fix(plugins): restore release package compatibility

.github/CODEOWNERS

@@ -12,14 +12,9 @@
 /.github/workflows/codeql-android-critical-security.yml @openclaw/openclaw-secops
 /.github/workflows/codeql-critical-quality.yml @openclaw/openclaw-secops
 /.github/workflows/dependency-guard.yml @openclaw/openclaw-secops
-/.github/workflows/security-sensitive-guard.yml @openclaw/openclaw-secops
 /test/scripts/dependency-guard-workflow.test.ts @openclaw/openclaw-secops
 /test/scripts/dependency-guard-script.test.ts @openclaw/openclaw-secops
-/test/scripts/security-sensitive-guard-workflow.test.ts @openclaw/openclaw-secops
-/test/scripts/security-sensitive-guard-script.test.ts @openclaw/openclaw-secops
 /scripts/github/dependency-guard.mjs @openclaw/openclaw-secops
-/scripts/github/security-sensitive-guard.mjs @openclaw/openclaw-secops
-/.gitignore @openclaw/openclaw-secops
 /package-lock.json @openclaw/openclaw-secops
 /npm-shrinkwrap.json @openclaw/openclaw-secops
 /extensions/*/package-lock.json @openclaw/openclaw-secops

.github/workflows/security-sensitive-guard.yml

@@ -1,55 +0,0 @@
-name: Security Sensitive Guard
-
-on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] checks trusted base script only; never checks out PR head
-    types: [opened, reopened, synchronize, ready_for_review]
-
-permissions:
-  contents: read
-  pull-requests: write
-  issues: write
-
-concurrency:
-  group: security-sensitive-guard-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  security-sensitive-guard-detect:
-    if: ${{ !github.event.pull_request.draft }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Check out trusted base workflow scripts
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-          persist-credentials: false
-
-      - name: Detect security-sensitive changes
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          OPENCLAW_SECURITY_APPROVERS: vincentkoc,steipete,joshavant
-          OPENCLAW_SECURITY_SENSITIVE_GUARD_MODE: detect
-          OPENCLAW_SECURITY_TEAM_SLUG: openclaw-secops
-        run: node scripts/github/security-sensitive-guard.mjs
-
-  security-sensitive-guard:
-    if: ${{ !github.event.pull_request.draft && always() }}
-    needs:
-      - security-sensitive-guard-detect
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Check out trusted base workflow scripts
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-          persist-credentials: false
-
-      - name: Enforce security-sensitive guard
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          OPENCLAW_SECURITY_APPROVERS: vincentkoc,steipete,joshavant
-          OPENCLAW_SECURITY_SENSITIVE_GUARD_MODE: enforce
-          OPENCLAW_SECURITY_TEAM_SLUG: openclaw-secops
-        run: node scripts/github/security-sensitive-guard.mjs

.gitignore

@@ -77,7 +77,6 @@ extensions/canvas/src/host/a2ui/*.map
 
 # fastlane (iOS)
 apps/ios/fastlane/README.md
-apps/android/fastlane/README.md
 apps/ios/fastlane/report.xml
 apps/ios/fastlane/Preview.html
 apps/ios/fastlane/screenshots/

CHANGELOG.md

@@ -26,7 +26,6 @@ Docs: https://docs.openclaw.ai
 
 - Channels and delivery: preserve account-scoped DM channel send policy, intentional rich-message line breaks in Telegram and status output, rich Telegram final replies, rich Telegram tables and lists, Telegram thread-create CLI remapping, Feishu dynamic-agent routes after persisted binding reuse, Slack outbound `message_sent` hooks, contributed message-tool schema optionality, same-channel generated media completions, and channel chunking around surrogate pairs and Infinity limits. (#92788, #93164, #92679, #89421, #89943, #42837, #92814, #91137, #91246, #92735) Thanks @yetval, @obviyus, @spacegeologist, @rishitamrakar, @liuhao1024, @lundog, @TurboTheTurtle, and @yhterrance.
 - Gemini CLI: use the selected OpenClaw OAuth/API-key auth profile in an isolated Gemini CLI runtime home, preventing ambient Google machine credentials from overriding the chosen profile. (#88748) Thanks @jason-allen-oneal and @shakkernerd.
-- Feishu: fetch quoted/replied message content before the empty-message guard so a mention-only reply that quotes a message with meaningful content is no longer dropped. (#90192) Thanks @bladin.
 - Discord: give generated auto-thread titles a 60-second timeout and 4,096-token reasoning-model output budget, clamped to the selected model output cap. (#64734) Thanks @hanamizuki.
 - Agent, cron, and Gateway runtime: mark active main sessions before restart shutdown aborts, pause yielded subagent runs whose terminal also signals abort, clamp trusted subagent thinking overrides through provider/model fallback, preserve yielded media completions, deliver channel message-tool final replies through auto-reply while hiding internal delivery hints, restore reset archive fallback reads when active async transcripts are missing, de-duplicate main-session heartbeat events, expose session identity in runtime prompts, reject unknown OpenAI agent selectors, keep generated media completions, slash-command block replies, and trajectory export commands in WebChat, and require admin privileges for HTTP session/model override surfaces. (#91357, #92631, #92412, #92146, #92879, #91287, #92468, #92510, #91246, #92651, #92646) Thanks @ooiuuii, @openperf, @IWhatsskill, @masatohoshino, @CadanHu, @ZengWen-DT, @zhangguiping-xydt, and @TurboTheTurtle.
 - Providers and model replay: preserve storeless OpenAI Responses replay compatibility, recover invalid OpenAI reasoning signatures and genericized Anthropic thinking-signature replay errors, route OAuth image defaults through Codex for eligible OpenAI profiles, avoid eager tool streaming for Claude 4.5 in Copilot, quarantine unreadable and post-hook OpenAI/Anthropic-family tool schemas without broadening allowed tool choices, deliver explicit thinking-off requests to LM Studio binary-thinking models, honor profile auth for SecretRef model entries, bound model browsing, strip provider prefixes where runtimes need bare IDs, and surface nested embedding fetch failures. (#90706, #92941, #92201, #92916, #92824, #75393, #92908, #92921, #92928, #92002, #90686, #92247, #92627, #91218, #92628) Thanks @snowzlm, @mmyzwl, @CarlCapital, @bek91, @Kailigithub, @vincentkoc, @rohitjavvadi, @samson910022, @nxmxbbd, @liuhao1024, @bymle, and @mushuiyu886.

apps/android/CHANGELOG.md

@@ -1,11 +0,0 @@
-# OpenClaw Android Changelog
-
-## Unreleased
-
-Maintenance update for the current OpenClaw Android release.
-
-## 2026.6.2 - 2026-06-02
-
-OpenClaw is now available on Android.
-
-Connect to your OpenClaw Gateway to chat with your assistant, use realtime Talk mode, review approvals, and bring Android device capabilities like camera, location, screen, and notifications into your private automation workflows.

apps/android/Config/ReleaseSigning.json

@@ -1,14 +0,0 @@
-{
-  "signingRepo": "git@github.com:openclaw/apps-signing.git",
-  "signingBranch": "main",
-  "assetPath": "android/openclaw",
-  "uploadKeystoreEncryptedFile": "upload-keystore.jks.enc",
-  "gradlePropertiesEncryptedFile": "gradle.properties.enc",
-  "materializedRoot": "apps/android/build/release-signing",
-  "gradlePropertyNames": [
-    "OPENCLAW_ANDROID_STORE_FILE",
-    "OPENCLAW_ANDROID_STORE_PASSWORD",
-    "OPENCLAW_ANDROID_KEY_ALIAS",
-    "OPENCLAW_ANDROID_KEY_PASSWORD"
-  ]
-}

apps/android/README.md

@@ -53,16 +53,6 @@ pnpm android:version:pin -- --from-gateway
 pnpm android:version:pin -- --version 2026.6.5 --version-code 2026060501
 ```
 
-Release-owner signing sync:
-
-```bash
-pnpm android:release:signing:plan
-MATCH_PASSWORD=<signing repo password> pnpm android:release:signing:sync:pull
-MATCH_PASSWORD=<signing repo password> pnpm android:release:signing:check
-```
-
-The signing sync pulls encrypted Android upload-key assets from the shared `apps-signing` repo and materializes decrypted files under `apps/android/build/release-signing/`.
-
 Generate raw Google Play screenshots:
 
 ```bash
@@ -74,7 +64,7 @@ pnpm android:screenshots
 - Play build: `openclaw-<version>-play-release.aab`
 - Third-party build: `openclaw-<version>-third-party-release.apk`
 
-`pnpm android:bundle:release` is an alias for the same Fastlane archive lane.
+`pnpm android:bundle:release` is an alias for the same archive helper.
 
 See `apps/android/VERSIONING.md` and `apps/android/fastlane/SETUP.md` for the release workflow.
 

apps/android/VERSIONING.md

@@ -8,8 +8,6 @@ Android release builds use pinned app metadata instead of auto-bumping `build.gr
 - `version` is the Play `versionName` and uses CalVer: `YYYY.M.D`.
 - `versionCode` uses `YYYYMMDDNN`, where `NN` is a two-digit build number for that pinned app version.
 - `apps/android/Config/Version.properties` is generated from `version.json` and read by Gradle.
-- `apps/android/CHANGELOG.md` is the Android-only changelog and release-note source.
-- `apps/android/fastlane/metadata/android/en-US/release_notes.txt` is generated from the changelog.
 
 Examples:
 
@@ -25,41 +23,16 @@ pnpm android:version:check
 pnpm android:version:sync
 pnpm android:version:pin -- --from-gateway
 pnpm android:version:pin -- --version 2026.6.5 --version-code 2026060501
-pnpm android:release:signing:plan
-MATCH_PASSWORD=<signing repo password> pnpm android:release:signing:sync:pull
-pnpm android:release:preflight
 ```
 
-## Release-note resolution order
-
-When generating `apps/android/fastlane/metadata/android/en-US/release_notes.txt`, the tooling reads the first available changelog section in this order:
-
-1. exact pinned version, for example `## 2026.6.2`
-2. `## Unreleased`
-
-Recommended workflow:
-
-- while iterating on a Play internal testing train, keep pending notes under `## Unreleased`
-- before the production release, move or copy the final notes under `## <pinned version>` and run sync again
-
 ## Release Workflow
 
 1. Pin Android to the intended release version.
 2. Run `pnpm android:version:sync`.
-3. Update `apps/android/CHANGELOG.md`, then run `pnpm android:version:sync` again if needed.
-4. Run `MATCH_PASSWORD=<signing repo password> pnpm android:release:signing:sync:pull` to materialize encrypted Android signing assets from `apps-signing`.
-5. Run `pnpm android:release:preflight` to validate Play auth, signing, synced versioning, and release notes.
-6. Run `pnpm android:screenshots` to refresh raw Google Play screenshots.
-7. Run `pnpm android:release:archive` to produce the signed Play AAB and third-party APK.
-8. Run `pnpm android:release:upload` to upload metadata, screenshots, and the Play AAB to Google Play internal testing.
-9. Promote to production manually in Google Play Console.
+3. Update `apps/android/fastlane/metadata/android/en-US/release_notes.txt`.
+4. Run `pnpm android:screenshots` to refresh raw Google Play screenshots.
+5. Run `pnpm android:release:archive` to produce the signed Play AAB and third-party APK.
+6. Run `pnpm android:release:upload` to upload metadata, screenshots, and the Play AAB to Google Play internal testing.
+7. Promote to production manually in Google Play Console.
 
 The third-party flavor is archived as a signed APK for non-Play distribution. It is not uploaded by the Play release lane.
-
-## Signing model
-
-`apps/android/Config/ReleaseSigning.json` pins the Android signing assets in the shared private `apps-signing` repo. The Android pipeline uses the same `MATCH_PASSWORD` release-owner secret as iOS, but the Android files are managed by `scripts/android-release-signing.mjs` instead of Fastlane `match`.
-
-`sync:pull` decrypts the Play upload keystore and Gradle signing properties into `apps/android/build/release-signing/`. That directory is gitignored, and Fastlane exports the materialized values as Gradle project properties for the current release command.
-
-If `MATCH_PASSWORD` is not set, the existing manual Gradle-property signing path still works: provide `OPENCLAW_ANDROID_STORE_FILE`, `OPENCLAW_ANDROID_STORE_PASSWORD`, `OPENCLAW_ANDROID_KEY_ALIAS`, and `OPENCLAW_ANDROID_KEY_PASSWORD` through your local Gradle user properties before running release tasks.

apps/android/fastlane/Fastfile

@@ -9,12 +9,6 @@ default_platform(:android)
 DEFAULT_PLAY_PACKAGE_NAME = "ai.openclaw.app"
 DEFAULT_PLAY_TRACK = "internal"
 DEFAULT_PLAY_RELEASE_STATUS = "completed"
-ANDROID_RELEASE_SIGNING_GRADLE_PROPERTIES = [
-  "OPENCLAW_ANDROID_STORE_FILE",
-  "OPENCLAW_ANDROID_STORE_PASSWORD",
-  "OPENCLAW_ANDROID_KEY_ALIAS",
-  "OPENCLAW_ANDROID_KEY_PASSWORD"
-].freeze
 
 def load_env_file(path)
   return unless File.exist?(path)
@@ -42,14 +36,6 @@ def repo_root
   File.expand_path("../..", android_root)
 end
 
-def android_release_signing_script
-  File.join(repo_root, "scripts", "android-release-signing.mjs")
-end
-
-def android_release_signing_materialized_properties_path
-  File.join(android_root, "build", "release-signing", "gradle.properties")
-end
-
 def shell_join(args)
   args.shelljoin
 end
@@ -150,22 +136,17 @@ def android_release_notes_path
   File.join(__dir__, "metadata", "android", "en-US", "release_notes.txt")
 end
 
-def validate_android_release_notes!
-  release_notes_path = android_release_notes_path
-  UI.user_error!("Missing Android release notes at #{release_notes_path}. Run `pnpm android:version:sync`.") unless File.exist?(release_notes_path)
-  UI.user_error!("Android release notes at #{release_notes_path} are empty.") unless env_present?(File.read(release_notes_path))
-end
-
 def android_changelog_path(version_code)
   File.join(__dir__, "metadata", "android", "en-US", "changelogs", "#{version_code}.txt")
 end
 
 def sync_android_changelog!(version_code)
-  validate_android_release_notes!
+  release_notes_path = android_release_notes_path
+  UI.user_error!("Missing Android release notes at #{release_notes_path}.") unless File.exist?(release_notes_path)
 
   changelog_path = android_changelog_path(version_code)
   FileUtils.mkdir_p(File.dirname(changelog_path))
-  File.write(changelog_path, File.read(android_release_notes_path))
+  File.write(changelog_path, File.read(release_notes_path))
   changelog_path
 end
 
@@ -197,69 +178,6 @@ def capture_android_screenshots!
   sh(shell_join(["bash", File.join(repo_root, "scripts", "android-screenshots.sh")]))
 end
 
-def read_android_release_signing_properties!(path)
-  UI.user_error!("Missing materialized Android release signing properties at #{path}.") unless File.exist?(path)
-
-  properties = {}
-  File.foreach(path) do |line|
-    stripped = line.strip
-    next if stripped.empty? || stripped.start_with?("#")
-
-    key, value = stripped.split("=", 2)
-    next if key.nil? || key.empty? || value.nil?
-
-    properties[key] = value.strip
-  end
-
-  missing = ANDROID_RELEASE_SIGNING_GRADLE_PROPERTIES.reject { |key| env_present?(properties[key]) }
-  UI.user_error!("Materialized Android release signing properties are missing: #{missing.join(', ')}.") unless missing.empty?
-
-  properties
-end
-
-def export_android_release_signing_properties!(path)
-  read_android_release_signing_properties!(path).each do |key, value|
-    ENV["ORG_GRADLE_PROJECT_#{key}"] = value
-  end
-end
-
-def sync_android_release_signing!
-  sh(shell_join(["node", android_release_signing_script, "--mode", "sync-pull"]))
-  export_android_release_signing_properties!(android_release_signing_materialized_properties_path)
-end
-
-def prepare_android_release_signing!
-  if env_present?(ENV["MATCH_PASSWORD"])
-    sync_android_release_signing!
-  elsif File.exist?(android_release_signing_materialized_properties_path)
-    export_android_release_signing_properties!(android_release_signing_materialized_properties_path)
-  end
-end
-
-def validate_android_release_signing!
-  Dir.chdir(android_root) do
-    sh(shell_join(["./gradlew", ":app:bundlePlayRelease", "--dry-run"]))
-  end
-end
-
-def print_android_release_plan!(version_metadata)
-  UI.message("Android Play release plan:")
-  UI.message("  package: #{play_package_name}")
-  UI.message("  track: #{play_track}")
-  UI.message("  release_status: #{play_release_status}")
-  UI.message("  validate_only: #{play_validate_only?}")
-  UI.message("  versionName: #{version_metadata.fetch(:version)}")
-  UI.message("  versionCode: #{version_metadata.fetch(:version_code)}")
-end
-
-def validate_android_release_preflight!(version_metadata)
-  validate_play_auth!
-  prepare_android_release_signing!
-  validate_android_release_signing!
-  validate_android_release_notes!
-  print_android_release_plan!(version_metadata)
-end
-
 def upload_play_store_metadata!(version_metadata)
   validate_android_screenshots!
   sync_android_changelog!(version_metadata.fetch(:version_code))
@@ -312,38 +230,6 @@ platform :android do
     UI.success("Google Play API credentials are valid.")
   end
 
-  desc "Print the Android release signing plan"
-  lane :signing_plan do
-    sh(shell_join(["node", android_release_signing_script, "--mode", "plan"]))
-  end
-
-  desc "Pull encrypted Android release signing assets and validate Gradle release signing"
-  lane :signing_check do
-    sync_android_release_signing!
-    validate_android_release_signing!
-    UI.success("Android release signing assets are available locally.")
-  end
-
-  desc "Pull encrypted Android release signing assets from the shared signing repo"
-  lane :signing_sync_pull do
-    sync_android_release_signing!
-    UI.success("Pulled Android release signing assets.")
-  end
-
-  desc "Create or refresh encrypted Android release signing assets in the shared signing repo"
-  lane :signing_sync_push do
-    sh(shell_join(["node", android_release_signing_script, "--mode", "sync-push"]))
-    UI.success("Pushed Android release signing assets.")
-  end
-
-  desc "Validate Android Play release auth, signing, versioning, and release notes"
-  lane :release_preflight do
-    sync_android_versioning!
-    version_metadata = read_android_version_metadata
-    validate_android_release_preflight!(version_metadata)
-    UI.success("Android Play release preflight passed for #{version_metadata[:version]} (#{version_metadata[:version_code]}).")
-  end
-
   desc "Upload Google Play metadata, changelog, and optional screenshots"
   lane :metadata do
     sync_android_versioning!
@@ -356,7 +242,6 @@ platform :android do
   desc "Build signed Android release artifacts locally without uploading"
   lane :play_store_archive do
     sync_android_versioning!
-    prepare_android_release_signing!
     build_release_artifacts!
   end
 
@@ -375,9 +260,9 @@ platform :android do
 
   desc "Upload Android metadata, archive release artifacts, then upload the Play AAB"
   lane :release_upload do
+    auth_check
     sync_android_versioning!
     version_metadata = read_android_version_metadata
-    validate_android_release_preflight!(version_metadata)
     screenshots
     ENV["SUPPLY_UPLOAD_METADATA"] = "1"
     ENV["SUPPLY_UPLOAD_SCREENSHOTS"] = "1"

apps/android/fastlane/SETUP.md

@@ -20,35 +20,6 @@ Optional app targeting:
 GOOGLE_PLAY_PACKAGE_NAME=ai.openclaw.app
 ```
 
-Android release signing uses the same private `apps-signing` repository and `MATCH_PASSWORD` secret as iOS, but with Android-specific encrypted assets. Pull the shared upload key before release validation:
-
-```bash
-pnpm android:release:signing:plan
-MATCH_PASSWORD=<signing repo password> pnpm android:release:signing:sync:pull
-MATCH_PASSWORD=<signing repo password> pnpm android:release:signing:check
-```
-
-The pull command materializes decrypted signing files under `apps/android/build/release-signing/`, which is gitignored. Later Fastlane release commands reload those materialized values and export them to Gradle for the current process.
-
-For the first setup or rotation, provide the Play upload keystore and a local signing properties file, then push encrypted assets to `apps-signing`:
-
-```bash
-MATCH_PASSWORD=<signing repo password> \
-OPENCLAW_ANDROID_UPLOAD_KEYSTORE=<path-to-upload-keystore.jks> \
-OPENCLAW_ANDROID_SIGNING_PROPERTIES=<path-to-android-signing.properties> \
-pnpm android:release:signing:sync:push
-```
-
-The source signing properties file must contain:
-
-```properties
-OPENCLAW_ANDROID_STORE_PASSWORD=<store-password>
-OPENCLAW_ANDROID_KEY_ALIAS=<upload-key-alias>
-OPENCLAW_ANDROID_KEY_PASSWORD=<key-password>
-```
-
-Store the Google Play upload key, not the irreplaceable app signing key, when Play App Signing is enabled.
-
 Validate auth:
 
 ```bash
@@ -85,19 +56,12 @@ Release rules:
 
 - `apps/android/version.json` is the pinned Android release version source.
 - `apps/android/Config/Version.properties` is generated from that source and read by Gradle.
-- `apps/android/CHANGELOG.md` is the Android-only changelog and release-note source.
-- `apps/android/fastlane/metadata/android/en-US/release_notes.txt` is generated from that changelog by `pnpm android:version:sync`.
-- `apps/android/Config/ReleaseSigning.json` pins the encrypted Android signing assets in the shared signing repo.
-- `MATCH_PASSWORD` enables Fastlane to pull encrypted Android signing assets into `apps/android/build/release-signing/` before release validation or archive builds.
 - Supported pinned Android versions use CalVer: `YYYY.M.D`.
 - `versionCode` uses `YYYYMMDDNN`, where `NN` is a two-digit build number for the pinned version.
 - `pnpm android:version:pin -- --from-gateway` promotes the current root gateway version into the pinned Android release version.
 - `pnpm android:version:pin -- --version 2026.6.5 --version-code 2026060502` increments another build on the same Android release train.
 - `pnpm android:version:sync` updates generated version artifacts.
 - `pnpm android:version:check` validates checked-in Android version artifacts.
-- `pnpm android:release:preflight` validates Google Play auth, Android release signing, synced versioning, release notes, and prints the package/track/version/versionCode that will be uploaded.
-- `pnpm android:release:signing:sync:pull` pulls encrypted Android signing assets from `apps-signing`.
-- `pnpm android:release:signing:sync:push` creates or refreshes encrypted Android signing assets in `apps-signing`.
 - `pnpm android:screenshots` builds and installs the Play debug app, launches deterministic screenshot scenes, and captures raw PNGs.
 - `pnpm android:release:archive` builds the signed Play AAB and third-party APK into `apps/android/build/release-artifacts/`.
 - `pnpm android:release:upload` uploads the Play AAB to the configured Google Play track. The default track is `internal`.

docs/.generated/plugin-sdk-api-baseline.sha256

@@ -1,2 +1,2 @@
-b810f3b17d1eb746a6fbc4c45095a3b2bb3e08c5cd62a5928f9add2c59bb95b9  plugin-sdk-api-baseline.json
-36174a54f2a9e11b822f499b5659d0b1351198ce98112946d95283b0ee1032dd  plugin-sdk-api-baseline.jsonl
+e2a646aa93124c089fcfed3c3ef982c88d1fdd2170fcdec274446f3d02f20d2b  plugin-sdk-api-baseline.json
+f1762c7b4bbaea4a3ce47ab943daaa6ca3dbc58322cc5d39688da66b3d483a2d  plugin-sdk-api-baseline.jsonl

docs/.i18n/glossary.zh-CN.json

@@ -1175,24 +1175,8 @@
     "source": "Control UI",
     "target": "Control UI"
   },
-  {
-    "source": "Models CLI",
-    "target": "模型 CLI"
-  },
   {
     "source": "Z.AI (GLM)",
     "target": "Z.AI (GLM)"
-  },
-  {
-    "source": "Cohere",
-    "target": "Cohere"
-  },
-  {
-    "source": "Cohere plugin",
-    "target": "Cohere 插件"
-  },
-  {
-    "source": "cohere",
-    "target": "cohere"
   }
 ]

docs/cli/mcp.md

@@ -11,17 +11,13 @@ sidebarTitle: "MCP"
 `openclaw mcp` has two jobs:
 
 - run OpenClaw as an MCP server with `openclaw mcp serve`
-- manage OpenClaw-managed outbound MCP server definitions with `list`, `show`, `status`, `doctor`, `probe`, `add`, `set`, `configure`, `tools`, `login`, `logout`, `reload`, and `unset`
+- manage OpenClaw-owned outbound MCP server definitions with `list`, `show`, `status`, `doctor`, `probe`, `add`, `set`, `configure`, `tools`, `login`, `logout`, `reload`, and `unset`
 
 In other words:
 
 - `serve` is OpenClaw acting as an MCP server
 - the other subcommands are OpenClaw acting as an MCP client-side registry for MCP servers its runtimes may consume later
 
-<Note>
-  `list`, `show`, `set`, and `unset` only read and write OpenClaw-managed `mcp.servers` entries in OpenClaw config. They do not include mcporter servers from `config/mcporter.json`; use `mcporter list` for that registry.
-</Note>
-
 Use [`openclaw acp`](/cli/acp) when OpenClaw should host a coding harness session itself and route that runtime through ACP.
 
 ## Choose the right MCP path
@@ -372,7 +368,7 @@ For broader testing context, see [Testing](/help/testing).
 This is the `openclaw mcp list`, `show`, `status`, `doctor`, `probe`, `add`, `set`,
 `configure`, `tools`, `login`, `logout`, `reload`, and `unset` path.
 
-These commands do not expose OpenClaw over MCP. They manage OpenClaw-managed MCP server definitions under `mcp.servers` in OpenClaw config. They do not read mcporter servers from `config/mcporter.json`.
+These commands do not expose OpenClaw over MCP. They manage OpenClaw-owned MCP server definitions under `mcp.servers` in OpenClaw config.
 
 Those saved definitions are for runtimes that OpenClaw launches or configures later, such as embedded OpenClaw and other runtime adapters. OpenClaw stores the definitions centrally so those runtimes do not need to keep their own duplicate MCP server lists.
 

docs/cli/skills.md

@@ -107,10 +107,6 @@ Notes:
   in the shared managed skills directory when combined with `--global`.
 - `verify <slug>` prints ClawHub's `clawhub.skill.verify.v1` JSON envelope by
   default. There is no `--json` flag because JSON is already the default.
-- When ClawHub returns server-resolved source provenance, verify JSON also
-  includes a commit-pinned `openclaw.verifiedSourceUrl`. Unavailable or
-  self-declared source URLs stay only in the raw provenance envelope and are not
-  promoted.
 - `verify` uses `.clawhub/origin.json` for installed ClawHub skills, so it
   verifies the installed version against the registry it came from. `--version`
   and `--tag` override the version selector but keep that installed registry

docs/concepts/model-providers.md

@@ -296,7 +296,6 @@ See [/providers/kilocode](/providers/kilocode) for setup details.
 | --------------------------------------- | -------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------- |
 | BytePlus                                | `byteplus` / `byteplus-plan`     | `BYTEPLUS_API_KEY`                                           | `byteplus-plan/ark-code-latest`                            |
 | Cerebras                                | `cerebras`                       | `CEREBRAS_API_KEY`                                           | `cerebras/zai-glm-4.7`                                     |
-| Cohere                                  | `cohere`                         | `COHERE_API_KEY`                                             | `cohere/command-a-03-2025`                                 |
 | Cloudflare AI Gateway                   | `cloudflare-ai-gateway`          | `CLOUDFLARE_AI_GATEWAY_API_KEY`                              | -                                                          |
 | DeepInfra                               | `deepinfra`                      | `DEEPINFRA_API_KEY`                                          | `deepinfra/deepseek-ai/DeepSeek-V4-Flash`                  |
 | DeepSeek                                | `deepseek`                       | `DEEPSEEK_API_KEY`                                           | `deepseek/deepseek-v4-flash`                               |

docs/docs.json

@@ -1417,7 +1417,6 @@
                   "providers/azure-speech",
                   "providers/cerebras",
                   "providers/chutes",
-                  "providers/cohere",
                   "providers/claude-max-api-proxy",
                   "providers/cloudflare-ai-gateway",
                   "providers/comfy",

docs/plugins/codex-harness-reference.md

@@ -103,46 +103,8 @@ Supported `appServer` fields:
 | `approvalsReviewer`                           | `"user"` or an allowed guardian reviewer               | Use `"auto_review"` to let Codex review native approval prompts when allowed.                                                                                                                                                                                                                                                                                    |
 | `defaultWorkspaceDir`                         | current process directory                              | Workspace used by `/codex bind` when `--cwd` is omitted.                                                                                                                                                                                                                                                                                                         |
 | `serviceTier`                                 | unset                                                  | Optional Codex app-server service tier. `"priority"` enables fast-mode routing, `"flex"` requests flex processing, and `null` clears the override. Legacy `"fast"` is accepted as `"priority"`.                                                                                                                                                                  |
-| `networkProxy`                                | disabled                                               | Opt into Codex permissions-profile networking for app-server commands. OpenClaw defines the selected `permissions.<profile>.network` config and selects it with `default_permissions` instead of sending `sandbox`.                                                                                                                                              |
 | `experimental.sandboxExecServer`              | `false`                                                | Preview opt-in that registers an OpenClaw sandbox-backed Codex environment with Codex app-server 0.132.0 or newer so native Codex execution can run inside the active OpenClaw sandbox.                                                                                                                                                                          |
 
-`appServer.networkProxy` is explicit because it changes the Codex sandbox
-contract. When enabled, OpenClaw also sets `features.network_proxy.enabled` and
-`default_permissions` in the Codex thread config so the generated permission
-profile can start Codex managed networking. By default, OpenClaw generates a
-collision-resistant `openclaw-network-<fingerprint>` profile name from the
-profile body; use `profileName` only when a stable local name is required.
-
-```js
-export default {
-  plugins: {
-    entries: {
-      codex: {
-        config: {
-          appServer: {
-            sandbox: "workspace-write",
-            networkProxy: {
-              enabled: true,
-              domains: {
-                "api.openai.com": "allow",
-                "blocked.example.com": "deny",
-              },
-              allowUpstreamProxy: true,
-              proxyUrl: "http://127.0.0.1:3128",
-            },
-          },
-        },
-      },
-    },
-  },
-};
-```
-
-If the normal app-server runtime would be `danger-full-access`, enabling
-`networkProxy` uses workspace-style filesystem access for the generated
-permission profile. Codex managed network enforcement is sandboxed networking,
-so a full-access profile would not protect outbound traffic.
-
 The plugin blocks older or unversioned app-server handshakes. Codex app-server
 must report stable version `0.125.0` or newer.
 

docs/plugins/codex-harness.md

@@ -561,52 +561,8 @@ Supported `appServer` fields:
 | `sandbox`                                     | `"danger-full-access"` or an allowed guardian sandbox  | Native Codex sandbox mode sent to thread start/resume. Guardian defaults prefer `"workspace-write"` when allowed, otherwise `"read-only"`. When an OpenClaw sandbox is active, `danger-full-access` turns use Codex `workspace-write` with network access derived from the OpenClaw sandbox egress setting.                                                      |
 | `approvalsReviewer`                           | `"user"` or an allowed guardian reviewer               | Use `"auto_review"` to let Codex review native approval prompts when allowed, otherwise `guardian_subagent` or `user`. `guardian_subagent` remains a legacy alias.                                                                                                                                                                                               |
 | `serviceTier`                                 | unset                                                  | Optional Codex app-server service tier. `"priority"` enables fast-mode routing, `"flex"` requests flex processing, `null` clears the override, and legacy `"fast"` is accepted as `"priority"`.                                                                                                                                                                  |
-| `networkProxy`                                | disabled                                               | Opt into Codex permissions-profile networking for app-server commands. OpenClaw defines the selected `permissions.<profile>.network` config and selects it with `default_permissions` instead of sending `sandbox`.                                                                                                                                              |
 | `experimental.sandboxExecServer`              | `false`                                                | Preview opt-in that registers an OpenClaw sandbox-backed Codex environment with Codex app-server 0.132.0 or newer so native Codex execution can run inside the active OpenClaw sandbox.                                                                                                                                                                          |
 
-`appServer.networkProxy` is explicit because it changes the Codex sandbox
-contract. When enabled, OpenClaw also sets `features.network_proxy.enabled` and
-`default_permissions` in the Codex thread config so the generated permission
-profile can start Codex managed networking. By default, OpenClaw generates a
-collision-resistant `openclaw-network-<fingerprint>` profile name from the
-profile body; use `profileName` only when a stable local name is required.
-
-```js
-export default {
-  plugins: {
-    entries: {
-      codex: {
-        config: {
-          appServer: {
-            sandbox: "workspace-write",
-            networkProxy: {
-              enabled: true,
-              domains: {
-                "api.openai.com": "allow",
-                "blocked.example.com": "deny",
-              },
-              unixSockets: {
-                "/tmp/proxy.sock": "allow",
-                "/tmp/blocked.sock": "none",
-              },
-              allowUpstreamProxy: true,
-              proxyUrl: "http://127.0.0.1:3128",
-            },
-          },
-        },
-      },
-    },
-  },
-};
-```
-
-If the normal app-server runtime would be `danger-full-access`, enabling
-`networkProxy` uses workspace-style filesystem access for the generated
-permission profile. Codex managed network enforcement is sandboxed networking,
-so a full-access profile would not protect outbound traffic.
-Domain entries use `allow` or `deny`; Unix socket entries use Codex's
-`allow` or `none` values.
-
 OpenClaw-owned dynamic tool calls are bounded independently from
 `appServer.requestTimeoutMs`: Codex `item/tool/call` requests use a 90 second
 OpenClaw watchdog by default. A positive per-call `timeoutMs` argument extends

docs/plugins/plugin-inventory.md

@@ -51,7 +51,7 @@ Each entry lists the package, distribution route, and description.
 
 ## Core npm package
 
-91 plugins
+90 plugins
 
 - **[admin-http-rpc](/plugins/reference/admin-http-rpc)** (`@openclaw/admin-http-rpc`) - included in OpenClaw. OpenClaw admin HTTP RPC endpoint.
 
@@ -81,8 +81,6 @@ Each entry lists the package, distribution route, and description.
 
 - **[codex-supervisor](/plugins/reference/codex-supervisor)** (`@openclaw/codex-supervisor`) - included in OpenClaw. Supervise Codex app-server sessions from OpenClaw.
 
-- **[cohere](/plugins/reference/cohere)** (`@openclaw/cohere-provider`) - included in OpenClaw. Adds Cohere model provider support to OpenClaw.
-
 - **[comfy](/plugins/reference/comfy)** (`@openclaw/comfy-provider`) - included in OpenClaw. Adds ComfyUI model provider support to OpenClaw.
 
 - **[copilot-proxy](/plugins/reference/copilot-proxy)** (`@openclaw/copilot-proxy`) - included in OpenClaw. Adds Copilot Proxy model provider support to OpenClaw.

docs/plugins/reference.md

@@ -15,5 +15,5 @@ This page is generated from `extensions/*/package.json` and
 pnpm plugins:inventory:gen
 ```
 
-Use [Plugin inventory](/plugins/plugin-inventory) to browse all 128
+Use [Plugin inventory](/plugins/plugin-inventory) to browse all 127
 generated plugin reference pages by distribution, package, and description.

