "~/.openclaw/cron/jobs.json",
-    maxConcurrentRuns: 8,
+    store: "~/.openclaw/cron/jobs.json", // optional legacy import key
+    maxConcurrentRuns: 1,
     retry: {
       maxAttempts: 3,
       backoffMs: [60000, 120000, 300000],
       retryOn: ["rate_limit", "overloaded", "network", "server_error"],
     },
     webhookToken: "replace-with-dedicated-webhook-token",
-    sessionRetention: "24h",
     runLog: { maxBytes: "2mb", keepLines: 2000 },
   },
 }
@@ -462,9 +459,7 @@ Model override note:
 
 `maxConcurrentRuns` limits both scheduled cron dispatch and isolated agent-turn execution, and defaults to 8. Isolated cron agent turns use the queue's dedicated `cron-nested` execution lane internally, so raising this value lets independent cron LLM runs progress in parallel instead of only starting their outer cron wrappers. The shared non-cron `nested` lane is not widened by this setting.
 
-The runtime state sidecar is derived from `cron.store`: a `.json` store such as `~/clawd/cron/jobs.json` uses `~/clawd/cron/jobs-state.json`, while a store path without a `.json` suffix appends `-state.json`.
-
-If you hand-edit `jobs.json`, leave `jobs-state.json` out of source control. OpenClaw uses that sidecar for pending slots, active markers, last-run metadata, and the schedule identity that tells the scheduler when an externally edited job needs a fresh `nextRunAtMs`.
+`cron.store` is a logical store key and legacy import path. Existing stores are imported into SQLite on first load and archived; future cron changes should go through the CLI or Gateway API.
 
 Disable cron: `cron.enabled: false` or `OPENCLAW_SKIP_CRON=1`.
 
@@ -476,7 +471,7 @@ Disable cron: `cron.enabled: false` or `OPENCLAW_SKIP_CRON=1`.
 
   </Accordion>
   <Accordion title="Maintenance">
-    `cron.sessionRetention` (default `24h`) prunes isolated run-session entries. `cron.runLog.maxBytes` / `cron.runLog.keepLines` auto-prune run-log files.
+    `cron.sessionRetention` (default `24h`) prunes isolated run-session entries. `cron.runLog.keepLines` limits retained SQLite run-history rows per job; `maxBytes` is retained for config compatibility with older file-backed run logs.
   </Accordion>
 </AccordionGroup>
 
@@ -515,7 +510,7 @@ openclaw doctor
   <Accordion title="Cron or heartbeat appears to prevent /new-style rollover">
     - Daily and idle reset freshness is not based on `updatedAt`; see [Session management](/concepts/session#session-lifecycle).
     - Cron wakeups, heartbeat runs, exec notifications, and gateway bookkeeping may update the session row for routing/status, but they do not extend `sessionStartedAt` or `lastInteractionAt`.
-    - For legacy rows created before those fields existed, OpenClaw can recover `sessionStartedAt` from the transcript JSONL session header when the file is still available. Legacy idle rows without `lastInteractionAt` use that recovered start time as their idle baseline.
+    - For legacy rows created before those fields existed, OpenClaw can recover `sessionStartedAt` from the SQLite transcript session header after doctor migration. Legacy idle rows without `lastInteractionAt` use that recovered start time as their idle baseline.
 
   </Accordion>
   <Accordion title="Timezone gotchas">

docs/automation/hooks.md

@@ -6,7 +6,7 @@ read_when:
 title: "Hooks"
 ---
 
-Hooks are small scripts that run when something happens inside the Gateway. They can be discovered from directories and inspected with `openclaw hooks`. The Gateway loads internal hooks only after you enable hooks or configure at least one hook entry, hook pack, legacy handler, or extra hook directory.
+Hooks are small scripts that run when something happens inside the Gateway. They can be discovered from directories and inspected with `openclaw hooks`. The Gateway loads internal hooks only after you enable hooks or configure at least one hook entry, hook pack, or extra hook directory.
 
 There are two kinds of hooks in OpenClaw:
 
@@ -190,7 +190,7 @@ Hooks are discovered from these directories, in order of increasing override pre
 
 Workspace hooks can add new hook names but cannot override bundled, managed, or plugin-provided hooks with the same name.
 