docs/plugins/reference/cohere.md

@@ -1,23 +0,0 @@
----
-summary: "Adds Cohere model provider support to OpenClaw."
-read_when:
-  - You are installing, configuring, or auditing the cohere plugin
-title: "Cohere plugin"
----
-
-# Cohere plugin
-
-Adds Cohere model provider support to OpenClaw.
-
-## Distribution
-
-- Package: `@openclaw/cohere-provider`
-- Install route: included in OpenClaw
-
-## Surface
-
-providers: cohere
-
-## Related docs
-
-- [cohere](/providers/cohere)

docs/providers/cohere.md

@@ -1,63 +0,0 @@
----
-summary: "Cohere setup (auth + model selection)"
-title: "Cohere"
-read_when:
-  - You want to use Cohere with OpenClaw
-  - You need the Cohere API key env var or CLI auth choice
----
-
-[Cohere](https://cohere.com) provides OpenAI-compatible inference through its Compatibility API. OpenClaw includes a bundled Cohere provider plugin with the Command A model catalog.
-
-| Property        | Value                                    |
-| --------------- | ---------------------------------------- |
-| Provider id     | `cohere`                                 |
-| Plugin          | bundled, `enabledByDefault: true`        |
-| Auth env var    | `COHERE_API_KEY`                         |
-| Onboarding flag | `--auth-choice cohere-api-key`           |
-| Direct CLI flag | `--cohere-api-key <key>`                 |
-| API             | OpenAI-compatible (`openai-completions`) |
-| Base URL        | `https://api.cohere.ai/compatibility/v1` |
-| Default model   | `cohere/command-a-03-2025`               |
-
-## Get started
-
-1. Create a Cohere API key.
-2. Run onboarding:
-
-```bash
-openclaw onboard --non-interactive \
-  --auth-choice cohere-api-key \
-  --cohere-api-key "$COHERE_API_KEY"
-```
-
-3. Confirm the catalog is available:
-
-```bash
-openclaw models list --provider cohere
-```
-
-The default model is set only when no primary model is already configured.
-
-## Environment-only setup
-
-Make `COHERE_API_KEY` available to the Gateway process, then select the bundled model:
-
-```json5
-{
-  agents: {
-    defaults: {
-      model: { primary: "cohere/command-a-03-2025" },
-    },
-  },
-}
-```
-
-<Note>
-If the Gateway runs as a daemon or in Docker, configure `COHERE_API_KEY` for that service. Exporting it only in an interactive shell does not make it available to an already-running Gateway.
-</Note>
-
-## Related
-
-- [Model providers](/concepts/model-providers)
-- [Models CLI](/cli/models)
-- [Provider directory](/providers)

docs/providers/index.md

@@ -33,7 +33,6 @@ Looking for chat channel docs (WhatsApp/Telegram/Discord/Slack/Mattermost (plugi
 - [BytePlus (International)](/concepts/model-providers#byteplus-international)
 - [Cerebras](/providers/cerebras)
 - [Chutes](/providers/chutes)
-- [Cohere](/providers/cohere)
 - [Cloudflare AI Gateway](/providers/cloudflare-ai-gateway)
 - [ComfyUI](/providers/comfy)
 - [DeepSeek](/providers/deepseek)

docs/providers/models.md

@@ -27,7 +27,6 @@ model as `provider/model`.
 - [Anthropic (API + Claude CLI)](/providers/anthropic)
 - [BytePlus (International)](/concepts/model-providers#byteplus-international)
 - [Chutes](/providers/chutes)
-- [Cohere](/providers/cohere)
 - [ComfyUI](/providers/comfy)
 - [Cloudflare AI Gateway](/providers/cloudflare-ai-gateway)
 - [DeepInfra](/providers/deepinfra)