-The Gateway skips internal hook discovery on startup until internal hooks are configured. Enable a bundled or managed hook with `openclaw hooks enable <name>`, install a hook pack, or set `hooks.internal.enabled=true` to opt in. When you enable one named hook, the Gateway loads only that hook's handler; `hooks.internal.enabled=true`, extra hook directories, and legacy handlers opt into broad discovery.
+The Gateway skips internal hook discovery on startup until internal hooks are configured. Enable a bundled or managed hook with `openclaw hooks enable <name>`, install a hook pack, or set `hooks.internal.enabled=true` to opt in. When you enable one named hook, the Gateway loads only that hook's handler; `hooks.internal.enabled=true` and extra hook directories opt into broad discovery.
 
 ### Hook packs
 
@@ -208,7 +208,7 @@ Npm specs are registry-only (package name + optional exact version or dist-tag).
 | --------------------- | ------------------------------------------------- | -------------------------------------------------------------- |
 | session-memory        | `command:new`, `command:reset`                    | Saves session context to `<workspace>/memory/`                 |
 | bootstrap-extra-files | `agent:bootstrap`                                 | Injects additional bootstrap files from glob patterns          |
-| command-logger        | `command`                                         | Logs all commands to `~/.openclaw/logs/commands.log`           |
+| command-logger        | `command`                                         | Logs all commands to the shared SQLite state database          |
 | compaction-notifier   | `session:compact:before`, `session:compact:after` | Sends visible chat notices when session compaction starts/ends |
 | boot-md               | `gateway:startup`                                 | Runs `BOOT.md` when the gateway starts                         |
 
@@ -249,7 +249,8 @@ Paths resolve relative to workspace. Only recognized bootstrap basenames are loa
 
 ### command-logger details
 
-Logs every slash command to `~/.openclaw/logs/commands.log`.
+Logs every slash command to the `command_log_entries` table in
+`~/.openclaw/state/openclaw.sqlite`.
 
 <a id="compaction-notifier"></a>
 
@@ -325,7 +326,7 @@ Extra hook directories:
 ```
 
 <Note>
-The legacy `hooks.internal.handlers` array config format is still supported for backwards compatibility, but new hooks should use the discovery-based system.
+The legacy `hooks.internal.handlers` array config format is not loaded by the Gateway. Run `openclaw doctor --fix` to detect stale config, then move each hook into a discovered hook directory with `HOOK.md` metadata.
 </Note>
 
 ## CLI reference

docs/automation/taskflow.md

@@ -116,9 +116,9 @@ Example: three independent cron jobs that together form a "morning ops" routine.
 ## Durable state and revision tracking
 
 Each flow persists its own state and tracks revisions so progress survives gateway restarts. Revision tracking enables conflict detection when multiple sources attempt to advance the same flow concurrently.
-The flow registry uses SQLite with bounded write-ahead-log maintenance, including
-periodic and shutdown checkpoints, so long-running gateways do not retain
-unbounded `registry.sqlite-wal` sidecar files.
+The flow registry persists in the shared SQLite state database at
+`~/.openclaw/state/openclaw.sqlite`, using the same bounded write-ahead-log
+maintenance as the rest of OpenClaw runtime state.
 
 ## Cancel behavior
 

docs/automation/tasks.md

@@ -249,8 +249,8 @@ openclaw tasks notify <lookup> state_changes
 
     - ACP/subagent tasks check their backing child session.
     - Subagent tasks whose child session has a restart-recovery tombstone are marked lost instead of being treated as recoverable backing sessions.
-    - Cron tasks check whether the cron runtime still owns the job, then recover terminal status from persisted cron run logs/job state before falling back to `lost`. Only the Gateway process is authoritative for the in-memory cron active-job set; offline CLI audit uses durable history but does not mark a cron task lost solely because that local Set is empty.
-    - CLI tasks with run identity check the owning live run context, not just child-session or chat-session rows.
+    - Cron tasks check whether the cron runtime still owns the job, then recover terminal status from persisted SQLite cron run logs/job state before falling back to `lost`. Only the Gateway process is authoritative for the in-memory cron active-job set; offline CLI audit uses durable history but does not mark a cron task lost solely because that local Set is empty.
+    - Chat-backed CLI tasks check the owning live run context, not just the chat session row.
 
     Completion cleanup is also runtime-aware:
 
@@ -306,7 +306,7 @@ Both `/status` and the `session_status` tool use a cleanup-aware task snapshot:
 Task records persist in SQLite at:
 
 ```
-$OPENCLAW_STATE_DIR/tasks/runs.sqlite
+$OPENCLAW_STATE_DIR/state/openclaw.sqlite
 ```
 
 The registry loads into memory at gateway start and syncs writes to SQLite for durability across restarts.
@@ -346,7 +346,7 @@ A sweeper runs every **60 seconds** and handles four things:
 
   </Accordion>
   <Accordion title="Tasks and cron">
-    A cron job **definition** lives in `~/.openclaw/cron/jobs.json`; runtime execution state lives beside it in `~/.openclaw/cron/jobs-state.json`. **Every** cron execution creates a task record - both main-session and isolated. Main-session cron tasks default to `silent` notify policy so they track without generating notifications.
+    Cron job definitions, runtime execution state, and run history live in OpenClaw's shared SQLite state database. **Every** cron execution creates a task record - both main-session and isolated. Main-session cron tasks default to `silent` notify policy so they track without generating notifications.
 
     See [Cron Jobs](/automation/cron-jobs).
 

docs/channels/channel-routing.md

@@ -128,17 +128,19 @@ Example:
 
 ## Session storage
 
-Session stores live under the state directory (default `~/.openclaw`):
+Canonical session metadata lives in SQLite:
 
-- `~/.openclaw/agents/<agentId>/sessions/sessions.json`
-- JSONL transcripts live alongside the store
+- `~/.openclaw/state/openclaw.sqlite` registers agents and shared control-plane rows.
+- `~/.openclaw/agents/<agentId>/agent/openclaw-agent.sqlite` stores that
+  agent's session rows and transcript events.
 
-You can override the store path via `session.store` and `{agentId}` templating.
+Legacy `sessions.json` indexes are imported by `openclaw doctor --fix` and
+removed after SQLite has the rows. Runtime metadata should go through the
+agent's SQLite database. Startup does not import or rewrite legacy session indexes.
 
-Gateway and ACP session discovery also scans disk-backed agent stores under the
-default `agents/` root and under templated `session.store` roots. Discovered
-stores must stay inside that resolved agent root and use a regular
-`sessions.json` file. Symlinks and out-of-root paths are ignored.
+Gateway and ACP session discovery read SQLite metadata. JSONL transcript files
+are legacy doctor-import inputs or explicit export artifacts only; runtime code
+must not create, select, or bridge through transcript files or locators.
 
 ## WebChat behavior
 

docs/channels/discord.md

@@ -252,7 +252,7 @@ Once DMs are working, you can set up your Discord server as a full workspace whe
 
     In guild channels, normal replies post automatically by default. For shared always-on rooms, opt into `messages.groupChat.visibleReplies: "message_tool"` so the agent can lurk and only post when it decides a channel reply is useful. This works best with latest-generation, tool-reliable models such as GPT 5.5. Ambient room events stay quiet unless the tool sends. See [Ambient room events](/channels/ambient-room-events) for the full lurk-mode config.
 
-    If Discord shows typing and the logs show token usage but no posted message, check whether the turn was configured as an ambient room event or opted into message-tool visible replies.
+    This means the selected model should reliably call tools. If Discord shows typing and the logs show token usage but no posted message, check whether the turn was configured as an ambient room event, inspect the gateway verbose log or SQLite transcript for `didSendViaMessagingTool: false`, or use the config below to restore legacy automatic final replies for normal group requests.
 
     <Tabs>
       <Tab title="Ask your agent">

docs/channels/group-messages.md

@@ -85,8 +85,8 @@ Only the owner number (from `channels.whatsapp.allowFrom`, or the bot's own E.16
 
 - Heartbeats are intentionally skipped for groups to avoid noisy broadcasts.
 - Echo suppression uses the combined batch string; if you send identical text twice without mentions, only the first will get a response.
-- Session store entries will appear as `agent:<agentId>:whatsapp:group:<jid>` in the session store (`~/.openclaw/agents/<agentId>/sessions/sessions.json` by default); a missing entry just means the group hasn't triggered a run yet.
-- Typing indicators in groups follow `agents.defaults.typingMode`. When visible replies are opted into message-tool-only mode, typing starts immediately by default so group members can see the agent is working even if no automatic final reply is posted. Explicit typing-mode config still wins.
+- Session rows use keys like `agent:<agentId>:whatsapp:group:<jid>` in the per-agent database; a missing row just means the group hasn't triggered a run yet.
+- Typing indicators in groups follow `agents.defaults.typingMode`. When visible replies use the default message-tool-only mode, typing starts immediately by default so group members can see the agent is working even if no automatic final reply is posted. Explicit typing-mode config still wins.
 
 ## Related