docs/reference/code-mode.md

@@ -675,10 +675,9 @@ is disabled, uninstalled, or rolled back:
 clearCodeModeNamespacesForPlugin(pluginId);
 ```
 
-Code-mode cleanup is plugin-owned; clear the plugin's namespace registrations
-when its lifecycle ends instead of keeping per-namespace teardown handles. Tests
-can call `clearCodeModeNamespacesForTest()` to avoid leaking registrations
-across cases.
+Use `unregisterCodeModeNamespace(namespaceId)` only when removing one known
+namespace. Tests can call `clearCodeModeNamespacesForTest()` to avoid leaking
+registrations across cases.
 
 ### Test checklist
 

extensions/codex/openclaw.plugin.json

@@ -193,47 +193,6 @@
             "enum": ["user", "auto_review", "guardian_subagent"]
           },
           "serviceTier": { "type": ["string", "null"] },
-          "networkProxy": {
-            "type": "object",
-            "additionalProperties": false,
-            "properties": {
-              "enabled": {
-                "type": "boolean",
-                "default": false
-              },
-              "profileName": { "type": "string" },
-              "baseProfile": {
-                "type": "string",
-                "enum": ["read-only", "workspace"]
-              },
-              "mode": {
-                "type": "string",
-                "enum": ["limited", "full"]
-              },
-              "domains": {
-                "type": "object",
-                "additionalProperties": {
-                  "type": "string",
-                  "enum": ["allow", "deny"]
-                }
-              },
-              "unixSockets": {
-                "type": "object",
-                "additionalProperties": {
-                  "type": "string",
-                  "enum": ["allow", "none"]
-                }
-              },
-              "proxyUrl": { "type": "string" },
-              "socksUrl": { "type": "string" },
-              "enableSocks5": { "type": "boolean" },
-              "enableSocks5Udp": { "type": "boolean" },
-              "allowUpstreamProxy": { "type": "boolean" },
-              "allowLocalBinding": { "type": "boolean" },
-              "dangerouslyAllowNonLoopbackProxy": { "type": "boolean" },
-              "dangerouslyAllowAllUnixSockets": { "type": "boolean" }
-            }
-          },
           "defaultWorkspaceDir": {
             "type": "string"
           },
@@ -426,81 +385,6 @@
       "help": "Optional Codex app-server service tier. Use priority, flex, or null. Legacy fast is accepted as priority.",
       "advanced": true
     },
-    "appServer.networkProxy": {
-      "label": "Network Proxy",
-      "help": "Enable Codex permissions-profile networking for app-server commands.",
-      "advanced": true
-    },
-    "appServer.networkProxy.enabled": {
-      "label": "Network Proxy Enabled",
-      "help": "When enabled, OpenClaw defines a Codex permissions profile and selects it with default_permissions instead of sandbox fields.",
-      "advanced": true
-    },
-    "appServer.networkProxy.profileName": {
-      "label": "Network Proxy Profile",
-      "help": "Optional stable Codex permissions profile name. Leave unset to use a generated openclaw-network fingerprint name.",
-      "advanced": true
-    },
-    "appServer.networkProxy.baseProfile": {
-      "label": "Network Proxy Base",
-      "help": "Filesystem access used by the generated profile. Defaults to read-only for read-only sandboxes and workspace otherwise.",
-      "advanced": true
-    },
-    "appServer.networkProxy.domains": {
-      "label": "Network Domains",
-      "help": "Domain allow and deny rules for Codex sandboxed networking.",
-      "advanced": true
-    },
-    "appServer.networkProxy.unixSockets": {
-      "label": "Unix Sockets",
-      "help": "Unix socket allow and none rules for Codex sandboxed networking.",
-      "advanced": true
-    },
-    "appServer.networkProxy.proxyUrl": {
-      "label": "HTTP Proxy URL",
-      "help": "HTTP listener URL used by Codex sandboxed networking.",
-      "advanced": true
-    },
-    "appServer.networkProxy.socksUrl": {
-      "label": "SOCKS Proxy URL",
-      "help": "SOCKS listener URL used by Codex sandboxed networking.",
-      "advanced": true
-    },
-    "appServer.networkProxy.enableSocks5": {
-      "label": "Enable SOCKS5",
-      "help": "Expose SOCKS5 support for the generated Codex permissions profile.",
-      "advanced": true
-    },
-    "appServer.networkProxy.enableSocks5Udp": {
-      "label": "Enable SOCKS5 UDP",
-      "help": "Allow UDP over the SOCKS5 listener when SOCKS5 is enabled.",
-      "advanced": true
-    },
-    "appServer.networkProxy.allowUpstreamProxy": {
-      "label": "Allow Upstream Proxy",
-      "help": "Allow Codex sandboxed networking to chain through inherited HTTP(S)_PROXY or ALL_PROXY settings.",
-      "advanced": true
-    },
-    "appServer.networkProxy.allowLocalBinding": {
-      "label": "Allow Local Binding",
-      "help": "Permit broader local and private-network access through Codex sandboxed networking.",
-      "advanced": true
-    },
-    "appServer.networkProxy.mode": {
-      "label": "Network Mode",
-      "help": "Codex sandboxed networking mode for subprocess traffic.",
-      "advanced": true
-    },
-    "appServer.networkProxy.dangerouslyAllowNonLoopbackProxy": {
-      "label": "Allow Non-Loopback Proxy",
-      "help": "Permit non-loopback bind addresses for Codex sandboxed networking listeners.",
-      "advanced": true
-    },
-    "appServer.networkProxy.dangerouslyAllowAllUnixSockets": {
-      "label": "Allow All Unix Sockets",
-      "help": "Bypass Codex's Unix socket allowlist for tightly controlled environments.",
-      "advanced": true
-    },
     "appServer.defaultWorkspaceDir": {
       "label": "Default Workspace",
       "help": "Workspace used by /codex bind when --cwd is omitted.",

extensions/codex/src/app-server/auth-profile-runtime-contract.test.ts

@@ -10,10 +10,7 @@ import { AUTH_PROFILE_RUNTIME_CONTRACT } from "openclaw/plugin-sdk/agent-runtime
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import type { CodexAppServerClientFactory } from "./client-factory.js";
 import { runCodexAppServerAttempt as runCodexAppServerAttemptImpl } from "./run-attempt.js";
-import {
-  readCodexAppServerBinding,
-  writeCodexAppServerBinding as writeRawCodexAppServerBinding,
-} from "./session-binding.js";
+import { readCodexAppServerBinding, writeCodexAppServerBinding } from "./session-binding.js";
 import { createCodexTestModel } from "./test-support.js";
 
 let codexAppServerClientFactoryForTest: CodexAppServerClientFactory | undefined;
@@ -61,25 +58,6 @@ function createParams(sessionFile: string, workspaceDir: string): EmbeddedRunAtt
   } as EmbeddedRunAttemptParams;
 }
 
-const DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT = JSON.stringify({
-  "features.standalone_web_search": false,
-  web_search: "disabled",
-});
-
-function writeCodexAppServerBinding(
-  ...args: Parameters<typeof writeRawCodexAppServerBinding>
-) {
-  const [sessionFile, binding, lookup] = args;
-  return writeRawCodexAppServerBinding(
-    sessionFile,
-    {
-      webSearchThreadConfigFingerprint: DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT,
-      ...binding,
-    },
-    lookup,
-  );
-}
-
 function threadStartResult(threadId = "thread-auth-contract") {
   return {
     thread: {

extensions/codex/src/app-server/config.test.ts

@@ -10,7 +10,6 @@ import {
   CODEX_PLUGINS_CONFIG_KEYS,
   canUseCodexModelBackedApprovalsReviewerForModel,
   codexAppServerStartOptionsKey,
-  fingerprintCodexAppServerNetworkProxyConfigPatch,
   readCodexPluginConfig,
   resolveCodexAppServerRuntimeOptions,
   resolveCodexComputerUseConfig,
@@ -84,21 +83,6 @@ describe("Codex app-server config", () => {
         sandbox: "danger-full-access",
       }),
     ).toBe(false);
-    expect(
-      shouldAutoApproveCodexAppServerApprovals({
-        approvalPolicy: "never",
-        sandbox: "danger-full-access",
-        networkProxy: {
-          profileName: "openclaw-network",
-          configFingerprint: "network-proxy-v1",
-          configPatch: {
-            "features.network_proxy.enabled": true,
-            default_permissions: "openclaw-network",
-            permissions: {},
-          },
-        },
-      }),
-    ).toBe(false);
   });
 
   it("parses typed plugin config before falling back to environment knobs", () => {
@@ -141,102 +125,6 @@ describe("Codex app-server config", () => {
     });
   });
 
-  it("builds Codex permissions-profile config for app-server network proxy", () => {
-    const runtime = resolveRuntimeForTest({
-      pluginConfig: {
-        appServer: {
-          sandbox: "workspace-write",
-          networkProxy: {
-            enabled: true,
-            profileName: "mock-proxy",
-            mode: "limited",
-            domains: {
-              " api.openai.com ": "allow",
-              "blocked.example.com": "deny",
-            },
-            unixSockets: {
-              " /tmp/mock-proxy.sock ": "allow",
-              "/tmp/blocked.sock": "none",
-            },
-            proxyUrl: "http://127.0.0.1:3128",
-            socksUrl: "socks5h://127.0.0.1:8081",
-            enableSocks5: true,
-            enableSocks5Udp: false,
-            allowUpstreamProxy: true,
-            allowLocalBinding: false,
-          },
-        },
-      },
-    });
-
-    const networkProxy = runtime.networkProxy;
-    if (!networkProxy) {
-      throw new Error("Expected network proxy runtime config");
-    }
-    expect(networkProxy).toEqual({
-      profileName: "mock-proxy",
-      configFingerprint: expect.any(String),
-      configPatch: {
-        "features.network_proxy.enabled": true,
-        default_permissions: "mock-proxy",
-        permissions: {
-          "mock-proxy": {
-            filesystem: {
-              ":minimal": "read",
-              ":project_roots": {
-                ".": "write",
-              },
-            },
-            network: {
-              enabled: true,
-              mode: "limited",
-              domains: {
-                "api.openai.com": "allow",
-                "blocked.example.com": "deny",
-              },
-              unix_sockets: {
-                "/tmp/mock-proxy.sock": "allow",
-                "/tmp/blocked.sock": "none",
-              },
-              proxy_url: "http://127.0.0.1:3128",
-              socks_url: "socks5h://127.0.0.1:8081",
-              enable_socks5: true,
-              enable_socks5_udp: false,
-              allow_upstream_proxy: true,
-              allow_local_binding: false,
-            },
-          },
-        },
-      },
-    });
-    expect(networkProxy.configFingerprint).toBe(
-      fingerprintCodexAppServerNetworkProxyConfigPatch(networkProxy.configPatch),
-    );
-  });
-
-  it("uses read-only filesystem rules for read-only network proxy profiles", () => {
-    const runtime = resolveRuntimeForTest({
-      pluginConfig: {
-        appServer: {
-          sandbox: "read-only",
-          networkProxy: {
-            enabled: true,
-            domains: { "example.com": "allow" },
-          },
-        },
-      },
-    });
-    const profileName = runtime.networkProxy?.profileName;
-    const permissions = runtime.networkProxy?.configPatch.permissions as Record<
-      string,
-      { filesystem: { ":project_roots": { ".": string } } }
-    >;
-
-    expect(profileName).toMatch(/^openclaw-network-[a-f0-9]{16}$/u);
-    expect(runtime.networkProxy?.configPatch.default_permissions).toBe(profileName);
-    expect(permissions[profileName ?? ""]?.filesystem[":project_roots"]["."]).toBe("read");
-  });
-
   it("clamps oversized app-server timer config", () => {
     const runtime = resolveRuntimeForTest({
       pluginConfig: {

extensions/codex/src/app-server/config.ts

@@ -1,5 +1,5 @@
 // Codex helper module supports config behavior.
-import { createHash, createHmac, randomBytes } from "node:crypto";
+import { createHmac, randomBytes } from "node:crypto";
 import { readFileSync } from "node:fs";
 import { hostname as readHostName } from "node:os";
 import path from "node:path";
@@ -16,7 +16,7 @@ import { normalizeAgentId } from "openclaw/plugin-sdk/routing";
 import { normalizeTrimmedStringList } from "openclaw/plugin-sdk/string-coerce-runtime";
 import { detectWindowsSpawnCommandInlineArgs } from "openclaw/plugin-sdk/windows-spawn";
 import { z } from "zod";
-import type { CodexSandboxPolicy, CodexServiceTier, JsonObject, JsonValue } from "./protocol.js";
+import type { CodexSandboxPolicy, CodexServiceTier } from "./protocol.js";
 
 const START_OPTIONS_KEY_SECRET_SYMBOL = Symbol.for("openclaw.codexAppServerStartOptionsKeySecret");
 const START_OPTIONS_KEY_SECRET = getStartOptionsKeySecret();
@@ -111,34 +111,6 @@ export type CodexAppServerExperimentalConfig = {
   sandboxExecServer?: boolean;
 };
 
-export type CodexAppServerNetworkProxyDomainPermission = "allow" | "deny";
-export type CodexAppServerNetworkProxyUnixSocketPermission = "allow" | "none";
-export type CodexAppServerNetworkProxyBaseProfile = "read-only" | "workspace";
-export type CodexAppServerNetworkProxyMode = "limited" | "full";
-
-export type CodexAppServerNetworkProxyConfig = {
-  enabled?: boolean;
-  profileName?: string;
-  baseProfile?: CodexAppServerNetworkProxyBaseProfile;
-  mode?: CodexAppServerNetworkProxyMode;
-  domains?: Record<string, CodexAppServerNetworkProxyDomainPermission>;
-  unixSockets?: Record<string, CodexAppServerNetworkProxyUnixSocketPermission>;
-  proxyUrl?: string;
-  socksUrl?: string;
-  enableSocks5?: boolean;
-  enableSocks5Udp?: boolean;
-  allowUpstreamProxy?: boolean;
-  allowLocalBinding?: boolean;
-  dangerouslyAllowNonLoopbackProxy?: boolean;
-  dangerouslyAllowAllUnixSockets?: boolean;
-};
-
-export type ResolvedCodexAppServerNetworkProxyConfig = {
-  profileName: string;
-  configFingerprint: string;
-  configPatch: JsonObject;
-};
-
 export type ResolvedCodexPluginPolicy = {
   configKey: string;
   marketplaceName: typeof CODEX_PLUGINS_MARKETPLACE_NAME;
@@ -179,7 +151,6 @@ export type CodexAppServerRuntimeOptions = {
   sandbox: CodexAppServerSandboxMode;
   approvalsReviewer: CodexAppServerApprovalsReviewer;
   serviceTier?: CodexServiceTier;
-  networkProxy?: ResolvedCodexAppServerNetworkProxyConfig;
 };
 
 export type CodexModelBackedReviewerContext = {
@@ -217,20 +188,15 @@ export type CodexPluginConfig = {
     sandbox?: CodexAppServerSandboxMode;
     approvalsReviewer?: CodexAppServerApprovalsReviewer;
     serviceTier?: CodexServiceTier | null;
-    networkProxy?: CodexAppServerNetworkProxyConfig;
     defaultWorkspaceDir?: string;
     experimental?: CodexAppServerExperimentalConfig;
   };
 };
 
 export function shouldAutoApproveCodexAppServerApprovals(
-  appServer: Pick<CodexAppServerRuntimeOptions, "approvalPolicy" | "networkProxy" | "sandbox">,
+  appServer: Pick<CodexAppServerRuntimeOptions, "approvalPolicy" | "sandbox">,
 ): boolean {
-  return (
-    appServer.networkProxy === undefined &&
-    appServer.approvalPolicy === "never" &&
-    appServer.sandbox === "danger-full-access"
-  );
+  return appServer.approvalPolicy === "never" && appServer.sandbox === "danger-full-access";
 }
 
 export const CODEX_APP_SERVER_CONFIG_KEYS = [
@@ -250,7 +216,6 @@ export const CODEX_APP_SERVER_CONFIG_KEYS = [
   "sandbox",
   "approvalsReviewer",
   "serviceTier",
-  "networkProxy",
   "defaultWorkspaceDir",
   "experimental",
 ] as const;
@@ -284,7 +249,6 @@ export const CODEX_PLUGIN_ENTRY_CONFIG_KEYS = [
 const DEFAULT_CODEX_COMPUTER_USE_PLUGIN_NAME = "computer-use";
 const DEFAULT_CODEX_COMPUTER_USE_MCP_SERVER_NAME = "computer-use";
 const DEFAULT_CODEX_COMPUTER_USE_MARKETPLACE_DISCOVERY_TIMEOUT_MS = 60_000;
-const DEFAULT_CODEX_APP_SERVER_NETWORK_PROXY_PROFILE_PREFIX = "openclaw-network";
 
 const codexAppServerTransportSchema = z.enum(["stdio", "websocket"]);
 const codexAppServerPolicyModeSchema = z.enum(["yolo", "guardian"]);
@@ -309,26 +273,6 @@ const codexAppServerExperimentalSchema = z
     sandboxExecServer: z.boolean().optional(),
   })
   .strict();
-const codexAppServerNetworkProxyDomainPermissionSchema = z.enum(["allow", "deny"]);
-const codexAppServerNetworkProxyUnixSocketPermissionSchema = z.enum(["allow", "none"]);
-const codexAppServerNetworkProxySchema = z
-  .object({
-    enabled: z.boolean().optional(),
-    profileName: z.string().trim().min(1).optional(),
-    baseProfile: z.enum(["read-only", "workspace"]).optional(),
-    mode: z.enum(["limited", "full"]).optional(),
-    domains: z.record(z.string(), codexAppServerNetworkProxyDomainPermissionSchema).optional(),
-    unixSockets: z.record(z.string(), codexAppServerNetworkProxyUnixSocketPermissionSchema).optional(),
-    proxyUrl: z.string().trim().min(1).optional(),
-    socksUrl: z.string().trim().min(1).optional(),
-    enableSocks5: z.boolean().optional(),
-    enableSocks5Udp: z.boolean().optional(),
-    allowUpstreamProxy: z.boolean().optional(),
-    allowLocalBinding: z.boolean().optional(),
-    dangerouslyAllowNonLoopbackProxy: z.boolean().optional(),
-    dangerouslyAllowAllUnixSockets: z.boolean().optional(),
-  })
-  .strict();
 
 const codexPluginEntryConfigSchema = z
   .object({
@@ -390,7 +334,6 @@ const codexPluginConfigSchema = z
         sandbox: codexAppServerSandboxSchema.optional(),
         approvalsReviewer: codexAppServerApprovalsReviewerSchema.optional(),
         serviceTier: codexAppServerServiceTierSchema,
-        networkProxy: codexAppServerNetworkProxySchema.optional(),
         defaultWorkspaceDir: z.string().optional(),
         experimental: codexAppServerExperimentalSchema.optional(),
       })
@@ -606,11 +549,6 @@ export function resolveCodexAppServerRuntimeOptions(
     ? normalizedPolicyMode
     : (explicitPolicyMode ?? normalizedPolicyMode ?? defaultPolicy?.mode ?? "yolo");
   const serviceTier = normalizeCodexServiceTier(config.serviceTier);
-  const resolvedSandbox =
-    forcedPolicy?.sandbox ??
-    configuredSandbox ??
-    defaultPolicy?.sandbox ??
-    (policyMode === "guardian" ? "workspace-write" : "danger-full-access");
   if (transport === "websocket" && !url) {
     throw new Error(
       "plugins.entries.codex.config.appServer.url is required when appServer.transport is websocket",
@@ -659,14 +597,17 @@ export function resolveCodexAppServerRuntimeOptions(
       : {}),
     approvalPolicy: forcedPolicy?.approvalPolicy ?? approvalPolicy,
     approvalPolicySource,
-    sandbox: resolvedSandbox,
+    sandbox:
+      forcedPolicy?.sandbox ??
+      configuredSandbox ??
+      defaultPolicy?.sandbox ??
+      (policyMode === "guardian" ? "workspace-write" : "danger-full-access"),
     approvalsReviewer:
       forcedPolicy?.approvalsReviewer ??
       explicitApprovalsReviewer ??
       defaultPolicy?.approvalsReviewer ??
       (policyMode === "guardian" ? "auto_review" : "user"),
     ...(serviceTier ? { serviceTier } : {}),
-    ...resolveCodexAppServerNetworkProxy(config.networkProxy, resolvedSandbox),
   };
 }
 
@@ -880,104 +821,6 @@ export function codexSandboxPolicyForTurn(
   };
 }
 
-function resolveCodexAppServerNetworkProxy(
-  config: CodexAppServerNetworkProxyConfig | undefined,
-  sandbox: CodexAppServerSandboxMode,
-): { networkProxy?: ResolvedCodexAppServerNetworkProxyConfig } {
-  if (config?.enabled !== true) {
-    return {};
-  }
-  const fileSystemMode =
-    config.baseProfile === "read-only" || (!config.baseProfile && sandbox === "read-only")
-      ? "read"
-      : "write";
-  const networkConfig = removeUndefinedJsonFields({
-    enabled: true,
-    mode: config.mode,
-    domains: normalizeNetworkProxyPermissionMap(config.domains),
-    unix_sockets: normalizeNetworkProxyPermissionMap(config.unixSockets),
-    proxy_url: readNonEmptyString(config.proxyUrl),
-    socks_url: readNonEmptyString(config.socksUrl),
-    enable_socks5: config.enableSocks5,
-    enable_socks5_udp: config.enableSocks5Udp,
-    allow_upstream_proxy: config.allowUpstreamProxy,
-    allow_local_binding: config.allowLocalBinding,
-    dangerously_allow_non_loopback_proxy: config.dangerouslyAllowNonLoopbackProxy,
-    dangerously_allow_all_unix_sockets: config.dangerouslyAllowAllUnixSockets,
-  });
-  const profile = {
-    filesystem: {
-      ":minimal": "read",
-      ":project_roots": {
-        ".": fileSystemMode,
-      },
-    },
-    network: networkConfig,
-  };
-  const profileName = resolveNetworkProxyPermissionProfileName(config, profile);
-  const configPatch: JsonObject = {
-    "features.network_proxy.enabled": true,
-    default_permissions: profileName,
-    permissions: {
-      [profileName]: profile,
-    },
-  };
-  return {
-    networkProxy: {
-      profileName,
-      configFingerprint: fingerprintCodexAppServerNetworkProxyConfigPatch(configPatch),
-      configPatch,
-    },
-  };
-}
-
-function resolveNetworkProxyPermissionProfileName(
-  config: CodexAppServerNetworkProxyConfig,
-  profile: JsonObject,
-): string {
-  const explicitProfileName = readNonEmptyString(config.profileName);
-  if (explicitProfileName) {
-    return explicitProfileName;
-  }
-  const suffix = createHash("sha256")
-    .update(stableStringifyJson({ version: 1, profile }))
-    .digest("hex")
-    .slice(0, 16);
-  return `${DEFAULT_CODEX_APP_SERVER_NETWORK_PROXY_PROFILE_PREFIX}-${suffix}`;
-}
-
-export function fingerprintCodexAppServerNetworkProxyConfigPatch(configPatch: JsonObject): string {
-  return createHash("sha256").update(stableStringifyJson(configPatch)).digest("hex");
-}
-
-function normalizeNetworkProxyPermissionMap<TPermission extends string>(
-  value: Record<string, TPermission> | undefined,
-): Record<string, TPermission> | undefined {
-  const entries = Object.entries(value ?? {})
-    .map(([key, permission]) => [key.trim(), permission] as const)
-    .filter(([key]) => key.length > 0);
-  return entries.length > 0 ? Object.fromEntries(entries) : undefined;
-}
-
-function removeUndefinedJsonFields(value: Record<string, JsonValue | undefined>): JsonObject {
-  return Object.fromEntries(
-    Object.entries(value).filter((entry): entry is [string, JsonValue] => entry[1] !== undefined),
-  );
-}
-
-function stableStringifyJson(value: JsonValue): string {
-  if (Array.isArray(value)) {
-    return `[${value.map((item) => stableStringifyJson(item)).join(",")}]`;
-  }
-  if (value && typeof value === "object") {
-    return `{${Object.entries(value)
-      .toSorted(([left], [right]) => left.localeCompare(right))
-      .map(([key, item]) => `${JSON.stringify(key)}:${stableStringifyJson(item)}`)
-      .join(",")}}`;
-  }
-  return JSON.stringify(value);
-}
-
 export function withMcpElicitationsApprovalPolicy(
   policy: CodexAppServerEffectiveApprovalPolicy,
 ): CodexAppServerEffectiveApprovalPolicy {

extensions/codex/src/app-server/openclaw-owned-tool-runtime-contract.test.ts

@@ -161,7 +161,7 @@ describe("OpenClaw-owned tool runtime contract — Codex app-server adapter", ()
       expectRecordFields(eventRecord, {
         toolName: "exec",
         toolCallId: "call-middleware",
-        args: mergedParams,
+        args: { command: "status" },
       });
       expectRecordFields(requireRecord(eventRecord.result, "tool_result middleware result"), {
         content: [{ type: "text", text: "raw output" }],

extensions/codex/src/app-server/protocol-generated/json/v2/ThreadResumeResponse.json

@@ -1055,6 +1055,14 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "recencyAt": {
+          "description": "Unix timestamp (in seconds) used for thread recency ordering.",
+          "format": "int64",
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
         "sessionId": {
           "description": "Session id shared by threads that belong to the same session tree.",
           "type": "string"

extensions/codex/src/app-server/protocol-generated/json/v2/ThreadStartResponse.json

@@ -1055,6 +1055,14 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "recencyAt": {
+          "description": "Unix timestamp (in seconds) used for thread recency ordering.",
+          "format": "int64",
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
         "sessionId": {
           "description": "Session id shared by threads that belong to the same session tree.",
           "type": "string"

extensions/codex/src/app-server/run-attempt.context-engine.test.ts

@@ -66,25 +66,6 @@ function createParams(sessionFile: string, workspaceDir: string): EmbeddedRunAtt
   } as EmbeddedRunAttemptParams;
 }
 
-const DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT = JSON.stringify({
-  "features.standalone_web_search": false,
-  web_search: "disabled",
-});
-
-function writeCodexAppServerBinding(
-  ...args: Parameters<typeof writeRawCodexAppServerBinding>
-) {
-  const [sessionFile, binding, lookup] = args;
-  return writeRawCodexAppServerBinding(
-    sessionFile,
-    {
-      webSearchThreadConfigFingerprint: DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT,
-      ...binding,
-    },
-    lookup,
-  );
-}
-
 function assistantMessage(text: string, timestamp: number): AgentMessage {
   return {
     role: "assistant",
@@ -264,6 +245,23 @@ function createContextEngine(overrides: Partial<ContextEngine> = {}): ContextEng
   return engine;
 }
 
+const DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT = JSON.stringify({
+  "features.standalone_web_search": false,
+  web_search: "disabled",
+});
+
+function writeCodexAppServerBinding(...args: Parameters<typeof writeRawCodexAppServerBinding>) {
+  const [sessionFile, binding, lookup] = args;
+  return writeRawCodexAppServerBinding(
+    sessionFile,
+    {
+      webSearchThreadConfigFingerprint: DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT,
+      ...binding,
+    },
+    lookup,
+  );
+}
+
 type MockCallReader = { mock: { calls: unknown[][] } };
 
 function requireRecord(value: unknown, label: string): Record<string, unknown> {

extensions/codex/src/app-server/run-attempt.native-hook-relay.test.ts

@@ -18,32 +18,10 @@ import {
   tempDir,
 } from "./run-attempt-test-harness.js";
 import { testing } from "./run-attempt.js";
-import {
-  readCodexAppServerBinding,
-  writeCodexAppServerBinding as writeRawCodexAppServerBinding,
-} from "./session-binding.js";
+import { readCodexAppServerBinding, writeCodexAppServerBinding } from "./session-binding.js";
 
 setupRunAttemptTestHooks();
 
-const DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT = JSON.stringify({
-  "features.standalone_web_search": false,
-  web_search: "disabled",
-});
-
-function writeCodexAppServerBinding(
-  ...args: Parameters<typeof writeRawCodexAppServerBinding>
-) {
-  const [sessionFile, binding, lookup] = args;
-  return writeRawCodexAppServerBinding(
-    sessionFile,
-    {
-      webSearchThreadConfigFingerprint: DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT,
-      ...binding,
-    },
-    lookup,
-  );
-}
-
 describe("runCodexAppServerAttempt native hook relay", () => {
   it("registers native hook relay config for an enabled Codex turn and cleans it up", async () => {
     const sessionFile = path.join(tempDir, "session.jsonl");
@@ -631,7 +609,6 @@ describe("runCodexAppServerAttempt native hook relay", () => {
       cwd: workspaceDir,
       model: "gpt-5.4-codex",
       modelProvider: "openai",
-      dynamicToolsFingerprint: "[]",
       nativeHookRelayGeneration: "generation-from-failed-resume",
     });
     const harness = createStartedThreadHarness(async (method) => {

extensions/codex/src/app-server/run-attempt.test.ts

@@ -116,11 +116,6 @@ function expectResumeRequest(
   }
 }
 
-const DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT = JSON.stringify({
-  "features.standalone_web_search": false,
-  web_search: "disabled",
-});
-
 async function writeExistingBinding(
   sessionFile: string,
   workspaceDir: string,
@@ -131,7 +126,6 @@ async function writeExistingBinding(
     cwd: workspaceDir,
     model: "gpt-5.4-codex",
     modelProvider: "openai",
-    webSearchThreadConfigFingerprint: DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT,
     ...overrides,
   });
 }

extensions/codex/src/app-server/run-attempt.turn-watches.test.ts

@@ -38,30 +38,11 @@ import { testing } from "./run-attempt.js";
 import {
   readCodexAppServerBinding,
   resolveCodexAppServerBindingPath,
-  writeCodexAppServerBinding as writeRawCodexAppServerBinding,
+  writeCodexAppServerBinding,
 } from "./session-binding.js";
 
 setupRunAttemptTestHooks();
 
-const DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT = JSON.stringify({
-  "features.standalone_web_search": false,
-  web_search: "disabled",
-});
-
-function writeCodexAppServerBinding(
-  ...args: Parameters<typeof writeRawCodexAppServerBinding>
-) {
-  const [sessionFile, binding, lookup] = args;
-  return writeRawCodexAppServerBinding(
-    sessionFile,
-    {
-      webSearchThreadConfigFingerprint: DISABLED_CODEX_WEB_SEARCH_THREAD_CONFIG_FINGERPRINT,
-      ...binding,
-    },
-    lookup,
-  );
-}
-
 const tinyPngBase64 =
   "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO+/p9sAAAAASUVORK5CYII=";
 

extensions/codex/src/app-server/session-binding.test.ts

@@ -60,8 +60,6 @@ describe("codex app-server session binding", () => {
       cwd: tempDir,
       model: "gpt-5.4-codex",
       modelProvider: "openai",
-      networkProxyProfileName: "openclaw-network",
-      networkProxyConfigFingerprint: "network-proxy-v1",
       dynamicToolsFingerprint: "tools-v1",
       webSearchThreadConfigFingerprint: "web-search-v1",
       userMcpServersFingerprint: "user-mcp-v1",
@@ -76,8 +74,6 @@ describe("codex app-server session binding", () => {
     expect(binding?.cwd).toBe(tempDir);
     expect(binding?.model).toBe("gpt-5.4-codex");
     expect(binding?.modelProvider).toBe("openai");
-    expect(binding?.networkProxyProfileName).toBe("openclaw-network");
-    expect(binding?.networkProxyConfigFingerprint).toBe("network-proxy-v1");
     expect(binding?.dynamicToolsFingerprint).toBe("tools-v1");
     expect(binding?.webSearchThreadConfigFingerprint).toBe("web-search-v1");
     expect(binding?.userMcpServersFingerprint).toBe("user-mcp-v1");

extensions/codex/src/app-server/session-binding.ts

@@ -66,8 +66,6 @@ export type CodexAppServerThreadBinding = {
   approvalPolicy?: CodexAppServerApprovalPolicy;
   sandbox?: CodexAppServerSandboxMode;
   serviceTier?: CodexServiceTier;
-  networkProxyProfileName?: string;
-  networkProxyConfigFingerprint?: string;
   dynamicToolsFingerprint?: string;
   dynamicToolsContainDeferred?: boolean;
   webSearchThreadConfigFingerprint?: string;
@@ -183,14 +181,6 @@ export async function readCodexAppServerBinding(
       approvalPolicy: readApprovalPolicy(parsed.approvalPolicy),
       sandbox: readSandboxMode(parsed.sandbox),
       serviceTier: readServiceTier(parsed.serviceTier),
-      networkProxyProfileName:
-        typeof parsed.networkProxyProfileName === "string"
-          ? parsed.networkProxyProfileName
-          : undefined,
-      networkProxyConfigFingerprint:
-        typeof parsed.networkProxyConfigFingerprint === "string"
-          ? parsed.networkProxyConfigFingerprint
-          : undefined,
       dynamicToolsFingerprint:
         typeof parsed.dynamicToolsFingerprint === "string"
           ? parsed.dynamicToolsFingerprint
@@ -266,8 +256,6 @@ export async function writeCodexAppServerBinding(
       approvalPolicy: binding.approvalPolicy,
       sandbox: binding.sandbox,
       serviceTier: binding.serviceTier,
-      networkProxyProfileName: binding.networkProxyProfileName,
-      networkProxyConfigFingerprint: binding.networkProxyConfigFingerprint,
       dynamicToolsFingerprint: binding.dynamicToolsFingerprint,
       dynamicToolsContainDeferred: binding.dynamicToolsContainDeferred,
       webSearchThreadConfigFingerprint: binding.webSearchThreadConfigFingerprint,

extensions/codex/src/app-server/side-question.test.ts

@@ -1151,53 +1151,6 @@ describe("runCodexAppServerSideQuestion", () => {
     expect(config?.["features.code_mode_only"]).toBe(true);
   });
 
-  it("applies network-proxy config to side-thread forks", async () => {
-    const client = createFakeClient();
-    getSharedCodexAppServerClientMock.mockResolvedValue(client);
-
-    await expect(
-      runCodexAppServerSideQuestion(sideParams(), {
-        pluginConfig: {
-          appServer: {
-            networkProxy: {
-              enabled: true,
-              profileName: "side-proxy",
-              domains: { "api.openai.com": "allow" },
-              unixSockets: { "/tmp/proxy.sock": "allow" },
-              allowUpstreamProxy: true,
-              proxyUrl: "http://127.0.0.1:3128",
-            },
-          },
-        },
-      }),
-    ).resolves.toEqual({ text: "Side answer." });
-
-    const forkParams = mockCall(client.request)[1] as Record<string, unknown> | undefined;
-    const config = forkParams?.config as Record<string, unknown> | undefined;
-    expect(forkParams).not.toHaveProperty("sandbox");
-    expect(config).toMatchObject({
-      "features.network_proxy.enabled": true,
-      default_permissions: "side-proxy",
-      permissions: {
-        "side-proxy": {
-          filesystem: {
-            ":minimal": "read",
-            ":project_roots": { ".": "write" },
-          },
-          network: {
-            enabled: true,
-            domains: { "api.openai.com": "allow" },
-            unix_sockets: { "/tmp/proxy.sock": "allow" },
-            allow_upstream_proxy: true,
-            proxy_url: "http://127.0.0.1:3128",
-          },
-        },
-      },
-    });
-    expect(config?.["features.code_mode"]).toBe(true);
-    expect(config?.["features.code_mode_only"]).toBe(false);
-  });
-
   it("keeps Codex code-mode-only while disabling Guardian for provider-qualified local models", async () => {
     const client = createFakeClient();
     getSharedCodexAppServerClientMock.mockResolvedValue(client);

extensions/codex/src/app-server/side-question.ts

@@ -322,16 +322,12 @@ export async function runCodexAppServerSideQuestion(
           threadId: childThreadId,
           turnId,
           nativeHookRelay,
-	          execPolicy,
-	          execReviewerAgentId: sessionAgentId,
-	          internalExecAutoReview: modelScopedAppServer.approvalsReviewer === "user",
-	          autoApprove: shouldAutoApproveCodexAppServerApprovals({
-	            approvalPolicy,
-	            networkProxy: modelScopedAppServer.networkProxy,
-	            sandbox,
-	          }),
-	          signal: runAbortController.signal,
-	        });
+          execPolicy,
+          execReviewerAgentId: sessionAgentId,
+          internalExecAutoReview: modelScopedAppServer.approvalsReviewer === "user",
+          autoApprove: shouldAutoApproveCodexAppServerApprovals({ approvalPolicy, sandbox }),
+          signal: runAbortController.signal,
+        });
       }
       if (request.method !== "item/tool/call") {
         return undefined;
@@ -419,12 +415,8 @@ export async function runCodexAppServerSideQuestion(
       nativeCodeModeEnabled: nativeToolSurfaceEnabled,
       nativeCodeModeOnlyEnabled: appServer.codeModeOnly,
     });
-	    const threadConfig =
-	      mergeCodexThreadConfigs(
-	        nativeHookRelayConfig,
-	        runtimeThreadConfig,
-	        modelScopedAppServer.networkProxy?.configPatch,
-	      ) ?? runtimeThreadConfig;
+    const threadConfig =
+      mergeCodexThreadConfigs(nativeHookRelayConfig, runtimeThreadConfig) ?? runtimeThreadConfig;
     const forkResponse = assertCodexThreadForkResponse(
       await forkCodexSideThread(
         client,
@@ -436,7 +428,7 @@ export async function runCodexAppServerSideQuestion(
           cwd,
           approvalPolicy,
           approvalsReviewer: modelScopedAppServer.approvalsReviewer,
-	          ...(modelScopedAppServer.networkProxy ? {} : { sandbox }),
+          sandbox,
           ...(serviceTier ? { serviceTier } : {}),
           config: threadConfig,
           developerInstructions: SIDE_DEVELOPER_INSTRUCTIONS,

extensions/codex/src/app-server/thread-lifecycle.binding.test.ts

@@ -12,7 +12,6 @@ import {
   readCodexAppServerBinding,
   writeCodexAppServerBinding as writeRawCodexAppServerBinding,
 } from "./session-binding.js";
-import { fingerprintCodexAppServerNetworkProxyConfigPatch } from "./config.js";
 import { startOrResumeThread } from "./thread-lifecycle.js";
 
 function createThreadLifecycleAppServerOptions(): Parameters<
@@ -34,38 +33,6 @@ function createThreadLifecycleAppServerOptions(): Parameters<
   };
 }
 
-function createNetworkProxyThreadLifecycleAppServerOptions() {
-  const configPatch = {
-    "features.network_proxy.enabled": true,
-    default_permissions: "openclaw-network",
-    permissions: {
-      "openclaw-network": {
-        filesystem: {
-          ":minimal": "read",
-          ":project_roots": {
-            ".": "write",
-          },
-        },
-        network: {
-          enabled: true,
-          domains: {
-            "api.openai.com": "allow",
-          },
-          proxy_url: "http://127.0.0.1:3128",
-        },
-      },
-    },
-  };
-  return {
-    ...createThreadLifecycleAppServerOptions(),
-    networkProxy: {
-      profileName: "openclaw-network",
-      configFingerprint: fingerprintCodexAppServerNetworkProxyConfigPatch(configPatch),
-      configPatch,
-    },
-  };
-}
-
 function createParams(sessionFile: string, workspaceDir: string) {
   const params = createRunAttemptParams(sessionFile, workspaceDir);
   params.disableTools = false;
@@ -1480,42 +1447,6 @@ describe("Codex app-server thread lifecycle bindings", () => {
     expect(binding?.threadId).toBe("thread-existing");
   });
 
-  it("starts a new thread when the network proxy config is not active on the binding", async () => {
-    const sessionFile = path.join(tempDir, "session.jsonl");
-    const workspaceDir = path.join(tempDir, "workspace");
-    await writeCodexAppServerBinding(sessionFile, {
-      threadId: "thread-existing",
-      cwd: workspaceDir,
-      model: "gpt-5.4-codex",
-      modelProvider: "openai",
-      dynamicToolsFingerprint: "[]",
-    });
-    const appServer = createNetworkProxyThreadLifecycleAppServerOptions();
-    const request = vi.fn(async (method: string) => {
-      if (method === "thread/start") {
-        return threadStartResult("thread-network-proxy");
-      }
-      throw new Error(`unexpected method: ${method}`);
-    });
-
-    await startOrResumeThread({
-      client: { request } as never,
-      params: createParams(sessionFile, workspaceDir),
-      cwd: workspaceDir,
-      dynamicTools: [],
-      appServer,
-    });
-
-    const requestCalls = request.mock.calls as unknown as Array<[string, { config?: unknown }]>;
-    expect(requestCalls.map(([method]) => method)).toEqual(["thread/start"]);
-    expect(requestCalls[0]?.[1]).not.toHaveProperty("sandbox");
-    expect(requestCalls[0]?.[1].config).toMatchObject(appServer.networkProxy.configPatch);
-    const binding = await readCodexAppServerBinding(sessionFile);
-    expect(binding?.threadId).toBe("thread-network-proxy");
-    expect(binding?.networkProxyProfileName).toBe("openclaw-network");
-    expect(binding?.networkProxyConfigFingerprint).toBe(appServer.networkProxy.configFingerprint);
-  });
-
   it("passes native hook relay config on thread start and resume", async () => {
     const sessionFile = path.join(tempDir, "session.jsonl");
     const workspaceDir = path.join(tempDir, "workspace");

extensions/codex/src/app-server/thread-lifecycle.test.ts

@@ -5,7 +5,6 @@ import path from "node:path";
 import type { EmbeddedRunAttemptParams } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { CODEX_GPT5_BEHAVIOR_CONTRACT } from "../../prompt-overlay.js";
-import { fingerprintCodexAppServerNetworkProxyConfigPatch } from "./config.js";
 import { createCodexTestModel } from "./test-support.js";
 import {
   buildDeveloperInstructions,
@@ -84,39 +83,6 @@ function createAppServerOptions() {
     approvalPolicy: "on-request",
     approvalsReviewer: "user",
     sandbox: "workspace-write",
-  };
-}
-
-function createNetworkProxyAppServerOptions() {
-  const configPatch = {
-    "features.network_proxy.enabled": true,
-    default_permissions: "mock-proxy",
-    permissions: {
-      "mock-proxy": {
-        filesystem: {
-          ":minimal": "read",
-          ":project_roots": {
-            ".": "write",
-          },
-        },
-        network: {
-          enabled: true,
-          domains: {
-            "api.openai.com": "allow",
-          },
-          allow_upstream_proxy: true,
-          proxy_url: "http://127.0.0.1:3128",
-        },
-      },
-    },
-  } as const;
-  return {
-    ...createAppServerOptions(),
-    networkProxy: {
-      profileName: "mock-proxy",
-      configFingerprint: fingerprintCodexAppServerNetworkProxyConfigPatch(configPatch),
-      configPatch,
-    },
   } as const;
 }
 
@@ -457,55 +423,6 @@ describe("Codex app-server native code mode config", () => {
     });
   });
 
-  it("selects the Codex network-proxy permissions profile in thread/start config", () => {
-    const request = buildThreadStartParams(createAttemptParams({ provider: "openai" }), {
-      cwd: "/repo",
-      dynamicTools: [],
-      appServer: createNetworkProxyAppServerOptions() as never,
-      developerInstructions: "test instructions",
-    });
-
-    expect(request).not.toHaveProperty("permissions");
-    expect(request).not.toHaveProperty("sandbox");
-    expect(request.config).toMatchObject({
-      "features.network_proxy.enabled": true,
-      default_permissions: "mock-proxy",
-      permissions: {
-        "mock-proxy": {
-          network: {
-            enabled: true,
-            allow_upstream_proxy: true,
-            proxy_url: "http://127.0.0.1:3128",
-          },
-        },
-      },
-    });
-  });
-
-  it("selects the Codex network-proxy permissions profile in thread/resume config", () => {
-    const request = buildThreadResumeParams(createAttemptParams({ provider: "openai" }), {
-      threadId: "thread-1",
-      appServer: createNetworkProxyAppServerOptions() as never,
-      developerInstructions: "test instructions",
-    });
-
-    expect(request).not.toHaveProperty("permissions");
-    expect(request).not.toHaveProperty("sandbox");
-    expect(request.config).toMatchObject({
-      "features.network_proxy.enabled": true,
-      default_permissions: "mock-proxy",
-      permissions: {
-        "mock-proxy": {
-          network: {
-            domains: {
-              "api.openai.com": "allow",
-            },
-          },
-        },
-      },
-    });
-  });
-
   it("disables Codex tool-search features for nano models", () => {
     const request = buildThreadStartParams(
       createAttemptParams({ provider: "openai", modelId: "gpt-5.4-nano" }),
@@ -724,35 +641,6 @@ describe("Codex app-server turn input image sanitizing", () => {
     });
   });
 
-  it("uses Codex permissions for network-proxy turn/start requests", () => {
-    const request = buildTurnStartParams(createAttemptParams({ provider: "openai" }), {
-      threadId: "thread-1",
-      cwd: "/repo",
-      appServer: createNetworkProxyAppServerOptions() as never,
-    });
-
-    expect(request).not.toHaveProperty("permissions");
-    expect(request).not.toHaveProperty("sandboxPolicy");
-  });
-
-  it("keeps explicit sandbox policy overrides ahead of network-proxy turn permissions", () => {
-    const request = buildTurnStartParams(createAttemptParams({ provider: "openai" }), {
-      threadId: "thread-1",
-      cwd: "/repo",
-      appServer: createNetworkProxyAppServerOptions() as never,
-      sandboxPolicy: {
-        type: "externalSandbox",
-        networkAccess: "enabled",
-      },
-    });
-
-    expect(request).not.toHaveProperty("permissions");
-    expect(request.sandboxPolicy).toEqual({
-      type: "externalSandbox",
-      networkAccess: "enabled",
-    });
-  });
-
   it("attaches turn-scoped developer instructions without changing thread config", () => {
     const request = buildTurnStartParams(createAttemptParams({ provider: "openai" }), {
       threadId: "thread-1",

extensions/codex/src/app-server/thread-lifecycle.ts

@@ -338,7 +338,6 @@ export async function startOrResumeThread(params: {
     }),
   );
   const webSearchThreadConfigFingerprint = fingerprintJsonObject(webSearchPlan.threadConfig);
-  const networkProxyConfigFingerprint = params.appServer.networkProxy?.configFingerprint;
   const contextEngineBinding = lifecycleTiming.measureSync("context-engine-binding", () =>
     buildContextEngineBinding(params.params, params.contextEngineProjection),
   );
@@ -396,39 +395,6 @@ export async function startOrResumeThread(params: {
     binding.webSearchThreadConfigFingerprint !== webSearchThreadConfigFingerprint;
   const persistentWebSearchRestriction =
     params.webSearchAllowed === false && params.persistentWebSearchAllowed === false;
-  const transientNativeToolRestriction =
-    params.nativeCodeModeEnabled === false && !persistentWebSearchRestriction;
-  const transientWebSearchRestriction = isTransientWebSearchRestriction(params);
-  const explicitTransientWebSearchRestriction =
-    params.webSearchAllowed === false &&
-    params.persistentWebSearchAllowed !== false &&
-    transientWebSearchRestriction;
-  const unknownProviderWebSearchSupport = params.nativeProviderWebSearchSupport === "unknown";
-  if (
-    binding?.threadId &&
-    params.mcpServersFingerprintEvaluated === true &&
-    binding.mcpServersFingerprint !== params.mcpServersFingerprint
-  ) {
-    if (
-      transientNativeToolRestriction ||
-      (webSearchBindingChanged &&
-        (explicitTransientWebSearchRestriction || unknownProviderWebSearchSupport))
-    ) {
-      embeddedAgentLog.debug(
-        "codex app-server MCP config changed during transient restricted turn; starting transient thread",
-        {
-          threadId: binding.threadId,
-        },
-      );
-      preserveExistingBinding = true;
-    } else {
-      embeddedAgentLog.debug("codex app-server MCP config changed; starting a new thread", {
-        threadId: binding.threadId,
-      });
-      await clearCodexAppServerBinding(params.params.sessionFile);
-    }
-    binding = undefined;
-  }
   // A transient native-tool restriction must not replace a legacy binding just
   // because that binding predates search fingerprints. Explicit persistent
   // search denial still rotates first so the restricted thread can persist.
@@ -441,6 +407,7 @@ export async function startOrResumeThread(params: {
     webSearchBindingChanged &&
     !deferLegacyWebSearchRotationToTransientNativeSurface
   ) {
+    const transientWebSearchRestriction = isTransientWebSearchRestriction(params);
     if (transientWebSearchRestriction) {
       embeddedAgentLog.debug(
         "codex app-server web search restricted for turn; starting transient thread",
@@ -459,7 +426,11 @@ export async function startOrResumeThread(params: {
     }
     binding = undefined;
   }
-  if (binding?.threadId && transientNativeToolRestriction) {
+  if (
+    binding?.threadId &&
+    params.nativeCodeModeEnabled === false &&
+    !persistentWebSearchRestriction
+  ) {
     embeddedAgentLog.debug(
       "codex app-server native tool surface disabled for turn; starting transient thread",
       {
@@ -515,10 +486,10 @@ export async function startOrResumeThread(params: {
   }
   if (
     binding?.threadId &&
-    (binding.networkProxyConfigFingerprint !== networkProxyConfigFingerprint ||
-      binding.networkProxyProfileName !== params.appServer.networkProxy?.profileName)
+    params.mcpServersFingerprintEvaluated === true &&
+    binding.mcpServersFingerprint !== params.mcpServersFingerprint
   ) {
-    embeddedAgentLog.debug("codex app-server network proxy config changed; starting a new thread", {
+    embeddedAgentLog.debug("codex app-server MCP config changed; starting a new thread", {
       threadId: binding.threadId,
     });
     await clearCodexAppServerBinding(params.params.sessionFile);
@@ -560,6 +531,17 @@ export async function startOrResumeThread(params: {
       binding = undefined;
     }
   }
+  if (
+    binding?.threadId &&
+    params.mcpServersFingerprintEvaluated === true &&
+    binding.mcpServersFingerprint !== params.mcpServersFingerprint
+  ) {
+    embeddedAgentLog.debug("codex app-server MCP config changed; starting a new thread", {
+      threadId: binding.threadId,
+    });
+    await clearCodexAppServerBinding(params.params.sessionFile);
+    binding = undefined;
+  }
   if (binding?.threadId) {
     if (
       binding.dynamicToolsFingerprint &&
@@ -608,12 +590,11 @@ export async function startOrResumeThread(params: {
         await clearCodexAppServerBinding(params.params.sessionFile);
       }
     } else {
-      const resumeBinding = binding;
       try {
-        const authProfileId = params.params.authProfileId ?? resumeBinding.authProfileId;
+        const authProfileId = params.params.authProfileId ?? binding.authProfileId;
         const finalConfigPatch = params.buildFinalConfigPatch?.({
           action: "resume",
-          binding: resumeBinding,
+          binding,
         }) ?? {
           configPatch: params.finalConfigPatch,
           nativeHookRelayGeneration: params.nativeHookRelayGeneration,
@@ -625,7 +606,7 @@ export async function startOrResumeThread(params: {
         );
         const resumeParams = lifecycleTiming.measureSync("thread-resume-params", () =>
           buildThreadResumeParams(params.params, {
-            threadId: resumeBinding.threadId,
+            threadId: binding.threadId,
             authProfileId,
             model: startModelSelection.model,
             modelProvider: startModelProvider,
@@ -653,7 +634,7 @@ export async function startOrResumeThread(params: {
         const nextMcpServersFingerprint =
           params.mcpServersFingerprintEvaluated === true
             ? params.mcpServersFingerprint
-            : resumeBinding.mcpServersFingerprint;
+            : binding.mcpServersFingerprint;
         await lifecycleTiming.measure("thread-resume-write-binding", () =>
           writeCodexAppServerBinding(
             params.params.sessionFile,
@@ -668,17 +649,14 @@ export async function startOrResumeThread(params: {
               webSearchThreadConfigFingerprint,
               userMcpServersFingerprint,
               mcpServersFingerprint: nextMcpServersFingerprint,
-              networkProxyProfileName: params.appServer.networkProxy?.profileName,
-              networkProxyConfigFingerprint,
               nativeHookRelayGeneration:
-                finalConfigPatch.nativeHookRelayGeneration ??
-                resumeBinding.nativeHookRelayGeneration,
-              pluginAppsFingerprint: resumeBinding.pluginAppsFingerprint,
-              pluginAppsInputFingerprint: resumeBinding.pluginAppsInputFingerprint,
-              pluginAppPolicyContext: resumeBinding.pluginAppPolicyContext,
+                finalConfigPatch.nativeHookRelayGeneration ?? binding.nativeHookRelayGeneration,
+              pluginAppsFingerprint: binding.pluginAppsFingerprint,
+              pluginAppsInputFingerprint: binding.pluginAppsInputFingerprint,
+              pluginAppPolicyContext: binding.pluginAppPolicyContext,
               contextEngine: contextEngineBinding,
               environmentSelectionFingerprint,
-              createdAt: resumeBinding.createdAt,
+              createdAt: binding.createdAt,
             },
             {
               authProfileStore: params.params.authProfileStore,
@@ -708,7 +686,7 @@ export async function startOrResumeThread(params: {
         });
         const activeTurnIds = readActiveCodexTurnIds(response.thread);
         return {
-          ...resumeBinding,
+          ...binding,
           threadId: response.thread.id,
           cwd: params.cwd,
           authProfileId: boundAuthProfileId,
@@ -719,13 +697,11 @@ export async function startOrResumeThread(params: {
           webSearchThreadConfigFingerprint,
           userMcpServersFingerprint,
           mcpServersFingerprint: nextMcpServersFingerprint,
-          networkProxyProfileName: params.appServer.networkProxy?.profileName,
-          networkProxyConfigFingerprint,
           nativeHookRelayGeneration:
-            finalConfigPatch.nativeHookRelayGeneration ?? resumeBinding.nativeHookRelayGeneration,
-          pluginAppsFingerprint: resumeBinding.pluginAppsFingerprint,
-          pluginAppsInputFingerprint: resumeBinding.pluginAppsInputFingerprint,
-          pluginAppPolicyContext: resumeBinding.pluginAppPolicyContext,
+            finalConfigPatch.nativeHookRelayGeneration ?? binding.nativeHookRelayGeneration,
+          pluginAppsFingerprint: binding.pluginAppsFingerprint,
+          pluginAppsInputFingerprint: binding.pluginAppsInputFingerprint,
+          pluginAppPolicyContext: binding.pluginAppPolicyContext,
           contextEngine: contextEngineBinding,
           environmentSelectionFingerprint,
           lifecycle: {
@@ -821,8 +797,6 @@ export async function startOrResumeThread(params: {
           webSearchThreadConfigFingerprint,
           userMcpServersFingerprint,
           mcpServersFingerprint: nextMcpServersFingerprint,
-          networkProxyProfileName: params.appServer.networkProxy?.profileName,
-          networkProxyConfigFingerprint,
           nativeHookRelayGeneration: finalConfigPatch.nativeHookRelayGeneration,
           pluginAppsFingerprint: pluginThreadConfig?.fingerprint,
           pluginAppsInputFingerprint: pluginThreadConfig?.inputFingerprint,
@@ -871,8 +845,6 @@ export async function startOrResumeThread(params: {
     dynamicToolsContainDeferred,
     userMcpServersFingerprint,
     mcpServersFingerprint: nextMcpServersFingerprint,
-    networkProxyProfileName: params.appServer.networkProxy?.profileName,
-    networkProxyConfigFingerprint,
     nativeHookRelayGeneration: finalConfigPatch.nativeHookRelayGeneration,
     pluginAppsFingerprint: pluginThreadConfig?.fingerprint,
     pluginAppsInputFingerprint: pluginThreadConfig?.inputFingerprint,
@@ -1082,7 +1054,7 @@ export function buildThreadStartParams(
     cwd: options.cwd,
     approvalPolicy: options.appServer.approvalPolicy,
     approvalsReviewer: options.appServer.approvalsReviewer,
-    ...codexThreadSandboxOrPermissions(options.appServer),
+    sandbox: options.appServer.sandbox,
     ...(options.appServer.serviceTier ? { serviceTier: options.appServer.serviceTier } : {}),
     personality: CODEX_NATIVE_PERSONALITY_NONE,
     serviceName: "OpenClaw",
@@ -1091,7 +1063,6 @@ export function buildThreadStartParams(
       nativeProviderWebSearchSupport: options.nativeProviderWebSearchSupport,
       nativeCodeModeOnlyEnabled: options.nativeCodeModeOnlyEnabled,
       webSearchAllowed: options.webSearchAllowed,
-      appServer: options.appServer,
     }),
     ...resolveCodexThreadEnvironmentSelection(options),
     developerInstructions:
@@ -1162,7 +1133,7 @@ export function buildThreadResumeParams(
     ...(modelSelection.modelProvider ? { modelProvider: modelSelection.modelProvider } : {}),
     approvalPolicy: options.appServer.approvalPolicy,
     approvalsReviewer: options.appServer.approvalsReviewer,
-    ...codexThreadSandboxOrPermissions(options.appServer),
+    sandbox: options.appServer.sandbox,
     ...(options.appServer.serviceTier ? { serviceTier: options.appServer.serviceTier } : {}),
     personality: CODEX_NATIVE_PERSONALITY_NONE,
     config: buildCodexRuntimeThreadConfigForRun(params, options.config, {
@@ -1170,7 +1141,6 @@ export function buildThreadResumeParams(
       nativeProviderWebSearchSupport: options.nativeProviderWebSearchSupport,
       nativeCodeModeOnlyEnabled: options.nativeCodeModeOnlyEnabled,
       webSearchAllowed: options.webSearchAllowed,
-      appServer: options.appServer,
     }),
     developerInstructions:
       options.developerInstructions ??
@@ -1324,7 +1294,6 @@ function buildCodexRuntimeThreadConfigForRun(
     nativeProviderWebSearchSupport?: CodexNativeWebSearchSupport;
     nativeCodeModeOnlyEnabled?: boolean;
     webSearchAllowed?: boolean;
-    appServer?: Pick<CodexAppServerRuntimeOptions, "networkProxy">;
   } = {},
 ): JsonObject {
   const webSearchConfig = resolveCodexWebSearchPlan({
@@ -1341,7 +1310,6 @@ function buildCodexRuntimeThreadConfigForRun(
   const runtimeConfig =
     mergeCodexThreadConfigs(
       baseConfig,
-      options.appServer?.networkProxy?.configPatch,
       shouldDisableCodexToolSearchForModel(params.modelId)
         ? CODEX_TOOL_SEARCH_UNSUPPORTED_THREAD_CONFIG
         : undefined,
@@ -1382,20 +1350,14 @@ export function buildTurnStartParams(
     agentDir: params.agentDir,
     config: params.config,
   });
-  const useThreadPermissionProfile = options.appServer.networkProxy && !options.sandboxPolicy;
   return {
     threadId: options.threadId,
     input: buildUserInput(params, options.promptText),
     cwd: options.cwd,
     approvalPolicy: options.appServer.approvalPolicy,
     approvalsReviewer: options.appServer.approvalsReviewer,
-    ...(useThreadPermissionProfile
-      ? {}
-      : {
-          sandboxPolicy:
-            options.sandboxPolicy ??
-            codexSandboxPolicyForTurn(options.appServer.sandbox, options.cwd),
-        }),
+    sandboxPolicy:
+      options.sandboxPolicy ?? codexSandboxPolicyForTurn(options.appServer.sandbox, options.cwd),
     model: modelSelection.model,
     personality: CODEX_NATIVE_PERSONALITY_NONE,
     ...(options.appServer.serviceTier ? { serviceTier: options.appServer.serviceTier } : {}),
@@ -1411,15 +1373,6 @@ export function buildTurnStartParams(
   };
 }
 
-function codexThreadSandboxOrPermissions(
-  appServer: Pick<CodexAppServerRuntimeOptions, "networkProxy" | "sandbox">,
-): Pick<CodexThreadStartParams, "sandbox"> {
-  if (appServer.networkProxy) {
-    return {};
-  }
-  return { sandbox: appServer.sandbox };
-}
-
 function resolveCodexThreadEnvironmentSelection(options: {
   nativeCodeModeEnabled?: boolean;
   environmentSelection?: CodexTurnEnvironmentParams[];

extensions/codex/src/app-server/thread-lifecycle.user-mcp-servers.test.ts

@@ -300,7 +300,6 @@ describe("startOrResumeThread — user mcp.servers projection (regression: #8081
       cwd: workspaceDir,
       model: "gpt-5.4-codex",
       modelProvider: "openai",
-      dynamicToolsFingerprint: "[]",
     });
     const request = vi.fn(async (method: string, _params: unknown) => {
       if (method === "thread/start") {
@@ -339,87 +338,6 @@ describe("startOrResumeThread — user mcp.servers projection (regression: #8081
     expect(preservedBinding?.threadId).toBe("thread-native");
   });
 
-  it("preserves MCP-mismatched bindings across transient native-tool-disabled turns", async () => {
-    const sessionFile = path.join(tempDir, "session.jsonl");
-    const workspaceDir = path.join(tempDir, "workspace");
-    await writeCodexAppServerBinding(sessionFile, {
-      threadId: "thread-native",
-      cwd: workspaceDir,
-      model: "gpt-5.4-codex",
-      modelProvider: "openai",
-      dynamicToolsFingerprint: "[]",
-      mcpServersFingerprint: "mcp-v1",
-    });
-    const request = vi.fn(async (method: string, _params: unknown) => {
-      if (method === "thread/start") {
-        return threadStartResult("thread-restricted");
-      }
-      throw new Error(`unexpected method: ${method}`);
-    });
-
-    await startOrResumeThread({
-      client: { request } as never,
-      params: createParams(sessionFile, workspaceDir),
-      cwd: workspaceDir,
-      dynamicTools: [],
-      appServer: createAppServerOptions(),
-      mcpServersFingerprint: undefined,
-      mcpServersFingerprintEvaluated: true,
-      nativeCodeModeEnabled: false,
-      userMcpServersEnabled: false,
-    });
-
-    expect(request.mock.calls.map(([method]) => method)).toEqual(["thread/start"]);
-    const startParams = request.mock.calls[0]?.[1] as {
-      config?: {
-        "features.code_mode"?: boolean;
-        mcp_servers?: Record<string, unknown>;
-      };
-    };
-    expect(startParams?.config?.["features.code_mode"]).toBe(false);
-    expect(startParams?.config?.mcp_servers).toBeUndefined();
-    const preservedBinding = await readCodexAppServerBinding(sessionFile);
-    expect(preservedBinding?.threadId).toBe("thread-native");
-    expect(preservedBinding?.mcpServersFingerprint).toBe("mcp-v1");
-  });
-
-  it("preserves MCP-mismatched bindings when provider web-search support is unknown", async () => {
-    const sessionFile = path.join(tempDir, "session.jsonl");
-    const workspaceDir = path.join(tempDir, "workspace");
-    await writeCodexAppServerBinding(sessionFile, {
-      threadId: "thread-native",
-      cwd: workspaceDir,
-      model: "gpt-5.4-codex",
-      modelProvider: "openai",
-      dynamicToolsFingerprint: "[]",
-      webSearchThreadConfigFingerprint: "web-search-v1",
-      mcpServersFingerprint: "mcp-v1",
-    });
-    const request = vi.fn(async (method: string, _params: unknown) => {
-      if (method === "thread/start") {
-        return threadStartResult("thread-fallback");
-      }
-      throw new Error(`unexpected method: ${method}`);
-    });
-
-    await startOrResumeThread({
-      client: { request } as never,
-      params: createParams(sessionFile, workspaceDir),
-      cwd: workspaceDir,
-      dynamicTools: [],
-      appServer: createAppServerOptions(),
-      mcpServersFingerprint: undefined,
-      mcpServersFingerprintEvaluated: true,
-      nativeProviderWebSearchSupport: "unknown",
-      userMcpServersEnabled: false,
-    });
-
-    expect(request.mock.calls.map(([method]) => method)).toEqual(["thread/start"]);
-    const preservedBinding = await readCodexAppServerBinding(sessionFile);
-    expect(preservedBinding?.threadId).toBe("thread-native");
-    expect(preservedBinding?.mcpServersFingerprint).toBe("mcp-v1");
-  });
-
   it("starts a new thread without user MCP servers when runtime policy disables them", async () => {
     const sessionFile = path.join(tempDir, "session.jsonl");
     const workspaceDir = path.join(tempDir, "workspace");

extensions/codex/src/conversation-binding.test.ts

@@ -74,62 +74,9 @@ import {
   handleCodexConversationInboundClaim,
   startCodexConversationThread,
 } from "./conversation-binding.js";
-import { resolveCodexAppServerRuntimeOptions } from "./app-server/config.js";
 
 let tempDir: string;
 
-const NETWORK_PROXY_PLUGIN_CONFIG = {
-  appServer: {
-    networkProxy: {
-      enabled: true,
-      domains: { "api.openai.com": "allow" },
-      allowUpstreamProxy: true,
-      proxyUrl: "http://127.0.0.1:3128",
-    },
-  },
-};
-const NETWORK_PROXY_RUNTIME = resolveCodexAppServerRuntimeOptions({
-  env: {},
-  requirementsToml: null,
-  pluginConfig: NETWORK_PROXY_PLUGIN_CONFIG,
-});
-const NETWORK_PROXY_PROFILE_NAME = NETWORK_PROXY_RUNTIME.networkProxy?.profileName ?? "missing";
-const NETWORK_PROXY_CONFIG_PATCH = NETWORK_PROXY_RUNTIME.networkProxy?.configPatch ?? {};
-const NETWORK_PROXY_CONFIG_FINGERPRINT =
-  NETWORK_PROXY_RUNTIME.networkProxy?.configFingerprint ?? "missing";
-
-function conversationThreadStartResult(threadId: string) {
-  return {
-    approvalPolicy: "never",
-    approvalsReviewer: "user",
-    cwd: tempDir,
-    model: "gpt-5.4-mini",
-    modelProvider: "openai",
-    sandbox: { type: "workspaceWrite", networkAccess: false },
-    serviceTier: null,
-    activePermissionProfile: null,
-    thread: {
-      id: threadId,
-      sessionId: "session-1",
-      preview: "",
-      ephemeral: false,
-      modelProvider: "openai",
-      createdAt: 1,
-      updatedAt: 1,
-      status: { type: "idle" },
-      path: null,
-      cwd: tempDir,
-      cliVersion: "0.125.0",
-      source: "unknown",
-      agentNickname: null,
-      agentRole: null,
-      gitInfo: null,
-      name: null,
-      turns: [],
-    },
-  };
-}
-
 function mockCallArg(mock: ReturnType<typeof vi.fn>, callIndex = 0, argIndex = 0): unknown {
   const call = mock.mock.calls[callIndex];
   if (!call) {
@@ -233,70 +180,6 @@ describe("codex conversation binding", () => {
     );
   });
 
-  it("selects Codex network-proxy permissions through app-server bind thread config", async () => {
-    const sessionFile = path.join(tempDir, "session.jsonl");
-    const requests: Array<{ method: string; params: Record<string, unknown> }> = [];
-    sharedClientMocks.getSharedCodexAppServerClient.mockResolvedValue({
-      request: vi.fn(async (method: string, requestParams: Record<string, unknown>) => {
-        requests.push({ method, params: requestParams });
-        return {
-          thread: { id: "thread-new", sessionId: "session-1", cwd: tempDir },
-          model: "gpt-5.4-mini",
-        };
-      }),
-    });
-
-    await startCodexConversationThread({
-      pluginConfig: NETWORK_PROXY_PLUGIN_CONFIG,
-      sessionFile,
-      workspaceDir: tempDir,
-      model: "gpt-5.4-mini",
-      modelProvider: "openai",
-    });
-
-    expect(requests).toHaveLength(1);
-    expect(requests[0]?.method).toBe("thread/start");
-    expect(requests[0]?.params).not.toHaveProperty("permissions");
-    expect(requests[0]?.params).not.toHaveProperty("sandbox");
-    expect(requests[0]?.params.config).toMatchObject(NETWORK_PROXY_CONFIG_PATCH);
-  });
-
-  it("starts a fresh proxy-backed thread when binding an explicit app-server thread id", async () => {
-    const sessionFile = path.join(tempDir, "session.jsonl");
-    const requests: Array<{ method: string; params: Record<string, unknown> }> = [];
-    sharedClientMocks.getSharedCodexAppServerClient.mockResolvedValue({
-      request: vi.fn(async (method: string, requestParams: Record<string, unknown>) => {
-        requests.push({ method, params: requestParams });
-        if (method === "thread/resume") {
-          throw new Error("thread/resume should not receive network proxy config");
-        }
-        return conversationThreadStartResult("thread-new");
-      }),
-    });
-
-    await startCodexConversationThread({
-      pluginConfig: NETWORK_PROXY_PLUGIN_CONFIG,
-      sessionFile,
-      threadId: "thread-old",
-      workspaceDir: tempDir,
-      model: "gpt-5.4-mini",
-      modelProvider: "openai",
-    });
-
-    expect(requests.map((request) => request.method)).toEqual(["thread/start"]);
-    expect(requests[0]?.params).not.toHaveProperty("threadId");
-    expect(requests[0]?.params).not.toHaveProperty("sandbox");
-    expect(requests[0]?.params.config).toMatchObject(NETWORK_PROXY_CONFIG_PATCH);
-    const bindingAfterStart = JSON.parse(
-      await fs.readFile(`${sessionFile}.codex-app-server.json`, "utf8"),
-    ) as Record<string, unknown>;
-    expect(bindingAfterStart.threadId).toBe("thread-new");
-    expect(bindingAfterStart.networkProxyProfileName).toBe(NETWORK_PROXY_PROFILE_NAME);
-    expect(bindingAfterStart.networkProxyConfigFingerprint).toBe(
-      NETWORK_PROXY_CONFIG_FINGERPRINT,
-    );
-  });
-
   it("preserves Codex auth and omits the public OpenAI provider for native bind threads", async () => {
     const sessionFile = path.join(tempDir, "session.jsonl");
     agentRuntimeMocks.ensureAuthProfileStore.mockReturnValue({
@@ -1054,7 +937,7 @@ describe("codex conversation binding", () => {
     await fs.writeFile(
       `${sessionFile}.codex-app-server.json`,
       JSON.stringify({
-        schemaVersion: 2,
+        schemaVersion: 1,
         threadId: "thread-1",
         cwd: tempDir,
         approvalPolicy: "never",
@@ -1320,196 +1203,6 @@ describe("codex conversation binding", () => {
     });
   });
 
-  it("keeps network-proxy bound app-server turns on their thread permissions profile", async () => {
-    const sessionFile = path.join(tempDir, "session.jsonl");
-    await fs.writeFile(
-      `${sessionFile}.codex-app-server.json`,
-      JSON.stringify({
-        schemaVersion: 2,
-        threadId: "thread-1",
-        cwd: tempDir,
-        networkProxyProfileName: NETWORK_PROXY_PROFILE_NAME,
-        networkProxyConfigFingerprint: NETWORK_PROXY_CONFIG_FINGERPRINT,
-      }),
-    );
-    let notificationHandler: ((notification: unknown) => void) | undefined;
-    const turnStartParams: Record<string, unknown>[] = [];
-    sharedClientMocks.getSharedCodexAppServerClient.mockResolvedValue({
-      request: vi.fn(async (method: string, requestParams: Record<string, unknown>) => {
-        if (method === "turn/start") {
-          turnStartParams.push(requestParams);
-          setImmediate(() =>
-            notificationHandler?.({
-              method: "turn/completed",
-              params: {
-                threadId: "thread-1",
-                turn: {
-                  id: "turn-1",
-                  status: "completed",
-                  items: [{ type: "agentMessage", id: "item-1", text: "done" }],
-                },
-              },
-            }),
-          );
-          return { turn: { id: "turn-1" } };
-        }
-        throw new Error(`unexpected method: ${method}`);
-      }),
-      addNotificationHandler: vi.fn((handler: (notification: unknown) => void) => {
-        notificationHandler = handler;
-        return () => undefined;
-      }),
-      addRequestHandler: vi.fn(() => () => undefined),
-    });
-
-    const result = await handleCodexConversationInboundClaim(
-      {
-        content: "hello",
-        channel: "telegram",
-        isGroup: false,
-        commandAuthorized: true,
-      },
-      {
-        channelId: "telegram",
-        pluginBinding: {
-          bindingId: "binding-1",
-          pluginId: "codex",
-          pluginRoot: tempDir,
-          channel: "telegram",
-          accountId: "default",
-          conversationId: "5185575566",
-          boundAt: Date.now(),
-          data: {
-            kind: "codex-app-server-session",
-            version: 1,
-            sessionFile,
-            workspaceDir: tempDir,
-          },
-        },
-      },
-      {
-        pluginConfig: {
-          appServer: {
-            networkProxy: {
-              enabled: true,
-              domains: { "api.openai.com": "allow" },
-              allowUpstreamProxy: true,
-              proxyUrl: "http://127.0.0.1:3128",
-            },
-          },
-        },
-        timeoutMs: 50,
-      },
-    );
-
-    expect(result).toEqual({ handled: true, reply: { text: "done" } });
-    expect(turnStartParams[0]).not.toHaveProperty("permissions");
-    expect(turnStartParams[0]).not.toHaveProperty("sandboxPolicy");
-  });
-
-  it("refreshes stale network-proxy bound app-server threads before the turn", async () => {
-    const sessionFile = path.join(tempDir, "session.jsonl");
-    await fs.writeFile(
-      `${sessionFile}.codex-app-server.json`,
-      JSON.stringify({
-        schemaVersion: 2,
-        threadId: "thread-old",
-        cwd: tempDir,
-        networkProxyProfileName: "openclaw-network-stale",
-        networkProxyConfigFingerprint: "stale-proxy-config",
-      }),
-    );
-    let notificationHandler: ((notification: unknown) => void) | undefined;
-    const requests: Array<{ method: string; params: Record<string, unknown> }> = [];
-    sharedClientMocks.getSharedCodexAppServerClient.mockResolvedValue({
-      request: vi.fn(async (method: string, requestParams: Record<string, unknown>) => {
-        requests.push({ method, params: requestParams });
-        if (method === "thread/start") {
-          return conversationThreadStartResult("thread-new");
-        }
-        if (method === "turn/start") {
-          setImmediate(() =>
-            notificationHandler?.({
-              method: "turn/completed",
-              params: {
-                threadId: "thread-new",
-                turn: {
-                  id: "turn-1",
-                  status: "completed",
-                  items: [{ type: "agentMessage", id: "item-1", text: "done" }],
-                },
-              },
-            }),
-          );
-          return { turn: { id: "turn-1" } };
-        }
-        throw new Error(`unexpected method: ${method}`);
-      }),
-      addNotificationHandler: vi.fn((handler: (notification: unknown) => void) => {
-        notificationHandler = handler;
-        return () => undefined;
-      }),
-      addRequestHandler: vi.fn(() => () => undefined),
-    });
-
-    const result = await handleCodexConversationInboundClaim(
-      {
-        content: "hello",
-        channel: "telegram",
-        isGroup: false,
-        commandAuthorized: true,
-      },
-      {
-        channelId: "telegram",
-        pluginBinding: {
-          bindingId: "binding-1",
-          pluginId: "codex",
-          pluginRoot: tempDir,
-          channel: "telegram",
-          accountId: "default",
-          conversationId: "5185575566",
-          boundAt: Date.now(),
-          data: {
-            kind: "codex-app-server-session",
-            version: 1,
-            sessionFile,
-            workspaceDir: tempDir,
-          },
-        },
-      },
-      {
-        pluginConfig: {
-          appServer: {
-            serviceTier: "priority",
-            networkProxy: {
-              enabled: true,
-              domains: { "api.openai.com": "allow" },
-              allowUpstreamProxy: true,
-              proxyUrl: "http://127.0.0.1:3128",
-            },
-          },
-        },
-        timeoutMs: 50,
-      },
-    );
-
-    expect(result).toEqual({ handled: true, reply: { text: "done" } });
-    expect(requests.map((request) => request.method)).toEqual(["thread/start", "turn/start"]);
-    expect(requests[0]?.params.config).toMatchObject(NETWORK_PROXY_CONFIG_PATCH);
-    expect(requests[0]?.params).not.toHaveProperty("sandbox");
-    expect(requests[0]?.params.serviceTier).toBe("priority");
-    expect(requests[1]?.params.threadId).toBe("thread-new");
-    expect(requests[1]?.params).not.toHaveProperty("sandboxPolicy");
-    const bindingAfterRefresh = JSON.parse(
-      await fs.readFile(`${sessionFile}.codex-app-server.json`, "utf8"),
-    ) as Record<string, unknown>;
-    expect(bindingAfterRefresh.threadId).toBe("thread-new");
-    expect(bindingAfterRefresh.networkProxyProfileName).toBe(NETWORK_PROXY_PROFILE_NAME);
-    expect(bindingAfterRefresh.networkProxyConfigFingerprint).toBe(
-      NETWORK_PROXY_CONFIG_FINGERPRINT,
-    );
-  });
-
   it("blocks Guardian-mode bound turns with stale no-approval policy on custom model providers", async () => {
     const sessionFile = path.join(tempDir, "session.jsonl");
     await fs.writeFile(

extensions/codex/src/conversation-binding.ts

@@ -33,7 +33,6 @@ import type {
   CodexThreadResumeResponse,
   CodexThreadStartResponse,
   CodexTurnStartResponse,
-  JsonObject,
   JsonValue,
 } from "./app-server/protocol.js";
 import {
@@ -52,7 +51,6 @@ import {
   getLeasedSharedCodexAppServerClient,
   releaseLeasedSharedCodexAppServerClient,
 } from "./app-server/shared-client.js";
-import { assertCodexThreadStartResponse } from "./app-server/protocol-validators.js";
 import {
   CODEX_NATIVE_PERSONALITY_NONE,
   resolveCodexAppServerRequestModelSelection,
@@ -158,8 +156,6 @@ async function resolveConversationAppServerRuntime(params: {
 }
 
 const CODEX_CONVERSATION_GLOBAL_STATE = Symbol.for("openclaw.codex.conversationBinding");
-const CODEX_CONVERSATION_THREAD_DEVELOPER_INSTRUCTIONS =
-  "This Codex thread is bound to an OpenClaw conversation. Answer normally; OpenClaw will deliver your final response back to the conversation.";
 
 function getGlobalState(): CodexConversationGlobalState {
   const globalState = globalThis as typeof globalThis & {
@@ -419,60 +415,22 @@ function buildThreadRequestRuntimeOptions(
 ): {
   approvalPolicy: ConversationAppServerRuntime["runtime"]["approvalPolicy"];
   approvalsReviewer: ConversationAppServerRuntime["runtime"]["approvalsReviewer"];
-  sandbox?: ConversationAppServerRuntime["runtime"]["sandbox"];
+  sandbox: ConversationAppServerRuntime["runtime"]["sandbox"];
   serviceTier?: CodexServiceTier;
-  config?: JsonObject;
 } {
   const serviceTier = params.serviceTier ?? resolved.runtime.serviceTier;
-  const sandbox = resolved.execPolicy?.touched
-    ? resolved.runtime.sandbox
-    : (params.sandbox ?? resolved.runtime.sandbox);
   return {
     approvalPolicy: resolved.execPolicy?.touched
       ? resolved.runtime.approvalPolicy
       : (params.approvalPolicy ?? resolved.runtime.approvalPolicy),
     approvalsReviewer: resolved.runtime.approvalsReviewer,
-    ...codexConversationSandboxOrPermissions(resolved.runtime, sandbox),
+    sandbox: resolved.execPolicy?.touched
+      ? resolved.runtime.sandbox
+      : (params.sandbox ?? resolved.runtime.sandbox),
     ...(serviceTier ? { serviceTier } : {}),
   };
 }
 
-function codexConversationSandboxOrPermissions(
-  runtime: Pick<ConversationAppServerRuntime["runtime"], "networkProxy">,
-  sandbox: ConversationAppServerRuntime["runtime"]["sandbox"],
-): {
-  sandbox?: ConversationAppServerRuntime["runtime"]["sandbox"];
-  config?: JsonObject;
-} {
-  const networkProxy = runtime.networkProxy;
-  if (networkProxy) {
-    return {
-      config: networkProxy.configPatch,
-    };
-  }
-  return { sandbox };
-}
-
-async function requestNewConversationBindingThread(
-  params: CodexThreadBindingParams,
-  resolved: CodexThreadBindingRuntime,
-): Promise<CodexThreadStartResponse> {
-  return await resolved.client.request(
-    "thread/start",
-    {
-      cwd: params.workspaceDir,
-      ...(resolved.model ? { model: resolved.model } : {}),
-      ...(resolved.modelProvider ? { modelProvider: resolved.modelProvider } : {}),
-      personality: CODEX_NATIVE_PERSONALITY_NONE,
-      ...buildThreadRequestRuntimeOptions(params, resolved),
-      developerInstructions: CODEX_CONVERSATION_THREAD_DEVELOPER_INSTRUCTIONS,
-      experimentalRawEvents: true,
-      persistExtendedHistory: true,
-    },
-    { timeoutMs: resolved.runtime.requestTimeoutMs },
-  );
-}
-
 async function writeThreadBindingFromResponse(
   params: CodexThreadBindingParams,
   resolved: CodexThreadBindingRuntime,
@@ -501,8 +459,6 @@ async function writeThreadBindingFromResponse(
         ? resolved.runtime.sandbox
         : (params.sandbox ?? resolved.runtime.sandbox),
       serviceTier: params.serviceTier ?? resolved.runtime.serviceTier,
-      networkProxyProfileName: resolved.runtime.networkProxy?.profileName,
-      networkProxyConfigFingerprint: resolved.runtime.networkProxy?.configFingerprint,
     },
     {
       ...resolved.agentLookup,
@@ -517,23 +473,18 @@ async function attachExistingThread(
 ): Promise<void> {
   const resolved = await resolveThreadBindingRuntime(params);
   try {
-    // Codex applies network-proxy permission profiles at thread/start. Resuming
-    // an arbitrary existing thread cannot prove that profile is active.
-    const response: CodexThreadResumeResponse | CodexThreadStartResponse =
-      resolved.runtime.networkProxy
-        ? await requestNewConversationBindingThread(params, resolved)
-        : await resolved.client.request(
-            CODEX_CONTROL_METHODS.resumeThread,
-            {
-              threadId: params.threadId,
-              ...(resolved.model ? { model: resolved.model } : {}),
-              ...(resolved.modelProvider ? { modelProvider: resolved.modelProvider } : {}),
-              personality: CODEX_NATIVE_PERSONALITY_NONE,
-              ...buildThreadRequestRuntimeOptions(params, resolved),
-              persistExtendedHistory: true,
-            },
-            { timeoutMs: resolved.runtime.requestTimeoutMs },
-          );
+    const response: CodexThreadResumeResponse = await resolved.client.request(
+      CODEX_CONTROL_METHODS.resumeThread,
+      {
+        threadId: params.threadId,
+        ...(resolved.model ? { model: resolved.model } : {}),
+        ...(resolved.modelProvider ? { modelProvider: resolved.modelProvider } : {}),
+        personality: CODEX_NATIVE_PERSONALITY_NONE,
+        ...buildThreadRequestRuntimeOptions(params, resolved),
+        persistExtendedHistory: true,
+      },
+      { timeoutMs: resolved.runtime.requestTimeoutMs },
+    );
     await writeThreadBindingFromResponse(params, resolved, response);
   } finally {
     releaseLeasedSharedCodexAppServerClient(resolved.client);
@@ -543,7 +494,21 @@ async function attachExistingThread(
 async function createThread(params: CodexThreadBindingParams): Promise<void> {
   const resolved = await resolveThreadBindingRuntime(params);
   try {
-    const response = await requestNewConversationBindingThread(params, resolved);
+    const response: CodexThreadStartResponse = await resolved.client.request(
+      "thread/start",
+      {
+        cwd: params.workspaceDir,
+        ...(resolved.model ? { model: resolved.model } : {}),
+        ...(resolved.modelProvider ? { modelProvider: resolved.modelProvider } : {}),
+        personality: CODEX_NATIVE_PERSONALITY_NONE,
+        ...buildThreadRequestRuntimeOptions(params, resolved),
+        developerInstructions:
+          "This Codex thread is bound to an OpenClaw conversation. Answer normally; OpenClaw will deliver your final response back to the conversation.",
+        experimentalRawEvents: true,
+        persistExtendedHistory: true,
+      },
+      { timeoutMs: resolved.runtime.requestTimeoutMs },
+    );
     await writeThreadBindingFromResponse(params, resolved, response);
   } finally {
     releaseLeasedSharedCodexAppServerClient(resolved.client);
@@ -561,10 +526,10 @@ async function runBoundTurn(params: {
 }): Promise<BoundTurnResult> {
   const agentLookup = buildAgentLookup({ agentDir: params.data.agentDir, config: params.config });
   const binding = await readCodexAppServerBinding(params.data.sessionFile, agentLookup);
-  if (!binding?.threadId) {
+  const threadId = binding?.threadId;
+  if (!threadId) {
     throw new Error("bound Codex conversation has no thread binding");
   }
-  let threadId = binding.threadId;
   const workspaceDir = binding.cwd || params.data.workspaceDir;
   const reviewerModelProvider = resolveModelBackedReviewerPolicyProvider({
     authProfileId: binding.authProfileId,
@@ -603,16 +568,6 @@ async function runBoundTurn(params: {
   const sandbox = useModelScopedPolicy
     ? modelScopedRuntime.sandbox
     : (binding.sandbox ?? modelScopedRuntime.sandbox);
-  const permissionProfile = modelScopedRuntime.networkProxy?.profileName;
-  const networkProxyConfigFingerprint = modelScopedRuntime.networkProxy?.configFingerprint;
-  const networkProxyBindingChanged =
-    binding.networkProxyProfileName !== permissionProfile ||
-    binding.networkProxyConfigFingerprint !== networkProxyConfigFingerprint;
-  const serviceTier = binding.serviceTier ?? runtime.serviceTier;
-  let useStickyNetworkProfile =
-    permissionProfile !== undefined &&
-    binding.networkProxyProfileName === permissionProfile &&
-    binding.networkProxyConfigFingerprint === networkProxyConfigFingerprint;
   assertNativeConversationApprovalPolicySupported({
     execPolicy,
     approvalPolicy,
@@ -634,59 +589,12 @@ async function runBoundTurn(params: {
     authProfileId: binding.authProfileId,
     ...agentLookup,
   });
-  let notificationCleanup: () => void = () => undefined;
-  let requestCleanup: () => void = () => undefined;
-  try {
-    if (networkProxyBindingChanged) {
-      const response = assertCodexThreadStartResponse(
-        await client.request(
-          "thread/start",
-          {
-            cwd: workspaceDir,
-            ...(modelSelection?.model ? { model: modelSelection.model } : {}),
-            ...(modelSelection?.modelProvider ? { modelProvider: modelSelection.modelProvider } : {}),
-            personality: CODEX_NATIVE_PERSONALITY_NONE,
-            approvalPolicy,
-            approvalsReviewer: modelScopedRuntime.approvalsReviewer,
-            ...(modelScopedRuntime.networkProxy
-              ? { config: modelScopedRuntime.networkProxy.configPatch }
-              : { sandbox }),
-            ...(serviceTier ? { serviceTier } : {}),
-            developerInstructions: CODEX_CONVERSATION_THREAD_DEVELOPER_INSTRUCTIONS,
-            experimentalRawEvents: true,
-            persistExtendedHistory: true,
-          },
-          { timeoutMs: runtime.requestTimeoutMs },
-        ),
-      );
-      threadId = response.thread.id;
-      await writeCodexAppServerBinding(
-        params.data.sessionFile,
-        {
-          threadId,
-          cwd: response.thread.cwd ?? workspaceDir,
-          authProfileId: binding.authProfileId,
-          model: response.model ?? modelSelection?.model ?? binding.model,
-          modelProvider: normalizeCodexAppServerBindingModelProvider({
-            authProfileId: binding.authProfileId,
-            modelProvider: response.modelProvider ?? modelSelection?.modelProvider ?? binding.modelProvider,
-            ...agentLookup,
-          }),
-          approvalPolicy: typeof approvalPolicy === "string" ? approvalPolicy : undefined,
-          sandbox,
-          serviceTier,
-          networkProxyProfileName: modelScopedRuntime.networkProxy?.profileName,
-          networkProxyConfigFingerprint: modelScopedRuntime.networkProxy?.configFingerprint,
-        },
-        agentLookup,
-      );
-      useStickyNetworkProfile = modelScopedRuntime.networkProxy !== undefined;
-    }
-    const collector = createCodexConversationTurnCollector(threadId);
-    notificationCleanup = client.addNotificationHandler((notification) =>
-      collector.handleNotification(notification),
-    );
-    requestCleanup = client.addRequestHandler(async (request): Promise<JsonValue | undefined> => {
+  const collector = createCodexConversationTurnCollector(threadId);
+  const notificationCleanup = client.addNotificationHandler((notification) =>
+    collector.handleNotification(notification),
+  );
+  const requestCleanup = client.addRequestHandler(
+    async (request): Promise<JsonValue | undefined> => {
       if (request.method === "item/tool/call") {
         return {
           contentItems: [
@@ -719,7 +627,9 @@ async function runBoundTurn(params: {
         };
       }
       return undefined;
-    });
+    },
+  );
+  try {
     const response: CodexTurnStartResponse = await client.request(
       "turn/start",
       {
@@ -731,12 +641,12 @@ async function runBoundTurn(params: {
         cwd: workspaceDir,
         approvalPolicy,
         approvalsReviewer: modelScopedRuntime.approvalsReviewer,
-        ...(useStickyNetworkProfile
-          ? {}
-          : { sandboxPolicy: codexSandboxPolicyForTurn(sandbox, workspaceDir) }),
+        sandboxPolicy: codexSandboxPolicyForTurn(sandbox, workspaceDir),
         ...(modelSelection?.model ? { model: modelSelection.model } : {}),
         personality: CODEX_NATIVE_PERSONALITY_NONE,
-        ...(serviceTier ? { serviceTier } : {}),
+        ...((binding.serviceTier ?? runtime.serviceTier)
+          ? { serviceTier: binding.serviceTier ?? runtime.serviceTier }
+          : {}),
       },
       { timeoutMs: runtime.requestTimeoutMs },
     );

extensions/cohere/index.test.ts

@@ -1,121 +0,0 @@
-import { readFileSync } from "node:fs";
-import type { StreamFn } from "openclaw/plugin-sdk/agent-core";
-import type { Context, Model } from "openclaw/plugin-sdk/llm";
-import { registerSingleProviderPlugin } from "openclaw/plugin-sdk/plugin-test-runtime";
-import { buildOpenAICompletionsParams } from "openclaw/plugin-sdk/provider-transport-runtime";
-import { describe, expect, it } from "vitest";
-import plugin from "./index.js";
-import { buildCohereProvider } from "./provider-catalog.js";
-import { createCohereCompletionsWrapper } from "./stream.js";
-
-function readManifest() {
-  return JSON.parse(readFileSync(new URL("./openclaw.plugin.json", import.meta.url), "utf8")) as {
-    providerAuthChoices?: Array<{ choiceId?: string; optionKey?: string; cliFlag?: string }>;
-    setup?: { providers?: Array<{ id?: string; envVars?: string[] }> };
-  };
-}
-
-function requireCohereModel(): Model<"openai-completions"> {
-  const model = buildCohereProvider().models?.[0];
-  if (!model) {
-    throw new Error("Cohere catalog did not provide a model");
-  }
-  return model as Model<"openai-completions">;
-}
-
-function captureCoherePayload(context: Context): Record<string, unknown> {
-  let captured: Record<string, unknown> | undefined;
-  const baseStreamFn: StreamFn = (model, streamContext, options) => {
-    const payload = buildOpenAICompletionsParams(
-      model as Model<"openai-completions">,
-      streamContext,
-      { maxTokens: 2048 } as never,
-    );
-    options?.onPayload?.(payload, model);
-    return {} as ReturnType<StreamFn>;
-  };
-
-  const wrappedStreamFn = createCohereCompletionsWrapper(baseStreamFn);
-  if (!wrappedStreamFn) {
-    throw new Error("Cohere wrapper did not return a stream function");
-  }
-  void wrappedStreamFn(requireCohereModel(), context, {
-    onPayload: (payload) => {
-      captured = payload as Record<string, unknown>;
-    },
-  });
-  if (!captured) {
-    throw new Error("Cohere payload was not captured");
-  }
-  return captured;
-}
-
-describe("Cohere provider plugin", () => {
-  it("registers the manifest-owned API key onboarding flow", async () => {
-    const provider = await registerSingleProviderPlugin(plugin);
-
-    expect(provider.auth.map((method) => method.wizard?.choiceId)).toEqual(["cohere-api-key"]);
-    expect(provider).toMatchObject({
-      id: "cohere",
-      envVars: ["COHERE_API_KEY"],
-    });
-    expect(provider.auth[0]).toMatchObject({
-      id: "api-key",
-      kind: "api_key",
-      wizard: { choiceId: "cohere-api-key" },
-    });
-    expect(readManifest().providerAuthChoices).toEqual([
-      expect.objectContaining({
-        choiceId: "cohere-api-key",
-        optionKey: "cohereApiKey",
-        cliFlag: "--cohere-api-key",
-      }),
-    ]);
-    expect(readManifest().setup?.providers).toEqual([
-      { id: "cohere", envVars: ["COHERE_API_KEY"] },
-    ]);
-  });
-
-  it("exposes the static Cohere catalog", () => {
-    expect(buildCohereProvider()).toMatchObject({
-      baseUrl: "https://api.cohere.ai/compatibility/v1",
-      api: "openai-completions",
-      models: [
-        expect.objectContaining({
-          id: "command-a-03-2025",
-          compat: {
-            supportsStore: false,
-            supportsUsageInStreaming: false,
-            maxTokensField: "max_tokens",
-          },
-        }),
-      ],
-    });
-  });
-
-  it("uses Cohere's OpenAI-compatible completions payload fields", () => {
-    const params = captureCoherePayload({
-      systemPrompt: "system",
-      messages: [],
-      tools: [
-        {
-          name: "lookup",
-          description: "Look up a value",
-          parameters: { type: "object", properties: {} },
-        },
-      ],
-    } as Context);
-
-    expect(params.max_tokens).toBe(2048);
-    expect(params).not.toHaveProperty("max_completion_tokens");
-    expect(params).not.toHaveProperty("store");
-    expect(params).not.toHaveProperty("stream_options");
-    expect(params).not.toHaveProperty("tool_choice");
-    expect(params.messages).toEqual(
-      expect.arrayContaining([expect.objectContaining({ role: "developer", content: "system" })]),
-    );
-    expect(params.messages).not.toEqual(
-      expect.arrayContaining([expect.objectContaining({ role: "system", content: "system" })]),
-    );
-  });
-});

extensions/cohere/index.ts

@@ -1,37 +0,0 @@
-import { defineSingleProviderPluginEntry } from "openclaw/plugin-sdk/provider-entry";
-import { applyCohereConfig, COHERE_DEFAULT_MODEL_REF } from "./onboard.js";
-import { buildCohereProvider } from "./provider-catalog.js";
-import { createCohereCompletionsWrapper } from "./stream.js";
-
-export default defineSingleProviderPluginEntry({
-  id: "cohere",
-  name: "Cohere Provider",
-  description: "Bundled Cohere provider plugin",
-  provider: {
-    label: "Cohere",
-    docsPath: "/providers/cohere",
-    auth: [
-      {
-        methodId: "api-key",
-        label: "Cohere API key",
-        hint: "OpenAI-compatible inference",
-        optionKey: "cohereApiKey",
-        flagName: "--cohere-api-key",
-        envVar: "COHERE_API_KEY",
-        promptMessage: "Enter Cohere API key",
-        defaultModel: COHERE_DEFAULT_MODEL_REF,
-        applyConfig: (cfg) => applyCohereConfig(cfg),
-        wizard: {
-          groupLabel: "Cohere",
-          groupHint: "OpenAI-compatible inference",
-        },
-      },
-    ],
-    catalog: {
-      buildProvider: buildCohereProvider,
-      buildStaticProvider: buildCohereProvider,
-    },
-    wrapStreamFn: (ctx) => createCohereCompletionsWrapper(ctx.streamFn),
-    wrapSimpleCompletionStreamFn: (ctx) => createCohereCompletionsWrapper(ctx.streamFn),
-  },
-});

extensions/cohere/models.ts

@@ -1,27 +0,0 @@
-/**
- * Cohere model catalog helpers derived from the plugin manifest.
- */
-import { buildManifestModelProviderConfig } from "openclaw/plugin-sdk/provider-catalog-shared";
-import type { ModelDefinitionConfig } from "openclaw/plugin-sdk/provider-model-shared";
-import manifest from "./openclaw.plugin.json" with { type: "json" };
-
-const COHERE_MANIFEST_CATALOG = manifest.modelCatalog.providers.cohere;
-
-export const COHERE_BASE_URL = COHERE_MANIFEST_CATALOG.baseUrl;
-export const COHERE_MODEL_CATALOG = COHERE_MANIFEST_CATALOG.models;
-
-export function buildCohereCatalogModels(): ModelDefinitionConfig[] {
-  return buildManifestModelProviderConfig({
-    providerId: "cohere",
-    catalog: COHERE_MANIFEST_CATALOG,
-  }).models;
-}
-
-export function buildCohereModelDefinition(
-  model: (typeof COHERE_MODEL_CATALOG)[number],
-): ModelDefinitionConfig {
-  return buildManifestModelProviderConfig({
-    providerId: "cohere",
-    catalog: { ...COHERE_MANIFEST_CATALOG, models: [model] },
-  }).models[0];
-}

extensions/cohere/onboard.test.ts

@@ -1,49 +0,0 @@
-import type { OpenClawConfig } from "openclaw/plugin-sdk/config-contracts";
-import { resolveAgentModelPrimaryValue } from "openclaw/plugin-sdk/provider-onboard";
-import { describe, expect, it } from "vitest";
-import { buildCohereCatalogModels, COHERE_BASE_URL, COHERE_MODEL_CATALOG } from "./models.js";
-import {
-  applyCohereConfig,
-  applyCohereProviderConfig,
-  COHERE_DEFAULT_MODEL_ID,
-  COHERE_DEFAULT_MODEL_REF,
-} from "./onboard.js";
-
-describe("Cohere onboarding", () => {
-  it("registers the manifest catalog through the compatibility endpoint", () => {
-    const result = applyCohereProviderConfig({});
-    const provider = result.models?.providers?.cohere;
-
-    expect(provider).toMatchObject({
-      baseUrl: COHERE_BASE_URL,
-      api: "openai-completions",
-    });
-    expect(provider?.models?.map((model) => model.id)).toEqual([COHERE_DEFAULT_MODEL_ID]);
-    expect(buildCohereCatalogModels()).toHaveLength(COHERE_MODEL_CATALOG.length);
-  });
-
-  it("sets Cohere only when there is no primary model", () => {
-    const existing: OpenClawConfig = {
-      agents: {
-        defaults: {
-          model: { primary: "openai/gpt-5.5" },
-        },
-      },
-    };
-
-    const result = applyCohereConfig(existing);
-
-    expect(resolveAgentModelPrimaryValue(result.agents?.defaults?.model)).toBe("openai/gpt-5.5");
-    expect(result.agents?.defaults?.models?.[COHERE_DEFAULT_MODEL_REF]).toEqual({
-      alias: "Cohere Command A",
-    });
-  });
-
-  it("uses Cohere as the first configured primary model", () => {
-    const result = applyCohereConfig({});
-
-    expect(resolveAgentModelPrimaryValue(result.agents?.defaults?.model)).toBe(
-      COHERE_DEFAULT_MODEL_REF,
-    );
-  });
-});

extensions/cohere/onboard.ts

@@ -1,27 +0,0 @@
-import {
-  createModelCatalogPresetAppliers,
-  type OpenClawConfig,
-} from "openclaw/plugin-sdk/provider-onboard";
-import { buildCohereModelDefinition, COHERE_BASE_URL, COHERE_MODEL_CATALOG } from "./models.js";
-
-export const COHERE_DEFAULT_MODEL_ID = "command-a-03-2025";
-export const COHERE_DEFAULT_MODEL_REF = `cohere/${COHERE_DEFAULT_MODEL_ID}`;
-
-const coherePresetAppliers = createModelCatalogPresetAppliers({
-  primaryModelRef: COHERE_DEFAULT_MODEL_REF,
-  resolveParams: (_cfg: OpenClawConfig) => ({
-    providerId: "cohere",
-    api: "openai-completions",
-    baseUrl: COHERE_BASE_URL,
-    catalogModels: COHERE_MODEL_CATALOG.map(buildCohereModelDefinition),
-    aliases: [{ modelRef: COHERE_DEFAULT_MODEL_REF, alias: "Cohere Command A" }],
-  }),
-});
-
-export function applyCohereProviderConfig(cfg: OpenClawConfig): OpenClawConfig {
-  return coherePresetAppliers.applyProviderConfig(cfg);
-}
-
-export function applyCohereConfig(cfg: OpenClawConfig): OpenClawConfig {
-  return coherePresetAppliers.applyConfig(cfg);
-}

extensions/cohere/openclaw.plugin.json

@@ -1,67 +0,0 @@
-{
-  "id": "cohere",
-  "activation": {
-    "onStartup": false
-  },
-  "enabledByDefault": true,
-  "providers": ["cohere"],
-  "modelCatalog": {
-    "providers": {
-      "cohere": {
-        "baseUrl": "https://api.cohere.ai/compatibility/v1",
-        "api": "openai-completions",
-        "models": [
-          {
-            "id": "command-a-03-2025",
-            "name": "Command A",
-            "input": ["text"],
-            "contextWindow": 256000,
-            "maxTokens": 8000,
-            "cost": {
-              "input": 2.5,
-              "output": 10,
-              "cacheRead": 0,
-              "cacheWrite": 0
-            },
-            "compat": {
-              "supportsStore": false,
-              "supportsUsageInStreaming": false,
-              "maxTokensField": "max_tokens"
-            }
-          }
-        ]
-      }
-    },
-    "discovery": {
-      "cohere": "static"
-    }
-  },
-  "setup": {
-    "providers": [
-      {
-        "id": "cohere",
-        "envVars": ["COHERE_API_KEY"]
-      }
-    ]
-  },
-  "providerAuthChoices": [
-    {
-      "provider": "cohere",
-      "method": "api-key",
-      "choiceId": "cohere-api-key",
-      "choiceLabel": "Cohere API key",
-      "groupId": "cohere",
-      "groupLabel": "Cohere",
-      "groupHint": "OpenAI-compatible inference",
-      "optionKey": "cohereApiKey",
-      "cliFlag": "--cohere-api-key",
-      "cliOption": "--cohere-api-key <key>",
-      "cliDescription": "Cohere API key"
-    }
-  ],
-  "configSchema": {
-    "type": "object",
-    "additionalProperties": false,
-    "properties": {}
-  }
-}

extensions/cohere/package.json

@@ -1,15 +0,0 @@
-{
-  "name": "@openclaw/cohere-provider",
-  "version": "2026.6.8",
-  "private": true,
-  "description": "OpenClaw Cohere provider plugin",
-  "type": "module",
-  "devDependencies": {
-    "@openclaw/plugin-sdk": "workspace:*"
-  },
-  "openclaw": {
-    "extensions": [
-      "./index.ts"
-    ]
-  }
-}

extensions/cohere/provider-catalog.ts

@@ -1,10 +0,0 @@
-import type { ModelProviderConfig } from "openclaw/plugin-sdk/provider-model-shared";
-import { buildCohereCatalogModels, COHERE_BASE_URL } from "./models.js";
-
-export function buildCohereProvider(): ModelProviderConfig {
-  return {
-    baseUrl: COHERE_BASE_URL,
-    api: "openai-completions",
-    models: buildCohereCatalogModels(),
-  };
-}

extensions/cohere/stream.ts

@@ -1,26 +0,0 @@
-import type { ProviderWrapStreamFnContext } from "openclaw/plugin-sdk/plugin-entry";
-import { createPayloadPatchStreamWrapper } from "openclaw/plugin-sdk/provider-stream-shared";
-
-function patchCoherePayload(payload: Record<string, unknown>): void {
-  // Cohere's Compatibility API uses developer, not system, for instructions.
-  if (Array.isArray(payload.messages)) {
-    payload.messages = payload.messages.map((message) =>
-      message &&
-      typeof message === "object" &&
-      (message as Record<string, unknown>).role === "system"
-        ? { ...(message as Record<string, unknown>), role: "developer" }
-        : message,
-    );
-  }
-
-  // Cohere lets tool-capable models choose a tool when tool_choice is omitted.
-  delete payload.tool_choice;
-}
-
-export function createCohereCompletionsWrapper(
-  baseStreamFn: ProviderWrapStreamFnContext["streamFn"],
-): ProviderWrapStreamFnContext["streamFn"] {
-  return createPayloadPatchStreamWrapper(baseStreamFn, ({ payload }) =>
-    patchCoherePayload(payload),
-  );
-}

extensions/cohere/tsconfig.json

@@ -1,16 +0,0 @@
-{
-  "extends": "../tsconfig.package-boundary.base.json",
-  "compilerOptions": {
-    "rootDir": "."
-  },
-  "include": ["./*.ts", "./src/**/*.ts"],
-  "exclude": [
-    "./**/*.test.ts",
-    "./dist/**",
-    "./node_modules/**",
-    "./src/test-support/**",
-    "./src/**/*test-helpers.ts",
-    "./src/**/*test-harness.ts",
-    "./src/**/*test-support.ts"
-  ]
-}

extensions/diagnostics-otel/src/service.test.ts

@@ -173,7 +173,6 @@ import {
 import {
   emitDiagnosticEventWithTrustedTraceContext,
   emitInternalDiagnosticEventForTest,
-  emitTrustedSecurityEvent,
   logMessageDispatchStarted,
   logMessageProcessed,
   onTrustedInternalDiagnosticEvent,
@@ -954,119 +953,6 @@ describe("diagnostics-otel service", () => {
     await service.stop?.(ctx);
   });
 
-  test("exports trusted security events as bounded OTLP logs", async () => {
-    const service = createDiagnosticsOtelService();
-    const ctx = createOtelContext(OTEL_TEST_ENDPOINT, { logs: true });
-    const trace = createDiagnosticTraceContext({
-      traceId: TRACE_ID,
-      spanId: SPAN_ID,
-      traceFlags: "01",
-    });
-
-    await service.start(ctx);
-    emitTrustedSecurityEvent({
-      eventId: "security-event-1",
-      category: "tool",
-      action: "tool.execution.blocked",
-      outcome: "denied",
-      severity: "medium",
-      reason: "tools.deny",
-      actor: {
-        kind: "agent",
-        idHash: "agent-hash-1",
-        role: "operator",
-        scopes: ["operator.read", "operator.approvals"],
-      },
-      target: {
-        kind: "plugin",
-        name: "@acme/security-event-plugin",
-        owner: "plugin-installer",
-      },
-      policy: {
-        id: "tools.exec",
-        decision: "deny",
-        reason: "allowlist.miss",
-      },
-      control: {
-        id: "exec-approval",
-        family: "approval",
-      },
-      attributes: {
-        params_kind: "object",
-        secretish: "token sk-test-secret",
-        [PROTO_KEY]: "blocked",
-      },
-      trace,
-    });
-    await flushDiagnosticEvents();
-
-    const emitCall = mockCallArg(logEmit, 0) as {
-      attributes?: Record<string, unknown>;
-      body?: string;
-      context?: unknown;
-      severityNumber?: number;
-      severityText?: string;
-    };
-    expect(emitCall.body).toBe("openclaw.security.event");
-    expect(emitCall.severityText).toBe("WARN");
-    expect(emitCall.severityNumber).toBe(13);
-    expect(emitCall.attributes).toMatchObject({
-      "openclaw.security.event_id": "security-event-1",
-      "openclaw.security.category": "tool",
-      "openclaw.security.action": "tool.execution.blocked",
-      "openclaw.security.outcome": "denied",
-      "openclaw.security.severity": "medium",
-      "openclaw.security.reason": "tools.deny",
-      "openclaw.security.actor.kind": "agent",
-      "openclaw.security.actor.id_hash": "agent-hash-1",
-      "openclaw.security.actor.role": "operator",
-      "openclaw.security.actor.scopes": "operator.read,operator.approvals",
-      "openclaw.security.target.kind": "plugin",
-      "openclaw.security.target.name": "@acme/security-event-plugin",
-      "openclaw.security.target.owner": "plugin-installer",
-      "openclaw.security.policy.id": "tools.exec",
-      "openclaw.security.policy.decision": "deny",
-      "openclaw.security.policy.reason": "allowlist.miss",
-      "openclaw.security.control.id": "exec-approval",
-      "openclaw.security.control.family": "approval",
-      "openclaw.security.attribute.params_kind": "object",
-      "openclaw.security.attribute.secretish": "unknown",
-    });
-    expect(emitCall.context).toEqual({
-      spanContext: {
-        traceId: TRACE_ID,
-        spanId: SPAN_ID,
-        traceFlags: 1,
-        isRemote: true,
-      },
-    });
-    expect(Object.hasOwn(emitCall.attributes ?? {}, "openclaw.security.attribute.__proto__")).toBe(
-      false,
-    );
-    expect(JSON.stringify(emitCall)).not.toContain("sk-test-secret");
-
-    await service.stop?.(ctx);
-  });
-
-  test("does not export security events when OTLP logs are disabled", async () => {
-    const service = createDiagnosticsOtelService();
-    const ctx = createOtelContext(OTEL_TEST_ENDPOINT, { logs: false, metrics: true });
-
-    await service.start(ctx);
-    emitTrustedSecurityEvent({
-      eventId: "security-event-logs-disabled",
-      category: "auth",
-      action: "gateway.auth.failed",
-      outcome: "failure",
-      severity: "high",
-    });
-    await flushDiagnosticEvents();
-
-    expect(logEmit).not.toHaveBeenCalled();
-
-    await service.stop?.(ctx);
-  });
-
   test("records liveness warning diagnostics", async () => {
     const service = createDiagnosticsOtelService();
     const ctx = createOtelContext(OTEL_TEST_ENDPOINT, { traces: true, metrics: true });

extensions/diagnostics-otel/src/service.ts

@@ -67,7 +67,6 @@ const DROPPED_OTEL_ATTRIBUTE_KEYS = new Set([
   "openclaw.trace_id",
 ]);
 const LOW_CARDINALITY_VALUE_RE = /^[A-Za-z0-9_.:-]{1,120}$/u;
-const SECURITY_TARGET_NAME_VALUE_RE = /^[A-Za-z0-9@/_.:-]{1,256}$/u;
 const MAX_OTEL_CONTENT_ATTRIBUTE_CHARS = 128 * 1024;
 const MAX_OTEL_CONTENT_ARRAY_ITEMS = 200;
 const MAX_OTEL_LOG_BODY_CHARS = 4 * 1024;
@@ -139,7 +138,6 @@ type SessionRecoveryDiagnosticEvent = Extract<
   { type: "session.recovery.requested" | "session.recovery.completed" }
 >;
 type TalkDiagnosticEvent = Extract<DiagnosticEventPayload, { type: "talk.event" }>;
-type SecuritySeverityText = "FATAL" | "ERROR" | "WARN" | "INFO";
 type TrustedSpanAliasOwner = { kind: "run"; id: string };
 
 const NO_CONTENT_CAPTURE: OtelContentCapturePolicy = {
@@ -320,18 +318,6 @@ function lowCardinalityAttr(value: string | undefined, fallback = "unknown"): st
   return LOW_CARDINALITY_VALUE_RE.test(redacted) ? redacted : fallback;
 }
 
-function securityTargetNameAttr(value: string | undefined, fallback = "unknown"): string {
-  if (!value) {
-    return fallback;
-  }
-  const redacted = redactSensitiveText(value.trim());
-  const redactedLower = redacted.toLowerCase();
-  if (redactedLower.startsWith("agent:") || redactedLower.includes(":agent:")) {
-    return fallback;
-  }
-  return SECURITY_TARGET_NAME_VALUE_RE.test(redacted) ? redacted : fallback;
-}
-
 function lowCardinalityQueueLaneAttr(value: string | undefined, fallback = "unknown"): string {
   if (!value) {
     return fallback;
@@ -1023,173 +1009,6 @@ function assignOtelLogEventAttributes(
   }
 }
 
-function assignOtelSecurityEventAttributes(
-  attributes: Record<string, string | number | boolean>,
-  eventAttributes: Record<string, string | number | boolean> | undefined,
-): void {
-  if (!eventAttributes) {
-    return;
-  }
-  for (const rawKey in eventAttributes) {
-    if (Object.keys(attributes).length >= MAX_OTEL_LOG_ATTRIBUTE_COUNT) {
-      break;
-    }
-    if (!Object.hasOwn(eventAttributes, rawKey)) {
-      continue;
-    }
-    const key = rawKey.trim();
-    if (BLOCKED_OTEL_LOG_ATTRIBUTE_KEYS.has(key)) {
-      continue;
-    }
-    if (redactSensitiveText(key) !== key) {
-      continue;
-    }
-    if (!OTEL_LOG_RAW_ATTRIBUTE_KEY_RE.test(key)) {
-      continue;
-    }
-    const value = eventAttributes[rawKey];
-    assignOtelLogAttribute(
-      attributes,
-      `openclaw.security.attribute.${key}`,
-      typeof value === "string" ? lowCardinalityAttr(value) : value,
-    );
-  }
-}
-
-function securitySeverityText(
-  severity: Extract<DiagnosticEventPayload, { type: "security.event" }>["severity"],
-): SecuritySeverityText {
-  switch (severity) {
-    case "critical":
-      return "FATAL";
-    case "high":
-      return "ERROR";
-    case "medium":
-      return "WARN";
-    case "info":
-    case "low":
-      return "INFO";
-  }
-  const unreachable: never = severity;
-  return unreachable;
-}
-
-function assignOtelSecurityAttributes(
-  attributes: Record<string, string | number | boolean>,
-  evt: Extract<DiagnosticEventPayload, { type: "security.event" }>,
-): void {
-  assignOtelLogAttribute(attributes, "openclaw.security.event_id", evt.eventId);
-  assignOtelLogAttribute(attributes, "openclaw.security.category", evt.category);
-  assignOtelLogAttribute(attributes, "openclaw.security.action", lowCardinalityAttr(evt.action));
-  assignOtelLogAttribute(attributes, "openclaw.security.outcome", evt.outcome);
-  assignOtelLogAttribute(attributes, "openclaw.security.severity", evt.severity);
-  if (evt.reason) {
-    assignOtelLogAttribute(attributes, "openclaw.security.reason", lowCardinalityAttr(evt.reason));
-  }
-  if (evt.actor) {
-    assignOtelLogAttribute(attributes, "openclaw.security.actor.kind", evt.actor.kind);
-    if (evt.actor.idHash) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.actor.id_hash",
-        lowCardinalityAttr(evt.actor.idHash),
-      );
-    }
-    if (evt.actor.deviceIdHash) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.actor.device_id_hash",
-        lowCardinalityAttr(evt.actor.deviceIdHash),
-      );
-    }
-    if (evt.actor.channel) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.actor.channel",
-        lowCardinalityAttr(evt.actor.channel),
-      );
-    }
-    if (evt.actor.role) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.actor.role",
-        lowCardinalityAttr(evt.actor.role),
-      );
-    }
-    if (evt.actor.scopes?.length) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.actor.scopes",
-        evt.actor.scopes.map((scope) => lowCardinalityAttr(scope)).join(","),
-      );
-    }
-  }
-  if (evt.target) {
-    assignOtelLogAttribute(attributes, "openclaw.security.target.kind", evt.target.kind);
-    if (evt.target.idHash) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.target.id_hash",
-        lowCardinalityAttr(evt.target.idHash),
-      );
-    }
-    if (evt.target.name) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.target.name",
-        securityTargetNameAttr(evt.target.name),
-      );
-    }
-    if (evt.target.owner) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.target.owner",
-        lowCardinalityAttr(evt.target.owner),
-      );
-    }
-  }
-  if (evt.policy) {
-    if (evt.policy.id) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.policy.id",
-        lowCardinalityAttr(evt.policy.id),
-      );
-    }
-    if (evt.policy.decision) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.policy.decision",
-        evt.policy.decision,
-      );
-    }
-    if (evt.policy.reason) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.policy.reason",
-        lowCardinalityAttr(evt.policy.reason),
-      );
-    }
-  }
-  if (evt.control) {
-    if (evt.control.id) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.control.id",
-        lowCardinalityAttr(evt.control.id),
-      );
-    }
-    if (evt.control.family) {
-      assignOtelLogAttribute(
-        attributes,
-        "openclaw.security.control.family",
-        evt.control.family,
-      );
-    }
-  }
-  assignOtelSecurityEventAttributes(attributes, evt.attributes);
-}
-
 function traceFlagsToOtel(traceFlags: string | undefined): TraceFlags {
   const parsed = Number.parseInt(traceFlags ?? "00", 16);
   return (parsed & TraceFlags.SAMPLED) !== 0 ? TraceFlags.SAMPLED : TraceFlags.NONE;
@@ -1766,12 +1585,6 @@ export function createDiagnosticsOtelService(): OpenClawPluginService {
             metadata: DiagnosticEventMetadata,
           ) => void)
         | undefined;
-      let recordSecurityEvent:
-        | ((
-            evt: Extract<DiagnosticEventPayload, { type: "security.event" }>,
-            metadata: DiagnosticEventMetadata,
-          ) => void)
-        | undefined;
       if (logsEnabled) {
         let logRecordExportFailureLastReportedAt = Number.NEGATIVE_INFINITY;
         const logExporter = new OTLPLogExporter({
@@ -1849,47 +1662,6 @@ export function createDiagnosticsOtelService(): OpenClawPluginService {
             }
           }
         };
-        recordSecurityEvent = (evt, metadata) => {
-          if (!metadata.trusted) {
-            return;
-          }
-          try {
-            const severityText = securitySeverityText(evt.severity);
-            const attributes = Object.create(null) as Record<string, string | number | boolean>;
-            assignOtelSecurityAttributes(attributes, evt);
-
-            const logRecord: LogRecord = {
-              body: "openclaw.security.event",
-              severityText,
-              severityNumber: logSeverityMap[severityText] ?? (9 as SeverityNumber),
-              attributes: redactOtelAttributes(attributes),
-              timestamp: evt.ts,
-            };
-            const logContext = contextForTrustedTraceContext(evt, metadata);
-            if (logContext) {
-              logRecord.context = logContext;
-            }
-            otelLogger.emit(logRecord);
-          } catch (err) {
-            emitExporterEvent({
-              exporter: "diagnostics-otel",
-              signal: "logs",
-              status: "failure",
-              reason: "emit_failed",
-              errorCategory: errorCategory(err),
-            });
-            const now = Date.now();
-            if (
-              now - logRecordExportFailureLastReportedAt >=
-              LOG_RECORD_EXPORT_FAILURE_REPORT_INTERVAL_MS
-            ) {
-              logRecordExportFailureLastReportedAt = now;
-              ctx.logger.error(
-                `diagnostics-otel: security event export failed: ${formatError(err)}`,
-              );
-            }
-          }
-        };
       }
 
       const spanWithDuration = (
@@ -3671,9 +3443,6 @@ export function createDiagnosticsOtelService(): OpenClawPluginService {
             case "log.record":
               recordLogRecord?.(evt, metadata);
               return;
-            case "security.event":
-              recordSecurityEvent?.(evt, metadata);
-              return;
             case "tool.loop":
               recordToolLoop(evt);
               return;

extensions/discord/src/monitor/message-handler.process.test.ts

@@ -3057,8 +3057,8 @@ describe("processDiscordMessage draft streaming", () => {
     await runProcessDiscordMessage(ctx);
 
     const lastUpdate = draftStream.update.mock.calls.at(-1)?.[0];
-    expect(lastUpdate).toContain("completed");
-    expect(lastUpdate).not.toContain("install dependencies");
+    expect(lastUpdate).toContain("install dependencies");
+    expect(lastUpdate).not.toContain("completed");
   });
 
   it("drops later tool warning finals after progress preview final replies", async () => {

extensions/feishu/src/bot.test.ts

@@ -424,7 +424,6 @@ async function dispatchMessage(params: {
   currentCfg?: ClawdbotConfig;
   event: FeishuMessageEvent;
   channelRuntime?: PluginRuntime["channel"];
-  botOpenId?: string;
 }) {
   const runtime = createRuntimeEnv();
   const feishuConfig = params.cfg.channels?.feishu;
@@ -445,7 +444,6 @@ async function dispatchMessage(params: {
   await handleFeishuMessage({
     cfg,
     event: params.event,
-    botOpenId: params.botOpenId,
     runtime,
     channelRuntime: params.channelRuntime,
   });
@@ -4166,150 +4164,6 @@ describe("handleFeishuMessage command authorization", () => {
     // No reply should be dispatched: empty message is silently skipped
     expect(mockDispatchReplyFromConfig).not.toHaveBeenCalled();
   });
-
-  it("does not drop empty-text message when it quotes a parent message (#90177)", async () => {
-    // A Feishu reply containing only @bot (no additional text) was being
-    // dropped before the quoted message content was fetched. The handler
-    // should fetch quoted content first and only skip if all of current
-    // text, media, and quoted content are empty.
-    mockShouldComputeCommandAuthorized.mockReturnValue(false);
-    mockGetMessageFeishu.mockResolvedValueOnce({
-      messageId: "om_quoted_001",
-      chatId: "oc-dm",
-      content: "quoted message content from parent",
-      contentType: "text",
-    });
-
-    const cfg: ClawdbotConfig = {
-      channels: {
-        feishu: {
-          dmPolicy: "open",
-          allowFrom: ["*"],
-        },
-      },
-    } as ClawdbotConfig;
-
-    const event: FeishuMessageEvent = {
-      sender: {
-        sender_id: {
-          open_id: "ou-reply-only-bot",
-        },
-      },
-      message: {
-        message_id: "msg-empty-with-quote",
-        parent_id: "om_quoted_001",
-        chat_id: "oc-dm",
-        chat_type: "p2p",
-        message_type: "text",
-        // Empty text — only @bot mention, no additional content
-        content: JSON.stringify({ text: "" }),
-      },
-    };
-
-    await dispatchMessage({ cfg, event });
-
-    // A reply should be dispatched because quoted content provides context
-    expect(mockDispatchReplyFromConfig).toHaveBeenCalledTimes(1);
-  });
-
-  it("dispatches mention-only group reply with quoted content in requireMention:true group (#90177)", async () => {
-    // #90177 is specifically about group chats. The empty-message drop happens
-    // after the group admission/mention gate, so the fix must also work when
-    // the sender mentions the bot in a requireMention:true group and quotes a
-    // parent message with meaningful content — the reply should dispatch with
-    // the quoted text in the body.
-    mockShouldComputeCommandAuthorized.mockReturnValue(false);
-    mockGetMessageFeishu.mockResolvedValueOnce({
-      messageId: "om_group_quoted_001",
-      chatId: "oc-group-90177",
-      content: "parent message with context",
-      contentType: "text",
-    });
-
-    const cfg: ClawdbotConfig = {
-      channels: {
-        feishu: {
-          groupPolicy: "open",
-          groups: {
-            "oc-group-90177": {
-              requireMention: true,
-            },
-          },
-        },
-      },
-    } as ClawdbotConfig;
-
-    const event: FeishuMessageEvent = {
-      sender: {
-        sender_id: {
-          open_id: "ou-group-sender",
-        },
-      },
-      message: {
-        message_id: "msg-group-empty-with-quote",
-        parent_id: "om_group_quoted_001",
-        chat_id: "oc-group-90177",
-        chat_type: "group",
-        message_type: "text",
-        // Empty text — only @bot mention, no additional content
-        content: JSON.stringify({ text: "" }),
-        // Bot mention so the message passes the requireMention gate
-        mentions: [
-          { key: "@_bot_1", id: { open_id: "ou-bot-90177" }, name: "Bot", tenant_key: "" },
-        ],
-      },
-    };
-
-    await dispatchMessage({ cfg, event, botOpenId: "ou-bot-90177" });
-
-    expect(mockDispatchReplyFromConfig).toHaveBeenCalledTimes(1);
-    const context = mockCallArg<{ Body?: string }>(mockFinalizeInboundContext, 0, 0);
-    expect(context.Body).toContain("[Replying to:");
-    expect(context.Body).toContain("parent message with context");
-  });
-
-  it("does not over-fetch quoted message for unmentioned empty reply in requireMention:true group (#90177)", async () => {
-    // An empty-text reply that quotes a parent but does NOT mention the bot
-    // in a requireMention:true group should be rejected at the mention gate
-    // before the quoted message is fetched, so getMessageFeishu is never
-    // called and nothing is dispatched.
-    mockShouldComputeCommandAuthorized.mockReturnValue(false);
-
-    const cfg: ClawdbotConfig = {
-      channels: {
-        feishu: {
-          groupPolicy: "open",
-          groups: {
-            "oc-group-90177-neg": {
-              requireMention: true,
-            },
-          },
-        },
-      },
-    } as ClawdbotConfig;
-
-    const event: FeishuMessageEvent = {
-      sender: {
-        sender_id: {
-          open_id: "ou-group-sender-neg",
-        },
-      },
-      message: {
-        message_id: "msg-group-unmentioned-empty-quote",
-        parent_id: "om_group_quoted_neg",
-        chat_id: "oc-group-90177-neg",
-        chat_type: "group",
-        message_type: "text",
-        // Empty text with no bot mention
-        content: JSON.stringify({ text: "" }),
-      },
-    };
-
-    await dispatchMessage({ cfg, event, botOpenId: "ou-bot-90177-neg" });
-
-    expect(mockGetMessageFeishu).not.toHaveBeenCalled();
-    expect(mockDispatchReplyFromConfig).not.toHaveBeenCalled();
-  });
 });
 
 describe("createFeishuMessageReceiveHandler media dedupe", () => {

extensions/feishu/src/bot.ts

@@ -1026,57 +1026,15 @@ export async function handleFeishuMessage(params: {
       log,
       accountId: account.accountId,
     });
-    // Fetch quoted/replied message content before the empty-message guard
-    // so a reply with only @bot (no text, no media) is not dropped when
-    // the quoted message carries meaningful content.
-    let quotedMessageInfo: Awaited<ReturnType<typeof getMessageFeishu>> = null;
-    let quotedContent: string | undefined;
-    if (ctx.parentId) {
-      try {
-        quotedMessageInfo = await getMessageFeishu({
-          cfg,
-          messageId: ctx.parentId,
-          accountId: account.accountId,
-        });
-        if (
-          quotedMessageInfo &&
-          (await shouldIncludeFetchedGroupContextMessage({
-            cfg,
-            accountId: account.accountId,
-            chatId: ctx.chatId,
-            isGroup,
-            allowFrom: effectiveGroupSenderAllowFrom,
-            mode: contextVisibilityMode,
-            kind: "quote",
-            senderId: quotedMessageInfo.senderId,
-            senderType: quotedMessageInfo.senderType,
-          }))
-        ) {
-          quotedContent = quotedMessageInfo.content;
-          log(
-            `feishu[${account.accountId}]: fetched quoted message: ${quotedContent?.slice(0, 100)}`,
-          );
-        } else if (quotedMessageInfo) {
-          log(
-            `feishu[${account.accountId}]: skipped quoted message from sender ${quotedMessageInfo.senderId ?? "unknown"} (mode=${contextVisibilityMode})`,
-          );
-        }
-      } catch (err) {
-        log(`feishu[${account.accountId}]: failed to fetch quoted message: ${String(err)}`);
-      }
-    }
-
-    // Skip messages with no text content, no media attachments, and no quoted
-    // content. Feishu can deliver empty-text events (e.g. `{"text":""}`) when
-    // a user sends a blank message or when media parsing produces an empty
-    // string. Writing a blank user turn to the session causes downstream LLM
-    // providers (e.g. MiniMax) to reject the request with "messages must not
-    // be empty" errors. Logging the skip avoids silent loss without polluting
-    // the agent session. Quoted content is checked too so a reply-only @bot
-    // with quoted context is not dropped.
-    if (!ctx.content.trim() && mediaList.length === 0 && !quotedContent?.trim()) {
+    // Skip messages with no text content and no media attachments. Feishu can
+    // deliver empty-text events (e.g. `{"text":""}`) when a user sends a blank
+    // message or when media parsing produces an empty string. Writing a blank
+    // user turn to the session causes downstream LLM providers (e.g. MiniMax)
+    // to reject the request with "messages must not be empty" errors. Logging
+    // the skip avoids silent loss without polluting the agent session.
+    if (!ctx.content.trim() && mediaList.length === 0) {
       log(
-        `feishu[${account.accountId}]: skipping empty message (no text, no media, no quoted) from ${ctx.senderOpenId}`,
+        `feishu[${account.accountId}]: skipping empty message (no text, no media) from ${ctx.senderOpenId}`,
       );
       return;
     }
@@ -1149,6 +1107,44 @@ export async function handleFeishuMessage(params: {
             ).commandAccess.authorized
       : undefined;
 
+    // Fetch quoted/replied message content if parentId exists
+    let quotedMessageInfo: Awaited<ReturnType<typeof getMessageFeishu>> = null;
+    let quotedContent: string | undefined;
+    if (ctx.parentId) {
+      try {
+        quotedMessageInfo = await getMessageFeishu({
+          cfg,
+          messageId: ctx.parentId,
+          accountId: account.accountId,
+        });
+        if (
+          quotedMessageInfo &&
+          (await shouldIncludeFetchedGroupContextMessage({
+            cfg,
+            accountId: account.accountId,
+            chatId: ctx.chatId,
+            isGroup,
+            allowFrom: effectiveGroupSenderAllowFrom,
+            mode: contextVisibilityMode,
+            kind: "quote",
+            senderId: quotedMessageInfo.senderId,
+            senderType: quotedMessageInfo.senderType,
+          }))
+        ) {
+          quotedContent = quotedMessageInfo.content;
+          log(
+            `feishu[${account.accountId}]: fetched quoted message: ${quotedContent?.slice(0, 100)}`,
+          );
+        } else if (quotedMessageInfo) {
+          log(
+            `feishu[${account.accountId}]: skipped quoted message from sender ${quotedMessageInfo.senderId ?? "unknown"} (mode=${contextVisibilityMode})`,
+          );
+        }
+      } catch (err) {
+        log(`feishu[${account.accountId}]: failed to fetch quoted message: ${String(err)}`);
+      }
+    }
+
     const isTopicSessionForThread =
       isGroup &&
       (groupSession?.groupSessionScope === "group_topic" ||

extensions/feishu/src/client-import.test.ts

@@ -0,0 +1,30 @@
+// Feishu client module import behavior tests.
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+afterEach(() => {
+  vi.doUnmock("@larksuiteoapi/node-sdk");
+  vi.doUnmock("@openclaw/proxyline");
+  vi.resetModules();
+});
+
+describe("Feishu client module", () => {
+  it("loads when the SDK has no default HTTP instance", async () => {
+    vi.doMock("@larksuiteoapi/node-sdk", () => ({
+      AppType: { SelfBuild: "self" },
+      Domain: { Feishu: "https://open.feishu.cn", Lark: "https://open.larksuite.com" },
+      LoggerLevel: { info: "info" },
+      Client: vi.fn(),
+      WSClient: vi.fn(),
+      EventDispatcher: vi.fn(),
+      defaultHttpInstance: undefined,
+    }));
+    vi.doMock("@openclaw/proxyline", () => ({
+      createAmbientNodeProxyAgent: vi.fn(),
+      hasAmbientNodeProxyConfigured: vi.fn(() => false),
+    }));
+
+    await expect(import("./client.js")).resolves.toMatchObject({
+      createFeishuClient: expect.any(Function),
+    });
+  });
+});

extensions/feishu/src/client.test.ts

@@ -387,6 +387,23 @@ describe("createFeishuClient HTTP timeout", () => {
     });
   });
 
+  it("rejects client creation when the SDK default HTTP instance is unavailable", () => {
+    setFeishuClientRuntimeForTest({
+      sdk: {
+        defaultHttpInstance: undefined as never,
+      },
+    });
+
+    expect(() =>
+      createFeishuClient({
+        appId: "app-default-http",
+        appSecret: "secret-default-http", // pragma: allowlist secret
+        accountId: "default-http-instance",
+      }),
+    ).toThrow("Feishu SDK default HTTP instance is unavailable");
+    expect(clientCtorMock).not.toHaveBeenCalled();
+  });
+
   it("evicts client cache when SDK is replaced via setFeishuClientRuntimeForTest (#83911)", () => {
     const ctorCountA = clientCtorMock.mock.calls.length;
 

extensions/feishu/src/client.ts

@@ -67,12 +67,14 @@ let feishuClientSdk: FeishuClientSdk = defaultFeishuClientSdk;
 // If a future SDK version adds more interceptors, the upgrade will need
 // compatibility verification regardless.
 {
-  const inst = Lark.defaultHttpInstance as {
-    interceptors?: {
-      request: { handlers: unknown[]; use: (fn: (req: unknown) => unknown) => void };
-    };
-  };
-  if (inst.interceptors?.request) {
+  const inst = Lark.defaultHttpInstance as
+    | {
+        interceptors?: {
+          request: { handlers: unknown[]; use: (fn: (req: unknown) => unknown) => void };
+        };
+      }
+    | undefined;
+  if (inst?.interceptors?.request) {
     inst.interceptors.request.handlers = [];
     inst.interceptors.request.use((req: unknown) => {
       const r = req as { headers?: Record<string, string> };
@@ -119,9 +121,10 @@ function resolveDomain(domain: FeishuDomain | undefined): Lark.Domain | string {
  * but injects a default request timeout and User-Agent header to prevent
  * indefinite hangs and set a standardized User-Agent per OAPI best practices.
  */
-function createTimeoutHttpInstance(defaultTimeoutMs: number): Lark.HttpInstance {
-  const base: FeishuHttpInstanceLike = feishuClientSdk.defaultHttpInstance;
-
+function createTimeoutHttpInstance(
+  base: FeishuHttpInstanceLike,
+  defaultTimeoutMs: number,
+): Lark.HttpInstance {
   function injectTimeout<D>(opts?: Lark.HttpRequestOptions<D>): Lark.HttpRequestOptions<D> {
     return { timeout: defaultTimeoutMs, ...opts } as Lark.HttpRequestOptions<D>;
   }
@@ -175,13 +178,19 @@ export function createFeishuClient(creds: FeishuClientCredentials): Lark.Client
     return cached.client;
   }
 
-  // Create new client with timeout-aware HTTP instance
+  const defaultHttpInstance = feishuClientSdk.defaultHttpInstance as
+    | FeishuHttpInstanceLike
+    | undefined;
+  if (!defaultHttpInstance) {
+    throw new Error("Feishu SDK default HTTP instance is unavailable");
+  }
+
   const client = new feishuClientSdk.Client({
     appId,
     appSecret,
     appType: feishuClientSdk.AppType.SelfBuild,
     domain: resolveDomain(domain),
-    httpInstance: createTimeoutHttpInstance(defaultHttpTimeoutMs),
+    httpInstance: createTimeoutHttpInstance(defaultHttpInstance, defaultHttpTimeoutMs),
   });
 
   // Cache it

extensions/feishu/src/send.test.ts

@@ -258,39 +258,7 @@ describe("getMessageFeishu", () => {
         }),
       },
     });
-    expect(typeof result.receipt.sentAt).toBe("number");
-    expect(result).toEqual({
-      messageId: "om_mentions",
-      chatId: "oc_send",
-      receipt: {
-        primaryPlatformMessageId: "om_mentions",
-        platformMessageIds: ["om_mentions"],
-        parts: [
-          {
-            platformMessageId: "om_mentions",
-            kind: "text",
-            index: 0,
-            raw: {
-              channel: "feishu",
-              messageId: "om_mentions",
-              chatId: "oc_send",
-              conversationId: "oc_send",
-            },
-            threadId: "oc_send",
-          },
-        ],
-        threadId: "oc_send",
-        sentAt: result.receipt.sentAt,
-        raw: [
-          {
-            channel: "feishu",
-            messageId: "om_mentions",
-            chatId: "oc_send",
-            conversationId: "oc_send",
-          },
-        ],
-      },
-    });
+    expect(result).toEqual({ messageId: "om_mentions", chatId: "oc_send" });
   });
 
   it("extracts text content from interactive card elements", async () => {

extensions/matrix/npm-shrinkwrap.json

@@ -8,7 +8,7 @@
       "name": "@openclaw/matrix",
       "version": "2026.6.8",
       "dependencies": {
-        "@matrix-org/matrix-sdk-crypto-nodejs": "0.6.0",
+        "@matrix-org/matrix-sdk-crypto-nodejs": "0.4.0",
         "@matrix-org/matrix-sdk-crypto-wasm": "18.3.0",
         "fake-indexeddb": "6.2.5",
         "markdown-it": "14.2.0",
@@ -46,9 +46,9 @@
       }
     },
     "node_modules/@matrix-org/matrix-sdk-crypto-nodejs": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/@matrix-org/matrix-sdk-crypto-nodejs/-/matrix-sdk-crypto-nodejs-0.6.0.tgz",
-      "integrity": "sha512-AndGryzkDtFbaDyPBAQ2B4pUhaA/q4HJf3wgiGpPa/70DsdY1Z3R5Wn9yp+56CeHOpk61mNHz/8WDPlzrZDSJw==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@matrix-org/matrix-sdk-crypto-nodejs/-/matrix-sdk-crypto-nodejs-0.4.0.tgz",
+      "integrity": "sha512-+qqgpn39XFSbsD0dFjssGO9vHEP7sTyfs8yTpt8vuqWpUpF20QMwpCZi0jpYw7GxjErNTsMshopuo8677DfGEA==",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -56,7 +56,7 @@
         "node-downloader-helper": "^2.1.9"
       },
       "engines": {
-        "node": ">= 24"
+        "node": ">= 22"
       }
     },
     "node_modules/@matrix-org/matrix-sdk-crypto-wasm": {

extensions/matrix/package.json

@@ -8,7 +8,7 @@
   },
   "type": "module",
   "dependencies": {
-    "@matrix-org/matrix-sdk-crypto-nodejs": "0.6.0",
+    "@matrix-org/matrix-sdk-crypto-nodejs": "0.4.0",
     "@matrix-org/matrix-sdk-crypto-wasm": "18.3.0",
     "fake-indexeddb": "6.2.5",
     "markdown-it": "14.2.0",

extensions/mattermost/src/channel.ts

@@ -858,7 +858,6 @@ export const mattermostPlugin: ChannelPlugin<ResolvedMattermostAccount> = create
         extra: {
           botTokenSource: account.botTokenSource,
           baseUrl: account.baseUrl,
-          dmPolicy: account.config.dmPolicy ?? "pairing",
           connected: runtime?.connected ?? false,
           lastConnectedAt: runtime?.lastConnectedAt ?? null,
           lastDisconnect: runtime?.lastDisconnect ?? null,

extensions/mattermost/src/config-schema.test.ts

@@ -30,21 +30,6 @@ describe("MattermostConfigSchema", () => {
     expect(result.success).toBe(true);
   });
 
-  it('rejects dmPolicy="open" without wildcard allowFrom', () => {
-    const result = MattermostConfigSchema.safeParse({
-      dmPolicy: "open",
-    });
-    expect(result.success).toBe(false);
-  });
-
-  it('accepts dmPolicy="open" with wildcard allowFrom', () => {
-    const result = MattermostConfigSchema.safeParse({
-      dmPolicy: "open",
-      allowFrom: ["*"],
-    });
-    expect(result.success).toBe(true);
-  });
-
   it("accepts documented streaming modes and progress config", () => {
     const result = MattermostConfigSchema.safeParse({
       streaming: {

extensions/mattermost/src/mattermost/monitor-auth.test.ts

@@ -11,7 +11,6 @@ vi.mock("./runtime-api.js", () => ({
 
 describe("mattermost monitor auth", () => {
   let authorizeMattermostCommandInvocation: typeof import("./monitor-auth.js").authorizeMattermostCommandInvocation;
-  let formatMattermostDirectMessageDropLog: typeof import("./monitor-auth.js").formatMattermostDirectMessageDropLog;
   let isMattermostSenderAllowed: typeof import("./monitor-auth.js").isMattermostSenderAllowed;
   let normalizeMattermostAllowEntry: typeof import("./monitor-auth.js").normalizeMattermostAllowEntry;
   let normalizeMattermostAllowList: typeof import("./monitor-auth.js").normalizeMattermostAllowList;
@@ -19,7 +18,6 @@ describe("mattermost monitor auth", () => {
   beforeAll(async () => {
     ({
       authorizeMattermostCommandInvocation,
-      formatMattermostDirectMessageDropLog,
       isMattermostSenderAllowed,
       normalizeMattermostAllowEntry,
       normalizeMattermostAllowList,
@@ -60,18 +58,6 @@ describe("mattermost monitor auth", () => {
     });
   });
 
-  it("formats direct-message drops with the ingress reason and open-policy hint", () => {
-    expect(
-      formatMattermostDirectMessageDropLog({
-        senderId: "alice-id",
-        dmPolicy: "open",
-        reasonCode: "dm_policy_not_allowlisted",
-      }),
-    ).toBe(
-      "mattermost: drop dm sender=alice-id (dmPolicy=open reason=dm_policy_not_allowlisted hint=add-allowFrom-wildcard)",
-    );
-  });
-
   it("resolves direct command authorization from shared ingress", async () => {
     isDangerousNameMatchingEnabled.mockReturnValue(false);
     resolveAllowlistMatchSimple.mockReturnValue({ allowed: false });

extensions/mattermost/src/mattermost/monitor-auth.ts

@@ -61,19 +61,6 @@ export function normalizeMattermostAllowList(entries: Array<string | number>): s
   return uniqueStrings(normalized);
 }
 
-export function formatMattermostDirectMessageDropLog(params: {
-  senderId: string;
-  dmPolicy: string;
-  reasonCode?: string;
-}): string {
-  const reason = params.reasonCode ? ` reason=${params.reasonCode}` : "";
-  const hint =
-    params.dmPolicy === "open" && params.reasonCode === "dm_policy_not_allowlisted"
-      ? " hint=add-allowFrom-wildcard"
-      : "";
-  return `mattermost: drop dm sender=${params.senderId} (dmPolicy=${params.dmPolicy}${reason}${hint})`;
-}
-
 export function isMattermostSenderAllowed(params: {
   senderId: string;
   senderName?: string;

extensions/mattermost/src/mattermost/monitor.ts

@@ -57,7 +57,6 @@ import {
 } from "./model-picker.js";
 import {
   authorizeMattermostCommandInvocation,
-  formatMattermostDirectMessageDropLog,
   normalizeMattermostAllowEntry,
   resolveMattermostMonitorInboundAccess,
 } from "./monitor-auth.js";
@@ -1392,13 +1391,7 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
               }
               return;
             }
-            logVerboseMessage(
-              formatMattermostDirectMessageDropLog({
-                senderId,
-                dmPolicy,
-                reasonCode: accessDecision.senderAccess.reasonCode,
-              }),
-            );
+            logVerboseMessage(`mattermost: drop dm sender=${senderId} (dmPolicy=${dmPolicy})`);
             return;
           }
           if (accessDecision.ingress.reasonCode === "group_policy_disabled") {

extensions/msteams/src/monitor-handler.adaptive-card.test.ts

@@ -94,57 +94,12 @@ function createActivityHandler() {
   return { handler, run };
 }
 
-async function runAdaptiveCardInvoke(
-  registered: MSTeamsActivityHandler & {
-    run: NonNullable<MSTeamsActivityHandler["run"]>;
-  },
-  value: unknown,
-) {
-  await registered.run({
-    activity: {
-      id: "invoke-1",
-      type: "invoke",
-      name: "adaptiveCard/action",
-      channelId: "msteams",
-      serviceUrl: "https://service.example.test",
-      from: {
-        id: "user-bf",
-        aadObjectId: "user-aad",
-        name: "User",
-      },
-      recipient: {
-        id: "bot-id",
-        name: "Bot",
-      },
-      conversation: {
-        id: "19:personal-chat;messageid=abc123",
-        conversationType: "personal",
-      },
-      channelData: {},
-      attachments: [],
-      value,
-    },
-    sendActivity: vi.fn(async () => ({ id: "activity-id" })),
-    sendActivities: async () => [],
-  } as unknown as MSTeamsTurnContext);
-}
-
-function lastDispatchedCtxPayload(): Record<string, unknown> {
-  const dispatched = runtimeApiMockState.dispatchReplyFromConfigWithSettledDispatcher.mock.calls.at(
-    -1,
-  )?.[0] as { ctxPayload?: Record<string, unknown> } | undefined;
-  if (!dispatched?.ctxPayload) {
-    throw new Error("expected dispatched context payload");
-  }
-  return dispatched.ctxPayload;
-}
-
 describe("msteams adaptive card action invoke", () => {
   beforeEach(() => {
     runtimeApiMockState.dispatchReplyFromConfigWithSettledDispatcher.mockClear();
   });
 
-  it("forwards adaptive card submitted data to the agent as message text", async () => {
+  it("forwards adaptive card invoke values to the agent as message text", async () => {
     const deps = createDeps();
     const { handler, run } = createActivityHandler();
     const registered = registerMSTeamsHandlers(handler, deps) as MSTeamsActivityHandler & {
@@ -161,117 +116,44 @@ describe("msteams adaptive card action invoke", () => {
       trigger: "button-click",
     };
 
-    await runAdaptiveCardInvoke(registered, payload);
+    await registered.run({
+      activity: {
+        id: "invoke-1",
+        type: "invoke",
+        name: "adaptiveCard/action",
+        channelId: "msteams",
+        serviceUrl: "https://service.example.test",
+        from: {
+          id: "user-bf",
+          aadObjectId: "user-aad",
+          name: "User",
+        },
+        recipient: {
+          id: "bot-id",
+          name: "Bot",
+        },
+        conversation: {
+          id: "19:personal-chat;messageid=abc123",
+          conversationType: "personal",
+        },
+        channelData: {},
+        attachments: [],
+        value: payload,
+      },
+      sendActivity: vi.fn(async () => ({ id: "activity-id" })),
+      sendActivities: async () => [],
+    } as unknown as MSTeamsTurnContext);
 
     expect(run).not.toHaveBeenCalled();
     expect(runtimeApiMockState.dispatchReplyFromConfigWithSettledDispatcher).toHaveBeenCalledTimes(
       1,
     );
-    const expectedBody = JSON.stringify(payload.action.data);
-    const ctxPayload = lastDispatchedCtxPayload();
-    expect(ctxPayload.RawBody).toBe(expectedBody);
-    expect(ctxPayload.BodyForAgent).toBe(expectedBody);
-    expect(ctxPayload.CommandBody).toBe(expectedBody);
-    expect(ctxPayload.SessionKey).toBe("msteams:direct:user-aad");
-    expect(ctxPayload.SenderId).toBe("user-aad");
-  });
-
-  it("routes Teams imBack actions as the submitted message text", async () => {
-    const deps = createDeps();
-    const { handler } = createActivityHandler();
-    const registered = registerMSTeamsHandlers(handler, deps) as MSTeamsActivityHandler & {
-      run: NonNullable<MSTeamsActivityHandler["run"]>;
-    };
-
-    await runAdaptiveCardInvoke(registered, {
-      action: {
-        type: "Action.Submit",
-        data: { msteams: { type: "imBack", value: "Summarize my last meeting" } },
-      },
-    });
-
-    const ctxPayload = lastDispatchedCtxPayload();
-    expect(ctxPayload.BodyForAgent).toBe("Summarize my last meeting");
-    expect(ctxPayload.CommandBody).toBe("Summarize my last meeting");
-  });
-
-  it("routes typed command submit actions as command text", async () => {
-    const deps = createDeps();
-    const { handler } = createActivityHandler();
-    const registered = registerMSTeamsHandlers(handler, deps) as MSTeamsActivityHandler & {
-      run: NonNullable<MSTeamsActivityHandler["run"]>;
-    };
-
-    await runAdaptiveCardInvoke(registered, {
-      action: {
-        type: "Action.Submit",
-        data: "/codex plugins menu",
-      },
-    });
-
-    const ctxPayload = lastDispatchedCtxPayload();
-    expect(ctxPayload.BodyForAgent).toBe("/codex plugins menu");
-    expect(ctxPayload.CommandBody).toBe("/codex plugins menu");
-  });
-
-  it("preserves legacy presentation submit values as structured data", async () => {
-    const deps = createDeps();
-    const { handler } = createActivityHandler();
-    const registered = registerMSTeamsHandlers(handler, deps) as MSTeamsActivityHandler & {
-      run: NonNullable<MSTeamsActivityHandler["run"]>;
-    };
-    const data = { value: "/codex permissions yolo", label: "Run" };
-
-    await runAdaptiveCardInvoke(registered, {
-      action: {
-        type: "Action.Submit",
-        data,
-      },
-    });
-
-    const ctxPayload = lastDispatchedCtxPayload();
-    expect(ctxPayload.BodyForAgent).toBe(JSON.stringify(data));
-    expect(ctxPayload.CommandBody).toBe(JSON.stringify(data));
-  });
-
-  it("preserves arbitrary submitted data with a value field", async () => {
-    const deps = createDeps();
-    const { handler } = createActivityHandler();
-    const registered = registerMSTeamsHandlers(handler, deps) as MSTeamsActivityHandler & {
-      run: NonNullable<MSTeamsActivityHandler["run"]>;
-    };
-    const data = { value: "selected", formId: "deploy-approval", choices: ["canary"] };
-
-    await runAdaptiveCardInvoke(registered, {
-      action: {
-        type: "Action.Submit",
-        data,
-      },
-    });
-
-    const ctxPayload = lastDispatchedCtxPayload();
-    expect(ctxPayload.BodyForAgent).toBe(JSON.stringify(data));
-    expect(ctxPayload.CommandBody).toBe(JSON.stringify(data));
-  });
-
-  it("preserves generic Action.Execute verb metadata", async () => {
-    const deps = createDeps();
-    const { handler } = createActivityHandler();
-    const registered = registerMSTeamsHandlers(handler, deps) as MSTeamsActivityHandler & {
-      run: NonNullable<MSTeamsActivityHandler["run"]>;
-    };
-    const payload = {
-      action: {
-        type: "Action.Execute",
-        verb: "ticket.approve",
-        data: { ticketId: "ticket-123" },
-      },
-    };
-
-    await runAdaptiveCardInvoke(registered, payload);
-
-    const ctxPayload = lastDispatchedCtxPayload();
-    expect(ctxPayload.BodyForAgent).toBe(JSON.stringify(payload));
-    expect(ctxPayload.CommandBody).toBe(JSON.stringify(payload));
+    const dispatched = runtimeApiMockState.dispatchReplyFromConfigWithSettledDispatcher.mock
+      .calls[0]?.[0] as { ctxPayload?: Record<string, unknown> } | undefined;
+    expect(dispatched?.ctxPayload?.RawBody).toBe(JSON.stringify(payload));
+    expect(dispatched?.ctxPayload?.BodyForAgent).toBe(JSON.stringify(payload));
+    expect(dispatched?.ctxPayload?.CommandBody).toBe(JSON.stringify(payload));
+    expect(dispatched?.ctxPayload?.SessionKey).toBe("msteams:direct:user-aad");
+    expect(dispatched?.ctxPayload?.SenderId).toBe("user-aad");
   });
 });

extensions/msteams/src/monitor-handler.ts

@@ -1,9 +1,5 @@
 // Msteams plugin module implements monitor handler behavior.
-import {
-  isRecord,
-  normalizeOptionalLowercaseString,
-  normalizeOptionalString,
-} from "openclaw/plugin-sdk/string-coerce-runtime";
+import { normalizeOptionalLowercaseString } from "openclaw/plugin-sdk/string-coerce-runtime";
 import { formatUnknownError } from "./errors.js";
 import { resolveMSTeamsSenderAccess } from "./monitor-handler/access.js";
 import { createMSTeamsMessageHandler } from "./monitor-handler/message-handler.js";
@@ -29,43 +25,16 @@ export type MSTeamsActivityHandler = {
   run?: (context: unknown) => Promise<void>;
 };
 
-function extractAdaptiveCardSubmittedData(value: unknown): unknown {
-  if (!isRecord(value)) {
-    return value;
-  }
-  const action = isRecord(value.action) ? value.action : undefined;
-  if (action && normalizeOptionalLowercaseString(action.type) === "action.submit" && "data" in action) {
-    return action.data;
-  }
-  return value;
-}
-
-function readMSTeamsImBackValue(value: unknown): string | null {
-  if (!isRecord(value)) {
-    return null;
-  }
-  const msteams = isRecord(value.msteams) ? value.msteams : undefined;
-  if (!msteams || normalizeOptionalLowercaseString(msteams.type) !== "imback") {
-    return null;
-  }
-  return normalizeOptionalString(msteams.value) ?? null;
-}
-
 function serializeAdaptiveCardActionValue(value: unknown): string | null {
-  const submittedValue = extractAdaptiveCardSubmittedData(value);
-  if (typeof submittedValue === "string") {
-    const trimmed = submittedValue.trim();
+  if (typeof value === "string") {
+    const trimmed = value.trim();
     return trimmed ? trimmed : null;
   }
-  const imBackValue = readMSTeamsImBackValue(submittedValue);
-  if (imBackValue) {
-    return imBackValue;
-  }
-  if (submittedValue == null) {
+  if (value === undefined) {
     return null;
   }
   try {
-    return JSON.stringify(submittedValue);
+    return JSON.stringify(value);
   } catch {
     return null;
   }

extensions/qa-lab/src/cli.runtime.test.ts

@@ -75,7 +75,6 @@ vi.mock("./model-selection.runtime.js", () => ({
 import { resolveRepoRelativeOutputDir } from "./cli-paths.js";
 import {
   runQaLabSelfCheckCommand,
-  runQaCredentialsAddCommand,
   runQaDockerBuildImageCommand,
   runQaDockerScaffoldCommand,
   runQaDockerUpCommand,
@@ -2189,30 +2188,6 @@ describe("qa cli runtime", () => {
     expectWriteContains(stdoutWrite, "QA self-check report: /tmp/failed-report.md");
   });
 
-  it("rejects oversized credential payload files before broker setup", async () => {
-    const previousMaxBytes = process.env.OPENCLAW_QA_CREDENTIAL_PAYLOAD_MAX_BYTES;
-    const payloadPath = path.join(suiteArtifactsDir, "oversized-credential.json");
-    await fs.writeFile(payloadPath, JSON.stringify({ blob: "x".repeat(64) }), "utf8");
-    process.env.OPENCLAW_QA_CREDENTIAL_PAYLOAD_MAX_BYTES = "32";
-
-    try {
-      await expect(
-        runQaCredentialsAddCommand({
-          kind: "telegram",
-          payloadFile: payloadPath,
-        }),
-      ).rejects.toThrow(
-        "Payload file exceeds OPENCLAW_QA_CREDENTIAL_PAYLOAD_MAX_BYTES (32 bytes).",
-      );
-    } finally {
-      if (previousMaxBytes === undefined) {
-        delete process.env.OPENCLAW_QA_CREDENTIAL_PAYLOAD_MAX_BYTES;
-      } else {
-        process.env.OPENCLAW_QA_CREDENTIAL_PAYLOAD_MAX_BYTES = previousMaxBytes;
-      }
-    }
-  });
-
   it("resolves docker scaffold paths relative to the explicit repo root", async () => {
     await runQaDockerScaffoldCommand({
       repoRoot: "/tmp/openclaw-repo",

extensions/qa-lab/src/cli.runtime.ts

@@ -2,7 +2,6 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { formatErrorMessage } from "openclaw/plugin-sdk/error-runtime";
-import { parseStrictPositiveInteger } from "openclaw/plugin-sdk/number-runtime";
 import { uniqueStrings } from "openclaw/plugin-sdk/string-coerce-runtime";
 import {
   buildQaAgenticParityComparison,
@@ -91,8 +90,6 @@ import {
 } from "./tool-coverage-report.js";
 
 const QA_SUITE_INFRA_RETRY_LIMIT = 1;
-const QA_CREDENTIAL_PAYLOAD_MAX_BYTES_ENV = "OPENCLAW_QA_CREDENTIAL_PAYLOAD_MAX_BYTES";
-const DEFAULT_QA_CREDENTIAL_PAYLOAD_MAX_BYTES = 64 * 1024 * 1024;
 const QA_SUITE_INFRA_RETRY_NETWORK_ERROR_CODES = new Set([
   "ECONNRESET",
   "ECONNREFUSED",
@@ -546,29 +543,7 @@ async function runInterruptibleServer(label: string, server: InterruptibleServer
   await new Promise(() => {});
 }
 
-function resolveQaCredentialPayloadFileMaxBytes(env: NodeJS.ProcessEnv = process.env) {
-  const raw = env[QA_CREDENTIAL_PAYLOAD_MAX_BYTES_ENV]?.trim();
-  if (!raw) {
-    return DEFAULT_QA_CREDENTIAL_PAYLOAD_MAX_BYTES;
-  }
-  const parsed = parseStrictPositiveInteger(raw);
-  if (parsed === undefined) {
-    throw new Error(`${QA_CREDENTIAL_PAYLOAD_MAX_BYTES_ENV} must be a positive integer.`);
-  }
-  return parsed;
-}
-
 async function readQaCredentialPayloadFile(filePath: string) {
-  const maxBytes = resolveQaCredentialPayloadFileMaxBytes();
-  const stat = await fs.stat(filePath);
-  if (!stat.isFile()) {
-    throw new Error("Payload file must be a regular JSON file.");
-  }
-  if (stat.size > maxBytes) {
-    throw new Error(
-      `Payload file exceeds ${QA_CREDENTIAL_PAYLOAD_MAX_BYTES_ENV} (${maxBytes} bytes).`,
-    );
-  }
   const text = await fs.readFile(filePath, "utf8");
   let payload: unknown;
   try {

extensions/telegram/src/bot-handlers.runtime.ts

@@ -2768,12 +2768,7 @@ export const registerTelegramHandlers = ({
         } catch (err) {
           throw new TelegramRetryableCallbackError(err);
         }
-        const {
-          byProvider,
-          providers,
-          modelNames,
-          resolvedDefault: activeResolvedDefault,
-        } = modelData;
+        const { byProvider, providers, modelNames } = modelData;
 
         const editMessageWithButtons = async (
           text: string,
@@ -2847,10 +2842,8 @@ export const registerTelegramHandlers = ({
           const totalPages = calculateTotalPages(models.length, pageSize);
           const safePage = Math.max(1, Math.min(page, totalPages));
 
-          // Resolve current model from session (prefer overrides), then the active default.
-          const currentModel =
-            sessionState.model ||
-            `${activeResolvedDefault.provider}/${activeResolvedDefault.model}`;
+          // Resolve current model from session (prefer overrides)
+          const currentModel = sessionState.model;
 
           const buttons = buildModelsKeyboard({
             provider,

extensions/telegram/src/bot-message-context.body.test.ts

@@ -2,21 +2,11 @@
 import { describe, expect, it, vi } from "vitest";
 import { normalizeAllowFrom } from "./bot-access.js";
 
-const {
-  resolveStickerVisionSupportRuntimeMock,
-  transcribeFirstAudioMock,
-  triggerInternalHookMock,
-} = vi.hoisted(() => ({
-  resolveStickerVisionSupportRuntimeMock: vi.fn(async (_params: unknown) => false),
+const { transcribeFirstAudioMock, triggerInternalHookMock } = vi.hoisted(() => ({
   transcribeFirstAudioMock: vi.fn(),
   triggerInternalHookMock: vi.fn<(event: unknown) => Promise<void>>(async () => undefined),
 }));
 
-vi.mock("./sticker-vision.runtime.js", () => ({
-  resolveStickerVisionSupportRuntime: (params: unknown) =>
-    resolveStickerVisionSupportRuntimeMock(params),
-}));
-
 vi.mock("./media-understanding.runtime.js", () => ({
   transcribeFirstAudio: (...args: unknown[]) => transcribeFirstAudioMock(...args),
 }));
@@ -287,38 +277,6 @@ describe("resolveTelegramInboundBody", () => {
     expect(result?.stickerCacheHit).toBe(true);
   });
 
-  it("keeps cached sticker media available when the active model supports vision", async () => {
-    resolveStickerVisionSupportRuntimeMock.mockResolvedValueOnce(true);
-
-    const result = await resolveTelegramBody({
-      msg: {
-        message_id: 8,
-        date: 1_700_000_008,
-        chat: { id: 42, type: "private", first_name: "Pat" },
-        from: { id: 42, first_name: "Pat" },
-        sticker: {
-          file_id: "sticker-3",
-          file_unique_id: "sticker-u3",
-          type: "regular",
-          width: 256,
-          height: 256,
-          is_animated: false,
-          is_video: false,
-        },
-      } as never,
-      allMedia: [
-        {
-          path: "/tmp/sticker.webp",
-          contentType: "image/webp",
-          stickerMetadata: { cachedDescription: "Cached description" },
-        },
-      ],
-    });
-
-    expect(result?.bodyText).toBe("<media:image>");
-    expect(result?.stickerCacheHit).toBe(false);
-  });
-
   it("lets catch-all mention patterns activate captionless group photos", async () => {
     const logger = { info: vi.fn() };
 

extensions/telegram/src/bot-message-dispatch.test.ts

@@ -2625,10 +2625,10 @@ describe("dispatchTelegramMessage draft streaming", () => {
     });
 
     const lastUpdate = answerDraftStream.updatePreview.mock.calls.at(-1)?.[0];
-    expect(lastUpdate?.text).toContain("completed");
-    expect(lastUpdate?.text).not.toContain("install dependencies");
+    expect(lastUpdate?.text).toContain("install dependencies");
+    expect(lastUpdate?.text).not.toContain("completed");
     expect(lastUpdate?.richMessage).toEqual({
-      html: "<b>Shelling</b><br><b>🛠️ Exec</b> <code>completed</code>",
+      html: "<b>Shelling</b><br><b>🛠️ Exec</b> <code>install dependencies</code>",
       skip_entity_detection: true,
     });
   });

extensions/telegram/src/bot.test.ts

@@ -1343,7 +1343,6 @@ describe("createTelegramBot", () => {
     replySpy.mockClear();
     editMessageTextSpy.mockClear();
 
-    const storePath = `/tmp/openclaw-telegram-model-display-names-${process.pid}-${Date.now()}.json`;
     const buildModelsProviderDataMock =
       telegramBotDepsForTest.buildModelsProviderData as unknown as ReturnType<typeof vi.fn>;
     buildModelsProviderDataMock.mockResolvedValueOnce({
@@ -1368,60 +1367,52 @@ describe("createTelegramBot", () => {
           allowFrom: ["*"],
         },
       },
-      session: {
-        store: storePath,
-      },
     } satisfies NonNullable<Parameters<typeof createTelegramBot>[0]["config"]>;
 
-    await rm(storePath, { force: true });
-    try {
-      loadConfig.mockReturnValue(config);
-      createTelegramBot({
-        token: "tok",
-        config,
-      });
-      const callbackHandler = onSpy.mock.calls.find(
-        (call) => call[0] === "callback_query",
-      )?.[1] as (ctx: Record<string, unknown>) => Promise<void>;
-      if (!callbackHandler) {
-        throw new Error("Expected Telegram callback_query handler");
-      }
-
-      await callbackHandler({
-        callbackQuery: {
-          id: "cbq-model-display-names-1",
-          data: "mdl_list_openai_1",
-          from: { id: 9, first_name: "Ada", username: "ada_bot" },
-          message: {
-            chat: { id: 1234, type: "private" },
-            date: 1736380800,
-            message_id: 23,
-          },
-        },
-        me: { username: "openclaw_bot" },
-        getFile: async () => ({ download: async () => new Uint8Array() }),
-      });
-
-      expect(replySpy).not.toHaveBeenCalled();
-      expect(editMessageTextSpy).toHaveBeenCalledTimes(1);
-      const params = firstEditMessageTextArg(3);
-      const inlineKeyboard = (
-        params as {
-          reply_markup?: {
-            inline_keyboard?: Array<Array<{ text?: string; callback_data?: string }>>;
-          };
-        }
-      ).reply_markup?.inline_keyboard;
-
-      expect(inlineKeyboard).toStrictEqual([
-        [{ text: "GPT 4.1 Bridge", callback_data: "mdl_sel_openai/gpt-4.1" }],
-        [{ text: "GPT Five Bridge ✓", callback_data: "mdl_sel_openai/gpt-5" }],
-        [{ text: "<< Back", callback_data: "mdl_back" }],
-      ]);
-      expect(answerCallbackQuerySpy).toHaveBeenCalledWith("cbq-model-display-names-1");
-    } finally {
-      await rm(storePath, { force: true });
+    loadConfig.mockReturnValue(config);
+    createTelegramBot({
+      token: "tok",
+      config,
+    });
+    const callbackHandler = onSpy.mock.calls.find((call) => call[0] === "callback_query")?.[1] as (
+      ctx: Record<string, unknown>,
+    ) => Promise<void>;
+    if (!callbackHandler) {
+      throw new Error("Expected Telegram callback_query handler");
     }
+
+    await callbackHandler({
+      callbackQuery: {
+        id: "cbq-model-display-names-1",
+        data: "mdl_list_openai_1",
+        from: { id: 9, first_name: "Ada", username: "ada_bot" },
+        message: {
+          chat: { id: 1234, type: "private" },
+          date: 1736380800,
+          message_id: 23,
+        },
+      },
+      me: { username: "openclaw_bot" },
+      getFile: async () => ({ download: async () => new Uint8Array() }),
+    });
+
+    expect(replySpy).not.toHaveBeenCalled();
+    expect(editMessageTextSpy).toHaveBeenCalledTimes(1);
+    const params = firstEditMessageTextArg(3);
+    const inlineKeyboard = (
+      params as {
+        reply_markup?: {
+          inline_keyboard?: Array<Array<{ text?: string; callback_data?: string }>>;
+        };
+      }
+    ).reply_markup?.inline_keyboard;
+
+    expect(inlineKeyboard).toStrictEqual([
+      [{ text: "GPT 4.1 Bridge", callback_data: "mdl_sel_openai/gpt-4.1" }],
+      [{ text: "GPT Five Bridge ✓", callback_data: "mdl_sel_openai/gpt-5" }],
+      [{ text: "<< Back", callback_data: "mdl_back" }],
+    ]);
+    expect(answerCallbackQuerySpy).toHaveBeenCalledWith("cbq-model-display-names-1");
   });
 
   it("resets overrides when selecting the configured default model", async () => {

extensions/telegram/src/format.test.ts

@@ -424,47 +424,4 @@ describe("markdownToTelegramHtml", () => {
   it("fails loudly when tag overhead leaves no room for text", () => {
     expect(() => splitTelegramHtmlChunks("<b><i><u>x</u></i></b>", 10)).toThrow(/tag overhead/i);
   });
-
-  it("does not split an astral char across the chunk boundary", () => {
-    // Emoji surrogate pair straddles index 10 (limit): high at 9, low at 10.
-    const input = `${"A".repeat(9)}😀${"B".repeat(20)}`;
-    const chunks = splitTelegramHtmlChunks(input, 10);
-    expect(chunks.length).toBeGreaterThan(1);
-    expect(chunks.join("")).toBe(input);
-    for (const chunk of chunks) {
-      expect(containsLoneSurrogate(chunk)).toBe(false);
-    }
-  });
-
-  it("keeps an astral char whole when a positive limit starts on its pair", () => {
-    expect(splitTelegramHtmlChunks("A😀B", 1)).toEqual(["A", "😀", "B"]);
-  });
-
-  it("keeps astral chars whole in rendered Markdown chunks", () => {
-    const chunks = markdownToTelegramChunks("A😀B", 1);
-
-    expect(chunks.map((chunk) => chunk.text)).toEqual(["A", "😀", "B"]);
-    for (const chunk of chunks) {
-      expect(containsLoneSurrogate(chunk.html)).toBe(false);
-      expect(containsLoneSurrogate(chunk.text)).toBe(false);
-    }
-  });
 });
-
-function containsLoneSurrogate(text: string): boolean {
-  for (let index = 0; index < text.length; index += 1) {
-    const code = text.charCodeAt(index);
-    const isHigh = code >= 0xd800 && code <= 0xdbff;
-    const isLow = code >= 0xdc00 && code <= 0xdfff;
-    if (isHigh) {
-      const next = text.charCodeAt(index + 1);
-      if (!(next >= 0xdc00 && next <= 0xdfff)) {
-        return true;
-      }
-      index += 1;
-    } else if (isLow) {
-      return true;
-    }
-  }
-  return false;
-}

extensions/telegram/src/format.ts

@@ -1070,30 +1070,11 @@ function findTelegramHtmlEntityEnd(text: string, start: number): number {
   return text[index] === ";" ? index : -1;
 }
 
-// Never return a split index that lands between a UTF-16 surrogate pair, or
-// both chunks would carry a lone surrogate that re-encodes to U+FFFD. If the
-// pair starts the segment, keep it whole so chunking still advances.
-function clampToSurrogateBoundary(text: string, index: number): number {
-  const high = text.charCodeAt(index - 1);
-  const low = text.charCodeAt(index);
-  const splitsPair =
-    index > 0 && high >= 0xd800 && high <= 0xdbff && low >= 0xdc00 && low <= 0xdfff;
-  if (!splitsPair) {
-    return index;
-  }
-  return index > 1 ? index - 1 : index + 1;
-}
-
 function findTelegramHtmlSafeSplitIndex(text: string, maxLength: number): number {
   if (text.length <= maxLength) {
     return text.length;
   }
   const normalizedMaxLength = Math.max(1, Math.floor(maxLength));
-  const splitIndex = findTelegramHtmlEntitySafeSplitIndex(text, normalizedMaxLength);
-  return clampToSurrogateBoundary(text, splitIndex);
-}
-
-function findTelegramHtmlEntitySafeSplitIndex(text: string, normalizedMaxLength: number): number {
   const lastAmpersand = text.lastIndexOf("&", normalizedMaxLength - 1);
   if (lastAmpersand === -1) {
     return normalizedMaxLength;

extensions/telegram/src/send.chunks.test.ts

@@ -1,57 +0,0 @@
-// Telegram tests cover plain-text chunk-splitting behavior.
-import { describe, expect, it } from "vitest";
-import { splitTelegramPlainTextChunksForTests } from "./send.js";
-
-function containsLoneSurrogate(text: string): boolean {
-  for (let index = 0; index < text.length; index += 1) {
-    const code = text.charCodeAt(index);
-    const isHigh = code >= 0xd800 && code <= 0xdbff;
-    const isLow = code >= 0xdc00 && code <= 0xdfff;
-    if (isHigh) {
-      const next = text.charCodeAt(index + 1);
-      if (!(next >= 0xdc00 && next <= 0xdfff)) {
-        return true;
-      }
-      index += 1;
-    } else if (isLow) {
-      return true;
-    }
-  }
-  return false;
-}
-
-describe("splitTelegramPlainTextChunks", () => {
-  it("does not split an astral char across the chunk boundary", () => {
-    // Emoji surrogate pair straddles index 10 (limit): high at 9, low at 10.
-    const input = `${"A".repeat(9)}😀${"B".repeat(20)}`;
-    const chunks = splitTelegramPlainTextChunksForTests(input, 10);
-    expect(chunks.length).toBeGreaterThan(1);
-    expect(chunks.join("")).toBe(input);
-    for (const chunk of chunks) {
-      expect(containsLoneSurrogate(chunk)).toBe(false);
-    }
-  });
-
-  it("does not hang when limit=1 and text starts with an astral char", () => {
-    // Regression: with limit=1 the clamp would return start (no advance),
-    // causing the while-loop to spin forever. The surrogate pair must be
-    // emitted as a unit (2 code units) so the loop always advances.
-    const input = "😀X";
-    const chunks = splitTelegramPlainTextChunksForTests(input, 1);
-    expect(chunks.join("")).toBe(input);
-    for (const chunk of chunks) {
-      expect(containsLoneSurrogate(chunk)).toBe(false);
-    }
-  });
-
-  it("does not hang when limit=1 and an astral char appears mid-string at a chunk boundary", () => {
-    // 'A' + emoji: with limit=1, second iteration starts at index 1 (high
-    // surrogate) — same stall condition as above, now mid-string.
-    const input = "A😀B";
-    const chunks = splitTelegramPlainTextChunksForTests(input, 1);
-    expect(chunks.join("")).toBe(input);
-    for (const chunk of chunks) {
-      expect(containsLoneSurrogate(chunk)).toBe(false);
-    }
-  });
-});

extensions/telegram/src/send.ts

@@ -179,40 +179,14 @@ function resolveTelegramMessageIdOrThrow(
   throw new Error(`Telegram ${context} returned no message_id`);
 }
 
-// Pull a chunk end back off a UTF-16 surrogate pair so neither chunk carries a
-// lone surrogate that re-encodes to U+FFFD. Mirrors the guard in
-// bot/native-quote.ts `truncateUtf16Safe`; shared by both plain-text splitters.
-//
-// `start` is the beginning of the current chunk — the return value is
-// guaranteed to be > start, so callers that loop on `start = end` always
-// advance. When clamping would land on `start` (i.e. the surrogate pair begins
-// exactly at `start`), we emit both surrogates together (end = start + 2)
-// rather than emitting a lone surrogate or stalling.
-function surrogateSafeChunkEnd(text: string, end: number, start: number): number {
-  const high = text.charCodeAt(end - 1);
-  const low = text.charCodeAt(end);
-  const splitsPair = end > 0 && high >= 0xd800 && high <= 0xdbff && low >= 0xdc00 && low <= 0xdfff;
-  if (!splitsPair) {
-    return end;
-  }
-  const clamped = end - 1;
-  // Guard: never return an index that would stall the loop. If clamped equals
-  // start the surrogate pair's high unit is the very first char of this chunk;
-  // emit both surrogates together instead of splitting or stalling.
-  return clamped > start ? clamped : start + 2;
-}
-
 function splitTelegramPlainTextChunks(text: string, limit: number): string[] {
   if (!text) {
     return [];
   }
   const normalizedLimit = Math.max(1, Math.floor(limit));
   const chunks: string[] = [];
-  let start = 0;
-  while (start < text.length) {
-    const end = surrogateSafeChunkEnd(text, start + normalizedLimit, start);
-    chunks.push(text.slice(start, end));
-    start = end;
+  for (let start = 0; start < text.length; start += normalizedLimit) {
+    chunks.push(text.slice(start, start + normalizedLimit));
   }
   return chunks;
 }
@@ -235,19 +209,12 @@ function splitTelegramPlainTextFallback(text: string, chunkCount: number, limit:
       remainingChunks === 1
         ? remainingChars
         : Math.min(normalizedLimit, Math.ceil(remainingChars / remainingChunks));
-    const end = surrogateSafeChunkEnd(text, offset + nextChunkLength, offset);
-    chunks.push(text.slice(offset, end));
-    offset = end;
+    chunks.push(text.slice(offset, offset + nextChunkLength));
+    offset += nextChunkLength;
   }
   return chunks;
 }
 
-// Test-only handle: the plain-text splitter is internal, but its surrogate-safe
-// chunk boundary needs direct behavior coverage.
-export function splitTelegramPlainTextChunksForTests(text: string, limit: number): string[] {
-  return splitTelegramPlainTextChunks(text, limit);
-}
-
 function logTelegramOutboundSendOk(params: TelegramOutboundSuccessLogParams): void {
   const parts = [
     "telegram outbound send ok",

extensions/telegram/src/telegram-outbound.test.ts

@@ -43,17 +43,6 @@ describe("telegramPlugin outbound", () => {
     expect(telegramOutbound.chunker?.(text, 4000)).toEqual([text]);
   });
 
-  it("keeps astral characters whole at positive configured chunk limits", () => {
-    clearTelegramRuntime();
-
-    expect(telegramOutbound.chunker?.("A😀B", 1)).toEqual(["A", "😀", "B"]);
-    expect(telegramOutbound.chunker?.("A😀B", 1, { formatting: { parseMode: "HTML" } })).toEqual([
-      "A",
-      "😀",
-      "B",
-    ]);
-  });
-
   it("preserves markdown tables for the configured delivery renderer", () => {
     clearTelegramRuntime();
     const text = ["| Name | Value |", "|------|-------|", "| A | 1 |"].join("\n");

package.json

@@ -1432,7 +1432,7 @@
   "scripts": {
     "android:assemble": "node scripts/run-android-gradle.mjs :app:assemblePlayDebug",
     "android:assemble:third-party": "node scripts/run-android-gradle.mjs :app:assembleThirdPartyDebug",
-    "android:bundle:release": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android play_store_archive'",
+    "android:bundle:release": "bun apps/android/scripts/build-release-artifacts.ts",
     "android:format": "cd apps/android && ./gradlew :app:ktlintFormat :benchmark:ktlintFormat",
     "android:install": "node scripts/run-android-gradle.mjs :app:installPlayDebug",
     "android:install:third-party": "node scripts/run-android-gradle.mjs :app:installThirdPartyDebug",
@@ -1441,14 +1441,9 @@
     "android:run": "node scripts/run-android-gradle.mjs :app:installPlayDebug -- adb shell am start -n ai.openclaw.app/.MainActivity",
     "android:run:third-party": "node scripts/run-android-gradle.mjs :app:installThirdPartyDebug -- adb shell am start -n ai.openclaw.app/.MainActivity",
     "android:release": "bash scripts/android-release.sh",
-    "android:release:archive": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android play_store_archive'",
+    "android:release:archive": "bun apps/android/scripts/build-release-artifacts.ts",
     "android:release:auth:check": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android auth_check'",
     "android:release:metadata": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android metadata'",
-    "android:release:preflight": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android release_preflight'",
-    "android:release:signing:check": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android signing_check'",
-    "android:release:signing:plan": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android signing_plan'",
-    "android:release:signing:sync:pull": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android signing_sync_pull'",
-    "android:release:signing:sync:push": "bash -lc 'source ./scripts/lib/android-fastlane.sh && cd apps/android && run_android_fastlane android signing_sync_push'",
     "android:release:upload": "bash scripts/android-release-upload.sh",
     "android:screenshots": "bash scripts/android-screenshots.sh",
     "android:test": "node scripts/run-android-gradle.mjs :app:testPlayDebugUnitTest",

packages/agent-core/src/harness/agent-harness.ts

@@ -825,9 +825,7 @@ export class CoreAgentHarness<
         throw new AgentHarnessError("auth", "No auth available for compaction");
       }
       const branchEntries = await this.session.getBranch();
-      const preparationResult = prepareCompaction(branchEntries, DEFAULT_COMPACTION_SETTINGS, {
-        force: true,
-      });
+      const preparationResult = prepareCompaction(branchEntries, DEFAULT_COMPACTION_SETTINGS);
       if (!preparationResult.ok) {
         throw preparationResult.error;
       }

packages/agent-core/src/harness/compaction/compaction.test.ts

@@ -1,9 +1,7 @@
 import { describe, expect, it, vi } from "vitest";
 import { createAssistantMessageEventStream } from "../../llm.js";
 import type { AssistantMessage, Model, StreamFn } from "../../llm.js";
-import { buildSessionContext } from "../session/session.js";
-import type { SessionTreeEntry } from "../types.js";
-import { DEFAULT_COMPACTION_SETTINGS, prepareCompaction, generateSummary } from "./compaction.js";
+import { generateSummary } from "./compaction.js";
 
 describe("generateSummary thinking options", () => {
   it("maps explicit Fable off to low effort for compaction", async () => {
@@ -62,197 +60,3 @@ describe("generateSummary thinking options", () => {
     expect(streamFn).toHaveBeenCalledOnce();
   });
 });
-
-describe("prepareCompaction", () => {
-  function createHighUsageSmallTranscriptEntries(): SessionTreeEntry[] {
-    return [
-      {
-        type: "message",
-        id: "user-1",
-        parentId: null,
-        timestamp: "2026-06-17T08:45:00.000Z",
-        message: { role: "user", content: "What do you see in your history?", timestamp: 1 },
-      },
-      {
-        type: "message",
-        id: "assistant-1",
-        parentId: "user-1",
-        timestamp: "2026-06-17T08:45:10.000Z",
-        message: {
-          role: "assistant",
-          content: [{ type: "text", text: "Stored." }],
-          api: "openai-responses",
-          provider: "openai",
-          model: "gpt-test",
-          usage: {
-            input: 625,
-            output: 6,
-            cacheRead: 172_928,
-            cacheWrite: 0,
-            totalTokens: 173_559,
-            cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
-          },
-          stopReason: "stop",
-          timestamp: 2,
-        },
-      },
-    ];
-  }
-
-  it("skips automatic no-op summaries when usage is high but transcript text is below the kept-tail budget", () => {
-    const entries = createHighUsageSmallTranscriptEntries();
-
-    const preparation = prepareCompaction(entries, DEFAULT_COMPACTION_SETTINGS);
-
-    expect(preparation).toEqual({ ok: true, value: undefined });
-  });
-
-  it("forces manual preparation when usage is high but transcript text is below the kept-tail budget", () => {
-    const entries = createHighUsageSmallTranscriptEntries();
-
-    const preparation = prepareCompaction(entries, DEFAULT_COMPACTION_SETTINGS, { force: true });
-
-    expect(preparation).toEqual({
-      ok: true,
-      value: expect.objectContaining({
-        firstKeptEntryId: "assistant-1",
-        messagesToSummarize: entries.map((entry) =>
-          entry.type === "message" ? entry.message : undefined,
-        ),
-        tokensBefore: 173_559,
-        turnPrefixMessages: [],
-      }),
-    });
-  });
-
-  it("anchors a forced boundary on the assistant tool call, not a trailing tool result", () => {
-    const entries: SessionTreeEntry[] = [
-      {
-        type: "message",
-        id: "user-1",
-        parentId: null,
-        timestamp: "2026-06-17T08:45:00.000Z",
-        message: { role: "user", content: "Read the notes file.", timestamp: 1 },
-      },
-      {
-        type: "message",
-        id: "assistant-1",
-        parentId: "user-1",
-        timestamp: "2026-06-17T08:45:10.000Z",
-        message: {
-          role: "assistant",
-          content: [
-            { type: "toolCall", id: "call-1", name: "read_file", arguments: { path: "notes.md" } },
-          ],
-          api: "openai-responses",
-          provider: "openai",
-          model: "gpt-test",
-          usage: {
-            input: 625,
-            output: 6,
-            cacheRead: 172_928,
-            cacheWrite: 0,
-            totalTokens: 173_559,
-            cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
-          },
-          stopReason: "toolUse",
-          timestamp: 2,
-        },
-      },
-      {
-        type: "message",
-        id: "tool-1",
-        parentId: "assistant-1",
-        timestamp: "2026-06-17T08:45:11.000Z",
-        message: {
-          role: "toolResult",
-          toolCallId: "call-1",
-          toolName: "read_file",
-          content: [{ type: "text", text: "notes body" }],
-          isError: false,
-          timestamp: 3,
-        },
-      },
-    ];
-
-    const preparation = prepareCompaction(entries, DEFAULT_COMPACTION_SETTINGS, { force: true });
-
-    // Anchor must be the assistant that owns the tool call, never the trailing
-    // tool result, or the rebuilt context would replay an orphaned tool result.
-    expect(preparation).toEqual({
-      ok: true,
-      value: expect.objectContaining({ firstKeptEntryId: "assistant-1" }),
-    });
-
-    const compactedContext = buildSessionContext([
-      ...entries,
-      {
-        type: "compaction",
-        id: "compaction-1",
-        parentId: "tool-1",
-        timestamp: "2026-06-17T08:45:20.000Z",
-        summary: "Checkpoint of the file read.",
-        firstKeptEntryId: "assistant-1",
-        tokensBefore: 173_559,
-      },
-    ]);
-    expect(compactedContext.messages.map((message) => message.role)).toEqual([
-      "compactionSummary",
-      "assistant",
-      "toolResult",
-    ]);
-  });
-
-  it("shows why the old empty-summary compaction replayed the whole transcript", () => {
-    const entries: SessionTreeEntry[] = [
-      {
-        type: "message",
-        id: "user-1",
-        parentId: null,
-        timestamp: "2026-06-17T08:45:00.000Z",
-        message: { role: "user", content: "What do you see in your history?", timestamp: 1 },
-      },
-      {
-        type: "message",
-        id: "assistant-1",
-        parentId: "user-1",
-        timestamp: "2026-06-17T08:45:10.000Z",
-        message: {
-          role: "assistant",
-          content: [{ type: "text", text: "Stored." }],
-          api: "openai-responses",
-          provider: "openai",
-          model: "gpt-test",
-          usage: {
-            input: 625,
-            output: 6,
-            cacheRead: 172_928,
-            cacheWrite: 0,
-            totalTokens: 173_559,
-            cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
-          },
-          stopReason: "stop",
-          timestamp: 2,
-        },
-      },
-    ];
-
-    const compactedContext = buildSessionContext([
-      ...entries,
-      {
-        type: "compaction",
-        id: "compaction-1",
-        parentId: "assistant-1",
-        timestamp: "2026-06-17T08:45:20.000Z",
-        summary: "No prior conversation content provided.",
-        firstKeptEntryId: "user-1",
-        tokensBefore: 173_559,
-      },
-    ]);
-    expect(compactedContext.messages.map((message) => message.role)).toEqual([
-      "compactionSummary",
-      "user",
-      "assistant",
-    ]);
-  });
-});

packages/agent-core/src/harness/compaction/compaction.ts

@@ -626,16 +626,10 @@ export interface CompactionPreparation {
   settings: CompactionSettings;
 }
 
-export interface CompactionPreparationOptions {
-  /** Prepare a real summary even when the kept-tail heuristic would otherwise summarize nothing. */
-  force?: boolean;
-}
-
 /** Prepare session entries for compaction, or return undefined when compaction is not applicable. */
 export function prepareCompaction(
   pathEntries: SessionTreeEntry[],
   settings: CompactionSettings,
-  options: CompactionPreparationOptions = {},
 ): Result<CompactionPreparation | undefined, CompactionError> {
   if (pathEntries.length === 0 || pathEntries[pathEntries.length - 1].type === "compaction") {
     return ok(undefined);
@@ -692,41 +686,6 @@ export function prepareCompaction(
       }
     }
   }
-  if (messagesToSummarize.length === 0 && turnPrefixMessages.length === 0) {
-    if (options.force === true) {
-      const forcedMessagesToSummarize: AgentMessage[] = [];
-      for (let i = boundaryStart; i < boundaryEnd; i++) {
-        const msg = getMessageFromEntryForCompaction(pathEntries[i]);
-        if (msg) {
-          forcedMessagesToSummarize.push(msg);
-        }
-      }
-      // Anchor the kept tail on the last valid cut point, not the raw final entry.
-      // findValidCutPoints excludes tool results, so a forced boundary that is not
-      // collapsed to summary-only later never keeps an orphaned tool result.
-      const forcedCutPoints = findValidCutPoints(pathEntries, boundaryStart, boundaryEnd);
-      const forcedKeepIndex =
-        forcedCutPoints.length > 0 ? forcedCutPoints[forcedCutPoints.length - 1] : -1;
-      if (forcedMessagesToSummarize.length > 0 && forcedKeepIndex >= 0) {
-        const forcedFileOps = extractFileOperations(
-          forcedMessagesToSummarize,
-          pathEntries,
-          prevCompactionIndex,
-        );
-        return ok({
-          firstKeptEntryId: pathEntries[forcedKeepIndex].id,
-          messagesToSummarize: forcedMessagesToSummarize,
-          turnPrefixMessages: [],
-          isSplitTurn: false,
-          tokensBefore,
-          previousSummary,
-          fileOps: forcedFileOps,
-          settings,
-        });
-      }
-    }
-    return ok(undefined);
-  }
   const fileOps = extractFileOperations(messagesToSummarize, pathEntries, prevCompactionIndex);
   if (cutPoint.isSplitTurn) {
     for (const msg of turnPrefixMessages) {

packages/agent-core/src/index.ts

@@ -46,7 +46,6 @@ export {
   shouldCompact,
   type CompactionDetails,
   type CompactionPreparation,
-  type CompactionPreparationOptions,
   type CompactionResult,
   type CompactionSettings,
   type ContextUsageEstimate,

packages/markdown-core/src/chunk-text.ts

@@ -42,23 +42,6 @@ function scanParenAwareBreakpoints(text: string): { lastNewline: number; lastWhi
   return { lastNewline, lastWhitespace };
 }
 
-/**
- * Keeps UTF-16 chunk boundaries from separating a supplementary-plane character.
- * A one-unit positive limit still needs to emit an entire surrogate pair.
- */
-export function avoidTrailingHighSurrogateBreak(text: string, start: number, end: number): number {
-  if (
-    end >= text.length ||
-    text.charCodeAt(end - 1) < 0xd800 ||
-    text.charCodeAt(end - 1) > 0xdbff ||
-    text.charCodeAt(end) < 0xdc00 ||
-    text.charCodeAt(end) > 0xdfff
-  ) {
-    return end;
-  }
-  return end - 1 > start ? end - 1 : end + 1;
-}
-
 /**
  * Splits plain text into size-bounded chunks at readable boundaries.
  *
@@ -83,11 +66,7 @@ export function chunkText(text: string, limit: number): string[] {
     // Prefer block boundaries, then spaces, then a hard size cut when no
     // readable breakpoint exists inside this window.
     const breakOffset = lastNewline > 0 ? lastNewline : lastWhitespace;
-    const end = avoidTrailingHighSurrogateBreak(
-      text,
-      cursor,
-      breakOffset > 0 ? cursor + breakOffset : windowEnd,
-    );
+    const end = breakOffset > 0 ? cursor + breakOffset : windowEnd;
     chunks.push(text.slice(cursor, end));
     cursor = end;
     while (cursor < text.length && /\s/.test(text[cursor] ?? "")) {

packages/markdown-core/src/render-aware-chunking.test.ts

@@ -85,28 +85,6 @@ describe("renderMarkdownIRChunksWithinLimit", () => {
     expect(chunks.every((chunk) => chunk.rendered.length <= 1)).toBe(true);
   });
 
-  it("keeps astral characters whole when a positive limit reaches their pair", () => {
-    const chunks = renderMarkdownIRChunksWithinLimit({
-      ir: markdownToIR("A😀B"),
-      limit: 1,
-      renderChunk: (chunk) => chunk.text,
-      measureRendered: (rendered) => rendered.length,
-    });
-
-    expect(chunks.map((chunk) => chunk.source.text)).toEqual(["A", "😀", "B"]);
-  });
-
-  it("keeps astral characters whole when rendered size requires a retry split", () => {
-    const chunks = renderMarkdownIRChunksWithinLimit({
-      ir: markdownToIR("A😀"),
-      limit: 3,
-      renderChunk: (chunk) => (chunk.text === "A😀" ? "too long" : chunk.text),
-      measureRendered: (rendered) => rendered.length,
-    });
-
-    expect(chunks.map((chunk) => chunk.source.text)).toEqual(["A", "😀"]);
-  });
-
   it("treats Infinity as no size cap and returns a single chunk", () => {
     const text = "one two three four five six seven eight nine ten";
     const ir = markdownToIR(text);

packages/markdown-core/src/render-aware-chunking.ts

@@ -1,4 +1,3 @@
-import { avoidTrailingHighSurrogateBreak } from "./chunk-text.js";
 // Markdown Core module implements render aware chunking behavior.
 import {
   chunkMarkdownIR,
@@ -128,11 +127,10 @@ function findLargestChunkTextLengthWithinRenderedLimit<TRendered>(
   // Rendered length is not guaranteed to be monotonic after escaping/link or
   // file-reference rewriting, so test exact candidates from longest to shortest.
   for (let candidateLength = currentTextLength - 1; candidateLength >= 1; candidateLength -= 1) {
-    const safeCandidateLength = avoidTrailingHighSurrogateBreak(chunk.text, 0, candidateLength);
-    const candidate = sliceMarkdownIR(chunk, 0, safeCandidateLength);
+    const candidate = sliceMarkdownIR(chunk, 0, candidateLength);
     const rendered = options.renderChunk(candidate);
     if (options.measureRendered(rendered) <= renderedLimit) {
-      return safeCandidateLength;
+      return candidateLength;
     }
   }
   return 0;
@@ -217,7 +215,7 @@ function findMarkdownIRPreservedSplitIndex(text: string, start: number, limit: n
   if (lastAnyWhitespaceBreak > start) {
     return resolveWhitespaceBreak(lastAnyWhitespaceBreak, lastAnyWhitespaceRunStart);
   }
-  return avoidTrailingHighSurrogateBreak(text, start, maxEnd);
+  return maxEnd;
 }
 
 function splitMarkdownIRPreserveWhitespace(ir: MarkdownIR, limit: number): MarkdownIR[] {

pnpm-lock.yaml

@@ -473,12 +473,6 @@ importers:
         specifier: workspace:*
         version: link:../../packages/plugin-sdk
 
-  extensions/cohere:
-    devDependencies:
-      '@openclaw/plugin-sdk':
-        specifier: workspace:*
-        version: link:../../packages/plugin-sdk
-
   extensions/cerebras:
     devDependencies:
       '@openclaw/plugin-sdk':
@@ -963,8 +957,8 @@ importers:
   extensions/matrix:
     dependencies:
       '@matrix-org/matrix-sdk-crypto-nodejs':
-        specifier: 0.6.0
-        version: 0.6.0
+        specifier: 0.4.0
+        version: 0.4.0
       '@matrix-org/matrix-sdk-crypto-wasm':
         specifier: 18.3.0
         version: 18.3.0
@@ -2932,9 +2926,9 @@ packages:
   '@lydell/node-pty@1.2.0-beta.12':
     resolution: {integrity: sha512-qIK890UwPupoj07osVvgOIa++1mxeHbcGry4PKRHhNVNs81V2SCG34eJr46GybiOmBtc8Sj5PB1/GGM5PL549g==}
 
-  '@matrix-org/matrix-sdk-crypto-nodejs@0.6.0':
-    resolution: {integrity: sha512-AndGryzkDtFbaDyPBAQ2B4pUhaA/q4HJf3wgiGpPa/70DsdY1Z3R5Wn9yp+56CeHOpk61mNHz/8WDPlzrZDSJw==}
-    engines: {node: '>= 24'}
+  '@matrix-org/matrix-sdk-crypto-nodejs@0.4.0':
+    resolution: {integrity: sha512-+qqgpn39XFSbsD0dFjssGO9vHEP7sTyfs8yTpt8vuqWpUpF20QMwpCZi0jpYw7GxjErNTsMshopuo8677DfGEA==}
+    engines: {node: '>= 22'}
 
   '@matrix-org/matrix-sdk-crypto-wasm@18.3.0':
     resolution: {integrity: sha512-9a4feyt8QLysARu7PHKaRWT+wcCd+IYH074LXp9QK5WqfN4zUXueRhiSSMNT18Bm+8q3sBR/4zxDxOSDR0M8Kg==}
@@ -8879,7 +8873,7 @@ snapshots:
       '@lydell/node-pty-win32-arm64': 1.2.0-beta.12
       '@lydell/node-pty-win32-x64': 1.2.0-beta.12
 
-  '@matrix-org/matrix-sdk-crypto-nodejs@0.6.0':
+  '@matrix-org/matrix-sdk-crypto-nodejs@0.4.0':
     dependencies:
       https-proxy-agent: 7.0.6
       node-downloader-helper: 2.1.11

scripts/android-release-signing.mjs

@@ -1,449 +0,0 @@
-#!/usr/bin/env node
-import { execFileSync } from "node:child_process";
-import fs from "node:fs";
-import path from "node:path";
-import process from "node:process";
-import { fileURLToPath } from "node:url";
-
-const rootDir = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
-const defaultManifestPath = path.join(rootDir, "apps", "android", "Config", "ReleaseSigning.json");
-const requiredPropertyNames = [
-  "OPENCLAW_ANDROID_STORE_FILE",
-  "OPENCLAW_ANDROID_STORE_PASSWORD",
-  "OPENCLAW_ANDROID_KEY_ALIAS",
-  "OPENCLAW_ANDROID_KEY_PASSWORD",
-];
-const sourceRequiredPropertyNames = requiredPropertyNames.filter(
-  (name) => name !== "OPENCLAW_ANDROID_STORE_FILE",
-);
-
-function usage() {
-  process.stdout.write(`Usage:
-  scripts/android-release-signing.mjs --mode plan
-  scripts/android-release-signing.mjs --mode check
-  scripts/android-release-signing.mjs --mode sync-pull
-  scripts/android-release-signing.mjs --mode sync-push --keystore PATH --properties PATH
-
-Options:
-  --manifest PATH          Defaults to apps/android/Config/ReleaseSigning.json.
-  --workspace PATH         Defaults to <materializedRoot>/apps-signing.
-  --materialized-dir PATH  Defaults to materializedRoot from the manifest.
-  --keystore PATH          Upload keystore source for --mode sync-push.
-  --properties PATH        Signing properties source for --mode sync-push.
-
-sync-pull and sync-push use MATCH_PASSWORD to decrypt/encrypt Android release
-signing assets in the shared apps-signing repository.
-`);
-}
-
-function parseArgs(argv) {
-  const options = {
-    mode: "",
-    manifestPath: defaultManifestPath,
-    workspace: "",
-    materializedDir: "",
-    keystorePath: process.env.OPENCLAW_ANDROID_UPLOAD_KEYSTORE || "",
-    propertiesPath: process.env.OPENCLAW_ANDROID_SIGNING_PROPERTIES || "",
-  };
-
-  for (let index = 0; index < argv.length; index += 1) {
-    const arg = argv[index];
-    if (arg === "--mode") {
-      options.mode = argv[index + 1] || "";
-      index += 1;
-    } else if (arg === "--manifest") {
-      options.manifestPath = path.resolve(argv[index + 1] || "");
-      index += 1;
-    } else if (arg === "--workspace") {
-      options.workspace = path.resolve(argv[index + 1] || "");
-      index += 1;
-    } else if (arg === "--materialized-dir") {
-      options.materializedDir = path.resolve(argv[index + 1] || "");
-      index += 1;
-    } else if (arg === "--keystore") {
-      options.keystorePath = path.resolve(argv[index + 1] || "");
-      index += 1;
-    } else if (arg === "--properties") {
-      options.propertiesPath = path.resolve(argv[index + 1] || "");
-      index += 1;
-    } else if (arg === "-h" || arg === "--help") {
-      usage();
-      process.exit(0);
-    } else {
-      throw new Error(`Unknown argument: ${arg}`);
-    }
-  }
-
-  if (!options.mode) {
-    throw new Error("Missing required --mode.");
-  }
-
-  return options;
-}
-
-function requireString(value, key) {
-  if (typeof value !== "string" || value.trim() === "") {
-    throw new Error(`Android release signing manifest missing ${key}.`);
-  }
-  return value.trim();
-}
-
-function readManifest(manifestPath) {
-  const parsed = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
-  const manifest = {
-    signingRepo: requireString(parsed.signingRepo, "signingRepo"),
-    signingBranch: requireString(parsed.signingBranch, "signingBranch"),
-    assetPath: requireString(parsed.assetPath, "assetPath"),
-    uploadKeystoreEncryptedFile: requireString(
-      parsed.uploadKeystoreEncryptedFile,
-      "uploadKeystoreEncryptedFile",
-    ),
-    gradlePropertiesEncryptedFile: requireString(
-      parsed.gradlePropertiesEncryptedFile,
-      "gradlePropertiesEncryptedFile",
-    ),
-    materializedRoot: requireString(parsed.materializedRoot, "materializedRoot"),
-    gradlePropertyNames: parsed.gradlePropertyNames,
-  };
-
-  if (
-    !Array.isArray(manifest.gradlePropertyNames) ||
-    manifest.gradlePropertyNames.length !== requiredPropertyNames.length ||
-    !requiredPropertyNames.every((name) => manifest.gradlePropertyNames.includes(name))
-  ) {
-    throw new Error(
-      `Android release signing manifest must list Gradle properties: ${requiredPropertyNames.join(", ")}.`,
-    );
-  }
-
-  return manifest;
-}
-
-function relativePath(filePath) {
-  const relative = path.relative(rootDir, filePath);
-  return relative && !relative.startsWith("..") ? relative : filePath;
-}
-
-function resolveMaterializedDir(manifest, options) {
-  return options.materializedDir || path.resolve(rootDir, manifest.materializedRoot);
-}
-
-function resolveWorkspace(manifest, options) {
-  return options.workspace || path.join(resolveMaterializedDir(manifest, options), "apps-signing");
-}
-
-function assertWorkspaceInsideMaterialized(workspace, materializedDir) {
-  const resolvedWorkspace = path.resolve(workspace);
-  const resolvedMaterializedDir = path.resolve(materializedDir);
-  const relative = path.relative(resolvedMaterializedDir, resolvedWorkspace);
-  if (!relative || relative.startsWith("..") || path.isAbsolute(relative)) {
-    throw new Error(
-      `Android signing workspace must be inside ${relativePath(resolvedMaterializedDir)}.`,
-    );
-  }
-}
-
-function assetDir(workspace, manifest) {
-  return path.join(workspace, manifest.assetPath);
-}
-
-function encryptedKeystorePath(workspace, manifest) {
-  return path.join(assetDir(workspace, manifest), manifest.uploadKeystoreEncryptedFile);
-}
-
-function encryptedPropertiesPath(workspace, manifest) {
-  return path.join(assetDir(workspace, manifest), manifest.gradlePropertiesEncryptedFile);
-}
-
-function materializedKeystorePath(materializedDir) {
-  return path.join(materializedDir, "upload-keystore.jks");
-}
-
-function materializedPropertiesPath(materializedDir) {
-  return path.join(materializedDir, "gradle.properties");
-}
-
-function requireMatchPassword() {
-  if (!process.env.MATCH_PASSWORD || process.env.MATCH_PASSWORD.trim() === "") {
-    throw new Error("MATCH_PASSWORD is required for Android release signing sync.");
-  }
-}
-
-function run(command, args, options = {}) {
-  execFileSync(command, args, {
-    cwd: options.cwd,
-    env: options.env || process.env,
-    stdio: options.stdio || "pipe",
-  });
-}
-
-function runText(command, args, options = {}) {
-  return execFileSync(command, args, {
-    cwd: options.cwd,
-    env: options.env || process.env,
-    encoding: "utf8",
-    stdio: ["ignore", "pipe", "pipe"],
-  });
-}
-
-function cloneSigningRepo(manifest, workspace, materializedDir) {
-  assertWorkspaceInsideMaterialized(workspace, materializedDir);
-  fs.rmSync(workspace, { recursive: true, force: true });
-  fs.mkdirSync(path.dirname(workspace), { recursive: true });
-  run("git", ["clone", "--branch", manifest.signingBranch, manifest.signingRepo, workspace]);
-}
-
-function opensslCrypt({ decrypt, inputPath, outputPath }) {
-  requireMatchPassword();
-  fs.mkdirSync(path.dirname(outputPath), { recursive: true });
-  if (decrypt) {
-    fs.rmSync(outputPath, { force: true });
-  }
-  const args = [
-    "enc",
-    "-aes-256-cbc",
-    "-pbkdf2",
-    "-md",
-    "sha256",
-    ...(decrypt ? ["-d"] : ["-salt"]),
-    "-in",
-    inputPath,
-    "-out",
-    outputPath,
-    "-pass",
-    "env:MATCH_PASSWORD",
-  ];
-  const previousUmask = decrypt ? process.umask(0o077) : undefined;
-  try {
-    run("openssl", args);
-  } finally {
-    if (previousUmask !== undefined) {
-      process.umask(previousUmask);
-    }
-  }
-  if (decrypt) {
-    fs.chmodSync(outputPath, 0o600);
-  }
-}
-
-function readProperties(filePath) {
-  const properties = new Map();
-  for (const rawLine of fs.readFileSync(filePath, "utf8").split(/\r?\n/u)) {
-    const line = rawLine.trim();
-    if (!line || line.startsWith("#")) {
-      continue;
-    }
-    const separator = line.indexOf("=");
-    if (separator <= 0) {
-      throw new Error(`Invalid signing properties line in ${relativePath(filePath)}.`);
-    }
-    const key = line.slice(0, separator).trim();
-    const value = line.slice(separator + 1).trim();
-    if (!key || !value) {
-      throw new Error(`Invalid empty signing property in ${relativePath(filePath)}.`);
-    }
-    properties.set(key, value);
-  }
-  return properties;
-}
-
-function requireProperties(properties, names, filePath) {
-  const missing = names.filter((name) => !properties.get(name));
-  if (missing.length > 0) {
-    throw new Error(
-      `${relativePath(filePath)} is missing Android signing properties: ${missing.join(", ")}.`,
-    );
-  }
-}
-
-function writeMaterializedProperties(materializedDir, sourceProperties) {
-  const keystorePath = materializedKeystorePath(materializedDir);
-  const propertiesPath = materializedPropertiesPath(materializedDir);
-  const tempPath = `${propertiesPath}.${process.pid}.tmp`;
-  const properties = new Map(sourceProperties);
-  properties.set("OPENCLAW_ANDROID_STORE_FILE", keystorePath);
-  requireProperties(properties, requiredPropertyNames, propertiesPath);
-
-  const content = [
-    "# Generated by scripts/android-release-signing.mjs.",
-    "# Contains decrypted Android release signing values. Do not commit.",
-    ...requiredPropertyNames.map((name) => `${name}=${properties.get(name)}`),
-    "",
-  ].join("\n");
-  try {
-    fs.writeFileSync(tempPath, content, { mode: 0o600 });
-    fs.chmodSync(tempPath, 0o600);
-    fs.renameSync(tempPath, propertiesPath);
-    fs.chmodSync(propertiesPath, 0o600);
-  } finally {
-    fs.rmSync(tempPath, { force: true });
-  }
-}
-
-function validateMaterializedSigning(materializedDir) {
-  const keystorePath = materializedKeystorePath(materializedDir);
-  const propertiesPath = materializedPropertiesPath(materializedDir);
-
-  if (!fs.existsSync(keystorePath) || fs.statSync(keystorePath).size === 0) {
-    throw new Error(
-      `Missing materialized Android upload keystore at ${relativePath(keystorePath)}.`,
-    );
-  }
-  if (!fs.existsSync(propertiesPath)) {
-    throw new Error(
-      `Missing materialized Android signing properties at ${relativePath(propertiesPath)}.`,
-    );
-  }
-
-  const properties = readProperties(propertiesPath);
-  requireProperties(properties, requiredPropertyNames, propertiesPath);
-  if (properties.get("OPENCLAW_ANDROID_STORE_FILE") !== keystorePath) {
-    throw new Error(
-      `${relativePath(propertiesPath)} must point OPENCLAW_ANDROID_STORE_FILE at ${relativePath(keystorePath)}.`,
-    );
-  }
-}
-
-function writePlan(manifest, options) {
-  const materializedDir = resolveMaterializedDir(manifest, options);
-  process.stdout.write(`Android release signing plan
-Signing repo: ${manifest.signingRepo}
-Signing branch: ${manifest.signingBranch}
-Signing assets: ${manifest.assetPath}
-Encrypted upload keystore: ${manifest.uploadKeystoreEncryptedFile}
-Encrypted Gradle properties: ${manifest.gradlePropertiesEncryptedFile}
-Materialized output: ${relativePath(materializedDir)}
-Gradle bridge: Fastlane exports ORG_GRADLE_PROJECT_* values from the materialized properties file.
-`);
-}
-
-function writeSigningRepoManifest(workspace, manifest) {
-  const signingManifestPath = path.join(assetDir(workspace, manifest), "manifest.json");
-  const signingManifest = {
-    version: 1,
-    assetPath: manifest.assetPath,
-    uploadKeystoreEncryptedFile: manifest.uploadKeystoreEncryptedFile,
-    gradlePropertiesEncryptedFile: manifest.gradlePropertiesEncryptedFile,
-    gradlePropertyNames: requiredPropertyNames,
-  };
-  fs.writeFileSync(signingManifestPath, `${JSON.stringify(signingManifest, null, 2)}\n`);
-}
-
-function syncPull(manifest, options) {
-  const workspace = resolveWorkspace(manifest, options);
-  const materializedDir = resolveMaterializedDir(manifest, options);
-  const tempPropertiesPath = path.join(materializedDir, ".gradle.properties.decrypted.tmp");
-
-  cloneSigningRepo(manifest, workspace, materializedDir);
-  if (!fs.existsSync(encryptedKeystorePath(workspace, manifest))) {
-    throw new Error(
-      `Missing encrypted Android upload keystore in signing repo at ${manifest.assetPath}/${manifest.uploadKeystoreEncryptedFile}.`,
-    );
-  }
-  if (!fs.existsSync(encryptedPropertiesPath(workspace, manifest))) {
-    throw new Error(
-      `Missing encrypted Android signing properties in signing repo at ${manifest.assetPath}/${manifest.gradlePropertiesEncryptedFile}.`,
-    );
-  }
-
-  fs.mkdirSync(materializedDir, { recursive: true });
-  opensslCrypt({
-    decrypt: true,
-    inputPath: encryptedKeystorePath(workspace, manifest),
-    outputPath: materializedKeystorePath(materializedDir),
-  });
-  try {
-    opensslCrypt({
-      decrypt: true,
-      inputPath: encryptedPropertiesPath(workspace, manifest),
-      outputPath: tempPropertiesPath,
-    });
-    const properties = readProperties(tempPropertiesPath);
-    requireProperties(properties, sourceRequiredPropertyNames, tempPropertiesPath);
-    writeMaterializedProperties(materializedDir, properties);
-  } finally {
-    fs.rmSync(tempPropertiesPath, { force: true });
-  }
-
-  validateMaterializedSigning(materializedDir);
-  process.stdout.write(
-    `Materialized Android release signing assets in ${relativePath(materializedDir)}.\n`,
-  );
-}
-
-function requirePushSources(options) {
-  if (!options.keystorePath) {
-    throw new Error(
-      "Missing Android upload keystore source. Pass --keystore or set OPENCLAW_ANDROID_UPLOAD_KEYSTORE.",
-    );
-  }
-  if (!options.propertiesPath) {
-    throw new Error(
-      "Missing Android signing properties source. Pass --properties or set OPENCLAW_ANDROID_SIGNING_PROPERTIES.",
-    );
-  }
-  if (!fs.existsSync(options.keystorePath) || fs.statSync(options.keystorePath).size === 0) {
-    throw new Error(
-      `Android upload keystore source is missing or empty: ${relativePath(options.keystorePath)}.`,
-    );
-  }
-  if (!fs.existsSync(options.propertiesPath)) {
-    throw new Error(
-      `Android signing properties source is missing: ${relativePath(options.propertiesPath)}.`,
-    );
-  }
-  const properties = readProperties(options.propertiesPath);
-  requireProperties(properties, sourceRequiredPropertyNames, options.propertiesPath);
-}
-
-function syncPush(manifest, options) {
-  requireMatchPassword();
-  requirePushSources(options);
-
-  const workspace = resolveWorkspace(manifest, options);
-  cloneSigningRepo(manifest, workspace, resolveMaterializedDir(manifest, options));
-  fs.mkdirSync(assetDir(workspace, manifest), { recursive: true });
-  opensslCrypt({
-    decrypt: false,
-    inputPath: options.keystorePath,
-    outputPath: encryptedKeystorePath(workspace, manifest),
-  });
-  opensslCrypt({
-    decrypt: false,
-    inputPath: options.propertiesPath,
-    outputPath: encryptedPropertiesPath(workspace, manifest),
-  });
-  writeSigningRepoManifest(workspace, manifest);
-
-  run("git", ["add", manifest.assetPath], { cwd: workspace });
-  const status = runText("git", ["status", "--porcelain"], { cwd: workspace }).trim();
-  if (!status) {
-    process.stdout.write("Android release signing assets were already up to date.\n");
-    return;
-  }
-
-  run("git", ["commit", "-m", "Update Android release signing assets"], { cwd: workspace });
-  run("git", ["push", "origin", manifest.signingBranch], { cwd: workspace });
-  process.stdout.write("Pushed encrypted Android release signing assets.\n");
-}
-
-try {
-  const options = parseArgs(process.argv.slice(2));
-  const manifest = readManifest(options.manifestPath);
-
-  if (options.mode === "plan") {
-    writePlan(manifest, options);
-  } else if (options.mode === "check") {
-    validateMaterializedSigning(resolveMaterializedDir(manifest, options));
-    process.stdout.write("Android release signing materialization is valid.\n");
-  } else if (options.mode === "sync-pull") {
-    syncPull(manifest, options);
-  } else if (options.mode === "sync-push") {
-    syncPush(manifest, options);
-  } else {
-    throw new Error(`Unknown mode: ${options.mode}`);
-  }
-} catch (error) {
-  process.stderr.write(`${error.message}\n`);
-  process.exit(1);
-}

scripts/changed-lanes.mjs

@@ -30,9 +30,7 @@ const PUBLIC_EXTENSION_CONTRACT_RE =
  */
 export const RELEASE_METADATA_PATHS = new Set([
   "CHANGELOG.md",
-  "apps/android/CHANGELOG.md",
   "apps/android/Config/Version.properties",
-  "apps/android/fastlane/metadata/android/en-US/release_notes.txt",
   "apps/android/version.json",
   "apps/ios/CHANGELOG.md",
   "apps/ios/Config/Version.xcconfig",

scripts/check-changed.mjs

@@ -46,9 +46,7 @@ const LINTABLE_CORE_PATH_RE = /^(?:src|ui|packages)\/.+\.[cm]?[jt]sx?$/u;
 const CORE_LINT_OPTIMIZATION_NEUTRAL_PATH_RE =
   /^(?:scripts|test\/scripts)\/|^\.github\/workflows\/ci\.yml$/u;
 const ANDROID_VERSION_SYNC_PATHS = new Set([
-  "apps/android/CHANGELOG.md",
   "apps/android/Config/Version.properties",
-  "apps/android/fastlane/metadata/android/en-US/release_notes.txt",
   "apps/android/version.json",
 ]);
 let corepackPnpmShimDir;

scripts/e2e/npm-telegram-live-docker.sh

@@ -163,7 +163,6 @@ trap 'rm -f "$run_log"; rm -rf "$npm_prefix_host"' EXIT
 docker_env=(
   -e COREPACK_ENABLE_DOWNLOAD_PROMPT=0
   -e OPENCLAW_E2E_COMMAND_TIMEOUT="${OPENCLAW_E2E_COMMAND_TIMEOUT:-300s}"
-  -e TMPDIR=/tmp
   -e OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC="$PACKAGE_SPEC"
   -e OPENCLAW_NPM_TELEGRAM_PACKAGE_LABEL="$PACKAGE_LABEL"
   -e OPENCLAW_NPM_TELEGRAM_OUTPUT_DIR="$OUTPUT_DIR"

scripts/github/security-sensitive-guard.mjs

@@ -1,717 +0,0 @@
-#!/usr/bin/env node
-
-// GitHub security-sensitive file guard: detects sensitive boundary files,
-// manages sticky comments/labels, and requires SHA-bound secops/admin approval.
-import { appendFile, readFile } from "node:fs/promises";
-import { readBoundedResponseText } from "../lib/bounded-response.mjs";
-
-/** Marker used to identify security-sensitive guard comments. */
-export const securitySensitiveGuardMarker = "<!-- openclaw:security-sensitive-guard -->";
-export const securitySensitiveChangedLabel = "security-sensitive-changed";
-export const allowSecuritySensitiveCommand = "/allow-security-sensitive-change";
-export const GITHUB_ERROR_BODY_MAX_BYTES = 64 * 1024;
-export const GITHUB_API_REQUEST_TIMEOUT_MS = 30_000;
-
-const securityTeamSlug = process.env.OPENCLAW_SECURITY_TEAM_SLUG ?? "openclaw-secops";
-const maxListedFiles = 25;
-const securitySensitiveFiles = [
-  {
-    path: ".gitignore",
-    reason:
-      "Controls ignored secret and local files, including common `.env` files, before they can be accidentally committed.",
-  },
-];
-
-export function securitySensitiveFileDefinitions() {
-  return securitySensitiveFiles.map((entry) => ({ ...entry }));
-}
-
-export function securitySensitiveFileDefinition(filename) {
-  return securitySensitiveFiles.find((entry) => entry.path === filename) ?? null;
-}
-
-export function isSecuritySensitiveFile(filename) {
-  return securitySensitiveFileDefinition(filename) !== null;
-}
-
-export function sanitizeDisplayValue(value) {
-  return String(value)
-    .replace(/[\p{Cc}]/gu, "?")
-    .slice(0, 240);
-}
-
-export function markdownCode(value) {
-  return `\`${sanitizeDisplayValue(value).replaceAll("`", "\\`")}\``;
-}
-
-function* securitySensitiveOverrideCandidates({ comments, expectedSha, newerThan }) {
-  if (!expectedSha) {
-    return;
-  }
-  const commandPattern = /^\/allow-security-sensitive-change(?:\s+(.+))?$/gimu;
-  for (const comment of comments.toReversed()) {
-    const body = comment.body ?? "";
-    for (const match of body.matchAll(commandPattern)) {
-      const reason = match[1]?.trim();
-      const login = comment.user?.login;
-      if (!login || !isCommentNewerThan(comment, newerThan)) {
-        continue;
-      }
-      yield {
-        login,
-        reason: reason ? sanitizeDisplayValue(reason) : null,
-        sha: expectedSha,
-        url: comment.html_url,
-      };
-    }
-  }
-}
-
-export function findSecuritySensitiveOverrideCommand({
-  comments,
-  expectedSha,
-  isSecurityMember,
-  newerThan,
-}) {
-  for (const candidate of securitySensitiveOverrideCandidates({
-    comments,
-    expectedSha,
-    newerThan,
-  })) {
-    if (isSecurityMember(candidate.login)) {
-      return candidate;
-    }
-  }
-  return null;
-}
-
-export async function findSecuritySensitiveOverrideCommandAsync(input) {
-  for (const candidate of securitySensitiveOverrideCandidates(input)) {
-    if (await input.isSecurityMember(candidate.login)) {
-      return candidate;
-    }
-  }
-  return null;
-}
-
-function isCommentNewerThan(comment, newerThan) {
-  if (!newerThan) {
-    return false;
-  }
-  const commentTime = Date.parse(comment.created_at ?? "");
-  const barrierTime = Date.parse(newerThan);
-  return Number.isFinite(commentTime) && Number.isFinite(barrierTime) && commentTime > barrierTime;
-}
-
-export function securitySensitiveGuardCommentHeadSha(comment) {
-  const body = comment?.body ?? "";
-  const patterns = [
-    /Approved SHA:\s+`([a-f0-9]{40})`/iu,
-    /current head SHA\s+\(`([a-f0-9]{40})`\)/iu,
-    /Current SHA:\s+`([a-f0-9]{40})`/iu,
-  ];
-  for (const pattern of patterns) {
-    const match = body.match(pattern);
-    if (match?.[1]) {
-      return match[1];
-    }
-  }
-  return null;
-}
-
-export function securitySensitiveOverrideExpectedSha(existingGuardComment, currentHeadSha) {
-  if (
-    !currentHeadSha ||
-    existingGuardComment?.body?.includes("### Security-sensitive changes are blocked") !== true
-  ) {
-    return null;
-  }
-  return securitySensitiveGuardCommentHeadSha(existingGuardComment) === currentHeadSha
-    ? currentHeadSha
-    : null;
-}
-
-export function isSecuritySensitiveGuardAuthorizedForHead(comment, currentHeadSha) {
-  return (
-    Boolean(currentHeadSha) &&
-    comment?.body?.includes("### Security-sensitive change authorized") === true &&
-    securitySensitiveGuardCommentHeadSha(comment) === currentHeadSha
-  );
-}
-
-export function isSecuritySensitiveGuardTrustedForHead(comment, currentHeadSha) {
-  return (
-    Boolean(currentHeadSha) &&
-    comment?.body?.includes("### Security-sensitive changes noted") === true &&
-    securitySensitiveGuardCommentHeadSha(comment) === currentHeadSha
-  );
-}
-
-export function securityApproverSet(value) {
-  return new Set(
-    String(value ?? "")
-      .split(/[\s,]+/u)
-      .map((login) => login.trim().toLowerCase())
-      .filter(Boolean),
-  );
-}
-
-export function securitySensitiveGuardCommentAuthors(value) {
-  return new Set(
-    String(value ?? "github-actions[bot]")
-      .split(/[\s,]+/u)
-      .map((login) => login.trim().toLowerCase())
-      .filter(Boolean),
-  );
-}
-
-export function isSecuritySensitiveGuardMarkerComment(comment, trustedAuthors) {
-  const login = comment.user?.login?.toLowerCase();
-  return Boolean(
-    login && trustedAuthors.has(login) && comment.body?.includes(securitySensitiveGuardMarker),
-  );
-}
-
-function sortedSecuritySensitiveChanges(filenames) {
-  const byPath = new Map();
-  for (const filename of filenames) {
-    if (typeof filename !== "string") {
-      continue;
-    }
-    const definition = securitySensitiveFileDefinition(filename);
-    if (definition) {
-      byPath.set(definition.path, definition);
-    }
-  }
-  return [...byPath.values()].toSorted((left, right) => left.path.localeCompare(right.path));
-}
-
-export function collectSecuritySensitiveChanges(files) {
-  const filenames = [];
-  for (const file of files) {
-    if (typeof file === "string") {
-      filenames.push(file);
-      continue;
-    }
-    if (file && typeof file === "object") {
-      filenames.push(file.filename, file.previous_filename);
-    }
-  }
-  return sortedSecuritySensitiveChanges(filenames);
-}
-
-function renderChangedFileLines(changes) {
-  const listedFiles = changes.slice(0, maxListedFiles);
-  const omittedCount = changes.length - listedFiles.length;
-  const lines = listedFiles.map(
-    (change) => `- ${markdownCode(change.path)}: ${sanitizeDisplayValue(change.reason)}`,
-  );
-  if (omittedCount > 0) {
-    lines.push(`- ${omittedCount} additional security-sensitive files not shown`);
-  }
-  return lines;
-}
-
-export function renderSecuritySensitiveAwarenessComment(changes) {
-  return [
-    securitySensitiveGuardMarker,
-    "",
-    "### Security-sensitive file changes detected",
-    "",
-    "This PR changes files that define security boundaries. Maintainers should confirm these changes are intentional.",
-    "",
-    "Changed files:",
-    ...renderChangedFileLines(changes),
-    "",
-    "Maintainer follow-up:",
-    "- Review whether each security-sensitive file change is intentional.",
-    "- Confirm the change does not weaken secret, credential, or local-state protection.",
-    "- If this PR intentionally needs the change, a repository admin or member of `@openclaw/openclaw-secops` must approve the exact head SHA.",
-  ].join("\n");
-}
-
-export function renderAuthorizedSecuritySensitiveComment(override) {
-  const lines = [
-    securitySensitiveGuardMarker,
-    "",
-    "### Security-sensitive change authorized",
-    "",
-    "This PR includes security-sensitive file changes. A repository admin or member of `@openclaw/openclaw-secops` authorized this exact head SHA with `/allow-security-sensitive-change`.",
-    "",
-    `- Approved SHA: ${markdownCode(override.sha)}`,
-    `- Approved by: @${sanitizeDisplayValue(override.login)}`,
-  ];
-  if (override.reason) {
-    lines.push(`- Reason: ${markdownCode(override.reason)}`);
-  }
-  lines.push("", "A later push changes the PR head SHA and requires a fresh security approval.");
-  return lines.join("\n");
-}
-
-export function renderTrustedSecuritySensitiveComment({ actor, headSha, changes }) {
-  return [
-    securitySensitiveGuardMarker,
-    "",
-    "### Security-sensitive changes noted",
-    "",
-    "This PR includes security-sensitive file changes. The guard is informational because the PR author is a repository admin or a member of `@openclaw/openclaw-secops`.",
-    "",
-    `- Current SHA: ${markdownCode(headSha ?? "<head-sha>")}`,
-    `- Trusted actor: @${sanitizeDisplayValue(actor.login)}`,
-    `- Trusted role: ${markdownCode(actor.reason)}`,
-    "",
-    "Changed files:",
-    ...renderChangedFileLines(changes),
-    "",
-    "Security review is still recommended before merge when the change is intentional.",
-  ].join("\n");
-}
-
-export function renderClearedSecuritySensitiveGuardComment({ headSha }) {
-  return [
-    securitySensitiveGuardMarker,
-    "",
-    "### Security-sensitive guard cleared",
-    "",
-    "This PR no longer has blocked security-sensitive file changes. A future security-sensitive change requires a fresh `/allow-security-sensitive-change` comment after the guard blocks that new head SHA.",
-    "",
-    `- Current SHA: ${markdownCode(headSha ?? "<head-sha>")}`,
-  ].join("\n");
-}
-
-export function renderBlockedSecuritySensitiveComment({ headSha, changes }) {
-  return [
-    securitySensitiveGuardMarker,
-    "",
-    "### Security-sensitive changes are blocked",
-    "",
-    "OpenClaw does not accept security-sensitive file changes through PRs unless a repository admin or security explicitly authorizes the current head SHA.",
-    "",
-    "Detected security-sensitive changes:",
-    ...renderChangedFileLines(changes),
-    "",
-    "If this PR intentionally needs these changes, ask a repository admin or member of `@openclaw/openclaw-secops` to comment:",
-    "",
-    "```text",
-    allowSecuritySensitiveCommand,
-    "```",
-    "",
-    `The action will approve the current head SHA (${markdownCode(headSha ?? "<head-sha>")}) when it reruns. A later push requires a fresh approval.`,
-  ].join("\n");
-}
-
-export function securitySensitiveGuardTrustedActorCandidates({
-  pullRequest,
-  event,
-  currentHeadSha,
-}) {
-  const eventHeadSha = event?.pull_request?.head?.sha;
-  const eventAfterSha = event?.after;
-  const eventMatchesCurrentHead =
-    Boolean(currentHeadSha) &&
-    (eventHeadSha === currentHeadSha || eventAfterSha === currentHeadSha);
-  if (!eventMatchesCurrentHead) {
-    return [];
-  }
-  const candidates = [];
-  const seen = new Set();
-  for (const [source, login] of [["pull request author", pullRequest?.user?.login]]) {
-    if (typeof login !== "string" || login.length === 0) {
-      continue;
-    }
-    const normalizedLogin = login.toLowerCase();
-    if (seen.has(normalizedLogin)) {
-      continue;
-    }
-    seen.add(normalizedLogin);
-    candidates.push({ login, source });
-  }
-  return candidates;
-}
-
-export async function findTrustedSecuritySensitiveGuardActor({
-  candidates,
-  isSecuritySensitiveApprover,
-}) {
-  for (const candidate of candidates) {
-    const role = await isSecuritySensitiveApprover(candidate.login);
-    if (role) {
-      return {
-        login: candidate.login,
-        reason: `${candidate.source}; ${role}`,
-      };
-    }
-  }
-  return null;
-}
-
-function githubErrorBodyTooLarge(maxBytes) {
-  return new Error(`GitHub error response body exceeded ${maxBytes} bytes`);
-}
-
-export async function readBoundedGitHubErrorText(response, maxBytes = GITHUB_ERROR_BODY_MAX_BYTES) {
-  return await readBoundedResponseText(response, "GitHub error", maxBytes, {
-    createTooLargeError: () => githubErrorBodyTooLarge(maxBytes),
-  });
-}
-
-function timeoutError(path, method, timeoutMs) {
-  return new Error(`GitHub API ${method} ${path} exceeded timeout ${timeoutMs}ms`);
-}
-
-function combineAbortSignals(signals) {
-  const activeSignals = signals.filter(Boolean);
-  if (activeSignals.length === 0) {
-    return undefined;
-  }
-  if (activeSignals.length === 1) {
-    return activeSignals[0];
-  }
-  return AbortSignal.any(activeSignals);
-}
-
-export function githubApi(token, options = {}) {
-  const fetchImpl = options.fetchImpl ?? fetch;
-  const timeoutMs = options.timeoutMs ?? GITHUB_API_REQUEST_TIMEOUT_MS;
-  const baseHeaders = {
-    accept: "application/vnd.github+json",
-    authorization: `Bearer ${token}`,
-    "user-agent": "openclaw-security-sensitive-guard",
-    "x-github-api-version": "2022-11-28",
-  };
-  const request = async (path, requestOptions = {}) => {
-    const method = requestOptions.method ?? "GET";
-    const timeoutController = new AbortController();
-    let timeout;
-    const timeoutPromise = new Promise((_, reject) => {
-      timeout = setTimeout(() => {
-        timeoutController.abort();
-        reject(timeoutError(path, method, timeoutMs));
-      }, timeoutMs);
-      timeout.unref?.();
-    });
-    const operationPromise = (async () => {
-      const response = await fetchImpl(`https://api.github.com${path}`, {
-        ...requestOptions,
-        signal: combineAbortSignals([requestOptions.signal, timeoutController.signal]),
-        headers: { ...baseHeaders, ...requestOptions.headers },
-      });
-      if (response.status === 204) {
-        return null;
-      }
-      if (!response.ok) {
-        let errorText;
-        try {
-          errorText = await readBoundedGitHubErrorText(response);
-        } catch (bodyError) {
-          errorText = bodyError instanceof Error ? bodyError.message : String(bodyError);
-        }
-        const error = new Error(`${response.status} ${response.statusText}: ${errorText}`);
-        error.status = response.status;
-        throw error;
-      }
-      return response.json();
-    })();
-    operationPromise.catch(() => {});
-    try {
-      return await Promise.race([operationPromise, timeoutPromise]);
-    } finally {
-      clearTimeout(timeout);
-    }
-  };
-  return {
-    request,
-    paginate: async (path) => {
-      const items = [];
-      for (let page = 1; ; page += 1) {
-        const separator = path.includes("?") ? "&" : "?";
-        const pageItems = await request(`${path}${separator}per_page=100&page=${page}`);
-        items.push(...pageItems);
-        if (pageItems.length < 100) {
-          return items;
-        }
-      }
-    },
-  };
-}
-
-async function writeSummary(markdown) {
-  const summaryPath = process.env.GITHUB_STEP_SUMMARY;
-  if (!summaryPath) {
-    console.log(markdown);
-    return;
-  }
-  await appendFile(summaryPath, `${markdown}\n`);
-}
-
-async function main() {
-  const token = process.env.GITHUB_TOKEN;
-  const eventPath = process.env.GITHUB_EVENT_PATH;
-  const repository = process.env.GITHUB_REPOSITORY;
-  if (!token || !eventPath || !repository) {
-    throw new Error("GITHUB_TOKEN, GITHUB_EVENT_PATH, and GITHUB_REPOSITORY are required.");
-  }
-  const [owner, repo] = repository.split("/");
-  const event = JSON.parse(await readFile(eventPath, "utf8"));
-  const eventPullRequest = event.pull_request;
-  if (!eventPullRequest) {
-    console.log("No pull_request payload found; skipping.");
-    return;
-  }
-
-  const api = githubApi(token);
-  const explicitSecurityApprovers = securityApproverSet(process.env.OPENCLAW_SECURITY_APPROVERS);
-  const trustedCommentAuthors = securitySensitiveGuardCommentAuthors(
-    process.env.OPENCLAW_SECURITY_SENSITIVE_GUARD_COMMENT_BOTS,
-  );
-  const issuePath = `/repos/${owner}/${repo}/issues/${eventPullRequest.number}`;
-  const pullPath = `/repos/${owner}/${repo}/pulls/${eventPullRequest.number}`;
-  const pullRequest = await api.request(pullPath);
-  const mode = process.env.OPENCLAW_SECURITY_SENSITIVE_GUARD_MODE ?? "enforce";
-  const files = await api.paginate(`${pullPath}/files`);
-  const securitySensitiveChanges = collectSecuritySensitiveChanges(files);
-
-  const [comments, labels] = await Promise.all([
-    api.paginate(`${issuePath}/comments`),
-    api.paginate(`${issuePath}/labels`),
-  ]);
-  const existingGuardComment = comments.find((comment) =>
-    isSecuritySensitiveGuardMarkerComment(comment, trustedCommentAuthors),
-  );
-  const labelNames = new Set(labels.map((label) => label.name));
-
-  const ignoreUnavailableWritePermission = (action) => (error) => {
-    if (error?.status === 403) {
-      console.warn(`Skipping ${action}; token does not have write permission.`);
-      return;
-    }
-    if (error?.status === 404 || error?.status === 422) {
-      console.warn(`${action} is unavailable.`);
-      return;
-    }
-    throw error;
-  };
-  const removeLabelIfPresent = async (label) => {
-    if (!labelNames.has(label)) {
-      return;
-    }
-    await api
-      .request(`${issuePath}/labels/${encodeURIComponent(label)}`, {
-        method: "DELETE",
-      })
-      .catch(ignoreUnavailableWritePermission(`label "${label}" removal`));
-    labelNames.delete(label);
-  };
-  const addLabelIfMissing = async (label) => {
-    if (labelNames.has(label)) {
-      return;
-    }
-    await api
-      .request(`${issuePath}/labels`, {
-        method: "POST",
-        body: JSON.stringify({ labels: [label] }),
-      })
-      .catch(ignoreUnavailableWritePermission(`label "${label}" update`));
-    labelNames.add(label);
-  };
-  const upsertComment = async (comment, body) => {
-    if (comment) {
-      return await api
-        .request(`/repos/${owner}/${repo}/issues/comments/${comment.id}`, {
-          method: "PATCH",
-          body: JSON.stringify({ body }),
-        })
-        .catch(ignoreUnavailableWritePermission("comment update"));
-    }
-    return await api
-      .request(`${issuePath}/comments`, {
-        method: "POST",
-        body: JSON.stringify({ body }),
-      })
-      .catch(ignoreUnavailableWritePermission("comment creation"));
-  };
-
-  if (securitySensitiveChanges.length === 0) {
-    await removeLabelIfPresent(securitySensitiveChangedLabel);
-    if (existingGuardComment) {
-      await upsertComment(
-        existingGuardComment,
-        renderClearedSecuritySensitiveGuardComment({ headSha: pullRequest.head?.sha }),
-      );
-    }
-    await writeSummary(
-      "## Security Sensitive Guard\n\nNo security-sensitive file changes detected.",
-    );
-    console.log("No security-sensitive file changes detected.");
-    return;
-  }
-
-  await addLabelIfMissing(securitySensitiveChangedLabel);
-  await writeSummary(
-    [
-      "## Security Sensitive Guard",
-      "",
-      `Detected ${securitySensitiveChanges.length} security-sensitive file change(s).`,
-      "",
-      ...securitySensitiveChanges.map((change) => `- ${markdownCode(change.path)}`),
-    ].join("\n"),
-  );
-  console.log(`Detected ${securitySensitiveChanges.length} security-sensitive file change(s).`);
-
-  const membershipCache = new Map();
-  const permissionCache = new Map();
-  const isSecurityMember = async (login) => {
-    const normalizedLogin = login.toLowerCase();
-    if (explicitSecurityApprovers.has(normalizedLogin)) {
-      return true;
-    }
-    if (membershipCache.has(normalizedLogin)) {
-      return membershipCache.get(normalizedLogin);
-    }
-    try {
-      const membership = await api.request(
-        `/orgs/${owner}/teams/${securityTeamSlug}/memberships/${encodeURIComponent(login)}`,
-      );
-      const allowed = membership?.state === "active";
-      membershipCache.set(normalizedLogin, allowed);
-      return allowed;
-    } catch (error) {
-      if (error?.status !== 404) {
-        console.warn(`Could not verify ${login} against ${securityTeamSlug}: ${error.message}`);
-      }
-      membershipCache.set(normalizedLogin, false);
-      return false;
-    }
-  };
-  const isRepositoryAdmin = async (login) => {
-    const normalizedLogin = login.toLowerCase();
-    if (permissionCache.has(normalizedLogin)) {
-      return permissionCache.get(normalizedLogin);
-    }
-    try {
-      const result = await api.request(
-        `/repos/${owner}/${repo}/collaborators/${encodeURIComponent(login)}/permission`,
-      );
-      const allowed = result?.permission === "admin";
-      permissionCache.set(normalizedLogin, allowed);
-      return allowed;
-    } catch (error) {
-      if (error?.status !== 404) {
-        console.warn(`Could not verify repository permission for ${login}: ${error.message}`);
-      }
-      permissionCache.set(normalizedLogin, false);
-      return false;
-    }
-  };
-  const isSecuritySensitiveApprover = async (login) => {
-    if (await isSecurityMember(login)) {
-      return securityTeamSlug;
-    }
-    if (await isRepositoryAdmin(login)) {
-      return "repository admin";
-    }
-    return null;
-  };
-  const currentHeadSha = pullRequest.head?.sha;
-  if (isSecuritySensitiveGuardTrustedForHead(existingGuardComment, currentHeadSha)) {
-    await writeSummary(
-      [
-        "## Security Sensitive Guard",
-        "",
-        `Security-sensitive changes remain informational for a trusted actor at ${markdownCode(currentHeadSha)}.`,
-      ].join("\n"),
-    );
-    console.log("Security-sensitive changes remain informational for this head SHA.");
-    return;
-  }
-  const trustedActor = await findTrustedSecuritySensitiveGuardActor({
-    candidates: securitySensitiveGuardTrustedActorCandidates({
-      pullRequest,
-      event,
-      currentHeadSha,
-    }),
-    isSecuritySensitiveApprover,
-  });
-  if (trustedActor) {
-    await upsertComment(
-      existingGuardComment,
-      renderTrustedSecuritySensitiveComment({
-        actor: trustedActor,
-        changes: securitySensitiveChanges,
-        headSha: currentHeadSha,
-      }),
-    );
-    await writeSummary(
-      [
-        "## Security Sensitive Guard",
-        "",
-        `Security-sensitive changes noted for trusted actor @${sanitizeDisplayValue(trustedActor.login)} and allowed to continue.`,
-      ].join("\n"),
-    );
-    console.log("Security-sensitive changes noted for trusted actor; guard is informational.");
-    return;
-  }
-  if (isSecuritySensitiveGuardAuthorizedForHead(existingGuardComment, currentHeadSha)) {
-    await writeSummary(
-      [
-        "## Security Sensitive Guard",
-        "",
-        `Security-sensitive changes remain authorized for ${markdownCode(currentHeadSha)}.`,
-      ].join("\n"),
-    );
-    console.log("Security-sensitive changes remain authorized for this head SHA.");
-    return;
-  }
-  const override = await findSecuritySensitiveOverrideCommandAsync({
-    comments,
-    expectedSha: securitySensitiveOverrideExpectedSha(existingGuardComment, currentHeadSha),
-    isSecurityMember: async (login) => Boolean(await isSecuritySensitiveApprover(login)),
-    newerThan: existingGuardComment?.updated_at ?? existingGuardComment?.created_at,
-  });
-  if (override) {
-    await upsertComment(existingGuardComment, renderAuthorizedSecuritySensitiveComment(override));
-    await writeSummary(
-      [
-        "## Security Sensitive Guard",
-        "",
-        `Security-sensitive changes authorized by @${sanitizeDisplayValue(override.login)} for ${markdownCode(override.sha)}.`,
-      ].join("\n"),
-    );
-    console.log("Security-sensitive changes authorized by trusted override.");
-    return;
-  }
-  if (mode === "detect") {
-    await upsertComment(
-      existingGuardComment,
-      renderSecuritySensitiveAwarenessComment(securitySensitiveChanges),
-    );
-    await writeSummary(
-      "## Security Sensitive Guard\n\nSecurity-sensitive enforcement deferred to the final guard job.",
-    );
-    console.log("Security-sensitive enforcement deferred to the final guard job.");
-    return;
-  }
-
-  await upsertComment(
-    existingGuardComment,
-    renderBlockedSecuritySensitiveComment({
-      changes: securitySensitiveChanges,
-      headSha: pullRequest.head?.sha,
-    }),
-  );
-  await writeSummary(
-    "## Security Sensitive Guard\n\nSecurity-sensitive changes are blocked without a current admin or secops override.",
-  );
-  throw new Error(
-    "Security-sensitive changes require removal or a current admin or secops override.",
-  );
-}
-
-if (import.meta.url === `file://${process.argv[1]}`) {
-  main().catch(
-    /** @param {unknown} error */ (error) => {
-      console.error(error instanceof Error ? error.message : error);
-      process.exitCode = 1;
-    },
-  );
-}

scripts/lib/android-version.ts

@@ -4,9 +4,7 @@ import path from "node:path";
 import { parseReleaseVersion } from "./npm-publish-plan.mjs";
 
 const ANDROID_VERSION_FILE = "apps/android/version.json";
-const ANDROID_CHANGELOG_FILE = "apps/android/CHANGELOG.md";
 const ANDROID_VERSION_PROPERTIES_FILE = "apps/android/Config/Version.properties";
-const ANDROID_RELEASE_NOTES_FILE = "apps/android/fastlane/metadata/android/en-US/release_notes.txt";
 const ANDROID_VERSION_CODE_MAX = 2_100_000_000;
 
 type AndroidVersionManifest = {
@@ -16,8 +14,6 @@ type AndroidVersionManifest = {
 
 export type ResolvedAndroidVersion = {
   canonicalVersion: string;
-  changelogPath: string;
-  releaseNotesPath: string;
   versionCode: number;
   versionFilePath: string;
   versionPropertiesPath: string;
@@ -165,17 +161,13 @@ export function writeAndroidVersionManifest(
 
 export function resolveAndroidVersion(rootDir = path.resolve(".")): ResolvedAndroidVersion {
   const versionFilePath = path.join(rootDir, ANDROID_VERSION_FILE);
-  const changelogPath = path.join(rootDir, ANDROID_CHANGELOG_FILE);
   const versionPropertiesPath = path.join(rootDir, ANDROID_VERSION_PROPERTIES_FILE);
-  const releaseNotesPath = path.join(rootDir, ANDROID_RELEASE_NOTES_FILE);
   const manifest = readAndroidVersionManifest(rootDir);
   const canonicalVersion = normalizePinnedAndroidVersion(manifest.version ?? "");
   const versionCode = normalizeAndroidVersionCode(manifest.versionCode, canonicalVersion);
 
   return {
     canonicalVersion,
-    changelogPath,
-    releaseNotesPath,
     versionCode,
     versionFilePath,
     versionPropertiesPath,
@@ -186,51 +178,6 @@ export function renderAndroidVersionProperties(version: ResolvedAndroidVersion):
   return `# Shared Android version defaults.\n# Source of truth: apps/android/version.json\n# Generated by scripts/android-sync-versioning.ts.\n\nOPENCLAW_ANDROID_VERSION_NAME=${version.canonicalVersion}\nOPENCLAW_ANDROID_VERSION_CODE=${version.versionCode}\n`;
 }
 
-function matchChangelogHeading(line: string, heading: string): boolean {
-  const normalized = line.trim();
-  return normalized === `## ${heading}` || normalized.startsWith(`## ${heading} - `);
-}
-
-export function extractChangelogSection(content: string, heading: string): string | null {
-  const lines = content.split(/\r?\n/u);
-  const startIndex = lines.findIndex((line) => matchChangelogHeading(line, heading));
-  if (startIndex === -1) {
-    return null;
-  }
-
-  let endIndex = lines.length;
-  for (let index = startIndex + 1; index < lines.length; index += 1) {
-    if (lines[index]?.startsWith("## ")) {
-      endIndex = index;
-      break;
-    }
-  }
-
-  const body = lines
-    .slice(startIndex + 1, endIndex)
-    .join("\n")
-    .trim();
-  return body || null;
-}
-
-export function renderAndroidReleaseNotes(
-  version: ResolvedAndroidVersion,
-  changelogContent: string,
-): string {
-  const candidateHeadings = [version.canonicalVersion, "Unreleased"];
-
-  for (const heading of candidateHeadings) {
-    const body = extractChangelogSection(changelogContent, heading);
-    if (body) {
-      return `${body}\n`;
-    }
-  }
-
-  throw new Error(
-    `Unable to find Android changelog notes for ${version.canonicalVersion}. Add a matching section to ${ANDROID_CHANGELOG_FILE}.`,
-  );
-}
-
 function syncFile(params: {
   mode: SyncAndroidVersioningMode;
   path: string;
@@ -260,9 +207,7 @@ export function syncAndroidVersioning(params?: {
   const mode = params?.mode ?? "write";
   const rootDir = path.resolve(params?.rootDir ?? ".");
   const version = resolveAndroidVersion(rootDir);
-  const changelogContent = readFileSync(version.changelogPath, "utf8");
   const nextVersionProperties = renderAndroidVersionProperties(version);
-  const nextReleaseNotes = renderAndroidReleaseNotes(version, changelogContent);
   const updatedPaths: string[] = [];
 
   if (
@@ -276,16 +221,5 @@ export function syncAndroidVersioning(params?: {
     updatedPaths.push(version.versionPropertiesPath);
   }
 
-  if (
-    syncFile({
-      mode,
-      path: version.releaseNotesPath,
-      nextContent: nextReleaseNotes,
-      label: "Android release notes",
-    })
-  ) {
-    updatedPaths.push(version.releaseNotesPath);
-  }
-
   return { updatedPaths };
 }